From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0B415423AF; Wed, 11 Jan 2023 21:57:26 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4B1F242D6E; Wed, 11 Jan 2023 21:56:26 +0100 (CET) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mails.dpdk.org (Postfix) with ESMTP id 2186542D60 for ; Wed, 11 Jan 2023 21:56:23 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673470584; x=1705006584; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=k9Xp7VeH11anQvoUkTVDiKTmRP3BCARjXMjpmOwnLVA=; b=JOk4U/ai9v65bBFgQGJdv0/caB6qeyMWj4C3okZYRi0W4AkVgf9QC3Ol MuwPmthTWMOmqMEEgUQap1jt9eeq0DUNdTLfieiZiT50tF39KgFnLOmYz DxVs/dwUwlRIS8+6xiqKE+sdb8tgtFYNYV/l4r0GKof8tGHpUp1LoZ340 oVgxS4JbimKfSGMUYZEK+D8xkDpxpl5Nf8IPGQH13MOwyyxtyoTaJN/Al Ua4grT+fu/goOxRv8T8OFFTY3ZDlsE+7B9HIkcUp1ouie6+gTR3eS4o+6 eMz5ALFU/RtCzbsjFtZfHotVX/NtBLf8Ng5/sZlbFbBXEsVDE/tJk76cN w==; X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="303229802" X-IronPort-AV: E=Sophos;i="5.96,317,1665471600"; d="scan'208";a="303229802" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2023 12:56:23 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="607518913" X-IronPort-AV: E=Sophos;i="5.96,317,1665471600"; d="scan'208";a="607518913" Received: from silpixa00400573.ir.intel.com (HELO silpixa00400573.ger.corp.intel.com) ([10.237.222.53]) by orsmga003.jf.intel.com with ESMTP; 11 Jan 2023 12:56:21 -0800 From: Cristian Dumitrescu To: dev@dpdk.org Cc: Kamalakannan R Subject: [PATCH 11/11] examples/pipeline: add IPsec example Date: Wed, 11 Jan 2023 20:56:08 +0000 Message-Id: <20230111205608.87953-12-cristian.dumitrescu@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230111205608.87953-1-cristian.dumitrescu@intel.com> References: <20230111205608.87953-1-cristian.dumitrescu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add example files to illustrate the pipeline IPsec support. Signed-off-by: Cristian Dumitrescu Signed-off-by: Kamalakannan R --- examples/pipeline/examples/ipsec.cli | 57 +++++++ examples/pipeline/examples/ipsec.io | 23 +++ examples/pipeline/examples/ipsec.spec | 138 +++++++++++++++ examples/pipeline/examples/ipsec_sa.txt | 216 ++++++++++++++++++++++++ 4 files changed, 434 insertions(+) create mode 100644 examples/pipeline/examples/ipsec.cli create mode 100644 examples/pipeline/examples/ipsec.io create mode 100644 examples/pipeline/examples/ipsec.spec create mode 100644 examples/pipeline/examples/ipsec_sa.txt diff --git a/examples/pipeline/examples/ipsec.cli b/examples/pipeline/examples/ipsec.cli new file mode 100644 index 0000000000..8cb5bf4239 --- /dev/null +++ b/examples/pipeline/examples/ipsec.cli @@ -0,0 +1,57 @@ +; SPDX-License-Identifier: BSD-3-Clause +; Copyright(c) 2022 Intel Corporation + +# Example command line: +# ./build/examples/dpdk-pipeline -l0-1 --vdev crypto_aesni_mb0 -- -s ./examples/pipeline/examples/ipsec.cli +# +# Once the application has started, the command to get the CLI prompt is: +# telnet 0.0.0.0 8086 + +; +; Pipeline code generation & shared object library build. +; +pipeline codegen ./examples/pipeline/examples/ipsec.spec /tmp/ipsec.c +pipeline libbuild /tmp/ipsec.c /tmp/ipsec.so + +; +; List of DPDK devices. +; +; Note: Customize the parameters below to match your setup. +; +mempool MEMPOOL0 meta 128 pkt 2176 pool 32K cache 256 numa 0 +ethdev 0000:18:00.0 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on +ethdev 0000:18:00.1 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on +ethdev 0000:3b:00.0 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on +ethdev 0000:3b:00.1 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on + +cryptodev crypto_aesni_mb0 queues 1 qsize 128 +ring RING0 size 1024 numa 0 +ring RING1 size 1024 numa 0 + +; +; List of pipelines. +; +pipeline PIPELINE0 build lib /tmp/ipsec.so io ./examples/pipeline/examples/ipsec.io numa 0 + +; +; List of IPsec devices. +; +ipsec IPSEC0 create in RING0 out RING1 cryptodev crypto_aesni_mb0 cryptoq 0 bsz 32 32 32 32 samax 512 numa 0 + +; +; Initial set of table entries. +; +; The table entries can later be updated at run-time through the CLI commands. +; +//pipeline PIPELINE0 table policy_table add ./examples/pipeline/examples/ipsec_policy_table.txt +//pipeline PIPELINE0 table routing_table add ./examples/pipeline/examples/ipsec_routing_table.txt +//pipeline PIPELINE0 table nexthop_table add ./examples/pipeline/examples/ipsec_nexthop_table.txt +//pipeline PIPELINE0 commit + +ipsec IPSEC0 sa add ./examples/pipeline/examples/ipsec_sa.txt + +; +; Pipelines and blocks mapping to CPU threads. +; +pipeline PIPELINE0 enable thread 1 +block type ipsec instance IPSEC0 enable thread 1 diff --git a/examples/pipeline/examples/ipsec.io b/examples/pipeline/examples/ipsec.io new file mode 100644 index 0000000000..f5a3fcf961 --- /dev/null +++ b/examples/pipeline/examples/ipsec.io @@ -0,0 +1,23 @@ +; SPDX-License-Identifier: BSD-3-Clause +; Copyright(c) 2022 Intel Corporation + +; +; Pipeline packet mirroring. +; +mirroring slots 4 sessions 64 + +; +; Pipeline input ports. +; +; Note: Customize the parameters below to match your setup. +; +port in 0 ethdev 0000:18:00.0 rxq 0 bsz 32 +port in 1 ring RING1 bsz 32 + +; +; Pipeline output ports. +; +; Note: Customize the parameters below to match your setup. +; +port out 0 ethdev 0000:18:00.0 txq 0 bsz 32 +port out 1 ring RING0 bsz 32 diff --git a/examples/pipeline/examples/ipsec.spec b/examples/pipeline/examples/ipsec.spec new file mode 100644 index 