FD.io VPP  v17.01.1-3-gc6833f8
Vector Packet Processing
ipsec.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __IPSEC_H__
16 #define __IPSEC_H__
17 
18 #define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)
19 
20 #define foreach_ipsec_policy_action \
21  _(0, BYPASS, "bypass") \
22  _(1, DISCARD, "discard") \
23  _(2, RESOLVE, "resolve") \
24  _(3, PROTECT, "protect")
25 
26 typedef enum
27 {
28 #define _(v,f,s) IPSEC_POLICY_ACTION_##f = v,
29  foreach_ipsec_policy_action
30 #undef _
31  IPSEC_POLICY_N_ACTION,
32 } ipsec_policy_action_t;
33 
34 #if DPDK_CRYPTO==1
35 #define foreach_ipsec_crypto_alg \
36  _(0, NONE, "none") \
37  _(1, AES_CBC_128, "aes-cbc-128") \
38  _(2, AES_CBC_192, "aes-cbc-192") \
39  _(3, AES_CBC_256, "aes-cbc-256") \
40  _(4, AES_GCM_128, "aes-gcm-128")
41 #else
42 #define foreach_ipsec_crypto_alg \
43  _(0, NONE, "none") \
44  _(1, AES_CBC_128, "aes-cbc-128") \
45  _(2, AES_CBC_192, "aes-cbc-192") \
46  _(3, AES_CBC_256, "aes-cbc-256")
47 #endif
48 
49 typedef enum
50 {
51 #define _(v,f,s) IPSEC_CRYPTO_ALG_##f = v,
52  foreach_ipsec_crypto_alg
53 #undef _
54  IPSEC_CRYPTO_N_ALG,
55 } ipsec_crypto_alg_t;
56 
57 #if DPDK_CRYPTO==1
58 #define foreach_ipsec_integ_alg \
59  _(0, NONE, "none") \
60  _(1, MD5_96, "md5-96") /* RFC2403 */ \
61  _(2, SHA1_96, "sha1-96") /* RFC2404 */ \
62  _(3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
63  _(4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
64  _(5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
65  _(6, SHA_512_256, "sha-512-256") /* RFC4868 */ \
66  _(7, AES_GCM_128, "aes-gcm-128")
67 #else
68 #define foreach_ipsec_integ_alg \
69  _(0, NONE, "none") \
70  _(1, MD5_96, "md5-96") /* RFC2403 */ \
71  _(2, SHA1_96, "sha1-96") /* RFC2404 */ \
72  _(3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
73  _(4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
74  _(5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
75  _(6, SHA_512_256, "sha-512-256") /* RFC4868 */
76 #endif
77 
78 typedef enum
79 {
80 #define _(v,f,s) IPSEC_INTEG_ALG_##f = v,
81  foreach_ipsec_integ_alg
82 #undef _
83  IPSEC_INTEG_N_ALG,
84 } ipsec_integ_alg_t;
85 
86 typedef enum
87 {
88  IPSEC_PROTOCOL_AH = 0,
89  IPSEC_PROTOCOL_ESP = 1
90 } ipsec_protocol_t;
91 
92 typedef struct
93 {
94  u32 id;
95  u32 spi;
96  ipsec_protocol_t protocol;
97 
98  ipsec_crypto_alg_t crypto_alg;
99  u8 crypto_key_len;
100  u8 crypto_key[128];
101 
102  ipsec_integ_alg_t integ_alg;
103  u8 integ_key_len;
104  u8 integ_key[128];
105 
106  u8 use_esn;
107  u8 use_anti_replay;
108 
109  u8 is_tunnel;
110  u8 is_tunnel_ip6;
111  ip46_address_t tunnel_src_addr;
112  ip46_address_t tunnel_dst_addr;
113 
114  u32 salt;
115 
116  /* runtime */
117  u32 seq;
118  u32 seq_hi;
119  u32 last_seq;
120  u32 last_seq_hi;
121  u64 replay_window;
122 } ipsec_sa_t;
123 
124 typedef struct
125 {
126  ip46_address_t start, stop;
127 } ip46_address_range_t;
128 
129 typedef struct
130 {
131  u16 start, stop;
132 } port_range_t;
133 
134 typedef struct
135 {
136  u8 is_add;
137  u8 esn;
138  u8 anti_replay;
139  ip4_address_t local_ip, remote_ip;
140  u32 local_spi;
141  u32 remote_spi;
142  ipsec_crypto_alg_t crypto_alg;
143  u8 local_crypto_key_len;
144  u8 local_crypto_key[128];
145  u8 remote_crypto_key_len;
146  u8 remote_crypto_key[128];
147  ipsec_integ_alg_t integ_alg;
148  u8 local_integ_key_len;
