The purpose of these scripts is to automate ipsec-secgw functional testing.
The scripts require two machines (SUT and DUT) connected through
at least 2 NICs and running linux (so far tested only on Ubuntu 18.04).
Introduced test-cases for the following scenarios:
- Transport/Tunnel modes
- ESN on/off
- legacy/librte_ipsec code path

Signed-off-by: Konstantin Ananyev <>
 examples/ipsec-secgw/test/      | 113 ++++++++++++++++++
 examples/ipsec-secgw/test/        |  70 +++++++++++
 examples/ipsec-secgw/test/      |  62 ++++++++++
 examples/ipsec-secgw/test/         |  48 ++++++++
 .../test/       |  42 +++++++
 .../ipsec-secgw/test/  |  38 ++++++
 .../test/     |   5 +
 .../test/          |  36 ++++++
 .../test/          |   5 +
 .../test/            |  38 ++++++
 examples/ipsec-secgw/test/  |  37 ++++++
 .../test/          |   5 +
 .../ipsec-secgw/test/   |  36 ++++++
 .../ipsec-secgw/test/   |   5 +
 .../test/       |  42 +++++++
 .../ipsec-secgw/test/  |  38 ++++++
 .../test/     |   5 +
 .../test/          |  38 ++++++
 .../test/          |   5 +
 .../test/            |  38 ++++++
 examples/ipsec-secgw/test/  |  38 ++++++
 .../test/          |   5 +
 .../ipsec-secgw/test/   |  38 ++++++
 .../ipsec-secgw/test/   |   5 +
 24 files changed, 792 insertions(+)
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/
 create mode 100644 examples/ipsec-secgw/test/

diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..835eca41d
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,113 @@
+#! /bin/bash
+#check that env vars are properly defined
+#check SGW_PATH
+if [[ -z "${SGW_PATH}" || ! -x ${SGW_PATH} ]]; then
+       echo "SGW_PATH is invalid"
+       exit 127
+#check ETH_DEV
+if [[ -z "${ETH_DEV}" ]]; then
+       echo "ETH_DEV is invalid"
+       exit 127
+#setup SGW_LCORE
+#check that REMOTE_HOST is reachable
+ssh ${REMOTE_HOST} echo
+if [[ $st -ne 0 ]]; then
+       echo "host ${REMOTE_HOST} is not reachable"
+       exit $st
+#get ether addr of REMOTE_HOST
+REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
+REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
+if [[ $st -ne 0 || -z "${REMOTE_MAC}" ]]; then
+       echo "coouldn't retrieve ether addr from ${REMOTE_IFACE}"
+       exit 127
+SGW_CMD_EAL_PRM="--lcores=${SGW_LCORE} -n 4 ${ETH_DEV}"
+SGW_CMD_PRM="-p 0x3 -u 1 -P --config=\"${SGW_CMD_CFG}\""
+# configure local host/ifaces
+       ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 mtu 1440 up
+       ifconfig ${LOCAL_IFACE}
+       ip neigh flush dev ${LOCAL_IFACE}
+       arp -i ${LOCAL_IFACE} -s ${REMOTE_IPV4} ${LOCAL_MAC}
+       ip neigh show
+#configure remote host/iface
+       ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
+       ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up
+       ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE}
+       ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}
+       # by some reason following ip neigh doesn't work for me here properly:
+       #ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} lladr ${LOCAL_MAC} \
+               #       dev ${REMOTE_IFACE}
+       # so used arp instead.
+       ssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}
+       ssh ${REMOTE_HOST} ip neigh show
+       config_local_iface
+       config_remote_iface
+#start ipsec-secgw
+       SGW_EXEC_FILE=$(tempfile)
+       cat <<EOF > ${SGW_EXEC_FILE}
+--vdev="net_tap0,mac=fixed" \
+${SGW_OUT_FILE} 2>&1 &
+echo \$p
+       cat ${SGW_EXEC_FILE}
+       SGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}`
+       sleep 1
+#stop ipsec-secgw and cleanup
+       kill ${SGW_PID}
+       rm -f ${SGW_EXEC_FILE}
+       rm -f ${SGW_CFG_FILE}
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..f2ff96eff
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,70 @@
+#! /bin/bash
+       dst=$1
+       i=0
+       st=0
+       while [[ $i -ne 1400 && $st -eq 0 ]];
+       do
+               let i++
+               ping -c 1 -s ${i} ${dst}
+               st=$?
