FD.io VPP  v19.01.3-6-g70449b9b9
Vector Packet Processing
ipsec.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __IPSEC_H__
16 #define __IPSEC_H__
17 
18 #include <vnet/ip/ip.h>
19 #include <vnet/feature/feature.h>
20 
21 #include <openssl/hmac.h>
22 #include <openssl/rand.h>
23 #include <openssl/evp.h>
24 
25 #include <vppinfra/types.h>
26 #include <vppinfra/cache.h>
27 
28 #define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)
29 
30 #define foreach_ipsec_output_next \
31  _ (DROP, "error-drop") \
32  _ (ESP4_ENCRYPT, "esp4-encrypt") \
33  _ (AH4_ENCRYPT, "ah4-encrypt") \
34  _ (ESP6_ENCRYPT, "esp6-encrypt") \
35  _ (AH6_ENCRYPT, "ah6-encrypt")
36 
37 #define _(v, s) IPSEC_OUTPUT_NEXT_##v,
38 typedef enum
39 {
40  foreach_ipsec_output_next
41 #undef _
42  IPSEC_OUTPUT_N_NEXT,
43 } ipsec_output_next_t;
44 
45 #define foreach_ipsec_input_next \
46  _ (DROP, "error-drop") \
47  _ (ESP4_DECRYPT, "esp4-decrypt") \
48  _ (AH4_DECRYPT, "ah4-decrypt") \
49  _ (ESP6_DECRYPT, "esp6-decrypt") \
50  _ (AH6_DECRYPT, "ah6-decrypt")
51 
52 #define _(v, s) IPSEC_INPUT_NEXT_##v,
53 typedef enum
54 {
55  foreach_ipsec_input_next
56 #undef _
57  IPSEC_INPUT_N_NEXT,
58 } ipsec_input_next_t;
59 
60 #define foreach_ipsec_policy_action \
61  _ (0, BYPASS, "bypass") \
62  _ (1, DISCARD, "discard") \
63  _ (2, RESOLVE, "resolve") \
64  _ (3, PROTECT, "protect")
65 
66 typedef enum
67 {
68 #define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
69  foreach_ipsec_policy_action
70 #undef _
71  IPSEC_POLICY_N_ACTION,
72 } ipsec_policy_action_t;
73 
74 #define foreach_ipsec_crypto_alg \
75  _ (0, NONE, "none") \
76  _ (1, AES_CBC_128, "aes-cbc-128") \
77  _ (2, AES_CBC_192, "aes-cbc-192") \
78  _ (3, AES_CBC_256, "aes-cbc-256") \
79  _ (4, AES_CTR_128, "aes-ctr-128") \
80  _ (5, AES_CTR_192, "aes-ctr-192") \
81  _ (6, AES_CTR_256, "aes-ctr-256") \
82  _ (7, AES_GCM_128, "aes-gcm-128") \
83  _ (8, AES_GCM_192, "aes-gcm-192") \
84  _ (9, AES_GCM_256, "aes-gcm-256") \
85  _ (10, DES_CBC, "des-cbc") \
86  _ (11, 3DES_CBC, "3des-cbc")
87 
88 typedef enum
89 {
90 #define _(v, f, s) IPSEC_CRYPTO_ALG_##f = v,
91  foreach_ipsec_crypto_alg
92 #undef _
93  IPSEC_CRYPTO_N_ALG,
94 } ipsec_crypto_alg_t;
95 
96 #define foreach_ipsec_integ_alg \
97  _ (0, NONE, "none") \
98  _ (1, MD5_96, "md5-96") /* RFC2403 */ \
99  _ (2, SHA1_96, "sha1-96") /* RFC2404 */ \
100  _ (3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
101  _ (4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
102  _ (5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
103  _ (6, SHA_512_256, "sha-512-256") /* RFC4868 */
104 
105 typedef enum
106 {
107 #define _(v, f, s) IPSEC_INTEG_ALG_##f = v,
108  foreach_ipsec_integ_alg
109 #undef _
110  IPSEC_INTEG_N_ALG,
111 } ipsec_integ_alg_t;
112 
113 typedef enum
114 {
115  IPSEC_PROTOCOL_AH = 0,
116  IPSEC_PROTOCOL_ESP = 1
117 } ipsec_protocol_t;
118 
119 typedef struct
120 {
121  u32 id;
122  u32 spi;
123  ipsec_protocol_t protocol;
124 
125  ipsec_crypto_alg_t crypto_alg;
126  u8 crypto_key_len;
127  u8 crypto_key[128];
128 
129  ipsec_integ_alg_t integ_alg;
130  u8 integ_key_len;
131  u8 integ_key[128];
132 
133  u8 use_esn;
134  u8 use_anti_replay;
135 
136  u8 is_tunnel;
137  u8 is_tunnel_ip6;
138  u8 udp_encap;
139  ip46_address_t tunnel_src_addr;
140  ip46_address_t tunnel_dst_addr;
141 
142  u32 tx_fib_index;
143  u32 salt;
144 
145  /* runtime */
146  u32 seq;
147  u32 seq_hi;
148  u32 last_seq;
149  u32 last_seq_hi;
150  u64 replay_window;
151 
152  /* lifetime data */
153  u64 total_data_size;
154 } ipsec_sa_t;
155 
156 typedef struct
157 {
158  ip46_address_t start, stop;
159 } ip46_address_range_t;
160 
161 typedef struct
162 {
163  u16 start, stop;
164 } port_range_t;
165 
166 typedef struct
167 {
168  u8 is_add;
169  u8 esn;
170  u8 anti_replay;
171  ip4_address_t local_ip, remote_ip;
172  u32 local_spi;
173  u32 remote_spi;
174  ipsec_crypto_alg_t crypto_alg;
175  u8 local_crypto_key_len;
176  u8 local_crypto_key[128];
177  u8 remote_crypto_key_len;
178  u8 remote_crypto_key[128];
179  ipsec_integ_alg_t integ_alg;
180  u8 local_integ_key_len;
181  u8 local_integ_key[128];
182  u8 remote_integ_key_len;
183  u8 remote_integ_key[128];
184  u8 renumber;
185  u32 show_instance;
186  u8 udp_encap;
187  u32 tx_table_id;
188 } ipsec_add_del_tunnel_args_t;
189 
190 typedef struct
191 {
192  u8 is_add;
193  u32 local_sa_id;
194  u32 remote_sa_id;
195  ip4_address_t local_ip;
