From: Konstantin Ananyev <konstantin.ananyev@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, radu.nicolau@intel.com,
Konstantin Ananyev <konstantin.ananyev@intel.com>
Subject: [dpdk-dev] [PATCH v3 8/8] examples/ipsec-secgw: add scripts for functional test
Date: Thu, 6 Dec 2018 15:54:51 +0000 [thread overview]
Message-ID: <1544111691-7481-9-git-send-email-konstantin.ananyev@intel.com> (raw)
In-Reply-To: <1543597460-6962-2-git-send-email-konstantin.ananyev@intel.com>
The purpose of these scripts is to automate ipsec-secgw functional testing.
The scripts require two machines (SUT and DUT) connected through
at least 2 NICs and running linux (so far tested only on Ubuntu 18.04).
Introduced test-cases for the following scenarios:
- Transport/Tunnel modes
- AES-CBC SHA1
- AES-GCM
- ESN on/off
- legacy/librte_ipsec code path
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
examples/ipsec-secgw/test/common_defs.sh | 149 ++++++++++++++++++
examples/ipsec-secgw/test/data_rxtx.sh | 118 ++++++++++++++
examples/ipsec-secgw/test/linux_test4.sh | 63 ++++++++
examples/ipsec-secgw/test/linux_test6.sh | 63 ++++++++
examples/ipsec-secgw/test/run_test.sh | 80 ++++++++++
.../test/trs_aescbc_sha1_common_defs.sh | 69 ++++++++
.../ipsec-secgw/test/trs_aescbc_sha1_defs.sh | 67 ++++++++
.../test/trs_aescbc_sha1_esn_atom_defs.sh | 5 +
.../test/trs_aescbc_sha1_esn_defs.sh | 66 ++++++++
.../test/trs_aescbc_sha1_old_defs.sh | 5 +
.../test/trs_aesgcm_common_defs.sh | 60 +++++++
examples/ipsec-secgw/test/trs_aesgcm_defs.sh | 66 ++++++++
.../test/trs_aesgcm_esn_atom_defs.sh | 5 +
.../ipsec-secgw/test/trs_aesgcm_esn_defs.sh | 66 ++++++++
.../ipsec-secgw/test/trs_aesgcm_old_defs.sh | 5 +
.../test/tun_aescbc_sha1_common_defs.sh | 68 ++++++++
.../ipsec-secgw/test/tun_aescbc_sha1_defs.sh | 70 ++++++++
.../test/tun_aescbc_sha1_esn_atom_defs.sh | 5 +
.../test/tun_aescbc_sha1_esn_defs.sh | 70 ++++++++
.../test/tun_aescbc_sha1_old_defs.sh | 5 +
.../test/tun_aesgcm_common_defs.sh | 60 +++++++
examples/ipsec-secgw/test/tun_aesgcm_defs.sh | 70 ++++++++
.../test/tun_aesgcm_esn_atom_defs.sh | 5 +
.../ipsec-secgw/test/tun_aesgcm_esn_defs.sh | 70 ++++++++
.../ipsec-secgw/test/tun_aesgcm_old_defs.sh | 5 +
25 files changed, 1315 insertions(+)
create mode 100644 examples/ipsec-secgw/test/common_defs.sh
create mode 100644 examples/ipsec-secgw/test/data_rxtx.sh
create mode 100644 examples/ipsec-secgw/test/linux_test4.sh
create mode 100644 examples/ipsec-secgw/test/linux_test6.sh
create mode 100644 examples/ipsec-secgw/test/run_test.sh
create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
diff --git a/examples/ipsec-secgw/test/common_defs.sh b/examples/ipsec-secgw/test/common_defs.sh
new file mode 100644
index 000000000..557381679
--- /dev/null
+++ b/examples/ipsec-secgw/test/common_defs.sh
@@ -0,0 +1,149 @@
+#! /bin/bash
+
+#check that env vars are properly defined
+
+#check SGW_PATH
+if [[ -z "${SGW_PATH}" || ! -x ${SGW_PATH} ]]; then
+ echo "SGW_PATH is invalid"
+ exit 127
+fi
+
+#check ETH_DEV
+if [[ -z "${ETH_DEV}" ]]; then
+ echo "ETH_DEV is invalid"
+ exit 127
+fi
+
+#setup SGW_LCORE
+SGW_LCORE=${SGW_LCORE:-0}
+
+#check that REMOTE_HOST is reachable
+ssh ${REMOTE_HOST} echo
+st=$?
+if [[ $st -ne 0 ]]; then
+ echo "host ${REMOTE_HOST} is not reachable"
+ exit $st
+fi
+
+#get ether addr of REMOTE_HOST
+REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
+st=$?
+REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
+if [[ $st -ne 0 || -z "${REMOTE_MAC}" ]]; then
+ echo "coouldn't retrieve ether addr from ${REMOTE_IFACE}"
+ exit 127
+fi
+
+LOCAL_IFACE=dtap0
+
+LOCAL_MAC="00:64:74:61:70:30"
+
+REMOTE_IPV4=192.168.31.14
+LOCAL_IPV4=192.168.31.92
+
+REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014
+LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092
+
+DPDK_PATH=${RTE_SDK:-${PWD}}
+DPDK_BUILD=${RTE_TARGET:-x86_64-native-linuxapp-gcc}
+
+SGW_OUT_FILE=./ipsec-secgw.out1
+
+SGW_CMD_EAL_PRM="--lcores=${SGW_LCORE} -n 4 ${ETH_DEV}"
+SGW_CMD_CFG="(0,0,${SGW_LCORE}),(1,0,${SGW_LCORE})"
+SGW_CMD_PRM="-p 0x3 -u 1 -P --config=\"${SGW_CMD_CFG}\""
+
+SGW_CFG_FILE=$(tempfile)
+
+# configure local host/ifaces
+config_local_iface()
+{
+ ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 mtu 1400 up
+ ifconfig ${LOCAL_IFACE}
+
+ ip neigh flush dev ${LOCAL_IFACE}
+ ip neigh add ${REMOTE_IPV4} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
+ ip neigh show dev ${LOCAL_IFACE}
+}
+
+config6_local_iface()
+{
+ config_local_iface
+
+ sysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0
+ ip addr add ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE}
+
+ sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=1300
+
+ ip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
+ ip neigh show dev ${LOCAL_IFACE}
+}
+
+#configure remote host/iface
+config_remote_iface()
+{
+ ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
+ ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up
+ ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE}
+
+ ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}
+
+ # by some reason following ip neigh doesn't work for me here properly:
+ #ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
+ # dev ${REMOTE_IFACE} lladr ${LOCAL_MAC}
+ # so used arp instead.
+ ssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}
+ ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
+}
+
+config6_remote_iface()
+{
+ config_remote_iface
+
+ ssh ${REMOTE_HOST} sysctl -w \
+ net.ipv6.conf.${REMOTE_IFACE}.disable_ipv6=0
+ ssh ${REMOTE_HOST} ip addr add ${REMOTE_IPV6}/64 dev ${REMOTE_IFACE}
+
+ ssh ${REMOTE_HOST} ip -6 neigh add ${LOCAL_IPV6} \
+ dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
+ ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
+}
+
+#configure remote and local host/iface
+config_iface()
+{
+ config_local_iface
+ config_remote_iface
+}
+
+config6_iface()
+{
+ config6_local_iface
+ config6_remote_iface
+}
+
+#start ipsec-secgw
+secgw_start()
+{
+ SGW_EXEC_FILE=$(tempfile)
+ cat <<EOF > ${SGW_EXEC_FILE}
+${SGW_PATH} ${SGW_CMD_EAL_PRM} ${CRYPTO_DEV} \
+--vdev="net_tap0,mac=fixed" \
+-- ${SGW_CMD_PRM} ${SGW_CMD_XPRM} -f ${SGW_CFG_FILE} > \
+${SGW_OUT_FILE} 2>&1 &
+p=\$!
+echo \$p
+EOF
+
+ cat ${SGW_EXEC_FILE}
+ SGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}`
+ sleep 1
+}
+
+#stop ipsec-secgw and cleanup
+secgw_stop()
+{
+ kill ${SGW_PID}
+ rm -f ${SGW_EXEC_FILE}
+ rm -f ${SGW_CFG_FILE}
+}
diff --git a/examples/ipsec-secgw/test/data_rxtx.sh b/examples/ipsec-secgw/test/data_rxtx.sh
new file mode 100644
index 000000000..2072fb900
--- /dev/null
+++ b/examples/ipsec-secgw/test/data_rxtx.sh
@@ -0,0 +1,118 @@
+#! /bin/bash
+
+TCP_PORT=22222
+
+ping_test1()
+{
+ dst=$1
+
+ i=0
+ st=0
+ while [[ $i -ne 1200 && $st -eq 0 ]];
+ do
+ let i++
+ ping -c 1 -s ${i} ${dst}
+ st=$?
+ done
+
+ if [[ $st -ne 0 ]]; then
+ echo "ERROR: $0 failed for dst=${dst}, sz=${i}"
+ fi
+ return $st;
+}
+
+ping6_test1()
+{
+ dst=$1
+
+ i=0
+ st=0
+ while [[ $i -ne 1200 && $st -eq 0 ]];
+ do
+ let i++
+ ping6 -c 1 -s ${i} ${dst}
+ st=$?
