29 #define ikev2_set_state(sa, v) do { \ 31 clib_warning("sa state changed to " #v); \ 45 s =
format (s,
"ikev2: sw_if_index %d, next index %d",
52 #define foreach_ikev2_error \ 53 _(PROCESSED, "IKEv2 packets processed") \ 54 _(IKE_SA_INIT_RETRANSMIT, "IKE_SA_INIT retransmit ") \ 55 _(IKE_SA_INIT_IGNORE, "IKE_SA_INIT ignore (IKE SA already auth)") \ 56 _(IKE_REQ_RETRANSMIT, "IKE request retransmit") \ 57 _(IKE_REQ_IGNORE, "IKE request ignore (old msgid)") \ 58 _(NOT_IKEV2, "Non IKEv2 packets received") 61 #define _(sym,str) IKEV2_ERROR_##sym, 68 #define _(sym,string) string, 93 if (td->
type == IKEV2_TRANSFORM_TYPE_ENCR)
112 u8 mandatory_bitmap, optional_bitmap;
116 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_ENCR) |
117 (1 << IKEV2_TRANSFORM_TYPE_PRF) |
118 (1 << IKEV2_TRANSFORM_TYPE_INTEG) |
119 (1 << IKEV2_TRANSFORM_TYPE_DH);
120 optional_bitmap = mandatory_bitmap;
124 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_ENCR) |
125 (1 << IKEV2_TRANSFORM_TYPE_ESN);
126 optional_bitmap = mandatory_bitmap |
127 (1 << IKEV2_TRANSFORM_TYPE_INTEG) |
128 (1 << IKEV2_TRANSFORM_TYPE_DH);
132 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_INTEG) |
133 (1 << IKEV2_TRANSFORM_TYPE_ESN);
134 optional_bitmap = mandatory_bitmap |
135 (1 << IKEV2_TRANSFORM_TYPE_DH);
150 if ((1 << transform->
type) & bitmap)
155 bitmap |= 1 << transform->
type;
162 clib_warning(
"bitmap is %x mandatory is %x optional is %x",
163 bitmap, mandatory_bitmap, optional_bitmap);
165 if ((bitmap & mandatory_bitmap) == mandatory_bitmap &&
166 (bitmap & ~optional_bitmap) == 0)
170 RAND_bytes((
u8 *) &rv->
spi,
sizeof(rv->
spi));
313 if (sa->
dh_group == IKEV2_TRANSFORM_DH_TYPE_NONE)
321 if (t2->type == IKEV2_TRANSFORM_TYPE_DH &&
333 sa->
dh_group = IKEV2_TRANSFORM_DH_TYPE_NONE;
338 RAND_bytes((
u8 *) &sa->
rspi, 8);
368 spi[0] = clib_host_to_net_u64(sa->
ispi);
369 spi[1] = clib_host_to_net_u64(sa->
rspi);
470 u32 len = clib_net_to_host_u32(ike->length);
471 u8 payload = ike->nextpayload;
473 clib_warning(
"ispi %lx rspi %lx nextpayload %x version %x " 474 "exchange %x flags %x msgid %x length %u",
475 clib_net_to_host_u64(ike->ispi),
476 clib_net_to_host_u64(ike->rspi),
477 payload, ike->version,
478 ike->exchange, ike->flags,
479 clib_net_to_host_u32(ike->msgid),
482 sa->
ispi = clib_net_to_host_u64(ike->ispi);
489 ike_payload_header_t * ikep = (ike_payload_header_t *) &ike->payload[p];
490 u32 plen = clib_net_to_host_u16(ikep->length);
492 if (plen <
sizeof(ike_payload_header_t))
502 ike_ke_payload_header_t * ke = (ike_ke_payload_header_t *) ikep;
503 sa->
dh_group = clib_net_to_host_u16(ke->dh_group);
523 clib_warning(
"unknown payload %u flags %x length %u", payload, ikep->flags, plen);
531 payload = ikep->nextpayload;
544 u32 len = clib_net_to_host_u32(ike->length);
545 ike_payload_header_t * ikep = 0;
553 ikep = (ike_payload_header_t *) &ike->payload[p];
554 plen = clib_net_to_host_u16(ikep->length);
556 if (plen <
sizeof(*ikep))
561 clib_warning(
"received IKEv2 payload SK, len %u", plen - 4);
