2020-06-18 16:55:50 +00:00
|
|
|
#! /bin/bash
|
|
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
2021-02-05 08:48:47 +00:00
|
|
|
# check ETH_DEV
|
2020-06-18 16:55:50 +00:00
|
|
|
if [[ -z "${ETH_DEV}" ]]; then
|
|
|
|
echo "ETH_DEV is invalid"
|
|
|
|
exit 127
|
|
|
|
fi
|
2021-02-05 08:48:47 +00:00
|
|
|
|
|
|
|
# check that REMOTE_HOST is reachable
|
2020-06-18 16:55:50 +00:00
|
|
|
ssh ${REMOTE_HOST} echo
|
|
|
|
st=$?
|
|
|
|
if [[ $st -ne 0 ]]; then
|
|
|
|
echo "host ${REMOTE_HOST} is not reachable"
|
|
|
|
exit $st
|
|
|
|
fi
|
|
|
|
|
2021-02-05 08:48:47 +00:00
|
|
|
# get ether addr of REMOTE_HOST
|
2020-06-18 16:55:50 +00:00
|
|
|
REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
|
|
|
|
st=$?
|
|
|
|
REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
|
|
|
|
if [[ $st -ne 0 || -z "${REMOTE_MAC}" ]]; then
|
2022-09-02 04:40:05 +00:00
|
|
|
echo "couldn't retrieve ether addr from ${REMOTE_IFACE}"
|
2020-06-18 16:55:50 +00:00
|
|
|
exit 127
|
|
|
|
fi
|
|
|
|
|
|
|
|
LOCAL_IFACE=dtap0
|
|
|
|
|
2023-09-11 06:58:14 +00:00
|
|
|
LOCAL_MAC="02:64:74:61:70:30"
|
2020-06-18 16:55:50 +00:00
|
|
|
|
|
|
|
REMOTE_IPV4=192.168.31.14
|
|
|
|
LOCAL_IPV4=192.168.31.92
|
|
|
|
|
|
|
|
REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014
|
|
|
|
LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092
|
|
|
|
|
2021-02-05 08:48:47 +00:00
|
|
|
DPDK_PATH=${PWD}
|
|
|
|
DPDK_BUILD="build"
|
|
|
|
DPDK_VARS=""
|
2020-06-18 16:55:50 +00:00
|
|
|
|
|
|
|
# by default ipsec-secgw can't deal with multi-segment packets
|
|
|
|
# make sure our local/remote host wouldn't generate fragmented packets
|
2022-09-02 04:40:05 +00:00
|
|
|
# if reassembly option is not enabled
|
2020-06-18 16:55:50 +00:00
|
|
|
DEF_MTU_LEN=1400
|
|
|
|
DEF_PING_LEN=1200
|
|
|
|
|
2021-02-05 08:48:47 +00:00
|
|
|
# set operation mode based on environment variables values
|
|
|
|
select_mode()
|
|
|
|
{
|
|
|
|
echo "Test environment configuration:"
|
|
|
|
# check which mode to be enabled (library/legacy)
|
|
|
|
if [[ -n "${SGW_MODE}" && "${SGW_MODE}" == "library" ]]; then
|
|
|
|
DPDK_MODE="-w 300 -l"
|
|
|
|
echo "[enabled] library mode"
|
|
|
|
else
|
|
|
|
DPDK_MODE=""
|
|
|
|
echo "[enabled] legacy mode"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# check if esn is demanded
|
|
|
|
if [[ -n "${SGW_ESN}" && "${SGW_ESN}" == "esn-on" ]]; then
|
|
|
|
DPDK_VARS="${DPDK_VARS} -e"
|
|
|
|
XFRM_ESN="flag esn"
|
|
|
|
echo "[enabled] extended sequence number"
|
|
|
|
else
|
|
|
|
XFRM_ESN=""
|
|
|
|
echo "[disabled] extended sequence number"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# check if atom is demanded
|
|
|
|
if [[ -n "${SGW_ATOM}" && "${SGW_ATOM}" == "atom-on" ]]; then
|
|
|
|
DPDK_VARS="${DPDK_VARS} -a"
|
|
|
|
echo "[enabled] sequence number atomic behavior"
|
|
|
|
else
|
|
|
|
