[dts] [PATCH] add new ipsec-gw lib test config

test suite reviews and discussions
 help / color / mirror / Atom feed

* [dts] [PATCH] add new ipsec-gw lib test config
@ 2019-04-16 12:35 xuyanjie
  2019-04-16 17:42 ` Tu, Lijuan
  0 siblings, 1 reply; 2+ messages in thread
From: xuyanjie @ 2019-04-16 12:35 UTC (permalink / raw)
  To: dts; +Cc: xuyanjie

Signed-off-by: xuyanjie <yanjie.xu@intel.com>

diff --git a/conf/new_lib_ipsec_test.cfg b/conf/new_lib_ipsec_test.cfg
new file mode 100644
index 0000000..ea8a55d
--- /dev/null
+++ b/conf/new_lib_ipsec_test.cfg
@@ -0,0 +1,253 @@
+###########################################################################
+#   IPSEC-SECGW Endpoint sample configuration
+#
+#   The main purpose of this file is to show how to configure two systems
+#   back-to-back that would forward traffic through an IPsec tunnel. This
+#   file is the Endpoint 0 configuration. To use this configuration file,
+#   add the following command-line option:
+#
+#       -f ./ep0.cfg
+#
+###########################################################################
+
+#SP IPv4 rules
+sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 30 pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 45 pri 1 dst 192.168.125.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp protect 46 pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
+
+sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 135 pri 1 dst 192.168.35.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 136 pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535
+
+#SP IPv6 rules
+sp ipv6 out esp protect 5 pri 1 dst 0000:1111:1111:1111:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 6 pri 1 dst 0000:1111:1111:1111:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 10 pri 1 dst 0000:1111:1111:1111:0000:0000:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 11 pri 1 dst 0000:1111:1111:1111:1111:1111:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 25 pri 1 dst 0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 26 pri 1 dst 0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 30 pri 1 dst 0000:1111:1111:1111:9999:9999:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 31 pri 1 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 35 pri 1 dst 0000:1111:1111:1111:7777:7777:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 36 pri 1 dst 0000:1111:1111:1111:8888:8888:0000:0000/96 \
+sport 0:65535 dport 0:65535
+
+sp ipv6 out esp protect 15 pri 1 dst ffff:1111:1111:1111:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 16 pri 1 dst ffff:1111:1111:1111:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 110 pri 1 dst ffff:1111:1111:1111:0000:0000:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 111 pri 1 dst ffff:1111:1111:1111:1111:1111:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 125 pri 1 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 126 pri 1 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 130 pri 1 dst ffff:1111:1111:1111:9999:9999:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 131 pri 1 dst ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \
+sport 0:65535 dport 0:65535
+
+#SA rules
+sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 6 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 11 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \
+dst 172.16.2.5
+
+sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \
+src 4444:4444:4444:4444:4444:4444:4444:1111 \
+dst 5555:5555:5555:5555:5555:5555:5555:2222
+
+sa out 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 1111:1111:1111:1111:1111:1111:1111:5555 \
+dst 2222:2222:2222:2222:2222:2222:2222:5555
+
+sa out 26 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src 1111:1111:1111:1111:1111:1111:1111:6666 \
+dst 2222:2222:2222:2222:2222:2222:2222:6666
+
+sa out 30 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \
+auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 7777:7777:7777:7777:7777:7777:7777:1111 \
+dst 8888:8888:8888:8888:8888:8888:8888:2222
+
+sa out 31 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode transport
+
+sa out 35 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
+
+sa out 36 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \
+auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa out 45 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
+
+sa out 46 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode ipv6-tunnel \
+src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \
+dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
+
+sa in 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 106 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
+a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 111 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \
+dst 172.16.1.5
+
+sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \
+src 5555:5555:5555:5555:5555:5555:5555:2222 \
+dst 4444:4444:4444:4444:4444:4444:4444:1111
+
+sa in 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 2222:2222:2222:2222:2222:2222:2222:5555 \
+dst 1111:1111:1111:1111:1111:1111:1111:5555
+
+sa in 126 aead_algo aes-128-gcm aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src 2222:2222:2222:2222:2222:2222:2222:6666 \
+dst 1111:1111:1111:1111:1111:1111:1111:6666
+
+sa in 130 cipher_algo aes-256-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3 \
+auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
+c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
+src 8888:8888:8888:8888:8888:8888:8888:2222 \
+dst 7777:7777:7777:7777:7777:7777:7777:1111
+
+sa in 131 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+
+sa in 135 cipher_algo aes-256-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
+mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
+
+sa in 136 cipher_algo aes-256-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \
+auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
+
+sa in 145 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
+
+sa in 146 cipher_algo aes-128-ctr cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel \
+src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \
+dst aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
+
+
+#Routing rules
+rt ipv4 dst 172.16.2.5/32 port 0
+rt ipv4 dst 172.16.2.6/32 port 0
+rt ipv4 dst 192.168.175.0/24 port 0
+rt ipv4 dst 192.168.176.0/24 port 0
+rt ipv4 dst 192.168.240.0/24 port 0
+rt ipv4 dst 192.168.241.0/24 port 0
+rt ipv4 dst 192.168.115.0/24 port 0
+rt ipv4 dst 192.168.116.0/24 port 0
+rt ipv4 dst 192.168.65.0/24 port 0
+rt ipv4 dst 192.168.66.0/24 port 0
+rt ipv4 dst 192.168.185.0/24 port 0
+rt ipv4 dst 192.168.186.0/24 port 0
+rt ipv4 dst 192.168.210.0/24 port 0
+rt ipv4 dst 192.168.211.0/24 port 0
+rt ipv4 dst 192.168.245.0/24 port 0
+rt ipv4 dst 192.168.246.0/24 port 0
+rt ipv4 dst 192.168.26.0/24 port 0
+rt ipv4 dst 192.168.76.0/24 port 0
+rt ipv4 dst 192.168.35.0/24 port 0
+rt ipv4 dst 192.168.85.0/24 port 0
+rt ipv4 dst 192.168.86.0/24 port 0
+rt ipv4 dst 192.168.135.0/24 port 0
+rt ipv4 dst 192.168.136.0/24 port 0
+
+rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0
+rt ipv6 dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0
+rt ipv6 dst 5555:5555:5555:5555:5555:5555:5555:2222/116 port 0
+rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:5555/116 port 0
+rt ipv6 dst 2222:2222:2222:2222:2222:2222:2222:6666/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:8888:8888:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:9999:9999:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:0000:0000:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:1111:1111:0000:0000/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0
+rt ipv6 dst 0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
+
+rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0
+rt ipv6 dst ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
-- 
2.7.4


