GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/48920/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 48920,
    "url": "http://patches.dpdk.org/api/patches/48920/?format=api",
    "web_url": "http://patches.dpdk.org/project/dpdk/patch/1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com/",
    "project": {
        "id": 1,
        "url": "http://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com",
    "date": "2018-12-14T16:40:22",
    "name": "[v4,8/9] examples/ipsec-secgw: add scripts for functional test",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "3210dfd6fcdf5dbce53010158f85f51fa4189a4c",
    "submitter": {
        "id": 33,
        "url": "http://patches.dpdk.org/api/people/33/?format=api",
        "name": "Ananyev, Konstantin",
        "email": "konstantin.ananyev@intel.com"
    },
    "delegate": {
        "id": 1,
        "url": "http://patches.dpdk.org/api/users/1/?format=api",
        "username": "tmonjalo",
        "first_name": "Thomas",
        "last_name": "Monjalon",
        "email": "thomas@monjalon.net"
    },
    "mbox": "http://patches.dpdk.org/project/dpdk/patch/1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com/mbox/",
    "series": [
        {
            "id": 2800,
            "url": "http://patches.dpdk.org/api/series/2800/?format=api",
            "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=2800",
            "date": "2018-12-14T16:40:22",
            "name": null,
            "version": 4,
            "mbox": "http://patches.dpdk.org/series/2800/mbox/"
        }
    ],
    "comments": "http://patches.dpdk.org/api/patches/48920/comments/",
    "check": "success",
    "checks": "http://patches.dpdk.org/api/patches/48920/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@dpdk.org",
        "Delivered-To": "patchwork@dpdk.org",
        "Received": [
            "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 81CB11BBD7;\n\tFri, 14 Dec 2018 17:40:50 +0100 (CET)",
            "from mga06.intel.com (mga06.intel.com [134.134.136.31])\n\tby dpdk.org (Postfix) with ESMTP id 061E81BB2E\n\tfor <dev@dpdk.org>; Fri, 14 Dec 2018 17:40:41 +0100 (CET)",
            "from orsmga008.jf.intel.com ([10.7.209.65])\n\tby orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t14 Dec 2018 08:40:41 -0800",
            "from sivswdev08.ir.intel.com (HELO localhost.localdomain)\n\t([10.237.217.47])\n\tby orsmga008.jf.intel.com with ESMTP; 14 Dec 2018 08:40:39 -0800"
        ],
        "X-Amp-Result": "SKIPPED(no attachment in message)",
        "X-Amp-File-Uploaded": "False",
        "X-ExtLoop1": "1",
        "X-IronPort-AV": "E=Sophos;i=\"5.56,353,1539673200\"; d=\"scan'208\";a=\"101573839\"",
        "From": "Konstantin Ananyev <konstantin.ananyev@intel.com>",
        "To": "dev@dpdk.org",
        "Cc": "akhil.goyal@nxp.com, radu.nicolau@intel.com,\n\tKonstantin Ananyev <konstantin.ananyev@intel.com>",
        "Date": "Fri, 14 Dec 2018 16:40:22 +0000",
        "Message-Id": "<1544805623-18150-9-git-send-email-konstantin.ananyev@intel.com>",
        "X-Mailer": "git-send-email 1.7.0.7",
        "In-Reply-To": "<1544111691-7481-1-git-send-email-konstantin.ananyev@intel.com>",
        "References": "<1544111691-7481-1-git-send-email-konstantin.ananyev@intel.com>",
        "Subject": "[dpdk-dev] [PATCH v4 8/9] examples/ipsec-secgw: add scripts for\n\tfunctional test",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "The purpose of these scripts is to automate ipsec-secgw functional testing.\nThe scripts require two machines (SUT and DUT) connected through\nat least 2 NICs and running linux (so far tested only on Ubuntu 18.04).