196  ip4_address_t remote_ip;
197 } ipsec_add_del_ipsec_gre_tunnel_args_t;
198 
199 typedef enum
200 {
201  IPSEC_IF_SET_KEY_TYPE_NONE,
202  IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO,
203  IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO,
204  IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG,
205  IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG,
206 } ipsec_if_set_key_type_t;
207 
208 typedef struct
209 {
210  u32 id;
211  i32 priority;
212  u8 is_outbound;
213 
214  // Selector
215  u8 is_ipv6;
216  ip46_address_range_t laddr;
217  ip46_address_range_t raddr;
218  u8 protocol;
219  port_range_t lport;
220  port_range_t rport;
221 
222  // Policy
223  u8 policy;
224  u32 sa_id;
225  u32 sa_index;
226 
227  // Counter
228  vlib_counter_t counter;
229 } ipsec_policy_t;
230 
231 typedef struct
232 {
233  u32 id;
234  /* pool of policies */
235  ipsec_policy_t *policies;
236  /* vectors of policy indices */
237  u32 *ipv4_outbound_policies;
238  u32 *ipv6_outbound_policies;
239  u32 *ipv4_inbound_protect_policy_indices;
240  u32 *ipv4_inbound_policy_discard_and_bypass_indices;
241  u32 *ipv6_inbound_protect_policy_indices;
242  u32 *ipv6_inbound_policy_discard_and_bypass_indices;
243 } ipsec_spd_t;
244 
245 typedef struct
246 {
247  u32 spd_index;
248 } ip4_ipsec_config_t;
249 
250 typedef struct
251 {
252  u32 spd_index;
253 } ip6_ipsec_config_t;
254 
255 typedef struct
256 {
257  /* Required for pool_get_aligned */
258  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
259  u32 input_sa_index;
260  u32 output_sa_index;
261  u32 hw_if_index;
262  u32 show_instance;
263 } ipsec_tunnel_if_t;
264 
265 typedef clib_error_t *(*add_del_sa_sess_cb_t) (u32 sa_index, u8 is_add);
266 typedef clib_error_t *(*check_support_cb_t) (ipsec_sa_t * sa);
267 
268 typedef struct
269 {
270  u8 *name;
271  /* add/del callback */
272  add_del_sa_sess_cb_t add_del_sa_sess_cb;
273  /* check support function */
274  check_support_cb_t check_support_cb;
275  u32 ah4_encrypt_node_index;
276  u32 ah4_decrypt_node_index;
277  u32 ah4_encrypt_next_index;
278  u32 ah4_decrypt_next_index;
279  u32 ah6_encrypt_node_index;
280  u32 ah6_decrypt_node_index;
281  u32 ah6_encrypt_next_index;
282  u32 ah6_decrypt_next_index;
283 } ipsec_ah_backend_t;
284 
285 typedef struct
286 {
287  u8 *name;
288  /* add/del callback */
289  add_del_sa_sess_cb_t add_del_sa_sess_cb;
290  /* check support function */
291  check_support_cb_t check_support_cb;
292  u32 esp4_encrypt_node_index;
293  u32 esp4_decrypt_node_index;
294  u32 esp4_encrypt_next_index;
295  u32 esp4_decrypt_next_index;
296  u32 esp6_encrypt_node_index;
297  u32 esp6_decrypt_node_index;
298  u32 esp6_encrypt_next_index;
299  u32 esp6_decrypt_next_index;
300 } ipsec_esp_backend_t;
301 
302 typedef struct
303 {
304  const EVP_CIPHER *type;
305  u8 iv_size;
306  u8 block_size;
307 } ipsec_proto_main_crypto_alg_t;
308 
309 typedef struct
310 {
311  const EVP_MD *md;
312  u8 trunc_size;
313 } ipsec_proto_main_integ_alg_t;
314 
315 typedef struct
316 {
317  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
318 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
319  EVP_CIPHER_CTX *encrypt_ctx;
320 #else
321  EVP_CIPHER_CTX encrypt_ctx;
322 #endif
323  CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
324 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
325  EVP_CIPHER_CTX *decrypt_ctx;
326 #else
327  EVP_CIPHER_CTX decrypt_ctx;
328 #endif
329  CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
330 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
331  HMAC_CTX *hmac_ctx;
332 #else
333  HMAC_CTX hmac_ctx;
334 #endif
335  ipsec_crypto_alg_t last_encrypt_alg;
336  ipsec_crypto_alg_t last_decrypt_alg;
337  ipsec_integ_alg_t last_integ_alg;
338 } ipsec_proto_main_per_thread_data_t;
339 
340 typedef struct
341 {
342  ipsec_proto_main_crypto_alg_t *ipsec_proto_main_crypto_algs;
343  ipsec_proto_main_integ_alg_t *ipsec_proto_main_integ_algs;
344  ipsec_proto_main_per_thread_data_t *per_thread_data;
345 } ipsec_proto_main_t;
346 
347 extern ipsec_proto_main_t ipsec_proto_main;
348 
349 typedef struct
350 {
351  /* pool of tunnel instances */
352  ipsec_spd_t *spds;
353  ipsec_sa_t *sad;
354 
355  /* pool of tunnel interfaces */
356  ipsec_tunnel_if_t *tunnel_interfaces;
357  u32 *free_tunnel_if_indices;
358 
359  u32 **empty_buffers;
360 
361  uword *tunnel_index_by_key;
362 
363  /* convenience */
364  vlib_main_t *vlib_main;
