git.droids-corp.org / dpdk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fae347c)
examples/ipsec-secgw: clean up test scripts
authorMariusz Drost <mariuszx.drost@intel.com>
Mon, 4 May 2020 10:06:34 +0000 (12:06 +0200)
committerAkhil Goyal <akhil.goyal@nxp.com>
Mon, 11 May 2020 11:17:43 +0000 (13:17 +0200)
As more test cases are defined for execution, test scripts structure
needs to be reorganized, so fewer files are needed to describe the test.
To achieve that, new environment variables are incorporated into the
scripts.
Additionally, tests for mixed tunnel protocols are added.

Signed-off-by: Mariusz Drost <mariuszx.drost@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
53 files changed:
doc/guides/sample_app_ug/ipsec_secgw.rst patch | blob | history
examples/ipsec-secgw/test/common_defs.sh patch | blob | history
examples/ipsec-secgw/test/linux_test.sh [new file with mode: 0644] patch | blob
examples/ipsec-secgw/test/linux_test4.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/linux_test6.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/load_env.sh [new file with mode: 0644] patch | blob
examples/ipsec-secgw/test/run_test.sh patch | blob | history
examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh patch | blob | history
examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh patch | blob | history
examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh patch | blob | history
examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh patch | blob | history
examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesctr_sha1_common_defs.sh patch | blob | history
examples/ipsec-secgw/test/trs_aesctr_sha1_defs.sh patch | blob | history
examples/ipsec-secgw/test/trs_aesctr_sha1_esn_atom_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesctr_sha1_esn_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh patch | blob | history
examples/ipsec-secgw/test/trs_aesgcm_defs.sh patch | blob | history
examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh patch | blob | history
examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh patch | blob | history
examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh patch | blob | history
examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh patch | blob | history
examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesctr_sha1_common_defs.sh patch | blob | history
examples/ipsec-secgw/test/tun_aesctr_sha1_defs.sh patch | blob | history
examples/ipsec-secgw/test/tun_aesctr_sha1_esn_atom_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesctr_sha1_esn_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh patch | blob | history
examples/ipsec-secgw/test/tun_aesgcm_defs.sh patch | blob | history
examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh [deleted file] patch | blob | history
examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh [deleted file] patch | blob | history

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 72f0d0a..81c5d43 100644 (file)
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -870,10 +870,12 @@ Also the user can optionally setup:
 *   ``CRYPTO_DEV``: crypto device to be used ('-w <pci-id>'). If none specified
     appropriate vdevs will be created by the script
 
-*   ``MULTI_SEG_TEST``: ipsec-secgw option to enable reassembly support and
-    specify size of reassembly table (e.g.
-    ``MULTI_SEG_TEST='--reassemble 128'``). This option must be set for
-    fallback session tests.
+Scripts can be used for multiple test scenarios. To check all available
+options run:
+
+.. code-block:: console
+
+    /bin/bash run_test.sh -h
 
 Note that most of the tests require the appropriate crypto PMD/device to be
 available.
@@ -917,17 +919,40 @@ SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(IPsec)-->(NIC1)DUT OS
 
 It then tries to perform some data transfer using the scheme described above.
 
-usage
+Usage
 ~~~~~
 
-In the ipsec-secgw/test directory
+In the ipsec-secgw/test directory run
+
+/bin/bash run_test.sh <options> <ipsec_mode>
+
+Available options:
+
+*   ``-4`` Perform tests with use of IPv4. One or both [-46] options needs to be
+    selected.
+
+*   ``-6`` Perform tests with use of IPv6. One or both [-46] options needs to be
+    selected.
+
+*   ``-m`` Add IPSec tunnel mixed IP version tests - outer IP version different
+    than inner. Inner IP version will match selected option [-46].
+
+*   ``-i`` Run tests in inline mode. Regular tests will not be invoked.
+
+*   ``-f`` Run tests for fallback mechanism. Regular tests will not be invoked.
+
+*   ``-l`` Run tests in legacy mode only. It cannot be used with options [-fsc].
+    On default library mode is used.
 
-to run one test for IPv4 or IPv6
+*   ``-s`` Run all tests with reassembly support. On default only tests for
+    fallback mechanism use reassembly support.
 
-/bin/bash linux_test(4|6).sh <ipsec_mode>
+*   ``-c`` Run tests with use of cpu-crypto. For inline tests it will not be
+    applied. On default lookaside-none is used.
 
-to run all tests for IPv4 or IPv6
+*   ``-p`` Perform packet validation tests. Option [-46] is not required.
 
-/bin/bash run_test.sh -4|-6
+*   ``-h`` Show usage.
 
-For the list of available modes please refer to run_test.sh.
+If <ipsec_mode> is specified, only tests for that mode will be invoked. For the
+list of available modes please refer to run_test.sh.
\ No newline at end of file
diff --git a/examples/ipsec-secgw/test/common_defs.sh b/examples/ipsec-secgw/test/common_defs.sh
index 35cdd1c..df68080 100644 (file)
--- a/examples/ipsec-secgw/test/common_defs.sh
+++ b/examples/ipsec-secgw/test/common_defs.sh
@@ -1,12 +1,13 @@
 #! /bin/bash
 # SPDX-License-Identifier: BSD-3-Clause
 
-#check ETH_DEV
+# check ETH_DEV
 if [[ -z "${ETH_DEV}" ]]; then
        echo "ETH_DEV is invalid"
        exit 127
 fi
-#check that REMOTE_HOST is reachable
+
+# check that REMOTE_HOST is reachable
 ssh ${REMOTE_HOST} echo
 st=$?
 if [[ $st -ne 0 ]]; then
@@ -14,7 +15,7 @@ if [[ $st -ne 0 ]]; then
        exit $st
 fi
 
-#get ether addr of REMOTE_HOST
+# get ether addr of REMOTE_HOST
 REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
 st=$?
 REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
@@ -35,6 +36,7 @@ LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092
 
 DPDK_PATH=${RTE_SDK:-${PWD}}
 DPDK_BUILD=${RTE_TARGET:-x86_64-native-linux-gcc}
+DPDK_VARS=""
 
 # by default ipsec-secgw can't deal with multi-segment packets
 # make sure our local/remote host wouldn't generate fragmented packets
@@ -42,40 +44,114 @@ DPDK_BUILD=${RTE_TARGET:-x86_64-native-linux-gcc}
 DEF_MTU_LEN=1400
 DEF_PING_LEN=1200
 
-#upsate operation mode based on env vars values
+# set operation mode based on environment variables values
 select_mode()
 {
-       # select sync/async mode
-       if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${SGW_CMD_XPRM}" ]]; then
-               echo "${CRYPTO_PRIM_TYPE} is enabled"
-               SGW_CFG_XPRM="${SGW_CFG_XPRM} ${CRYPTO_PRIM_TYPE}"
+       echo "Test environment configuration:"
+       # check which mode to be enabled (library/legacy)
+       if [[ -n "${SGW_MODE}" && "${SGW_MODE}" == "library" ]]; then
+               DPDK_MODE="-w 300 -l"
+               echo "[enabled]  library mode"
+       else
+               DPDK_MODE=""
+               echo "[enabled]  legacy mode"
+       fi
+
+       # check if esn is demanded
+       if [[ -n "${SGW_ESN}" && "${SGW_ESN}" == "esn-on" ]]; then
+               DPDK_VARS="${DPDK_VARS} -e"
+               XFRM_ESN="flag esn"
+               echo "[enabled]  extended sequence number"
+       else
+               XFRM_ESN=""
+               echo "[disabled] extended sequence number"
+       fi
+
+       # check if atom is demanded
+       if [[ -n "${SGW_ATOM}" && "${SGW_ATOM}" == "atom-on" ]]; then
+               DPDK_VARS="${DPDK_VARS} -a"
+               echo "[enabled]  sequence number atomic behavior"
+       else
+               echo "[disabled] sequence number atomic behavior"
+       fi
+
+       # check if inline should be enabled
+       if [[ -n "${SGW_CRYPTO}" && "${SGW_CRYPTO}" == "inline" ]]; then
+               CRYPTO_DEV='--vdev="crypto_null0"'
+               SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload"
+               SGW_CFG_XPRM_OUT="port_id 0 type inline-crypto-offload"
+               echo "[enabled]  inline crypto mode"
+       else