\nIntroduced test-cases for the following scenarios:\n- Transport/Tunnel modes\n- AES-CBC SHA1\n- AES-GCM\n- ESN on/off\n- legacy/librte_ipsec code path\n\nSigned-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>\nAcked-by: Radu Nicolau <radu.nicolau@intel.com>\n---\n examples/ipsec-secgw/test/common_defs.sh      | 153 ++++++++++++++++++\n examples/ipsec-secgw/test/data_rxtx.sh        |  62 +++++++\n examples/ipsec-secgw/test/linux_test4.sh      |  63 ++++++++\n examples/ipsec-secgw/test/linux_test6.sh      |  64 ++++++++\n examples/ipsec-secgw/test/run_test.sh         |  80 +++++++++\n .../test/trs_aescbc_sha1_common_defs.sh       |  69 ++++++++\n .../ipsec-secgw/test/trs_aescbc_sha1_defs.sh  |  67 ++++++++\n .../test/trs_aescbc_sha1_esn_atom_defs.sh     |   5 +\n .../test/trs_aescbc_sha1_esn_defs.sh          |  66 ++++++++\n .../test/trs_aescbc_sha1_old_defs.sh          |   5 +\n .../test/trs_aesgcm_common_defs.sh            |  60 +++++++\n examples/ipsec-secgw/test/trs_aesgcm_defs.sh  |  66 ++++++++\n .../test/trs_aesgcm_esn_atom_defs.sh          |   5 +\n .../ipsec-secgw/test/trs_aesgcm_esn_defs.sh   |  66 ++++++++\n .../ipsec-secgw/test/trs_aesgcm_old_defs.sh   |   5 +\n .../test/tun_aescbc_sha1_common_defs.sh       |  68 ++++++++\n .../ipsec-secgw/test/tun_aescbc_sha1_defs.sh  |  70 ++++++++\n .../test/tun_aescbc_sha1_esn_atom_defs.sh     |   5 +\n .../test/tun_aescbc_sha1_esn_defs.sh          |  70 ++++++++\n .../test/tun_aescbc_sha1_old_defs.sh          |   5 +\n .../test/tun_aesgcm_common_defs.sh            |  60 +++++++\n examples/ipsec-secgw/test/tun_aesgcm_defs.sh  |  70 ++++++++\n .../test/tun_aesgcm_esn_atom_defs.sh          |   5 +\n .../ipsec-secgw/test/tun_aesgcm_esn_defs.sh   |  70 ++++++++\n .../ipsec-secgw/test/tun_aesgcm_old_defs.sh   |   5 +\n 25 files changed, 1264 insertions(+)\n create mode 100644 examples/ipsec-secgw/test/common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/data_rxtx.sh\n create mode 100644 examples/ipsec-secgw/test/linux_test4.sh\n create mode 100644 examples/ipsec-secgw/test/linux_test6.sh\n create mode 100644 examples/ipsec-secgw/test/run_test.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh\n create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh\n create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh",
    "diff": "diff --git a/examples/ipsec-secgw/test/common_defs.sh b/examples/ipsec-secgw/test/common_defs.sh\nnew file mode 100644\nindex 000000000..7adfffa19\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/common_defs.sh\n@@ -0,0 +1,153 @@\n+#! /bin/bash\n+\n+#check that env vars are properly defined\n+\n+#check SGW_PATH\n+if [[ -z \"${SGW_PATH}\" || ! -x ${SGW_PATH} ]]; then\n+\techo \"SGW_PATH is invalid\"\n+\texit 127\n+fi\n+\n+#check ETH_DEV\n+if [[ -z \"${ETH_DEV}\" ]]; then\n+\techo \"ETH_DEV is invalid\"\n+\texit 127\n+fi\n+\n+#setup SGW_LCORE\n+SGW_LCORE=${SGW_LCORE:-0}\n+\n+#check that REMOTE_HOST is reachable\n+ssh ${REMOTE_HOST} echo\n+st=$?\n+if [[ $st -ne 0 ]]; then\n+\techo \"host ${REMOTE_HOST} is not reachable\"\n+\texit $st\n+fi\n+\n+#get ether addr of REMOTE_HOST\n+REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`\n+st=$?\n+REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`\n+if [[ $st -ne 0 || -z \"${REMOTE_MAC}\" ]]; then\n+\techo \"coouldn't retrieve ether addr from ${REMOTE_IFACE}\"\n+\texit 127\n+fi\n+\n+LOCAL_IFACE=dtap0\n+\n+LOCAL_MAC=\"00:64:74:61:70:30\"\n+\n+REMOTE_IPV4=192.168.31.14\n+LOCAL_IPV4=192.168.31.92\n+\n+REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014\n+LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092\n+\n+DPDK_PATH=${RTE_SDK:-${PWD}}\n+DPDK_BUILD=${RTE_TARGET:-x86_64-native-linuxapp-gcc}\n+\n+SGW_OUT_FILE=./ipsec-secgw.out1\n+\n+SGW_CMD_EAL_PRM=\"--lcores=${SGW_LCORE} -n 4 ${ETH_DEV}\"\n+SGW_CMD_CFG=\"(0,0,${SGW_LCORE}),(1,0,${SGW_LCORE})\"\n+SGW_CMD_PRM=\"-p 0x3 -u 1 -P --config=\\\"${SGW_CMD_CFG}\\\"\"\n+\n+SGW_CFG_FILE=$(tempfile)\n+\n+# configure local host/ifaces\n+config_local_iface()\n+{\n+\tifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 mtu 1400 up\n+\tifconfig ${LOCAL_IFACE}\n+\n+\tip neigh