FD.io VPP  v16.06
Vector Packet Processing
ipsec.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #if DPDK==1
16 #include <vnet/devices/dpdk/dpdk.h>
17 #endif
18 
19 #define foreach_ipsec_policy_action \
20  _(0, BYPASS, "bypass") \
21  _(1, DISCARD, "discard") \
22  _(2, RESOLVE, "resolve") \
23  _(3, PROTECT, "protect")
24 
25 typedef enum {
26 #define _(v,f,s) IPSEC_POLICY_ACTION_##f = v,
27  foreach_ipsec_policy_action
28 #undef _
29  IPSEC_POLICY_N_ACTION,
30 } ipsec_policy_action_t;
31 
32 #define foreach_ipsec_crypto_alg \
33  _(0, NONE, "none") \
34  _(1, AES_CBC_128, "aes-cbc-128") \
35  _(2, AES_CBC_192, "aes-cbc-192") \
36  _(3, AES_CBC_256, "aes-cbc-256")
37 
38 typedef enum {
39 #define _(v,f,s) IPSEC_CRYPTO_ALG_##f = v,
40  foreach_ipsec_crypto_alg
41 #undef _
42  IPSEC_CRYPTO_N_ALG,
43 } ipsec_crypto_alg_t;
44 
45 #define foreach_ipsec_integ_alg \
46  _(0, NONE, "none") \
47  _(1, MD5_96, "md5-96") /* RFC2403 */ \
48  _(2, SHA1_96, "sha1-96") /* RFC2404 */ \
49  _(3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
50  _(4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
51  _(5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
52  _(6, SHA_512_256, "sha-512-256") /* RFC4868 */
53 
54 typedef enum {
55 #define _(v,f,s) IPSEC_INTEG_ALG_##f = v,
56  foreach_ipsec_integ_alg
57 #undef _
58  IPSEC_INTEG_N_ALG,
59 } ipsec_integ_alg_t;
60 
61 typedef enum {
62  IPSEC_PROTOCOL_AH = 0,
63  IPSEC_PROTOCOL_ESP = 1
64 } ipsec_protocol_t;
65 
66 typedef struct {
67  u32 id;
68  u32 spi;
69  ipsec_protocol_t protocol;
70 
71  ipsec_crypto_alg_t crypto_alg;
72  u8 crypto_key_len;
73  u8 crypto_key[128];
74 
75  ipsec_integ_alg_t integ_alg;
76  u8 integ_key_len;
77  u8 integ_key[128];
78 
79  u8 use_esn;
80  u8 use_anti_replay;
81 
82  u8 is_tunnel;
83  u8 is_tunnel_ip6;
84  ip46_address_t tunnel_src_addr;
85  ip46_address_t tunnel_dst_addr;
86 
87  /* runtime */
88  u32 seq;
89  u32 seq_hi;
90  u32 last_seq;
91  u32 last_seq_hi;
92  u64 replay_window;
93 } ipsec_sa_t;
94 
95 typedef struct {
96  ip46_address_t start, stop;
97 } ip46_address_range_t;
98 
99 typedef struct {
100  u16 start, stop;
101 } port_range_t;
102 
103 typedef struct {
104  u8 is_add;
105  u8 esn;
106  u8 anti_replay;
107  ip4_address_t local_ip, remote_ip;
108  u32 local_spi;
109  u32 remote_spi;
110 } ipsec_add_del_tunnel_args_t;
111 
112 typedef enum {
113  IPSEC_IF_SET_KEY_TYPE_NONE,
114  IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO,
115  IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO,
116  IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG,
117  IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG,
118 } ipsec_if_set_key_type_t;
119 
120 typedef struct {
121  u32 id;
122  i32 priority;
123  u8 is_outbound;
124 
125  // Selector
126  u8 is_ipv6;
127  ip46_address_range_t laddr;
128  ip46_address_range_t raddr;
129  u8 protocol;
130  port_range_t lport;
131  port_range_t rport;
132 
133  // Policy
134  u8 policy;
135  u32 sa_id;
136  u32 sa_index;
137 
138  // Counter
139  vlib_counter_t counter;
140 } ipsec_policy_t;
141 
142 typedef struct {
143  u32 id;
144  /* pool of policies */
145  ipsec_policy_t * policies;
146  /* vectors of policy indices */
147  u32 * ipv4_outbound_policies;
148  u32 * ipv6_outbound_policies;
149  u32 * ipv4_inbound_protect_policy_indices;
150  u32 * ipv4_inbound_policy_discard_and_bypass_indices;
151  u32 * ipv6_inbound_protect_policy_indices;
152  u32 * ipv6_inbound_policy_discard_and_bypass_indices;
153 } ipsec_spd_t;
154 
155 typedef struct {
156  u32 spd_index;
157 } ip4_ipsec_config_t;
158 
159 typedef struct {
160  u32 spd_index;
161 } ip6_ipsec_config_t;
162 
163 typedef struct {
164  u32 input_sa_index;
165  u32 output_sa_index;