+               SGW_CFG_XPRM_IN=""
+               SGW_CFG_XPRM_OUT=""
+               echo "[disabled] inline crypto mode"
        fi
 
-       # check if fallback type is needed
-       if [[ "${MODE}" == *fallback* ]]; then
-               if [[ -n "${CRYPTO_FLBK_TYPE}" ]]; then
-                       echo "${CRYPTO_FLBK_TYPE} is enabled"
+       # check if fallback should be enabled
+       if [[ -n "${SGW_CRYPTO_FLBK}" ]] && [[ -n ${SGW_CFG_XPRM_IN} ]] \
+       && [[ "${SGW_MODE}" == "library" ]] \
+       && [[ "${SGW_CRYPTO_FLBK}" == "cpu-crypto" \
+       || "${SGW_CRYPTO_FLBK}" == "lookaside-none" ]]; then
+               CRYPTO_DEV=""
+               SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} fallback ${SGW_CRYPTO_FLBK}"
+               SGW_CFG_XPRM_OUT=""
+               echo "[enabled]  crypto fallback ${SGW_CRYPTO_FLBK} mode"
+       else
+               if [[ -n "${SGW_CRYPTO_FLBK}" \
+               && "${SGW_CRYPTO}" != "inline" ]]; then
+                       echo "SGW_CRYPTO variable needs to be set to \
+\"inline\" for ${SGW_CRYPTO_FLBK} fallback setting"
+                       exit 127
+               elif [[ -n "${SGW_CRYPTO_FLBK}" \
+               && "${SGW_MODE}" != "library" ]]; then
+                       echo "SGW_MODE variable needs to be set to \
+\"library\" for ${SGW_CRYPTO_FLBK} fallback setting"
+                       exit 127
+               fi
+               echo "[disabled] crypto fallback mode"
+       fi
+
+       # select sync/async mode
+       if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${DPDK_MODE}" ]]; then
+               echo "[enabled]  crypto primary type - ${CRYPTO_PRIM_TYPE}"
+               SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} type ${CRYPTO_PRIM_TYPE}"
+               SGW_CFG_XPRM_OUT="${SGW_CFG_XPRM_OUT} type ${CRYPTO_PRIM_TYPE}"
+       else
+               if [[ -n "${CRYPTO_PRIM_TYPE}" \
+               && "${SGW_MODE}" != "library" ]]; then
+                       echo "SGW_MODE variable needs to be set to \
+\"library\" for ${CRYPTO_PRIM_TYPE} crypto primary type setting"
+                       exit 127
                fi
        fi
 
-       #make linux to generate fragmented packets
-       if [[ -n "${MULTI_SEG_TEST}" && -n "${SGW_CMD_XPRM}" ]]; then
-               echo "multi-segment test is enabled"
-               SGW_CMD_XPRM="${SGW_CMD_XPRM} ${MULTI_SEG_TEST}"
+
+       # make linux to generate fragmented packets
+       if [[ -n "${SGW_MULTI_SEG}" && -n "${DPDK_MODE}" ]]; then
+               echo -e "[enabled]  multi-segment test is enabled\n"
+               SGW_CMD_XPRM="--reassemble ${SGW_MULTI_SEG}"
                PING_LEN=5000
                MTU_LEN=1500
        else
-               if [[ -z "${MULTI_SEG_TEST}" && "${MODE}" == *fallback* ]]; then
-                       echo "MULTI_SEG_TEST environment variable needs to be \
-set for ${MODE} test"
+               if [[ -z "${SGW_MULTI_SEG}" \
+               && "${SGW_CFG_XPRM_IN}" == *fallback* ]]; then
+                       echo "SGW_MULTI_SEG environment variable needs \
+to be set for ${SGW_CRYPTO_FLBK} fallback test"
                        exit 127
+               elif [[ -n "${SGW_MULTI_SEG}" \
+               && "${SGW_MODE}" != "library" ]]; then
+                       echo "SGW_MODE variable needs to be set to \
+\"library\" for multiple segment reassemble setting"
+               exit 127
                fi
+
+               echo -e "[disabled] multi-segment test\n"
                PING_LEN=${DEF_PING_LEN}
                MTU_LEN=${DEF_MTU_LEN}
        fi
 }
 
-#setup mtu on local iface
+# setup mtu on local iface
 set_local_mtu()
 {
        mtu=$1
@@ -105,7 +181,7 @@ config6_local_iface()
        ip neigh show dev ${LOCAL_IFACE}
 }
 
-#configure remote host/iface
+# configure remote host/iface
 config_remote_iface()
 {
        ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
@@ -114,11 +190,8 @@ config_remote_iface()
 
        ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}
 
-       # by some reason following ip neigh doesn't work for me here properly:
-       #ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
-       #               dev ${REMOTE_IFACE} lladr ${LOCAL_MAC}
-       # so used arp instead.
-       ssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}
+       ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
+               dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
        ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
 
        ssh ${REMOTE_HOST} iptables --flush
@@ -139,7 +212,7 @@ config6_remote_iface()
        ssh ${REMOTE_HOST} ip6tables --flush
 }
 
-#configure remote and local host/iface
+# configure remote and local host/iface
 config_iface()
 {
        config_local_iface
diff --git a/examples/ipsec-secgw/test/linux_test.sh b/examples/ipsec-secgw/test/linux_test.sh
new file mode 100644 (file)
index 0000000..85dbf7e
--- /dev/null
+++ b/examples/ipsec-secgw/test/linux_test.sh
@@ -0,0 +1,141 @@
+#! /bin/bash
+# SPDX-License-Identifier: BSD-3-Clause
+
+# Usage: /bin/bash linux_test.sh <ip_protocol> <ipsec_mode>
+# <ip_protocol> can be set to:
+#  ipv4-ipv4 - only IPv4 traffic
+#  ipv4-ipv6 - IPv4 traffic over IPv6 ipsec tunnel (only for tunnel mode)
+#  ipv6-ipv4 - IPv6 traffic over IPv4 ipsec tunnel (only for tunnel mode)
+#  ipv6-ipv6 - only IPv6 traffic
+# For list of available modes please refer to run_test.sh.
+#
+# Note that most of them require appropriate crypto PMD/device to be available.
+# Also user has to setup properly the following environment variables:
+#  SGW_PATH    - path to the ipsec-secgw binary to test
+#  REMOTE_HOST - ip/hostname of the DUT
+#  REMOTE_IFACE        - iface name for the test-port on DUT
+#  ETH_DEV     - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
+# Also user can optionally setup:
+#  SGW_LCORE   - lcore to run ipsec-secgw on (default value is 0)
+#  SGW_MODE    - run ipsec-secgw in legacy mode or with use of library
+#              values: legacy/library (legacy on default)
+#  SGW_ESN     - run ipsec-secgw with extended sequence number
+#              values: esn-on/esn-off (esn-off on default)
+#  SGW_ATOM    - run ipsec-secgw with sequence number atomic behavior
+#              values: atom-on/atom-off (atom-off on default)
+#  SGW_CRYPTO  - run ipsec-secgw with use of inline crypto
+#              values: inline (unset on default)
+#  SGW_CRYPTO_FLBK - run ipsec-secgw with crypto fallback configured
+#              values: cpu-crypto/lookaside-none (unset on default)
+#  CRYPTO_PRIM_TYPE - run ipsec-secgw with crypto primary type set
+#              values: cpu-crypto (unset on default)
+#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
+#             if none specified appropriate vdevs will be created by the script
+#  SGW_MULTI_SEG - ipsec-secgw option to enable reassembly support and
+#              specify size of reassembly table (i.e. SGW_MULTI_SEG=128)
+#
+# The purpose of the script is to automate ipsec-secgw testing
+# using another system running linux as a DUT.
+# It expects that SUT and DUT are connected through at least 2 NICs.
+# One NIC is expected to be managed by linux both machines,
+# and will be used as a control path
+# Make sure user from SUT can ssh to DUT without entering password.
+# Second NIC (test-port) should be reserved for DPDK on SUT,
+# and should be managed by linux on DUT.
+# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
+# Then configures local tap iface and remote iface and ipsec policies
+# in the following way:
+# traffic going over test-port in both directions has to be
+# protected by ipsec.
+# Traffic going over TAP in both directions doesn't have to be protected.
+# I.E:
+# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
+# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
+# Then tries to perform some data transfer using the scheme described above.
+#
+
+DIR=`dirname $0`
+PROTO=$1
+MODE=$2
+
+ . ${DIR}/common_defs.sh
+
+select_mode
+
+ . ${DIR}/${MODE}_defs.sh
+
+if [[ "${PROTO}" == "ipv4-ipv4" ]] || [[ "${PROTO}" == "ipv6-ipv6" ]]; then
+       config_secgw
+else
+       config_secgw_mixed
+fi
+
+secgw_start
+
+ . ${DIR}/data_rxtx.sh
+
+if [[ "${PROTO}" == "ipv4-ipv4" ]]; then
+       config_iface
+       config_remote_xfrm_44
+       set_local_mtu ${MTU_LEN}
+       ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
+
+       st=$?