365  vnet_main_t *vnet_main;
366 
367  /* next node indices */
368  u32 feature_next_node_index[32];
369 
370  /* hashes */
371  uword *spd_index_by_spd_id;
372  uword *spd_index_by_sw_if_index;
373  uword *sa_index_by_sa_id;
374  uword *ipsec_if_pool_index_by_key;
375  uword *ipsec_if_real_dev_by_show_dev;
376 
377  /* node indices */
378  u32 error_drop_node_index;
379  u32 esp4_encrypt_node_index;
380  u32 esp4_decrypt_node_index;
381  u32 ah4_encrypt_node_index;
382  u32 ah4_decrypt_node_index;
383  u32 esp6_encrypt_node_index;
384  u32 esp6_decrypt_node_index;
385  u32 ah6_encrypt_node_index;
386  u32 ah6_decrypt_node_index;
387  /* next node indices */
388  u32 esp4_encrypt_next_index;
389  u32 esp4_decrypt_next_index;
390  u32 ah4_encrypt_next_index;
391  u32 ah4_decrypt_next_index;
392  u32 esp6_encrypt_next_index;
393  u32 esp6_decrypt_next_index;
394  u32 ah6_encrypt_next_index;
395  u32 ah6_decrypt_next_index;
396 
397  /* pool of ah backends */
398  ipsec_ah_backend_t *ah_backends;
399  /* pool of esp backends */
400  ipsec_esp_backend_t *esp_backends;
401  /* index of current ah backend */
402  u32 ah_current_backend;
403  /* index of current esp backend */
404  u32 esp_current_backend;
405  /* index of default ah backend */
406  u32 ah_default_backend;
407  /* index of default esp backend */
408  u32 esp_default_backend;
409 
410  /* helper for sort function */
411  ipsec_spd_t *spd_to_sort;
412 } ipsec_main_t;
413 
414 extern ipsec_main_t ipsec_main;
415 
416 clib_error_t *ipsec_add_del_sa_sess_cb (ipsec_main_t * im, u32 sa_index,
417  u8 is_add);
418 
419 clib_error_t *ipsec_check_support_cb (ipsec_main_t * im, ipsec_sa_t * sa);
420 
421 extern vlib_node_registration_t esp4_encrypt_node;
422 extern vlib_node_registration_t esp4_decrypt_node;
423 extern vlib_node_registration_t ah4_encrypt_node;
424 extern vlib_node_registration_t ah4_decrypt_node;
425 extern vlib_node_registration_t esp6_encrypt_node;
426 extern vlib_node_registration_t esp6_decrypt_node;
427 extern vlib_node_registration_t ah6_encrypt_node;
428 extern vlib_node_registration_t ah6_decrypt_node;
429 extern vlib_node_registration_t ipsec_if_input_node;
430 
431 /*
432  * functions
433  */
434 int ipsec_set_interface_spd (vlib_main_t * vm, u32 sw_if_index, u32 spd_id,
435  int is_add);
436 int ipsec_add_del_spd (vlib_main_t * vm, u32 spd_id, int is_add);
437 int ipsec_add_del_policy (vlib_main_t * vm, ipsec_policy_t * policy,
438  int is_add);
439 int ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add);
440 int ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update);
441 
442 u32 ipsec_get_sa_index_by_sa_id (u32 sa_id);
443 u8 ipsec_is_sa_used (u32 sa_index);
444 u8 *format_ipsec_policy_action (u8 * s, va_list * args);
445 u8 *format_ipsec_crypto_alg (u8 * s, va_list * args);
446 u8 *format_ipsec_integ_alg (u8 * s, va_list * args);
447 u8 *format_ipsec_replay_window (u8 * s, va_list * args);
448 uword unformat_ipsec_policy_action (unformat_input_t * input, va_list * args);
449 uword unformat_ipsec_crypto_alg (unformat_input_t * input, va_list * args);
450 uword unformat_ipsec_integ_alg (unformat_input_t * input, va_list * args);
451 
452 int ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
453  ipsec_add_del_tunnel_args_t * args,
454  u32 * sw_if_index);
455 int ipsec_add_del_tunnel_if (ipsec_add_del_tunnel_args_t * args);
456 int ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
457  ipsec_add_del_ipsec_gre_tunnel_args_t *
458  args);
459 int ipsec_set_interface_key (vnet_main_t * vnm, u32 hw_if_index,
460  ipsec_if_set_key_type_t type, u8 alg, u8 * key);
461 int ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id,
462  u8 is_outbound);
463 
464 /*
465  * inline functions
466  */
467 
468 always_inline void
469 ipsec_alloc_empty_buffers (vlib_main_t * vm, ipsec_main_t * im)
470 {
471  u32 thread_index = vm->thread_index;
472  uword l = vec_len (im->empty_buffers[thread_index]);
473  uword n_alloc = 0;
474 
475  if (PREDICT_FALSE (l < VLIB_FRAME_SIZE))
476  {
477  if (!im->empty_buffers[thread_index])
478  {
479  vec_alloc (im->empty_buffers[thread_index], 2 * VLIB_FRAME_SIZE);
480  }
481 
482  n_alloc = vlib_buffer_alloc (vm, im->empty_buffers[thread_index] + l,
483  2 * VLIB_FRAME_SIZE - l);
484 
485  _vec_len (im->empty_buffers[thread_index]) = l + n_alloc;
486  }
487 }
488 
489 static_always_inline u32
490 get_next_output_feature_node_index (vlib_buffer_t * b,
