examples/ipsec-secgw/test/common_defs.sh

   1 #! /bin/bash
   2 # SPDX-License-Identifier: BSD-3-Clause
   3
   4 #check ETH_DEV
   5 if [[ -z "${ETH_DEV}" ]]; then
   6         echo "ETH_DEV is invalid"
   7         exit 127
   8 fi
   9 #check that REMOTE_HOST is reachable
  10 ssh ${REMOTE_HOST} echo
  11 st=$?
  12 if [[ $st -ne 0 ]]; then
  13         echo "host ${REMOTE_HOST} is not reachable"
  14         exit $st
  15 fi
  16
  17 #get ether addr of REMOTE_HOST
  18 REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
  19 st=$?
  20 REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
  21 if [[ $st -ne 0 || -z "${REMOTE_MAC}" ]]; then
  22         echo "coouldn't retrieve ether addr from ${REMOTE_IFACE}"
  23         exit 127
  24 fi
  25
  26 LOCAL_IFACE=dtap0
  27
  28 LOCAL_MAC="00:64:74:61:70:30"
  29
  30 REMOTE_IPV4=192.168.31.14
  31 LOCAL_IPV4=192.168.31.92
  32
  33 REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014
  34 LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092
  35
  36 DPDK_PATH=${RTE_SDK:-${PWD}}
  37 DPDK_BUILD=${RTE_TARGET:-x86_64-native-linux-gcc}
  38
  39 # by default ipsec-secgw can't deal with multi-segment packets
  40 # make sure our local/remote host wouldn't generate fragmented packets
  41 # if reassmebly option is not enabled
  42 DEF_MTU_LEN=1400
  43 DEF_PING_LEN=1200
  44
  45 #upsate operation mode based on env vars values
  46 select_mode()
  47 {
  48         # select sync/async mode
  49         if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${SGW_CMD_XPRM}" ]]; then
  50                 echo "${CRYPTO_PRIM_TYPE} is enabled"
  51                 SGW_CFG_XPRM="${SGW_CFG_XPRM} ${CRYPTO_PRIM_TYPE}"
  52         fi
  53
  54         # check if fallback type is needed
  55         if [[ "${MODE}" == *fallback* ]]; then
  56                 if [[ -n "${CRYPTO_FLBK_TYPE}" ]]; then
  57                         echo "${CRYPTO_FLBK_TYPE} is enabled"
  58                 fi
  59         fi
  60
  61         #make linux to generate fragmented packets
  62         if [[ -n "${MULTI_SEG_TEST}" && -n "${SGW_CMD_XPRM}" ]]; then
  63                 echo "multi-segment test is enabled"
  64                 SGW_CMD_XPRM="${SGW_CMD_XPRM} ${MULTI_SEG_TEST}"
  65                 PING_LEN=5000
  66                 MTU_LEN=1500
  67         else
  68                 if [[ -z "${MULTI_SEG_TEST}" && "${MODE}" == *fallback* ]]; then
  69                         echo "MULTI_SEG_TEST environment variable needs to be \
  70 set for ${MODE} test"
  71                         exit 127
  72                 fi
  73                 PING_LEN=${DEF_PING_LEN}
  74                 MTU_LEN=${DEF_MTU_LEN}
  75         fi
  76 }
  77
  78 #setup mtu on local iface
  79 set_local_mtu()
  80 {
  81         mtu=$1
  82         ifconfig ${LOCAL_IFACE} mtu ${mtu}
  83         sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=${mtu}
  84 }
  85
  86 # configure local host/ifaces
  87 config_local_iface()
  88 {
  89         ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 up
  90         ifconfig ${LOCAL_IFACE}
  91
  92         ip neigh flush dev ${LOCAL_IFACE}
  93         ip neigh add ${REMOTE_IPV4} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
  94         ip neigh show dev ${LOCAL_IFACE}
  95 }
  96
  97 config6_local_iface()
  98 {
  99         config_local_iface
 100
 101         sysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0
 102         ip addr add  ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE}
 103
 104         ip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
 105         ip neigh show dev ${LOCAL_IFACE}
 106 }
 107
 108 #configure remote host/iface
 109 config_remote_iface()
 110 {
 111         ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
 112         ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up
 113         ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE}
 114
 115         ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}
 116
 117         # by some reason following ip neigh doesn't work for me here properly:
 118         #ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
 119         #               dev ${REMOTE_IFACE} lladr ${LOCAL_MAC}
 120         # so used arp instead.
 121         ssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}
 122         ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
 123
 124         ssh ${REMOTE_HOST} iptables --flush
 125 }
 126
 127 config6_remote_iface()
 128 {
 129         config_remote_iface
 130
 131         ssh ${REMOTE_HOST} sysctl -w \
 132                 net.ipv6.conf.${REMOTE_IFACE}.disable_ipv6=0
 133         ssh ${REMOTE_HOST} ip addr add  ${REMOTE_IPV6}/64 dev ${REMOTE_IFACE}
 134
 135         ssh ${REMOTE_HOST} ip -6 neigh add ${LOCAL_IPV6} \
 136                 dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
 137         ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
 138
 139         ssh ${REMOTE_HOST} ip6tables --flush
 140 }
 141
 142 #configure remote and local host/iface
 143 config_iface()
 144 {
 145         config_local_iface
 146         config_remote_iface
 147 }
 148
 149 config6_iface()
 150 {
 151         config6_local_iface
 152         config6_remote_iface
 153 }
 154
 155 # secgw application parameters setup
 156 SGW_PORT_CFG="--vdev=\"net_tap0,mac=fixed\" ${ETH_DEV}"
 157 SGW_WAIT_DEV="${LOCAL_IFACE}"
 158 . ${DIR}/common_defs_secgw.sh