192978445SKonstantin Ananyev#! /bin/bash 21dc48bceSStephen Hemminger# SPDX-License-Identifier: BSD-3-Clause 392978445SKonstantin Ananyev 492978445SKonstantin Ananyev. ${DIR}/tun_aesgcm_common_defs.sh 592978445SKonstantin Ananyev 6*9dbc4e21SMariusz DrostSGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}" 792978445SKonstantin Ananyev 8*9dbc4e21SMariusz Drostconfig_remote_xfrm_44() 992978445SKonstantin Ananyev{ 1092978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm policy flush 1192978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm state flush 1292978445SKonstantin Ananyev 1392978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm policy add \ 1492978445SKonstantin Ananyevsrc ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 1592978445SKonstantin Ananyevdir out ptype main action allow \ 1692978445SKonstantin Ananyevtmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 1792978445SKonstantin Ananyevproto esp mode tunnel reqid 1 1892978445SKonstantin Ananyev 1992978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm policy add \ 2092978445SKonstantin Ananyevsrc ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 2192978445SKonstantin Ananyevdir in ptype main action allow \ 2292978445SKonstantin Ananyevtmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 2392978445SKonstantin Ananyevproto esp mode tunnel reqid 2 2492978445SKonstantin Ananyev 2592978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm state add \ 2692978445SKonstantin Ananyevsrc ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 27*9dbc4e21SMariusz Drostproto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \ 2892978445SKonstantin Ananyevaead "rfc4106\(gcm\(aes\)\)" \ 2992978445SKonstantin Ananyev0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 3092978445SKonstantin Ananyev 3192978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm state add \ 3292978445SKonstantin Ananyevsrc ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 33*9dbc4e21SMariusz Drostproto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \ 3492978445SKonstantin Ananyevaead "rfc4106\(gcm\(aes\)\)" \ 3592978445SKonstantin Ananyev0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 3692978445SKonstantin Ananyev 3792978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm policy list 3892978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm state list 3992978445SKonstantin Ananyev} 4092978445SKonstantin Ananyev 41*9dbc4e21SMariusz Drostconfig_remote_xfrm_46() 4292978445SKonstantin Ananyev{ 43*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy flush 44*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state flush 45*9dbc4e21SMariusz Drost 46*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy add \ 47*9dbc4e21SMariusz Drostsrc ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 48*9dbc4e21SMariusz Drostdir out ptype main action allow \ 49*9dbc4e21SMariusz Drosttmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 50*9dbc4e21SMariusz Drostproto esp mode tunnel reqid 1 51*9dbc4e21SMariusz Drost 52*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy add \ 53*9dbc4e21SMariusz Drostsrc ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 54*9dbc4e21SMariusz Drostdir in ptype main action allow \ 55*9dbc4e21SMariusz Drosttmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 56*9dbc4e21SMariusz Drostproto esp mode tunnel reqid 2 57*9dbc4e21SMariusz Drost 58*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state add \ 59*9dbc4e21SMariusz Drostsrc ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 60*9dbc4e21SMariusz Drostproto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \ 61*9dbc4e21SMariusz Drostaead "rfc4106\(gcm\(aes\)\)" \ 62*9dbc4e21SMariusz Drost0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \ 63*9dbc4e21SMariusz Drostsel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} 64*9dbc4e21SMariusz Drost 65*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state add \ 66*9dbc4e21SMariusz Drostsrc ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 67*9dbc4e21SMariusz Drostproto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \ 68*9dbc4e21SMariusz Drostaead "rfc4106\(gcm\(aes\)\)" \ 69*9dbc4e21SMariusz Drost0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \ 70*9dbc4e21SMariusz Drostsel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} 71*9dbc4e21SMariusz Drost 72*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy list 73*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state list 74*9dbc4e21SMariusz Drost} 75*9dbc4e21SMariusz Drost 76*9dbc4e21SMariusz Drostconfig_remote_xfrm_64() 77*9dbc4e21SMariusz Drost{ 78*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy flush 79*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state flush 80*9dbc4e21SMariusz Drost 81*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy add \ 82*9dbc4e21SMariusz Drostsrc ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 83*9dbc4e21SMariusz Drostdir out ptype main action allow \ 84*9dbc4e21SMariusz Drosttmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 85*9dbc4e21SMariusz Drostproto esp mode tunnel reqid 1 86*9dbc4e21SMariusz Drost 87*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy add \ 88*9dbc4e21SMariusz Drostsrc ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 89*9dbc4e21SMariusz Drostdir in ptype main action allow \ 90*9dbc4e21SMariusz Drosttmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 91*9dbc4e21SMariusz Drostproto esp mode tunnel reqid 2 92*9dbc4e21SMariusz Drost 93*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state add \ 94*9dbc4e21SMariusz Drostsrc ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 95*9dbc4e21SMariusz Drostproto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \ 96*9dbc4e21SMariusz Drostaead "rfc4106\(gcm\(aes\)\)" \ 97*9dbc4e21SMariusz Drost0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \ 98*9dbc4e21SMariusz Drostsel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} 99*9dbc4e21SMariusz Drost 100*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state add \ 101*9dbc4e21SMariusz Drostsrc ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 102*9dbc4e21SMariusz Drostproto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \ 103*9dbc4e21SMariusz Drostaead "rfc4106\(gcm\(aes\)\)" \ 104*9dbc4e21SMariusz Drost0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \ 105*9dbc4e21SMariusz Drostsel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} 106*9dbc4e21SMariusz Drost 107*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy list 108*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state list 109*9dbc4e21SMariusz Drost} 110*9dbc4e21SMariusz Drost 111*9dbc4e21SMariusz Drostconfig_remote_xfrm_66() 112*9dbc4e21SMariusz Drost{ 113*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy flush 114*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state flush 11592978445SKonstantin Ananyev 11692978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm policy add \ 11792978445SKonstantin Ananyevsrc ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 11892978445SKonstantin Ananyevdir out ptype main action allow \ 11992978445SKonstantin Ananyevtmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 12092978445SKonstantin Ananyevproto esp mode tunnel reqid 3 12192978445SKonstantin Ananyev 12292978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm policy add \ 12392978445SKonstantin Ananyevsrc ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 12492978445SKonstantin Ananyevdir in ptype main action allow \ 12592978445SKonstantin Ananyevtmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 12692978445SKonstantin Ananyevproto esp mode tunnel reqid 4 12792978445SKonstantin Ananyev 12892978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm state add \ 12992978445SKonstantin Ananyevsrc ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 130*9dbc4e21SMariusz Drostproto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \ 13192978445SKonstantin Ananyevaead "rfc4106\(gcm\(aes\)\)" \ 13292978445SKonstantin Ananyev0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 13392978445SKonstantin Ananyev 13492978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm state add \ 13592978445SKonstantin Ananyevsrc ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 136*9dbc4e21SMariusz Drostproto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \ 13792978445SKonstantin Ananyevaead "rfc4106\(gcm\(aes\)\)" \ 13892978445SKonstantin Ananyev0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 13992978445SKonstantin Ananyev 14092978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm policy list 14192978445SKonstantin Ananyev ssh ${REMOTE_HOST} ip xfrm state list 14292978445SKonstantin Ananyev} 143