+       done
+       if [[ $st -ne 0 ]]; then
+               echo "ERROR: $0 failed for dst=${dst}, sz=${i}"
+       fi
+       return $st;
+       for sz in 1234 23456 345678 4567890 56789102 ; do
+               x=$(tempfile)
+               dd if=/dev/urandom of=${x}.in bs=${sz} count=1
+               scp ${x} ${REMOTE_IPV4}:${x}
+               scp ${REMOTE_IPV4}:${x} ${x}.copy1
+               diff -u ${x} ${x}.copy1
+               st=$?
+               rm -f ${x} ${x}.out
+               ssh ${REMOTE_HOST} rm -f ${x}
+               if [[ $st -ne 0 ]]; then
+                       return $st
+               fi
+       done
+       return 0;
+       for sz in 1234 23456 345678 4567890 56789102 ; do
+               x=`basename $0`.${sz}
+               rcmd=$(tempfile)
+               lcmd=$(tempfile)
+               dd if=/dev/urandom of=${x} bs=${sz} count=1
+               echo "nc -l ${REMOTE_IPV4} ${TCP_PORT} > ${x}; \
+                       nc -q 0 ${LOCAL_IPV4} ${TCP_PORT} < ${x}; \
+                       rm -f ${x}" > ${rcmd}
+               echo "nc -l ${LOCAL_IPV4} ${TCP_PORT} > ${x}.copy" > ${lcmd}
+               scp ${rcmd} ${REMOTE_HOST}:${rcmd}
+               ssh ${REMOTE_HOST} /bin/bash -x ${rcmd} &
+               /bin/bash -x ${lcmd} &
+               sleep 1
+               nc -q 0 ${REMOTE_IPV4} ${TCP_PORT} < ${x}
+               wait
+               diff -u ${x} ${x}.copy
+               st=$?
+               rm -f ${x} ${x}.copy ${rcmd} ${lcmd}
+               ssh  ${REMOTE_HOST} rm -f ${rcmd}
+               if [[ $st -ne 0 ]]; then
+                       return $st
+               fi
+       done
+       return $st;
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..8265ba6ea
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,62 @@
+#! /bin/bash
+# usage:  /bin/bash <ipsec_mode>
+# for list of available modes please refer to
+# Note that for most of them you required appropriate crypto PMD/device
+# to be avaialble.
+# Also user has to setup properly the following environment variables:
+#  SGW_PATH - path to the ipsec-secgw binary to test
+#  REMOTE_HOST - ip/hostname of the DUT
+#  REMOTE_IFACE - iface name for the test-port on DUT
+#  ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
+# Also user can optonally setup:
+#  SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
+#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
+#  if none specified appropriate vdevs will be created by the scrit
+# The purpose of the script is to automate ipsec-secgw testing
+# using another system running linux as a DUT.
+# It expects that SUT and DUT are connected through at least 2 NICs.
+# One NIC is expected to be managed by linux both machines,
+# and will be used as a control path
+# (make sure user from SUT can ssh to DUT without entering password).
+# Second NIC (test-port) should be reserved for DPDK on SUT,
+# and should be managed by linux on DUT.
+# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
+# Then configures local tap iface and remote iface and ipsec policies
+# in the following way:
+# traffic going over test-port in both directions has to be
+# protected by ipsec.
+# raffic going over TAP in both directions doesn't have to be protected.
+# I.E:
+# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
+# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
+# Then tries to perorm some data transfer using the scheme decribed above.
+DIR=`dirname $0`
+ . ${DIR}/
+ . ${DIR}/${MODE}
+ . ${DIR}/
+ping_test1 ${REMOTE_IPV4}
+if [[ $st -eq 0 ]]; then
+       tcp_test1
+       st=$?
+exit $st
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..7d0298819
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,48 @@
+#! /bin/bash
+# usage: /bin/bash
+# Run all defined linux_test1 test-cases one by one
+# user has to setup properly the following environment variables:
+#  SGW_PATH - path to the ipsec-secgw binary to test
+#  REMOTE_HOST - ip/hostname of the DUT
+#  REMOTE_IFACE - iface name for the test-port on DUT
+#  ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
+# Also user can optonally setup:
+#  SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
+#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
+#  if none specified appropriate vdevs will be created by the scrit
+# refer to for more information
+# All supported modes to test.