149  u8 local_integ_key[128];
150  u8 remote_integ_key_len;
151  u8 remote_integ_key[128];
152 } ipsec_add_del_tunnel_args_t;
153 
154 typedef struct
155 {
156  u8 is_add;
157  u32 local_sa_id;
158  u32 remote_sa_id;
159  ip4_address_t local_ip;
160  ip4_address_t remote_ip;
161 } ipsec_add_del_ipsec_gre_tunnel_args_t;
162 
163 typedef enum
164 {
165  IPSEC_IF_SET_KEY_TYPE_NONE,
166  IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO,
167  IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO,
168  IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG,
169  IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG,
170 } ipsec_if_set_key_type_t;
171 
172 typedef struct
173 {
174  u32 id;
175  i32 priority;
176  u8 is_outbound;
177 
178  // Selector
179  u8 is_ipv6;
180  ip46_address_range_t laddr;
181  ip46_address_range_t raddr;
182  u8 protocol;
183  port_range_t lport;
184  port_range_t rport;
185 
186  // Policy
187  u8 policy;
188  u32 sa_id;
189  u32 sa_index;
190 
191  // Counter
192  vlib_counter_t counter;
193 } ipsec_policy_t;
194 
195 typedef struct
196 {
197  u32 id;
198  /* pool of policies */
199  ipsec_policy_t *policies;
200  /* vectors of policy indices */
201  u32 *ipv4_outbound_policies;
202  u32 *ipv6_outbound_policies;
203  u32 *ipv4_inbound_protect_policy_indices;
204  u32 *ipv4_inbound_policy_discard_and_bypass_indices;
205  u32 *ipv6_inbound_protect_policy_indices;
206  u32 *ipv6_inbound_policy_discard_and_bypass_indices;
207 } ipsec_spd_t;
208 
209 typedef struct
210 {
211  u32 spd_index;
212 } ip4_ipsec_config_t;
213 
214 typedef struct
215 {
216  u32 spd_index;
217 } ip6_ipsec_config_t;
218 
219 typedef struct
220 {
221  u32 input_sa_index;
222  u32 output_sa_index;
223  u32 hw_if_index;
224 } ipsec_tunnel_if_t;
225 
226 typedef struct
227 {
228  /* pool of tunnel instances */
229  ipsec_spd_t *spds;
230  ipsec_sa_t *sad;
231 
232  /* pool of tunnel interfaces */
233  ipsec_tunnel_if_t *tunnel_interfaces;
234  u32 *free_tunnel_if_indices;
235 
236  u32 **empty_buffers;
237 
238  uword *tunnel_index_by_key;
239 
240  /* convenience */
241  vlib_main_t *vlib_main;
242  vnet_main_t *vnet_main;
243 
244  /* next node indices */
245  u32 feature_next_node_index[32];
246 
247  /* hashes */
248  uword *spd_index_by_spd_id;
249  uword *spd_index_by_sw_if_index;
250  uword *sa_index_by_sa_id;
251  uword *ipsec_if_pool_index_by_key;
252 
253  /* node indexes */
254  u32 error_drop_node_index;
255  u32 ip4_lookup_node_index;
256  u32 esp_encrypt_node_index;
257 
258 } ipsec_main_t;
259 
260 ipsec_main_t ipsec_main;
261 
262 extern vlib_node_registration_t esp_encrypt_node;
263 extern vlib_node_registration_t esp_decrypt_node;
264 extern vlib_node_registration_t ipsec_if_output_node;
265 extern vlib_node_registration_t ipsec_if_input_node;
266 
267 
268 /*
269  * functions
270  */
271 int ipsec_set_interface_spd (vlib_main_t * vm, u32 sw_if_index, u32 spd_id,
272  int is_add);
273 int ipsec_add_del_spd (vlib_main_t * vm, u32 spd_id, int is_add);
274 int ipsec_add_del_policy (vlib_main_t * vm, ipsec_policy_t * policy,
275  int is_add);
276 int ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add);
277 int ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update);
278 
279 u32 ipsec_get_sa_index_by_sa_id (u32 sa_id);
280 u8 *format_ipsec_if_output_trace (u8 * s, va_list * args);
281 u8 *format_ipsec_policy_action (u8 * s, va_list * args);
