[dts] [PATCH] add new ipsec test config

test suite reviews and discussions
 help / color / mirror / Atom feed

From: xuyanjie <yanjie.xu@intel.com>
To: dts@dpdk.org
Cc: xuyanjie <yanjie.xu@intel.com>
Subject: [dts] [PATCH] add new ipsec test config
Date: Tue, 16 Apr 2019 09:24:03 -0400	[thread overview]
Message-ID: <1555421043-168211-1-git-send-email-yanjie.xu@intel.com> (raw)

Signed-off-by: xuyanjie <yanjie.xu@intel.com>

diff --git a/conf/new_ipsec_test.cfg b/conf/new_ipsec_test.cfg
new file mode 100644
index 0000000..ea8a55d
--- /dev/null
+++ b/conf/new_ipsec_test.cfg
@@ -0,0 +1,253 @@
+###########################################################################
+#   IPSEC-SECGW Endpoint sample configuration
+#
+#   The main purpose of this file is to show how to configure two systems
+#   back-to-back that would forward traffic through an IPsec tunnel. This
+#   file is the Endpoint 0 configuration. To use this configuration file,
+#   add the following command-line option:
+#
+#       -f ./ep0.cfg
+#
+###########################################################################
+
+#SP IPv4 rules
+sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 30 pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 45 pri 1 dst 192.168.125.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 46 pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
+
+sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 135 pri 1 dst 192.168.35.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 136 pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535
+
+#SP IPv6 rules
+sp ipv6 out esp protect 5 pri 1 dst 0000:1111:1111:1111:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 6 pri 1 dst 0000:1111:1111:1111:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 10 pri 1 dst 0000:1111:1111:1111:0000:0000:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 11 pri 1 dst 0000:1111:1111:1111:1111:1111:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 25 pri 1 dst 0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 26 pri 1 dst 0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 30 pri 1 dst 0000:1111:1111:1111:9999:9999:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 31 pri 1 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 35 pri 1 dst 0000:1111:1111:1111:7777:7777:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 36 pri 1 dst 0000:1111:1111:1111:8888:8888:0000:0000/96 \
+sport 0:65535 dport 0:65535
+
+sp ipv6 out esp protect 15 pri 1 dst ffff:1111:1111:1111:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 16 pri 1 dst ffff:1111:1111:1111:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 110 pri 1 dst ffff:1111:1111:1111:0000:0000:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 111 pri 1 dst ffff:1111:1111:1111:1111:1111:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 125 pri 1 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 126 pri 1 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 130 pri 1 dst ffff:1111:1111:1111:9999:9999:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 131 pri 1 dst ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+
+#SA rules
+sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 6 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 11 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \
+dst 172.16.2.5
+
+sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \
+src 4444:4444:4444:4444:4444:4444:4444:1111 \
+dst 5555:5555:5555:5555:5555:5555:5555:2222
+
+sa out 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 1111:1111:1111:1111:1111:1111:1111:5555 \
+dst 2222:2222:2222:2222:2222:2222:2222:5555
+
+sa out 26 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src 1111:1111:1111:1111:1111:1111:1111:6666 \
+dst 2222:2222:2222:2222:2222:2222:2222:6666
+
+sa out 30 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \
+auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 7777:7777:7777:7777:7777:7777:7777:1111 \
+dst 8888:8888:8888:8888:8888:8888:8888:2222
+
+sa out 31 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode transport
+
+sa out 35 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 36 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \
+auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 45 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 46 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode ipv6-tunnel \
+src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \
+dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
+
+sa in 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 106 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 111 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \
+dst 172.16.1.5
+
+sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \
+src 5555:5555:5555:5555:5555:5555:5555:2222 \
+dst 4444:4444:4444:4444:4444:4444:4444:1111
+
+sa in 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 2222:2222:2222:2222:2222:2222:2222:5555 \
+dst 1111:1111:1111:1111:1111:1111:1111:5555
+
+sa in 126 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src 2222:2222:2222:2222:2222:2222:2222:6666 \
+dst 1111:1111:1111:1111:1111:1111:1111:6666
+
+sa in 130 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \
+auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 8888:8888:8888:8888:8888:8888:8888:2222 \
+dst 7777:7777:7777:7777:7777:7777:7777:1111
+
+sa in 131 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 135 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 136 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \
+auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 145 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 146 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \
+dst aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
+
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 0
+rt ipv4 dst 172.16.2.6/32 port 0
+rt ipv4 dst 192.168.175.0/24 port 0
+rt ipv4 dst 192.168.176.0/24 port 0
+rt ipv4 dst 192.168.240.0/24 port 0
+rt ipv4 dst 192.168.241.0/24 port 0
+rt ipv4 dst 192.168.115.0/24 port 0
+rt ipv4 dst 192.168.116.0/24 port 0
+rt ipv4 dst 192.168.65.0/24 port 0
+rt ipv4 dst 192.168.66.0/24 port 0
+rt ipv4 dst 192.168.185.0/24 port 0
+rt ipv4 dst 192.168.186.0/24 port 0
+rt ipv4 dst 192.168.210.0/24 port 0
+rt ipv4 dst 192.168.211.0/24 port 0
+rt ipv4 dst 192.168.245.0/24 port 0
+rt ipv4 dst 192.168.246.0/24 port 0
+rt ipv4 dst 192.168.26.0/24 port 0
+rt ipv4 dst 192.168.76.0/24 port 0
+rt ipv4 dst 192.168.35.0/24 port 0
+rt ipv4 dst 192.168.85.0/24 port 0
+rt ipv4 dst 192.168.86.0/24 port 0
+rt ipv4 dst 192.168.135.0/24 port 0
+rt ipv4 dst 192.168.136.0/24 port 0
+
+rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0
+rt ipv6 dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0
+rt ipv6 dst 5555:5555:5555:5555:5555:5555:5555:2222/116 port 0
+rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:5555/116 port 0
+rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:6666/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:8888:8888:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:9999:9999:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
+
+rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
-- 
2.7.4

                 reply	other threads:[~2019-04-16  7:37 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1555421043-168211-1-git-send-email-yanjie.xu@intel.com \
    --to=yanjie.xu@intel.com \
    --cc=dts@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).