562 last_payload = *payload;
566 clib_warning(
"unknown payload %u flags %x length %u", payload, ikep->flags, plen);
574 *payload = ikep->nextpayload;
586 plen = plen -
sizeof(*ikep) - tr_integ->
key_trunc;
588 if (memcmp(hmac, &ikep->payload[plen], tr_integ->
key_trunc))
612 if (tmp->i_id.type != sa->i_id.type ||
613 vec_len(tmp->i_id.data) != vec_len(sa->i_id.data) ||
614 memcmp(sa->i_id.data, tmp->i_id.data, vec_len(sa->i_id.data)))
617 if (sa->rspi != tmp->rspi)
618 vec_add1(delete, tmp - km->sas);
621 for (i = 0; i <
vec_len(
delete); i++)
638 u32 len = clib_net_to_host_u32(ike->length);
639 u8 payload = ike->nextpayload;
642 ike_payload_header_t * ikep;
645 clib_warning(
"ispi %lx rspi %lx nextpayload %x version %x " 646 "exchange %x flags %x msgid %x length %u",
647 clib_net_to_host_u64(ike->ispi),
648 clib_net_to_host_u64(ike->rspi),
649 payload, ike->version,
650 ike->exchange, ike->flags,
651 clib_net_to_host_u32(ike->msgid),
662 goto cleanup_and_exit;
674 ikep = (ike_payload_header_t *) &plaintext[p];
675 plen = clib_net_to_host_u16(ikep->length);
677 if (plen <
sizeof(ike_payload_header_t))
678 goto cleanup_and_exit;
682 clib_warning(
"received payload SA, len %u", plen -
sizeof(*ikep));
688 ike_id_payload_header_t *
id = (ike_id_payload_header_t *) ikep;
695 plen -
sizeof(*
id), id->id_type);
699 ike_auth_payload_header_t *
a = (ike_auth_payload_header_t *) ikep;
705 clib_warning(
"received payload AUTH, len %u auth_type %u",
706 plen -
sizeof(*a), a->auth_method);
711 if (n->
msg_type == IKEV2_NOTIFY_MSG_INITIAL_CONTACT)
723 clib_warning(
"received payload TSi, len %u", plen -
sizeof(*ikep));
730 clib_warning(
"received payload TSr, len %u", plen -
sizeof(*ikep));
737 clib_warning(
"unknown payload %u flags %x length %u data %u",
738 payload, ikep->flags, plen - 4,
748 payload = ikep->nextpayload;
760 u32 len = clib_net_to_host_u32(ike->length);
761 u8 payload = ike->nextpayload;
764 ike_payload_header_t * ikep;
767 clib_warning(
"ispi %lx rspi %lx nextpayload %x version %x " 768 "exchange %x flags %x msgid %x length %u",
769 clib_net_to_host_u64(ike->ispi),
770 clib_net_to_host_u64(ike->rspi),
771 payload, ike->version,
772 ike->exchange, ike->flags,
773 clib_net_to_host_u32(ike->msgid),
779 goto cleanup_and_exit;
785 ikep = (ike_payload_header_t *) &plaintext[p];
786 plen = clib_net_to_host_u16(ikep->length);
788 if (plen <
sizeof(ike_payload_header_t))
789 goto cleanup_and_exit;
794 if (n->
msg_type == IKEV2_NOTIFY_MSG_AUTHENTICATION_FAILED)
808 clib_warning(
"unknown payload %u flags %x length %u data %u",
809 payload, ikep->flags, plen - 4,
818 payload = ikep->nextpayload;
830 u32 len = clib_net_to_host_u32(ike->length);
831 u8 payload = ike->nextpayload;
836 ike_payload_header_t * ikep;
844 clib_warning(
"ispi %lx rspi %lx nextpayload %x version %x " 845 "exchange %x flags %x msgid %x length %u",
846 clib_net_to_host_u64(ike->ispi),
847 clib_net_to_host_u64(ike->rspi),
848 payload, ike->version,
849 ike->exchange, ike->flags,
850 clib_net_to_host_u32(ike->msgid),