282 u8 *format_ipsec_crypto_alg (u8 * s, va_list * args);
283 u8 *format_ipsec_integ_alg (u8 * s, va_list * args);
284 u8 *format_ipsec_replay_window (u8 * s, va_list * args);
285 uword unformat_ipsec_policy_action (unformat_input_t * input, va_list * args);
286 uword unformat_ipsec_crypto_alg (unformat_input_t * input, va_list * args);
287 uword unformat_ipsec_integ_alg (unformat_input_t * input, va_list * args);
288 
289 /*u32 ipsec_add_del_tunnel_if (vnet_main_t * vnm, ipsec_add_del_tunnel_args_t * args); */
290 int ipsec_add_del_tunnel_if (ipsec_add_del_tunnel_args_t * args);
291 int ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
292  ipsec_add_del_ipsec_gre_tunnel_args_t *
293  args);
294 int ipsec_set_interface_key (vnet_main_t * vnm, u32 hw_if_index,
295  ipsec_if_set_key_type_t type, u8 alg, u8 * key);
296 
297 
298 /*
299  * inline functions
300  */
301 
302 always_inline void
303 ipsec_alloc_empty_buffers (vlib_main_t * vm, ipsec_main_t * im)
304 {
305  u32 cpu_index = os_get_cpu_number ();
306  uword l = vec_len (im->empty_buffers[cpu_index]);
307  uword n_alloc = 0;
308 
309  if (PREDICT_FALSE (l < VLIB_FRAME_SIZE))
310  {
311  if (!im->empty_buffers[cpu_index])
312  {
313  vec_alloc (im->empty_buffers[cpu_index], 2 * VLIB_FRAME_SIZE);
314  }
315 
316  n_alloc = vlib_buffer_alloc (vm, im->empty_buffers[cpu_index] + l,
317  2 * VLIB_FRAME_SIZE - l);
318 
319  _vec_len (im->empty_buffers[cpu_index]) = l + n_alloc;
320  }
321 }
322 
323 static_always_inline u32
324 get_next_output_feature_node_index (vlib_buffer_t * b,
325  vlib_node_runtime_t * nr)
326 {
327  u32 next;
328  u32 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
329  vlib_main_t *vm = vlib_get_main ();
330  vlib_node_t *node = vlib_get_node (vm, nr->node_index);
331 
332  vnet_feature_next (sw_if_index, &next, b);
333  return node->next_nodes[next];
334 }
335 
336 #endif /* __IPSEC_H__ */
337 
338 /*
339  * fd.io coding-style-patch-verification: ON
340  *
341  * Local Variables:
342  * eval: (c-set-style "gnu")
343  * End:
344  */
vlib_node_t::next_nodes
u32 * next_nodes
Definition: node.h:288
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec.h:126
ipsec_spd_t::ipv6_inbound_protect_policy_indices
u32 * ipv6_inbound_protect_policy_indices
Definition: ipsec.h:205
ipsec_main_t::spds
ipsec_spd_t * spds
Definition: ipsec.h:229
ipsec_spd_t::ipv4_inbound_protect_policy_indices
u32 * ipv4_inbound_protect_policy_indices
Definition: ipsec.h:203
ipsec_main_t::tunnel_interfaces
ipsec_tunnel_if_t * tunnel_interfaces
Definition: ipsec.h:233
port_range_t::stop
u16 stop
Definition: ipsec.h:131
ipsec_sa_t::tunnel_src_addr
ip46_address_t tunnel_src_addr
Definition: ipsec.h:111
ipsec_main_t::tunnel_index_by_key
uword * tunnel_index_by_key
Definition: ipsec.h:238
ipsec_sa_t::id
u32 id
Definition: ipsec.h:94
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
type
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
Definition: ipsec.c:168
ipsec_get_sa_index_by_sa_id
u32 ipsec_get_sa_index_by_sa_id(u32 sa_id)
Definition: ipsec.c:44
ipsec_policy_t::priority
i32 priority
Definition: ipsec.h:175
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:102
format_ipsec_if_output_trace
u8 * format_ipsec_if_output_trace(u8 *s, va_list *args)
Definition: ipsec_if_out.c:63
vlib_counter_t
Combined counter to hold both packets and byte differences.
