Add example files to illustrate the pipeline IPsec support.
Signed-off-by: Cristian Dumitrescu <cristian.dumitre...@intel.com>
Signed-off-by: Kamalakannan R <kamalakanna...@intel.com>
---
examples/pipeline/examples/ipsec.cli | 57 +++++++
examples/pipeline/examples/ipsec.io | 23 +++
examples/pipeline/examples/ipsec.spec | 138 +++++++++++++++
examples/pipeline/examples/ipsec_sa.txt | 216 ++++++++++++++++++++++++
4 files changed, 434 insertions(+)
create mode 100644 examples/pipeline/examples/ipsec.cli
create mode 100644 examples/pipeline/examples/ipsec.io
create mode 100644 examples/pipeline/examples/ipsec.spec
create mode 100644 examples/pipeline/examples/ipsec_sa.txt
diff --git a/examples/pipeline/examples/ipsec.cli
b/examples/pipeline/examples/ipsec.cli
new file mode 100644
index 0000000000..8cb5bf4239
--- /dev/null
+++ b/examples/pipeline/examples/ipsec.cli
@@ -0,0 +1,57 @@
+; SPDX-License-Identifier: BSD-3-Clause
+; Copyright(c) 2022 Intel Corporation
+
+# Example command line:
+# ./build/examples/dpdk-pipeline -l0-1 --vdev crypto_aesni_mb0 -- -s
./examples/pipeline/examples/ipsec.cli
+#
+# Once the application has started, the command to get the CLI prompt is:
+# telnet 0.0.0.0 8086
+
+;
+; Pipeline code generation & shared object library build.
+;
+pipeline codegen ./examples/pipeline/examples/ipsec.spec /tmp/ipsec.c
+pipeline libbuild /tmp/ipsec.c /tmp/ipsec.so
+
+;
+; List of DPDK devices.
+;
+; Note: Customize the parameters below to match your setup.
+;
+mempool MEMPOOL0 meta 128 pkt 2176 pool 32K cache 256 numa 0
+ethdev 0000:18:00.0 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on
+ethdev 0000:18:00.1 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on
+ethdev 0000:3b:00.0 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on
+ethdev 0000:3b:00.1 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on
+
+cryptodev crypto_aesni_mb0 queues 1 qsize 128
+ring RING0 size 1024 numa 0
+ring RING1 size 1024 numa 0
+
+;
+; List of pipelines.
+;
+pipeline PIPELINE0 build lib /tmp/ipsec.so io
./examples/pipeline/examples/ipsec.io numa 0
+
+;
+; List of IPsec devices.
+;
+ipsec IPSEC0 create in RING0 out RING1 cryptodev crypto_aesni_mb0 cryptoq 0
bsz 32 32 32 32 samax 512 numa 0
+
+;
+; Initial set of table entries.
+;
+; The table entries can later be updated at run-time through the CLI commands.
+;
+//pipeline PIPELINE0 table policy_table add
./examples/pipeline/examples/ipsec_policy_table.txt
+//pipeline PIPELINE0 table routing_table add
./examples/pipeline/examples/ipsec_routing_table.txt
+//pipeline PIPELINE0 table nexthop_table add
./examples/pipeline/examples/ipsec_nexthop_table.txt
+//pipeline PIPELINE0 commit
+
+ipsec IPSEC0 sa add ./examples/pipeline/examples/ipsec_sa.txt
+
+;
+; Pipelines and blocks mapping to CPU threads.
+;
+pipeline PIPELINE0 enable thread 1
+block type ipsec instance IPSEC0 enable thread 1
diff --git a/examples/pipeline/examples/ipsec.io
b/examples/pipeline/examples/ipsec.io
new file mode 100644
index 0000000000..f5a3fcf961
--- /dev/null
+++ b/examples/pipeline/examples/ipsec.io
@@ -0,0 +1,23 @@
+; SPDX-License-Identifier: BSD-3-Clause
+; Copyright(c) 2022 Intel Corporation
+
+;
+; Pipeline packet mirroring.
