FD.io VPP  v19.08.3-2-gbabecb413
Vector Packet Processing
ipsec_api.c
Go to the documentation of this file.
1 /*
2  *------------------------------------------------------------------
3  * ipsec_api.c - ipsec api
4  *
5  * Copyright (c) 2016 Cisco and/or its affiliates.
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at:
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  *------------------------------------------------------------------
18  */
19 
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
22 
23 #include <vnet/interface.h>
24 #include <vnet/api_errno.h>
25 #include <vnet/ip/ip.h>
26 #include <vnet/ip/ip_types_api.h>
27 #include <vnet/fib/fib.h>
28 
29 #include <vnet/vnet_msg_enum.h>
30 
31 #if WITH_LIBSSL > 0
32 #include <vnet/ipsec/ipsec.h>
33 #include <vnet/ipsec/ipsec_tun.h>
34 #endif /* IPSEC */
35 
36 #define vl_typedefs /* define message structures */
37 #include <vnet/vnet_all_api_h.h>
38 #undef vl_typedefs
39 
40 #define vl_endianfun /* define message structures */
41 #include <vnet/vnet_all_api_h.h>
42 #undef vl_endianfun
43 
44 /* instantiate all the print functions we know about */
45 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
46 #define vl_printfun
47 #include <vnet/vnet_all_api_h.h>
48 #undef vl_printfun
49 
50 #include <vlibapi/api_helper_macros.h>
51 
52 #define foreach_vpe_api_msg \
53 _(IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \
54 _(IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \
55 _(IPSEC_SPD_ENTRY_ADD_DEL, ipsec_spd_entry_add_del) \
56 _(IPSEC_SAD_ENTRY_ADD_DEL, ipsec_sad_entry_add_del) \
57 _(IPSEC_SA_DUMP, ipsec_sa_dump) \
58 _(IPSEC_SPDS_DUMP, ipsec_spds_dump) \
59 _(IPSEC_SPD_DUMP, ipsec_spd_dump) \
60 _(IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump) \
61 _(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del) \
62 _(IPSEC_TUNNEL_IF_SET_SA, ipsec_tunnel_if_set_sa) \
63 _(IPSEC_SELECT_BACKEND, ipsec_select_backend) \
64 _(IPSEC_BACKEND_DUMP, ipsec_backend_dump) \
65 _(IPSEC_TUNNEL_PROTECT_UPDATE, ipsec_tunnel_protect_update) \
66 _(IPSEC_TUNNEL_PROTECT_DEL, ipsec_tunnel_protect_del) \
67 _(IPSEC_TUNNEL_PROTECT_DUMP, ipsec_tunnel_protect_dump)
68 
69 static void
70 vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp)
71 {
72 #if WITH_LIBSSL == 0
73  clib_warning ("unimplemented");
74 #else
75 
76  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
77  vl_api_ipsec_spd_add_del_reply_t *rmp;
78  int rv;
79 
80  rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
81 
82  REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
83 #endif
84 }
85 
86 static void vl_api_ipsec_interface_add_del_spd_t_handler
87  (vl_api_ipsec_interface_add_del_spd_t * mp)
88 {
89  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
90  vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
91  int rv;
92  u32 sw_if_index __attribute__ ((unused));
93  u32 spd_id __attribute__ ((unused));
94 
95  sw_if_index = ntohl (mp->sw_if_index);
96  spd_id = ntohl (mp->spd_id);
97 
98  VALIDATE_SW_IF_INDEX (mp);
99 
100 #if WITH_LIBSSL > 0
101  rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
102 #else
103  rv = VNET_API_ERROR_UNIMPLEMENTED;
104 #endif
105 
106  BAD_SW_IF_INDEX_LABEL;
107 
108  REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
109 }
110 
111 static void vl_api_ipsec_tunnel_protect_update_t_handler
112  (vl_api_ipsec_tunnel_protect_update_t * mp)
113 {
114  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
115  vl_api_ipsec_tunnel_protect_update_reply_t *rmp;
116  u32 sw_if_index, ii, *sa_ins = NULL;