flush dev ${LOCAL_IFACE}\n+\tip neigh add ${REMOTE_IPV4} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}\n+\tip neigh show dev ${LOCAL_IFACE}\n+}\n+\n+config6_local_iface()\n+{\n+\tconfig_local_iface\n+\n+\tsysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0\n+\tip addr add  ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE}\n+\n+\tsysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=1300\n+\n+\tip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}\n+\tip neigh show dev ${LOCAL_IFACE}\n+}\n+\n+#configure remote host/iface\n+config_remote_iface()\n+{\n+\tssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down\n+\tssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up\n+\tssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE}\n+\n+\tssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}\n+\n+\t# by some reason following ip neigh doesn't work for me here properly:\n+\t#ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \\\n+\t#\t\tdev ${REMOTE_IFACE} lladr ${LOCAL_MAC}\n+\t# so used arp instead.\n+\tssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}\n+\tssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}\n+\n+\tssh ${REMOTE_HOST} iptables --flush\n+}\n+\n+config6_remote_iface()\n+{\n+\tconfig_remote_iface\n+\n+\tssh ${REMOTE_HOST} sysctl -w \\\n+\t\tnet.ipv6.conf.${REMOTE_IFACE}.disable_ipv6=0\n+\tssh ${REMOTE_HOST} ip addr add  ${REMOTE_IPV6}/64 dev ${REMOTE_IFACE}\n+\n+\tssh ${REMOTE_HOST} ip -6 neigh add ${LOCAL_IPV6} \\\n+\t\tdev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}\n+\tssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}\n+\n+\tssh ${REMOTE_HOST} ip6tables --flush\n+}\n+\n+#configure remote and local host/iface\n+config_iface()\n+{\n+\tconfig_local_iface\n+\tconfig_remote_iface\n+}\n+\n+config6_iface()\n+{\n+\tconfig6_local_iface\n+\tconfig6_remote_iface\n+}\n+\n+#start ipsec-secgw\n+secgw_start()\n+{\n+\tSGW_EXEC_FILE=$(tempfile)\n+\tcat <<EOF > ${SGW_EXEC_FILE}\n+${SGW_PATH} ${SGW_CMD_EAL_PRM} ${CRYPTO_DEV} \\\n+--vdev=\"net_tap0,mac=fixed\" \\\n+-- ${SGW_CMD_PRM} ${SGW_CMD_XPRM} -f ${SGW_CFG_FILE} > \\\n+${SGW_OUT_FILE} 2>&1 &\n+p=\\$!\n+echo \\$p\n+EOF\n+\n+\tcat ${SGW_EXEC_FILE}\n+\tSGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}`\n+\tsleep 1\n+}\n+\n+#stop ipsec-secgw and cleanup\n+secgw_stop()\n+{\n+\tkill ${SGW_PID}\n+\trm -f ${SGW_EXEC_FILE}\n+\trm -f ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/data_rxtx.sh b/examples/ipsec-secgw/test/data_rxtx.sh\nnew file mode 100644\nindex 000000000..f23a6d594\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/data_rxtx.sh\n@@ -0,0 +1,62 @@\n+#! /bin/bash\n+\n+TCP_PORT=22222\n+\n+ping_test1()\n+{\n+\tdst=$1\n+\n+\ti=0\n+\tst=0\n+\twhile [[ $i -ne 1200 && $st -eq 0 ]];\n+\tdo\n+\t\tlet i++\n+\t\tping -c 1 -s ${i} ${dst}\n+\t\tst=$?\n+\tdone\n+\n+\tif [[ $st -ne 0 ]]; then\n+\t\techo \"ERROR: $0 failed for dst=${dst}, sz=${i}\"\n+\tfi\n+\treturn $st;\n+}\n+\n+ping6_test1()\n+{\n+\tdst=$1\n+\n+\ti=0\n+\tst=0\n+\twhile [[ $i -ne 1200 && $st -eq 0 ]];\n+\tdo\n+\t\tlet i++\n+\t\tping6 -c 1 -s ${i} ${dst}\n+\t\tst=$?\n+\tdone\n+\n+\tif [[ $st -ne 0 ]]; then\n+\t\techo \"ERROR: $0 failed for dst=${dst}, sz=${i}\"\n+\tfi\n+\treturn $st;\n+}\n+\n+scp_test1()\n+{\n+\tdst=$1\n+\n+\tfor sz in 1234 23456 345678 4567890 56789102 ; do\n+\t\tx=`basename $0`.${sz}\n+\t\tdd if=/dev/urandom of=${x} bs=${sz} count=1\n+\t\tscp ${x} [${dst}]:${x}\n+\t\tscp [${dst}]:${x} ${x}.copy1\n+\t\tdiff -u ${x} ${x}.copy1\n+\t\tst=$?\n+\t\trm -f ${x} ${x}.copy1\n+\t\tssh ${REMOTE_HOST} rm -f ${x}\n+\t\tif [[ $st -ne 0 ]]; then\n+\t\t\treturn $st\n+\t\tfi\n+\tdone\n+\n+\treturn 0;\n+}\ndiff --git a/examples/ipsec-secgw/test/linux_test4.sh b/examples/ipsec-secgw/test/linux_test4.sh\nnew file mode 100644\nindex 000000000..d636f5604\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/linux_test4.sh\n@@ -0,0 +1,63 @@\n+#! /bin/bash\n+\n+# usage:  /bin/bash linux_test4.sh <ipsec_mode>\n+# for list of available modes please refer to run_test.sh.