+;
+mirroring slots 4 sessions 64
+
+;
+; Pipeline input ports.
+;
+; Note: Customize the parameters below to match your setup.
+;
+port in 0 ethdev 0000:18:00.0 rxq 0 bsz 32
+port in 1 ring RING1 bsz 32
+
+;
+; Pipeline output ports.
+;
+; Note: Customize the parameters below to match your setup.
+;
+port out 0 ethdev 0000:18:00.0 txq 0 bsz 32
+port out 1 ring RING0 bsz 32
diff --git a/examples/pipeline/examples/ipsec.spec
b/examples/pipeline/examples/ipsec.spec
new file mode 100644
index 0000000000..09aa831881
--- /dev/null
+++ b/examples/pipeline/examples/ipsec.spec
@@ -0,0 +1,138 @@
+; SPDX-License-Identifier: BSD-3-Clause
+; Copyright(c) 2020 Intel Corporation
+
+//
+// Headers
+//
+struct ethernet_h {
+ bit<48> dst_addr
+ bit<48> src_addr
+ bit<16> ethertype
+}
+
+struct ipv4_h {
+ bit<8> ver_ihl
+ bit<8> diffserv
+ bit<16> total_len
+ bit<16> identification
+ bit<16> flags_offset
+ bit<8> ttl
+ bit<8> protocol
+ bit<16> hdr_checksum
+ bit<32> src_addr
+ bit<32> dst_addr
+}
+
+struct udp_h {
+ bit<16> src_port
+ bit<16> dst_port
+ bit<16> length
+ bit<16> checksum
+}
+
+struct ipsec_internal_h {
+ bit<32> sa_id
+}
+
+header ethernet instanceof ethernet_h
+header ipv4 instanceof ipv4_h
+header udp instanceof udp_h
+header ipsec_internal instanceof ipsec_internal_h
+
+//
+// Meta-data
+//
+struct metadata_t {
+ bit<32> port_in
+ bit<32> port_out
+
+ bit<32> src_addr
+ bit<32> dst_addr
+ bit<8> protocol
+ bit<16> src_port
+ bit<16> dst_port
+}
+
+metadata instanceof metadata_t
+
+//
+// Actions
+//
+struct encrypt_args_t {
+ bit<32> sa_id
+}
+
+action encrypt args instanceof encrypt_args_t {
+ //Set the IPsec internal header.
+ validate h.ipsec_internal
+ mov h.ipsec_internal.sa_id t.sa_id
+
+ return
+}
+
+action drop args none {
+ drop
+}
+
+//
+// Tables.
+//
+table policy_table {
+ key {
+ m.src_addr exact
+ m.dst_addr exact
+ m.protocol exact
+ m.src_port exact
+ m.dst_port exact
+ }
+
+ actions {
+ encrypt
+ drop
+ }
+
+ default_action encrypt args sa_id 0
+ size 65536
+}
+
+//
+// Pipeline.
