FD.io VPP  v16.09
Vector Packet Processing
ipsec.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #if DPDK==1
16 #include <vnet/devices/dpdk/dpdk.h>
17 #endif
18 
19 #define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)
20 
21 #define foreach_ipsec_policy_action \
22  _(0, BYPASS, "bypass") \
23  _(1, DISCARD, "discard") \
24  _(2, RESOLVE, "resolve") \
25  _(3, PROTECT, "protect")
26 
27 typedef enum
28 {
29 #define _(v,f,s) IPSEC_POLICY_ACTION_##f = v,
30  foreach_ipsec_policy_action
31 #undef _
32  IPSEC_POLICY_N_ACTION,
33 } ipsec_policy_action_t;
34 
35 #define foreach_ipsec_crypto_alg \
36  _(0, NONE, "none") \
37  _(1, AES_CBC_128, "aes-cbc-128") \
38  _(2, AES_CBC_192, "aes-cbc-192") \
39  _(3, AES_CBC_256, "aes-cbc-256")
40 
41 typedef enum
42 {
43 #define _(v,f,s) IPSEC_CRYPTO_ALG_##f = v,
44  foreach_ipsec_crypto_alg
45 #undef _
46  IPSEC_CRYPTO_N_ALG,
47 } ipsec_crypto_alg_t;
48 
49 #define foreach_ipsec_integ_alg \
50  _(0, NONE, "none") \
51  _(1, MD5_96, "md5-96") /* RFC2403 */ \
52  _(2, SHA1_96, "sha1-96") /* RFC2404 */ \
53  _(3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
54  _(4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
55  _(5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
56  _(6, SHA_512_256, "sha-512-256") /* RFC4868 */
57 
58 typedef enum
59 {
60 #define _(v,f,s) IPSEC_INTEG_ALG_##f = v,
61  foreach_ipsec_integ_alg
62 #undef _
63  IPSEC_INTEG_N_ALG,
64 } ipsec_integ_alg_t;
65 
66 typedef enum
67 {
68  IPSEC_PROTOCOL_AH = 0,
69  IPSEC_PROTOCOL_ESP = 1
70 } ipsec_protocol_t;
71 
72 typedef struct
73 {
74  u32 id;
75  u32 spi;
76  ipsec_protocol_t protocol;
77 
78  ipsec_crypto_alg_t crypto_alg;
79  u8 crypto_key_len;
80  u8 crypto_key[128];
81 
82  ipsec_integ_alg_t integ_alg;
83  u8 integ_key_len;
84  u8 integ_key[128];
85 
86  u8 use_esn;
87  u8 use_anti_replay;
88 
89  u8 is_tunnel;
90  u8 is_tunnel_ip6;
91  ip46_address_t tunnel_src_addr;
92  ip46_address_t tunnel_dst_addr;
93 
94  /* runtime */
95  u32 seq;
96  u32 seq_hi;
97  u32 last_seq;
98  u32 last_seq_hi;
99  u64 replay_window;
100 } ipsec_sa_t;
101 
102 typedef struct
103 {
104  ip46_address_t start, stop;
105 } ip46_address_range_t;
106 
107 typedef struct
108 {
109  u16 start, stop;
110 } port_range_t;
111 
112 typedef struct
113 {
114  u8 is_add;
115  u8 esn;
116  u8 anti_replay;
117  ip4_address_t local_ip, remote_ip;
118  u32 local_spi;
119  u32 remote_spi;
120  ipsec_crypto_alg_t crypto_alg;
121  u8 local_crypto_key_len;
122  u8 local_crypto_key[128];
123  u8 remote_crypto_key_len;
124  u8 remote_crypto_key[128];
125  ipsec_integ_alg_t integ_alg;
126  u8 local_integ_key_len;
127  u8 local_integ_key[128];
128  u8 remote_integ_key_len;
129  u8 remote_integ_key[128];
130 } ipsec_add_del_tunnel_args_t;
131 
132 typedef struct
133 {
134  u8 is_add;
135  u32 local_sa_id;
136  u32 remote_sa_id;
137  ip4_address_t local_ip;
138  ip4_address_t remote_ip;
139 } ipsec_add_del_ipsec_gre_tunnel_args_t;
140 
141 typedef enum
142 {
143  IPSEC_IF_SET_KEY_TYPE_NONE,
144  IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO,
145  IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO,
146  IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG,
147  IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG,
148 } ipsec_if_set_key_type_t;
149 
150 typedef struct
151 {
152  u32 id;
153  i32 priority;
154  u8 is_outbound;
155 
156  // Selector
157  u8 is_ipv6;
158  ip46_address_range_t laddr;
159  ip46_address_range_t raddr;
160  u8 protocol;
161  port_range_t lport;