+ done
+
+ if [[ $st -ne 0 ]]; then
+ echo "ERROR: $0 failed for dst=${dst}, sz=${i}"
+ fi
+ return $st;
+}
+
+scp_test1()
+{
+ for sz in 1234 23456 345678 4567890 56789102 ; do
+ x=$(tempfile)
+ dd if=/dev/urandom of=${x}.in bs=${sz} count=1
+ scp ${x} ${REMOTE_IPV4}:${x}
+ scp ${REMOTE_IPV4}:${x} ${x}.copy1
+ diff -u ${x} ${x}.copy1
+ st=$?
+ rm -f ${x} ${x}.out
+ ssh ${REMOTE_HOST} rm -f ${x}
+ if [[ $st -ne 0 ]]; then
+ return $st
+ fi
+ done
+
+ return 0;
+}
+
+tcp_test1()
+{
+ for sz in 1234 23456 345678 4567890 56789102 ; do
+ x=`basename $0`.${sz}
+ rcmd=$(tempfile)
+ lcmd=$(tempfile)
+ dd if=/dev/urandom of=${x} bs=${sz} count=1
+ echo "nc -l ${REMOTE_IPV4} ${TCP_PORT} > ${x}; \
+ nc -q 0 ${LOCAL_IPV4} ${TCP_PORT} < ${x}; \
+ rm -f ${x}" > ${rcmd}
+ echo "nc -l ${LOCAL_IPV4} ${TCP_PORT} > ${x}.copy" > ${lcmd}
+ scp ${rcmd} ${REMOTE_HOST}:${rcmd}
+ ssh ${REMOTE_HOST} /bin/bash -x ${rcmd} &
+ /bin/bash -x ${lcmd} &
+ sleep 1
+ nc -q 0 ${REMOTE_IPV4} ${TCP_PORT} < ${x}
+ wait
+ diff -u ${x} ${x}.copy
+ st=$?
+ rm -f ${x} ${x}.copy ${rcmd} ${lcmd}
+ ssh ${REMOTE_HOST} rm -f ${rcmd}
+ if [[ $st -ne 0 ]]; then
+ return $st
+ fi
+ done
+
+ return $st;
+}
+
+tcp6_test1()
+{
+ for sz in 1234 23456 345678 4567890 56789102 ; do
+ x=`basename $0`.${sz}
+ rcmd=$(tempfile)
+ lcmd=$(tempfile)
+ dd if=/dev/urandom of=${x} bs=${sz} count=1
+ echo "nc -l ${REMOTE_IPV6} ${TCP_PORT} > ${x}; \
+ nc -q 0 ${LOCAL_IPV6} ${TCP_PORT} < ${x}; \
+ rm -f ${x}" > ${rcmd}
+ echo "nc -l ${LOCAL_IPV6} ${TCP_PORT} > ${x}.copy" > ${lcmd}
+ scp ${rcmd} ${REMOTE_HOST}:${rcmd}
+ ssh ${REMOTE_HOST} /bin/bash -x ${rcmd} &
+ /bin/bash -x ${lcmd} &
+ sleep 1
+ nc -q 0 ${REMOTE_IPV6} ${TCP_PORT} < ${x}
+ wait
+ diff -u ${x} ${x}.copy
+ st=$?
+ rm -f ${x} ${x}.copy ${rcmd} ${lcmd}
+ ssh ${REMOTE_HOST} rm -f ${rcmd}
+ if [[ $st -ne 0 ]]; then
+ return $st
+ fi
+ done
+
+ return $st;
+}
diff --git a/examples/ipsec-secgw/test/linux_test4.sh b/examples/ipsec-secgw/test/linux_test4.sh
new file mode 100644
index 000000000..039fc7c4a
--- /dev/null
+++ b/examples/ipsec-secgw/test/linux_test4.sh
@@ -0,0 +1,63 @@
+#! /bin/bash
+
+# usage: /bin/bash linux_test4.sh <ipsec_mode>
+# for list of available modes please refer to run_test.sh.
+# ipsec-secgw (IPv4 mode) functional test script.
+#
+# Note that for most of them you required appropriate crypto PMD/device
+# to be avaialble.
+# Also user has to setup properly the following environment variables:
+# SGW_PATH - path to the ipsec-secgw binary to test
+# REMOTE_HOST - ip/hostname of the DUT
+# REMOTE_IFACE - iface name for the test-port on DUT
+# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
+# Also user can optonally setup:
+# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
+# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
+# if none specified appropriate vdevs will be created by the scrit
+#
+# The purpose of the script is to automate ipsec-secgw testing
+# using another system running linux as a DUT.
+# It expects that SUT and DUT are connected through at least 2 NICs.
+# One NIC is expected to be managed by linux both machines,
+# and will be used as a control path
+# (make sure user from SUT can ssh to DUT without entering password).
+# Second NIC (test-port) should be reserved for DPDK on SUT,
+# and should be managed by linux on DUT.
+# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
+# Then configures local tap iface and remote iface and ipsec policies
+# in the following way:
+# traffic going over test-port in both directions has to be
+# protected by ipsec.