117  int rv;
118 
119  sw_if_index = ntohl (mp->tunnel.sw_if_index);
120 
121  VALIDATE_SW_IF_INDEX (&(mp->tunnel));
122 
123 #if WITH_LIBSSL > 0
124 
125  for (ii = 0; ii < mp->tunnel.n_sa_in; ii++)
126  vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii]));
127 
128  rv = ipsec_tun_protect_update (sw_if_index,
129  ntohl (mp->tunnel.sa_out), sa_ins);
130 #else
131  rv = VNET_API_ERROR_UNIMPLEMENTED;
132 #endif
133 
134  BAD_SW_IF_INDEX_LABEL;
135 
136  REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_UPDATE_REPLY);
137 }
138 
139 static void vl_api_ipsec_tunnel_protect_del_t_handler
140  (vl_api_ipsec_tunnel_protect_del_t * mp)
141 {
142  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
143  vl_api_ipsec_tunnel_protect_del_reply_t *rmp;
144  int rv;
145  u32 sw_if_index;
146 
147  sw_if_index = ntohl (mp->sw_if_index);
148 
149  VALIDATE_SW_IF_INDEX (mp);
150 
151 #if WITH_LIBSSL > 0
152  rv = ipsec_tun_protect_del (sw_if_index);
153 #else
154  rv = VNET_API_ERROR_UNIMPLEMENTED;
155 #endif
156 
157  BAD_SW_IF_INDEX_LABEL;
158 
159  REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_DEL_REPLY);
160 }
161 
162 typedef struct ipsec_tunnel_protect_walk_ctx_t_
163 {
164  vl_api_registration_t *reg;
165  u32 context;
166 } ipsec_tunnel_protect_walk_ctx_t;
167 
168 static walk_rc_t
169 send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
170 {
171  ipsec_tunnel_protect_walk_ctx_t *ctx = arg;
172  vl_api_ipsec_tunnel_protect_details_t *mp;
173  ipsec_tun_protect_t *itp;
174  u32 ii = 0;
175  ipsec_sa_t *sa;
176 
177  itp = ipsec_tun_protect_get (itpi);
178 
179 
180  mp = vl_msg_api_alloc (sizeof (*mp) + (sizeof (u32) * itp->itp_n_sa_in));
181  clib_memset (mp, 0, sizeof (*mp));
182  mp->_vl_msg_id = ntohs (VL_API_IPSEC_TUNNEL_PROTECT_DETAILS);
183  mp->context = ctx->context;
184 
185  mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
186 
187  sa = ipsec_sa_get (itp->itp_out_sa);
188  mp->tun.sa_out = htonl (sa->id);
189  mp->tun.n_sa_in = itp->itp_n_sa_in;
190  /* *INDENT-OFF* */
191  FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
192  ({
193  mp->tun.sa_in[ii++] = htonl (sa->id);
194  }));
195  /* *INDENT-ON* */
196 
197  vl_api_send_msg (ctx->reg, (u8 *) mp);
198 
199  return (WALK_CONTINUE);
200 }
201 
202 static void
203 vl_api_ipsec_tunnel_protect_dump_t_handler (vl_api_ipsec_tunnel_protect_dump_t
204  * mp)
205 {
206  vl_api_registration_t *reg;
207  u32 sw_if_index;
208 
209 #if WITH_LIBSSL > 0
210  reg = vl_api_client_index_to_registration (mp->client_index);
211  if (!reg)
212  return;
213 
214  ipsec_tunnel_protect_walk_ctx_t ctx = {
215  .reg = reg,
216  .context = mp->context,
217  };
218 
219  sw_if_index = ntohl (mp->sw_if_index);
220 
221  if (~0 == sw_if_index)
222  {
223  ipsec_tun_protect_walk (send_ipsec_tunnel_protect_details, &ctx);
224  }
225  else
226  {
227  index_t itpi;
228 
229  itpi = ipsec_tun_protect_find (sw_if_index);
230 
231  if (INDEX_INVALID != itpi)
232  send_ipsec_tunnel_protect_details (itpi, &ctx);
233  }
234 #else
235  clib_warning ("unimplemented");
236 #endif
237 }
238 
239 static int
240 ipsec_spd_action_decode (vl_api_ipsec_spd_action_t in,
241  ipsec_policy_action_t * out)
242 {
243  in = clib_net_to_host_u32 (in);
244 
245  switch (in)
246  {
247 #define _(v,f,s) case IPSEC_API_SPD_ACTION_##f: \
248  *out = IPSEC_POLICY_ACTION_##f; \
249  return (0);
250  foreach_ipsec_policy_action
251 #undef _
252  }
253  return (VNET_API_ERROR_UNIMPLEMENTED);
254 }
255 
256 static void vl_api_ipsec_spd_entry_add_del_t_handler
