#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause

# check ETH_DEV
if [[ -z "${ETH_DEV}" ]]; then
        echo "ETH_DEV is invalid"
        exit 127
fi

# check that REMOTE_HOST is reachable
ssh ${REMOTE_HOST} echo
st=$?
if [[ $st -ne 0 ]]; then
        echo "host ${REMOTE_HOST} is not reachable"
        exit $st
fi

# get ether addr of REMOTE_HOST
REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
st=$?
REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
if [[ $st -ne 0 || -z "${REMOTE_MAC}" ]]; then
        echo "couldn't retrieve ether addr from ${REMOTE_IFACE}"
        exit 127
fi

LOCAL_IFACE=dtap0

LOCAL_MAC="00:64:74:61:70:30"

REMOTE_IPV4=192.168.31.14
LOCAL_IPV4=192.168.31.92

REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014
LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092

DPDK_PATH=${PWD}
DPDK_BUILD="build"
DPDK_VARS=""

# by default ipsec-secgw can't deal with multi-segment packets
# make sure our local/remote host wouldn't generate fragmented packets
# if reassembly option is not enabled
DEF_MTU_LEN=1400
DEF_PING_LEN=1200

# set operation mode based on environment variables values
select_mode()
{
        echo "Test environment configuration:"
        # check which mode to be enabled (library/legacy)
        if [[ -n "${SGW_MODE}" && "${SGW_MODE}" == "library" ]]; then
                DPDK_MODE="-w 300 -l"
                echo "[enabled]  library mode"
        else
                DPDK_MODE=""
                echo "[enabled]  legacy mode"
        fi

        # check if esn is demanded
        if [[ -n "${SGW_ESN}" && "${SGW_ESN}" == "esn-on" ]]; then
                DPDK_VARS="${DPDK_VARS} -e"
                XFRM_ESN="flag esn"
                echo "[enabled]  extended sequence number"
        else
                XFRM_ESN=""
                echo "[disabled] extended sequence number"
        fi

        # check if atom is demanded
        if [[ -n "${SGW_ATOM}" && "${SGW_ATOM}" == "atom-on" ]]; then
                DPDK_VARS="${DPDK_VARS} -a"
                echo "[enabled]  sequence number atomic behavior"
        else
                echo "[disabled] sequence number atomic behavior"
        fi

        # check if inline should be enabled
        if [[ -n "${SGW_CRYPTO}" && "${SGW_CRYPTO}" == "inline" ]]; then
                CRYPTO_DEV='--vdev="crypto_null0"'
                SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload"
                SGW_CFG_XPRM_OUT="port_id 0 type inline-crypto-offload"
                echo "[enabled]  inline crypto mode"
        else
                SGW_CFG_XPRM_IN=""
                SGW_CFG_XPRM_OUT=""
                echo "[disabled] inline crypto mode"
        fi

        # check if fallback should be enabled
        if [[ -n "${SGW_CRYPTO_FLBK}" ]] && [[ -n ${SGW_CFG_XPRM_IN} ]] \
        && [[ "${SGW_MODE}" == "library" ]] \
        && [[ "${SGW_CRYPTO_FLBK}" == "cpu-crypto" \
        || "${SGW_CRYPTO_FLBK}" == "lookaside-none" ]]; then
                CRYPTO_DEV=""
                SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} fallback ${SGW_CRYPTO_FLBK}"
                SGW_CFG_XPRM_OUT=""
                echo "[enabled]  crypto fallback ${SGW_CRYPTO_FLBK} mode"
        else
                if [[ -n "${SGW_CRYPTO_FLBK}" \
                && "${SGW_CRYPTO}" != "inline" ]]; then
                        echo "SGW_CRYPTO variable needs to be set to \
\"inline\" for ${SGW_CRYPTO_FLBK} fallback setting"
                        exit 127
                elif [[ -n "${SGW_CRYPTO_FLBK}" \
                && "${SGW_MODE}" != "library" ]]; then
                        echo "SGW_MODE variable needs to be set to \
\"library\" for ${SGW_CRYPTO_FLBK} fallback setting"
                        exit 127
                fi
                echo "[disabled] crypto fallback mode"
        fi