166  u32 hw_if_index;
167 } ipsec_tunnel_if_t;
168 
169 typedef struct {
170  /* pool of tunnel instances */
171  ipsec_spd_t * spds;
172  ipsec_sa_t * sad;
173 
174  /* pool of tunnel interfaces */
175  ipsec_tunnel_if_t * tunnel_interfaces;
176  u32 * free_tunnel_if_indices;
177 
178  u32 ** empty_buffers;
179 
180  uword * tunnel_index_by_key;
181 
182  /* convenience */
183  vlib_main_t *vlib_main;
184  vnet_main_t *vnet_main;
185 
186  /* next node indices */
187  u32 feature_next_node_index[32];
188 
189  /* hashes */
190  uword * spd_index_by_spd_id;
191  uword * spd_index_by_sw_if_index;
192  uword * sa_index_by_sa_id;
193  uword * ipsec_if_pool_index_by_key;
194 
195  /* node indexes */
196  u32 error_drop_node_index;
197  u32 ip4_lookup_node_index;
198  u32 esp_encrypt_node_index;
199 
200 } ipsec_main_t;
201 
202 ipsec_main_t ipsec_main;
203 
204 extern vlib_node_registration_t esp_encrypt_node;
205 extern vlib_node_registration_t esp_decrypt_node;
206 extern vlib_node_registration_t ipsec_if_output_node;
207 extern vlib_node_registration_t ipsec_if_input_node;
208 
209 
210 /*
211  * functions
212  */
213 int ipsec_set_interface_spd(vlib_main_t * vm, u32 sw_if_index, u32 spd_id, int is_add);
214 int ipsec_add_del_spd(vlib_main_t * vm, u32 spd_id, int is_add);
215 int ipsec_add_del_policy(vlib_main_t * vm, ipsec_policy_t * policy, int is_add);
216 int ipsec_add_del_sa(vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add);
217 int ipsec_set_sa_key(vlib_main_t * vm, ipsec_sa_t * sa_update);
218 
219 u8 * format_ipsec_if_output_trace (u8 * s, va_list * args);
220 u8 * format_ipsec_policy_action (u8 * s, va_list * args);
221 u8 * format_ipsec_crypto_alg (u8 * s, va_list * args);
222 u8 * format_ipsec_integ_alg (u8 * s, va_list * args);
223 u8 * format_ipsec_replay_window(u8 * s, va_list * args);
224 uword unformat_ipsec_policy_action (unformat_input_t * input, va_list * args);
225 uword unformat_ipsec_crypto_alg (unformat_input_t * input, va_list * args);
226 uword unformat_ipsec_integ_alg (unformat_input_t * input, va_list * args);
227 
228 u32 ipsec_add_del_tunnel_if (vnet_main_t * vnm, ipsec_add_del_tunnel_args_t * args);
229 int ipsec_set_interface_key(vnet_main_t * vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 * key);
230 
231 
232 /*
233  * inline functions
234  */
235 
236 always_inline void
237 ipsec_alloc_empty_buffers(vlib_main_t * vm, ipsec_main_t *im)
238 {
239 #if DPDK==1
240  dpdk_main_t * dm = &dpdk_main;
241  u32 free_list_index = dm->vlib_buffer_free_list_index;
242 #else
243  u32 free_list_index = VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX;
244 #endif
245  u32 cpu_index = os_get_cpu_number();
246  uword l = vec_len (im->empty_buffers[cpu_index]);
247  uword n_alloc = 0;
248 
249  if (PREDICT_FALSE(l < VLIB_FRAME_SIZE))
250  {
251  if (!im->empty_buffers[cpu_index]) {
252  vec_alloc (im->empty_buffers[cpu_index], 2 * VLIB_FRAME_SIZE );
253  }
254 
255  n_alloc = vlib_buffer_alloc_from_free_list (vm,
256  im->empty_buffers[cpu_index] + l,
257  2 * VLIB_FRAME_SIZE - l,
258  free_list_index);
259 
260  _vec_len (im->empty_buffers[cpu_index]) = l + n_alloc;
261  }
262 }
263 
264 static_always_inline u32 /* FIXME move to interface???.h */
265 get_next_output_feature_node_index( vnet_main_t * vnm,
266  vlib_buffer_t * b)
267 {
268  vlib_main_t * vm = vlib_get_main();
269  vlib_node_t * node;
270  u32 r;
271  intf_output_feat_t next_feature;
272 
273  u8 * node_names[] = {
274 #define _(sym, str) (u8 *) str,
275  foreach_intf_output_feat
276 #undef _
277  };
278 
279  count_trailing_zeros(next_feature, vnet_buffer(b)->output_features.bitmap);
280 
281  if (next_feature >= INTF_OUTPUT_FEAT_DONE)
282  {