856 goto cleanup_and_exit;
862 ikep = (ike_payload_header_t *) &plaintext[p];
863 plen = clib_net_to_host_u16(ikep->length);
865 if (plen <
sizeof(ike_payload_header_t))
866 goto cleanup_and_exit;
875 if (n->
msg_type == IKEV2_NOTIFY_MSG_REKEY_SA)
890 clib_memcpy(i_nonce, ikep->payload, plen -
sizeof(*ikep));
902 clib_warning(
"unknown payload %u flags %x length %u data %u",
903 payload, ikep->flags, plen - 4,
912 payload = ikep->nextpayload;
923 goto cleanup_and_exit;
1010 if (p->rem_id.type != sa->i_id.type ||
1011 vec_len(p->rem_id.data) != vec_len(sa->i_id.data) ||
1012 memcmp(p->rem_id.data, sa->i_id.data, vec_len(p->rem_id.data)))
1015 vec_foreach(ts, sa->childs[0].tsi)
1017 if (ikev2_ts_cmp(&p->rem_ts, ts))
1026 if (ikev2_ts_cmp(&p->loc_ts, ts))
1040 sa->childs[0].tsi = tsi;
1041 sa->childs[0].tsr = tsr;
1056 u8 * authmsg, * key_pad, * psk = 0, * auth = 0;
1062 if (!(sa->
i_auth.
method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC ||
1076 if (p->rem_id.type != sa->i_id.type ||
1077 vec_len(p->rem_id.data) != vec_len(sa->i_id.data) ||
1078 memcmp(p->rem_id.data, sa->i_id.data, vec_len(p->rem_id.data)))
1081 if (sa->i_auth.method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1083 if (!p->auth.data ||
1084 p->auth.method != IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1087 psk = ikev2_calc_prf(tr_prf, p->auth.data, key_pad);
1088 auth = ikev2_calc_prf(tr_prf, psk, authmsg);
1090 if (!memcmp(auth, sa->i_auth.data, vec_len(sa->i_auth.data)))
1092 ikev2_set_state(sa, IKEV2_STATE_AUTHENTICATED);
1099 else if (sa->
i_auth.
method == IKEV2_AUTH_METHOD_RSA_SIG)
1101 if (p->auth.method != IKEV2_AUTH_METHOD_RSA_SIG)
1104 if (ikev2_verify_sign(p->auth.key, sa->i_auth.data, authmsg) == 1)
1106 ikev2_set_state(sa, IKEV2_STATE_AUTHENTICATED);
1121 sa->r_id.data =
vec_dup(sel_p->loc_id.data);
1122 sa->r_id.type = sel_p->loc_id.type;
1126 if (sel_p->auth.method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1129 sa->r_auth.method = IKEV2_AUTH_METHOD_SHARED_KEY_MIC;
1131 else if (sel_p->auth.method == IKEV2_AUTH_METHOD_RSA_SIG)
1134 sa->r_auth.method = IKEV2_AUTH_METHOD_RSA_SIG;
1186 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_128;
1189 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_192;
1192 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_256;
1215 if (tr->
integ_type != IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96)
1228 if (hw_if_index == VNET_API_ERROR_INVALID_VALUE)
1230 clib_warning(
"create tunnel interface failed remote-ip %U remote-spi %u",
1250 IPSEC_INTEG_ALG_SHA1_96,
1255 IPSEC_INTEG_ALG_SHA1_96,
1282 ike_payload_header_t * ph;
1300 else if (sa->
dh_group == IKEV2_TRANSFORM_DH_TYPE_NONE)
1307 data[0] = (tr_dh->
dh_type >> 8) & 0xff;
1308 data[1] = (tr_dh->
dh_type) & 0xff;
1320 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1326 ike->rspi = clib_host_to_net_u64(sa->
rspi);
1367 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1410 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1433 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1448 tlen =