+       if [[ $st -eq 0 ]]; then
+               set_local_mtu ${DEF_MTU_LEN}
+               scp_test1 ${REMOTE_IPV4}
+               st=$?
+       fi
+elif [[ "${PROTO}" == "ipv4-ipv6" ]]; then
+       if [[ "${MODE}" == trs* ]]; then
+               echo "Cannot mix protocols in transport mode"
+               secgw_stop
+               exit 1
+       fi
+       config6_iface
+       config_remote_xfrm_46
+       set_local_mtu ${MTU_LEN}
+       ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
+
+       st=$?
+       if [[ $st -eq 0 ]]; then
+               set_local_mtu ${DEF_MTU_LEN}
+               scp_test1 ${REMOTE_IPV4}
+               st=$?
+       fi
+elif [[ "${PROTO}" == "ipv6-ipv4" ]]; then
+       if [[ "${MODE}" == trs* ]]; then
+               echo "Cannot mix protocols in transport mode"
+               secgw_stop
+               exit 1
+       fi
+       config6_iface
+       config_remote_xfrm_64
+
+       set_local_mtu ${MTU_LEN}
+       ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
+       st=$?
+       if [[ $st -eq 0 ]]; then
+               set_local_mtu ${DEF_MTU_LEN}
+               scp_test1 ${REMOTE_IPV6}
+               st=$?
+       fi
+elif [[ "${PROTO}" == "ipv6-ipv6" ]]; then
+       config6_iface
+       config_remote_xfrm_66
+       set_local_mtu ${MTU_LEN}
+       ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
+
+       st=$?
+       if [[ $st -eq 0 ]]; then
+               set_local_mtu ${DEF_MTU_LEN}
+               scp_test1 ${REMOTE_IPV6}
+               st=$?
+       fi
+else
+       echo "Invalid <proto>"
+       st=128
+fi
+
+secgw_stop
+exit $st
diff --git a/examples/ipsec-secgw/test/linux_test4.sh b/examples/ipsec-secgw/test/linux_test4.sh
deleted file mode 100644 (file)
index fb8ae10..0000000
--- a/examples/ipsec-secgw/test/linux_test4.sh
+++ /dev/null
@@ -1,70 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-# usage:  /bin/bash linux_test4.sh <ipsec_mode>
-# for list of available modes please refer to run_test.sh.
-# ipsec-secgw (IPv4 mode) functional test script.
-#
-# Note that for most of them you required appropriate crypto PMD/device
-# to be avaialble.
-# Also user has to setup properly the following environment variables:
-#  SGW_PATH - path to the ipsec-secgw binary to test
-#  REMOTE_HOST - ip/hostname of the DUT
-#  REMOTE_IFACE - iface name for the test-port on DUT
-#  ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
-# Also user can optonally setup:
-#  SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
-#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
-#  if none specified appropriate vdevs will be created by the scrit
-#  MULTI_SEG_TEST - ipsec-secgw option to enable reassembly support and
-#  specify size of reassembly table (i.e. MULTI_SEG_TEST="--reassemble 128")
-#
-# The purpose of the script is to automate ipsec-secgw testing
-# using another system running linux as a DUT.
-# It expects that SUT and DUT are connected through at least 2 NICs.
-# One NIC is expected to be managed by linux both machines,
-# and will be used as a control path
-# Make sure user from SUT can ssh to DUT without entering password.
-# Second NIC (test-port) should be reserved for DPDK on SUT,
-# and should be managed by linux on DUT.
-# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
-# Then configures local tap iface and remote iface and ipsec policies
-# in the following way:
-# traffic going over test-port in both directions has to be
-# protected by ipsec.
-# raffic going over TAP in both directions doesn't have to be protected.
-# I.E:
-# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
-# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
-# Then tries to perorm some data transfer using the scheme decribed above.
-#
-
-DIR=`dirname $0`
-MODE=$1
-
- . ${DIR}/common_defs.sh
- . ${DIR}/${MODE}_defs.sh
-
-select_mode
-
-config_secgw
-
-secgw_start
-
-config_iface
-
-config_remote_xfrm
-
- . ${DIR}/data_rxtx.sh
-
-set_local_mtu ${MTU_LEN}
-ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
-st=$?
-if [[ $st -eq 0 ]]; then
-       set_local_mtu ${DEF_MTU_LEN}
-       scp_test1 ${REMOTE_IPV4}
-       st=$?
-fi
-
-secgw_stop
-exit $st
diff --git a/examples/ipsec-secgw/test/linux_test6.sh b/examples/ipsec-secgw/test/linux_test6.sh
deleted file mode 100644 (file)
index dbcca79..0000000
--- a/examples/ipsec-secgw/test/linux_test6.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-# usage:  /bin/bash linux_test6.sh <ipsec_mode>
-# for list of available modes please refer to run_test.sh.
-# ipsec-secgw (IPv6 mode) functional test script.
-#
-# Note that for most of them you required appropriate crypto PMD/device
-# to be avaialble.
-# Also user has to setup properly the following environment variables:
-#  SGW_PATH - path to the ipsec-secgw binary to test
-#  REMOTE_HOST - ip/hostname of the DUT
-#  REMOTE_IFACE - iface name for the test-port on DUT
-#  ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
-# Also user can optonally setup:
-#  SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
-#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
-#  if none specified appropriate vdevs will be created by the scrit
-#  MULTI_SEG_TEST - ipsec-secgw option to enable reassembly support and
-#  specify size of reassembly table (i.e. MULTI_SEG_TEST="--reassemble 128")
-#
-# The purpose of the script is to automate ipsec-secgw testing
-# using another system running linux as a DUT.
-# It expects that SUT and DUT are connected through at least 2 NICs.
-# One NIC is expected to be managed by linux both machines,
-# and will be used as a control path.
-# Make sure user from SUT can ssh to DUT without entering password,
-# also make sure that sshd over ipv6 is enabled.
-# Second NIC (test-port) should be reserved for DPDK on SUT,
-# and should be managed by linux on DUT.
-# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
-# Then configures local tap iface and remote iface and ipsec policies
-# in the following way:
-# traffic going over test-port in both directions has to be
-# protected by ipsec.
-# raffic going over TAP in both directions doesn't have to be protected.
-# I.E:
-# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
-# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
-# Then tries to perorm some data transfer using the scheme decribed above.
-#
-
-DIR=`dirname $0`
-MODE=$1
-
- . ${DIR}/common_defs.sh
- . ${DIR}/${MODE}_defs.sh
-
-select_mode
-
-config_secgw
-
-secgw_start
-
-config6_iface
-
-config6_remote_xfrm
-
- . ${DIR}/data_rxtx.sh
-
-set_local_mtu ${MTU_LEN}
-ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
-st=$?
-if [[ $st -eq 0 ]]; then
-       set_local_mtu ${DEF_MTU_LEN}
-       scp_test1 ${REMOTE_IPV6}
-       st=$?