echo "[disabled] sequence number atomic behavior"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# check if inline should be enabled
|
|
|
|
if [[ -n "${SGW_CRYPTO}" && "${SGW_CRYPTO}" == "inline" ]]; then
|
|
|
|
CRYPTO_DEV='--vdev="crypto_null0"'
|
|
|
|
SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload"
|
|
|
|
SGW_CFG_XPRM_OUT="port_id 0 type inline-crypto-offload"
|
|
|
|
echo "[enabled] inline crypto mode"
|
|
|
|
else
|
|
|
|
SGW_CFG_XPRM_IN=""
|
|
|
|
SGW_CFG_XPRM_OUT=""
|
|
|
|
echo "[disabled] inline crypto mode"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# check if fallback should be enabled
|
|
|
|
if [[ -n "${SGW_CRYPTO_FLBK}" ]] && [[ -n ${SGW_CFG_XPRM_IN} ]] \
|
|
|
|
&& [[ "${SGW_MODE}" == "library" ]] \
|
|
|
|
&& [[ "${SGW_CRYPTO_FLBK}" == "cpu-crypto" \
|
|
|
|
|| "${SGW_CRYPTO_FLBK}" == "lookaside-none" ]]; then
|
|
|
|
CRYPTO_DEV=""
|
|
|
|
SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} fallback ${SGW_CRYPTO_FLBK}"
|
|
|
|
SGW_CFG_XPRM_OUT=""
|
|
|
|
echo "[enabled] crypto fallback ${SGW_CRYPTO_FLBK} mode"
|
|
|
|
else
|
|
|
|
if [[ -n "${SGW_CRYPTO_FLBK}" \
|
|
|
|
&& "${SGW_CRYPTO}" != "inline" ]]; then
|
|
|
|
echo "SGW_CRYPTO variable needs to be set to \
|
|
|
|
\"inline\" for ${SGW_CRYPTO_FLBK} fallback setting"
|
|
|
|
exit 127
|
|
|
|
elif [[ -n "${SGW_CRYPTO_FLBK}" \
|
|
|
|
&& "${SGW_MODE}" != "library" ]]; then
|
|
|
|
echo "SGW_MODE variable needs to be set to \
|
|
|
|
\"library\" for ${SGW_CRYPTO_FLBK} fallback setting"
|
|
|
|
exit 127
|
|
|
|
fi
|
|
|
|
echo "[disabled] crypto fallback mode"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# select sync/async mode
|
|
|
|
if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${DPDK_MODE}" ]]; then
|
|
|
|
echo "[enabled] crypto primary type - ${CRYPTO_PRIM_TYPE}"
|
|
|
|
SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} type ${CRYPTO_PRIM_TYPE}"
|
|
|
|
SGW_CFG_XPRM_OUT="${SGW_CFG_XPRM_OUT} type ${CRYPTO_PRIM_TYPE}"
|
|
|
|
else
|
|
|
|
if [[ -n "${CRYPTO_PRIM_TYPE}" \
|
|
|
|
&& "${SGW_MODE}" != "library" ]]; then
|
|
|
|
echo "SGW_MODE variable needs to be set to \
|
|
|
|
\"library\" for ${CRYPTO_PRIM_TYPE} crypto primary type setting"
|
|
|
|
exit 127
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# make linux to generate fragmented packets
|
|
|
|
if [[ -n "${SGW_MULTI_SEG}" && -n "${DPDK_MODE}" ]]; then
|
|
|
|
echo -e "[enabled] multi-segment test is enabled\n"
|
|
|
|
SGW_CMD_XPRM="--reassemble ${SGW_MULTI_SEG}"
|
|
|
|
PING_LEN=5000
|
|
|
|
MTU_LEN=1500
|
|
|
|
else
|
|
|
|
if [[ -z "${SGW_MULTI_SEG}" \
|
|
|
|
&& "${SGW_CFG_XPRM_IN}" == *fallback* ]]; then
|
|
|
|
echo "SGW_MULTI_SEG environment variable needs \
|
|
|
|
to be set for ${SGW_CRYPTO_FLBK} fallback test"
|
|
|
|
exit 127
|
|
|
|
elif [[ -n "${SGW_MULTI_SEG}" \
|
|
|
|
&& "${SGW_MODE}" != "library" ]]; then
|
|
|
|
echo "SGW_MODE variable needs to be set to \
|
|
|
|
\"library\" for multiple segment reassemble setting"