sizeof(*ike);
1455 ike->length = clib_host_to_net_u32(tlen);
1469 ph = (ike_payload_header_t *) &ike->payload[0];
1480 ph->length = clib_host_to_net_u16(plen);
1481 ike->length = clib_host_to_net_u32(tlen);
1510 if (sa->ispi == clib_net_to_host_u64(ike->ispi) &&
1511 sa->iaddr.as_u32 == iaddr.as_u32 &&
1512 sa->raddr.as_u32 == raddr.as_u32)
1515 u32 len = clib_net_to_host_u32(ike->length);
1516 u8 payload = ike->nextpayload;
1518 while (p < len && payload!= IKEV2_PAYLOAD_NONE) {
1519 ike_payload_header_t * ikep = (ike_payload_header_t *) &ike->payload[p];
1520 u32 plen = clib_net_to_host_u16(ikep->length);
1522 if (plen < sizeof(ike_payload_header_t))
1525 if (payload == IKEV2_PAYLOAD_NONCE)
1527 if (!memcmp(sa->i_nonce, ikep->payload, plen - sizeof(*ikep)))
1530 if (sa->state == IKEV2_STATE_SA_INIT)
1533 tmp = (ike_header_t*)sa->last_sa_init_res_packet_data;
1534 ike->ispi = tmp->ispi;
1535 ike->rspi = tmp->rspi;
1536 ike->nextpayload = tmp->nextpayload;
1537 ike->version = tmp->version;
1538 ike->exchange = tmp->exchange;
1539 ike->flags = tmp->flags;
1540 ike->msgid = tmp->msgid;
1541 ike->length = tmp->length;
1542 clib_memcpy(ike->payload, tmp->payload,
1543 clib_net_to_host_u32(tmp->length) - sizeof(*ike));
1544 clib_warning(
"IKE_SA_INIT retransmit from %U to %U",
1545 format_ip4_address, &raddr,
1546 format_ip4_address, &iaddr);
1552 clib_warning(
"IKE_SA_INIT ignore from %U to %U",
1553 format_ip4_address, &raddr,
1554 format_ip4_address, &iaddr);
1559 payload = ikep->nextpayload;
1572 u32 msg_id = clib_net_to_host_u32(ike->msgid);
1585 ike->ispi = tmp->ispi;
1586 ike->rspi = tmp->rspi;
1587 ike->nextpayload = tmp->nextpayload;
1588 ike->version = tmp->version;
1589 ike->exchange = tmp->exchange;
1590 ike->flags = tmp->flags;
1591 ike->msgid = tmp->msgid;
1592 ike->length = tmp->length;
1594 clib_net_to_host_u32(tmp->length) -
sizeof(*ike));
1617 u32 n_left_from, * from, * to_next;
1625 while (n_left_from > 0)
1631 while (n_left_from > 0 && n_left_to_next > 0)
1639 ike_header_t * ike0;
1650 n_left_to_next -= 1;
1662 IKEV2_ERROR_NOT_IKEV2, 1);
1670 memset (sa0, 0,
sizeof (*sa0));
1672 if (ike0->rspi == 0)
1681 IKEV2_ERROR_IKE_SA_INIT_RETRANSMIT,
1683 len = clib_net_to_host_u32(ike0->length);
1689 IKEV2_ERROR_IKE_SA_INIT_IGNORE,
1735 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1737 len = clib_net_to_host_u32(ike0->length);
1743 IKEV2_ERROR_IKE_REQ_IGNORE,
1773 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1775 len = clib_net_to_host_u32(ike0->length);
1781 IKEV2_ERROR_IKE_REQ_IGNORE,
1826 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1828 len = clib_net_to_host_u32(ike0->length);
1834 IKEV2_ERROR_IKE_REQ_IGNORE,
1859 clib_warning(
"IKEv2 exchange %u packet received from %U to %U",
1900 n_left_to_next, bi0, next0);
1907 IKEV2_ERROR_PROCESSED, frame->
n_vectors);
1914 .vector_size =
sizeof (
u32),
1967 memset(p, 0,
sizeof(*p));
1987 u8 * auth_data,
u8 data_hex_format)
2001 p->
auth.