162  port_range_t rport;
163 
164  // Policy
165  u8 policy;
166  u32 sa_id;
167  u32 sa_index;
168 
169  // Counter
170  vlib_counter_t counter;
171 } ipsec_policy_t;
172 
173 typedef struct
174 {
175  u32 id;
176  /* pool of policies */
177  ipsec_policy_t *policies;
178  /* vectors of policy indices */
179  u32 *ipv4_outbound_policies;
180  u32 *ipv6_outbound_policies;
181  u32 *ipv4_inbound_protect_policy_indices;
182  u32 *ipv4_inbound_policy_discard_and_bypass_indices;
183  u32 *ipv6_inbound_protect_policy_indices;
184  u32 *ipv6_inbound_policy_discard_and_bypass_indices;
185 } ipsec_spd_t;
186 
187 typedef struct
188 {
189  u32 spd_index;
190 } ip4_ipsec_config_t;
191 
192 typedef struct
193 {
194  u32 spd_index;
195 } ip6_ipsec_config_t;
196 
197 typedef struct
198 {
199  u32 input_sa_index;
200  u32 output_sa_index;
201  u32 hw_if_index;
202 } ipsec_tunnel_if_t;
203 
204 typedef struct
205 {
206  /* pool of tunnel instances */
207  ipsec_spd_t *spds;
208  ipsec_sa_t *sad;
209 
210  /* pool of tunnel interfaces */
211  ipsec_tunnel_if_t *tunnel_interfaces;
212  u32 *free_tunnel_if_indices;
213 
214  u32 **empty_buffers;
215 
216  uword *tunnel_index_by_key;
217 
218  /* convenience */
219  vlib_main_t *vlib_main;
220  vnet_main_t *vnet_main;
221 
222  /* next node indices */
223  u32 feature_next_node_index[32];
224 
225  /* hashes */
226  uword *spd_index_by_spd_id;
227  uword *spd_index_by_sw_if_index;
228  uword *sa_index_by_sa_id;
229  uword *ipsec_if_pool_index_by_key;
230 
231  /* node indexes */
232  u32 error_drop_node_index;
233  u32 ip4_lookup_node_index;
234  u32 esp_encrypt_node_index;
235 
236 } ipsec_main_t;
237 
238 ipsec_main_t ipsec_main;
239 
240 extern vlib_node_registration_t esp_encrypt_node;
241 extern vlib_node_registration_t esp_decrypt_node;
242 extern vlib_node_registration_t ipsec_if_output_node;
243 extern vlib_node_registration_t ipsec_if_input_node;
244 
245 
246 /*
247  * functions
248  */
249 int ipsec_set_interface_spd (vlib_main_t * vm, u32 sw_if_index, u32 spd_id,
250  int is_add);
251 int ipsec_add_del_spd (vlib_main_t * vm, u32 spd_id, int is_add);
252 int ipsec_add_del_policy (vlib_main_t * vm, ipsec_policy_t * policy,
253  int is_add);
254 int ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add);
255 int ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update);
256 
257 u32 ipsec_get_sa_index_by_sa_id (u32 sa_id);
258 u8 *format_ipsec_if_output_trace (u8 * s, va_list * args);
259 u8 *format_ipsec_policy_action (u8 * s, va_list * args);
260 u8 *format_ipsec_crypto_alg (u8 * s, va_list * args);
261 u8 *format_ipsec_integ_alg (u8 * s, va_list * args);
262 u8 *format_ipsec_replay_window (u8 * s, va_list * args);
263 uword unformat_ipsec_policy_action (unformat_input_t * input, va_list * args);
264 uword unformat_ipsec_crypto_alg (unformat_input_t * input, va_list * args);
265 uword unformat_ipsec_integ_alg (unformat_input_t * input, va_list * args);
266 
267 /*u32 ipsec_add_del_tunnel_if (vnet_main_t * vnm, ipsec_add_del_tunnel_args_t * args); */
268 int ipsec_add_del_tunnel_if (ipsec_add_del_tunnel_args_t * args);
269 int ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
270  ipsec_add_del_ipsec_gre_tunnel_args_t *
271  args);
272 int ipsec_set_interface_key (vnet_main_t * vnm, u32 hw_if_index,
273  ipsec_if_set_key_type_t type, u8 alg, u8 * key);
274 
275 
276 /*
277  * inline functions
278  */
279 
280 always_inline void
281 ipsec_alloc_empty_buffers (vlib_main_t * vm, ipsec_main_t * im)
282 {
283 #if DPDK==1
284  dpdk_main_t *dm = &dpdk_main;