+# raffic going over TAP in both directions doesn't have to be protected.
+# I.E:
+# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
+# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
+# Then tries to perorm some data transfer using the scheme decribed above.
+#
+
+DIR=`dirname $0`
+MODE=$1
+
+ . ${DIR}/common_defs.sh
+ . ${DIR}/${MODE}_defs.sh
+
+config_secgw
+
+secgw_start
+
+config_iface
+
+config_remote_xfrm
+
+ . ${DIR}/data_rxtx.sh
+
+ping_test1 ${REMOTE_IPV4}
+st=$?
+if [[ $st -eq 0 ]]; then
+ tcp_test1
+ st=$?
+fi
+
+secgw_stop
+exit $st
diff --git a/examples/ipsec-secgw/test/linux_test6.sh b/examples/ipsec-secgw/test/linux_test6.sh
new file mode 100644
index 000000000..425cd66a3
--- /dev/null
+++ b/examples/ipsec-secgw/test/linux_test6.sh
@@ -0,0 +1,63 @@
+#! /bin/bash
+
+# usage: /bin/bash linux_test6.sh <ipsec_mode>
+# for list of available modes please refer to run_test.sh.
+# ipsec-secgw (IPv6 mode) functional test script.
+#
+# Note that for most of them you required appropriate crypto PMD/device
+# to be avaialble.
+# Also user has to setup properly the following environment variables:
+# SGW_PATH - path to the ipsec-secgw binary to test
+# REMOTE_HOST - ip/hostname of the DUT
+# REMOTE_IFACE - iface name for the test-port on DUT
+# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
+# Also user can optonally setup:
+# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
+# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
+# if none specified appropriate vdevs will be created by the scrit
+#
+# The purpose of the script is to automate ipsec-secgw testing
+# using another system running linux as a DUT.
+# It expects that SUT and DUT are connected through at least 2 NICs.
+# One NIC is expected to be managed by linux both machines,
+# and will be used as a control path
+# (make sure user from SUT can ssh to DUT without entering password).
+# Second NIC (test-port) should be reserved for DPDK on SUT,
+# and should be managed by linux on DUT.
+# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
+# Then configures local tap iface and remote iface and ipsec policies
+# in the following way:
+# traffic going over test-port in both directions has to be
+# protected by ipsec.
+# raffic going over TAP in both directions doesn't have to be protected.
+# I.E:
+# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
+# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
+# Then tries to perorm some data transfer using the scheme decribed above.
+#
+
+DIR=`dirname $0`
+MODE=$1
+
+ . ${DIR}/common_defs.sh
+ . ${DIR}/${MODE}_defs.sh
+
+config_secgw
+
+secgw_start
+
+config6_iface
+
+config6_remote_xfrm
+
+ . ${DIR}/data_rxtx.sh
+
+ping6_test1 ${REMOTE_IPV6}
+st=$?
+if [[ $st -eq 0 ]]; then
+ tcp6_test1
+ st=$?
+fi
+
+secgw_stop
+exit $st
diff --git a/examples/ipsec-secgw/test/run_test.sh b/examples/ipsec-secgw/test/run_test.sh
new file mode 100644
index 000000000..6dc0ce54e
--- /dev/null
+++ b/examples/ipsec-secgw/test/run_test.sh
@@ -0,0 +1,80 @@
+#! /bin/bash
+
+# usage: /bin/bash run_test.sh [-46]
+# Run all defined linux_test[4,6].sh test-cases one by one
+# user has to setup properly the following environment variables:
+# SGW_PATH - path to the ipsec-secgw binary to test
+# REMOTE_HOST - ip/hostname of the DUT
+# REMOTE_IFACE - iface name for the test-port on DUT
+# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
+# Also user can optonally setup:
+# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
+# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
+# if none specified appropriate vdevs will be created by the scrit
+# refer to linux_test1.sh for more information
+
+# All supported modes to test.
+# naming convention:
+# 'old' means that ipsec-secgw will run in legacy (non-librte_ipsec mode)
+# 'tun/trs' refer to tunnel/transport mode respectively
+LINUX_TEST="tun_aescbc_sha1 \
+tun_aescbc_sha1_esn \
+tun_aescbc_sha1_esn_atom \
+tun_aesgcm \
+tun_aesgcm_esn \
+tun_aesgcm_esn_atom \
+trs_aescbc_sha1 \
+trs_aescbc_sha1_esn \
+trs_aescbc_sha1_esn_atom \
+trs_aesgcm \
+trs_aesgcm_esn \
+trs_aesgcm_esn_atom \
+tun_aescbc_sha1_old \
+tun_aesgcm_old \
+trs_aescbc_sha1_old \
+trs_aesgcm_old"
+
+DIR=`dirname $0`
+
+# get input options
+st=0
+run4=0
+run6=0
+while [[ ${st} -eq 0 ]]; do
+ getopts ":46" opt
+ st=$?
