21 #define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0) 24 #define foreach_ipsec_output_next \ 25 _(DROP, "error-drop") \ 26 _(ESP_ENCRYPT, "esp-encrypt") \ 27 _(AH_ENCRYPT, "ah-encrypt") 29 #define _(v, s) IPSEC_OUTPUT_NEXT_##v, 38 #define foreach_ipsec_input_next \ 39 _(DROP, "error-drop") \ 40 _(ESP_DECRYPT, "esp-decrypt") \ 41 _(AH_DECRYPT, "ah-decrypt") 43 #define _(v, s) IPSEC_INPUT_NEXT_##v, 52 #define foreach_ipsec_policy_action \ 53 _(0, BYPASS, "bypass") \ 54 _(1, DISCARD, "discard") \ 55 _(2, RESOLVE, "resolve") \ 56 _(3, PROTECT, "protect") 60 #define _(v,f,s) IPSEC_POLICY_ACTION_##f = v, 66 #define foreach_ipsec_crypto_alg \ 68 _(1, AES_CBC_128, "aes-cbc-128") \ 69 _(2, AES_CBC_192, "aes-cbc-192") \ 70 _(3, AES_CBC_256, "aes-cbc-256") \ 71 _(4, AES_CTR_128, "aes-ctr-128") \ 72 _(5, AES_CTR_192, "aes-ctr-192") \ 73 _(6, AES_CTR_256, "aes-ctr-256") \ 74 _(7, AES_GCM_128, "aes-gcm-128") \ 75 _(8, AES_GCM_192, "aes-gcm-192") \ 76 _(9, AES_GCM_256, "aes-gcm-256") \ 77 _(10, DES_CBC, "des-cbc") \ 78 _(11, 3DES_CBC, "3des-cbc") 82 #define _(v,f,s) IPSEC_CRYPTO_ALG_##f = v, 88 #define foreach_ipsec_integ_alg \ 90 _(1, MD5_96, "md5-96") \ 91 _(2, SHA1_96, "sha1-96") \ 92 _(3, SHA_256_96, "sha-256-96") \ 93 _(4, SHA_256_128, "sha-256-128") \ 94 _(5, SHA_384_192, "sha-384-192") \ 95 _(6, SHA_512_256, "sha-512-256") 99 #define _(v,f,s) IPSEC_INTEG_ALG_##f = v, 166 u8 local_crypto_key[128];
168 u8 remote_crypto_key[128];
171 u8 local_integ_key[128];
173 u8 remote_integ_key[128];
275 u32 feature_next_node_index[32];
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
u32 * ipv6_inbound_protect_policy_indices
int ipsec_set_interface_sa(vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
u32 ah_decrypt_next_index
#define CLIB_CACHE_LINE_ALIGN_MARK(mark)
u32 * ipv4_inbound_protect_policy_indices
u32 ah_decrypt_node_index
ipsec_tunnel_if_t * tunnel_interfaces
ip46_address_t tunnel_src_addr
uword * tunnel_index_by_key
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
vlib_node_registration_t ipsec_if_output_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_output_node)
u32 ipsec_get_sa_index_by_sa_id(u32 sa_id)
u32 ah_encrypt_node_index
ipsec_integ_alg_t integ_alg
Combined counter to hold both packets and byte differences.
u32 * ipv4_outbound_policies
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
uword * ipsec_if_pool_index_by_key
#define vec_alloc(V, N)
Allocate space for N more elements (no header, unspecified alignment)
u8 ipsec_is_sa_used(u32 sa_index)
uword * spd_index_by_sw_if_index
#define static_always_inline
u32 esp_encrypt_next_index
uword unformat_ipsec_integ_alg(unformat_input_t *input, va_list *args)
int ipsec_add_del_ipsec_gre_tunnel(vnet_main_t *vnm, ipsec_add_del_ipsec_gre_tunnel_args_t *args)
#define foreach_ipsec_input_next
ipsec_main_callbacks_t cb
u32 ah_encrypt_next_index
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
ipsec_policy_t * policies
u32 error_drop_node_index
vlib_node_registration_t ah_decrypt_node
(constructor) VLIB_REGISTER_NODE (ah_decrypt_node)
uword unformat_ipsec_crypto_alg(unformat_input_t *input, va_list *args)
vlib_node_registration_t ah_encrypt_node
(constructor) VLIB_REGISTER_NODE (ah_encrypt_node)
ip46_address_range_t laddr
u32 node_index
Node index.
static_always_inline void vnet_feature_next(u32 sw_if_index, u32 *next0, vlib_buffer_t *b0)
#define foreach_ipsec_integ_alg
uword * spd_index_by_spd_id
ip46_address_t tunnel_dst_addr
#define foreach_ipsec_crypto_alg
ipsec_crypto_alg_t crypto_alg
static_always_inline uword vlib_get_thread_index(void)
#define foreach_ipsec_policy_action
u32 esp_encrypt_node_index
u32 esp_decrypt_next_index
vlib_node_registration_t ipsec_if_input_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_input_node)
#define foreach_ipsec_output_next
uword * sa_index_by_sa_id
static void ipsec_alloc_empty_buffers(vlib_main_t *vm, ipsec_main_t *im)
static_always_inline u32 get_next_output_feature_node_index(vlib_buffer_t *b, vlib_node_runtime_t *nr)
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
ip46_address_range_t raddr
u8 * format_ipsec_replay_window(u8 *s, va_list *args)
ipsec_integ_alg_t integ_alg
ipsec_protocol_t protocol
uword unformat_ipsec_policy_action(unformat_input_t *input, va_list *args)
static vlib_main_t * vlib_get_main(void)
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
struct _vlib_node_registration vlib_node_registration_t
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
u8 * format_ipsec_policy_action(u8 *s, va_list *args)
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index)
u32 * ipv4_inbound_policy_discard_and_bypass_indices
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
u32 * free_tunnel_if_indices
u32 * ipv6_inbound_policy_discard_and_bypass_indices
u32 * ipv6_outbound_policies
ipsec_crypto_alg_t crypto_alg
static vlib_node_t * vlib_get_node(vlib_main_t *vm, u32 i)
Get vlib node by index.
int ipsec_add_del_tunnel_if(ipsec_add_del_tunnel_args_t *args)
vlib_node_registration_t esp_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp_decrypt_node)
static u32 vlib_buffer_alloc(vlib_main_t *vm, u32 *buffers, u32 n_buffers)
Allocate buffers into supplied array.
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
vlib_node_registration_t esp_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp_encrypt_node)
u8 * format_ipsec_if_output_trace(u8 *s, va_list *args)
u32 esp_decrypt_node_index