283  u32 sw_if_index = vnet_buffer(b)->sw_if_index[VLIB_TX];
284  vnet_hw_interface_t * hw = vnet_get_sup_hw_interface(vnm, sw_if_index);
285  r = hw->output_node_index;
286  }
287  else
288  {
289  vnet_buffer(b)->output_features.bitmap &= ~(1 << next_feature);
290  /* FIXME */
291  node = vlib_get_node_by_name(vm, node_names[next_feature]);
292  r = node->index;
293  }
294 
295  return r;
296 }
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec.h:96
ipsec_spd_t::ipv6_inbound_protect_policy_indices
u32 * ipv6_inbound_protect_policy_indices
Definition: ipsec.h:151
ipsec_main_t::spds
ipsec_spd_t * spds
Definition: ipsec.h:171
format_ipsec_replay_window
u8 * format_ipsec_replay_window(u8 *s, va_list *args)
Definition: ipsec_format.c:122
foreach_ipsec_integ_alg
#define foreach_ipsec_integ_alg
Definition: ipsec.h:45
ipsec_spd_t::ipv4_inbound_protect_policy_indices
u32 * ipv4_inbound_protect_policy_indices
Definition: ipsec.h:149
ipsec_main_t::tunnel_interfaces
ipsec_tunnel_if_t * tunnel_interfaces
Definition: ipsec.h:175
port_range_t::stop
u16 stop
Definition: ipsec.h:100
ipsec_sa_t::tunnel_src_addr
ip46_address_t tunnel_src_addr
Definition: ipsec.h:84
ipsec_main_t::tunnel_index_by_key
uword * tunnel_index_by_key
Definition: ipsec.h:180
INTF_OUTPUT_FEAT_DONE
#define INTF_OUTPUT_FEAT_DONE
Definition: interface.h:505
ipsec_sa_t::id
u32 id
Definition: ipsec.h:67
ipsec_policy_action_t
ipsec_policy_action_t
Definition: ipsec.h:25
dpdk_main
dpdk_main_t dpdk_main
Definition: dpdk.h:415
type
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
foreach_ipsec_crypto_alg
#define foreach_ipsec_crypto_alg
Definition: ipsec.h:32
ipsec_policy_t::priority
i32 priority
Definition: ipsec.h:122
vlib_node_t::index
u32 index
Definition: node.h:203
ipsec_add_del_sa
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
Definition: ipsec.c:405
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:75
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.h:202
vlib_counter_t
Definition: counter.h:143
ipsec_sa_t::is_tunnel
u8 is_tunnel
Definition: ipsec.h:82
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
unformat_ipsec_integ_alg
uword unformat_ipsec_integ_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:108
intf_output_feat_t
intf_output_feat_t
Definition: interface.h:497
ipsec_spd_t::ipv4_outbound_policies
u32 * ipv4_outbound_policies
Definition: ipsec.h:147
ip6_ipsec_config_t::spd_index
u32 spd_index
Definition: ipsec.h:160
ipsec_set_interface_spd
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Definition: ipsec.c:28
ipsec_if_set_key_type_t
ipsec_if_set_key_type_t
Definition: ipsec.h:112
ipsec_spd_t
Definition: ipsec.h:142
ipsec_tunnel_if_t
Definition: ipsec.h:163
ipsec_main_t::ipsec_if_pool_index_by_key
uword * ipsec_if_pool_index_by_key
Definition: ipsec.h:193
vec_alloc
#define vec_alloc(V, N)
Allocate space for N more elements (no header, unspecified alignment)
Definition: vec.h:237
vlib_get_main
always_inline vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
ipsec_sa_t::spi
u32 spi
Definition: ipsec.h:68
ipsec_policy_t::lport
port_range_t lport
Definition: ipsec.h:130
ipsec_policy_t::sa_id
u32 sa_id
Definition: ipsec.h:135
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec.h:89
ipsec_main_t::spd_index_by_sw_if_index
uword * spd_index_by_sw_if_index
Definition: ipsec.h:191
ipsec_if_input_node
vlib_node_registration_t ipsec_if_input_node
ipsec_add_del_tunnel_if
u32 ipsec_add_del_tunnel_if(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args)
Definition: ipsec_if.c:50
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec.h:92
ipsec_alloc_empty_buffers
always_inline void ipsec_alloc_empty_buffers(vlib_main_t *vm, ipsec_main_t *im)
Definition: ipsec.h:237
static_always_inline