Definition: counter.h:164
ipsec_sa_t::is_tunnel
u8 is_tunnel
Definition: ipsec.h:109
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
ipsec_spd_t::ipv4_outbound_policies
u32 * ipv4_outbound_policies
Definition: ipsec.h:201
ip6_ipsec_config_t::spd_index
u32 spd_index
Definition: ipsec.h:216
ipsec_spd_t
Definition: ipsec.h:195
ipsec_tunnel_if_t
Definition: ipsec.h:219
ipsec_if_input_node
vlib_node_registration_t ipsec_if_input_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_input_node)
Definition: ipsec_if_in.c:149
unformat_ipsec_integ_alg
uword unformat_ipsec_integ_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:108
ipsec_main_t::ipsec_if_pool_index_by_key
uword * ipsec_if_pool_index_by_key
Definition: ipsec.h:251
ipsec_add_del_ipsec_gre_tunnel
int ipsec_add_del_ipsec_gre_tunnel(vnet_main_t *vnm, ipsec_add_del_ipsec_gre_tunnel_args_t *args)
Definition: ipsec_if.c:233
vec_alloc
#define vec_alloc(V, N)
Allocate space for N more elements (no header, unspecified alignment)
Definition: vec.h:239
unformat_ipsec_crypto_alg
uword unformat_ipsec_crypto_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:76
ipsec_alloc_empty_buffers
static void ipsec_alloc_empty_buffers(vlib_main_t *vm, ipsec_main_t *im)
Definition: ipsec.h:303
always_inline
#define always_inline
Definition: ipsec.h:25
ipsec_sa_t::spi
u32 spi
Definition: ipsec.h:95
ipsec_policy_t::lport
port_range_t lport
Definition: ipsec.h:183
ipsec_policy_t::sa_id
u32 sa_id
Definition: ipsec.h:188
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec.h:118
ipsec_main_t::spd_index_by_sw_if_index
uword * spd_index_by_sw_if_index
Definition: ipsec.h:249
ipsec_protocol_t
ipsec_protocol_t
Definition: ipsec.h:86
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec.h:121
vlib_node_runtime_t
Definition: node.h:412
static_always_inline
#define static_always_inline
Definition: clib.h:85
ipsec_add_del_tunnel_args_t::remote_spi
u32 remote_spi
Definition: ipsec.h:141
ipsec_add_del_tunnel_args_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec.h:150
port_range_t
Definition: ipsec.h:129
ipsec_add_del_tunnel_args_t::local_spi
u32 local_spi
Definition: ipsec.h:140
ipsec_set_interface_key
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
Definition: ipsec_if.c:295
ipsec_sa_t::use_esn
u8 use_esn
Definition: ipsec.h:106
i32
int i32
Definition: types.h:81
ipsec_add_del_tunnel_args_t::remote_ip
ip4_address_t remote_ip
Definition: ipsec.h:139
ip4_ipsec_config_t
Definition: ipsec.h:209
u64
unsigned long u64
Definition: types.h:89
ipsec_integ_alg_t
ipsec_integ_alg_t
Definition: ipsec.h:78
foreach_ipsec_policy_action
#define foreach_ipsec_policy_action
Definition: ipsec.h:20
ipsec_main_t
Definition: ipsec.h:226
ipsec_spd_t::policies
ipsec_policy_t * policies
Definition: ipsec.h:199
ipsec_main_t::ip4_lookup_node_index
u32 ip4_lookup_node_index
Definition: ipsec.h:255
ip4_address_t
Definition: ip4_packet.h:49
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec.h:119
format_ipsec_replay_window
u8 * format_ipsec_replay_window(u8 *s, va_list *args)
Definition: ipsec_format.c:122
ipsec_main_t::error_drop_node_index
u32 error_drop_node_index
Definition: ipsec.h:254
ipsec_policy_t::protocol
u8 protocol
Definition: ipsec.h:182
ipsec_sa_t::is_tunnel_ip6
u8 is_tunnel_ip6
Definition: ipsec.h:110
ipsec_sa_t::salt
u32 salt
Definition: ipsec.h:114
ipsec_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ipsec.h:242
get_next_output_feature_node_index
static_always_inline u32 get_next_output_feature_node_index(vlib_buffer_t *b, vlib_node_runtime_t *nr)
Definition: ipsec.h:324
os_get_cpu_number
uword os_get_cpu_number(void)
Definition: unix-misc.c:224
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec.h:120