|
|
|
|
exit 127
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo -e "[disabled] multi-segment test\n"
|
|
|
|
PING_LEN=${DEF_PING_LEN}
|
|
|
|
MTU_LEN=${DEF_MTU_LEN}
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# setup mtu on local iface
|
2020-06-18 16:55:50 +00:00
|
|
|
set_local_mtu()
|
|
|
|
{
|
|
|
|
mtu=$1
|
|
|
|
ifconfig ${LOCAL_IFACE} mtu ${mtu}
|
|
|
|
sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=${mtu}
|
|
|
|
}
|
|
|
|
|
|
|
|
# configure local host/ifaces
|
|
|
|
config_local_iface()
|
|
|
|
{
|
|
|
|
ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 up
|
|
|
|
ifconfig ${LOCAL_IFACE}
|
|
|
|
|
|
|
|
ip neigh flush dev ${LOCAL_IFACE}
|
|
|
|
ip neigh add ${REMOTE_IPV4} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
|
|
|
|
ip neigh show dev ${LOCAL_IFACE}
|
|
|
|
}
|
|
|
|
|
|
|
|
config6_local_iface()
|
|
|
|
{
|
|
|
|
config_local_iface
|
|
|
|
|
|
|
|
sysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0
|
|
|
|
ip addr add ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE}
|
|
|
|
|
|
|
|
ip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
|
|
|
|
ip neigh show dev ${LOCAL_IFACE}
|
|
|
|
}
|
|
|
|
|
2021-02-05 08:48:47 +00:00
|
|
|
# configure remote host/iface
|
2020-06-18 16:55:50 +00:00
|
|
|
config_remote_iface()
|
|
|
|
{
|
|
|
|
ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
|
|
|
|
ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up
|
|
|
|
ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE}
|
|
|
|
|
|
|
|
ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}
|
|
|
|
|
2021-02-05 08:48:47 +00:00
|
|
|
ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
|
|
|
|
dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
|
2020-06-18 16:55:50 +00:00
|
|
|
ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
|
|
|
|
|
|
|
|
ssh ${REMOTE_HOST} iptables --flush
|
|
|
|
}
|
|
|
|
|
|
|
|
config6_remote_iface()
|
|
|
|
{
|
|
|
|
config_remote_iface
|
|
|
|
|
|
|
|
ssh ${REMOTE_HOST} sysctl -w \
|
|
|
|
net.ipv6.conf.${REMOTE_IFACE}.disable_ipv6=0
|
|
|
|
ssh ${REMOTE_HOST} ip addr add ${REMOTE_IPV6}/64 dev ${REMOTE_IFACE}
|
|
|
|
|
|
|
|
ssh ${REMOTE_HOST} ip -6 neigh add ${LOCAL_IPV6} \
|
|
|
|
dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
|
|
|
|
ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
|
|
|
|
|
|
|
|
ssh ${REMOTE_HOST} ip6tables --flush
|
|
|
|
}
|
|
|
|
|
2021-02-05 08:48:47 +00:00
|
|
|
# configure remote and local host/iface
|
2020-06-18 16:55:50 +00:00
|
|
|
config_iface()
|
|
|
|
{
|
|
|
|
config_local_iface
|
|
|
|
config_remote_iface
|
|
|
|
}
|
|
|
|
|
|
|
|
config6_iface()
|
|
|
|
{
|
|
|
|
config6_local_iface
|
|
|
|
config6_remote_iface
|
|
|
|
}
|
|
|
|
|
|
|
|
# secgw application parameters setup
|
|
|
|
SGW_PORT_CFG="--vdev=\"net_tap0,mac=fixed\" ${ETH_DEV}"
|
|
|
|
SGW_WAIT_DEV="${LOCAL_IFACE}"
|
|
|
|
. ${DIR}/common_defs_secgw.sh
|