1*2d9fd380Sjfb8856606#! /bin/bash
2*2d9fd380Sjfb8856606# SPDX-License-Identifier: BSD-3-Clause
3*2d9fd380Sjfb8856606
4*2d9fd380Sjfb8856606# Usage: /bin/bash linux_test.sh <ip_protocol> <ipsec_mode>
5*2d9fd380Sjfb8856606# <ip_protocol> can be set to:
6*2d9fd380Sjfb8856606#  ipv4-ipv4 - only IPv4 traffic
7*2d9fd380Sjfb8856606#  ipv4-ipv6 - IPv4 traffic over IPv6 ipsec tunnel (only for tunnel mode)
8*2d9fd380Sjfb8856606#  ipv6-ipv4 - IPv6 traffic over IPv4 ipsec tunnel (only for tunnel mode)
9*2d9fd380Sjfb8856606#  ipv6-ipv6 - only IPv6 traffic
10*2d9fd380Sjfb8856606# For list of available modes please refer to run_test.sh.
11*2d9fd380Sjfb8856606#
12*2d9fd380Sjfb8856606# Note that most of them require appropriate crypto PMD/device to be available.
13*2d9fd380Sjfb8856606# Also user has to setup properly the following environment variables:
14*2d9fd380Sjfb8856606#  SGW_PATH	- path to the ipsec-secgw binary to test
15*2d9fd380Sjfb8856606#  REMOTE_HOST	- ip/hostname of the DUT
16*2d9fd380Sjfb8856606#  REMOTE_IFACE	- iface name for the test-port on DUT
17*2d9fd380Sjfb8856606#  ETH_DEV	- ethernet device to be used on SUT by DPDK ('-a <pci-id>')
18*2d9fd380Sjfb8856606# Also user can optionally setup:
19*2d9fd380Sjfb8856606#  SGW_LCORE	- lcore to run ipsec-secgw on (default value is 0)
20*2d9fd380Sjfb8856606#  SGW_MODE	- run ipsec-secgw in legacy mode or with use of library
21*2d9fd380Sjfb8856606#		values: legacy/library (legacy on default)
22*2d9fd380Sjfb8856606#  SGW_ESN	- run ipsec-secgw with extended sequence number
23*2d9fd380Sjfb8856606#		values: esn-on/esn-off (esn-off on default)
24*2d9fd380Sjfb8856606#  SGW_ATOM	- run ipsec-secgw with sequence number atomic behavior
25*2d9fd380Sjfb8856606#		values: atom-on/atom-off (atom-off on default)
26*2d9fd380Sjfb8856606#  SGW_CRYPTO	- run ipsec-secgw with use of inline crypto
27*2d9fd380Sjfb8856606#		values: inline (unset on default)
28*2d9fd380Sjfb8856606#  SGW_CRYPTO_FLBK - run ipsec-secgw with crypto fallback configured
29*2d9fd380Sjfb8856606#		values: cpu-crypto/lookaside-none (unset on default)
30*2d9fd380Sjfb8856606#  CRYPTO_PRIM_TYPE - run ipsec-secgw with crypto primary type set
31*2d9fd380Sjfb8856606#		values: cpu-crypto (unset on default)
32*2d9fd380Sjfb8856606#  CRYPTO_DEV - crypto device to be used ('-a <pci-id>')
33*2d9fd380Sjfb8856606#	       if none specified appropriate vdevs will be created by the script
34*2d9fd380Sjfb8856606#  SGW_MULTI_SEG - ipsec-secgw option to enable reassembly support and
35*2d9fd380Sjfb8856606#		specify size of reassembly table (i.e. SGW_MULTI_SEG=128)
36*2d9fd380Sjfb8856606#
37*2d9fd380Sjfb8856606# The purpose of the script is to automate ipsec-secgw testing
38*2d9fd380Sjfb8856606# using another system running linux as a DUT.
39*2d9fd380Sjfb8856606# It expects that SUT and DUT are connected through at least 2 NICs.
40*2d9fd380Sjfb8856606# One NIC is expected to be managed by linux both machines,
41*2d9fd380Sjfb8856606# and will be used as a control path
42*2d9fd380Sjfb8856606# Make sure user from SUT can ssh to DUT without entering password.
43*2d9fd380Sjfb8856606# Second NIC (test-port) should be reserved for DPDK on SUT,
44*2d9fd380Sjfb8856606# and should be managed by linux on DUT.
45*2d9fd380Sjfb8856606# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
46*2d9fd380Sjfb8856606# Then configures local tap iface and remote iface and ipsec policies
47*2d9fd380Sjfb8856606# in the following way:
48*2d9fd380Sjfb8856606# traffic going over test-port in both directions has to be
49*2d9fd380Sjfb8856606# protected by ipsec.
50*2d9fd380Sjfb8856606# Traffic going over TAP in both directions doesn't have to be protected.
51*2d9fd380Sjfb8856606# I.E:
52*2d9fd380Sjfb8856606# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
53*2d9fd380Sjfb8856606# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
54*2d9fd380Sjfb8856606# Then tries to perform some data transfer using the scheme described above.
