ceph/src/seastar/dpdk/examples/ipsec-secgw/test/tun_aesgcm_defs.sh

   1 #! /bin/bash
   2
   3 . ${DIR}/tun_aesgcm_common_defs.sh
   4
   5 SGW_CMD_XPRM='-w 300'
   6
   7 config_remote_xfrm()
   8 {
   9         ssh ${REMOTE_HOST} ip xfrm policy flush
  10         ssh ${REMOTE_HOST} ip xfrm state flush
  11
  12         ssh ${REMOTE_HOST} ip xfrm policy add \
  13 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
  14 dir out ptype main action allow \
  15 tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
  16 proto esp mode tunnel reqid 1
  17
  18         ssh ${REMOTE_HOST} ip xfrm policy add \
  19 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
  20 dir in ptype main action allow \
  21 tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
  22 proto esp mode tunnel reqid 2
  23
  24         ssh ${REMOTE_HOST} ip xfrm state add \
  25 src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
  26 proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
  27 aead "rfc4106\(gcm\(aes\)\)" \
  28 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
  29
  30         ssh ${REMOTE_HOST} ip xfrm state add \
  31 src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
  32 proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
  33 aead "rfc4106\(gcm\(aes\)\)" \
  34 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
  35
  36         ssh ${REMOTE_HOST} ip xfrm policy list
  37         ssh ${REMOTE_HOST} ip xfrm state list
  38
  39         # to overcome problem with ipsec-secgw for inline mode,
  40         # when first packet(s) will be always dropped.
  41         # note that ping will fail here
  42         ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV4}
  43 }
  44
  45 config6_remote_xfrm()
  46 {
  47         config_remote_xfrm
  48
  49         ssh ${REMOTE_HOST} ip xfrm policy add \
  50 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
  51 dir out ptype main action allow \
  52 tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
  53 proto esp mode tunnel reqid 3
  54
  55         ssh ${REMOTE_HOST} ip xfrm policy add \
  56 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
  57 dir in ptype main action allow \
  58 tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
  59 proto esp mode tunnel reqid 4
  60
  61         ssh ${REMOTE_HOST} ip xfrm state add \
  62 src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
  63 proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
  64 aead "rfc4106\(gcm\(aes\)\)" \
  65 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
  66
  67         ssh ${REMOTE_HOST} ip xfrm state add \
  68 src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
  69 proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
  70 aead "rfc4106\(gcm\(aes\)\)" \
  71 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
  72
  73         ssh ${REMOTE_HOST} ip xfrm policy list
  74         ssh ${REMOTE_HOST} ip xfrm state list
  75
  76         # to overcome problem with ipsec-secgw for inline mode,
  77         # when first packet(s) will be always dropped.
  78         # note that ping will fail here
  79         ssh ${REMOTE_HOST} ping6 -c 1 ${LOCAL_IPV6}
  80 }