\n+# ipsec-secgw (IPv4 mode) functional test script.\n+#\n+# Note that for most of them you required appropriate crypto PMD/device\n+# to be avaialble.\n+# Also user has to setup properly the following environment variables:\n+#  SGW_PATH - path to the ipsec-secgw binary to test\n+#  REMOTE_HOST - ip/hostname of the DUT\n+#  REMOTE_IFACE - iface name for the test-port on DUT\n+#  ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')\n+# Also user can optonally setup:\n+#  SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)\n+#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')\n+#  if none specified appropriate vdevs will be created by the scrit\n+#\n+# The purpose of the script is to automate ipsec-secgw testing\n+# using another system running linux as a DUT.\n+# It expects that SUT and DUT are connected through at least 2 NICs.\n+# One NIC is expected to be managed by linux both machines,\n+# and will be used as a control path\n+# Make sure user from SUT can ssh to DUT without entering password.\n+# Second NIC (test-port) should be reserved for DPDK on SUT,\n+# and should be managed by linux on DUT.\n+# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.\n+# Then configures local tap iface and remote iface and ipsec policies\n+# in the following way:\n+# traffic going over test-port in both directions has to be\n+# protected by ipsec.\n+# raffic going over TAP in both directions doesn't have to be protected.\n+# I.E:\n+# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS\n+# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS\n+# Then tries to perorm some data transfer using the scheme decribed above.\n+#\n+\n+DIR=`dirname $0`\n+MODE=$1\n+\n+ . ${DIR}/common_defs.sh\n+ . ${DIR}/${MODE}_defs.sh\n+\n+config_secgw\n+\n+secgw_start\n+\n+config_iface\n+\n+config_remote_xfrm\n+\n+ . ${DIR}/data_rxtx.sh\n+\n+ping_test1 ${REMOTE_IPV4}\n+st=$?\n+if [[ $st -eq 0 ]]; then\n+\tscp_test1 ${REMOTE_IPV4}\n+\tst=$?\n+fi\n+\n+secgw_stop\n+exit $st\ndiff --git a/examples/ipsec-secgw/test/linux_test6.sh b/examples/ipsec-secgw/test/linux_test6.sh\nnew file mode 100644\nindex 000000000..e30f607d8\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/linux_test6.sh\n@@ -0,0 +1,64 @@\n+#! /bin/bash\n+\n+# usage:  /bin/bash linux_test6.sh <ipsec_mode>\n+# for list of available modes please refer to run_test.sh.\n+# ipsec-secgw (IPv6 mode) functional test script.\n+#\n+# Note that for most of them you required appropriate crypto PMD/device\n+# to be avaialble.\n+# Also user has to setup properly the following environment variables:\n+#  SGW_PATH - path to the ipsec-secgw binary to test\n+#  REMOTE_HOST - ip/hostname of the DUT\n+#  REMOTE_IFACE - iface name for the test-port on DUT\n+#  ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')\n+# Also user can optonally setup:\n+#  SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)\n+#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')\n+#  if none specified appropriate vdevs will be created by the scrit\n+#\n+# The purpose of the script is to automate ipsec-secgw testing\n+# using another system running linux as a DUT.\n+# It expects that SUT and DUT are connected through at least 2 NICs.\n+# One NIC is expected to be managed by linux both machines,\n+# and will be used as a control path.\n+# Make sure user from SUT can ssh to DUT without entering password,\n+# also make sure that sshd over ipv6 is enabled.\n+# Second NIC (test-port) should be reserved for DPDK on SUT,\n+# and should be managed by linux on DUT.\n+# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.\n+# Then configures local tap iface and remote iface and ipsec policies\n+# in the following way:\n+# traffic going over test-port in both directions has to be\n+# protected by ipsec.