[dpdk-dev] [PATCH v4 4/4] ipsec-secgw: add 3des test files

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Fan Zhang <roy.fan.zhang@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, roy.fan.zhang@intel.com
Subject: [dpdk-dev] [PATCH v4 4/4] ipsec-secgw: add 3des test files
Date: Wed, 20 Mar 2019 13:51:08 +0000	[thread overview]
Message-ID: <20190320135108.50909-5-roy.fan.zhang@intel.com> (raw)
Message-ID: <20190320135108.ZkxUFYNpG6dZohtPkgu9SLIFwN_V6GdKXw8tb-KMojs@z> (raw)
In-Reply-To: <20190320135108.50909-1-roy.fan.zhang@intel.com>

This patch adds the functional test scripts to ipsec-secgw
sample application for both transport and tunnel working
mode.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 examples/ipsec-secgw/test/run_test.sh              |  8 ++-
 .../test/trs_3descbc_sha1_common_defs.sh           | 73 ++++++++++++++++++++++
 examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh | 67 ++++++++++++++++++++
 .../test/trs_3descbc_sha1_esn_atom_defs.sh         |  5 ++
 .../ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh  | 66 +++++++++++++++++++
 .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  5 ++
 .../test/tun_3descbc_sha1_common_defs.sh           | 72 +++++++++++++++++++++
 examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh | 70 +++++++++++++++++++++
 .../test/tun_3descbc_sha1_esn_atom_defs.sh         |  5 ++
 .../ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh  | 70 +++++++++++++++++++++
 .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  5 ++
 11 files changed, 445 insertions(+), 1 deletion(-)
 create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh
 create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh
 create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh
 create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh
 create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
 create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh
 create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh
 create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh
 create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh
 create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh

diff --git a/examples/ipsec-secgw/test/run_test.sh b/examples/ipsec-secgw/test/run_test.sh
index 3c38d8850..38edb4183 100644
--- a/examples/ipsec-secgw/test/run_test.sh
+++ b/examples/ipsec-secgw/test/run_test.sh
@@ -38,7 +38,13 @@ tun_aesctr_sha1_esn \
 tun_aesctr_sha1_esn_atom \
 trs_aesctr_sha1 \
 trs_aesctr_sha1_esn \
-trs_aesctr_sha1_esn_atom"
+trs_aesctr_sha1_esn_atom \
+tun_3descbc_sha1 \
+tun_3descbc_sha1_esn \
+tun_3descbc_sha1_esn_atom \
+trs_3descbc_sha1 \
+trs_3descbc_sha1_esn \
+trs_3descbc_sha1_esn_atom"
 