+//
+apply {
+ rx m.port_in
+
+ jmpeq FROM_IPSEC_TO_NET m.port_in 1
+
+FROM_NET_TO_IPSEC : extract h.ethernet
+
+ extract h.ipv4
+ mov m.src_addr h.ipv4.src_addr
+ mov m.dst_addr h.ipv4.dst_addr
+ mov m.protocol h.ipv4.protocol
+
+ extract h.udp
+ mov m.src_port h.udp.src_port
+ mov m.dst_port h.udp.dst_port
+
+ table policy_table
+
+ mov m.port_out 1
+
+ emit h.ipsec_internal
+ emit h.ipv4
+ emit h.udp
+ tx m.port_out
+
+FROM_IPSEC_TO_NET : extract h.ipv4
+
+ validate h.ethernet
+ mov h.ethernet.dst_addr 0xa0b0c0d0e0f0
+ mov h.ethernet.src_addr 0xa1b1c1d1e1f1
+ mov h.ethernet.ethertype 0x0800
+
+ mov m.port_out 0
+
+ emit h.ethernet
+ emit h.ipv4
+ tx m.port_out
+}
diff --git a/examples/pipeline/examples/ipsec_sa.txt
b/examples/pipeline/examples/ipsec_sa.txt
new file mode 100644
index 0000000000..37bfd8a9ce
--- /dev/null
+++ b/examples/pipeline/examples/ipsec_sa.txt
@@ -0,0 +1,216 @@
+; SPDX-License-Identifier: BSD-3-Clause
+; Copyright(c) 2022 Intel Corporation
+
+// IPsec SA syntax:
+//
+// <sa>
+// : encrypt <crypto_params> <encap_params>
+// | decrypt <crypto_params> <encap_params>
+// ;
+//
+// <crypto_params>
+// : <cipher> <auth>
+// | <aead>
+// ;
+//
+// <cipher>
+// : cipher <ciher_alg> key <cipher_key>
+// | cipher <cipher_alg>
+// ;
+//
+// <auth>
+// : auth <authentication_alg> key <authentication_key>
+// | auth <authentication_alg>
+// ;
+//
+// <aead>
+// : aead <aead_alg> key <aead_key>
+// ;
+//
+// <encap_params>
+// : esp spi <spi> tunnel ipv4 srcaddr <ipv4_src_addr> dstaddr
<ipv4_dst_addr>
+// | esp spi <spi> tunnel ipv6 srcaddr <ipv6_src_addr> dstaddr
<ipv6_dst_addr>
+// | esp spi <spi> transport
+// ;
+
+//
+// cipher = null, auth = null
+//
+encrypt cipher null auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3
dstaddr 0xb0b1b2b3
+encrypt cipher null auth null esp spi 100 tunnel ipv6 srcaddr
0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher null auth null esp spi 100 transport
+decrypt cipher null auth null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3
dstaddr 0xb0b1b2b3
+decrypt cipher null auth null esp spi 100 tunnel ipv6 srcaddr
0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher null auth null esp spi 100 transport
+
+//
+// aes-gcm-128
+//
+encrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 transport
+decrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt aead aes-gcm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 transport
+
+//
+// aes-gcm-192
+//
+encrypt aead aes-gcm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel
ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt aead aes-gcm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel
ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt aead aes-gcm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 transport
+decrypt aead aes-gcm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel
ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt aead aes-gcm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel
ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt aead aes-gcm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 transport
+
+//
+// aes-gcm-256
+//
+encrypt aead aes-gcm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt aead aes-gcm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt aead aes-gcm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 transport
+decrypt aead aes-gcm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt aead aes-gcm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt aead aes-gcm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 transport
+
+//
+// aes-ccm-128
+//
+encrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 transport
+decrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt aead aes-ccm-128 key 0x000102030405060708090a0b0c0d0e0f10111213 esp
spi 100 transport
+
+//
+// aes-ccm-192
+//
+// Note: Currently not supported by the "aesni_mb" library.
