33 if (sa->
integ_alg == IPSEC_INTEG_ALG_NONE)
91 const char *prev_node_name,
u32 * out_node_index,
99 *out_node_index = node->
index;
105 const char *node_name,
u32 * out_feature_index)
116 const char *ah4_encrypt_node_name,
117 const char *ah4_decrypt_node_name,
118 const char *ah6_encrypt_node_name,
119 const char *ah6_decrypt_node_name,
127 ipsec_add_node (vm, ah4_encrypt_node_name,
"ipsec4-output-feature",
129 ipsec_add_node (vm, ah4_decrypt_node_name,
"ipsec4-input-feature",
131 ipsec_add_node (vm, ah6_encrypt_node_name,
"ipsec6-output-feature",
133 ipsec_add_node (vm, ah6_decrypt_node_name,
"ipsec6-input-feature",
144 const char *esp4_encrypt_node_name,
145 const char *esp4_encrypt_node_tun_name,
146 const char *esp4_decrypt_node_name,
147 const char *esp6_encrypt_node_name,
148 const char *esp6_encrypt_node_tun_name,
149 const char *esp6_decrypt_node_name,
158 ipsec_add_node (vm, esp4_encrypt_node_name,
"ipsec4-output-feature",
160 ipsec_add_node (vm, esp4_decrypt_node_name,
"ipsec4-input-feature",
162 ipsec_add_node (vm, esp6_encrypt_node_name,
"ipsec6-output-feature",
164 ipsec_add_node (vm, esp6_decrypt_node_name,
"ipsec6-input-feature",
183 "%d SA entries configured",
188 "%d tunnel-interface entries configured",
198 return VNET_API_ERROR_RSRC_IN_USE;
201 return VNET_API_ERROR_INVALID_VALUE;
221 return VNET_API_ERROR_RSRC_IN_USE;
224 return VNET_API_ERROR_INVALID_VALUE;
297 a->
enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
298 a->
dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
302 a->
enc_op_id = VNET_CRYPTO_OP_3DES_CBC_ENC;
303 a->
dec_op_id = VNET_CRYPTO_OP_3DES_CBC_DEC;
306 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_128;
307 a->
enc_op_id = VNET_CRYPTO_OP_AES_128_CBC_ENC;
308 a->
dec_op_id = VNET_CRYPTO_OP_AES_128_CBC_DEC;
311 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_192;
312 a->
enc_op_id = VNET_CRYPTO_OP_AES_192_CBC_ENC;
313 a->
dec_op_id = VNET_CRYPTO_OP_AES_192_CBC_DEC;
316 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_256;
317 a->
enc_op_id = VNET_CRYPTO_OP_AES_256_CBC_ENC;
318 a->
dec_op_id = VNET_CRYPTO_OP_AES_256_CBC_DEC;
321 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_128;
322 a->
enc_op_id = VNET_CRYPTO_OP_AES_128_GCM_ENC;
323 a->
dec_op_id = VNET_CRYPTO_OP_AES_128_GCM_DEC;
327 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_192;
328 a->
enc_op_id = VNET_CRYPTO_OP_AES_192_GCM_ENC;
329 a->
dec_op_id = VNET_CRYPTO_OP_AES_192_GCM_DEC;
333 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_256;
334 a->
enc_op_id = VNET_CRYPTO_OP_AES_256_GCM_ENC;
335 a->
dec_op_id = VNET_CRYPTO_OP_AES_256_GCM_DEC;
343 i->
op_id = VNET_CRYPTO_OP_SHA1_HMAC;
346 i = &im->
integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
347 i->
op_id = VNET_CRYPTO_OP_SHA1_HMAC;
350 i = &im->
integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
351 i->
op_id = VNET_CRYPTO_OP_SHA256_HMAC;
354 i = &im->
integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
355 i->
op_id = VNET_CRYPTO_OP_SHA384_HMAC;
358 i = &im->
integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
359 i->
op_id = VNET_CRYPTO_OP_SHA512_HMAC;
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
u32 ipsec_register_ah_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *ah4_encrypt_node_name, const char *ah4_decrypt_node_name, const char *ah6_encrypt_node_name, const char *ah6_decrypt_node_name, check_support_cb_t ah_check_support_cb, add_del_sa_sess_cb_t ah_add_del_sa_sess_cb)
u32 esp4_encrypt_next_index
ipsec_main_crypto_alg_t * crypto_algs
