Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/48920/?format=api
http://patches.dpdk.org/api/patches/48920/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com", "date": "2018-12-14T16:40:22", "name": "[v4,8/9] examples/ipsec-secgw: add scripts for functional test", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "3210dfd6fcdf5dbce53010158f85f51fa4189a4c", "submitter": { "id": 33, "url": "http://patches.dpdk.org/api/people/33/?format=api", "name": "Ananyev, Konstantin", "email": "konstantin.ananyev@intel.com" }, "delegate": { "id": 1, "url": "http://patches.dpdk.org/api/users/1/?format=api", "username": "tmonjalo", "first_name": "Thomas", "last_name": "Monjalon", "email": "thomas@monjalon.net" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com/mbox/", "series": [ { "id": 2800, "url": "http://patches.dpdk.org/api/series/2800/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=2800", "date": "2018-12-14T16:40:22", "name": null, "version": 4, "mbox": "http://patches.dpdk.org/series/2800/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/48920/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/48920/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 81CB11BBD7;\n\tFri, 14 Dec 2018 17:40:50 +0100 (CET)", "from mga06.intel.com (mga06.intel.com [134.134.136.31])\n\tby dpdk.org (Postfix) with ESMTP id 061E81BB2E\n\tfor <dev@dpdk.org>; Fri, 14 Dec 2018 17:40:41 +0100 (CET)", "from orsmga008.jf.intel.com ([10.7.209.65])\n\tby orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t14 Dec 2018 08:40:41 -0800", "from sivswdev08.ir.intel.com (HELO localhost.localdomain)\n\t([10.237.217.47])\n\tby orsmga008.jf.intel.com with ESMTP; 14 Dec 2018 08:40:39 -0800" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.56,353,1539673200\"; d=\"scan'208\";a=\"101573839\"", "From": "Konstantin Ananyev <konstantin.ananyev@intel.com>", "To": "dev@dpdk.org", "Cc": "akhil.goyal@nxp.com, radu.nicolau@intel.com,\n\tKonstantin Ananyev <konstantin.ananyev@intel.com>", "Date": "Fri, 14 Dec 2018 16:40:22 +0000", "Message-Id": "<1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com>", "X-Mailer": "git-send-email 1.7.0.7", "In-Reply-To": "<1544111691-7481-1-git-send-email-konstantin.ananyev@intel.com>", "References": "<1544111691-7481-1-git-send-email-konstantin.ananyev@intel.com>", "Subject": "[dpdk-dev] [PATCH v4 8/9] examples/ipsec-secgw: add scripts for\n\tfunctional test", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "The purpose of these scripts is to automate ipsec-secgw functional testing.\nThe scripts require two machines (SUT and DUT) connected through\nat least 2 NICs and running linux (so far tested only on Ubuntu 18.04).\nIntroduced test-cases for the following scenarios:\n- Transport/Tunnel modes\n- AES-CBC SHA1\n- AES-GCM\n- ESN on/off\n- legacy/librte_ipsec code path\n\nSigned-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>\nAcked-by: Radu Nicolau <radu.nicolau@intel.com>\n---\n examples/ipsec-secgw/test/common_defs.sh | 153 ++++++++++++++++++\n examples/ipsec-secgw/test/data_rxtx.sh | 62 +++++++\n examples/ipsec-secgw/test/linux_test4.sh | 63 ++++++++\n examples/ipsec-secgw/test/linux_test6.sh | 64 ++++++++\n examples/ipsec-secgw/test/run_test.sh | 80 +++++++++\n .../test/trs_aescbc_sha1_common_defs.sh | 69 ++++++++\n .../ipsec-secgw/test/trs_aescbc_sha1_defs.sh | 67 ++++++++\n .../test/trs_aescbc_sha1_esn_atom_defs.sh | 5 +\n .../test/trs_aescbc_sha1_esn_defs.sh | 66 ++++++++\n .../test/trs_aescbc_sha1_old_defs.sh | 5 +\n .../test/trs_aesgcm_common_defs.sh | 60 +++++++\n examples/ipsec-secgw/test/trs_aesgcm_defs.sh | 66 ++++++++\n .../test/trs_aesgcm_esn_atom_defs.sh | 5 +\n .../ipsec-secgw/test/trs_aesgcm_esn_defs.sh | 66 ++++++++\n .../ipsec-secgw/test/trs_aesgcm_old_defs.sh | 5 +\n .../test/tun_aescbc_sha1_common_defs.sh | 68 ++++++++\n .../ipsec-secgw/test/tun_aescbc_sha1_defs.sh | 70 ++++++++\n .../test/tun_aescbc_sha1_esn_atom_defs.sh | 5 +\n .../test/tun_aescbc_sha1_esn_defs.sh | 70 ++++++++\n .../test/tun_aescbc_sha1_old_defs.sh | 5 +\n .../test/tun_aesgcm_common_defs.sh | 60 +++++++\n examples/ipsec-secgw/test/tun_aesgcm_defs.sh | 70 ++++++++\n .../test/tun_aesgcm_esn_atom_defs.sh | 5 +\n .../ipsec-secgw/test/tun_aesgcm_esn_defs.sh | 70 ++++++++\n .../ipsec-secgw/test/tun_aesgcm_old_defs.sh | 5 +\n 25 files changed, 1264 insertions(+)\n create mode 100644 examples/ipsec-secgw/test/common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/data_rxtx.sh\n create mode 100644 examples/ipsec-secgw/test/linux_test4.sh\n create mode 100644 examples/ipsec-secgw/test/linux_test6.sh\n create mode 100644 examples/ipsec-secgw/test/run_test.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh", "diff": "diff --git a/examples/ipsec-secgw/test/common_defs.sh b/examples/ipsec-secgw/test/common_defs.sh\nnew file mode 100644\nindex 000000000..7adfffa19\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/common_defs.sh\n@@ -0,0 +1,153 @@\n+#! /bin/bash\n+\n+#check that env vars are properly defined\n+\n+#check SGW_PATH\n+if [[ -z \"${SGW_PATH}\" || ! -x ${SGW_PATH} ]]; then\n+\techo \"SGW_PATH is invalid\"\n+\texit 127\n+fi\n+\n+#check ETH_DEV\n+if [[ -z \"${ETH_DEV}\" ]]; then\n+\techo \"ETH_DEV is invalid\"\n+\texit 127\n+fi\n+\n+#setup SGW_LCORE\n+SGW_LCORE=${SGW_LCORE:-0}\n+\n+#check that REMOTE_HOST is reachable\n+ssh ${REMOTE_HOST} echo\n+st=$?\n+if [[ $st -ne 0 ]]; then\n+\techo \"host ${REMOTE_HOST} is not reachable\"\n+\texit $st\n+fi\n+\n+#get ether addr of REMOTE_HOST\n+REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`\n+st=$?\n+REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`\n+if [[ $st -ne 0 || -z \"${REMOTE_MAC}\" ]]; then\n+\techo \"coouldn't retrieve ether addr from ${REMOTE_IFACE}\"\n+\texit 127\n+fi\n+\n+LOCAL_IFACE=dtap0\n+\n+LOCAL_MAC=\"00:64:74:61:70:30\"\n+\n+REMOTE_IPV4=192.168.31.14\n+LOCAL_IPV4=192.168.31.92\n+\n+REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014\n+LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092\n+\n+DPDK_PATH=${RTE_SDK:-${PWD}}\n+DPDK_BUILD=${RTE_TARGET:-x86_64-native-linuxapp-gcc}\n+\n+SGW_OUT_FILE=./ipsec-secgw.out1\n+\n+SGW_CMD_EAL_PRM=\"--lcores=${SGW_LCORE} -n 4 ${ETH_DEV}\"\n+SGW_CMD_CFG=\"(0,0,${SGW_LCORE}),(1,0,${SGW_LCORE})\"\n+SGW_CMD_PRM=\"-p 0x3 -u 1 -P --config=\\\"${SGW_CMD_CFG}\\\"\"\n+\n+SGW_CFG_FILE=$(tempfile)\n+\n+# configure local host/ifaces\n+config_local_iface()\n+{\n+\tifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 mtu 1400 up\n+\tifconfig ${LOCAL_IFACE}\n+\n+\tip neigh flush dev ${LOCAL_IFACE}\n+\tip neigh add ${REMOTE_IPV4} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}\n+\tip neigh show dev ${LOCAL_IFACE}\n+}\n+\n+config6_local_iface()\n+{\n+\tconfig_local_iface\n+\n+\tsysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0\n+\tip addr add ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE}\n+\n+\tsysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=1300\n+\n+\tip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}\n+\tip neigh show dev ${LOCAL_IFACE}\n+}\n+\n+#configure remote host/iface\n+config_remote_iface()\n+{\n+\tssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down\n+\tssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up\n+\tssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE}\n+\n+\tssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}\n+\n+\t# by some reason following ip neigh doesn't work for me here properly:\n+\t#ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \\\n+\t#\t\tdev ${REMOTE_IFACE} lladr ${LOCAL_MAC}\n+\t# so used arp instead.\n+\tssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}\n+\tssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}\n+\n+\tssh ${REMOTE_HOST} iptables --flush\n+}\n+\n+config6_remote_iface()\n+{\n+\tconfig_remote_iface\n+\n+\tssh ${REMOTE_HOST} sysctl -w \\\n+\t\tnet.ipv6.conf.