\n+# raffic going over TAP in both directions doesn't have to be protected.\n+# I.E:\n+# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS\n+# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS\n+# Then tries to perorm some data transfer using the scheme decribed above.\n+#\n+\n+DIR=`dirname $0`\n+MODE=$1\n+\n+ . ${DIR}/common_defs.sh\n+ . ${DIR}/${MODE}_defs.sh\n+\n+config_secgw\n+\n+secgw_start\n+\n+config6_iface\n+\n+config6_remote_xfrm\n+\n+ . ${DIR}/data_rxtx.sh\n+\n+ping6_test1 ${REMOTE_IPV6}\n+st=$?\n+if [[ $st -eq 0 ]]; then\n+\tscp_test1 ${REMOTE_IPV6}\n+\tst=$?\n+fi\n+\n+secgw_stop\n+exit $st\ndiff --git a/examples/ipsec-secgw/test/run_test.sh b/examples/ipsec-secgw/test/run_test.sh\nnew file mode 100644\nindex 000000000..6dc0ce54e\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/run_test.sh\n@@ -0,0 +1,80 @@\n+#! /bin/bash\n+\n+# usage: /bin/bash run_test.sh [-46]\n+# Run all defined linux_test[4,6].sh test-cases one by one\n+# user has to setup properly the following environment variables:\n+#  SGW_PATH - path to the ipsec-secgw binary to test\n+#  REMOTE_HOST - ip/hostname of the DUT\n+#  REMOTE_IFACE - iface name for the test-port on DUT\n+#  ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')\n+# Also user can optonally setup:\n+#  SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)\n+#  CRYPTO_DEV - crypto device to be used ('-w <pci-id>')\n+#  if none specified appropriate vdevs will be created by the scrit\n+# refer to linux_test1.sh for more information\n+\n+# All supported modes to test.\n+# naming convention:\n+# 'old' means that ipsec-secgw will run in legacy (non-librte_ipsec mode)\n+# 'tun/trs' refer to tunnel/transport mode respectively\n+LINUX_TEST=\"tun_aescbc_sha1 \\\n+tun_aescbc_sha1_esn \\\n+tun_aescbc_sha1_esn_atom \\\n+tun_aesgcm \\\n+tun_aesgcm_esn \\\n+tun_aesgcm_esn_atom \\\n+trs_aescbc_sha1 \\\n+trs_aescbc_sha1_esn \\\n+trs_aescbc_sha1_esn_atom \\\n+trs_aesgcm \\\n+trs_aesgcm_esn \\\n+trs_aesgcm_esn_atom \\\n+tun_aescbc_sha1_old \\\n+tun_aesgcm_old \\\n+trs_aescbc_sha1_old \\\n+trs_aesgcm_old\"\n+\n+DIR=`dirname $0`\n+\n+# get input options\n+st=0\n+run4=0\n+run6=0\n+while [[ ${st} -eq 0 ]]; do\n+\tgetopts \":46\" opt\n+\tst=$?\n+\tif [[ \"${opt}\" == \"4\" ]]; then\n+\t\trun4=1\n+\telif [[ \"${opt}\" == \"6\" ]]; then\n+\t\trun6=1\n+\tfi\n+done\n+\n+if [[ ${run4} -eq 0 && {run6} -eq 0 ]]; then\n+\texit 127\n+fi\n+\n+for i in ${LINUX_TEST}; do\n+\n+\techo \"starting test ${i}\"\n+\n+\tst4=0\n+\tif [[ ${run4} -ne 0 ]]; then\n+\t\t/bin/bash ${DIR}/linux_test4.sh ${i}\n+\t\tst4=$?\n+\t\techo \"test4 ${i} finished with status ${st4}\"\n+\tfi\n+\n+\tst6=0\n+\tif [[ ${run6} -ne 0 ]]; then\n+\t\t/bin/bash ${DIR}/linux_test6.sh ${i}\n+\t\tst6=$?\n+\t\techo \"test6 ${i} finished with status ${st6}\"\n+\tfi\n+\n+\tlet \"st = st4 + st6\"\n+\tif [[ $st -ne 0 ]]; then\n+\t\techo \"ERROR test ${i} FAILED\"\n+\t\texit $st\n+\tfi\n+done\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh\nnew file mode 100644\nindex 000000000..e2621e0df\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh\n@@ -0,0 +1,69 @@\n+#! /bin/bash\n+\n+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev=\"crypto_aesni_mb0\"'}\n+\n+#generate cfg file for ipsec-secgw\n+config_secgw()\n+{\n+\tcat <<EOF > ${SGW_CFG_FILE}\n+#SP in IPv4 rules\n+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv4 rules\n+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#sp in IPv6 rules\n+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv6 rules\n+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SA in rules\n+sa in 7 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+sa in 9 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#SA out rules\n+sa out 7 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#SA out rules\n+sa out 9 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#Routing rules\n+rt ipv4 dst ${REMOTE_IPV4}/32 