 DIR=`dirname $0`
 
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh
new file mode 100644
index 000000000..bb4cef6a9
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh
@@ -0,0 +1,73 @@
+#! /bin/bash
+
+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
+
+#generate cfg file for ipsec-secgw
+config_secgw()
+{
+	cat <<EOF > ${SGW_CFG_FILE}
+#SP in IPv4 rules
+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 7 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 9 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+#SA out rules
+sa out 7 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+#SA out rules
+sa out 9 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+	cat ${SGW_CFG_FILE}
+}
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh
new file mode 100644
index 000000000..31f94492f
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh
@@ -0,0 +1,67 @@
+#! /bin/bash
+
+. ${DIR}/trs_3descbc_sha1_common_defs.sh
+
+SGW_CMD_XPRM='-w 300'
+
+config_remote_xfrm()
+{
+	ssh ${REMOTE_HOST} ip xfrm policy flush
+	ssh ${REMOTE_HOST} ip xfrm state flush
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm policy list
+	ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+	config_remote_xfrm
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 3
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 4
+
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm policy list
+	ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh
new file mode 100644
index 000000000..d7439ad15
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/trs_3descbc_sha1_esn_defs.sh
+
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh
new file mode 100644
index 000000000..e4283f3dd
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh
@@ -0,0 +1,66 @@
+#! /bin/bash
+
+. ${DIR}/trs_3descbc_sha1_common_defs.sh
+
+SGW_CMD_XPRM='-e -w 300'
+
+config_remote_xfrm()
+{
+	ssh ${REMOTE_HOST} ip xfrm policy flush
+	ssh ${REMOTE_HOST} ip xfrm state flush
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm policy list
+	ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+	config_remote_xfrm
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 3
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 4
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm policy list
+	ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
new file mode 100644
index 000000000..ffd945bac
--- /dev/null
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/trs_3descbc_sha1_defs.sh
+
+SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh
new file mode 100644
index 000000000..dd802d6be
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh
@@ -0,0 +1,72 @@
+#! /bin/bash
+
+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
+
+#generate cfg file for ipsec-secgw
+config_secgw()
+{
+	cat <<EOF > ${SGW_CFG_FILE}
+#sp in IPv4 rules
+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 7 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+sa in 9 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+#SA out rules
+sa out 7 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+sa out 9 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+	cat ${SGW_CFG_FILE}
+}
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh
new file mode 100644
index 000000000..2bbe14292
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh
@@ -0,0 +1,70 @@
+#! /bin/bash
+
+. ${DIR}/tun_3descbc_sha1_common_defs.sh
+
+SGW_CMD_XPRM='-w 300'
+
+config_remote_xfrm()
+{
+	ssh ${REMOTE_HOST} ip xfrm policy flush
+	ssh ${REMOTE_HOST} ip xfrm state flush
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm policy list
+	ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+	config_remote_xfrm
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 3
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 4
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm policy list
+	ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh
new file mode 100644
index 000000000..1d8e36cbd
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/tun_3descbc_sha1_esn_defs.sh
+
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh
new file mode 100644
index 000000000..98349c7bc
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh
@@ -0,0 +1,70 @@
+#! /bin/bash
+
+. ${DIR}/tun_3descbc_sha1_common_defs.sh
+
+SGW_CMD_XPRM='-e -w 300'
+
+config_remote_xfrm()
+{
+	ssh ${REMOTE_HOST} ip xfrm policy flush
+	ssh ${REMOTE_HOST} ip xfrm state flush
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm policy list
+	ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config6_remote_xfrm()
+{
+	config_remote_xfrm
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 3
+
+	ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 4
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+	ssh ${REMOTE_HOST} ip xfrm policy list
+	ssh ${REMOTE_HOST} ip xfrm state list
+}
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
new file mode 100644
index 000000000..eaf248ad1
--- /dev/null
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
@@ -0,0 +1,5 @@
+#! /bin/bash
+
+. ${DIR}/tun_3descbc_sha1_defs.sh
+
+SGW_CMD_XPRM=
-- 
2.14.5