257  (vl_api_ipsec_spd_entry_add_del_t * mp)
258 {
259  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
260  vl_api_ipsec_spd_entry_add_del_reply_t *rmp;
261  ip46_type_t itype;
262  u32 stat_index;
263  int rv;
264 
265  stat_index = ~0;
266 
267 #if WITH_LIBSSL > 0
268  ipsec_policy_t p;
269 
270  clib_memset (&p, 0, sizeof (p));
271 
272  p.id = ntohl (mp->entry.spd_id);
273  p.priority = ntohl (mp->entry.priority);
274 
275  itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start);
276  ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop);
277  ip_address_decode (&mp->entry.local_address_start, &p.laddr.start);
278  ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop);
279 
280  p.is_ipv6 = (itype == IP46_TYPE_IP6);
281 
282  p.protocol = mp->entry.protocol;
283  p.rport.start = ntohs (mp->entry.remote_port_start);
284  p.rport.stop = ntohs (mp->entry.remote_port_stop);
285  p.lport.start = ntohs (mp->entry.local_port_start);
286  p.lport.stop = ntohs (mp->entry.local_port_stop);
287 
288  rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
289 
290  if (rv)
291  goto out;
292 
293  /* policy action resolve unsupported */
294  if (p.policy == IPSEC_POLICY_ACTION_RESOLVE)
295  {
296  clib_warning ("unsupported action: 'resolve'");
297  rv = VNET_API_ERROR_UNIMPLEMENTED;
298  goto out;
299  }
300  p.sa_id = ntohl (mp->entry.sa_id);
301  rv =
302  ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy,
303  &p.type);
304  if (rv)
305  goto out;
306 
307  rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index);
308  if (rv)
309  goto out;
310 
311 #else
312  rv = VNET_API_ERROR_UNIMPLEMENTED;
313  goto out;
314 #endif
315 
316 out:
317  /* *INDENT-OFF* */
318  REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY,
319  ({
320  rmp->stat_index = ntohl(stat_index);
321  }));
322  /* *INDENT-ON* */
323 }
324 
325 static int
326 ipsec_proto_decode (vl_api_ipsec_proto_t in, ipsec_protocol_t * out)
327 {
328  in = clib_net_to_host_u32 (in);
329 
330  switch (in)
331  {
332  case IPSEC_API_PROTO_ESP:
333  *out = IPSEC_PROTOCOL_ESP;
334  return (0);
335  case IPSEC_API_PROTO_AH:
336  *out = IPSEC_PROTOCOL_AH;
337  return (0);
338  }
339  return (VNET_API_ERROR_INVALID_PROTOCOL);
340 }
341 
342 static vl_api_ipsec_proto_t
343 ipsec_proto_encode (ipsec_protocol_t p)
344 {
345  switch (p)
346  {
347  case IPSEC_PROTOCOL_ESP:
348  return clib_host_to_net_u32 (IPSEC_API_PROTO_ESP);
349  case IPSEC_PROTOCOL_AH:
350  return clib_host_to_net_u32 (IPSEC_API_PROTO_AH);
351  }
352  return (VNET_API_ERROR_UNIMPLEMENTED);
353 }
354 
355 static int
356 ipsec_crypto_algo_decode (vl_api_ipsec_crypto_alg_t in,
357  ipsec_crypto_alg_t * out)
358 {
359  in = clib_net_to_host_u32 (in);
360 
361  switch (in)
362  {
363 #define _(v,f,s) case IPSEC_API_CRYPTO_ALG_##f: \
364  *out = IPSEC_CRYPTO_ALG_##f; \
365  return (0);
366  foreach_ipsec_crypto_alg
367 #undef _
368  }
369  return (VNET_API_ERROR_INVALID_ALGORITHM);
370 }
371 
372 static vl_api_ipsec_crypto_alg_t
373 ipsec_crypto_algo_encode (ipsec_crypto_alg_t c)
374 {
375  switch (c)
376  {
377 #define _(v,f,s) case IPSEC_CRYPTO_ALG_##f: \
378  return clib_host_to_net_u32(IPSEC_API_CRYPTO_ALG_##f);
379  foreach_ipsec_crypto_alg
380 #undef _
381  case IPSEC_CRYPTO_N_ALG:
382  break;
383  }
384  ASSERT (0);
385  return (VNET_API_ERROR_UNIMPLEMENTED);
386 }
387 
388 
389 static int
390 ipsec_integ_algo_decode (vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t * out)
391 {
392  in = clib_net_to_host_u32 (in);