-fi
-
-secgw_stop
-exit $st
diff --git a/examples/ipsec-secgw/test/load_env.sh b/examples/ipsec-secgw/test/load_env.sh
new file mode 100644 (file)
index 0000000..fff9176
--- /dev/null
+++ b/examples/ipsec-secgw/test/load_env.sh
@@ -0,0 +1,121 @@
+#! /bin/bash
+# SPDX-License-Identifier: BSD-3-Clause
+
+DIR=`dirname $0`
+
+regular=0
+inline_on=0
+fallback_on=0
+legacy_only=0
+fallback_val="lookaside-none"
+crypto_prim=""
+multi_seg_val=""
+while getopts ":iflsrc" opt
+do
+       case $opt in
+               i)
+                       inline_on=1
+                       ;;
+               f)
+                       fallback_on=1
+                       ;;
+               l)
+                       legacy_only=1
+                       ;;
+               s)
+                       multi_seg_val="SGW_MULTI_SEG=128"
+                       ;;
+               r)
+                       regular=1
+                       ;;
+               c)
+                       crypto_prim="CRYPTO_PRIM_TYPE=cpu-crypto"
+                       fallback_val="cpu-crypto"
+                       ;;
+       esac
+done
+shift $((OPTIND -1))
+
+PROTO=$1
+MODE=$2
+
+# test scenarios to set up for regular test
+TEST_MODES_REGULAR="legacy \
+library \
+library_esn \
+library_esn_atom"
+
+# test scenarios to set up for inline test
+TEST_MODES_INLINE="legacy_inline \
+library_inline"
+
+# test scenarios to set up for fallback test
+TEST_MODES_FALLBACK="library_fallback"
+
+# env variables to export for specific test scenarios
+default="SGW_MODE=legacy SGW_ESN=esn-off SGW_ATOM=atom-off SGW_CRYPTO=regular \
+SGW_CRYPTO_FLBK= ${multi_seg_val}"
+legacy="${default} CRYPTO_PRIM_TYPE="
+library="${default} SGW_MODE=library ${crypto_prim}"
+library_esn="${default} SGW_MODE=library SGW_ESN=esn-on ${crypto_prim}"
+library_esn_atom="${default} SGW_MODE=library SGW_ESN=esn-on SGW_ATOM=atom-on \
+${crypto_prim}"
+legacy_inline="${default} SGW_CRYPTO=inline CRYPTO_PRIM_TYPE="
+library_inline="${default} SGW_MODE=library SGW_CRYPTO=inline CRYPTO_PRIM_TYPE="
+library_fallback="${default} SGW_MODE=library SGW_CRYPTO=inline \
+SGW_CRYPTO_FLBK=${fallback_val} SGW_MULTI_SEG=128 CRYPTO_PRIM_TYPE="
+
+# export needed env variables and run tests
+if [[ ${regular} -eq 1 ]]; then
+       for i in ${TEST_MODES_REGULAR}; do
+               if [[ ${legacy_only} -eq 1 && "${i}" != *legacy* ]]; then
+                       continue
+               elif [[ ${legacy_only} -eq 0 && "${i}" == *legacy* ]]; then
+                       continue
+               fi
+               for x in ${!i}; do
+                       export ${x}
+               done
+
+               /bin/bash ${DIR}/linux_test.sh ${PROTO} ${MODE}
+               st=$?
+               if [[ ${st} -ne 0 ]]; then
+                       exit ${st}
+               fi
+       done
+elif [[ ${inline_on} -eq 1 || ${fallback_on} -eq 1 ]]; then
+       if [[ ${inline_on} -eq 1 ]]; then
+               for i in ${TEST_MODES_INLINE}; do
+                       if [[ ${legacy_only} -eq 1 && "${i}" != *legacy* ]]
+                       then
+                               continue
+                       elif [[ ${legacy_only} -eq 0 && "${i}" == *legacy* ]]
+                       then
+                               continue
+                       fi
+                       for x in ${!i}; do
+                               export ${x}
+                       done
+
+                       /bin/bash ${DIR}/linux_test.sh ${PROTO} ${MODE}
+                       st=$?
+                       if [[ ${st} -ne 0 ]]; then
+                               exit ${st}
+                       fi
+               done
+       fi
+       if [[ ${fallback_on} -eq 1 ]]; then
+               for i in ${TEST_MODES_FALLBACK}; do
+                       for x in ${!i}; do
+                               export ${x}
+                       done
+
+                       /bin/bash ${DIR}/linux_test.sh ${PROTO} ${MODE}
+                       st=$?
+                       if [[ ${st} -ne 0 ]]; then
+                               exit ${st}
+                       fi
+               done
+       fi
+fi
+exit 0
diff --git a/examples/ipsec-secgw/test/run_test.sh b/examples/ipsec-secgw/test/run_test.sh
index 3e39309..1222308 100755 (executable)
--- a/examples/ipsec-secgw/test/run_test.sh
+++ b/examples/ipsec-secgw/test/run_test.sh
@@ -1,69 +1,67 @@
 #! /bin/bash
 # SPDX-License-Identifier: BSD-3-Clause
 
-# usage: /bin/bash run_test.sh [-46]
-# Run all defined linux_test[4,6].sh test-cases one by one
-# user has to setup properly the following environment variables:
-#  SGW_PATH - path to the ipsec-secgw binary to test
-#  REMOTE_HOST - ip/hostname of the DUT
-#  REMOTE_IFACE - iface name for the test-port on DUT
-#  ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
-# Also user can optonally setup:
-#  SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
-#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
-#  if none specified appropriate vdevs will be created by the scrit
-#  MULTI_SEG_TEST - ipsec-secgw option to enable reassembly support and
-#  specify size of reassembly table (i.e. MULTI_SEG_TEST="--reassemble 128")
-# refer to linux_test[4,6].sh for more information
-
-
-# All supported modes to test.
-# naming convention:
-# 'old' means that ipsec-secgw will run in legacy (non-librte_ipsec mode)
+# Usage: /bin/bash run_test.sh [-46miflscph] <ipsec_mode>
+# Run all defined linux_test.sh test-cases one by one
+# If <ipsec_mode> is specified, run only that test case
+# User has to setup properly the following environment variables:
+#  SGW_PATH    - path to the ipsec-secgw binary to test
+#  REMOTE_HOST - ip/hostname of the DUT
+#  REMOTE_IFACE        - iface name for the test-port on DUT
+#  ETH_DEV     - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
+# Also user can optionally setup:
+#  SGW_LCORE   - lcore to run ipsec-secgw on (default value is 0)
+#  CRYPTO_DEV  - crypto device to be used ('-w <pci-id>')
+#             if none specified appropriate vdevs will be created by the script
+#  SGW_MULTI_SEG - ipsec-secgw option to enable reassembly support and
+#              specify size of reassembly table (i.e. SGW_MULTI_SEG=128)
+# Refer to linux_test.sh for more information
+
+# All supported modes to test:
+#  trs_3descbc_sha1
+#  trs_aescbc_sha1
+#  trs_aesctr_sha1
+#  trs_aesgcm
+#  tun_3descbc_sha1
+#  tun_aescbc_sha1
+#  tun_aesctr_sha1
+#  tun_aesgcm
+# Naming convention:
 # 'tun/trs' refer to tunnel/transport mode respectively
 
 usage()
 {
        echo "Usage:"
-       echo -e "\t$0 -[46p]"
+       echo -e "\t$0 -[46miflscph] <ipsec_mode>"
        echo -e "\t\t-4 Perform Linux IPv4 network tests"
        echo -e "\t\t-6 Perform Linux IPv6 network tests"
+       echo -e "\t\t-m Add mixed IP protocol tests to IPv4/IPv6 \
+(only with option [-46])"
+       echo -e "\t\t-i Run inline tests (only with option [-46])"
+       echo -e "\t\t-f Run fallback tests (only with option [-46])"
+       echo -e "\t\t-l Run tests in legacy mode"
+       echo -e "\t\t-s Run all tests with reassembly support \
+(on default only fallback tests use reassembly support)"
+       echo -e "\t\t-c Run tests with use of cpu-crypto \
+(on default lookaside-none is used)"
        echo -e "\t\t-p Perform packet validation tests"
        echo -e "\t\t-h Display this help"
+       echo -e "\t\t<ipsec_mode> Run only specified test case i.e. tun_aesgcm"
 }
 
-LINUX_TEST="tun_aescbc_sha1 \
-tun_aescbc_sha1_esn \
-tun_aescbc_sha1_esn_atom \
-tun_aesgcm \
-tun_aesgcm_esn \
-tun_aesgcm_esn_atom \
+LINUX_TEST="trs_3descbc_sha1 \
 trs_aescbc_sha1 \
-trs_aescbc_sha1_esn \
-trs_aescbc_sha1_esn_atom \
-trs_aesgcm \
-trs_aesgcm_esn \
-trs_aesgcm_esn_atom \
-tun_aescbc_sha1_old \
-tun_aesgcm_old \
-trs_aescbc_sha1_old \
-trs_aesgcm_old \
-tun_aesctr_sha1 \
-tun_aesctr_sha1_old \
-tun_aesctr_sha1_esn \
-tun_aesctr_sha1_esn_atom \
 trs_aesctr_sha1 \
-trs_aesctr_sha1_old \
-trs_aesctr_sha1_esn \
-trs_aesctr_sha1_esn_atom \
+trs_aesgcm \
 tun_3descbc_sha1 \
-tun_3descbc_sha1_old \
-tun_3descbc_sha1_esn \
-tun_3descbc_sha1_esn_atom \
-trs_3descbc_sha1 \
-trs_3descbc_sha1_old \
-trs_3descbc_sha1_esn \
-trs_3descbc_sha1_esn_atom"
+tun_aescbc_sha1 \
+tun_aesctr_sha1 \
+tun_aesgcm"
+
+LINUX_TEST_INLINE_FALLBACK="trs_aesgcm \
+tun_aesgcm"
+
+LINUX_TEST_RUN=""
 
 PKT_TESTS="trs_ipv6opts \
 tun_null_header_reconstruct"
@@ -74,7 +72,14 @@ DIR=$(dirname $0)
 run4=0
 run6=0
 runpkt=0
-while getopts ":46ph" opt
+mixed=0
+inline=0
+fallback=0
+legacy=0
+multi_seg=0
+cpu_crypto=0
+options=""
+while getopts ":46miflscph" opt
 do
        case $opt in
                4)
@@ -83,6 +88,27 @@ do
                6)
                        run6=1
                        ;;
+               m)
+                       mixed=1
+                       ;;
+               i)
+                       inline=1
+                       ;;
+               f)
+                       fallback=1
+                       ;;
+               l)
+                       legacy=1
+                       options="${options} -l"
+                       ;;
+               s)
+                       multi_seg=1
+                       options="${options} -s"
+                       ;;
+               c)
+                       cpu_crypto=1
+                       options="${options} -c"
+                       ;;
                p)
                        runpkt=1
                        ;;
@@ -98,12 +124,27 @@ do
        esac
 done
 
+shift $((OPTIND -1))
+LINUX_TEST_RUN=$*
+
 # no test suite has been selected
 if [[ ${run4} -eq 0 && ${run6} -eq 0 && ${runpkt} -eq 0 ]]; then
        usage
        exit 127
 fi
 
+# check parameters
+if [[ ${legacy} -eq 1 ]] && [[ ${multi_seg} -eq 1 || ${fallback} -eq 1 \
+   || ${cpu_crypto} -eq 1 ]]; then
+       echo "Fallback/reassembly/cpu-crypto cannot be used with legacy mode"
+       exit 127
+fi
+
