X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Ftest%2Fcommon_defs.sh;h=f22eb3ab129994b48ceaa0202f43be29e09a3814;hb=4460ed1482d6e0f48f145d6300d547b24b99fad6;hp=1ed31f89f00e1d3d6ce5f54ce5db110b7ca5d27b;hpb=9297844520945661bdc6747959eed27edb858f53;p=dpdk.git diff --git a/examples/ipsec-secgw/test/common_defs.sh b/examples/ipsec-secgw/test/common_defs.sh index 1ed31f89f0..f22eb3ab12 100644 --- a/examples/ipsec-secgw/test/common_defs.sh +++ b/examples/ipsec-secgw/test/common_defs.sh @@ -1,23 +1,13 @@ #! /bin/bash +# SPDX-License-Identifier: BSD-3-Clause -#check that env vars are properly defined - -#check SGW_PATH -if [[ -z "${SGW_PATH}" || ! -x ${SGW_PATH} ]]; then - echo "SGW_PATH is invalid" - exit 127 -fi - -#check ETH_DEV +# check ETH_DEV if [[ -z "${ETH_DEV}" ]]; then echo "ETH_DEV is invalid" exit 127 fi -#setup SGW_LCORE -SGW_LCORE=${SGW_LCORE:-0} - -#check that REMOTE_HOST is reachable +# check that REMOTE_HOST is reachable ssh ${REMOTE_HOST} echo st=$? if [[ $st -ne 0 ]]; then @@ -25,7 +15,7 @@ if [[ $st -ne 0 ]]; then exit $st fi -#get ether addr of REMOTE_HOST +# get ether addr of REMOTE_HOST REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}` st=$? REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'` @@ -44,21 +34,135 @@ LOCAL_IPV4=192.168.31.92 REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014 LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092 -DPDK_PATH=${RTE_SDK:-${PWD}} -DPDK_BUILD=${RTE_TARGET:-x86_64-native-linuxapp-gcc} +DPDK_PATH=${PWD} +DPDK_BUILD="build" +DPDK_VARS="" -SGW_OUT_FILE=./ipsec-secgw.out1 +# by default ipsec-secgw can't deal with multi-segment packets +# make sure our local/remote host wouldn't generate fragmented packets +# if reassmebly option is not enabled +DEF_MTU_LEN=1400 +DEF_PING_LEN=1200 -SGW_CMD_EAL_PRM="--lcores=${SGW_LCORE} -n 4 ${ETH_DEV}" -SGW_CMD_CFG="(0,0,${SGW_LCORE}),(1,0,${SGW_LCORE})" -SGW_CMD_PRM="-p 0x3 -u 1 -P --config=\"${SGW_CMD_CFG}\"" +# set operation mode based on environment variables values +select_mode() +{ + echo "Test environment configuration:" + # check which mode to be enabled (library/legacy) + if [[ -n "${SGW_MODE}" && "${SGW_MODE}" == "library" ]]; then + DPDK_MODE="-w 300 -l" + echo "[enabled] library mode" + else + DPDK_MODE="" + echo "[enabled] legacy mode" + fi + + # check if esn is demanded + if [[ -n "${SGW_ESN}" && "${SGW_ESN}" == "esn-on" ]]; then + DPDK_VARS="${DPDK_VARS} -e" + XFRM_ESN="flag esn" + echo "[enabled] extended sequence number" + else + XFRM_ESN="" + echo "[disabled] extended sequence number" + fi + + # check if atom is demanded + if [[ -n "${SGW_ATOM}" && "${SGW_ATOM}" == "atom-on" ]]; then + DPDK_VARS="${DPDK_VARS} -a" + echo "[enabled] sequence number atomic behavior" + else + echo "[disabled] sequence number atomic behavior" + fi + + # check if inline should be enabled + if [[ -n "${SGW_CRYPTO}" && "${SGW_CRYPTO}" == "inline" ]]; then + CRYPTO_DEV='--vdev="crypto_null0"' + SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload" + SGW_CFG_XPRM_OUT="port_id 0 type inline-crypto-offload" + echo "[enabled] inline crypto mode" + else + SGW_CFG_XPRM_IN="" + SGW_CFG_XPRM_OUT="" + echo "[disabled] inline crypto mode" + fi + + # check if fallback should be enabled + if [[ -n "${SGW_CRYPTO_FLBK}" ]] && [[ -n ${SGW_CFG_XPRM_IN} ]] \ + && [[ "${SGW_MODE}" == "library" ]] \ + && [[ "${SGW_CRYPTO_FLBK}" == "cpu-crypto" \ + || "${SGW_CRYPTO_FLBK}" == "lookaside-none" ]]; then + CRYPTO_DEV="" + SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} fallback ${SGW_CRYPTO_FLBK}" + SGW_CFG_XPRM_OUT="" + echo "[enabled] crypto fallback ${SGW_CRYPTO_FLBK} mode" + else + if [[ -n "${SGW_CRYPTO_FLBK}" \ + && "${SGW_CRYPTO}" != "inline" ]]; then + echo "SGW_CRYPTO variable needs to be set to \ +\"inline\" for ${SGW_CRYPTO_FLBK} fallback setting" + exit 127 + elif [[ -n "${SGW_CRYPTO_FLBK}" \ + && "${SGW_MODE}" != "library" ]]; then + echo "SGW_MODE