${REMOTE_IFACE}.disable_ipv6=0\n+\tssh ${REMOTE_HOST} ip addr add ${REMOTE_IPV6}/64 dev ${REMOTE_IFACE}\n+\n+\tssh ${REMOTE_HOST} ip -6 neigh add ${LOCAL_IPV6} \\\n+\t\tdev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}\n+\tssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}\n+\n+\tssh ${REMOTE_HOST} ip6tables --flush\n+}\n+\n+#configure remote and local host/iface\n+config_iface()\n+{\n+\tconfig_local_iface\n+\tconfig_remote_iface\n+}\n+\n+config6_iface()\n+{\n+\tconfig6_local_iface\n+\tconfig6_remote_iface\n+}\n+\n+#start ipsec-secgw\n+secgw_start()\n+{\n+\tSGW_EXEC_FILE=$(tempfile)\n+\tcat <<EOF > ${SGW_EXEC_FILE}\n+${SGW_PATH} ${SGW_CMD_EAL_PRM} ${CRYPTO_DEV} \\\n+--vdev=\"net_tap0,mac=fixed\" \\\n+-- ${SGW_CMD_PRM} ${SGW_CMD_XPRM} -f ${SGW_CFG_FILE} > \\\n+${SGW_OUT_FILE} 2>&1 &\n+p=\\$!\n+echo \\$p\n+EOF\n+\n+\tcat ${SGW_EXEC_FILE}\n+\tSGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}`\n+\tsleep 1\n+}\n+\n+#stop ipsec-secgw and cleanup\n+secgw_stop()\n+{\n+\tkill ${SGW_PID}\n+\trm -f ${SGW_EXEC_FILE}\n+\trm -f ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/data_rxtx.sh b/examples/ipsec-secgw/test/data_rxtx.sh\nnew file mode 100644\nindex 000000000..f23a6d594\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/data_rxtx.sh\n@@ -0,0 +1,62 @@\n+#! /bin/bash\n+\n+TCP_PORT=22222\n+\n+ping_test1()\n+{\n+\tdst=$1\n+\n+\ti=0\n+\tst=0\n+\twhile [[ $i -ne 1200 && $st -eq 0 ]];\n+\tdo\n+\t\tlet i++\n+\t\tping -c 1 -s ${i} ${dst}\n+\t\tst=$?\n+\tdone\n+\n+\tif [[ $st -ne 0 ]]; then\n+\t\techo \"ERROR: $0 failed for dst=${dst}, sz=${i}\"\n+\tfi\n+\treturn $st;\n+}\n+\n+ping6_test1()\n+{\n+\tdst=$1\n+\n+\ti=0\n+\tst=0\n+\twhile [[ $i -ne 1200 && $st -eq 0 ]];\n+\tdo\n+\t\tlet i++\n+\t\tping6 -c 1 -s ${i} ${dst}\n+\t\tst=$?\n+\tdone\n+\n+\tif [[ $st -ne 0 ]]; then\n+\t\techo \"ERROR: $0 failed for dst=${dst}, sz=${i}\"\n+\tfi\n+\treturn $st;\n+}\n+\n+scp_test1()\n+{\n+\tdst=$1\n+\n+\tfor sz in 1234 23456 345678 4567890 56789102 ; do\n+\t\tx=`basename $0`.${sz}\n+\t\tdd if=/dev/urandom of=${x} bs=${sz} count=1\n+\t\tscp ${x} [${dst}]:${x}\n+\t\tscp [${dst}]:${x} ${x}.copy1\n+\t\tdiff -u ${x} ${x}.copy1\n+\t\tst=$?\n+\t\trm -f ${x} ${x}.copy1\n+\t\tssh ${REMOTE_HOST} rm -f ${x}\n+\t\tif [[ $st -ne 0 ]]; then\n+\t\t\treturn $st\n+\t\tfi\n+\tdone\n+\n+\treturn 0;\n+}\ndiff --git a/examples/ipsec-secgw/test/linux_test4.sh b/examples/ipsec-secgw/test/linux_test4.sh\nnew file mode 100644\nindex 000000000..d636f5604\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/linux_test4.sh\n@@ -0,0 +1,63 @@\n+#! /bin/bash\n+\n+# usage: /bin/bash linux_test4.sh <ipsec_mode>\n+# for list of available modes please refer to run_test.sh.\n+# ipsec-secgw (IPv4 mode) functional test script.\n+#\n+# Note that for most of them you required appropriate crypto PMD/device\n+# to be avaialble.\n+# Also user has to setup properly the following environment variables:\n+# SGW_PATH - path to the ipsec-secgw binary to test\n+# REMOTE_HOST - ip/hostname of the DUT\n+# REMOTE_IFACE - iface name for the test-port on DUT\n+# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')\n+# Also user can optonally setup:\n+# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)\n+# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')\n+# if none specified appropriate vdevs will be created by the scrit\n+#\n+# The purpose of the script is to automate ipsec-secgw testing\n+# using another system running linux as a DUT.\n+# It expects that SUT and DUT are connected through at least 2 NICs.\n+# One NIC is expected to be managed by linux both machines,\n+# and will be used as a control path\n+# Make sure user from SUT can ssh to DUT without entering password.\n+# Second NIC (test-port) should be reserved for DPDK on SUT,\n+# and should be managed by linux on DUT.\n+# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.\n+# Then configures local tap iface and remote iface and ipsec policies\n+# in the following way:\n+# traffic going over test-port in both directions has to be\n+# protected by ipsec.\n+# raffic going over TAP in both directions doesn't have to be protected.