hex = data_hex_format;
2003 if (auth_method == IKEV2_AUTH_METHOD_RSA_SIG)
2022 if (id_type > IKEV2_ID_TYPE_ID_RFC822_ADDR && id_type < IKEV2_ID_TYPE_ID_KEY_ID)
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
static int ikev2_retransmit_sa_init(ike_header_t *ike, ip4_address_t iaddr, ip4_address_t raddr)
void ikev2_payload_add_nonce(ikev2_payload_chain_t *c, u8 *nonce)
static u8 * format_ikev2_trace(u8 *s, va_list *args)
#define hash_set(h, key, value)
sll srl srl sll sra u16x4 i
#define IKEV2_PAYLOAD_NONCE
void ikev2_payload_add_notify(ikev2_payload_chain_t *c, u16 msg_type, u8 *data)
static int ikev2_delete_tunnel_interface(vnet_main_t *vnm, ikev2_sa_t *sa, ikev2_child_sa_t *child)
#define hash_unset(h, key)
always_inline void mhash_init_vec_string(mhash_t *h, uword n_value_bytes)
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
void ikev2_payload_add_sa(ikev2_payload_chain_t *c, ikev2_sa_proposal_t *proposals)
static void ikev2_calc_keys(ikev2_sa_t *sa)
ikev2_sa_proposal_t * ikev2_parse_sa_payload(ike_payload_header_t *ikep)
#define IKEV2_PAYLOAD_NONE
ikev2_profile_t * profiles
ikev2_ts_t * ikev2_parse_ts_payload(ike_payload_header_t *ikep)
uword mhash_unset(mhash_t *h, void *key, uword *old_value)
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
#define IKEV2_EXCHANGE_SA_INIT
#define IKEV2_PAYLOAD_VENDOR
struct _vlib_node_registration vlib_node_registration_t
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
void ikev2_payload_add_ke(ikev2_payload_chain_t *c, u16 dh_group, u8 *dh_data)
static void ikev2_generate_sa_init_data(ikev2_sa_t *sa)
#define IKEV2_PAYLOAD_TSR
static void ikev2_delete_sa(ikev2_sa_t *sa)
u8 * last_sa_init_res_packet_data
always_inline void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
ikev2_notify_t * ikev2_parse_notify_payload(ike_payload_header_t *ikep)
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
#define vec_add(V, E, N)
Add N elements to end of vector V (no header, unspecified alignment)
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
u32 ipsec_add_del_tunnel_if(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args)
vnet_main_t * vnet_get_main(void)
#define IKEV2_PAYLOAD_DELETE
#define pool_foreach(VAR, POOL, BODY)
ikev2_sa_proposal_t * r_proposals
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
EVP_PKEY * ikev2_load_cert_file(u8 *file)
static ikev2_sa_transform_t * ikev2_find_transform_data(ikev2_sa_transform_t *t)
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
EVP_PKEY * ikev2_load_key_file(u8 *file)
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
void ikev2_parse_vendor_payload(ike_payload_header_t *ikep)
void ikev2_payload_add_id(ikev2_payload_chain_t *c, ikev2_id_t *id, u8 type)
#define IKEV2_PAYLOAD_NOTIFY
static void ikev2_sa_match_ts(ikev2_sa_t *sa)
#define clib_warning(format, args...)
ikev2_sa_proposal_t * i_proposals
static void ikev2_sa_auth(ikev2_sa_t *sa)
#define vlib_call_init_function(vm, x)
#define ikev2_set_state(sa, v)
#define ikev2_payload_destroy_chain(V)
always_inline void * vlib_frame_vector_args(vlib_frame_t *f)
ikev2_sa_transform_t * transforms
#define IKEV2_EXCHANGE_CREATE_CHILD_SA
static void ikev2_initial_contact_cleanup(ikev2_sa_t *sa)
static ikev2_profile_t * ikev2_profile_index_by_name(u8 *name)
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
#define pool_elt_at_index(p, i)
u8 * last_sa_init_req_packet_data
u16 current_length
Nbytes between current data and the end of this buffer.
#define IKEV2_PAYLOAD_IDR
static int ikev2_create_tunnel_interface(vnet_main_t *vnm, ikev2_sa_t *sa, ikev2_child_sa_t *child)
uword mhash_set_mem(mhash_t *h, void *key, uword *new_value, uword *old_value)
ikev2_sa_proposal_t * i_proposals
#define IKEV2_HDR_FLAG_RESPONSE
mhash_t profile_index_by_name
ikev2_sa_transform_t * supported_transforms
#define vec_dup(V)
Return copy of vector (no header, no alignment)
#define vec_del1(v, i)
Delete the element at index I.