0000000000..376d9f9334 --- /dev/null +++ b/examples/pipeline/examples/ipsec.spec @@ -0,0 +1,138 @@ +; SPDX-License-Identifier: BSD-3-Clause +; Copyright(c) 2020 Intel Corporation + +// +// Headers +// +struct ethernet_h { + bit<48> dst_addr + bit<48> src_addr + bit<16> ethertype +} + +struct ipv4_h { + bit<8> ver_ihl + bit<8> diffserv + bit<16> total_len + bit<16> identification + bit<16> flags_offset + bit<8> ttl + bit<8> protocol + bit<16> hdr_checksum + bit<32> src_addr + bit<32> dst_addr +} + +struct udp_h { + bit<16> src_port + bit<16> dst_port + bit<16> length + bit<16> checksum +} + +struct ipsec_internal_h { + bit<32> sa_id +} + +header ethernet instanceof ethernet_h +header ipv4 instanceof ipv4_h +header udp instanceof udp_h +header ipsec_internal instanceof ipsec_internal_h + +// +// Meta-data +// +struct metadata_t { + bit<32> port_in + bit<32> port_out + + bit<32> src_addr + bit<32> dst_addr + bit<8> protocol + bit<16> src_port + bit<16> dst_port +} + +metadata instanceof metadata_t + +// +// Actions +// +struct encrypt_args_t { + bit<32> sa_id +} + +action encrypt args instanceof encrypt_args_t { + //Set the IPsec internal header. + validate h.ipsec_internal + mov h.ipsec_internal.sa_id t.sa_id + + return +} + +action drop args none { + drop +} + +// +// Tables. +// +table policy_table { + key { + m.src_addr exact + m.dst_addr exact + m.protocol exact + m.src_port exact + m.dst_port exact + } + + actions { + encrypt + drop + } + + default_action encrypt args sa_id 0 + size 65536 +} + +// +// Pipeline. +// +apply { + rx m.port_in + + jmpeq FROM_IPSEC_TO_NET m.port_in 1 + +FROM_NET_TO_IPSEC : extract h.ethernet + + extract h.ipv4 + mov m.src_addr h.ipv4.src_addr + mov m.dst_addr h.ipv4.dst_addr + mov m.protocol h.ipv4.protocol + + extract h.udp + mov m.src_port h.udp.src_port + mov m.dst_port h.udp.dst_port + + table policy_table + + mov m.port_out 1 + + emit h.ipsec_internal + emit h.ipv4 + emit h.udp + tx m.port_out + +FROM_IPSEC_TO_NET : extract h.ipv4 + + validate h.ethernet + mov h.ethernet.dst_addr 0xa0b0c0d0e0f0 + mov h.ethernet.src_addr 0xa1b1c1d1e1f1 + mov h.ethernet.ethertype 0x0800 + + mov m.port_out 0 + + emit h.ethernet + emit h.ipv4 + tx m.port_out +} diff --git a/examples/pipeline/examples/ipsec_sa.txt b/examples/pipeline/examples/ipsec_sa.txt new file mode 100644 index 0000000000..37bfd8a9ce --- /dev/null +++ b/examples/pipeline/examples/ipsec_sa.txt @@ -0,0 +1,216 @@ +; SPDX-License-Identifier: BSD-3-Clause +; Copyright(c) 2022 Intel Corporation + +// IPsec SA syntax: +// +// +// : encrypt +// | decrypt +// ; +// +// +// : +// | +// ; +// +// +// : cipher key +// | cipher +// ; +// +// +// : auth key +// | auth +// ; +// +// +// : aead key +// ; +// +// +// : esp spi tunnel ipv4 srcaddr dstaddr +// | esp spi tunnel ipv6 srcaddr dstaddr +// | esp spi transport +// ; + +// +// cipher = null, auth = null +// +encrypt cipher null auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher null auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher null auth null esp spi 100 transport +decrypt cipher null auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher null auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher null auth null esp spi 100 transport + +// +// aes-gcm-128 +// +encrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 transport +decrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 transport + +// +// aes-gcm-192 +// +encrypt aead aes-gcm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt aead aes-gcm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt aead aes-gcm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 transport +decrypt aead aes-gcm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt aead aes-gcm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt aead aes-gcm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 transport + +// +// aes-gcm-256 +// +encrypt aead aes-gcm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt aead aes-gcm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt aead aes-gcm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 transport +decrypt aead aes-gcm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt aead aes-gcm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt aead aes-gcm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 transport + +// +// aes-ccm-128 +// +encrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 transport +decrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 transport + +// +// aes-ccm-192 +// +// Note: Currently not supported by the "aesni_mb" library. +// +;encrypt aead aes-ccm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +;encrypt aead aes-ccm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +;encrypt aead aes-ccm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 transport +;decrypt aead aes-ccm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +;decrypt aead aes-ccm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +;decrypt aead aes-ccm-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 transport + +// +// aes-ccm-256 +// +encrypt aead aes-ccm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt aead aes-ccm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt aead aes-ccm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 transport +decrypt aead aes-ccm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt aead aes-ccm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt aead