+# naming convention:
+# 'old' means that ipsec-secgw will run in legacy (non-librte_ipsec mode)
+# 'tun/trs' refer to tunnel/transport mode respectively
+LINUX_TEST1="tun_aescbc_sha1 \
+tun_aescbc_sha1_esn \
+tun_aescbc_sha1_esn_atom \
+tun_aesgcm \
+tun_aesgcm_esn \
+tun_aesgcm_esn_atom \
+trs_aescbc_sha1 \
+trs_aescbc_sha1_esn \
+trs_aescbc_sha1_esn_atom \
+trs_aesgcm \
+trs_aesgcm_esn \
+trs_aesgcm_esn_atom \
+tun_aescbc_sha1_old \
+tun_aesgcm_old \
+trs_aescbc_sha1_old \
+DIR=`dirname $0`
+for i in ${LINUX_TEST1}; do
+       echo "starting test ${i}"
+       /bin/bash ${DIR}/ ${i}
+       st=$?
+       echo "test ${i} finished with status ${st}"
+       if [[ $st -ne 0 ]]; then
+               echo "ERROR test ${i} FAILED"
+               exit $st
+       fi
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..40bea68a0
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,42 @@
+#! /bin/bash
+#generate cfg file for ipsec-secgw
+       cat <<EOF > ${SGW_CFG_FILE}
+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+#SA in rules
+sa in 7 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+#SA out rules
+sa out 7 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+       cat ${SGW_CFG_FILE}
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..db4720abc
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,38 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-w 300'
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..f16222e11
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,5 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..04f335023
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,36 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-e -w 300'
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..a3abb6103
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,5 @@
+#! /bin/bash
+. ${DIR}/
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..239782d96
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,38 @@
+#! /bin/bash
+#generate cfg file for ipsec-secgw
+       cat <<EOF > ${SGW_CFG_FILE}
+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+#SA in rules
+sa in 7 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+#SA out rules
+sa out 7 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode transport
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+       cat ${SGW_CFG_FILE}
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..bc89522b0
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,37 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-w 300'
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..80d8d63b8
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,5 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..c0f3021e9
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,36 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-e -w 300'
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl proto esp mode transport reqid 1
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl proto esp mode transport reqid 2
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..951e6b68f
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,5 @@
+#! /bin/bash
+. ${DIR}/
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..630808c21
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,42 @@
+#! /bin/bash
+#generate cfg file for ipsec-secgw
+       cat <<EOF > ${SGW_CFG_FILE}
+sp ipv4 in esp protect 7 pri 2 src dst \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src dst \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+#SA in rules
+sa in 7 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+#SA out rules
+sa out 7 cipher_algo aes-128-cbc \
+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+auth_algo sha1-hmac \
+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+       cat ${SGW_CFG_FILE}
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..2f6ffaeeb
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,38 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-w 300'
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..6b4a82149
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,5 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..0ca7684bc
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,38 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-e -w 300'
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..3c0d8d1b1
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,5 @@
+#! /bin/bash
+. ${DIR}/
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..bebd38145
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,38 @@
+#! /bin/bash
+#generate cfg file for ipsec-secgw
+       cat <<EOF > ${SGW_CFG_FILE}
+sp ipv4 in esp protect 7 pri 2 src dst \
+sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
+#SP out IPv4 rules
+sp ipv4 out esp protect 7 pri 2 src dst \
+sport 0:65535 dport 0:65535
+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
+#SA in rules
+sa in 7 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
+#SA out rules
+sa out 7 aead_algo aes-128-gcm \
+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
+#Routing rules
+rt ipv4 dst ${REMOTE_IPV4}/32 port 0
+rt ipv4 dst ${LOCAL_IPV4}/32 port 1
+neigh port 0 ${REMOTE_MAC}
+neigh port 1 ${LOCAL_MAC}
+       cat ${SGW_CFG_FILE}
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..d0bb9afae
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,38 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-w 300'
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..dab1460c8
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,5 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-e -a -w 300'
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..814d5f016
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,38 @@
+#! /bin/bash
+. ${DIR}/
+SGW_CMD_XPRM='-e -w 300'
+       ssh ${REMOTE_HOST} ip xfrm policy flush
+       ssh ${REMOTE_HOST} ip xfrm state flush
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+dir out ptype main action allow \
+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp mode tunnel reqid 1
+       ssh ${REMOTE_HOST} ip xfrm policy add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+dir in ptype main action allow \
+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp mode tunnel reqid 2
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+       ssh ${REMOTE_HOST} ip xfrm state add \
+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
+aead "rfc4106\(gcm\(aes\)\)" \
+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
+       ssh ${REMOTE_HOST} ip xfrm policy list
+       ssh ${REMOTE_HOST} ip xfrm state list
diff --git a/examples/ipsec-secgw/test/ 
new file mode 100644
index 000000000..e0a015e21
--- /dev/null
+++ b/examples/ipsec-secgw/test/
@@ -0,0 +1,5 @@
+#! /bin/bash
+. ${DIR}/

Reply via email to