port 0\n+rt ipv4 dst ${LOCAL_IPV4}/32 port 1\n+\n+rt ipv6 dst ${REMOTE_IPV6}/128 port 0\n+rt ipv6 dst ${LOCAL_IPV6}/128 port 1\n+\n+#neighbours\n+neigh port 0 ${REMOTE_MAC}\n+neigh port 1 ${LOCAL_MAC}\n+EOF\n+\n+\tcat ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh\nnew file mode 100644\nindex 000000000..d68552fce\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh\n@@ -0,0 +1,67 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aescbc_sha1_common_defs.sh\n+\n+SGW_CMD_XPRM='-w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode transport replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode transport replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 4\n+\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode transport replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode transport replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh\nnew file mode 100644\nindex 000000000..f16222e11\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aescbc_sha1_esn_defs.sh\n+\n+SGW_CMD_XPRM='-e -a -w 300'\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh\nnew file mode 100644\nindex 000000000..ce7c977a3\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh\n@@ -0,0 +1,66 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aescbc_sha1_common_defs.sh\n+\n+SGW_CMD_XPRM='-e -w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh\nnew file mode 100644\nindex 000000000..a3abb6103\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aescbc_sha1_defs.sh\n+\n+SGW_CMD_XPRM=\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh\nnew file mode 100644\nindex 000000000..720e807e4\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh\n@@ -0,0 +1,60 @@\n+#! /bin/bash\n+\n+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev=\"crypto_aesni_gcm0\"'}\n+\n+#generate cfg file for ipsec-secgw\n+config_secgw()\n+{\n+\tcat <<EOF > ${SGW_CFG_FILE}\n+#SP in IPv4 rules\n+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv4 rules\n+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP in IPv6 rules\n+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv6 rules\n+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SA in rules\n+sa in 7 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+sa in 9 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#SA out rules\n+sa out 7 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+sa out 9 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode transport\n+\n+#Routing rules\n+rt ipv4 dst ${REMOTE_IPV4}/32 port 0\n+rt ipv4 dst ${LOCAL_IPV4}/32 port 1\n+\n+rt ipv6 dst ${REMOTE_IPV6}/128 port 0\n+rt ipv6 dst ${LOCAL_IPV6}/128 port 1\n+\n+#neighbours\n+neigh port 0 ${REMOTE_MAC}\n+neigh port 1 ${LOCAL_MAC}\n+EOF\n+\n+\tcat ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_defs.sh\nnew file mode 100644\nindex 000000000..8382d3d52\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_defs.sh\n@@ -0,0 +1,66 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aesgcm_common_defs.sh\n+\n+SGW_CMD_XPRM='-w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode transport replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode transport replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode transport replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode transport replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh\nnew file mode 100644\nindex 000000000..80d8d63b8\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aesgcm_esn_defs.sh\n+\n+SGW_CMD_XPRM='-e -a -w 300'\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh\nnew file mode 100644\nindex 000000000..94958d199\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh\n@@ -0,0 +1,66 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aesgcm_common_defs.sh\n+\n+SGW_CMD_XPRM='-e -w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl proto esp mode transport reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl proto esp mode transport reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh\nnew file mode 100644\nindex 000000000..951e6b68f\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/trs_aesgcm_defs.sh\n+\n+SGW_CMD_XPRM=\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh\nnew file mode 100644\nindex 000000000..4025da232\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh\n@@ -0,0 +1,68 @@\n+#! /bin/bash\n+\n+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev=\"crypto_aesni_mb0\"'}\n+\n+#generate cfg file for ipsec-secgw\n+config_secgw()\n+{\n+\tcat <<EOF > ${SGW_CFG_FILE}\n+#sp in IPv4 rules\n+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv4 rules\n+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#sp in IPv6 rules\n+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv6 rules\n+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SA in rules\n+sa in 7 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}\n+\n+sa in 9 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}\n+\n+#SA out rules\n+sa out 7 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}\n+\n+sa out 9 cipher_algo aes-128-cbc \\\n+cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+auth_algo sha1-hmac \\\n+auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}\n+\n+#Routing rules\n+rt ipv4 dst ${REMOTE_IPV4}/32 port 0\n+rt ipv4 dst ${LOCAL_IPV4}/32 port 1\n+\n+rt ipv6 dst ${REMOTE_IPV6}/128 port 0\n+rt ipv6 dst ${LOCAL_IPV6}/128 port 1\n+\n+#neighbours\n+neigh port 0 ${REMOTE_MAC}\n+neigh port 1 ${LOCAL_MAC}\n+EOF\n+\n+\tcat ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh\nnew file mode 100644\nindex 000000000..18aade3a9\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh\n@@ -0,0 +1,70 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aescbc_sha1_common_defs.sh\n+\n+SGW_CMD_XPRM='-w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp mode tunnel reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp mode tunnel reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp mode tunnel reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp mode tunnel reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode tunnel replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode tunnel replay-window 64 \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh\nnew file mode 100644\nindex 000000000..6b4a82149\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aescbc_sha1_esn_defs.sh\n+\n+SGW_CMD_XPRM='-e -a -w 300'\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh\nnew file mode 100644\nindex 000000000..28c1125d6\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh\n@@ -0,0 +1,70 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aescbc_sha1_common_defs.sh\n+\n+SGW_CMD_XPRM='-e -w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp mode tunnel reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp mode tunnel reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp mode tunnel reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp mode tunnel reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \\\n+auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \\\n+enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh\nnew file mode 100644\nindex 000000000..3c0d8d1b1\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aescbc_sha1_defs.sh\n+\n+SGW_CMD_XPRM=\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh\nnew file mode 100644\nindex 000000000..fba68c6a3\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh\n@@ -0,0 +1,60 @@\n+#! /bin/bash\n+\n+CRYPTO_DEV=${CRYPTO_DEV:-'--vdev=\"crypto_aesni_gcm0\"'}\n+\n+#generate cfg file for ipsec-secgw\n+config_secgw()\n+{\n+\tcat <<EOF > ${SGW_CFG_FILE}\n+#sp in IPv4 rules\n+sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv4 rules\n+sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \\\n+sport 0:65535 dport 