1#! /bin/bash 2# SPDX-License-Identifier: BSD-3-Clause 3 4# check ETH_DEV 5if [[ -z "${ETH_DEV}" ]]; then 6 echo "ETH_DEV is invalid" 7 exit 127 8fi 9 10# check that REMOTE_HOST is reachable 11ssh ${REMOTE_HOST} echo 12st=$? 13if [[ $st -ne 0 ]]; then 14 echo "host ${REMOTE_HOST} is not reachable" 15 exit $st 16fi 17 18# get ether addr of REMOTE_HOST 19REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}` 20st=$? 21REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'` 22if [[ $st -ne 0 || -z "${REMOTE_MAC}" ]]; then 23 echo "couldn't retrieve ether addr from ${REMOTE_IFACE}" 24 exit 127 25fi 26 27LOCAL_IFACE=dtap0 28 29LOCAL_MAC="00:64:74:61:70:30" 30 31REMOTE_IPV4=192.168.31.14 32LOCAL_IPV4=192.168.31.92 33 34REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014 35LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092 36 37DPDK_PATH=${PWD} 38DPDK_BUILD="build" 39DPDK_VARS="" 40 41# by default ipsec-secgw can't deal with multi-segment packets 42# make sure our local/remote host wouldn't generate fragmented packets 43# if reassembly option is not enabled 44DEF_MTU_LEN=1400 45DEF_PING_LEN=1200 46 47# set operation mode based on environment variables values 48select_mode() 49{ 50 echo "Test environment configuration:" 51 # check which mode to be enabled (library/legacy) 52 if [[ -n "${SGW_MODE}" && "${SGW_MODE}" == "library" ]]; then 53 DPDK_MODE="-w 300 -l" 54 echo "[enabled] library mode" 55 else 56 DPDK_MODE="" 57 echo "[enabled] legacy mode" 58 fi 59 60 # check if esn is demanded 61 if [[ -n "${SGW_ESN}" && "${SGW_ESN}" == "esn-on" ]]; then 62 DPDK_VARS="${DPDK_VARS} -e" 63 XFRM_ESN="flag esn" 64 echo "[enabled] extended sequence number" 65 else 66 XFRM_ESN="" 67 echo "[disabled] extended sequence number" 68 fi 69 70 # check if atom is demanded 71 if [[ -n "${SGW_ATOM}" && "${SGW_ATOM}" == "atom-on" ]]; then 72 DPDK_VARS="${DPDK_VARS} -a" 73 echo "[enabled] sequence number atomic behavior" 74 else 75 echo "[disabled] sequence number atomic behavior" 76 fi 77 78 # check if inline should be enabled 79 if [[ -n "${SGW_CRYPTO}" && "${SGW_CRYPTO}" == "inline" ]]; then 80 CRYPTO_DEV='--vdev="crypto_null0"' 81 SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload" 82 SGW_CFG_XPRM_OUT="port_id 0 type inline-crypto-offload" 83 echo "[enabled] inline crypto mode" 84 else 85 SGW_CFG_XPRM_IN="" 86 SGW_CFG_XPRM_OUT="" 87 echo "[disabled] inline crypto mode" 88 fi 89 90 # check if fallback should be enabled 91 if [[ -n "${SGW_CRYPTO_FLBK}" ]] && [[ -n ${SGW_CFG_XPRM_IN} ]] \ 92 && [[ "${SGW_MODE}" == "library" ]] \ 93 && [[ "${SGW_CRYPTO_FLBK}" == "cpu-crypto" \ 94 || "${SGW_CRYPTO_FLBK}" == "lookaside-none" ]]; then 95 CRYPTO_DEV="" 96 SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} fallback ${SGW_CRYPTO_FLBK}" 97 SGW_CFG_XPRM_OUT="" 98 echo "[enabled] crypto fallback ${SGW_CRYPTO_FLBK} mode" 99 else 100 if [[ -n "${SGW_CRYPTO_FLBK}" \ 101 && "${SGW_CRYPTO}" != "inline" ]]; then 102 echo "SGW_CRYPTO variable needs to be set to \ 103\"inline\" for ${SGW_CRYPTO_FLBK} fallback setting" 104 exit 127 105 elif [[ -n "${SGW_CRYPTO_FLBK}" \ 106 && "${SGW_MODE}" != "library" ]]; then 107 echo "SGW_MODE variable needs to be set to \ 108\"library\" for ${SGW_CRYPTO_FLBK} fallback setting" 109 exit 127 110 fi 111 echo "[disabled] crypto fallback mode" 112 fi 113 114 # select sync/async mode 115 if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${DPDK_MODE}" ]]; then 