285  u32 free_list_index = dm->vlib_buffer_free_list_index;
286 #else
287  u32 free_list_index = VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX;
288 #endif
289  u32 cpu_index = os_get_cpu_number ();
290  uword l = vec_len (im->empty_buffers[cpu_index]);
291  uword n_alloc = 0;
292 
293  if (PREDICT_FALSE (l < VLIB_FRAME_SIZE))
294  {
295  if (!im->empty_buffers[cpu_index])
296  {
297  vec_alloc (im->empty_buffers[cpu_index], 2 * VLIB_FRAME_SIZE);
298  }
299 
300  n_alloc = vlib_buffer_alloc_from_free_list (vm,
301  im->empty_buffers[cpu_index]
302  + l,
303  2 * VLIB_FRAME_SIZE - l,
304  free_list_index);
305 
306  _vec_len (im->empty_buffers[cpu_index]) = l + n_alloc;
307  }
308 }
309 
310 static_always_inline u32 /* FIXME move to interface???.h */
311 get_next_output_feature_node_index (vnet_main_t * vnm, vlib_buffer_t * b)
312 {
313  vlib_main_t *vm = vlib_get_main ();
314  vlib_node_t *node;
315  u32 r;
316  intf_output_feat_t next_feature;
317 
318  u8 *node_names[] = {
319 #define _(sym, str) (u8 *) str,
320  foreach_intf_output_feat
321 #undef _
322  };
323 
324  count_trailing_zeros (next_feature,
325  vnet_buffer (b)->output_features.bitmap);
326 
327  if (next_feature >= INTF_OUTPUT_FEAT_DONE)
328  {
329  u32 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
330  vnet_hw_interface_t *hw = vnet_get_sup_hw_interface (vnm, sw_if_index);
331  r = hw->output_node_index;
332  }
333  else
334  {
335  vnet_buffer (b)->output_features.bitmap &= ~(1 << next_feature);
336  /* FIXME */
337  node = vlib_get_node_by_name (vm, node_names[next_feature]);
338  r = node->index;
339  }
340 
341  return r;
342 }
343 
344 /*
345  * fd.io coding-style-patch-verification: ON
346  *
347  * Local Variables:
348  * eval: (c-set-style "gnu")
349  * End:
350  */
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec.h:104
ipsec_spd_t::ipv6_inbound_protect_policy_indices
u32 * ipv6_inbound_protect_policy_indices
Definition: ipsec.h:183
ipsec_main_t::spds
ipsec_spd_t * spds
Definition: ipsec.h:207
format_ipsec_replay_window
u8 * format_ipsec_replay_window(u8 *s, va_list *args)
Definition: ipsec_format.c:122
foreach_ipsec_integ_alg
#define foreach_ipsec_integ_alg
Definition: ipsec.h:49
ipsec_spd_t::ipv4_inbound_protect_policy_indices
u32 * ipv4_inbound_protect_policy_indices
Definition: ipsec.h:181
ipsec_main_t::tunnel_interfaces
ipsec_tunnel_if_t * tunnel_interfaces
Definition: ipsec.h:211
port_range_t::stop
u16 stop
Definition: ipsec.h:109
ipsec_sa_t::tunnel_src_addr
ip46_address_t tunnel_src_addr
Definition: ipsec.h:91
ipsec_main_t::tunnel_index_by_key
uword * tunnel_index_by_key
Definition: ipsec.h:216
INTF_OUTPUT_FEAT_DONE
#define INTF_OUTPUT_FEAT_DONE
Definition: interface.h:552
ipsec_sa_t::id
u32 id
Definition: ipsec.h:74
ipsec_policy_action_t
ipsec_policy_action_t
Definition: ipsec.h:27
dpdk_main
dpdk_main_t dpdk_main
Definition: dpdk.h:443
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
type
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
vnet_get_sup_hw_interface
static vnet_hw_interface_t * vnet_get_sup_hw_interface(vnet_main_t *vnm, u32 sw_if_index)
Definition: interface_funcs.h:74
foreach_ipsec_crypto_alg
#define foreach_ipsec_crypto_alg
Definition: ipsec.h:35
ipsec_policy_t::priority
i32 priority
Definition: ipsec.h:153
vlib_node_t::index
u32 index
Definition: node.h:237
vlib_buffer_alloc_from_free_list
u32 vlib_buffer_alloc_from_free_list(vlib_main_t *vm, u32 *buffers, u32 n_buffers, u32 free_list_index)
Allocate buffers from specific freelist into supplied array.