+if [[ ${cpu_crypto} -eq 1 && ${inline} -eq 1 && ${fallback} -eq 0 ]]; then
+       echo "cpu-crypto cannot be used with inline mode"
+       exit 127
+fi
+
 # perform packet processing validation tests
 st=0
 if [ $runpkt -eq 1 ]; then
@@ -118,30 +159,84 @@ if [ $runpkt -eq 1 ]; then
        fi
 fi
 
-# perform network tests
-if [[ ${run4} -eq 1 || ${run6} -eq 1 ]]; then
-       for i in ${LINUX_TEST}; do
+desc=""
+
+# set inline/fallback tests if needed
+if [[ ${inline} -eq 1  || ${fallback} -eq 1 ]]; then
+
+       # add inline option if needed
+       if [[ ${inline} -eq 1 ]]; then
+               options="${options} -i"
+               desc="inline"
+       fi
+       # add fallback option if needed
+       if [[ ${fallback} -eq 1 ]]; then
+               options="${options} -f"
+               if [[ "${desc}" == "inline" ]]; then
+                       desc="${desc} and fallback"
+               else
+                       desc="fallback"
+               fi
+       fi
+
+       # select tests to run
+       if [[ -z "${LINUX_TEST_RUN}" ]]; then
+               LINUX_TEST_RUN="${LINUX_TEST_INLINE_FALLBACK}"
+       fi
+else
+       options="${options} -r"
+fi
+
+# select tests to run
+if [[ -z "${LINUX_TEST_RUN}" ]]; then
+       LINUX_TEST_RUN="${LINUX_TEST}"
+fi
+
+# perform selected tests
+if [[ ${run4} -eq 1 || ${run6} -eq 1 ]] ; then
 
-               echo "starting test ${i}"
+       for i in ${LINUX_TEST_RUN}; do
+
+               echo "starting ${desc} test ${i}"
 
                st4=0
+               st4m=0
                if [[ ${run4} -ne 0 ]]; then
-                       /bin/bash ${DIR}/linux_test4.sh ${i}
+                       /bin/bash ${DIR}/load_env.sh ${options} ipv4-ipv4 ${i}
                        st4=$?
-                       echo "test4 ${i} finished with status ${st4}"
+                       echo "${desc} test IPv4 ${i} finished with status \
+${st4}"
+                       if [[ ${mixed} -ne 0 ]] && [[ "${i}" == tun* ]]; then
+                               /bin/bash ${DIR}/load_env.sh ${options} \
+                               ipv4-ipv6 ${i}
+                               st4m=$?
+                               echo "${desc} test IPv4-IPv6 ${i} finished with\
+ status ${st4m}"
+                       fi
                fi
 
                st6=0
+               st6m=0
                if [[ ${run6} -ne 0 ]]; then
-                       /bin/bash ${DIR}/linux_test6.sh ${i}
+                       /bin/bash ${DIR}/load_env.sh ${options} ipv6-ipv6 ${i}
                        st6=$?
-                       echo "test6 ${i} finished with status ${st6}"
+                       echo "${desc} test IPv6 ${i} finished with status \
+${st6}"
+                       if [[ ${mixed} -ne 0 ]] && [[ "${i}" == tun* ]]; then
+                               /bin/bash ${DIR}/load_env.sh ${options} \
+                               ipv6-ipv4 ${i}
+                               st6m=$?
+                               echo "${desc} test IPv6-IPv4 ${i} finished with\
+ status ${st6m}"
+                       fi
                fi
 
-               let "st = st4 + st6"
+               let "st = st4 + st6 + st4m + st6m"
                if [[ $st -ne 0 ]]; then
-                       echo "ERROR test ${i} FAILED"
+                       echo "ERROR ${desc} test ${i} FAILED"
                        exit $st
                fi
        done
 fi
+
+echo "All tests have ended successfully"
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh
index 62118bb..a66b0ec 100644 (file)
--- a/examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh
@@ -33,14 +33,14 @@ cipher_key \
 de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_IN}
 
 sa in 9 cipher_algo 3des-cbc \
 cipher_key \
 de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_IN}
 
 #SA out rules
 sa out 7 cipher_algo 3des-cbc \
@@ -48,7 +48,7 @@ cipher_key \
 de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_OUT}
 
 #SA out rules
 sa out 9 cipher_algo 3des-cbc \
@@ -56,7 +56,7 @@ cipher_key \
 de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_OUT}
 
 #Routing rules
 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh
index a12c8b5..bbee6a1 100644 (file)
--- a/examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh
@@ -3,9 +3,9 @@
 
 . ${DIR}/trs_3descbc_sha1_common_defs.sh
 
-SGW_CMD_XPRM='-w 300 -l'
+SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
 
-config_remote_xfrm()
+config_remote_xfrm_44()
 {
        ssh ${REMOTE_HOST} ip xfrm policy flush
        ssh ${REMOTE_HOST} ip xfrm state flush
@@ -22,13 +22,13 @@ tmpl proto esp mode transport reqid 2
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode transport replay-window 64 \
+proto esp spi 7 reqid 1 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode transport replay-window 64 \
+proto esp spi 7 reqid 2 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
@@ -36,9 +36,10 @@ enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
        ssh ${REMOTE_HOST} ip xfrm state list
 }
 
-config6_remote_xfrm()
+config_remote_xfrm_66()
 {
-       config_remote_xfrm
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
 
        ssh ${REMOTE_HOST} ip xfrm policy add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@@ -53,13 +54,13 @@ tmpl proto esp mode transport reqid 4
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode transport replay-window 64 \
+proto esp spi 9 reqid 3 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode transport replay-window 64 \
+proto esp spi 9 reqid 4 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh
deleted file mode 100644 (file)
index 44902a0..0000000
--- a/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_3descbc_sha1_esn_defs.sh
-
-SGW_CMD_XPRM='-e -a -w 300 -l'
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh
deleted file mode 100644 (file)
index fdd62c6..0000000
--- a/examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_3descbc_sha1_common_defs.sh
-
-SGW_CMD_XPRM='-e -w 300 -l'
-
-config_remote_xfrm()
-{
-       ssh ${REMOTE_HOST} ip xfrm policy flush
-       ssh ${REMOTE_HOST} ip xfrm state flush
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-dir out ptype main action allow \
-tmpl proto esp mode transport reqid 1
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-dir in ptype main action allow \
-tmpl proto esp mode transport reqid 2
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
-
-config6_remote_xfrm()
-{
-       config_remote_xfrm
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-dir out ptype main action allow \
-tmpl proto esp mode transport reqid 3
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-dir in ptype main action allow \
-tmpl proto esp mode transport reqid 4
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
deleted file mode 100644 (file)
index 634f962..0000000
--- a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_3descbc_sha1_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
index 7ddeb2b..d922924 100644 (file)
--- a/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
@@ -32,27 +32,27 @@ sa in 7 cipher_algo aes-128-cbc \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_IN}
 
 sa in 9 cipher_algo aes-128-cbc \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_IN}
 
 #SA out rules
 sa out 7 cipher_algo aes-128-cbc \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_OUT}
 
 #SA out rules
 sa out 9 cipher_algo aes-128-cbc \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_OUT}
 
 #Routing rules
 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
index 9602d50..0665a0b 100644 (file)
--- a/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
@@ -3,9 +3,9 @@
 
 . ${DIR}/trs_aescbc_sha1_common_defs.sh
 
-SGW_CMD_XPRM='-w 300 -l'
+SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
 
-config_remote_xfrm()
+config_remote_xfrm_44()
 {
        ssh ${REMOTE_HOST} ip xfrm policy flush
        ssh ${REMOTE_HOST} ip xfrm state flush
@@ -22,13 +22,13 @@ tmpl proto esp mode transport reqid 2
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode transport replay-window 64 \
+proto esp spi 7 reqid 1 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode transport replay-window 64 \
+proto esp spi 7 reqid 2 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
 
@@ -36,9 +36,10 @@ enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
        ssh ${REMOTE_HOST} ip xfrm state list
 }
 
-config6_remote_xfrm()
+config_remote_xfrm_66()
 {
-       config_remote_xfrm
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
 
        ssh ${REMOTE_HOST} ip xfrm policy add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@@ -53,13 +54,13 @@ tmpl proto esp mode transport reqid 4
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode transport replay-window 64 \
+proto esp spi 9 reqid 3 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode transport replay-window 64 \
+proto esp spi 9 reqid 4 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
 
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh
deleted file mode 100644 (file)
index 712ea9f..0000000
--- a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aescbc_sha1_esn_defs.sh
-
-SGW_CMD_XPRM='-e -a -w 300 -l'
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh
deleted file mode 100644 (file)
index 247659f..0000000
--- a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aescbc_sha1_common_defs.sh
-
-SGW_CMD_XPRM='-e -w 300 -l'
-
-config_remote_xfrm()
-{
-       ssh ${REMOTE_HOST} ip xfrm policy flush
-       ssh ${REMOTE_HOST} ip xfrm state flush
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-dir out ptype main action allow \
-tmpl proto esp mode transport reqid 1
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-dir in ptype main action allow \
-tmpl proto esp mode transport reqid 2
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
-
-config6_remote_xfrm()
-{
-       config_remote_xfrm