116 echo "[enabled] crypto primary type - ${CRYPTO_PRIM_TYPE}" 117 SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} type ${CRYPTO_PRIM_TYPE}" 118 SGW_CFG_XPRM_OUT="${SGW_CFG_XPRM_OUT} type ${CRYPTO_PRIM_TYPE}" 119 else 120 if [[ -n "${CRYPTO_PRIM_TYPE}" \ 121 && "${SGW_MODE}" != "library" ]]; then 122 echo "SGW_MODE variable needs to be set to \ 123\"library\" for ${CRYPTO_PRIM_TYPE} crypto primary type setting" 124 exit 127 125 fi 126 fi 127 128 129 # make linux to generate fragmented packets 130 if [[ -n "${SGW_MULTI_SEG}" && -n "${DPDK_MODE}" ]]; then 131 echo -e "[enabled] multi-segment test is enabled\n" 132 SGW_CMD_XPRM="--reassemble ${SGW_MULTI_SEG}" 133 PING_LEN=5000 134 MTU_LEN=1500 135 else 136 if [[ -z "${SGW_MULTI_SEG}" \ 137 && "${SGW_CFG_XPRM_IN}" == *fallback* ]]; then 138 echo "SGW_MULTI_SEG environment variable needs \ 139to be set for ${SGW_CRYPTO_FLBK} fallback test" 140 exit 127 141 elif [[ -n "${SGW_MULTI_SEG}" \ 142 && "${SGW_MODE}" != "library" ]]; then 143 echo "SGW_MODE variable needs to be set to \ 144\"library\" for multiple segment reassemble setting" 145 exit 127 146 fi 147 148 echo -e "[disabled] multi-segment test\n" 149 PING_LEN=${DEF_PING_LEN} 150 MTU_LEN=${DEF_MTU_LEN} 151 fi 152} 153 154# setup mtu on local iface 155set_local_mtu() 156{ 157 mtu=$1 158 ifconfig ${LOCAL_IFACE} mtu ${mtu} 159 sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=${mtu} 160} 161 162# configure local host/ifaces 163config_local_iface() 164{ 165 ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 up 166 ifconfig ${LOCAL_IFACE} 167 168 ip neigh flush dev ${LOCAL_IFACE} 169 ip neigh add ${REMOTE_IPV4} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC} 170 ip neigh show dev ${LOCAL_IFACE} 171} 172 173config6_local_iface() 174{ 175 config_local_iface 176 177 sysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0 178 ip addr add ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE} 179 180 ip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC} 181 ip neigh show dev ${LOCAL_IFACE} 182} 183 184# configure remote host/iface 185config_remote_iface() 186{ 187 ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down 188 ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up 189 ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} 190 191 ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE} 192 193 ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \ 194 dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC} 195 ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE} 196 197 ssh ${REMOTE_HOST} iptables --flush 198} 199 200config6_remote_iface() 201{ 202 config_remote_iface 203 204 ssh ${REMOTE_HOST} sysctl -w \ 205 net.ipv6.conf.${REMOTE_IFACE}.disable_ipv6=0 206 ssh ${REMOTE_HOST} ip addr add ${REMOTE_IPV6}/64 dev ${REMOTE_IFACE} 207 208 ssh ${REMOTE_HOST} ip -6 neigh add ${LOCAL_IPV6} \ 209 dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC} 210 ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE} 211 212 ssh ${REMOTE_HOST} ip6tables --flush 213} 214 215# configure remote and local host/iface 216config_iface() 217{ 218 config_local_iface 219 config_remote_iface 220} 221 222config6_iface() 223{ 224 config6_local_iface 225 config6_remote_iface 226} 227 228# secgw application parameters setup 229SGW_PORT_CFG="--vdev=\"net_tap0,mac=fixed\" ${ETH_DEV}" 230SGW_WAIT_DEV="${LOCAL_IFACE}" 231. ${DIR}/common_defs_secgw.sh 232