aes-ccm-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 transport + +// +// chacha20-poly1305 +// +encrypt aead chacha20-poly1305 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt aead chacha20-poly1305 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt aead chacha20-poly1305 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 transport +decrypt aead chacha20-poly1305 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt aead chacha20-poly1305 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt aead chacha20-poly1305 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp spi 100 transport + +// +// cipher = aes-cbc-128, auth = null +// +encrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null esp spi 100 transport +decrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null esp spi 100 transport + +// +// cipher = aes-cbc-192, auth = null +// +encrypt cipher aes-cbc-192 key 0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher aes-cbc-192 key 0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher aes-cbc-192 key 0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 transport +decrypt cipher aes-cbc-192 key 0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher aes-cbc-192 key 0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher aes-cbc-192 key 0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 transport + +// +// cipher = aes-cbc-256, auth = null +// +encrypt cipher aes-cbc-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher aes-cbc-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher aes-cbc-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null esp spi 100 transport +decrypt cipher aes-cbc-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher aes-cbc-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher aes-cbc-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null esp spi 100 transport + +// +// cipher = aes-ctr-128, auth = null +// +encrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth null esp spi 100 transport +decrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth null esp spi 100 transport + +// +// cipher = aes-ctr-192, auth = null +// +encrypt cipher aes-ctr-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher aes-ctr-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher aes-ctr-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi 100 transport +decrypt cipher aes-ctr-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher aes-ctr-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher aes-ctr-192 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi 100 transport + +// +// cipher = aes-ctr-256, auth = null +// +encrypt cipher aes-ctr-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher aes-ctr-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher aes-ctr-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth null esp spi 100 transport +decrypt cipher aes-ctr-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher aes-ctr-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher aes-ctr-256 key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth null esp spi 100 transport + +// +// cipher = null, auth = sha1-hmac +// +encrypt cipher null auth sha1-hmac key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher null auth sha1-hmac key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher null auth sha1-hmac key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 transport +decrypt cipher null auth sha1-hmac key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher null auth sha1-hmac key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher null auth sha1-hmac key 0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 transport + +// +// cipher = null, auth = sha256-hmac +// +encrypt cipher null auth sha256-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher null auth sha256-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher null auth sha256-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100 transport +decrypt cipher null auth sha256-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher null auth sha256-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher null auth sha256-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100 transport + +// +// cipher = null, auth = sha384-hmac +// +encrypt cipher null auth sha384-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher null auth sha384-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher null auth sha384-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f esp spi 100 transport +decrypt cipher null auth sha384-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher null auth sha384-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher null auth sha384-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f esp spi 100 transport + +// +// cipher = null, auth = sha512-hmac +// +encrypt cipher null auth sha512-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +encrypt cipher null auth sha512-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +encrypt cipher null auth sha512-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f esp spi 100 transport +decrypt cipher null auth sha512-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3 +decrypt cipher null auth sha512-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf +decrypt cipher null auth sha512-hmac key 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f esp spi 100 transport -- 2.34.1