491  vlib_node_runtime_t * nr)
492 {
493  u32 next;
494  vlib_main_t *vm = vlib_get_main ();
495  vlib_node_t *node = vlib_get_node (vm, nr->node_index);
496 
497  vnet_feature_next (&next, b);
498  return node->next_nodes[next];
499 }
500 
501 u32 ipsec_register_ah_backend (vlib_main_t * vm, ipsec_main_t * im,
502  const char *name,
503  const char *ah4_encrypt_node_name,
504  const char *ah4_decrypt_node_name,
505  const char *ah6_encrypt_node_name,
506  const char *ah6_decrypt_node_name,
507  check_support_cb_t ah_check_support_cb,
508  add_del_sa_sess_cb_t ah_add_del_sa_sess_cb);
509 
510 u32 ipsec_register_esp_backend (vlib_main_t * vm, ipsec_main_t * im,
511  const char *name,
512  const char *esp4_encrypt_node_name,
513  const char *esp4_decrypt_node_name,
514  const char *esp6_encrypt_node_name,
515  const char *esp6_decrypt_node_name,
516  check_support_cb_t esp_check_support_cb,
517  add_del_sa_sess_cb_t esp_add_del_sa_sess_cb);
518 
519 int ipsec_select_ah_backend (ipsec_main_t * im, u32 ah_backend_idx);
520 int ipsec_select_esp_backend (ipsec_main_t * im, u32 esp_backend_idx);
521 #endif /* __IPSEC_H__ */
522 
523 /*
524  * fd.io coding-style-patch-verification: ON
525  *
526  * Local Variables:
527  * eval: (c-set-style "gnu")
528  * End:
529  */
vlib_node_t::next_nodes
u32 * next_nodes
Definition: node.h:358
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec.h:158
ipsec_set_interface_key
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
Definition: ipsec_if.c:478
ipsec_spd_t::ipv6_inbound_protect_policy_indices
u32 * ipv6_inbound_protect_policy_indices
Definition: ipsec.h:241
ipsec_main_t::spds
ipsec_spd_t * spds
Definition: ipsec.h:352
ipsec_set_interface_sa
int ipsec_set_interface_sa(vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
Definition: ipsec_if.c:528
ipsec_proto_main_per_thread_data_t::encrypt_ctx
EVP_CIPHER_CTX * encrypt_ctx
Definition: ipsec.h:319
ipsec_main_t::esp_default_backend
u32 esp_default_backend
Definition: ipsec.h:408
CLIB_CACHE_LINE_ALIGN_MARK
#define CLIB_CACHE_LINE_ALIGN_MARK(mark)
Definition: cache.h:60
ipsec_esp_backend_t::esp4_encrypt_next_index
u32 esp4_encrypt_next_index
Definition: ipsec.h:294
ipsec_spd_t::ipv4_inbound_protect_policy_indices
u32 * ipv4_inbound_protect_policy_indices
Definition: ipsec.h:239
ipsec_main_t::tunnel_interfaces
ipsec_tunnel_if_t * tunnel_interfaces
Definition: ipsec.h:356
port_range_t::stop
u16 stop
Definition: ipsec.h:163
ipsec_sa_t::tunnel_src_addr
ip46_address_t tunnel_src_addr
Definition: ipsec.h:139
ipsec_main_t::esp6_decrypt_node_index
u32 esp6_decrypt_node_index
Definition: ipsec.h:384
ipsec_main_t::tunnel_index_by_key
uword * tunnel_index_by_key
Definition: ipsec.h:361
ipsec_main_t::ah4_decrypt_next_index
u32 ah4_decrypt_next_index
Definition: ipsec.h:391
ipsec_sa_t::id
u32 id
Definition: ipsec.h:121
ipsec_proto_main_t::ipsec_proto_main_integ_algs
ipsec_proto_main_integ_alg_t * ipsec_proto_main_integ_algs
Definition: ipsec.h:343
ipsec_set_interface_spd
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Definition: ipsec.c:44
ipsec_get_sa_index_by_sa_id
u32 ipsec_get_sa_index_by_sa_id(u32 sa_id)
Definition: ipsec.c:33
ipsec_policy_t::priority
i32 priority
Definition: ipsec.h:211
ipsec_ah_backend_t
Definition: ipsec.h:268
u64
unsigned long u64
Definition: types.h:89
ipsec_add_del_tunnel_args_t::renumber
u8 renumber
Definition: ipsec.h:184
ipsec_esp_backend_t::esp4_decrypt_node_index
u32 esp4_decrypt_node_index
Definition: ipsec.h:293
ipsec_proto_main_per_thread_data_t::last_decrypt_alg
ipsec_crypto_alg_t last_decrypt_alg
Definition: ipsec.h:336
ipsec_check_support_cb
clib_error_t * ipsec_check_support_cb(ipsec_main_t *im, ipsec_sa_t *sa)
Definition: ipsec.c:579
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:129
ipsec_ah_backend_t::ah6_decrypt_next_index
u32 ah6_decrypt_next_index
Definition: ipsec.h:282
vlib_main_t::thread_index
u32 thread_index
Definition: main.h:179
ipsec_esp_backend_t::esp6_decrypt_next_index
u32 esp6_decrypt_next_index
Definition: ipsec.h:299
ipsec_proto_main_integ_alg_t::trunc_size
u8 trunc_size
Definition: ipsec.h:312
ipsec_main_t::ah4_encrypt_next_index
u32 ah4_encrypt_next_index
Definition: ipsec.h:390
ipsec_ah_backend_t::ah4_encrypt_node_index
u32 ah4_encrypt_node_index
Definition: ipsec.h:275
ipsec_esp_backend_t::esp6_encrypt_node_index
u32 esp6_encrypt_node_index
Definition: ipsec.h:296
vlib_counter_t
Combined counter to hold both packets and byte differences.