#define IKEV2_PAYLOAD_FLAG_CRITICAL
always_inline void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
always_inline u16 ip4_header_checksum(ip4_header_t *i)
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip4_address_t start_addr, ip4_address_t end_addr, int is_local)
#define IKEV2_EXCHANGE_INFORMATIONAL
void ikev2_payload_add_delete(ikev2_payload_chain_t *c, ikev2_delete_t *d)
static u32 ikev2_generate_resp(ikev2_sa_t *sa, ike_header_t *ike)
static u8 * ikev2_decrypt_sk_payload(ikev2_sa_t *sa, ike_header_t *ike, u8 *payload)
static void ikev2_sa_del_child_sa(ikev2_sa_t *sa, ikev2_child_sa_t *child)
ikev2_auth_method_t method
#define vec_free(V)
Free vector's memory (no header).
static void ikev2_process_auth_req(vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
static uword ikev2_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
#define clib_memcpy(a, b, c)
ikev2_child_sa_t * ikev2_sa_get_child(ikev2_sa_t *sa, u32 spi, ikev2_protocol_id_t prot_id)
ikev2_sa_proposal_t * r_proposals
static u8 * ikev2_sa_generate_authmsg(ikev2_sa_t *sa, int is_responder)
static void ikev2_calc_child_keys(ikev2_sa_t *sa, ikev2_child_sa_t *child)
#define hash_create(elts, value_bytes)
void ikev2_payload_add_auth(ikev2_payload_chain_t *c, ikev2_auth_t *auth)
ikev2_protocol_id_t protocol_id
static void ikev2_process_informational_req(vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
void ikev2_sa_free_proposal_vector(ikev2_sa_proposal_t **v)
#define IKEV2_PAYLOAD_AUTH
#define ikev2_payload_new_chain(V)
ikev2_sa_proposal_t * r_proposal
#define vec_append(v1, v2)
Append v2 after v1.
#define VLIB_NODE_FLAG_TRACE
ikev2_sa_proposal_t * i_proposal
#define VLIB_BUFFER_IS_TRACED
#define IKEV2_PAYLOAD_TSI
static int ikev2_retransmit_resp(ikev2_sa_t *sa, ike_header_t *ike)
u8 * last_res_packet_data
static char * ikev2_error_strings[]
static void ikev2_process_sa_init_req(vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
always_inline void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
void ikev2_payload_chain_add_padding(ikev2_payload_chain_t *c, int bs)
#define IKEV2_PAYLOAD_IDI
static void ikev2_process_create_child_sa_req(vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
ikev2_child_sa_t * childs
#define IKEV2_EXCHANGE_IKE_AUTH
always_inline void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
static int ikev2_ts_cmp(ikev2_ts_t *ts1, ikev2_ts_t *ts2)
clib_error_t * ikev2_init(vlib_main_t *vm)
#define VLIB_REGISTER_NODE(x,...)
clib_error_t * ikev2_cli_init(vlib_main_t *vm)
#define vec_foreach(var, vec)
Vector iterator.
static void ikev2_sa_free_all_child_sa(ikev2_child_sa_t **childs)
static ikev2_sa_proposal_t * ikev2_select_proposal(ikev2_sa_proposal_t *proposals, ikev2_protocol_id_t prot_id)
void udp_register_dst_port(vlib_main_t *vm, udp_dst_port_t dst_port, u32 node_index, u8 is_ip4)
#define clib_error_return(e, args...)
void ikev2_crypto_init(ikev2_main_t *km)
u32 flags
buffer flags: VLIB_BUFFER_IS_TRACED: trace this buffer.
void ikev2_payload_add_ts(ikev2_payload_chain_t *c, ikev2_ts_t *ts, u8 type)
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
always_inline vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
static void ikev2_sa_free_all_vec(ikev2_sa_t *sa)
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
always_inline uword * mhash_get(mhash_t *h, void *key)
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
u8 * format_ikev2_id_type(u8 *s, va_list *args)
#define foreach_ikev2_error
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
static vlib_node_registration_t ikev2_node
(constructor) VLIB_REGISTER_NODE (ikev2_node)
ikev2_delete_t * ikev2_parse_delete_payload(ike_payload_header_t *ikep)
1.8.11 
