#! /bin/bash
+# SPDX-License-Identifier: BSD-3-Clause
-#check that env vars are properly defined
-
-#check SGW_PATH
-if [[ -z "${SGW_PATH}" || ! -x ${SGW_PATH} ]]; then
- echo "SGW_PATH is invalid"
- exit 127
-fi
-
-#check ETH_DEV
+# check ETH_DEV
if [[ -z "${ETH_DEV}" ]]; then
echo "ETH_DEV is invalid"
exit 127
fi
-#setup SGW_LCORE
-SGW_LCORE=${SGW_LCORE:-0}
-
-#check that REMOTE_HOST is reachable
+# check that REMOTE_HOST is reachable
ssh ${REMOTE_HOST} echo
st=$?
if [[ $st -ne 0 ]]; then
exit $st
fi
-#get ether addr of REMOTE_HOST
+# get ether addr of REMOTE_HOST
REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
st=$?
REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014
LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092
-DPDK_PATH=${RTE_SDK:-${PWD}}
-DPDK_BUILD=${RTE_TARGET:-x86_64-native-linuxapp-gcc}
+DPDK_PATH=${PWD}
+DPDK_BUILD="build"
+DPDK_VARS=""
-SGW_OUT_FILE=./ipsec-secgw.out1
+# by default ipsec-secgw can't deal with multi-segment packets
+# make sure our local/remote host wouldn't generate fragmented packets
+# if reassmebly option is not enabled
+DEF_MTU_LEN=1400
+DEF_PING_LEN=1200
-SGW_CMD_EAL_PRM="--lcores=${SGW_LCORE} -n 4 ${ETH_DEV}"
-SGW_CMD_CFG="(0,0,${SGW_LCORE}),(1,0,${SGW_LCORE})"
-SGW_CMD_PRM="-p 0x3 -u 1 -P --config=\"${SGW_CMD_CFG}\""
+# set operation mode based on environment variables values
+select_mode()
+{
+ echo "Test environment configuration:"
+ # check which mode to be enabled (library/legacy)
+ if [[ -n "${SGW_MODE}" && "${SGW_MODE}" == "library" ]]; then
+ DPDK_MODE="-w 300 -l"
+ echo "[enabled] library mode"
+ else
+ DPDK_MODE=""
+ echo "[enabled] legacy mode"
+ fi
+
+ # check if esn is demanded
+ if [[ -n "${SGW_ESN}" && "${SGW_ESN}" == "esn-on" ]]; then
+ DPDK_VARS="${DPDK_VARS} -e"
+ XFRM_ESN="flag esn"
+ echo "[enabled] extended sequence number"
+ else
+ XFRM_ESN=""
+ echo "[disabled] extended sequence number"
+ fi
+
+ # check if atom is demanded
+ if [[ -n "${SGW_ATOM}" && "${SGW_ATOM}" == "atom-on" ]]; then
+ DPDK_VARS="${DPDK_VARS} -a"
+ echo "[enabled] sequence number atomic behavior"
+ else
+ echo "[disabled] sequence number atomic behavior"
+ fi
+
+ # check if inline should be enabled
+ if [[ -n "${SGW_CRYPTO}" && "${SGW_CRYPTO}" == "inline" ]]; then
+ CRYPTO_DEV='--vdev="crypto_null0"'
+ SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload"
+ SGW_CFG_XPRM_OUT="port_id 0 type inline-crypto-offload"
+ echo "[enabled] inline crypto mode"
+ else
+ SGW_CFG_XPRM_IN=""
+ SGW_CFG_XPRM_OUT=""
+ echo "[disabled] inline crypto mode"
+ fi
+
+ # check if fallback should be enabled
+ if [[ -n "${SGW_CRYPTO_FLBK}" ]] && [[ -n ${SGW_CFG_XPRM_IN} ]] \
+ && [[ "${SGW_MODE}" == "library" ]] \
+ && [[ "${SGW_CRYPTO_FLBK}" == "cpu-crypto" \
+ || "${SGW_CRYPTO_FLBK}" == "lookaside-none" ]]; then
+ CRYPTO_DEV=""
+ SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} fallback ${SGW_CRYPTO_FLBK}"
+ SGW_CFG_XPRM_OUT=""
+ echo "[enabled] crypto fallback ${SGW_CRYPTO_FLBK} mode"
+ else
+ if [[ -n "${SGW_CRYPTO_FLBK}" \
+ && "${SGW_CRYPTO}" != "inline" ]]; then
+ echo "SGW_CRYPTO variable needs to be set to \
+\"inline\" for ${SGW_CRYPTO_FLBK} fallback setting"
+ exit 127
+ elif [[ -n "${SGW_CRYPTO_FLBK}" \
+ && "${SGW_MODE}" != "library" ]]; then
+ echo "SGW_MODE variable needs to be set to \
+\"library\" for ${SGW_CRYPTO_FLBK} fallback setting"
+ exit 127
+ fi
+ echo "[disabled] crypto fallback mode"
+ fi
+
+ # select sync/async mode