55*2d9fd380Sjfb8856606#
56*2d9fd380Sjfb8856606
57*2d9fd380Sjfb8856606DIR=`dirname $0`
58*2d9fd380Sjfb8856606PROTO=$1
59*2d9fd380Sjfb8856606MODE=$2
60*2d9fd380Sjfb8856606
61*2d9fd380Sjfb8856606 . ${DIR}/common_defs.sh
62*2d9fd380Sjfb8856606
63*2d9fd380Sjfb8856606select_mode
64*2d9fd380Sjfb8856606
65*2d9fd380Sjfb8856606 . ${DIR}/${MODE}_defs.sh
66*2d9fd380Sjfb8856606
67*2d9fd380Sjfb8856606if [[ "${PROTO}" == "ipv4-ipv4" ]] || [[ "${PROTO}" == "ipv6-ipv6" ]]; then
68*2d9fd380Sjfb8856606	config_secgw
69*2d9fd380Sjfb8856606else
70*2d9fd380Sjfb8856606	config_secgw_mixed
71*2d9fd380Sjfb8856606fi
72*2d9fd380Sjfb8856606
73*2d9fd380Sjfb8856606secgw_start
74*2d9fd380Sjfb8856606
75*2d9fd380Sjfb8856606 . ${DIR}/data_rxtx.sh
76*2d9fd380Sjfb8856606
77*2d9fd380Sjfb8856606if [[ "${PROTO}" == "ipv4-ipv4" ]]; then
78*2d9fd380Sjfb8856606	config_iface
79*2d9fd380Sjfb8856606	config_remote_xfrm_44
80*2d9fd380Sjfb8856606	set_local_mtu ${MTU_LEN}
81*2d9fd380Sjfb8856606	ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
82*2d9fd380Sjfb8856606
83*2d9fd380Sjfb8856606	st=$?
84*2d9fd380Sjfb8856606	if [[ $st -eq 0 ]]; then
85*2d9fd380Sjfb8856606		set_local_mtu ${DEF_MTU_LEN}
86*2d9fd380Sjfb8856606		scp_test1 ${REMOTE_IPV4}
87*2d9fd380Sjfb8856606		st=$?
88*2d9fd380Sjfb8856606	fi
89*2d9fd380Sjfb8856606elif [[ "${PROTO}" == "ipv4-ipv6" ]]; then
90*2d9fd380Sjfb8856606	if [[ "${MODE}" == trs* ]]; then
91*2d9fd380Sjfb8856606		echo "Cannot mix protocols in transport mode"
92*2d9fd380Sjfb8856606		secgw_stop
93*2d9fd380Sjfb8856606		exit 1
94*2d9fd380Sjfb8856606	fi
95*2d9fd380Sjfb8856606	config6_iface
96*2d9fd380Sjfb8856606	config_remote_xfrm_46
97*2d9fd380Sjfb8856606	set_local_mtu ${MTU_LEN}
98*2d9fd380Sjfb8856606	ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
99*2d9fd380Sjfb8856606
100*2d9fd380Sjfb8856606	st=$?
101*2d9fd380Sjfb8856606	if [[ $st -eq 0 ]]; then
102*2d9fd380Sjfb8856606		set_local_mtu ${DEF_MTU_LEN}
103*2d9fd380Sjfb8856606		scp_test1 ${REMOTE_IPV4}
104*2d9fd380Sjfb8856606		st=$?
105*2d9fd380Sjfb8856606	fi
106*2d9fd380Sjfb8856606elif [[ "${PROTO}" == "ipv6-ipv4" ]]; then
107*2d9fd380Sjfb8856606	if [[ "${MODE}" == trs* ]]; then
108*2d9fd380Sjfb8856606		echo "Cannot mix protocols in transport mode"
109*2d9fd380Sjfb8856606		secgw_stop
110*2d9fd380Sjfb8856606		exit 1
111*2d9fd380Sjfb8856606	fi
112*2d9fd380Sjfb8856606	config6_iface
113*2d9fd380Sjfb8856606	config_remote_xfrm_64
114*2d9fd380Sjfb8856606
115*2d9fd380Sjfb8856606	set_local_mtu ${MTU_LEN}
116*2d9fd380Sjfb8856606	ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
117*2d9fd380Sjfb8856606	st=$?
118*2d9fd380Sjfb8856606	if [[ $st -eq 0 ]]; then
119*2d9fd380Sjfb8856606		set_local_mtu ${DEF_MTU_LEN}
120*2d9fd380Sjfb8856606		scp_test1 ${REMOTE_IPV6}
121*2d9fd380Sjfb8856606		st=$?
122*2d9fd380Sjfb8856606	fi
123*2d9fd380Sjfb8856606elif [[ "${PROTO}" == "ipv6-ipv6" ]]; then
124*2d9fd380Sjfb8856606	config6_iface
125*2d9fd380Sjfb8856606	config_remote_xfrm_66
126*2d9fd380Sjfb8856606	set_local_mtu ${MTU_LEN}
127*2d9fd380Sjfb8856606	ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
128*2d9fd380Sjfb8856606
129*2d9fd380Sjfb8856606	st=$?
130*2d9fd380Sjfb8856606	if [[ $st -eq 0 ]]; then
131*2d9fd380Sjfb8856606		set_local_mtu ${DEF_MTU_LEN}
132*2d9fd380Sjfb8856606		scp_test1 ${REMOTE_IPV6}
133*2d9fd380Sjfb8856606		st=$?
134*2d9fd380Sjfb8856606	fi
135*2d9fd380Sjfb8856606else
136*2d9fd380Sjfb8856606	echo "Invalid <proto>"
137*2d9fd380Sjfb8856606	st=128
138*2d9fd380Sjfb8856606fi
139*2d9fd380Sjfb8856606
140*2d9fd380Sjfb8856606secgw_stop
141*2d9fd380Sjfb8856606exit $st
142