ipsec_if_set_key_type_t
ipsec_if_set_key_type_t
Definition: ipsec.h:163
ipsec_add_del_tunnel_args_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec.h:143
ipsec_policy_t
Definition: ipsec.h:172
ipsec_add_del_ipsec_gre_tunnel_args_t::is_add
u8 is_add
Definition: ipsec.h:156
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:97
VLIB_FRAME_SIZE
#define VLIB_FRAME_SIZE
Definition: node.h:328
ipsec_sa_t
Definition: ipsec.h:92
ipsec_policy_t::laddr
ip46_address_range_t laddr
Definition: ipsec.h:180
vlib_node_runtime_t::node_index
u32 node_index
Definition: node.h:440
vnet_feature_next
static_always_inline void vnet_feature_next(u32 sw_if_index, u32 *next0, vlib_buffer_t *b0)
Definition: feature.h:223
ipsec_add_del_tunnel_args_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec.h:148
ipsec_crypto_alg_t
ipsec_crypto_alg_t
Definition: ipsec.h:49
ipsec_main_t::spd_index_by_spd_id
uword * spd_index_by_spd_id
Definition: ipsec.h:248
ipsec_sa_t::tunnel_dst_addr
ip46_address_t tunnel_dst_addr
Definition: ipsec.h:112
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.h:260
ipsec_add_del_tunnel_args_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:142
ipsec_add_del_sa
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
Definition: ipsec.c:427
ipsec_add_del_tunnel_args_t
Definition: ipsec.h:134
ipsec_add_del_tunnel_args_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec.h:145
ipsec_main_t::esp_encrypt_node_index
u32 esp_encrypt_node_index
Definition: ipsec.h:256
esp_encrypt_node
vlib_node_registration_t esp_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp_encrypt_node)
Definition: esp_encrypt.c:61
ipsec_add_del_ipsec_gre_tunnel_args_t
Definition: ipsec.h:154
ipsec_policy_t::sa_index
u32 sa_index
Definition: ipsec.h:189
ipsec_add_del_spd
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Definition: ipsec.c:102
ipsec_add_del_ipsec_gre_tunnel_args_t::local_ip
ip4_address_t local_ip
Definition: ipsec.h:159
ipsec_set_sa_key
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
Definition: ipsec.c:468
vlib_buffer_t
Definition: buffer.h:73
ipsec_main_t::sa_index_by_sa_id
uword * sa_index_by_sa_id
Definition: ipsec.h:250
ipsec_tunnel_if_t::output_sa_index
u32 output_sa_index
Definition: ipsec.h:222
ipsec_policy_action_t
ipsec_policy_action_t
Definition: ipsec.h:26
ipsec_main_t::vlib_main
vlib_main_t * vlib_main
Definition: ipsec.h:241
esp_decrypt_node
vlib_node_registration_t esp_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp_decrypt_node)
Definition: esp_decrypt.c:404
ipsec_policy_t::rport
port_range_t rport
Definition: ipsec.h:184
ipsec_policy_t::raddr
ip46_address_range_t raddr
Definition: ipsec.h:181
vnet_main_t
Definition: vnet.h:52
u32
unsigned int u32
Definition: types.h:88
format_ipsec_crypto_alg
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:58
ip4_ipsec_config_t::spd_index
u32 spd_index
Definition: ipsec.h:211
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:361
ipsec_tunnel_if_t::hw_if_index
u32 hw_if_index
Definition: ipsec.h:223
ipsec_add_del_tunnel_args_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:147
ipsec_add_del_tunnel_args_t::esn
u8 esn
Definition: ipsec.h:137
ipsec_main_t::sad
ipsec_sa_t * sad
Definition: ipsec.h:230
foreach_ipsec_crypto_alg
#define foreach_ipsec_crypto_alg
Definition: ipsec.h:42
ipsec_policy_t::is_ipv6
u8 is_ipv6
Definition: ipsec.h:179
format_ipsec_policy_action
u8 * format_ipsec_policy_action(u8 *s, va_list *args)
Definition: ipsec_format.c:26
ipsec_sa_t::integ_key_len
u8 integ_key_len
Definition: ipsec.h:103
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec.h:96
vlib_buffer_alloc
u32 vlib_buffer_alloc(vlib_main_t *vm, u32 *buffers, u32 n_buffers)
Allocate buffers into supplied array.
