| Filip Tehlar | d5a3380 | 2021-02-20 02:26:17 +0000 | [diff] [blame] | 1 | if [ -f ~/.vpp_sswan ]; then |
| 2 | . ~/.vpp_sswan |
| 3 | fi |
| 4 | |
| 5 | STARTUP_DIR="`pwd`" |
| 6 | SSWAN_CFG_DIR=/tmp/sswan |
| 7 | |
| 8 | start_vpp() { |
| 9 | sudo $VPP_BIN unix { \ |
| 10 | cli-listen /tmp/vpp_sswan.sock \ |
| 11 | gid $(id -g) } \ |
| 12 | api-segment { prefix vpp } \ |
| 13 | plugins { plugin dpdk_plugin.so { disable } } |
| 14 | } |
| 15 | |
| 16 | vppctl () { |
| 17 | sudo $VPPCTL -s /tmp/vpp_sswan.sock $@ |
| 18 | } |
| 19 | |
| 20 | initiator_conf() { |
| 21 | sudo rm -r $SSWAN_CFG_DIR |
| 22 | sudo mkdir -p $SSWAN_CFG_DIR |
| 23 | sudo cp configs/$TC_DIR/ipsec.conf $SSWAN_CFG_DIR/ipsec.conf |
| 24 | sudo cp configs/$TC_DIR/ipsec.secrets $SSWAN_CFG_DIR/ipsec.secrets |
| 25 | sudo cp configs/strongswan.conf $SSWAN_CFG_DIR/strongswan.conf |
| 26 | } |
| 27 | |
| 28 | config_topo () { |
| 29 | (sudo ip link add vpp type veth peer name swanif |
| 30 | sudo ip link set dev vpp up |
| 31 | |
| 32 | sudo ip netns add ns |
| 33 | sudo ip link add veth_priv type veth peer name priv |
| 34 | sudo ip link set dev priv up |
| 35 | sudo ip link set dev veth_priv up netns ns |
| 36 | |
| 37 | sudo ip netns exec ns \ |
| 38 | bash -c " |
| 39 | ip link set dev lo up |
| 40 | ip addr add 192.168.3.2/24 dev veth_priv |
| 41 | ip addr add fec3::2/16 dev veth_priv |
| 42 | ip route add 192.168.5.0/24 via 192.168.3.1 |
| 43 | ip route add fec5::0/16 via fec3::1 |
| 44 | ") &> /dev/null |
| 45 | |
| 46 | initiator_conf |
| 47 | (docker run --name sswan -d --privileged --rm --net=none \ |
| 48 | -v $SSWAN_CFG_DIR:/conf -v $SSWAN_CFG_DIR:/etc/ipsec.d philplckthun/strongswan) |
| 49 | |
| 50 | pid=$(docker inspect --format "{{.State.Pid}}" sswan) |
| 51 | sudo ip link set netns $pid dev swanif |
| 52 | |
| 53 | sudo nsenter -t $pid -n ip addr add 192.168.10.1/24 dev swanif |
| 54 | sudo nsenter -t $pid -n ip link set dev swanif up |
| 55 | |
| 56 | sudo nsenter -t $pid -n ip addr add 192.168.5.2/32 dev lo |
| 57 | sudo nsenter -t $pid -n ip link set dev lo up |
| 58 | |
| 59 | start_vpp |
| 60 | echo "vpp started.." |
| 61 | sleep 3 |
| 62 | |
| 63 | echo "exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf" |
| 64 | vppctl exec $STARTUP_DIR/configs/$TC_DIR/vpp.conf |
| 65 | sleep 3 |
| 66 | } |
| 67 | |
| 68 | initiate_from_sswan () { |
| 69 | echo "start initiation.." |
| 70 | sudo docker exec sswan ipsec up initiator |
| 71 | sleep 1 |
| 72 | } |
| 73 | |
| 74 | test_ping() { |
| 75 | sudo ip netns exec ns ping -c 1 192.168.5.2 |
| 76 | rc=$? |
| 77 | if [ $rc -ne 0 ] ; then |
| 78 | echo "Test failed!" |
| 79 | else |
| 80 | echo "Test passed." |
| 81 | fi |
| 82 | return $rc |
| 83 | } |
| 84 | |
| 85 | unconf_topo () { |
| 86 | docker stop sswan &> /dev/null |
| 87 | sudo pkill vpp |
| 88 | sudo ip netns delete ns |
| 89 | sleep 2 |
| 90 | } |
| 91 | |
| 92 | initiate_from_vpp () { |
| 93 | vppctl ikev2 initiate sa-init pr1 |
| 94 | sleep 2 |
| 95 | } |
| 96 | |
| 97 | #vpp as an responder |
| 98 | run_responder_test() { |
| 99 | config_topo |
| 100 | initiate_from_sswan |
| 101 | test_ping |
| 102 | rc=$? |
| 103 | unconf_topo |
| 104 | return ${rc} |
| 105 | } |
| 106 | |
| 107 | # vpp as an initiator |
| 108 | run_initiator_test() { |
| 109 | config_topo |
| 110 | initiate_from_vpp |
| 111 | test_ping |
| 112 | rc=$? |
| 113 | unconf_topo |
| 114 | return ${rc} |
| 115 | } |