+ if [[ "${opt}" == "4" ]]; then
+ run4=1
+ elif [[ "${opt}" == "6" ]]; then
+ run6=1
+ fi
+done
+
+if [[ ${run4} -eq 0 && {run6} -eq 0 ]]; then
+ exit 127
+fi
+
+for i in ${LINUX_TEST}; do
+
+ echo "starting test ${i}"
+
+ st4=0
+ if [[ ${run4} -ne 0 ]]; then
+ /bin/bash ${DIR}/linux_test4.sh ${i}
+ st4=$?
+ echo "test4 ${i} finished with status ${st4}"
+ fi
+
+ st6=0
+ if [[ ${run6} -ne 0 ]]; then
+ /bin/bash ${DIR}/linux_test6.sh ${i}
+ st6=$?
+ echo "test6 ${i} finished with status ${st6}"
+ fi
+
+ let "st = st4 + st6"
+ if [[ $st -ne 0 ]]; then
+ echo "ERROR test ${i} FAILED"
+ exit $st
+ fi
+done
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
new file mode 100644
index 000000000..e2621e0df
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
@@ -0,0 +1,69 @@
+#! /bin/bash
+
+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
+
+#generate cfg file for ipsec-secgw
+config_secgw()
+{
+ cat <<EOF > ${SGW_CFG_FILE}
+#SP in IPv4 rules
+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 7 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 9 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+#SA out rules
+sa out 7 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+#SA out rules
+sa out 9 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+ cat ${SGW_CFG_FILE}
+}
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
new file mode 100644
index 000000000..d68552fce
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
@@ -0,0 +1,67 @@
+#! /bin/bash
+
+. ${DIR}/trs_aescbc_sha1_common_defs.sh
+
+SGW_CMD_XPRM='-w 300'
+
+config_remote_xfrm()
+{
+ ssh ${REMOTE_HOST} ip xfrm policy flush
+ ssh ${REMOTE_HOST} ip xfrm state flush
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+ config_remote_xfrm
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 3
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 4
+
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh
new file mode 100644
index 000000000..f16222e11
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/trs_aescbc_sha1_esn_defs.sh
+
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh
new file mode 100644
index 000000000..ce7c977a3
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh
@@ -0,0 +1,66 @@
+#! /bin/bash
+
+. ${DIR}/trs_aescbc_sha1_common_defs.sh
+
+SGW_CMD_XPRM='-e -w 300'
+
+config_remote_xfrm()
+{
+ ssh ${REMOTE_HOST} ip xfrm policy flush
+ ssh ${REMOTE_HOST} ip xfrm state flush
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+ config_remote_xfrm
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 3
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 4
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
new file mode 100644
index 000000000..a3abb6103
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/trs_aescbc_sha1_defs.sh
+
+SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
new file mode 100644
index 000000000..720e807e4
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
@@ -0,0 +1,60 @@
+#! /bin/bash
+
+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_gcm0"'}
+
+#generate cfg file for ipsec-secgw
+config_secgw()
+{
+ cat <<EOF > ${SGW_CFG_FILE}
+#SP in IPv4 rules
+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP in IPv6 rules
+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 7 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 9 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+#SA out rules
+sa out 7 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa out 9 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+ cat ${SGW_CFG_FILE}
+}
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_defs.sh
new file mode 100644
index 000000000..8382d3d52
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aesgcm_defs.sh
@@ -0,0 +1,66 @@
+#! /bin/bash
+
+. ${DIR}/trs_aesgcm_common_defs.sh
+
+SGW_CMD_XPRM='-w 300'
+
+config_remote_xfrm()
+{
+ ssh ${REMOTE_HOST} ip xfrm policy flush
+ ssh ${REMOTE_HOST} ip xfrm state flush
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+ config_remote_xfrm
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 3
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 4
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode transport replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode transport replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh
new file mode 100644
index 000000000..80d8d63b8
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/trs_aesgcm_esn_defs.sh
+
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh
new file mode 100644
index 000000000..94958d199
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh
@@ -0,0 +1,66 @@
+#! /bin/bash
+
+. ${DIR}/trs_aesgcm_common_defs.sh
+
+SGW_CMD_XPRM='-e -w 300'
+
+config_remote_xfrm()
+{
+ ssh ${REMOTE_HOST} ip xfrm policy flush
+ ssh ${REMOTE_HOST} ip xfrm state flush
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+ config_remote_xfrm
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 3
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 4
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
new file mode 100644
index 000000000..951e6b68f
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/trs_aesgcm_defs.sh
+
+SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
new file mode 100644