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-dir out ptype main action allow \
-tmpl proto esp mode transport reqid 3
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-dir in ptype main action allow \
-tmpl proto esp mode transport reqid 4
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
deleted file mode 100644 (file)
index 91f70a3..0000000
--- a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aescbc_sha1_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_common_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_common_defs.sh
index f017835..7d2db07 100644 (file)
--- a/examples/ipsec-secgw/test/trs_aesctr_sha1_common_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesctr_sha1_common_defs.sh
@@ -32,27 +32,27 @@ sa in 7 cipher_algo aes-128-ctr \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_IN}
 
 sa in 9 cipher_algo aes-128-ctr \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_IN}
 
 #SA out rules
 sa out 7 cipher_algo aes-128-ctr \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_OUT}
 
 #SA out rules
 sa out 9 cipher_algo aes-128-ctr \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_OUT}
 
 #Routing rules
 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_defs.sh
index 68586c8..3390055 100644 (file)
--- a/examples/ipsec-secgw/test/trs_aesctr_sha1_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesctr_sha1_defs.sh
@@ -3,9 +3,9 @@
 
 . ${DIR}/trs_aesctr_sha1_common_defs.sh
 
-SGW_CMD_XPRM='-w 300 -l'
+SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
 
-config_remote_xfrm()
+config_remote_xfrm_44()
 {
        ssh ${REMOTE_HOST} ip xfrm policy flush
        ssh ${REMOTE_HOST} ip xfrm state flush
@@ -22,13 +22,13 @@ tmpl proto esp mode transport reqid 2
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode transport replay-window 64 \
+proto esp spi 7 reqid 1 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode transport replay-window 64 \
+proto esp spi 7 reqid 2 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
@@ -36,9 +36,10 @@ enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
        ssh ${REMOTE_HOST} ip xfrm state list
 }
 
-config6_remote_xfrm()
+config_remote_xfrm_66()
 {
-       config_remote_xfrm
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
 
        ssh ${REMOTE_HOST} ip xfrm policy add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@@ -53,13 +54,13 @@ tmpl proto esp mode transport reqid 4
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode transport replay-window 64 \
+proto esp spi 9 reqid 3 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode transport replay-window 64 \
+proto esp spi 9 reqid 4 mode transport replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_esn_atom_defs.sh
deleted file mode 100644 (file)
index 7bdde2d..0000000
--- a/examples/ipsec-secgw/test/trs_aesctr_sha1_esn_atom_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesctr_sha1_esn_defs.sh
-
-SGW_CMD_XPRM='-e -a -w 300 -l'
diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_esn_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_esn_defs.sh
deleted file mode 100644 (file)
index 011e6c7..0000000
--- a/examples/ipsec-secgw/test/trs_aesctr_sha1_esn_defs.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesctr_sha1_common_defs.sh
-
-SGW_CMD_XPRM='-e -w 300 -l'
-
-config_remote_xfrm()
-{
-       ssh ${REMOTE_HOST} ip xfrm policy flush
-       ssh ${REMOTE_HOST} ip xfrm state flush
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-dir out ptype main action allow \
-tmpl proto esp mode transport reqid 1
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-dir in ptype main action allow \
-tmpl proto esp mode transport reqid 2
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
-
-config6_remote_xfrm()
-{
-       config_remote_xfrm
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-dir out ptype main action allow \
-tmpl proto esp mode transport reqid 3
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-dir in ptype main action allow \
-tmpl proto esp mode transport reqid 4
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
deleted file mode 100644 (file)
index 1f41c64..0000000
--- a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesctr_sha1_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
index 1d1835e..47eef4d 100644 (file)
--- a/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
@@ -30,20 +30,20 @@ sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
 #SA in rules
 sa in 7 aead_algo aes-128-gcm \
 aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM} ${SGW_CFG_XPRM_IN}
+mode transport ${SGW_CFG_XPRM_IN}
 
 sa in 9 aead_algo aes-128-gcm \
 aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM} ${SGW_CFG_XPRM_IN}
+mode transport ${SGW_CFG_XPRM_IN}
 
 #SA out rules
 sa out 7 aead_algo aes-128-gcm \
 aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_OUT}
 
 sa out 9 aead_algo aes-128-gcm \
 aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode transport ${SGW_CFG_XPRM}
+mode transport ${SGW_CFG_XPRM_OUT}
 
 #Routing rules
 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_defs.sh
index 8ed6152..48c2687 100644 (file)
--- a/examples/ipsec-secgw/test/trs_aesgcm_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesgcm_defs.sh
@@ -3,9 +3,9 @@
 
 . ${DIR}/trs_aesgcm_common_defs.sh
 
-SGW_CMD_XPRM='-w 300 -l'
+SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
 
-config_remote_xfrm()
+config_remote_xfrm_44()
 {
        ssh ${REMOTE_HOST} ip xfrm policy flush
        ssh ${REMOTE_HOST} ip xfrm state flush
@@ -22,13 +22,13 @@ tmpl proto esp mode transport reqid 2
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode transport replay-window 64 \
+proto esp spi 7 reqid 1 mode transport replay-window 64 ${XFRM_ESN} \
 aead "rfc4106\(gcm\(aes\)\)" \
 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode transport replay-window 64 \
+proto esp spi 7 reqid 2 mode transport replay-window 64 ${XFRM_ESN} \
 aead "rfc4106\(gcm\(aes\)\)" \
 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
 
@@ -36,9 +36,10 @@ aead "rfc4106\(gcm\(aes\)\)" \
        ssh ${REMOTE_HOST} ip xfrm state list
 }
 
-config6_remote_xfrm()
+config_remote_xfrm_66()
 {
-       config_remote_xfrm
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
 
        ssh ${REMOTE_HOST} ip xfrm policy add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@@ -52,13 +53,13 @@ tmpl proto esp mode transport reqid 4
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode transport replay-window 64 \
+proto esp spi 9 reqid 3 mode transport replay-window 64 ${XFRM_ESN} \
 aead "rfc4106\(gcm\(aes\)\)" \
 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode transport replay-window 64 \
+proto esp spi 9 reqid 4 mode transport replay-window 64 ${XFRM_ESN} \
 aead "rfc4106\(gcm\(aes\)\)" \
 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
 
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh
deleted file mode 100644 (file)
index 0b94359..0000000
--- a/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesgcm_esn_defs.sh
-
-SGW_CMD_XPRM='-e -a -w 300 -l'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh
deleted file mode 100644 (file)
index 7580fc9..0000000
--- a/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesgcm_common_defs.sh
-
-SGW_CMD_XPRM='-e -w 300 -l'
-
-config_remote_xfrm()
-{
-       ssh ${REMOTE_HOST} ip xfrm policy flush
-       ssh ${REMOTE_HOST} ip xfrm state flush
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-dir out ptype main action allow \
-tmpl proto esp mode transport reqid 1
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-dir in ptype main action allow \
-tmpl proto esp mode transport reqid 2
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
-aead "rfc4106\(gcm\(aes\)\)" \
-0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
-aead "rfc4106\(gcm\(aes\)\)" \
-0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
-
-config6_remote_xfrm()
-{
-       config_remote_xfrm
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-dir out ptype main action allow \
-tmpl proto esp mode transport reqid 3
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-dir in ptype main action allow \
-tmpl proto esp mode transport reqid 4
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
-aead "rfc4106\(gcm\(aes\)\)" \
-0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
-aead "rfc4106\(gcm\(aes\)\)" \
-0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_defs.sh
deleted file mode 100644 (file)
index f2c3944..0000000
--- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_defs.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesgcm_defs.sh
-
-CRYPTO_DEV='--vdev="crypto_null0"'
-SGW_CFG_XPRM='port_id 0 type inline-crypto-offload'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh
deleted file mode 100644 (file)
index c00a5ba..0000000
--- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesgcm_defs.sh
-
-if [[ -z "${CRYPTO_FLBK_TYPE}" ]]; then
-       CRYPTO_FLBK_TYPE="fallback lookaside-none"
-fi
-
-SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload ${CRYPTO_FLBK_TYPE}"
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
deleted file mode 100644 (file)
index 3850819..0000000
--- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesgcm_inline_crypto_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
deleted file mode 100644 (file)
index 1f33d9a..0000000
--- a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/trs_aesgcm_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh
index d8869fa..8804139 100644 (file)
--- a/examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh
@@ -33,14 +33,14 @@ cipher_key \
 de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM}
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
 
 sa in 9 cipher_algo 3des-cbc \
 cipher_key \
 de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM}
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
 
 #SA out rules
 sa out 7 cipher_algo 3des-cbc \