#define static_always_inline
Definition: clib.h:85
ipsec_add_del_tunnel_args_t::remote_spi
u32 remote_spi
Definition: ipsec.h:109
port_range_t
Definition: ipsec.h:99
always_inline
#define always_inline
Definition: clib.h:84
ipsec_add_del_tunnel_args_t::local_spi
u32 local_spi
Definition: ipsec.h:108
ipsec_protocol_t
ipsec_protocol_t
Definition: ipsec.h:61
ipsec_sa_t::use_esn
u8 use_esn
Definition: ipsec.h:79
i32
int i32
Definition: types.h:81
ipsec_add_del_tunnel_args_t::remote_ip
ip4_address_t remote_ip
Definition: ipsec.h:107
ip4_ipsec_config_t
Definition: ipsec.h:155
u64
unsigned long u64
Definition: types.h:89
format_ipsec_integ_alg
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:90
ipsec_main_t
Definition: ipsec.h:169
ipsec_spd_t::policies
ipsec_policy_t * policies
Definition: ipsec.h:145
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
Definition: ipsec.c:161
ipsec_main_t::ip4_lookup_node_index
u32 ip4_lookup_node_index
Definition: ipsec.h:197
get_next_output_feature_node_index
static_always_inline u32 get_next_output_feature_node_index(vnet_main_t *vnm, vlib_buffer_t *b)
Definition: ipsec.h:265
ip4_address_t
Definition: ip4_packet.h:49
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec.h:90
ipsec_main_t::error_drop_node_index
u32 error_drop_node_index
Definition: ipsec.h:196
ipsec_policy_t::protocol
u8 protocol
Definition: ipsec.h:129
esp_encrypt_node
vlib_node_registration_t esp_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp_encrypt_node)
Definition: esp_encrypt.c:60
unformat_ipsec_policy_action
uword unformat_ipsec_policy_action(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:44
ipsec_sa_t::is_tunnel_ip6
u8 is_tunnel_ip6
Definition: ipsec.h:83
ipsec_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ipsec.h:184
os_get_cpu_number
uword os_get_cpu_number(void)
Definition: unix-misc.c:206
ipsec_set_sa_key
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
Definition: ipsec.c:443
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec.h:91
ipsec_policy_t
Definition: ipsec.h:120
vlib_buffer_alloc_from_free_list
u32 vlib_buffer_alloc_from_free_list(vlib_main_t *vm, u32 *buffers, u32 n_buffers, u32 free_list_index)
Allocate buffers from specific freelist into supplied array.
Definition: buffer.c:782
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:97
VLIB_FRAME_SIZE
#define VLIB_FRAME_SIZE
Definition: node.h:292
ipsec_sa_t
Definition: ipsec.h:66
ipsec_policy_t::laddr
ip46_address_range_t laddr
Definition: ipsec.h:127
format_ipsec_if_output_trace
u8 * format_ipsec_if_output_trace(u8 *s, va_list *args)
Definition: ipsec_if_out.c:54
ipsec_main_t::spd_index_by_spd_id
uword * spd_index_by_spd_id
Definition: ipsec.h:190
ipsec_sa_t::tunnel_dst_addr
ip46_address_t tunnel_dst_addr
Definition: ipsec.h:85
ipsec_if_output_node
vlib_node_registration_t ipsec_if_output_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_output_node)
Definition: ipsec_if_out.c:123
ipsec_add_del_tunnel_args_t
Definition: ipsec.h:103
ipsec_main_t::esp_encrypt_node_index
u32 esp_encrypt_node_index
Definition: ipsec.h:198
vnet_hw_interface_t
Definition: interface.h:235
ipsec_policy_t::sa_index
u32 sa_index
Definition: ipsec.h:136
vlib_buffer_t
Definition: buffer.h:73
vnet_get_sup_hw_interface
always_inline vnet_hw_interface_t * vnet_get_sup_hw_interface(vnet_main_t *vnm, u32 sw_if_index)
Definition: interface_funcs.h:70
ipsec_main_t::sa_index_by_sa_id
uword * sa_index_by_sa_id
Definition: ipsec.h:192
ipsec_tunnel_if_t::output_sa_index
u32 output_sa_index
Definition: ipsec.h:165
ipsec_main_t::vlib_main
vlib_main_t * vlib_main
Definition: ipsec.h:183
ipsec_add_del_spd
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Definition: ipsec.c:99
ipsec_policy_t::rport