\n+# I.E:\n+# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS\n+# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS\n+# Then tries to perorm some data transfer using the scheme decribed above.\n+#\n+\n+DIR=`dirname $0`\n+MODE=$1\n+\n+ . ${DIR}/common_defs.sh\n+ . ${DIR}/${MODE}_defs.sh\n+\n+config_secgw\n+\n+secgw_start\n+\n+config_iface\n+\n+config_remote_xfrm\n+\n+ . ${DIR}/data_rxtx.sh\n+\n+ping_test1 ${REMOTE_IPV4}\n+st=$?\n+if [[ $st -eq 0 ]]; then\n+\tscp_test1 ${REMOTE_IPV4}\n+\tst=$?\n+fi\n+\n+secgw_stop\n+exit $st\ndiff --git a/examples/ipsec-secgw/test/linux_test6.sh b/examples/ipsec-secgw/test/linux_test6.sh\nnew file mode 100644\nindex 000000000..e30f607d8\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/linux_test6.sh\n@@ -0,0 +1,64 @@\n+#! /bin/bash\n+\n+# usage: /bin/bash linux_test6.sh <ipsec_mode>\n+# for list of available modes please refer to run_test.sh.\n+# ipsec-secgw (IPv6 mode) functional test script.\n+#\n+# Note that for most of them you required appropriate crypto PMD/device\n+# to be avaialble.\n+# Also user has to setup properly the following environment variables:\n+# SGW_PATH - path to the ipsec-secgw binary to test\n+# REMOTE_HOST - ip/hostname of the DUT\n+# REMOTE_IFACE - iface name for the test-port on DUT\n+# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')\n+# Also user can optonally setup:\n+# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)\n+# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')\n+# if none specified appropriate vdevs will be created by the scrit\n+#\n+# The purpose of the script is to automate ipsec-secgw testing\n+# using another system running linux as a DUT.\n+# It expects that SUT and DUT are connected through at least 2 NICs.\n+# One NIC is expected to be managed by linux both machines,\n+# and will be used as a control path.\n+# Make sure user from SUT can ssh to DUT without entering password,\n+# also make sure that sshd over ipv6 is enabled.\n+# Second NIC (test-port) should be reserved for DPDK on SUT,\n+# and should be managed by linux on DUT.\n+# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.\n+# Then configures local tap iface and remote iface and ipsec policies\n+# in the following way:\n+# traffic going over test-port in both directions has to be\n+# protected by ipsec.\n+# raffic going over TAP in both directions doesn't have to be protected.\n+# I.E:\n+# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS\n+# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS\n+# Then tries to perorm some data transfer using the scheme decribed above.\n+#\n+\n+DIR=`dirname $0`\n+MODE=$1\n+\n+ . ${DIR}/common_defs.sh\n+ . ${DIR}/${MODE}_defs.sh\n+\n+config_secgw\n+\n+secgw_start\n+\n+config6_iface\n+\n+config6_remote_xfrm\n+\n+ . ${DIR}/data_rxtx.sh\n+\n+ping6_test1 ${REMOTE_IPV6}\n+st=$?\n+if [[ $st -eq 0 ]]; then\n+\tscp_test1 ${REMOTE_IPV6}\n+\tst=$?\n+fi\n+\n+secgw_stop\n+exit $st\ndiff --git a/examples/ipsec-secgw/test/run_test.sh b/examples/ipsec-secgw/test/run_test.sh\nnew file mode 100644\nindex 000000000..6dc0ce54e\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/run_test.sh\n@@ -0,0 +1,80 @@\n+#! /bin/bash\n+\n+# usage: /bin/bash run_test.sh [-46]\n+# Run all defined linux_test[4,6].sh test-cases one by one\n+# user has to setup properly the following environment variables:\n+# SGW_PATH - path to the ipsec-secgw binary to test\n+# REMOTE_HOST - ip/hostname of the DUT\n+# REMOTE_IFACE - iface name for the test-port on DUT\n+# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')\n+# Also user can optonally setup:\n+# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)\n+# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')\n+# if none specified appropriate vdevs will be created by the scrit\n+# refer to linux_test1.sh for more information\n+\n+# All supported modes to test.