@@ -48,14 +48,82 @@ cipher_key \
 de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
 
 sa out 9 cipher_algo 3des-cbc \
 cipher_key \
 de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+       cat ${SGW_CFG_FILE}
+}
+
+config_secgw_mixed()
+{
+       cat <<EOF > ${SGW_CFG_FILE}
+#sp in IPv4 rules
+sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 8 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+sa in 6 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+#SA out rules
+sa out 8 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+sa out 6 cipher_algo 3des-cbc \
+cipher_key \
+de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
 
 #Routing rules
 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh
index 903b0fd..7c2d065 100644 (file)
--- a/examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh
@@ -3,9 +3,9 @@
 
 . ${DIR}/tun_3descbc_sha1_common_defs.sh
 
-SGW_CMD_XPRM='-w 300 -l'
+SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
 
-config_remote_xfrm()
+config_remote_xfrm_44()
 {
        ssh ${REMOTE_HOST} ip xfrm policy flush
        ssh ${REMOTE_HOST} ip xfrm state flush
@@ -24,13 +24,13 @@ proto esp mode tunnel reqid 2
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
@@ -38,9 +38,80 @@ enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
        ssh ${REMOTE_HOST} ip xfrm state list
 }
 
-config6_remote_xfrm()
+config_remote_xfrm_46()
 {
-       config_remote_xfrm
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 1
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 2
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config_remote_xfrm_64()
+{
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
+
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config_remote_xfrm_66()
+{
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
 
        ssh ${REMOTE_HOST} ip xfrm policy add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@@ -56,13 +127,13 @@ proto esp mode tunnel reqid 4
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh
deleted file mode 100644 (file)
index 0644ba1..0000000
--- a/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_3descbc_sha1_esn_defs.sh
-
-SGW_CMD_XPRM='-e -a -w 300 -l'
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh
deleted file mode 100644 (file)
index 168cc07..0000000
--- a/examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_3descbc_sha1_common_defs.sh
-
-SGW_CMD_XPRM='-e -w 300 -l'
-
-config_remote_xfrm()
-{
-       ssh ${REMOTE_HOST} ip xfrm policy flush
-       ssh ${REMOTE_HOST} ip xfrm state flush
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-dir out ptype main action allow \
-tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp mode tunnel reqid 1
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-dir in ptype main action allow \
-tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp mode tunnel reqid 2
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
-
-config6_remote_xfrm()
-{
-       config_remote_xfrm
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-dir out ptype main action allow \
-tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp mode tunnel reqid 3
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-dir in ptype main action allow \
-tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp mode tunnel reqid 4
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
deleted file mode 100644 (file)
index 8355f6f..0000000
--- a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_3descbc_sha1_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
index 2616926..9e22769 100644 (file)
--- a/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
@@ -32,26 +32,90 @@ sa in 7 cipher_algo aes-128-cbc \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM}
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
 
 sa in 9 cipher_algo aes-128-cbc \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM}
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
 
 #SA out rules
 sa out 7 cipher_algo aes-128-cbc \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
 
 sa out 9 cipher_algo aes-128-cbc \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+       cat ${SGW_CFG_FILE}
+}
+
+config_secgw_mixed()
+{
+       cat <<EOF > ${SGW_CFG_FILE}
+#sp in IPv4 rules
+sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 8 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+sa in 6 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+#SA out rules
+sa out 8 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+sa out 6 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
 
 #Routing rules
 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
index ae47994..b95d814 100644 (file)
--- a/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
@@ -3,9 +3,9 @@
 
 . ${DIR}/tun_aescbc_sha1_common_defs.sh
 
-SGW_CMD_XPRM='-w 300 -l'
+SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
 
-config_remote_xfrm()
+config_remote_xfrm_44()
 {
        ssh ${REMOTE_HOST} ip xfrm policy flush
        ssh ${REMOTE_HOST} ip xfrm state flush
@@ -24,13 +24,13 @@ proto esp mode tunnel reqid 2
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
 
@@ -38,9 +38,80 @@ enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
        ssh ${REMOTE_HOST} ip xfrm state list
 }
 
-config6_remote_xfrm()
+config_remote_xfrm_46()
 {
-       config_remote_xfrm
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 1
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 2
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config_remote_xfrm_64()
+{
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
+
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config_remote_xfrm_66()
+{
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
 
        ssh ${REMOTE_HOST} ip xfrm policy add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@@ -56,13 +127,13 @@ proto esp mode tunnel reqid 4
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
 
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh
deleted file mode 100644 (file)
index a82b87c..0000000
--- a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aescbc_sha1_esn_defs.sh
-
-SGW_CMD_XPRM='-e -a -w 300 -l'
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh
deleted file mode 100644 (file)
index b1d0e26..0000000
--- a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aescbc_sha1_common_defs.sh
-
-SGW_CMD_XPRM='-e -w 300 -l'
-
-config_remote_xfrm()
-{
-       ssh ${REMOTE_HOST} ip xfrm policy flush
-       ssh ${REMOTE_HOST} ip xfrm state flush
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-dir out ptype main action allow \
-tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp mode tunnel reqid 1
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-dir in ptype main action allow \
-tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp mode tunnel reqid 2
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
-
-config6_remote_xfrm()
-{
-       config_remote_xfrm
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-dir out ptype main action allow \
-tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp mode tunnel reqid 3
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-dir in ptype main action allow \
-tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp mode tunnel reqid 4
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
deleted file mode 100644 (file)
index a72486a..0000000
--- a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aescbc_sha1_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_common_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_common_defs.sh
index 06b561f..0f0111d 100644 (file)
--- a/examples/ipsec-secgw/test/tun_aesctr_sha1_common_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesctr_sha1_common_defs.sh
@@ -32,26 +32,90 @@ sa in 7 cipher_algo aes-128-ctr \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM}
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
 
 sa in 9 cipher_algo aes-128-ctr \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM}
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
 
 #SA out rules
 sa out 7 cipher_algo aes-128-ctr \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
 
 sa out 9 cipher_algo aes-128-ctr \
 cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
 auth_algo sha1-hmac \
 auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+       cat ${SGW_CFG_FILE}
+}
+
+config_secgw_mixed()
+{
+       cat <<EOF > ${SGW_CFG_FILE}
+#sp in IPv4 rules
+sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 8 cipher_algo aes-128-ctr \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+sa in 6 cipher_algo aes-128-ctr \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+#SA out rules
+sa out 8 cipher_algo aes-128-ctr \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+sa out 6 cipher_algo aes-128-ctr \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
 
 #Routing rules
 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_defs.sh
index b5d8d64..fd92f87 100644 (file)
--- a/examples/ipsec-secgw/test/tun_aesctr_sha1_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesctr_sha1_defs.sh
@@ -3,9 +3,9 @@
 
 . ${DIR}/tun_aesctr_sha1_common_defs.sh
 
-SGW_CMD_XPRM='-w 300 -l'
+SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
 
-config_remote_xfrm()
+config_remote_xfrm_44()
 {
        ssh ${REMOTE_HOST} ip xfrm policy flush
        ssh ${REMOTE_HOST} ip xfrm state flush
@@ -24,13 +24,13 @@ proto esp mode tunnel reqid 2
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
@@ -38,9 +38,80 @@ enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
        ssh ${REMOTE_HOST} ip xfrm state list
 }
 
-config6_remote_xfrm()
+config_remote_xfrm_46()
 {
-       config_remote_xfrm
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 1
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 2
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config_remote_xfrm_64()
+{