Definition: counter_types.h:26
ipsec_sa_t::is_tunnel
u8 is_tunnel
Definition: ipsec.h:136
ipsec_spd_t::ipv4_outbound_policies
u32 * ipv4_outbound_policies
Definition: ipsec.h:237
ip6_ipsec_config_t::spd_index
u32 spd_index
Definition: ipsec.h:252
ipsec_output_next_t
ipsec_output_next_t
Definition: ipsec.h:38
ipsec_add_del_tunnel_args_t::udp_encap
u8 udp_encap
Definition: ipsec.h:186
ipsec_main_t::ah_current_backend
u32 ah_current_backend
Definition: ipsec.h:402
ipsec_spd_t
Definition: ipsec.h:231
ipsec_proto_main_crypto_alg_t::type
const EVP_CIPHER * type
Definition: ipsec.h:304
ipsec_tunnel_if_t
Definition: ipsec.h:255
ipsec_main_t::esp_current_backend
u32 esp_current_backend
Definition: ipsec.h:404
ipsec_add_del_spd
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Definition: ipsec.c:93
ipsec_main_t::ipsec_if_pool_index_by_key
uword * ipsec_if_pool_index_by_key
Definition: ipsec.h:374
ipsec_ah_backend_t::ah6_decrypt_node_index
u32 ah6_decrypt_node_index
Definition: ipsec.h:280
ipsec_proto_main_t::ipsec_proto_main_crypto_algs
ipsec_proto_main_crypto_alg_t * ipsec_proto_main_crypto_algs
Definition: ipsec.h:342
vec_alloc
#define vec_alloc(V, N)
Allocate space for N more elements (no header, unspecified alignment)
Definition: vec.h:280
u8
unsigned char u8
Definition: types.h:56
esp6_decrypt_node
vlib_node_registration_t esp6_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp6_decrypt_node)
Definition: esp_decrypt.c:443
ipsec_is_sa_used
u8 ipsec_is_sa_used(u32 sa_index)
Definition: ipsec.c:380
ipsec_sa_t::spi
u32 spi
Definition: ipsec.h:122
ipsec_policy_t::lport
port_range_t lport
Definition: ipsec.h:219
ipsec_policy_t::sa_id
u32 sa_id
Definition: ipsec.h:224
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec.h:147
ipsec_main_t::spd_index_by_sw_if_index
uword * spd_index_by_sw_if_index
Definition: ipsec.h:372
ipsec_select_esp_backend
int ipsec_select_esp_backend(ipsec_main_t *im, u32 esp_backend_idx)
Definition: ipsec.c:693
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec.h:150
vlib_node_runtime_t
Definition: node.h:487
ipsec_esp_backend_t::esp6_encrypt_next_index
u32 esp6_encrypt_next_index
Definition: ipsec.h:298
ipsec_ah_backend_t::ah6_encrypt_node_index
u32 ah6_encrypt_node_index
Definition: ipsec.h:279
static_always_inline
#define static_always_inline
Definition: clib.h:99
ipsec_add_del_tunnel_args_t::remote_spi
u32 remote_spi
Definition: ipsec.h:173
esp4_encrypt_node
vlib_node_registration_t esp4_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp4_encrypt_node)
Definition: esp_encrypt.c:448
ipsec_add_del_tunnel_args_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec.h:182
port_range_t
Definition: ipsec.h:161
sw_if_index
u32 sw_if_index
Definition: vxlan_gbp.api:37
ipsec_main_t::ah_default_backend
u32 ah_default_backend
Definition: ipsec.h:406
ipsec_add_del_tunnel_args_t::local_spi
u32 local_spi
Definition: ipsec.h:172
esp4_decrypt_node
vlib_node_registration_t esp4_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp4_decrypt_node)
Definition: esp_decrypt.c:417
unformat_ipsec_integ_alg
uword unformat_ipsec_integ_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:108
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.c:30
ipsec_main_t::esp6_encrypt_node_index
u32 esp6_encrypt_node_index
Definition: ipsec.h:383
ipsec_main_t::esp4_decrypt_next_index
u32 esp4_decrypt_next_index
Definition: ipsec.h:389
ipsec_ah_backend_t::ah6_encrypt_next_index
u32 ah6_encrypt_next_index
Definition: ipsec.h:281
ipsec_proto_main_integ_alg_t
Definition: ipsec.h:309
ipsec_sa_t::use_esn
u8 use_esn
Definition: ipsec.h:133
ipsec_policy_action_t
ipsec_policy_action_t
Definition: ipsec.h:66
ipsec_add_del_ipsec_gre_tunnel
int ipsec_add_del_ipsec_gre_tunnel(vnet_main_t *vnm, ipsec_add_del_ipsec_gre_tunnel_args_t *args)
Definition: ipsec_if.c:416
ipsec_add_del_tunnel_args_t::remote_ip
ip4_address_t remote_ip
Definition: ipsec.h:171
ip4_ipsec_config_t
Definition: ipsec.h:245
foreach_ipsec_input_next
#define foreach_ipsec_input_next
Definition: ipsec.h:45
ipsec_esp_backend_t::check_support_cb
check_support_cb_t check_support_cb
Definition: ipsec.h:291
ipsec_main_t::spd_to_sort
ipsec_spd_t * spd_to_sort
Definition: ipsec.h:411
u32
unsigned int u32
Definition: types.h:88
add_del_sa_sess_cb_t
clib_error_t *(* add_del_sa_sess_cb_t)(u32 sa_index, u8 is_add)
Definition: ipsec.h:265