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [dts] [PATCH] add new ipsec-gw lib test config
  2019-04-16 12:35 [dts] [PATCH] add new ipsec-gw lib test config xuyanjie
@ 2019-04-16 17:42 ` Tu, Lijuan
  0 siblings, 0 replies; 2+ messages in thread
From: Tu, Lijuan @ 2019-04-16 17:42 UTC (permalink / raw)
  To: Xu, Yanjie, dts; +Cc: Xu, Yanjie



> -----Original Message-----
> From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of xuyanjie
> Sent: Tuesday, April 16, 2019 5:36 AM
> To: dts@dpdk.org
> Cc: Xu, Yanjie <yanjie.xu@intel.com>
> Subject: [dts] [PATCH] add new ipsec-gw lib test config
> 
> Signed-off-by: xuyanjie <yanjie.xu@intel.com>
> 
> diff --git a/conf/new_lib_ipsec_test.cfg b/conf/new_lib_ipsec_test.cfg new
> file mode 100644 index 0000000..ea8a55d
> --- /dev/null
> +++ b/conf/new_lib_ipsec_test.cfg
> @@ -0,0 +1,253 @@
> +###############################################################
> ############
> +#   IPSEC-SECGW Endpoint sample configuration
> +#
> +#   The main purpose of this file is to show how to configure two systems
> +#   back-to-back that would forward traffic through an IPsec tunnel. This
> +#   file is the Endpoint 0 configuration. To use this configuration file,
> +#   add the following command-line option:
> +#
> +#       -f ./ep0.cfg
> +#
> +###############################################################
> ########
> +####
[Lijuan] Did you copy from somewhere, and forgot to remove them?
There is no usage as "-f ./ep0.cfg " in DTS
> +
> +#SP IPv4 rules
> +sp ipv4 out esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 out esp protect 6 pri 1 dst 192.168.106.0/24
> +sport 0:65535 dport 0:65535 sp ipv4 out esp protect 10 pri 1 dst
> +192.168.175.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 11
> +pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 out esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 out esp protect 25 pri 1 dst 192.168.55.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 out esp protect 26 pri 1 dst
> +192.168.56.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 30
> +pri 1 dst 192.168.75.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +protect 31 pri 1 dst 192.168.76.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 out esp protect 35 pri 1 dst 192.168.25.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 out esp protect 36 pri 1 dst 192.168.26.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 out esp protect 45 pri 1 dst
> +192.168.125.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp protect 46
> +pri 1 dst 192.168.126.0/24 sport 0:65535 dport 0:65535 sp ipv4 out esp
> +bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535 sp ipv4
> +out esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
> +
> +sp ipv4 in esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 in esp protect 106 pri 1 dst 192.168.116.0/24
> +sport 0:65535 dport 0:65535 sp ipv4 in esp protect 110 pri 1 dst
> +192.168.185.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 111
> +pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp protect 115 pri 1 dst 192.168.210.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 in esp protect 125 pri 1 dst
> +192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 125
> +pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 130 pri 1 dst 192.168.85.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp protect 131 pri 1 dst 192.168.86.0/24 sport
> +0:65535 dport 0:65535 sp ipv4 in esp protect 135 pri 1 dst
> +192.168.35.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp protect 136
> +pri 1 dst 192.168.36.0/24 sport 0:65535 dport 0:65535 sp ipv4 in esp
> +protect 145 pri 1 dst 192.168.135.0/24 sport 0:65535 dport 0:65535 sp
> +ipv4 in esp protect 146 pri 1 dst 192.168.136.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535
> +dport 0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.246.0/24 sport
> +0:65535 dport 0:65535
> +
> +#SP IPv6 rules
> +sp ipv6 out esp protect 5 pri 1 dst