\n+# naming convention:\n+# 'old' means that ipsec-secgw will run in legacy (non-librte_ipsec mode)\n+# 'tun/trs' refer to tunnel/transport mode respectively\n+LINUX_TEST=\"tun_aescbc_sha1 \\\n+tun_aescbc_sha1_esn \\\n+tun_aescbc_sha1_esn_atom \\\n+tun_aesgcm \\\n+tun_aesgcm_esn \\\n+tun_aesgcm_esn_atom \\\n+trs_aescbc_sha1 \\\n+trs_aescbc_sha1_esn \\\n+trs_aescbc_sha1_esn_atom \\\n+trs_aesgcm \\\n+trs_aesgcm_esn \\\n+trs_aesgcm_esn_atom \\\n+tun_aescbc_sha1_old \\\n+tun_aesgcm_old \\\n+trs_aescbc_sha1_old \\\n+trs_aesgcm_old\"\n+\n+DIR=`dirname $0`\n+\n+# get input options\n+st=0\n+run4=0\n+run6=0\n+while [[ ${st} -eq 0 ]]; do\n+\tgetopts \":46\" opt\n+\tst=$?\n+\tif [[ \"${opt}\" == \"4\" ]]; then\n+\t\trun4=1\n+\telif [[ \"${opt}\" == \"6\" ]]; then\n+\t\trun6=1\n+\tfi\n+done\n+\n+if [[ ${run4} -eq 0 && {run6} -eq 0 ]]; then\n+\texit 127\n+fi\n+\n+for i in ${LINUX_TEST}; do\n+\n+\techo \"starting test ${i}\"\n+\n+\tst4=0\n+\tif [[ ${run4} -ne 0 ]]; then\n+\t\t/bin/bash ${DIR}/linux_test4.sh ${i}\n+\t\tst4=$?\n+\t\techo \"test4 ${i} finished with status ${st4}\"\n+\tfi\n+\n+\tst6=0\n+\tif [[ ${run6} -ne 0 ]]; then\n+\t\t/bin/bash ${DIR}/linux_test6.sh ${i}\n+\t\tst6=$?\n+\t\techo \"test6 ${i} finished with status ${st6}\"\n+\tfi\n+\n+\tlet \"st = st4 + st6\"\n+\tif [[ $st -ne 0 ]]; then\n+\t\techo \"ERROR test ${i} FAILED\"\n+\t\texit $st\n+\tfi\n+done\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh\nnew file mode 100644\nindex 000000000..e2621e0df\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh\n@@ -0,0 +1,69 @@\n+#! /bin/bash\n+\n+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev=\"crypto_aesni_mb0\"'}\n+\n+#generate cfg file for ipsec-secgw\n+config_secgw()\n+{\n+\tcat <<EOF > ${SGW_CFG_FILE}\n+#SP in IPv4 rules\n+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv4 rules\n+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#sp in IPv6 rules\n+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv6 rules\n+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SA in rules\n+sa in 7 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+sa in 9 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#SA out rules\n+sa out 7 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#SA out rules\n+sa out 9 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#Routing rules\n+rt ipv4 dst ${REMOTE_IPV4}/32 port 0\n+rt ipv4 dst ${LOCAL_IPV4}/32 port 1\n+\n+rt ipv6 dst ${REMOTE_IPV6}/128 port 0\n+rt ipv6 dst ${LOCAL_IPV6}/128 port 1\n+\n+#neighbours\n+neigh port 0 ${REMOTE_MAC}\n+neigh port 1 ${LOCAL_MAC}\n+EOF\n+\n+\tcat ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh\nnew file mode 100644\nindex 000000000..d68552fce\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh\n@@ -0,0 +1,67 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aescbc_sha1_common_defs.sh\n+\n+SGW_CMD_XPRM='-w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode transport replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode transport replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 4\n+\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode transport replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode transport replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh\nnew file mode 100644\nindex 000000000..f16222e11\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aescbc_sha1_esn_defs.sh\n+\n+SGW_CMD_XPRM='-e -a -w 300'\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh\nnew file mode 100644\nindex 000000000..ce7c977a3\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh\n@@ -0,0 +1,66 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aescbc_sha1_common_defs.sh\n+\n+SGW_CMD_XPRM='-e -w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh\nnew file mode 100644\nindex 000000000..a3abb6103\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aescbc_sha1_defs.sh\n+\n+SGW_CMD_XPRM=\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh\nnew file mode 100644\nindex 000000000..720e807e4\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh\n@@ -0,0 +1,60 @@\n+#! /bin/bash\n+\n+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev=\"crypto_aesni_gcm0\"'}\n+\n+#generate