ipsec_esp_backend_t::esp6_decrypt_node_index
u32 esp6_decrypt_node_index
Definition: ipsec.h:297
VLIB_FRAME_SIZE
#define VLIB_FRAME_SIZE
Definition: node.h:401
format_ipsec_crypto_alg
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:58
ipsec_main_t
Definition: ipsec.h:349
ipsec_spd_t::policies
ipsec_policy_t * policies
Definition: ipsec.h:235
ipsec_main_t::ah4_decrypt_node_index
u32 ah4_decrypt_node_index
Definition: ipsec.h:382
ipsec_sa_t::udp_encap
u8 udp_encap
Definition: ipsec.h:138
ip4_address_t
Definition: ip4_packet.h:49
ipsec_proto_main_per_thread_data_t::hmac_ctx
HMAC_CTX * hmac_ctx
Definition: ipsec.h:331
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec.h:148
ipsec_main_t::error_drop_node_index
u32 error_drop_node_index
Definition: ipsec.h:378
ipsec_proto_main_t::per_thread_data
ipsec_proto_main_per_thread_data_t * per_thread_data
Definition: ipsec.h:344
ipsec_sa_t::tx_fib_index
u32 tx_fib_index
Definition: ipsec.h:142
ipsec_policy_t::protocol
u8 protocol
Definition: ipsec.h:218
ipsec_proto_main_crypto_alg_t
Definition: ipsec.h:302
ipsec_integ_alg_t
ipsec_integ_alg_t
Definition: ipsec.h:105
ipsec_sa_t::is_tunnel_ip6
u8 is_tunnel_ip6
Definition: ipsec.h:137
ipsec_main_t::esp4_encrypt_node_index
u32 esp4_encrypt_node_index
Definition: ipsec.h:379
ipsec_sa_t::salt
u32 salt
Definition: ipsec.h:143
ipsec_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ipsec.h:365
unformat_input_t
struct _unformat_input_t unformat_input_t
u16
unsigned short u16
Definition: types.h:57
ipsec_ah_backend_t::ah4_decrypt_next_index
u32 ah4_decrypt_next_index
Definition: ipsec.h:278
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec.h:149
unformat_ipsec_crypto_alg
uword unformat_ipsec_crypto_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:76
ipsec_add_del_tunnel_args_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec.h:175
ah6_decrypt_node
vlib_node_registration_t ah6_decrypt_node
(constructor) VLIB_REGISTER_NODE (ah6_decrypt_node)
Definition: ah_decrypt.c:343
ipsec_policy_t
Definition: ipsec.h:208
ipsec_add_del_ipsec_gre_tunnel_args_t::is_add
u8 is_add
Definition: ipsec.h:192
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:111
ipsec_protocol_t
ipsec_protocol_t
Definition: ipsec.h:113
always_inline
#define always_inline
Definition: ipsec.h:28
ah4_encrypt_node
vlib_node_registration_t ah4_encrypt_node
(constructor) VLIB_REGISTER_NODE (ah4_encrypt_node)
Definition: ah_encrypt.c:328
ipsec_proto_main_per_thread_data_t::last_encrypt_alg
ipsec_crypto_alg_t last_encrypt_alg
Definition: ipsec.h:335
ipsec_ah_backend_t::name
u8 * name
Definition: ipsec.h:270
ipsec_sa_t
Definition: ipsec.h:119
esp6_encrypt_node
vlib_node_registration_t esp6_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp6_encrypt_node)
Definition: esp_encrypt.c:474
ipsec_policy_t::laddr
ip46_address_range_t laddr
Definition: ipsec.h:216
vlib_node_runtime_t::node_index
u32 node_index
Node index.
Definition: node.h:518
ipsec_proto_main_crypto_alg_t::iv_size
u8 iv_size
Definition: ipsec.h:305
ipsec_add_del_tunnel_args_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec.h:180
foreach_ipsec_integ_alg
#define foreach_ipsec_integ_alg
Definition: ipsec.h:96
name
u8 name[64]
Definition: memclnt.api:152
ipsec_esp_backend_t::esp4_encrypt_node_index
u32 esp4_encrypt_node_index
Definition: ipsec.h:292
ipsec_main_t::spd_index_by_spd_id
uword * spd_index_by_spd_id
Definition: ipsec.h:371
ipsec_sa_t::tunnel_dst_addr
ip46_address_t tunnel_dst_addr
Definition: ipsec.h:140
ipsec_if_set_key_type_t
ipsec_if_set_key_type_t
Definition: ipsec.h:199
foreach_ipsec_crypto_alg
#define foreach_ipsec_crypto_alg
Definition: ipsec.h:74
ipsec_ah_backend_t::ah4_decrypt_node_index
u32 ah4_decrypt_node_index
Definition: ipsec.h:276
ipsec_add_del_tunnel_args_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:174
ipsec_main_t::ah6_encrypt_next_index
u32 ah6_encrypt_next_index
Definition: ipsec.h:394
ipsec_add_del_tunnel_args_t
Definition: ipsec.h:166
ipsec_add_del_tunnel_args_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec.h:177
foreach_ipsec_policy_action
#define foreach_ipsec_policy_action
Definition: ipsec.h:60
ipsec_main_t::ah_backends
ipsec_ah_backend_t * ah_backends
Definition: ipsec.h:398
ipsec_proto_main_per_thread_data_t::decrypt_ctx
EVP_CIPHER_CTX * decrypt_ctx
Definition: ipsec.h:325
ipsec_add_del_ipsec_gre_tunnel_args_t