393 
394  switch (in)
395  {
396 #define _(v,f,s) case IPSEC_API_INTEG_ALG_##f: \
397  *out = IPSEC_INTEG_ALG_##f; \
398  return (0);
399  foreach_ipsec_integ_alg
400 #undef _
401  }
402  return (VNET_API_ERROR_INVALID_ALGORITHM);
403 }
404 
405 static vl_api_ipsec_integ_alg_t
406 ipsec_integ_algo_encode (ipsec_integ_alg_t i)
407 {
408  switch (i)
409  {
410 #define _(v,f,s) case IPSEC_INTEG_ALG_##f: \
411  return (clib_host_to_net_u32(IPSEC_API_INTEG_ALG_##f));
412  foreach_ipsec_integ_alg
413 #undef _
414  case IPSEC_INTEG_N_ALG:
415  break;
416  }
417  ASSERT (0);
418  return (VNET_API_ERROR_UNIMPLEMENTED);
419 }
420 
421 static void
422 ipsec_key_decode (const vl_api_key_t * key, ipsec_key_t * out)
423 {
424  ipsec_mk_key (out, key->data, key->length);
425 }
426 
427 static void
428 ipsec_key_encode (const ipsec_key_t * in, vl_api_key_t * out)
429 {
430  out->length = in->len;
431  clib_memcpy (out->data, in->data, out->length);
432 }
433 
434 static ipsec_sa_flags_t
435 ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in)
436 {
437  ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE;
438  in = clib_net_to_host_u32 (in);
439 
440  if (in & IPSEC_API_SAD_FLAG_USE_ESN)
441  flags |= IPSEC_SA_FLAG_USE_ESN;
442  if (in & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
443  flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
444  if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL)
445  flags |= IPSEC_SA_FLAG_IS_TUNNEL;
446  if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6)
447  flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6;
448  if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP)
449  flags |= IPSEC_SA_FLAG_UDP_ENCAP;
450  if (in & IPSEC_API_SAD_FLAG_IS_INBOUND)
451  flags |= IPSEC_SA_FLAG_IS_INBOUND;
452 
453  return (flags);
454 }
455 
456 static vl_api_ipsec_sad_flags_t
457 ipsec_sad_flags_encode (const ipsec_sa_t * sa)
458 {
459  vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
460 
461  if (ipsec_sa_is_set_USE_ESN (sa))
462  flags |= IPSEC_API_SAD_FLAG_USE_ESN;
463  if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
464  flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
465  if (ipsec_sa_is_set_IS_TUNNEL (sa))
466  flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
467  if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
468  flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
469  if (ipsec_sa_is_set_UDP_ENCAP (sa))
470  flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP;
471  if (ipsec_sa_is_set_IS_INBOUND (sa))
472  flags |= IPSEC_API_SAD_FLAG_IS_INBOUND;
473 
474  return clib_host_to_net_u32 (flags);
475 }
476 
477 static void vl_api_ipsec_sad_entry_add_del_t_handler
478  (vl_api_ipsec_sad_entry_add_del_t * mp)
479 {
480  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
481  vl_api_ipsec_sad_entry_add_del_reply_t *rmp;
482  ip46_address_t tun_src = { }, tun_dst =
483  {
484  };
485  ipsec_key_t crypto_key, integ_key;
486  ipsec_crypto_alg_t crypto_alg;
487  ipsec_integ_alg_t integ_alg;
488  ipsec_protocol_t proto;
489  ipsec_sa_flags_t flags;
490  u32 id, spi, sa_index = ~0;
491  int rv;
492 
493 #if WITH_LIBSSL > 0
494 
495  id = ntohl (mp->entry.sad_id);
496  spi = ntohl (mp->entry.spi);
497 
498  rv = ipsec_proto_decode (mp->entry.protocol, &proto);
499 
500  if (rv)
501  goto out;
502 
503  rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
504 
505  if (rv)
506  goto out;
507 
508  rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
509 
510  if (rv)
511  goto out;
512 