next prev parent reply	other threads:[~2019-03-20 13:53 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-18 16:32 [dpdk-dev] [PATCH 0/4] ipsec: add AES-CTR and 3DES-CBC support Fan Zhang
2019-02-18 16:32 ` [dpdk-dev] [PATCH 1/4] ipsec: add AES-CTR algorithm support Fan Zhang
2019-02-18 16:32 ` [dpdk-dev] [PATCH 2/4] ipsec-secgw: add test scripts for aes ctr Fan Zhang
2019-02-18 16:32 ` [dpdk-dev] [PATCH 3/4] ipsec: add 3DES-CBC algorithm support Fan Zhang
2019-02-18 16:32 ` [dpdk-dev] [PATCH 4/4] ipsec-secgw: add 3des test files Fan Zhang
2019-02-19 15:32 ` [dpdk-dev] [PATCH v2 0/4] ipsec: add AES-CTR and 3DES-CBC support Fan Zhang
2019-02-19 15:32   ` [dpdk-dev] [PATCH v2 1/4] ipsec: add AES-CTR algorithm support Fan Zhang
2019-02-22 12:43     ` Ananyev, Konstantin
2019-03-19 14:32     ` Akhil Goyal
2019-03-19 14:32       ` Akhil Goyal
2019-02-19 15:32   ` [dpdk-dev] [PATCH v2 2/4] ipsec-secgw: add test scripts for aes ctr Fan Zhang
2019-02-22 12:39     ` Ananyev, Konstantin
2019-02-19 15:32   ` [dpdk-dev] [PATCH v2 3/4] ipsec: add 3DES-CBC algorithm support Fan Zhang
2019-02-22 12:38     ` Ananyev, Konstantin
2019-03-19 14:46     ` Akhil Goyal
2019-03-19 14:46       ` Akhil Goyal
2019-02-19 15:32   ` [dpdk-dev] [PATCH v2 4/4] ipsec-secgw: add 3des test files Fan Zhang
2019-02-22 12:40     ` Ananyev, Konstantin
2019-02-25 12:07   ` [dpdk-dev] [PATCH v3 0/4] ipsec: add AES-CTR and 3DES-CBC support Fan Zhang
2019-02-25 12:07     ` [dpdk-dev] [PATCH v3 1/4] ipsec: add AES-CTR algorithm support Fan Zhang
2019-02-25 12:07     ` [dpdk-dev] [PATCH v3 2/4] ipsec-secgw: add test scripts for aes ctr Fan Zhang
2019-02-25 12:07     ` [dpdk-dev] [PATCH v3 3/4] ipsec: add 3DES-CBC algorithm support Fan Zhang
2019-02-25 12:07     ` [dpdk-dev] [PATCH v3 4/4] ipsec-secgw: add 3des test files Fan Zhang
2019-03-04 16:38     ` [dpdk-dev] [PATCH v3 0/4] ipsec: add AES-CTR and 3DES-CBC support Ananyev, Konstantin
2019-03-20 13:51     ` [dpdk-dev] [PATCH v4 0/4] ipsec: support AES-CTR and 3DES-CBC Fan Zhang
2019-03-20 13:51       ` Fan Zhang
2019-03-20 13:51       ` [dpdk-dev] [PATCH v4 1/4] ipsec: support AES-CTR Fan Zhang
2019-03-20 13:51         ` Fan Zhang
2019-03-20 13:51       ` [dpdk-dev] [PATCH v4 2/4] ipsec-secgw: add test scripts for aes ctr Fan Zhang
2019-03-20 13:51         ` Fan Zhang
2019-03-20 13:51       ` [dpdk-dev] [PATCH v4 3/4] ipsec: support 3DES-CBC Fan Zhang
2019-03-20 13:51         ` Fan Zhang
2019-03-20 13:51       ` Fan Zhang [this message]
2019-03-20 13:51         ` [dpdk-dev] [PATCH v4 4/4] ipsec-secgw: add 3des test files Fan Zhang
2019-03-20 15:38       ` [dpdk-dev] [PATCH v5 0/5] ipsec: support AES-CTR and 3DES-CBC Fan Zhang
2019-03-20 15:38         ` Fan Zhang
2019-03-20 15:38         ` [dpdk-dev] [PATCH v5 1/5] ipsec: support AES-CTR Fan Zhang
2019-03-20 15:38           ` Fan Zhang
2019-03-22 11:53           ` Akhil Goyal
2019-03-22 11:53             ` Akhil Goyal
2019-03-22 12:46             ` Ananyev, Konstantin
2019-03-22 12:46               ` Ananyev, Konstantin
2019-03-22 13:01               ` Akhil Goyal
2019-03-22 13:01                 ` Akhil Goyal
2019-03-20 15:38         ` [dpdk-dev] [PATCH v5 2/5] ipsec-secgw: add test scripts for aes ctr Fan Zhang
2019-03-20 15:38           ` Fan Zhang
2019-03-20 15:38         ` [dpdk-dev] [PATCH v5 3/5] ipsec: support 3DES-CBC Fan Zhang
2019-03-20 15:38           ` Fan Zhang
2019-03-20 15:38         ` [dpdk-dev] [PATCH v5 4/5] ipsec-secgw: add 3des test files Fan Zhang
2019-03-20 15:38           ` Fan Zhang
2019-03-20 15:38         ` [dpdk-dev] [PATCH v5 5/5] doc: update release note Fan Zhang
2019-03-20 15:38           ` Fan Zhang
2019-03-22 14:59         ` [dpdk-dev] [PATCH v5 0/5] ipsec: support AES-CTR and 3DES-CBC Akhil Goyal
2019-03-22 14:59           ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190320135108.50909-5-roy.fan.zhang@intel.com \
    --to=roy.fan.zhang@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).