variable needs to be set to \ +\"library\" for ${SGW_CRYPTO_FLBK} fallback setting" + exit 127 + fi + echo "[disabled] crypto fallback mode" + fi + + # select sync/async mode + if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${DPDK_MODE}" ]]; then + echo "[enabled] crypto primary type - ${CRYPTO_PRIM_TYPE}" + SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} type ${CRYPTO_PRIM_TYPE}" + SGW_CFG_XPRM_OUT="${SGW_CFG_XPRM_OUT} type ${CRYPTO_PRIM_TYPE}" + else + if [[ -n "${CRYPTO_PRIM_TYPE}" \ + && "${SGW_MODE}" != "library" ]]; then + echo "SGW_MODE variable needs to be set to \ +\"library\" for ${CRYPTO_PRIM_TYPE} crypto primary type setting" + exit 127 + fi + fi + + + # make linux to generate fragmented packets + if [[ -n "${SGW_MULTI_SEG}" && -n "${DPDK_MODE}" ]]; then + echo -e "[enabled] multi-segment test is enabled\n" + SGW_CMD_XPRM="--reassemble ${SGW_MULTI_SEG}" + PING_LEN=5000 + MTU_LEN=1500 + else + if [[ -z "${SGW_MULTI_SEG}" \ + && "${SGW_CFG_XPRM_IN}" == *fallback* ]]; then + echo "SGW_MULTI_SEG environment variable needs \ +to be set for ${SGW_CRYPTO_FLBK} fallback test" + exit 127 + elif [[ -n "${SGW_MULTI_SEG}" \ + && "${SGW_MODE}" != "library" ]]; then + echo "SGW_MODE variable needs to be set to \ +\"library\" for multiple segment reassemble setting" + exit 127 + fi + + echo -e "[disabled] multi-segment test\n" + PING_LEN=${DEF_PING_LEN} + MTU_LEN=${DEF_MTU_LEN} + fi +} -SGW_CFG_FILE=$(tempfile) +# setup mtu on local iface +set_local_mtu() +{ + mtu=$1 + ifconfig ${LOCAL_IFACE} mtu ${mtu} + sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=${mtu} +} # configure local host/ifaces config_local_iface() { - ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 mtu 1400 up + ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 up ifconfig ${LOCAL_IFACE} ip neigh flush dev ${LOCAL_IFACE} @@ -73,13 +177,11 @@ config6_local_iface() sysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0 ip addr add ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE} - sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=1300 - ip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC} ip neigh show dev ${LOCAL_IFACE} } -#configure remote host/iface +# configure remote host/iface config_remote_iface() { ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down @@ -88,11 +190,8 @@ config_remote_iface() ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE} - # by some reason following ip neigh doesn't work for me here properly: - #ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \ - # dev ${REMOTE_IFACE} lladr ${LOCAL_MAC} - # so used arp instead. - ssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC} + ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \ + dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC} ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE} ssh ${REMOTE_HOST} iptables --flush @@ -113,7 +212,7 @@ config6_remote_iface() ssh ${REMOTE_HOST} ip6tables --flush } -#configure remote and local host/iface +# configure remote and local host/iface config_iface() { config_local_iface @@ -126,37 +225,7 @@ config6_iface() config6_remote_iface } -#start ipsec-secgw -secgw_start() -{ - SGW_EXEC_FILE=$(tempfile) - cat < ${SGW_EXEC_FILE} -${SGW_PATH} ${SGW_CMD_EAL_PRM} ${CRYPTO_DEV} \ ---vdev="net_tap0,mac=fixed" \ --- ${SGW_CMD_PRM} ${SGW_CMD_XPRM} -f ${SGW_CFG_FILE} > \ -${SGW_OUT_FILE} 2>&1 & -p=\$! -echo \$p -EOF - - cat ${SGW_EXEC_FILE} - SGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}` - - # wait till ipsec-secgw start properly - i=0 - st=1 - while [[ $i -ne 10 && st -ne 0 ]]; do - sleep 1 - ifconfig ${LOCAL_IFACE} - st=$? - let i++ - done -} - -#stop ipsec-secgw and cleanup -secgw_stop() -{ - kill ${SGW_PID} - rm -f ${SGW_EXEC_FILE} - rm -f ${SGW_CFG_FILE} -} +# secgw application parameters setup +SGW_PORT_CFG="--vdev=\"net_tap0,mac=fixed\" ${ETH_DEV}" +SGW_WAIT_DEV="${LOCAL_IFACE}" +. ${DIR}/common_defs_secgw.sh