> +0000:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 6 pri 1 dst
> +0000:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 10 pri 1 dst
> +0000:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 11 pri 1 dst
> +0000:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 25 pri 1 dst
> +0000:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 26 pri 1 dst
> +0000:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 30 pri 1 dst
> +0000:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 31 pri 1 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 35 pri 1 dst
> +0000:1111:1111:1111:7777:7777:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 36 pri 1 dst
> +0000:1111:1111:1111:8888:8888:0000:0000/96 \ sport 0:65535 dport
> +0:65535
> +
> +sp ipv6 out esp protect 15 pri 1 dst
> +ffff:1111:1111:1111:5555:5555:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 16 pri 1 dst
> +ffff:1111:1111:1111:6666:6666:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 110 pri 1 dst
> +ffff:1111:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 111 pri 1 dst
> +ffff:1111:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 125 pri 1 dst
> +ffff:1111:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 126 pri 1 dst
> +ffff:1111:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 130 pri 1 dst
> +ffff:1111:1111:1111:9999:9999:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 131 pri 1 dst
> +ffff:1111:1111:1111:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport
> +0:65535
> +
> +#SA rules
> +sa out 5 cipher_algo aes-128-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
> +172.16.1.5 dst 172.16.2.5
> +
> +sa out 6 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
> +
> +sa out 10 cipher_algo aes-128-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa out 11 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel src
> +172.16.1.5 \ dst 172.16.2.5
> +
> +sa out 16 cipher_algo null auth_algo null mode ipv6-tunnel \ src
> +4444:4444:4444:4444:4444:4444:4444:1111 \ dst
> +5555:5555:5555:5555:5555:5555:5555:2222
> +
> +sa out 25 cipher_algo aes-128-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +1111:1111:1111:1111:1111:1111:1111:5555 \ dst
> +2222:2222:2222:2222:2222:2222:2222:5555
> +
> +sa out 26 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src 1111:1111:1111:1111:1111:1111:1111:6666 \ dst
> +2222:2222:2222:2222:2222:2222:2222:6666
> +
> +sa out 30 cipher_algo aes-256-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
> +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +7777:7777:7777:7777:7777:7777:7777:1111 \ dst
> +8888:8888:8888:8888:8888:8888:8888:2222
> +
> +sa out 31 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
> +transport
> +
> +sa out 35 cipher_algo aes-256-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
> +
> +sa out 36 cipher_algo aes-256-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac
> +auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa out 45 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
> +
> +sa out 46 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef mode
> +ipv6-tunnel \ src aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111 \ dst
> +bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222
> +
> +sa in 105 cipher_algo aes-128-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ auth_algo sha1-hmac auth_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode ipv4-tunnel src
> +172.16.2.5 dst 172.16.1.5
> +
> +sa in 106 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
> +
> +sa in 110 cipher_algo aes-128-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
> +a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
> +
> +sa in 111 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa in 115 cipher_algo null auth_algo null mode ipv4-tunnel src
> +172.16.2.5 \ dst 172.16.1.5
> +
> +sa in 116 cipher_algo null auth_algo null mode ipv6-tunnel \ src
> +5555:5555:5555:5555:5555:5555:5555:2222 \ dst
> +4444:4444:4444:4444:4444:4444:4444:1111
> +