        # select sync/async mode
        if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${DPDK_MODE}" ]]; then
                echo "[enabled]  crypto primary type - ${CRYPTO_PRIM_TYPE}"
                SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} type ${CRYPTO_PRIM_TYPE}"
                SGW_CFG_XPRM_OUT="${SGW_CFG_XPRM_OUT} type ${CRYPTO_PRIM_TYPE}"
        else
                if [[ -n "${CRYPTO_PRIM_TYPE}" \
                && "${SGW_MODE}" != "library" ]]; then
                        echo "SGW_MODE variable needs to be set to \
\"library\" for ${CRYPTO_PRIM_TYPE} crypto primary type setting"
                        exit 127
                fi
        fi


        # make linux to generate fragmented packets
        if [[ -n "${SGW_MULTI_SEG}" && -n "${DPDK_MODE}" ]]; then
                echo -e "[enabled]  multi-segment test is enabled\n"
                SGW_CMD_XPRM="--reassemble ${SGW_MULTI_SEG}"
                PING_LEN=5000
                MTU_LEN=1500
        else
                if [[ -z "${SGW_MULTI_SEG}" \
                && "${SGW_CFG_XPRM_IN}" == *fallback* ]]; then
                        echo "SGW_MULTI_SEG environment variable needs \
to be set for ${SGW_CRYPTO_FLBK} fallback test"
                        exit 127
                elif [[ -n "${SGW_MULTI_SEG}" \
                && "${SGW_MODE}" != "library" ]]; then
                        echo "SGW_MODE variable needs to be set to \
\"library\" for multiple segment reassemble setting"
                exit 127
                fi

                echo -e "[disabled] multi-segment test\n"
                PING_LEN=${DEF_PING_LEN}
                MTU_LEN=${DEF_MTU_LEN}
        fi
}

# setup mtu on local iface
set_local_mtu()
{
        mtu=$1
        ifconfig ${LOCAL_IFACE} mtu ${mtu}
        sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=${mtu}
}

# configure local host/ifaces
config_local_iface()
{
        ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 up
        ifconfig ${LOCAL_IFACE}

        ip neigh flush dev ${LOCAL_IFACE}
        ip neigh add ${REMOTE_IPV4} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
        ip neigh show dev ${LOCAL_IFACE}
}

config6_local_iface()
{
        config_local_iface

        sysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0
        ip addr add  ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE}

        ip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
        ip neigh show dev ${LOCAL_IFACE}
}

# configure remote host/iface
config_remote_iface()
{
        ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
        ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up
        ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE}

        ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}

        ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
                dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
        ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}

        ssh ${REMOTE_HOST} iptables --flush
}

config6_remote_iface()
{
        config_remote_iface

        ssh ${REMOTE_HOST} sysctl -w \
                net.ipv6.conf.${REMOTE_IFACE}.disable_ipv6=0
        ssh ${REMOTE_HOST} ip addr add  ${REMOTE_IPV6}/64 dev ${REMOTE_IFACE}

        ssh ${REMOTE_HOST} ip -6 neigh add ${LOCAL_IPV6} \
                dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
        ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}

        ssh ${REMOTE_HOST} ip6tables --flush
}

# configure remote and local host/iface
config_iface()
{
        config_local_iface
        config_remote_iface
}

config6_iface()
{
        config6_local_iface
        config6_remote_iface
}

# secgw application parameters setup
SGW_PORT_CFG="--vdev=\"net_tap0,mac=fixed\" ${ETH_DEV}"
SGW_WAIT_DEV="${LOCAL_IFACE}"
. ${DIR}/common_defs_secgw.sh