index 000000000..4025da232
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
@@ -0,0 +1,68 @@
+#! /bin/bash
+
+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
+
+#generate cfg file for ipsec-secgw
+config_secgw()
+{
+ cat <<EOF > ${SGW_CFG_FILE}
+#sp in IPv4 rules
+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 7 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+sa in 9 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+#SA out rules
+sa out 7 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+sa out 9 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+ cat ${SGW_CFG_FILE}
+}
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
new file mode 100644
index 000000000..18aade3a9
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
@@ -0,0 +1,70 @@
+#! /bin/bash
+
+. ${DIR}/tun_aescbc_sha1_common_defs.sh
+
+SGW_CMD_XPRM='-w 300'
+
+config_remote_xfrm()
+{
+ ssh ${REMOTE_HOST} ip xfrm policy flush
+ ssh ${REMOTE_HOST} ip xfrm state flush
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+ config_remote_xfrm
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 3
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 4
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh
new file mode 100644
index 000000000..6b4a82149
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/tun_aescbc_sha1_esn_defs.sh
+
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh
new file mode 100644
index 000000000..28c1125d6
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh
@@ -0,0 +1,70 @@
+#! /bin/bash
+
+. ${DIR}/tun_aescbc_sha1_common_defs.sh
+
+SGW_CMD_XPRM='-e -w 300'
+
+config_remote_xfrm()
+{
+ ssh ${REMOTE_HOST} ip xfrm policy flush
+ ssh ${REMOTE_HOST} ip xfrm state flush
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+ config_remote_xfrm
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 3
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 4
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
new file mode 100644
index 000000000..3c0d8d1b1
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/tun_aescbc_sha1_defs.sh
+
+SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
new file mode 100644
index 000000000..fba68c6a3
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
@@ -0,0 +1,60 @@
+#! /bin/bash
+
+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_gcm0"'}
+
+#generate cfg file for ipsec-secgw
+config_secgw()
+{
+ cat <<EOF > ${SGW_CFG_FILE}
+#sp in IPv4 rules
+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 7 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+sa in 9 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+#SA out rules
+sa out 7 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+sa out 9 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+ cat ${SGW_CFG_FILE}
+}
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_defs.sh
new file mode 100644
index 000000000..8ae65321b
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aesgcm_defs.sh
@@ -0,0 +1,70 @@
+#! /bin/bash
+
+. ${DIR}/tun_aesgcm_common_defs.sh
+
+SGW_CMD_XPRM='-w 300'
+
+config_remote_xfrm()
+{
+ ssh ${REMOTE_HOST} ip xfrm policy flush
+ ssh ${REMOTE_HOST} ip xfrm state flush
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+ config_remote_xfrm
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 3
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 4
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh
new file mode 100644
index 000000000..dab1460c8
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/tun_aesgcm_esn_defs.sh
+
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh
new file mode 100644
index 000000000..606232349
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh
@@ -0,0 +1,70 @@
+#! /bin/bash
+
+. ${DIR}/tun_aesgcm_common_defs.sh
+
+SGW_CMD_XPRM='-e -w 300'
+
+config_remote_xfrm()
+{
+ ssh ${REMOTE_HOST} ip xfrm policy flush
+ ssh ${REMOTE_HOST} ip xfrm state flush
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+ config_remote_xfrm
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 3
+
+ ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 4
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+
+ ssh ${REMOTE_HOST} ip xfrm policy list
+ ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
new file mode 100644
index 000000000..e0a015e21
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/tun_aesgcm_defs.sh
+
+SGW_CMD_XPRM=
--
2.17.1
next prev parent reply other threads:[~2018-12-06 15:55 UTC|newest]
Thread overview: 132+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-22 18:49 [dpdk-dev] [PATCH 0/7] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2018-11-22 18:49 ` [dpdk-dev] [PATCH 1/7] examples/ipsec-secgw: avoid to request unused TX offloads Konstantin Ananyev
2018-11-30 17:04 ` [dpdk-dev] [PATCH v2 0/7] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2018-11-30 17:04 ` [dpdk-dev] [PATCH v2 1/7] examples/ipsec-secgw: avoid to request unused TX offloads Konstantin Ananyev
2018-12-06 15:54 ` [dpdk-dev] [PATCH v3 0/8] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2018-12-07 10:01 ` Radu Nicolau
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 0/9] " Konstantin Ananyev