> +sa in 125 cipher_algo aes-128-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +2222:2222:2222:2222:2222:2222:2222:5555 \ dst
> +1111:1111:1111:1111:1111:1111:1111:5555
> +
> +sa in 126 aead_algo aes-128-gcm aead_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src 2222:2222:2222:2222:2222:2222:2222:6666 \ dst
> +1111:1111:1111:1111:1111:1111:1111:6666
> +
> +sa in 130 cipher_algo aes-256-cbc cipher_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3
> +:c3:c3:c3:c3:c3:c3:c3:c3 \ auth_algo sha1-hmac auth_key
> +c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
> +c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \ src
> +8888:8888:8888:8888:8888:8888:8888:2222 \ dst
> +7777:7777:7777:7777:7777:7777:7777:1111
> +
> +sa in 131 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +transport
> +
> +sa in 135 cipher_algo aes-256-cbc cipher_key
> +0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
> +mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
> +
> +sa in 136 cipher_algo aes-256-cbc cipher_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1
> +:a1:a1:a1:a1:a1:a1:a1:a1 \ auth_algo sha1-hmac auth_key
> +a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1 mode
> +transport
> +
> +sa in 145 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
> +
> +sa in 146 cipher_algo aes-128-ctr cipher_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ auth_algo
> +sha1-hmac auth_key
> +de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ mode
> +ipv6-tunnel \ src bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222 \ dst
> +aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:1111
> +
> +
> +#Routing rules
> +rt ipv4 dst 172.16.2.5/32 port 0
> +rt ipv4 dst 172.16.2.6/32 port 0
> +rt ipv4 dst 192.168.175.0/24 port 0
> +rt ipv4 dst 192.168.176.0/24 port 0
> +rt ipv4 dst 192.168.240.0/24 port 0
> +rt ipv4 dst 192.168.241.0/24 port 0
> +rt ipv4 dst 192.168.115.0/24 port 0
> +rt ipv4 dst 192.168.116.0/24 port 0
> +rt ipv4 dst 192.168.65.0/24 port 0
> +rt ipv4 dst 192.168.66.0/24 port 0
> +rt ipv4 dst 192.168.185.0/24 port 0
> +rt ipv4 dst 192.168.186.0/24 port 0
> +rt ipv4 dst 192.168.210.0/24 port 0
> +rt ipv4 dst 192.168.211.0/24 port 0
> +rt ipv4 dst 192.168.245.0/24 port 0
> +rt ipv4 dst 192.168.246.0/24 port 0
> +rt ipv4 dst 192.168.26.0/24 port 0
> +rt ipv4 dst 192.168.76.0/24 port 0
> +rt ipv4 dst 192.168.35.0/24 port 0
> +rt ipv4 dst 192.168.85.0/24 port 0
> +rt ipv4 dst 192.168.86.0/24 port 0
> +rt ipv4 dst 192.168.135.0/24 port 0
> +rt ipv4 dst 192.168.136.0/24 port 0
> +
> +rt ipv6 dst bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:bbbb:2222/116 port 0 rt ipv6
> +dst 8888:8888:8888:8888:8888:8888:8888:2222/116 port 0 rt ipv6 dst
> +5555:5555:5555:5555:5555:5555:5555:2222/116 port 0 rt ipv6 dst
> +2222:2222:2222:2222:2222:2222:2222:5555/116 port 0 rt ipv6 dst
> +2222:2222:2222:2222:2222:2222:2222:6666/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:8888:8888:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:9999:9999:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:0000:0000:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:1111:1111:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:1111:1111:0000:0000/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:1111/116 port 0 rt ipv6 dst
> +0000:1111:1111:1111:aaaa:aaaa:0000:0000/116 port 0
> +
> +rt ipv6 dst ffff:1111:0000:0000:aaaa:aaaa:0000:0000/116 port 0 rt ipv6
> +dst ffff:1111:0000:0000:bbbb:bbbb:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:5555:5555:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:6666:6666:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:0000:0000:0000:0000/116 port 0 rt ipv6 dst
> +ffff:1111:1111:1111:1111:1111:0000:0000/116 port 0
> --
> 2.7.4


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-04-16 17:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-16 12:35 [dts] [PATCH] add new ipsec-gw lib test config xuyanjie
2019-04-16 17:42 ` Tu, Lijuan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).