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+sel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
+
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config_remote_xfrm_66()
+{
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
 
        ssh ${REMOTE_HOST} ip xfrm policy add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@@ -56,13 +127,13 @@ proto esp mode tunnel reqid 4
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \
 auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
 enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
 
diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_esn_atom_defs.sh
deleted file mode 100644 (file)
index 078ef50..0000000
--- a/examples/ipsec-secgw/test/tun_aesctr_sha1_esn_atom_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesctr_sha1_esn_defs.sh
-
-SGW_CMD_XPRM='-e -a -w 300 -l'
diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_esn_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_esn_defs.sh
deleted file mode 100644 (file)
index 7990801..0000000
--- a/examples/ipsec-secgw/test/tun_aesctr_sha1_esn_defs.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesctr_sha1_common_defs.sh
-
-SGW_CMD_XPRM='-e -w 300 -l'
-
-config_remote_xfrm()
-{
-       ssh ${REMOTE_HOST} ip xfrm policy flush
-       ssh ${REMOTE_HOST} ip xfrm state flush
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-dir out ptype main action allow \
-tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp mode tunnel reqid 1
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-dir in ptype main action allow \
-tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp mode tunnel reqid 2
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
-
-config6_remote_xfrm()
-{
-       config_remote_xfrm
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-dir out ptype main action allow \
-tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp mode tunnel reqid 3
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-dir in ptype main action allow \
-tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp mode tunnel reqid 4
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
-auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
-enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
deleted file mode 100644 (file)
index e9da4c1..0000000
--- a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesctr_sha1_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
index d846aac..bf49562 100644 (file)
--- a/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
@@ -30,22 +30,76 @@ sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
 #SA in rules
 sa in 7 aead_algo aes-128-gcm \
 aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM} \
-${SGW_CFG_XPRM_IN}
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
 
 sa in 9 aead_algo aes-128-gcm \
 aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM} \
-${SGW_CFG_XPRM_IN}
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
 
 #SA out rules
 sa out 7 aead_algo aes-128-gcm \
 aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
 
 sa out 9 aead_algo aes-128-gcm \
 aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
-mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
+
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+
+rt ipv6 dst ${REMOTE_IPV6}/128 port 0
+rt ipv6 dst ${LOCAL_IPV6}/128 port 1
+
+#neighbours
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+EOF
+
+       cat ${SGW_CFG_FILE}
+}
+
+config_secgw_mixed()
+{
+       cat <<EOF > ${SGW_CFG_FILE}
+#sp in IPv4 rules
+sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv4 rules
+sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#sp in IPv6 rules
+sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SP out IPv6 rules
+sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
+
+#SA in rules
+sa in 8 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
+
+sa in 6 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
+
+#SA out rules
+sa out 8 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
+
+sa out 6 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
 
 #Routing rules
 rt ipv4 dst ${REMOTE_IPV4}/32 port 0
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_defs.sh
index 5e0c935..2528d02 100644 (file)
--- a/examples/ipsec-secgw/test/tun_aesgcm_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesgcm_defs.sh
@@ -3,9 +3,9 @@
 
 . ${DIR}/tun_aesgcm_common_defs.sh
 
-SGW_CMD_XPRM='-w 300 -l'
+SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
 
-config_remote_xfrm()
+config_remote_xfrm_44()
 {
        ssh ${REMOTE_HOST} ip xfrm policy flush
        ssh ${REMOTE_HOST} ip xfrm state flush
@@ -24,13 +24,13 @@ proto esp mode tunnel reqid 2
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
 aead "rfc4106\(gcm\(aes\)\)" \
 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
 aead "rfc4106\(gcm\(aes\)\)" \
 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
 
@@ -38,9 +38,80 @@ aead "rfc4106\(gcm\(aes\)\)" \
        ssh ${REMOTE_HOST} ip xfrm state list
 }
 
-config6_remote_xfrm()
+config_remote_xfrm_46()
 {
-       config_remote_xfrm
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp mode tunnel reqid 1
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp mode tunnel reqid 2
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+proto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \
+sel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+proto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \
+sel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config_remote_xfrm_64()
+{
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \
+sel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
+
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \
+sel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
+
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
+}
+
+config_remote_xfrm_66()
+{
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
 
        ssh ${REMOTE_HOST} ip xfrm policy add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@@ -56,13 +127,13 @@ proto esp mode tunnel reqid 4
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
+proto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \
 aead "rfc4106\(gcm\(aes\)\)" \
 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
 
        ssh ${REMOTE_HOST} ip xfrm state add \
 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
+proto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \
 aead "rfc4106\(gcm\(aes\)\)" \
 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
 
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh
deleted file mode 100644 (file)
index e3dffbe..0000000
--- a/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesgcm_esn_defs.sh
-
-SGW_CMD_XPRM='-e -a -w 300 -l'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh
deleted file mode 100644 (file)
index b5ced8c..0000000
--- a/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesgcm_common_defs.sh
-
-SGW_CMD_XPRM='-e -w 300 -l'
-
-config_remote_xfrm()
-{
-       ssh ${REMOTE_HOST} ip xfrm policy flush
-       ssh ${REMOTE_HOST} ip xfrm state flush
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-dir out ptype main action allow \
-tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp mode tunnel reqid 1
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-dir in ptype main action allow \
-tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp mode tunnel reqid 2
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
-proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
-aead "rfc4106\(gcm\(aes\)\)" \
-0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
-proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
-aead "rfc4106\(gcm\(aes\)\)" \
-0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
-
-config6_remote_xfrm()
-{
-       config_remote_xfrm
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-dir out ptype main action allow \
-tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp mode tunnel reqid 3
-
-       ssh ${REMOTE_HOST} ip xfrm policy add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-dir in ptype main action allow \
-tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp mode tunnel reqid 4
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
-proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
-aead "rfc4106\(gcm\(aes\)\)" \
-0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
-
-       ssh ${REMOTE_HOST} ip xfrm state add \
-src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
-proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
-aead "rfc4106\(gcm\(aes\)\)" \
-0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
-
-       ssh ${REMOTE_HOST} ip xfrm policy list
-       ssh ${REMOTE_HOST} ip xfrm state list
-}
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_defs.sh
deleted file mode 100644 (file)
index c4654c8..0000000
--- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_defs.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesgcm_defs.sh
-
-CRYPTO_DEV='--vdev="crypto_null0"'
-SGW_CFG_XPRM='port_id 0 type inline-crypto-offload'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh
deleted file mode 100644 (file)
index e098bd3..0000000
--- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesgcm_defs.sh
-
-if [[ -z "${CRYPTO_FLBK_TYPE}" ]]; then
-       CRYPTO_FLBK_TYPE="fallback lookaside-none"
-fi
-
-SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload ${CRYPTO_FLBK_TYPE}"
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
deleted file mode 100644 (file)
index 7830065..0000000
--- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesgcm_inline_crypto_defs.sh
-
-SGW_CMD_XPRM=
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
deleted file mode 100644 (file)
index e9be774..0000000
--- a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#! /bin/bash
-# SPDX-License-Identifier: BSD-3-Clause
-
-. ${DIR}/tun_aesgcm_defs.sh
-
-SGW_CMD_XPRM=
DPDK repo used for reviews