ipsec_tunnel_if_t * tunnel_interfaces
ipsec_per_thread_data_t * ptd
u32 esp6_decrypt_node_index
u8 vnet_get_feature_arc_index(const char *s)
u32 ah4_decrypt_next_index
vnet_main_t * vnet_get_main(void)
static void ipsec_add_node(vlib_main_t *vm, const char *node_name, const char *prev_node_name, u32 *out_node_index, u32 *out_next_index)
u32 esp4_decrypt_node_index
ipsec_integ_alg_t integ_alg
u32 ah6_decrypt_next_index
u32 esp6_decrypt_next_index
u32 ah4_encrypt_next_index
u32 ah4_encrypt_node_index
u32 esp6_encrypt_node_index
int ipsec_select_ah_backend(ipsec_main_t *im, u32 backend_idx)
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
u32 ah6_decrypt_node_index
static uword vlib_node_add_next(vlib_main_t *vm, uword node, uword next_node)
uword * spd_index_by_sw_if_index
clib_error_t * ipsec_tunnel_if_init(vlib_main_t *vm)
u32 esp6_encrypt_next_index
static clib_error_t * ipsec_check_ah_support(ipsec_sa_t *sa)
u32 ah6_encrypt_node_index
#define VLIB_INIT_FUNCTION(x)
u32 esp6_encrypt_node_index
u32 esp4_decrypt_next_index
u32 ah6_encrypt_next_index
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
#define clib_error_return(e, args...)
check_support_cb_t check_support_cb
clib_error_t *(* add_del_sa_sess_cb_t)(u32 sa_index, u8 is_add)
u32 esp6_encrypt_tun_feature_index
#define vlib_call_init_function(vm, x)
u32 esp6_decrypt_node_index
u32 vnet_get_feature_index(u8 arc, const char *s)
u32 ah4_decrypt_node_index
u32 error_drop_node_index
u32 ipsec_register_esp_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *esp4_encrypt_node_name, const char *esp4_encrypt_node_tun_name, const char *esp4_decrypt_node_name, const char *esp6_encrypt_node_name, const char *esp6_encrypt_node_tun_name, const char *esp6_decrypt_node_name, check_support_cb_t esp_check_support_cb, add_del_sa_sess_cb_t esp_add_del_sa_sess_cb)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
u32 esp4_encrypt_node_index
clib_error_t * ipsec_check_support_cb(ipsec_main_t *im, ipsec_sa_t *sa)
vnet_crypto_op_id_t enc_op_id
u32 ah4_decrypt_next_index
clib_error_t * ipsec_rsc_in_use(ipsec_main_t *im)
u32 esp4_encrypt_node_index
uword * spd_index_by_spd_id
u32 ah4_decrypt_node_index
clib_error_t * ipsec_add_del_sa_sess_cb(ipsec_main_t *im, u32 sa_index, u8 is_add)
u32 ah6_encrypt_next_index
ipsec_ah_backend_t * ah_backends
u32 esp6_encrypt_tun_feature_index
clib_error_t * ipsec_cli_init(vlib_main_t *vm)
u32 esp4_encrypt_next_index
u32 esp4_encrypt_tun_feature_index
u32 ah4_encrypt_next_index
uword * sa_index_by_sa_id
u32 esp6_decrypt_next_index
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
static clib_error_t * ipsec_init(vlib_main_t *vm)
u32 esp6_encrypt_next_index
static clib_error_t * ipsec_check_esp_support(ipsec_sa_t *sa)
clib_error_t *(* check_support_cb_t)(ipsec_sa_t *sa)
#define hash_create(elts, value_bytes)
vnet_crypto_op_id_t op_id
u32 ah4_encrypt_node_index
ipsec_main_integ_alg_t * integ_algs
u32 esp4_decrypt_node_index
ipsec_protocol_t protocol
add_del_sa_sess_cb_t add_del_sa_sess_cb
vnet_crypto_op_id_t dec_op_id
u32 ah6_decrypt_node_index
u32 ah6_encrypt_node_index
u32 ah6_decrypt_next_index
check_support_cb_t check_support_cb
u32 esp4_decrypt_next_index
u32 esp4_encrypt_tun_feature_index
static u32 vlib_num_workers()
add_del_sa_sess_cb_t add_del_sa_sess_cb
ipsec_esp_backend_t * esp_backends
#define CLIB_CACHE_LINE_BYTES
static void ipsec_add_feature(const char *arc_name, const char *node_name, u32 *out_feature_index)
static uword pool_elts(void *v)
Number of active elements in a pool.