Definition: ipsec.h:190
ipsec_policy_t::sa_index
u32 sa_index
Definition: ipsec.h:225
vnet_feature_next
static_always_inline void vnet_feature_next(u32 *next0, vlib_buffer_t *b0)
Definition: feature.h:295
ipsec_if_input_node
vlib_node_registration_t ipsec_if_input_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_input_node)
Definition: ipsec_if_in.c:224
ipsec_main_t::esp4_encrypt_next_index
u32 esp4_encrypt_next_index
Definition: ipsec.h:388
ipsec_add_del_ipsec_gre_tunnel_args_t::local_ip
ip4_address_t local_ip
Definition: ipsec.h:195
ah6_encrypt_node
vlib_node_registration_t ah6_encrypt_node
(constructor) VLIB_REGISTER_NODE (ah6_encrypt_node)
Definition: ah_encrypt.c:354
foreach_ipsec_output_next
#define foreach_ipsec_output_next
Definition: ipsec.h:30
ipsec_ah_backend_t::ah4_encrypt_next_index
u32 ah4_encrypt_next_index
Definition: ipsec.h:277
vlib_buffer_t
Definition: buffer.h:104
ipsec_main_t::sa_index_by_sa_id
uword * sa_index_by_sa_id
Definition: ipsec.h:373
ipsec_alloc_empty_buffers
static void ipsec_alloc_empty_buffers(vlib_main_t *vm, ipsec_main_t *im)
Definition: ipsec.h:469
ipsec_main_t::esp6_decrypt_next_index
u32 esp6_decrypt_next_index
Definition: ipsec.h:393
ipsec_esp_backend_t
Definition: ipsec.h:285
ipsec_add_del_sa_sess_cb
clib_error_t * ipsec_add_del_sa_sess_cb(ipsec_main_t *im, u32 sa_index, u8 is_add)
Definition: ipsec.c:557
ipsec_tunnel_if_t::output_sa_index
u32 output_sa_index
Definition: ipsec.h:260
get_next_output_feature_node_index
static_always_inline u32 get_next_output_feature_node_index(vlib_buffer_t *b, vlib_node_runtime_t *nr)
Definition: ipsec.h:490
ipsec_main_t::vlib_main
vlib_main_t * vlib_main
Definition: ipsec.h:364
ipsec_main_t::ipsec_if_real_dev_by_show_dev
uword * ipsec_if_real_dev_by_show_dev
Definition: ipsec.h:375
ipsec_esp_backend_t::name
u8 * name
Definition: ipsec.h:287
ipsec_register_ah_backend
u32 ipsec_register_ah_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *ah4_encrypt_node_name, const char *ah4_decrypt_node_name, const char *ah6_encrypt_node_name, const char *ah6_decrypt_node_name, check_support_cb_t ah_check_support_cb, add_del_sa_sess_cb_t ah_add_del_sa_sess_cb)
Definition: ipsec.c:616
ipsec_policy_t::rport
port_range_t rport
Definition: ipsec.h:220
ipsec_set_sa_key
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
Definition: ipsec.c:477
ipsec_policy_t::raddr
ip46_address_range_t raddr
Definition: ipsec.h:217
vnet_main_t
Definition: vnet.h:51
ipsec_main_t::esp6_encrypt_next_index
u32 esp6_encrypt_next_index
Definition: ipsec.h:392
check_support_cb_t
clib_error_t *(* check_support_cb_t)(ipsec_sa_t *sa)
Definition: ipsec.h:266
i32
signed int i32
Definition: types.h:77
ipsec_main_t::ah4_encrypt_node_index
u32 ah4_encrypt_node_index
Definition: ipsec.h:381
ip4_ipsec_config_t::spd_index
u32 spd_index
Definition: ipsec.h:247
format_ipsec_replay_window
u8 * format_ipsec_replay_window(u8 *s, va_list *args)
Definition: ipsec_format.c:122
ipsec_tunnel_if_t::hw_if_index
u32 hw_if_index
Definition: ipsec.h:261
ipsec_add_del_tunnel_args_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:179
ipsec_add_del_tunnel_args_t::esn
u8 esn
Definition: ipsec.h:169
ipsec_main_t::sad
ipsec_sa_t * sad
Definition: ipsec.h:353
ipsec_crypto_alg_t
ipsec_crypto_alg_t
Definition: ipsec.h:88
ipsec_sa_t::total_data_size
u64 total_data_size
Definition: ipsec.h:153
ipsec_main_t::esp4_decrypt_node_index
u32 esp4_decrypt_node_index
Definition: ipsec.h:380
ipsec_policy_t::is_ipv6
u8 is_ipv6
Definition: ipsec.h:215
ipsec_add_del_tunnel_args_t::tx_table_id
u32 tx_table_id
Definition: ipsec.h:187
ipsec_sa_t::integ_key_len
u8 integ_key_len
Definition: ipsec.h:130
ipsec_tunnel_if_t::show_instance
u32 show_instance
Definition: ipsec.h:262
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec.h:123
unformat_ipsec_policy_action
uword unformat_ipsec_policy_action(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:44
ipsec_esp_backend_t::add_del_sa_sess_cb
add_del_sa_sess_cb_t add_del_sa_sess_cb
Definition: ipsec.h:289
ipsec_main_t::ah6_decrypt_node_index
u32 ah6_decrypt_node_index
Definition: ipsec.h:386
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
ipsec_tunnel_if_t::input_sa_index
u32 input_sa_index
Definition: ipsec.h:259
ipsec_sa_t::seq
u32 seq
Definition: ipsec.h:146
ipsec_proto_main_t
Definition: ipsec.h:340
clib_error_t