Definition: dpdk_buffer.c:655
ipsec_add_del_sa
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
Definition: ipsec.c:430
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:82
ipsec_get_sa_index_by_sa_id
u32 ipsec_get_sa_index_by_sa_id(u32 sa_id)
Definition: ipsec.c:28
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.h:238
vlib_counter_t
Combined counter to hold both packets and byte differences.
Definition: counter.h:164
ipsec_sa_t::is_tunnel
u8 is_tunnel
Definition: ipsec.h:89
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
unformat_ipsec_integ_alg
uword unformat_ipsec_integ_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:108
intf_output_feat_t
intf_output_feat_t
Definition: interface.h:543
ipsec_spd_t::ipv4_outbound_policies
u32 * ipv4_outbound_policies
Definition: ipsec.h:179
ip6_ipsec_config_t::spd_index
u32 spd_index
Definition: ipsec.h:194
ipsec_set_interface_spd
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Definition: ipsec.c:39
ipsec_if_set_key_type_t
ipsec_if_set_key_type_t
Definition: ipsec.h:141
ipsec_alloc_empty_buffers
static void ipsec_alloc_empty_buffers(vlib_main_t *vm, ipsec_main_t *im)
Definition: ipsec.h:281
ipsec_spd_t
Definition: ipsec.h:173
ipsec_tunnel_if_t
Definition: ipsec.h:197
ipsec_main_t::ipsec_if_pool_index_by_key
uword * ipsec_if_pool_index_by_key
Definition: ipsec.h:229
vec_alloc
#define vec_alloc(V, N)
Allocate space for N more elements (no header, unspecified alignment)
Definition: vec.h:239
ipsec_sa_t::spi
u32 spi
Definition: ipsec.h:75
ipsec_policy_t::lport
port_range_t lport
Definition: ipsec.h:161
ipsec_policy_t::sa_id
u32 sa_id
Definition: ipsec.h:166
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec.h:96
ipsec_main_t::spd_index_by_sw_if_index
uword * spd_index_by_sw_if_index
Definition: ipsec.h:227
ipsec_if_input_node
vlib_node_registration_t ipsec_if_input_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_input_node)
Definition: ipsec_if_in.c:144
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec.h:99
static_always_inline
#define static_always_inline
Definition: clib.h:85
ipsec_add_del_tunnel_args_t::remote_spi
u32 remote_spi
Definition: ipsec.h:119
ipsec_add_del_tunnel_args_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec.h:128
port_range_t
Definition: ipsec.h:107
always_inline
#define always_inline
Definition: clib.h:84
ipsec_add_del_tunnel_args_t::local_spi
u32 local_spi
Definition: ipsec.h:118
ipsec_protocol_t
ipsec_protocol_t
Definition: ipsec.h:66
ipsec_sa_t::use_esn
u8 use_esn
Definition: ipsec.h:86
i32
int i32
Definition: types.h:81
ipsec_add_del_tunnel_args_t::remote_ip
ip4_address_t remote_ip
Definition: ipsec.h:117
ip4_ipsec_config_t
Definition: ipsec.h:187
u64
unsigned long u64
Definition: types.h:89
format_ipsec_integ_alg
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:90
ipsec_main_t
Definition: ipsec.h:204
ipsec_spd_t::policies
ipsec_policy_t * policies
Definition: ipsec.h:177
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
Definition: ipsec.c:171
ipsec_main_t::ip4_lookup_node_index
u32 ip4_lookup_node_index
Definition: ipsec.h:233
get_next_output_feature_node_index
static_always_inline u32 get_next_output_feature_node_index(vnet_main_t *vnm, vlib_buffer_t *b)
Definition: ipsec.h:311
ip4_address_t
Definition: ip4_packet.h:49
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec.h:97
ipsec_main_t::error_drop_node_index
u32 error_drop_node_index
Definition: ipsec.h:232
ipsec_policy_t::protocol