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 1/9] examples/ipsec-secgw: avoid to request unused TX offloads Konstantin Ananyev
2018-12-21 13:57 ` Akhil Goyal
2018-12-21 15:58 ` Ananyev, Konstantin
2018-12-24 9:45 ` Akhil Goyal
2018-12-24 10:19 ` Ananyev, Konstantin
2018-12-24 10:54 ` Akhil Goyal
2018-12-24 10:55 ` Akhil Goyal
2018-12-24 11:22 ` Ananyev, Konstantin
2018-12-24 11:24 ` Akhil Goyal
2018-12-24 11:37 ` Ananyev, Konstantin
2018-12-24 12:31 ` Akhil Goyal
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 00/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2019-01-02 8:48 ` Akhil Goyal
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 01/10] examples/ipsec-secgw: allow user to disable some RX/TX offloads Konstantin Ananyev
2019-01-02 13:42 ` Akhil Goyal
2019-01-02 15:29 ` Ananyev, Konstantin
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 00/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2019-01-04 11:37 ` Akhil Goyal
2019-01-04 12:29 ` Ananyev, Konstantin
2019-01-04 14:40 ` Akhil Goyal
2019-01-04 15:02 ` Akhil Goyal
2019-01-04 17:04 ` Ananyev, Konstantin
2019-01-04 17:38 ` Akhil Goyal
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 01/10] examples/ipsec-secgw: allow user to disable some RX/TX offloads Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 00/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2019-01-10 15:20 ` Akhil Goyal
2019-01-11 1:08 ` Xu, Yanjie
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 01/10] examples/ipsec-secgw: allow user to disable some RX/TX offloads Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 00/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2019-01-11 0:00 ` De Lara Guarch, Pablo
2019-01-11 0:16 ` Ananyev, Konstantin
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 01/10] examples/ipsec-secgw: allow user to disable some Rx/Tx offloads Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 02/10] examples/ipsec-secgw: allow to specify neighbour MAC address Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 03/10] examples/ipsec-secgw: fix crypto-op might never get dequeued Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 04/10] examples/ipsec-secgw: fix outbound codepath for single SA Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 05/10] examples/ipsec-secgw: make local variables static Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 06/10] examples/ipsec-secgw: fix inbound SA checking Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 07/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 08/10] examples/ipsec-secgw: make data-path " Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 09/10] examples/ipsec-secgw: add scripts for functional test Konstantin Ananyev
2019-01-10 21:09 ` [dpdk-dev] [PATCH v8 10/10] doc: update ipsec-secgw guide and relelase notes Konstantin Ananyev
2019-01-11 2:49 ` Varghese, Vipin
2019-01-11 6:56 ` Akhil Goyal
2019-01-11 8:11 ` Varghese, Vipin
2019-01-12 23:49 ` Thomas Monjalon
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 02/10] examples/ipsec-secgw: allow to specify neighbour mac address Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 03/10] examples/ipsec-secgw: fix crypto-op might never get dequeued Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 04/10] examples/ipsec-secgw: fix outbound codepath for single SA Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 05/10] examples/ipsec-secgw: make local variables static Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 06/10] examples/ipsec-secgw: fix inbound SA checking Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 07/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 08/10] examples/ipsec-secgw: make data-path " Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 09/10] examples/ipsec-secgw: add scripts for functional test Konstantin Ananyev
2019-01-09 11:44 ` [dpdk-dev] [PATCH v7 10/10] doc: update ipsec-secgw guide and relelase notes Konstantin Ananyev
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 02/10] examples/ipsec-secgw: allow to specify neighbour mac address Konstantin Ananyev
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 03/10] examples/ipsec-secgw: fix crypto-op might never get dequeued Konstantin Ananyev
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 04/10] examples/ipsec-secgw: fix outbound codepath for single SA Konstantin Ananyev
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 05/10] examples/ipsec-secgw: make local variables static Konstantin Ananyev
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 06/10] examples/ipsec-secgw: fix inbound SA checking Konstantin Ananyev
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 07/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 08/10] examples/ipsec-secgw: make data-path " Konstantin Ananyev
2019-01-04 14:58 ` Akhil Goyal
2019-01-04 16:25 ` Ananyev, Konstantin
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 09/10] examples/ipsec-secgw: add scripts for functional test Konstantin Ananyev
2019-01-03 20:25 ` [dpdk-dev] [PATCH v6 10/10] doc: update ipsec-secgw guide and relelase notes Konstantin Ananyev
2019-01-04 2:42 ` Varghese, Vipin
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 02/10] examples/ipsec-secgw: allow to specify neighbour mac address Konstantin Ananyev