Definition: clib_error.h:21
format_ipsec_integ_alg
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:90
ip6_ipsec_config_t
Definition: ipsec.h:250
ipsec_add_del_ipsec_gre_tunnel_args_t::remote_sa_id
u32 remote_sa_id
Definition: ipsec.h:194
ipsec_sa_t::crypto_key_len
u8 crypto_key_len
Definition: ipsec.h:126
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
ipsec_main_t::ah6_encrypt_node_index
u32 ah6_encrypt_node_index
Definition: ipsec.h:385
ipsec_input_next_t
ipsec_input_next_t
Definition: ipsec.h:53
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
Definition: ipsec.c:154
format_ipsec_policy_action
u8 * format_ipsec_policy_action(u8 *s, va_list *args)
Definition: ipsec_format.c:26
ipsec_add_del_tunnel_if_internal
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index)
Definition: ipsec_if.c:254
ipsec_main_t::ah6_decrypt_next_index
u32 ah6_decrypt_next_index
Definition: ipsec.h:395
ipsec_ah_backend_t::check_support_cb
check_support_cb_t check_support_cb
Definition: ipsec.h:274
ipsec_spd_t::ipv4_inbound_policy_discard_and_bypass_indices
u32 * ipv4_inbound_policy_discard_and_bypass_indices
Definition: ipsec.h:240
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:143
ipsec_policy_t::counter
vlib_counter_t counter
Definition: ipsec.h:228
ipsec_policy_t::is_outbound
u8 is_outbound
Definition: ipsec.h:212
ipsec_main_t::free_tunnel_if_indices
u32 * free_tunnel_if_indices
Definition: ipsec.h:357
ip46_address_range_t
Definition: ipsec.h:156
vlib_main_t
Definition: main.h:61
ipsec_spd_t::ipv6_inbound_policy_discard_and_bypass_indices
u32 * ipv6_inbound_policy_discard_and_bypass_indices
Definition: ipsec.h:242
uword
u64 uword
Definition: types.h:112
vlib_node_t
Definition: node.h:282
ipsec_proto_main_per_thread_data_t::last_integ_alg
ipsec_integ_alg_t last_integ_alg
Definition: ipsec.h:337
ipsec_spd_t::ipv6_outbound_policies
u32 * ipv6_outbound_policies
Definition: ipsec.h:238
ipsec_esp_backend_t::esp4_decrypt_next_index
u32 esp4_decrypt_next_index
Definition: ipsec.h:295
ipsec_policy_t::id
u32 id
Definition: ipsec.h:210
ipsec_spd_t::id
u32 id
Definition: ipsec.h:233
ah4_decrypt_node
vlib_node_registration_t ah4_decrypt_node
(constructor) VLIB_REGISTER_NODE (ah4_decrypt_node)
Definition: ah_decrypt.c:317
ipsec_add_del_ipsec_gre_tunnel_args_t::remote_ip
ip4_address_t remote_ip
Definition: ipsec.h:196
ipsec_add_del_tunnel_args_t::is_add
u8 is_add
Definition: ipsec.h:168
ipsec_proto_main
ipsec_proto_main_t ipsec_proto_main
Definition: esp_encrypt.c:26
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:125
ipsec_select_ah_backend
int ipsec_select_ah_backend(ipsec_main_t *im, u32 ah_backend_idx)
Definition: ipsec.c:672
ipsec_policy_t::policy
u8 policy
Definition: ipsec.h:223
ipsec_proto_main_integ_alg_t::md
const EVP_MD * md
Definition: ipsec.h:311
vlib_get_node
static vlib_node_t * vlib_get_node(vlib_main_t *vm, u32 i)
Get vlib node by index.
Definition: node_funcs.h:59
ipsec_register_esp_backend
u32 ipsec_register_esp_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *esp4_encrypt_node_name, const char *esp4_decrypt_node_name, const char *esp6_encrypt_node_name, const char *esp6_decrypt_node_name, check_support_cb_t esp_check_support_cb, add_del_sa_sess_cb_t esp_add_del_sa_sess_cb)
Definition: ipsec.c:644
ipsec_proto_main_per_thread_data_t
Definition: ipsec.h:315
ipsec_add_del_tunnel_if
int ipsec_add_del_tunnel_if(ipsec_add_del_tunnel_args_t *args)
Definition: ipsec_if.c:246
ipsec_ah_backend_t::add_del_sa_sess_cb
add_del_sa_sess_cb_t add_del_sa_sess_cb
Definition: ipsec.h:272
ipsec_main_t::esp_backends
ipsec_esp_backend_t * esp_backends
Definition: ipsec.h:400
ipsec_add_del_tunnel_args_t::anti_replay
u8 anti_replay
Definition: ipsec.h:170
vlib_buffer_alloc
static u32 vlib_buffer_alloc(vlib_main_t *vm, u32 *buffers, u32 n_buffers)
Allocate buffers into supplied array.
Definition: buffer_funcs.h:485
ipsec_add_del_sa
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
Definition: ipsec.c:432
ipsec_main_t::empty_buffers
u32 ** empty_buffers
Definition: ipsec.h:359
ipsec_sa_t::use_anti_replay
u8 use_anti_replay
Definition: ipsec.h:134
ipsec_proto_main_crypto_alg_t::block_size
u8 block_size
Definition: ipsec.h:306
ipsec_add_del_ipsec_gre_tunnel_args_t::local_sa_id
u32 local_sa_id
Definition: ipsec.h:193
ipsec_add_del_tunnel_args_t::show_instance
u32 show_instance
Definition: ipsec.h:185