cfg file for ipsec-secgw\n+config_secgw()\n+{\n+\tcat <<EOF > ${SGW_CFG_FILE}\n+#SP in IPv4 rules\n+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv4 rules\n+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP in IPv6 rules\n+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv6 rules\n+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SA in rules\n+sa in 7 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+sa in 9 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#SA out rules\n+sa out 7 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+sa out 9 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#Routing rules\n+rt ipv4 dst ${REMOTE_IPV4}/32 port 0\n+rt ipv4 dst ${LOCAL_IPV4}/32 port 1\n+\n+rt ipv6 dst ${REMOTE_IPV6}/128 port 0\n+rt ipv6 dst ${LOCAL_IPV6}/128 port 1\n+\n+#neighbours\n+neigh port 0 ${REMOTE_MAC}\n+neigh port 1 ${LOCAL_MAC}\n+EOF\n+\n+\tcat ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_defs.sh\nnew file mode 100644\nindex 000000000..8382d3d52\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_defs.sh\n@@ -0,0 +1,66 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aesgcm_common_defs.sh\n+\n+SGW_CMD_XPRM='-w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode transport replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode transport replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode transport replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode transport replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh\nnew file mode 100644\nindex 000000000..80d8d63b8\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aesgcm_esn_defs.sh\n+\n+SGW_CMD_XPRM='-e -a -w 300'\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh\nnew file mode 100644\nindex 000000000..94958d199\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh\n@@ -0,0 +1,66 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aesgcm_common_defs.sh\n+\n+SGW_CMD_XPRM='-e -w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh\nnew file mode 100644\nindex 000000000..951e6b68f\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aesgcm_defs.sh\n+\n+SGW_CMD_XPRM=\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh\nnew file mode 100644\nindex 000000000..4025da232\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh\n@@ -0,0 +1,68 @@\n+#! /bin/bash\n+\n+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev=\"crypto_aesni_mb0\"'}\n+\n+#generate cfg file for ipsec-secgw\n+config_secgw()\n+{\n+\tcat <<EOF > ${SGW_CFG_FILE}\n+#sp in IPv4 rules\n+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv4 rules\n+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#sp in IPv6 rules\n+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv6 rules\n+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SA in rules\n+sa in 7 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}\n+\n+sa in 9 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}\n+\n+#SA out rules\n+sa out 7 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}\n+\n+sa out 9 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}\n+\n+#Routing rules\n+rt ipv4 dst ${REMOTE_IPV4}/32 port 0\n+rt ipv4 dst ${LOCAL_IPV4}/32 port 1\n+\n+rt ipv6 dst ${REMOTE_IPV6}/128 port 0\n+rt ipv6 dst ${LOCAL_IPV6}/128 port 1\n+\n+#neighbours\n+neigh port 0 ${REMOTE_MAC}\n+neigh port 1 ${LOCAL_MAC}\n+EOF\n+\n+\tcat ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh\nnew file mode 100644\nindex 000000000..18aade3a9\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh\n@@ -0,0 +1,70 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aescbc_sha1_common_defs.sh\n+\n+SGW_CMD_XPRM='-w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp mode tunnel reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp mode tunnel reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp mode tunnel reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp mode tunnel reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode tunnel replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode tunnel replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh\nnew file mode 100644\nindex 000000000..6b4a82149\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aescbc_sha1_esn_defs.sh\n+\n+SGW_CMD_XPRM='-e -a -w 300'\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh\nnew file mode 100644\nindex 000000000..28c1125d6\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh\n@@ -0,0 +1,70 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aescbc_sha1_common_defs.sh\n+\n+SGW_CMD_XPRM='-e -w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp mode tunnel reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp mode tunnel reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp mode tunnel reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp mode tunnel reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh\nnew file mode 100644\nindex 000000000..3c0d8d1b1\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aescbc_sha1_defs.sh\n+\n+SGW_CMD_XPRM=\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh\nnew file mode 100644\nindex 000000000..fba68c6a3\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh\n@@ -0,0 +1,60 @@\n+#! /bin/bash\n+\n+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev=\"crypto_aesni_gcm0\"'}\n+\n+#generate cfg file for ipsec-secgw\n+config_secgw()\n+{\n+\tcat <<EOF > ${SGW_CFG_FILE}\n+#sp in IPv4 rules\n+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv4 rules\n+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#sp in IPv6 rules\n+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv6 rules\n+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SA in rules\n+sa in 7 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}\n+\n+sa in 9 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}\n+\n+#SA out rules\n+sa out 7 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}\n+\n+sa out 9 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}\n+\n+#Routing rules\n+rt ipv4 dst ${REMOTE_IPV4}/32 port 0\n+rt ipv4 dst ${LOCAL_IPV4}/32 port 1\n+\n+rt ipv6 dst ${REMOTE_IPV6}/128 port 0\n+rt ipv6 dst ${LOCAL_IPV6}/128 port 1\n+\n+#neighbours\n+neigh port 0 ${REMOTE_MAC}\n+neigh port 1 ${LOCAL_MAC}\n+EOF\n+\n+\tcat ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_defs.sh\nnew file mode 100644\nindex 000000000..8ae65321b\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_defs.sh\n@@ -0,0 +1,70 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aesgcm_common_defs.sh\n+\n+SGW_CMD_XPRM='-w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp mode tunnel reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp mode tunnel reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp mode tunnel reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp mode tunnel reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode tunnel replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode tunnel replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh\nnew file mode 100644\nindex 000000000..dab1460c8\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aesgcm_esn_defs.sh\n+\n+SGW_CMD_XPRM='-e -a -w 300'\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh\nnew file mode 100644\nindex 000000000..606232349\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh\n@@ -0,0 +1,70 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aesgcm_common_defs.sh\n+\n+SGW_CMD_XPRM='-e -w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp mode tunnel reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp mode tunnel reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp mode tunnel reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp mode tunnel reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh\nnew file mode 100644\nindex 000000000..e0a015e21\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aesgcm_defs.sh\n+\n+SGW_CMD_XPRM=\n", "prefixes": [ "v4", "8/9" ] }{ "id": 48920, "url": "