ipsec_tunnel_if_t::input_sa_index
u32 input_sa_index
Definition: ipsec.h:221
ipsec_sa_t::seq
u32 seq
Definition: ipsec.h:117
uword
u64 uword
Definition: types.h:112
ip6_ipsec_config_t
Definition: ipsec.h:214
ipsec_add_del_ipsec_gre_tunnel_args_t::remote_sa_id
u32 remote_sa_id
Definition: ipsec.h:158
ipsec_sa_t::crypto_key_len
u8 crypto_key_len
Definition: ipsec.h:99
VLIB_TX
Definition: defs.h:47
format_ipsec_integ_alg
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:90
u16
unsigned short u16
Definition: types.h:57
foreach_ipsec_integ_alg
#define foreach_ipsec_integ_alg
Definition: ipsec.h:68
ipsec_spd_t::ipv4_inbound_policy_discard_and_bypass_indices
u32 * ipv4_inbound_policy_discard_and_bypass_indices
Definition: ipsec.h:204
ipsec_add_del_tunnel_if
int ipsec_add_del_tunnel_if(ipsec_add_del_tunnel_args_t *args)
Definition: ipsec_if.c:87
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
u8
unsigned char u8
Definition: types.h:56
ipsec_policy_t::counter
vlib_counter_t counter
Definition: ipsec.h:192
ipsec_policy_t::is_outbound
u8 is_outbound
Definition: ipsec.h:176
ipsec_main_t::free_tunnel_if_indices
u32 * free_tunnel_if_indices
Definition: ipsec.h:234
ip46_address_range_t
Definition: ipsec.h:124
vlib_main_t
Definition: main.h:59
ipsec_spd_t::ipv6_inbound_policy_discard_and_bypass_indices
u32 * ipv6_inbound_policy_discard_and_bypass_indices
Definition: ipsec.h:206
vlib_node_t
Definition: node.h:215
ipsec_spd_t::ipv6_outbound_policies
u32 * ipv6_outbound_policies
Definition: ipsec.h:202
ipsec_policy_t::id
u32 id
Definition: ipsec.h:174
ipsec_spd_t::id
u32 id
Definition: ipsec.h:197
ipsec_add_del_ipsec_gre_tunnel_args_t::remote_ip
ip4_address_t remote_ip
Definition: ipsec.h:160
ipsec_add_del_tunnel_args_t::is_add
u8 is_add
Definition: ipsec.h:136
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:98
ipsec_set_interface_spd
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Definition: ipsec.c:55
ipsec_policy_t::policy
u8 policy
Definition: ipsec.h:187
vlib_get_node
static vlib_node_t * vlib_get_node(vlib_main_t *vm, u32 i)
Get vlib node by index.
Definition: node_funcs.h:58
unformat_ipsec_policy_action
uword unformat_ipsec_policy_action(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:44
unformat_input_t
struct _unformat_input_t unformat_input_t
ipsec_add_del_tunnel_args_t::anti_replay
u8 anti_replay
Definition: ipsec.h:138
ipsec_main_t::empty_buffers
u32 ** empty_buffers
Definition: ipsec.h:236
ipsec_sa_t::use_anti_replay
u8 use_anti_replay
Definition: ipsec.h:107
ipsec_if_output_node
vlib_node_registration_t ipsec_if_output_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_output_node)
Definition: ipsec_if_out.c:135
ipsec_add_del_ipsec_gre_tunnel_args_t::local_sa_id
u32 local_sa_id
Definition: ipsec.h:157