+ if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${DPDK_MODE}" ]]; then
+ echo "[enabled] crypto primary type - ${CRYPTO_PRIM_TYPE}"
+ SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} type ${CRYPTO_PRIM_TYPE}"
+ SGW_CFG_XPRM_OUT="${SGW_CFG_XPRM_OUT} type ${CRYPTO_PRIM_TYPE}"
+ else
+ if [[ -n "${CRYPTO_PRIM_TYPE}" \
+ && "${SGW_MODE}" != "library" ]]; then
+ echo "SGW_MODE variable needs to be set to \
+\"library\" for ${CRYPTO_PRIM_TYPE} crypto primary type setting"
+ exit 127
+ fi
+ fi
+
+
+ # make linux to generate fragmented packets
+ if [[ -n "${SGW_MULTI_SEG}" && -n "${DPDK_MODE}" ]]; then
+ echo -e "[enabled] multi-segment test is enabled\n"
+ SGW_CMD_XPRM="--reassemble ${SGW_MULTI_SEG}"
+ PING_LEN=5000
+ MTU_LEN=1500
+ else
+ if [[ -z "${SGW_MULTI_SEG}" \
+ && "${SGW_CFG_XPRM_IN}" == *fallback* ]]; then
+ echo "SGW_MULTI_SEG environment variable needs \
+to be set for ${SGW_CRYPTO_FLBK} fallback test"
+ exit 127
+ elif [[ -n "${SGW_MULTI_SEG}" \
+ && "${SGW_MODE}" != "library" ]]; then
+ echo "SGW_MODE variable needs to be set to \
+\"library\" for multiple segment reassemble setting"
+ exit 127
+ fi
+
+ echo -e "[disabled] multi-segment test\n"
+ PING_LEN=${DEF_PING_LEN}
+ MTU_LEN=${DEF_MTU_LEN}
+ fi
+}
-SGW_CFG_FILE=$(tempfile)
+# setup mtu on local iface
+set_local_mtu()
+{
+ mtu=$1
+ ifconfig ${LOCAL_IFACE} mtu ${mtu}
+ sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=${mtu}
+}
# configure local host/ifaces
config_local_iface()
{
- ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 mtu 1400 up
+ ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 up
ifconfig ${LOCAL_IFACE}
ip neigh flush dev ${LOCAL_IFACE}
sysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0
ip addr add ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE}
- sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=1300
-
ip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
ip neigh show dev ${LOCAL_IFACE}
}
-#configure remote host/iface
+# configure remote host/iface
config_remote_iface()
{
ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}
- # by some reason following ip neigh doesn't work for me here properly:
- #ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
- # dev ${REMOTE_IFACE} lladr ${LOCAL_MAC}
- # so used arp instead.
- ssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}
+ ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
+ dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
ssh ${REMOTE_HOST} iptables --flush
ssh ${REMOTE_HOST} ip6tables --flush
}
-#configure remote and local host/iface
+# configure remote and local host/iface
config_iface()
{
config_local_iface
config6_remote_iface
}
-#start ipsec-secgw
-secgw_start()
-{
- SGW_EXEC_FILE=$(tempfile)
- cat <<EOF > ${SGW_EXEC_FILE}
-${SGW_PATH} ${SGW_CMD_EAL_PRM} ${CRYPTO_DEV} \
---vdev="net_tap0,mac=fixed" \
--- ${SGW_CMD_PRM} ${SGW_CMD_XPRM} -f ${SGW_CFG_FILE} > \
-${SGW_OUT_FILE} 2>&1 &
-p=\$!
-echo \$p
-EOF
-
- cat ${SGW_EXEC_FILE}
- SGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}`
-
- # wait till ipsec-secgw start properly
- i=0
- st=1
- while [[ $i -ne 10 && st -ne 0 ]]; do
- sleep 1
- ifconfig ${LOCAL_IFACE}
- st=$?
- let i++
- done
-}
-
-#stop ipsec-secgw and cleanup
-secgw_stop()
-{
- kill ${SGW_PID}
- rm -f ${SGW_EXEC_FILE}
- rm -f ${SGW_CFG_FILE}
-}
+# secgw application parameters setup
+SGW_PORT_CFG="--vdev=\"net_tap0,mac=fixed\" ${ETH_DEV}"
+SGW_WAIT_DEV="${LOCAL_IFACE}"
+. ${DIR}/common_defs_secgw.sh