u8 protocol
Definition: ipsec.h:160
esp_encrypt_node
vlib_node_registration_t esp_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp_encrypt_node)
Definition: esp_encrypt.c:62
unformat_ipsec_policy_action
uword unformat_ipsec_policy_action(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:44
ipsec_sa_t::is_tunnel_ip6
u8 is_tunnel_ip6
Definition: ipsec.h:90
ipsec_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ipsec.h:220
os_get_cpu_number
uword os_get_cpu_number(void)
Definition: unix-misc.c:224
ipsec_set_sa_key
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
Definition: ipsec.c:468
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec.h:98
ipsec_add_del_tunnel_args_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec.h:121
ipsec_policy_t
Definition: ipsec.h:150
ipsec_add_del_ipsec_gre_tunnel_args_t::is_add
u8 is_add
Definition: ipsec.h:134
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:97
VLIB_FRAME_SIZE
#define VLIB_FRAME_SIZE
Definition: node.h:328
ipsec_sa_t
Definition: ipsec.h:72
ipsec_policy_t::laddr
ip46_address_range_t laddr
Definition: ipsec.h:158
format_ipsec_if_output_trace
u8 * format_ipsec_if_output_trace(u8 *s, va_list *args)
Definition: ipsec_if_out.c:58
ipsec_add_del_tunnel_args_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec.h:126
ipsec_main_t::spd_index_by_spd_id
uword * spd_index_by_spd_id
Definition: ipsec.h:226
ipsec_sa_t::tunnel_dst_addr
ip46_address_t tunnel_dst_addr
Definition: ipsec.h:92
ipsec_if_output_node
vlib_node_registration_t ipsec_if_output_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_output_node)
Definition: ipsec_if_out.c:131
ipsec_add_del_tunnel_args_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:120
ipsec_add_del_tunnel_args_t
Definition: ipsec.h:112
ipsec_add_del_tunnel_args_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec.h:123
ipsec_main_t::esp_encrypt_node_index
u32 esp_encrypt_node_index
Definition: ipsec.h:234
vnet_hw_interface_t
Definition: interface.h:266
ipsec_add_del_ipsec_gre_tunnel_args_t
Definition: ipsec.h:132
ipsec_policy_t::sa_index
u32 sa_index
Definition: ipsec.h:167
ipsec_add_del_ipsec_gre_tunnel_args_t::local_ip
ip4_address_t local_ip
Definition: ipsec.h:137
vlib_buffer_t
Definition: buffer.h:73
ipsec_main_t::sa_index_by_sa_id
uword * sa_index_by_sa_id
Definition: ipsec.h:228
ipsec_tunnel_if_t::output_sa_index
u32 output_sa_index
Definition: ipsec.h:200
ipsec_main_t::vlib_main
vlib_main_t * vlib_main
Definition: ipsec.h:219
ipsec_add_del_spd
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Definition: ipsec.c:105
ipsec_policy_t::rport
port_range_t rport
Definition: ipsec.h:162
ipsec_policy_t::raddr
ip46_address_range_t raddr
Definition: ipsec.h:159
VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX
#define VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX
Definition: buffer.h:303
vnet_main_t
Definition: vnet.h:59
foreach_ipsec_policy_action
#define foreach_ipsec_policy_action
Definition: ipsec.h:21
u32
unsigned int u32
Definition: types.h:88
ip4_ipsec_config_t::spd_index
u32 spd_index
Definition: ipsec.h:189
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:335
ipsec_tunnel_if_t::hw_if_index
u32 hw_if_index
Definition: ipsec.h:201
ipsec_add_del_tunnel_args_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:125
ipsec_add_del_tunnel_args_t::esn
u8 esn
Definition: ipsec.h:115
ipsec_main_t::sad
ipsec_sa_t * sad
Definition: ipsec.h:208
ipsec_policy_t::is_ipv6
u8 is_ipv6
Definition: ipsec.h:157