+//
+;encrypt aead aes-ccm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel
ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+;encrypt aead aes-ccm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel
ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+;encrypt aead aes-ccm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 transport
+;decrypt aead aes-ccm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel
ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+;decrypt aead aes-ccm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 tunnel
ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+;decrypt aead aes-ccm-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b esp spi 100 transport
+
+//
+// aes-ccm-256
+//
+encrypt aead aes-ccm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt aead aes-ccm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt aead aes-ccm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 transport
+decrypt aead aes-ccm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt aead aes-ccm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt aead aes-ccm-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 transport
+
+//
+// chacha20-poly1305
+//
+encrypt aead chacha20-poly1305 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt aead chacha20-poly1305 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt aead chacha20-poly1305 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 transport
+decrypt aead chacha20-poly1305 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt aead chacha20-poly1305 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt aead chacha20-poly1305 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 esp
spi 100 transport
+
+//
+// cipher = aes-cbc-128, auth = null
+//
+encrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null
esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null
esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null
esp spi 100 transport
+decrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null
esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null
esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher aes-cbc-128 key 0x000102030405060708090a0b0c0d0e0f auth null
esp spi 100 transport
+
+//
+// cipher = aes-cbc-192, auth = null
+//
+encrypt cipher aes-cbc-192 key
0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 tunnel
ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher aes-cbc-192 key
0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 tunnel
ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher aes-cbc-192 key
0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100
transport
+decrypt cipher aes-cbc-192 key
0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 tunnel
ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher aes-cbc-192 key
0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100 tunnel
ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher aes-cbc-192 key
0x000102030405060708090a0b0c0d0e0f1011121314151617 auth null esp spi 100
transport
+
+//
+// cipher = aes-cbc-256, auth = null
+//
+encrypt cipher aes-cbc-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null
esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher aes-cbc-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null
esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher aes-cbc-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null
esp spi 100 transport
+decrypt cipher aes-cbc-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null
esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher aes-cbc-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null
esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher aes-cbc-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f auth null
esp spi 100 transport
+
+//
+// cipher = aes-ctr-128, auth = null
+//
+encrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth
null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth
null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth
null esp spi 100 transport
+decrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth
null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth
null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher aes-ctr-128 key 0x000102030405060708090a0b0c0d0e0f10111213 auth
null esp spi 100 transport
+
+//
+// cipher = aes-ctr-192, auth = null
+//
+encrypt cipher aes-ctr-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi
100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher aes-ctr-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi
100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher aes-ctr-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi
100 transport
+decrypt cipher aes-ctr-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi
100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher aes-ctr-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi
100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher aes-ctr-192 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b auth null esp spi
100 transport
+
+//
+// cipher = aes-ctr-256, auth = null
+//
+encrypt cipher aes-ctr-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth
null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher aes-ctr-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth
null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher aes-ctr-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth
null esp spi 100 transport
+decrypt cipher aes-ctr-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth
null esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher aes-ctr-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth
null esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher aes-ctr-256 key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223 auth
null esp spi 100 transport
+
+//
+// cipher = null, auth = sha1-hmac
+//
+encrypt cipher null auth sha1-hmac key
0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv4 srcaddr
0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher null auth sha1-hmac key
0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv6 srcaddr
0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher null auth sha1-hmac key
0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 transport
+decrypt cipher null auth sha1-hmac key
0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv4 srcaddr
0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher null auth sha1-hmac key
0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 tunnel ipv6 srcaddr
0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher null auth sha1-hmac key
0x000102030405060708090a0b0c0d0e0f10111213 esp spi 100 transport
+
+//
+// cipher = null, auth = sha256-hmac
+//
+encrypt cipher null auth sha256-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100
tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher null auth sha256-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100
tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher null auth sha256-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100
transport
+decrypt cipher null auth sha256-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100
tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher null auth sha256-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100
tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher null auth sha256-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f esp spi 100
transport
+
+//
+// cipher = null, auth = sha384-hmac
+//
+encrypt cipher null auth sha384-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher null auth sha384-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher null auth sha384-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
esp spi 100 transport
+decrypt cipher null auth sha384-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher null auth sha384-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher null auth sha384-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
esp spi 100 transport
+
+//
+// cipher = null, auth = sha512-hmac
+//
+encrypt cipher null auth sha512-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+encrypt cipher null auth sha512-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+encrypt cipher null auth sha512-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
esp spi 100 transport
+decrypt cipher null auth sha512-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
esp spi 100 tunnel ipv4 srcaddr 0xa0a1a2a3 dstaddr 0xb0b1b2b3
+decrypt cipher null auth sha512-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
esp spi 100 tunnel ipv6 srcaddr 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf dstaddr
b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
+decrypt cipher null auth sha512-hmac key
0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
esp spi 100 transport
--
2.34.1
