1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
# Usage: /bin/bash linux_test.sh <ip_protocol> <ipsec_mode>
# <ip_protocol> can be set to:
# ipv4-ipv4 - only IPv4 traffic
# ipv4-ipv6 - IPv4 traffic over IPv6 ipsec tunnel (only for tunnel mode)
# ipv6-ipv4 - IPv6 traffic over IPv4 ipsec tunnel (only for tunnel mode)
# ipv6-ipv6 - only IPv6 traffic
# For list of available modes please refer to run_test.sh.
#
# Note that most of them require appropriate crypto PMD/device to be available.
# Also user has to setup properly the following environment variables:
# SGW_PATH - path to the ipsec-secgw binary to test
# REMOTE_HOST - ip/hostname of the DUT
# REMOTE_IFACE - iface name for the test-port on DUT
# ETH_DEV - ethernet device to be used on SUT by DPDK ('-a <pci-id>')
# Also user can optionally setup:
# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
# SGW_MODE - run ipsec-secgw in legacy mode or with use of library
# values: legacy/library (legacy on default)
# SGW_ESN - run ipsec-secgw with extended sequence number
# values: esn-on/esn-off (esn-off on default)
# SGW_ATOM - run ipsec-secgw with sequence number atomic behavior
# values: atom-on/atom-off (atom-off on default)
# SGW_CRYPTO - run ipsec-secgw with use of inline crypto
# values: inline (unset on default)
# SGW_CRYPTO_FLBK - run ipsec-secgw with crypto fallback configured
# values: cpu-crypto/lookaside-none (unset on default)
# CRYPTO_PRIM_TYPE - run ipsec-secgw with crypto primary type set
# values: cpu-crypto (unset on default)
# CRYPTO_DEV - crypto device to be used ('-a <pci-id>')
# if none specified appropriate vdevs will be created by the script
# SGW_MULTI_SEG - ipsec-secgw option to enable reassembly support and
# specify size of reassembly table (i.e. SGW_MULTI_SEG=128)
#
# The purpose of the script is to automate ipsec-secgw testing
# using another system running linux as a DUT.
# It expects that SUT and DUT are connected through at least 2 NICs.
# One NIC is expected to be managed by linux both machines,
# and will be used as a control path
# Make sure user from SUT can ssh to DUT without entering password.
# Second NIC (test-port) should be reserved for DPDK on SUT,
# and should be managed by linux on DUT.
# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
# Then configures local tap iface and remote iface and ipsec policies
# in the following way:
# traffic going over test-port in both directions has to be
# protected by ipsec.
# Traffic going over TAP in both directions doesn't have to be protected.
# I.E:
# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
# Then tries to perform some data transfer using the scheme described above.
#
DIR=`dirname $0`
PROTO=$1
MODE=$2
. ${DIR}/common_defs.sh
select_mode
. ${DIR}/${MODE}_defs.sh
if [[ "${PROTO}" == "ipv4-ipv4" ]] || [[ "${PROTO}" == "ipv6-ipv6" ]]; then
config_secgw
else
config_secgw_mixed
fi
secgw_start
. ${DIR}/data_rxtx.sh
if [[ "${PROTO}" == "ipv4-ipv4" ]]; then
config_iface
config_remote_xfrm_44
set_local_mtu ${MTU_LEN}
ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV4}
st=$?
fi
elif [[ "${PROTO}" == "ipv4-ipv6" ]]; then
if [[ "${MODE}" == trs* ]]; then
echo "Cannot mix protocols in transport mode"
secgw_stop
exit 1
fi
config6_iface
config_remote_xfrm_46
set_local_mtu ${MTU_LEN}
ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV4}
st=$?
fi
elif [[ "${PROTO}" == "ipv6-ipv4" ]]; then
if [[ "${MODE}" == trs* ]]; then
echo "Cannot mix protocols in transport mode"
secgw_stop
exit 1
fi
config6_iface
config_remote_xfrm_64
set_local_mtu ${MTU_LEN}
ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV6}
st=$?
fi
elif [[ "${PROTO}" == "ipv6-ipv6" ]]; then
config6_iface
config_remote_xfrm_66
set_local_mtu ${MTU_LEN}
ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV6}
st=$?
fi
else
echo "Invalid <proto>"
st=128
fi
secgw_stop
exit $st
|