ipsec_crypto_alg_t
ipsec_crypto_alg_t
Definition: ipsec.h:41
ipsec_sa_t::integ_key_len
u8 integ_key_len
Definition: ipsec.h:83
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec.h:76
ipsec_tunnel_if_t::input_sa_index
u32 input_sa_index
Definition: ipsec.h:199
ipsec_sa_t::seq
u32 seq
Definition: ipsec.h:95
uword
u64 uword
Definition: types.h:112
ip6_ipsec_config_t
Definition: ipsec.h:192
ipsec_add_del_ipsec_gre_tunnel_args_t::remote_sa_id
u32 remote_sa_id
Definition: ipsec.h:136
ipsec_sa_t::crypto_key_len
u8 crypto_key_len
Definition: ipsec.h:79
vlib_get_node_by_name
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
Definition: node.c:45
VLIB_TX
Definition: defs.h:47
ipsec_add_del_ipsec_gre_tunnel
int ipsec_add_del_ipsec_gre_tunnel(vnet_main_t *vnm, ipsec_add_del_ipsec_gre_tunnel_args_t *args)
Definition: ipsec_if.c:198
u16
unsigned short u16
Definition: types.h:57
ipsec_spd_t::ipv4_inbound_policy_discard_and_bypass_indices
u32 * ipv4_inbound_policy_discard_and_bypass_indices
Definition: ipsec.h:182
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
format_ipsec_policy_action
u8 * format_ipsec_policy_action(u8 *s, va_list *args)
Definition: ipsec_format.c:26
u8
unsigned char u8
Definition: types.h:56
ipsec_policy_t::counter
vlib_counter_t counter
Definition: ipsec.h:170
ipsec_policy_t::is_outbound
u8 is_outbound
Definition: ipsec.h:154
ipsec_main_t::free_tunnel_if_indices
u32 * free_tunnel_if_indices
Definition: ipsec.h:212
ip46_address_range_t
Definition: ipsec.h:102
vlib_main_t
Definition: main.h:59
ipsec_spd_t::ipv6_inbound_policy_discard_and_bypass_indices
u32 * ipv6_inbound_policy_discard_and_bypass_indices
Definition: ipsec.h:184
vlib_node_t
Definition: node.h:215
ipsec_spd_t::ipv6_outbound_policies
u32 * ipv6_outbound_policies
Definition: ipsec.h:180
ipsec_policy_t::id
u32 id
Definition: ipsec.h:152
ipsec_spd_t::id
u32 id
Definition: ipsec.h:175
ipsec_add_del_ipsec_gre_tunnel_args_t::remote_ip
ip4_address_t remote_ip
Definition: ipsec.h:138
ipsec_add_del_tunnel_args_t::is_add
u8 is_add
Definition: ipsec.h:114
foreach_intf_output_feat
#define foreach_intf_output_feat
Definition: interface.h:539
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:78
dpdk_main_t::vlib_buffer_free_list_index
u32 vlib_buffer_free_list_index
Definition: dpdk.h:391
vnet_hw_interface_t::output_node_index
u32 output_node_index
Definition: interface.h:308
ipsec_policy_t::policy
u8 policy
Definition: ipsec.h:165
unformat_input_t
struct _unformat_input_t unformat_input_t
ipsec_add_del_tunnel_args_t::anti_replay
u8 anti_replay
Definition: ipsec.h:116
format_ipsec_crypto_alg
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:58
ipsec_main_t::empty_buffers
u32 ** empty_buffers
Definition: ipsec.h:214
ipsec_sa_t::use_anti_replay
u8 use_anti_replay
Definition: ipsec.h:87
unformat_ipsec_crypto_alg
uword unformat_ipsec_crypto_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:76
ipsec_set_interface_key
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
Definition: ipsec_if.c:260
ipsec_add_del_tunnel_if
int ipsec_add_del_tunnel_if(ipsec_add_del_tunnel_args_t *args)
Definition: ipsec_if.c:65
esp_decrypt_node
vlib_node_registration_t esp_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp_decrypt_node)
Definition: esp_decrypt.c:522
ipsec_integ_alg_t
ipsec_integ_alg_t
Definition: ipsec.h:58
ipsec_add_del_ipsec_gre_tunnel_args_t::local_sa_id
u32 local_sa_id
Definition: ipsec.h:135
dpdk_main_t
Definition: dpdk.h:374