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 03/10] examples/ipsec-secgw: fix crypto-op might never get dequeued Konstantin Ananyev
2019-01-02 11:44 ` Akhil Goyal
2019-01-02 13:43 ` Ananyev, Konstantin
2019-01-02 13:50 ` Akhil Goyal
2019-01-02 15:06 ` Ananyev, Konstantin
2019-01-03 20:36 ` Ananyev, Konstantin
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 04/10] examples/ipsec-secgw: fix outbound codepath for single SA Konstantin Ananyev
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 05/10] examples/ipsec-secgw: make local variables static Konstantin Ananyev
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 06/10] examples/ipsec-secgw: fix inbound SA checking Konstantin Ananyev
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 07/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 08/10] examples/ipsec-secgw: make data-path " Konstantin Ananyev
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 09/10] examples/ipsec-secgw: add scripts for functional test Konstantin Ananyev
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 10/10] doc: update ipsec-secgw guide and relelase notes Konstantin Ananyev
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 2/9] examples/ipsec-secgw: allow to specify neighbor mac address Konstantin Ananyev
2018-12-21 14:05 ` Akhil Goyal
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 3/9] examples/ipsec-secgw: fix crypto-op might never get dequeued Konstantin Ananyev
2018-12-21 14:12 ` Akhil Goyal
2018-12-21 14:49 ` Ananyev, Konstantin
2018-12-21 14:57 ` Akhil Goyal
2018-12-21 15:01 ` Ananyev, Konstantin
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 4/9] examples/ipsec-secgw: fix outbound codepath for single SA Konstantin Ananyev
2018-12-21 14:25 ` Akhil Goyal
2018-12-21 14:54 ` Ananyev, Konstantin
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 5/9] examples/ipsec-secgw: make local variables static Konstantin Ananyev
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 6/9] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2018-12-21 15:15 ` Akhil Goyal
2018-12-24 12:29 ` Ananyev, Konstantin
2018-12-24 12:32 ` Akhil Goyal
2018-12-24 12:37 ` Ananyev, Konstantin
2018-12-24 13:21 ` Ananyev, Konstantin
2018-12-24 13:50 ` Akhil Goyal
2018-12-24 15:01 ` Ananyev, Konstantin
2018-12-26 9:02 ` Akhil Goyal
2018-12-27 11:06 ` Ananyev, Konstantin
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 7/9] examples/ipsec-secgw: make data-path " Konstantin Ananyev
2018-12-21 15:23 ` Akhil Goyal
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 8/9] examples/ipsec-secgw: add scripts for functional test Konstantin Ananyev
2018-12-14 16:40 ` [dpdk-dev] [PATCH v4 9/9] doc: update ipsec-secgw guide and relelase notes Konstantin Ananyev
2018-12-06 15:54 ` [dpdk-dev] [PATCH v3 1/8] examples/ipsec-secgw: avoid to request unused TX offloads Konstantin Ananyev
2018-12-06 15:54 ` [dpdk-dev] [PATCH v3 2/8] examples/ipsec-secgw: allow to specify neighbor mac address Konstantin Ananyev
2018-12-06 15:54 ` [dpdk-dev] [PATCH v3 3/8] examples/ipsec-secgw: fix crypto-op might never get dequeued Konstantin Ananyev
2018-12-06 15:54 ` [dpdk-dev] [PATCH v3 4/8] examples/ipsec-secgw: fix outbound codepath for single SA Konstantin Ananyev
2018-12-06 15:54 ` [dpdk-dev] [PATCH v3 5/8] examples/ipsec-secgw: make local variables static Konstantin Ananyev
2018-12-06 15:54 ` [dpdk-dev] [PATCH v3 6/8] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2018-12-06 15:54 ` [dpdk-dev] [PATCH v3 7/8] examples/ipsec-secgw: make data-path " Konstantin Ananyev
2018-12-06 15:54 ` Konstantin Ananyev [this message]
2018-11-30 17:04 ` [dpdk-dev] [PATCH v2 2/7] examples/ipsec-secgw: allow to specify neighbor mac address Konstantin Ananyev
2018-11-30 17:04 ` [dpdk-dev] [PATCH v2 3/7] examples/ipsec-secgw: fix crypto-op might never get dequeued Konstantin Ananyev
2018-11-30 17:04 ` [dpdk-dev] [PATCH v2 4/7] examples/ipsec-secgw: fix outbound codepath for single SA Konstantin Ananyev
2018-11-30 17:04 ` [dpdk-dev] [PATCH v2 5/7] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2018-11-30 17:04 ` [dpdk-dev] [PATCH v2 6/7] examples/ipsec-secgw: make data-path " Konstantin Ananyev
2018-11-30 17:04 ` [dpdk-dev] [PATCH v2 7/7] examples/ipsec-secgw: add scripts for functional test Konstantin Ananyev
2018-11-22 18:49 ` [dpdk-dev] [PATCH 2/7] examples/ipsec-secgw: allow to specify neighbor mac address Konstantin Ananyev
2018-11-22 18:49 ` [dpdk-dev] [PATCH 3/7] examples/ipsec-secgw: fix crypto-op might never get dequeued Konstantin Ananyev
2018-11-22 18:49 ` [dpdk-dev] [PATCH 4/7] examples/ipsec-secgw: fix outbound codepath for single SA Konstantin Ananyev
2018-11-22 18:49 ` [dpdk-dev] [PATCH 5/7] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2018-11-22 18:49 ` [dpdk-dev] [PATCH 6/7] examples/ipsec-secgw: make data-path " Konstantin Ananyev
2018-11-22 18:49 ` [dpdk-dev] [PATCH 7/7] examples/ipsec-secgw: add scripts for functional test Konstantin Ananyev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1544111691-7481-9-git-send-email-konstantin.ananyev@intel.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=radu.nicolau@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).