extras/strongswan/topos/2_init.sh - fdio/vpp - Gitiles

 #
 # 2 initiators (strongswan), 1 responder (vpp) topology
 #

 if [ -f ~/.vpp_sswan ]; then
   . ~/.vpp_sswan
 fi

 STARTUP_DIR="`pwd`"
 SSWAN_CFG_DIR=/tmp/sswan

 vppctl () {
   sudo $VPPCTL -s /tmp/vpp_sswan.sock $@
 }

 start_vpp() {
   sudo $VPP_BIN unix { \
         cli-listen /tmp/vpp_sswan.sock \
         gid $(id -g) } \
         api-segment { prefix vpp } \
         plugins { plugin dpdk_plugin.so { disable } }
   sleep 5

   echo "exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf"
   vppctl exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf
   sleep 3
 }

 initiator_conf() {
   sudo rm -r $SSWAN_CFG_DIR$1
   sudo mkdir -p $SSWAN_CFG_DIR$1
   sudo cp configs/$TC_DIR/ipsec$1.conf $SSWAN_CFG_DIR$1/ipsec.conf
   sudo cp configs/$TC_DIR/ipsec.secrets $SSWAN_CFG_DIR$1/ipsec.secrets
   sudo cp configs/strongswan.conf $SSWAN_CFG_DIR$1/strongswan.conf
 }

 config_topo () {
   ns_name="ns"$1
   init_name="sswan"$1
   (sudo ip link add gw$1 type veth peer name veth_gw$1
   sudo ip link set dev gw$1 up

   sudo ip netns add $ns_name
   sudo ip link add veth_priv$1 type veth peer name priv$1
   sudo ip link set dev priv$1 up
   sudo ip link set dev veth_priv$1 up netns $ns_name

   sudo ip netns exec $ns_name \
     bash -c "
       ip link set dev lo up
       ip addr add 192.168.3.2/24 dev veth_priv$1
       ip addr add fec3::2/16 dev veth_priv$1
       ip route add 192.168.5.0/24 via 192.168.3.1
       ip route add fec5::0/16 via fec3::1
       ") &> /dev/null

   initiator_conf $1

   (docker run --name $init_name -d --privileged --rm --net=none \
   -v $SSWAN_CFG_DIR$1:/conf -v $SSWAN_CFG_DIR$1:/etc/ipsec.d philplckthun/strongswan)

   pid=$(docker inspect --format "{{.State.Pid}}" $init_name)
   sudo ip link set netns $pid dev veth_gw$1

   sudo nsenter -t $pid -n ip addr add 192.168.10.1/24 dev veth_gw$1
   sudo nsenter -t $pid -n ip link set dev veth_gw$1 up

   sudo nsenter -t $pid -n ip addr add 192.168.5.2/32 dev lo
   sudo nsenter -t $pid -n ip link set dev lo up
 }

 initiate_from_sswan () {
   echo "start initiation.."
   sudo docker exec sswan$1 ipsec up initiator
   sleep 3
 }

 test_ping() {
   sudo ip netns exec $1 ping -c 1 192.168.5.2
   rc=$?
   if [ $rc -ne 0 ] ; then
     echo "Test failed!"
   else
     echo "Test passed."
   fi
   return $rc
 }

 unconf_topo () {
   docker stop sswan1 &> /dev/null
   docker stop sswan2 &> /dev/null
   sudo pkill vpp
   sudo ip netns delete ns1
   sudo ip netns delete ns2
   sleep 2
 }

 initiate_from_vpp () {
   vppctl ikev2 initiate sa-init pr1
   sleep 2
 }

 #vpp as an responder
 run_responder_test() {
   unconf_topo
   config_topo "1"
   config_topo "2"
   start_vpp
   initiate_from_sswan "1"
   initiate_from_sswan "2"
   test_ping "ns2"
   test_ping "ns1"
 }
	#
	# 2 initiators (strongswan), 1 responder (vpp) topology
	#

	if [ -f ~/.vpp_sswan ]; then
	. ~/.vpp_sswan
	fi

	STARTUP_DIR="`pwd`"
	SSWAN_CFG_DIR=/tmp/sswan

	vppctl () {
	sudo $VPPCTL -s /tmp/vpp_sswan.sock $@
	}

	start_vpp() {
	sudo $VPP_BIN unix { \
	cli-listen /tmp/vpp_sswan.sock \
	gid $(id -g) } \
	api-segment { prefix vpp } \
	plugins { plugin dpdk_plugin.so { disable } }
	sleep 5

	echo "exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf"
	vppctl exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf
	sleep 3
	}

	initiator_conf() {
	sudo rm -r $SSWAN_CFG_DIR$1
	sudo mkdir -p $SSWAN_CFG_DIR$1
	sudo cp configs/$TC_DIR/ipsec$1.conf $SSWAN_CFG_DIR$1/ipsec.conf
	sudo cp configs/$TC_DIR/ipsec.secrets $SSWAN_CFG_DIR$1/ipsec.secrets
	sudo cp configs/strongswan.conf $SSWAN_CFG_DIR$1/strongswan.conf
	}

	config_topo () {
	ns_name="ns"$1
	init_name="sswan"$1
	(sudo ip link add gw$1 type veth peer name veth_gw$1
	sudo ip link set dev gw$1 up

	sudo ip netns add $ns_name
	sudo ip link add veth_priv$1 type veth peer name priv$1
	sudo ip link set dev priv$1 up
	sudo ip link set dev veth_priv$1 up netns $ns_name

	sudo ip netns exec $ns_name \
	bash -c "
	ip link set dev lo up
	ip addr add 192.168.3.2/24 dev veth_priv$1
	ip addr add fec3::2/16 dev veth_priv$1
	ip route add 192.168.5.0/24 via 192.168.3.1
	ip route add fec5::0/16 via fec3::1
	") &> /dev/null

	initiator_conf $1

	(docker run --name $init_name -d --privileged --rm --net=none \
	-v $SSWAN_CFG_DIR$1:/conf -v $SSWAN_CFG_DIR$1:/etc/ipsec.d philplckthun/strongswan)

	pid=$(docker inspect --format "{{.State.Pid}}" $init_name)
	sudo ip link set netns $pid dev veth_gw$1

	sudo nsenter -t $pid -n ip addr add 192.168.10.1/24 dev veth_gw$1
	sudo nsenter -t $pid -n ip link set dev veth_gw$1 up

	sudo nsenter -t $pid -n ip addr add 192.168.5.2/32 dev lo
	sudo nsenter -t $pid -n ip link set dev lo up
	}

	initiate_from_sswan () {
	echo "start initiation.."
	sudo docker exec sswan$1 ipsec up initiator
	sleep 3
	}

	test_ping() {
	sudo ip netns exec $1 ping -c 1 192.168.5.2
	rc=$?
	if [ $rc -ne 0 ] ; then
	echo "Test failed!"
	else
	echo "Test passed."
	fi
	return $rc
	}

	unconf_topo () {
	docker stop sswan1 &> /dev/null
	docker stop sswan2 &> /dev/null
	sudo pkill vpp
	sudo ip netns delete ns1
	sudo ip netns delete ns2
	sleep 2
	}

	initiate_from_vpp () {
	vppctl ikev2 initiate sa-init pr1
	sleep 2
	}

	#vpp as an responder
	run_responder_test() {
	unconf_topo
	config_topo "1"
	config_topo "2"
	start_vpp
	initiate_from_sswan "1"
	initiate_from_sswan "2"
	test_ping "ns2"
	test_ping "ns1"
	}