From: xuyanjie <yanjie.xu@intel.com>
To: dts@dpdk.org
Cc: xuyanjie <yanjie.xu@intel.com>
Subject: [dts] [PATCH] add new ipsec test config
Date: Tue, 16 Apr 2019 09:24:03 -0400 [thread overview]
Message-ID: <1555421043-168211-1-git-send-email-yanjie.xu@intel.com> (raw)
Signed-off-by: xuyanjie <yanjie.xu@intel.com>
diff --git a/conf/new_ipsec_test.cfg b/conf/new_ipsec_test.cfg
new file mode 100644
index 0000000..ea8a55d
--- /dev/null
+++ b/conf/new_ipsec_test.cfg
@@ -0,0 +1,253 @@
+###########################################################################
+# IPSEC-SECGW Endpoint sample configuration
+#
+# The main purpose of this file is to show how to configure two systems
+# back-to-back that would forward traffic through an IPsec tunnel. This
+# file is the Endpoint 0 configuration. To use this configuration file,
+# add the following command-line option:
+#
+# -f ./ep0.cfg
+#
+###########################################################################
+
+#SP IPv4 rules
+sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 30 pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 45 pri 1 dst 192.168.125.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 46 pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
+
+sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 135 pri 1 dst 192.168.35.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 136 pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535
+
+#SP IPv6 rules
+sp ipv6 out esp protect 5 pri 1 dst 0000:1111:1111:1111:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 6 pri 1 dst 0000:1111:1111:1111:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 10 pri 1 dst 0000:1111:1111:1111:0000:0000:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 11 pri 1 dst 0000:1111:1111:1111:1111:1111:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 25 pri 1 dst 0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 26 pri 1 dst 0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 30 pri 1 dst 0000:1111:1111:1111:9999:9999:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 31 pri 1 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 35 pri 1 dst 0000:1111:1111:1111:7777:7777:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 36 pri 1 dst 0000:1111:1111:1111:8888:8888:0000:0000/96 \
+sport 0:65535 dport 0:65535
+
+sp ipv6 out esp protect 15 pri 1 dst ffff:1111:1111:1111:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 16 pri 1 dst ffff:1111:1111:1111:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 110 pri 1 dst ffff:1111:1111:1111:0000:0000:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 111 pri 1 dst ffff:1111:1111:1111:1111:1111:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 125 pri 1 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 126 pri 1 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 130 pri 1 dst ffff:1111:1111:1111:9999:9999:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 131 pri 1 dst ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+
+#SA rules
+sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 6 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 11 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \
+dst 172.16.2.5
+
+sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \
+src 4444:4444:4444:4444:4444:4444:4444:1111 \
+dst 5555:5555:5555:5555:5555:5555:5555:2222
+
+sa out 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 1111:1111:1111:1111:1111:1111:1111:5555 \
+dst 2222:2222:2222:2222:2222:2222:2222:5555
+
+sa out 26 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src 1111:1111:1111:1111:1111:1111:1111:6666 \
+dst 2222:2222:2222:2222:2222:2222:2222:6666
+
+sa out 30 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \
+auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 7777:7777:7777:7777:7777:7777:7777:1111 \
+dst 8888:8888:8888:8888:8888:8888:8888:2222
+
+sa out 31 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode transport
+
+sa out 35 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 36 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \
+auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 45 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 46 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode ipv6-tunnel \
+src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \
+dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
+
+sa in 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 106 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 111 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \
+dst 172.16.1.5
+
+sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \
+src 5555:5555:5555:5555:5555:5555:5555:2222 \
+dst 4444:4444:4444:4444:4444:4444:4444:1111
+
+sa in 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 2222:2222:2222:2222:2222:2222:2222:5555 \
+dst 1111:1111:1111:1111:1111:1111:1111:5555
+
+sa in 126 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src 2222:2222:2222:2222:2222:2222:2222:6666 \
+dst 1111:1111:1111:1111:1111:1111:1111:6666
+
+sa in 130 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \
+auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 8888:8888:8888:8888:8888:8888:8888:2222 \
+dst 7777:7777:7777:7777:7777:7777:7777:1111
+
+sa in 131 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 135 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 136 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \
+auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 145 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 146 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \
+dst aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
+
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 0
+rt ipv4 dst 172.16.2.6/32 port 0
+rt ipv4 dst 192.168.175.0/24 port 0
+rt ipv4 dst 192.168.176.0/24 port 0
+rt ipv4 dst 192.168.240.0/24 port 0
+rt ipv4 dst 192.168.241.0/24 port 0
+rt ipv4 dst 192.168.115.0/24 port 0
+rt ipv4 dst 192.168.116.0/24 port 0
+rt ipv4 dst 192.168.65.0/24 port 0
+rt ipv4 dst 192.168.66.0/24 port 0
+rt ipv4 dst 192.168.185.0/24 port 0
+rt ipv4 dst 192.168.186.0/24 port 0
+rt ipv4 dst 192.168.210.0/24 port 0
+rt ipv4 dst 192.168.211.0/24 port 0
+rt ipv4 dst 192.168.245.0/24 port 0
+rt ipv4 dst 192.168.246.0/24 port 0
+rt ipv4 dst 192.168.26.0/24 port 0
+rt ipv4 dst 192.168.76.0/24 port 0
+rt ipv4 dst 192.168.35.0/24 port 0
+rt ipv4 dst 192.168.85.0/24 port 0
+rt ipv4 dst 192.168.86.0/24 port 0
+rt ipv4 dst 192.168.135.0/24 port 0
+rt ipv4 dst 192.168.136.0/24 port 0
+
+rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0
+rt ipv6 dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0
+rt ipv6 dst 5555:5555:5555:5555:5555:5555:5555:2222/116 port 0
+rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:5555/116 port 0
+rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:6666/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:8888:8888:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:9999:9999:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
+
+rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
--
2.7.4
reply other threads:[~2019-04-16 7:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1555421043-168211-1-git-send-email-yanjie.xu@intel.com \
--to=yanjie.xu@intel.com \
--cc=dts@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).