port_range_t rport
Definition: ipsec.h:131
ipsec_policy_t::raddr
ip46_address_range_t raddr
Definition: ipsec.h:128
VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX
#define VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX
Definition: buffer.h:296
vnet_main_t
Definition: vnet.h:58
foreach_ipsec_policy_action
#define foreach_ipsec_policy_action
Definition: ipsec.h:19
u32
unsigned int u32
Definition: types.h:88
ip4_ipsec_config_t::spd_index
u32 spd_index
Definition: ipsec.h:156
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:300
ipsec_tunnel_if_t::hw_if_index
u32 hw_if_index
Definition: ipsec.h:166
ipsec_add_del_tunnel_args_t::esn
u8 esn
Definition: ipsec.h:105
ipsec_main_t::sad
ipsec_sa_t * sad
Definition: ipsec.h:172
ipsec_policy_t::is_ipv6
u8 is_ipv6
Definition: ipsec.h:126
ipsec_crypto_alg_t
ipsec_crypto_alg_t
Definition: ipsec.h:38
ipsec_sa_t::integ_key_len
u8 integ_key_len
Definition: ipsec.h:76
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec.h:69
ipsec_tunnel_if_t::input_sa_index
u32 input_sa_index
Definition: ipsec.h:164
ipsec_sa_t::seq
u32 seq
Definition: ipsec.h:88
uword
u64 uword
Definition: types.h:112
ip6_ipsec_config_t
Definition: ipsec.h:159
ipsec_sa_t::crypto_key_len
u8 crypto_key_len
Definition: ipsec.h:72
vlib_get_node_by_name
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
Definition: node.c:44
VLIB_TX
Definition: defs.h:46
u16
unsigned short u16
Definition: types.h:57
ipsec_spd_t::ipv4_inbound_policy_discard_and_bypass_indices
u32 * ipv4_inbound_policy_discard_and_bypass_indices
Definition: ipsec.h:150
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:130
format_ipsec_policy_action
u8 * format_ipsec_policy_action(u8 *s, va_list *args)
Definition: ipsec_format.c:26
u8
unsigned char u8
Definition: types.h:56
ipsec_policy_t::counter
vlib_counter_t counter
Definition: ipsec.h:139
ipsec_policy_t::is_outbound
u8 is_outbound
Definition: ipsec.h:123
ipsec_main_t::free_tunnel_if_indices
u32 * free_tunnel_if_indices
Definition: ipsec.h:176
ip46_address_range_t
Definition: ipsec.h:95
vlib_main_t
Definition: main.h:59
ipsec_spd_t::ipv6_inbound_policy_discard_and_bypass_indices
u32 * ipv6_inbound_policy_discard_and_bypass_indices
Definition: ipsec.h:152
vlib_node_t
Definition: node.h:182
ipsec_spd_t::ipv6_outbound_policies
u32 * ipv6_outbound_policies
Definition: ipsec.h:148
ipsec_policy_t::id
u32 id
Definition: ipsec.h:121
ipsec_spd_t::id
u32 id
Definition: ipsec.h:143
ipsec_add_del_tunnel_args_t::is_add
u8 is_add
Definition: ipsec.h:104
foreach_intf_output_feat
#define foreach_intf_output_feat
Definition: interface.h:493
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:71
dpdk_main_t::vlib_buffer_free_list_index
u32 vlib_buffer_free_list_index
Definition: dpdk.h:329
vnet_hw_interface_t::output_node_index
u32 output_node_index
Definition: interface.h:276
ipsec_policy_t::policy
u8 policy
Definition: ipsec.h:134
unformat_input_t
struct _unformat_input_t unformat_input_t
ipsec_add_del_tunnel_args_t::anti_replay
u8 anti_replay
Definition: ipsec.h:106
format_ipsec_crypto_alg
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:58
ipsec_main_t::empty_buffers
u32 ** empty_buffers
Definition: ipsec.h:178
ipsec_sa_t::use_anti_replay
u8 use_anti_replay
Definition: ipsec.h:80
unformat_ipsec_crypto_alg
uword unformat_ipsec_crypto_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:76
ipsec_set_interface_key
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
Definition: ipsec_if.c:142
esp_decrypt_node
vlib_node_registration_t esp_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp_decrypt_node)
Definition: esp_decrypt.c:410
ipsec_integ_alg_t
ipsec_integ_alg_t
Definition: ipsec.h:54
dpdk_main_t
Definition: dpdk.h:313