Pau Espin Pedrol | a674d61 | 2024-05-14 19:56:33 +0200 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | |
| 3 | # use: ipset_setup.sh \ |
| 4 | # $LOC_IP $LOC_PORT_C $LOC_SPI_C $LOC_PORT_S $LOC_SPI_S \ |
| 5 | # $REM_IP $REM_PORT_C $REM_SPI_C $REM_PORT_S $REM_SPI_S \ |
| 6 | # $AUTH_KEY |
| 7 | |
| 8 | LOC_IP="${1}" |
| 9 | LOC_PORT_C="${2}" |
| 10 | LOC_SPI_C="${3}" |
| 11 | LOC_PORT_S="${4}" |
| 12 | LOC_SPI_S="${5}" |
| 13 | REM_IP="${6}" |
| 14 | REM_PORT_C="${7}" |
| 15 | REM_SPI_C="${8}" |
| 16 | REM_PORT_S="${9}" |
| 17 | REM_SPI_S="${10}" |
| 18 | AUTH_KEY="${11}" |
| 19 | |
| 20 | set -x |
| 21 | |
| 22 | # Clean up state from previous tests: |
| 23 | ip xfrm policy flush |
| 24 | ip xfrm state flush |
| 25 | |
| 26 | # use: ip_xfrm <src_ip> <src_port> <dst_ip> <dst_port> <spi> |
| 27 | ip_xfrm_state() { |
| 28 | ip xfrm state add \ |
| 29 | src "${1}" dst "${3}" proto esp spi "${5}" reqid "${5}" mode transport \ |
| 30 | replay-window 32 \ |
| 31 | auth-trunc sha1 "${AUTH_KEY}" 96 \ |
| 32 | enc cipher_null "" \ |
| 33 | sel src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" |
| 34 | } |
| 35 | |
| 36 | # TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C |
| 37 | ip_xfrm_state "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}" |
| 38 | |
| 39 | # TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S |
| 40 | ip_xfrm_state "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}" |
| 41 | |
| 42 | # Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S |
| 43 | ip_xfrm_state "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}" |
| 44 | |
| 45 | # Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C |
| 46 | ip_xfrm_state "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}" |
| 47 | |
| 48 | # use: ip_xfrm <src_ip> <src_port> <dst_ip> <dst_port> <req_id> <dir> |
| 49 | ip_xfrm_policy() { |
| 50 | ip xfrm policy add \ |
| 51 | src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" \ |
| 52 | dir "${6}" \ |
| 53 | tmpl src "${1}" dst "${3}" \ |
| 54 | proto esp reqid "${5}" mode transport |
| 55 | } |
| 56 | |
| 57 | # TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C out |
| 58 | ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}" "out" |
| 59 | |
| 60 | # TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S out |
| 61 | ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}" "out" |
| 62 | |
| 63 | # Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S in |
| 64 | ip_xfrm_policy "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}" "in" |
| 65 | |
| 66 | # Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C in |
| 67 | ip_xfrm_policy "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}" "in" |
| 68 | |
| 69 | #ip xfrm state |
| 70 | #ip xfrm policy |