0:65535\n+sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#sp in IPv6 rules\n+sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SP out IPv6 rules\n+sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \\\n+sport 0:65535 dport 0:65535\n+sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535\n+\n+#SA in rules\n+sa in 7 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}\n+\n+sa in 9 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}\n+\n+#SA out rules\n+sa out 7 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}\n+\n+sa out 9 aead_algo aes-128-gcm \\\n+aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \\\n+mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}\n+\n+#Routing rules\n+rt ipv4 dst ${REMOTE_IPV4}/32 port 0\n+rt ipv4 dst ${LOCAL_IPV4}/32 port 1\n+\n+rt ipv6 dst ${REMOTE_IPV6}/128 port 0\n+rt ipv6 dst ${LOCAL_IPV6}/128 port 1\n+\n+#neighbours\n+neigh port 0 ${REMOTE_MAC}\n+neigh port 1 ${LOCAL_MAC}\n+EOF\n+\n+\tcat ${SGW_CFG_FILE}\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_defs.sh\nnew file mode 100644\nindex 000000000..8ae65321b\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_defs.sh\n@@ -0,0 +1,70 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aesgcm_common_defs.sh\n+\n+SGW_CMD_XPRM='-w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp mode tunnel reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp mode tunnel reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode tunnel replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode tunnel replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp mode tunnel reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp mode tunnel reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode tunnel replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode tunnel replay-window 64 \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh\nnew file mode 100644\nindex 000000000..dab1460c8\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aesgcm_esn_defs.sh\n+\n+SGW_CMD_XPRM='-e -a -w 300'\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh\nnew file mode 100644\nindex 000000000..606232349\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh\n@@ -0,0 +1,70 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aesgcm_common_defs.sh\n+\n+SGW_CMD_XPRM='-e -w 300'\n+\n+config_remote_xfrm()\n+{\n+\tssh ${REMOTE_HOST} ip xfrm policy flush\n+\tssh ${REMOTE_HOST} ip xfrm state flush\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp mode tunnel reqid 1\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp mode tunnel reqid 2\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \\\n+proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \\\n+proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\n+\n+config6_remote_xfrm()\n+{\n+\tconfig_remote_xfrm\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+dir out ptype main action allow \\\n+tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp mode tunnel reqid 3\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+dir in ptype main action allow \\\n+tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp mode tunnel reqid 4\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \\\n+proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm state add \\\n+src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \\\n+proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \\\n+aead \"rfc4106\\(gcm\\(aes\\)\\)\" \\\n+0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128\n+\n+\tssh ${REMOTE_HOST} ip xfrm policy list\n+\tssh ${REMOTE_HOST} ip xfrm state list\n+}\ndiff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh\nnew file mode 100644\nindex 000000000..e0a015e21\n--- /dev/null\n+++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh\n@@ -0,0 +1,5 @@\n+#! /bin/bash\n+\n+. ${DIR}/tun_aesgcm_defs.sh\n+\n+SGW_CMD_XPRM=\n",
    "prefixes": [
        "v4",
        "8/9"
    ]
}