513  ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
514  ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
515 
516  flags = ipsec_sa_flags_decode (mp->entry.flags);
517 
518  ip_address_decode (&mp->entry.tunnel_src, &tun_src);
519  ip_address_decode (&mp->entry.tunnel_dst, &tun_dst);
520 
521  if (mp->is_add)
522  rv = ipsec_sa_add_and_lock (id, spi, proto,
523  crypto_alg, &crypto_key,
524  integ_alg, &integ_key, flags,
525  0, mp->entry.salt, &tun_src, &tun_dst,
526  &sa_index);
527  else
528  rv = ipsec_sa_unlock_id (id);
529 
530 #else
531  rv = VNET_API_ERROR_UNIMPLEMENTED;
532 #endif
533 
534 out:
535  /* *INDENT-OFF* */
536  REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY,
537  {
538  rmp->stat_index = htonl (sa_index);
539  });
540  /* *INDENT-ON* */
541 }
542 
543 static void
544 send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg,
545  u32 context)
546 {
547  vl_api_ipsec_spds_details_t *mp;
548  u32 n_policies = 0;
549 
550  mp = vl_msg_api_alloc (sizeof (*mp));
551  clib_memset (mp, 0, sizeof (*mp));
552  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPDS_DETAILS);
553  mp->context = context;
554 
555  mp->spd_id = htonl (spd->id);
556 #define _(s, n) n_policies += vec_len (spd->policies[IPSEC_SPD_POLICY_##s]);
557  foreach_ipsec_spd_policy_type
558 #undef _
559  mp->npolicies = htonl (n_policies);
560 
561  vl_api_send_msg (reg, (u8 *) mp);
562 }
563 
564 static void
565 vl_api_ipsec_spds_dump_t_handler (vl_api_ipsec_spds_dump_t * mp)
566 {
567  vl_api_registration_t *reg;
568  ipsec_main_t *im = &ipsec_main;
569  ipsec_spd_t *spd;
570 #if WITH_LIBSSL > 0
571  reg = vl_api_client_index_to_registration (mp->client_index);
572  if (!reg)
573  return;
574 
575  /* *INDENT-OFF* */
576  pool_foreach (spd, im->spds, ({
577  send_ipsec_spds_details (spd, reg, mp->context);
578  }));
579  /* *INDENT-ON* */
580 #else
581  clib_warning ("unimplemented");
582 #endif
583 }
584 
585 vl_api_ipsec_spd_action_t
586 ipsec_spd_action_encode (ipsec_policy_action_t in)
587 {
588  vl_api_ipsec_spd_action_t out = IPSEC_API_SPD_ACTION_BYPASS;
589 
590  switch (in)
591  {
592 #define _(v,f,s) case IPSEC_POLICY_ACTION_##f: \
593  out = IPSEC_API_SPD_ACTION_##f; \
594  break;
595  foreach_ipsec_policy_action
596 #undef _
597  }
598  return (clib_host_to_net_u32 (out));
599 }
600 
601 static void
602 send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg,
603  u32 context)
604 {
605  vl_api_ipsec_spd_details_t *mp;
606 
607  mp = vl_msg_api_alloc (sizeof (*mp));
608  clib_memset (mp, 0, sizeof (*mp));
609  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
610  mp->context = context;
611 
612  mp->entry.spd_id = htonl (p->id);
613  mp->entry.priority = htonl (p->priority);
614  mp->entry.is_outbound = ((p->type == IPSEC_SPD_POLICY_IP6_OUTBOUND) ||
615  (p->type == IPSEC_SPD_POLICY_IP4_OUTBOUND));
616 
617  ip_address_encode (&p->laddr.start, IP46_TYPE_ANY,
618  &mp->entry.local_address_start);
619  ip_address_encode (&p->laddr.stop, IP46_TYPE_ANY,
620  &mp->entry.local_address_stop);
621  ip_address_encode (&p->raddr.start, IP46_TYPE_ANY,
622  &mp->entry.remote_address_start);
623  ip_address_encode (&p->raddr.stop, IP46_TYPE_ANY,
624  &mp->entry.remote_address_stop);
625  mp->entry.local_port_start = htons (p->lport.start);
626  mp->entry.local_port_stop = htons (p->lport.stop);
627  mp->entry.remote_port_start = htons (p->rport.start);
628  mp->entry.remote_port_stop = htons (p->rport.stop);
629  mp->entry.protocol = p->protocol;
630  mp->entry.policy = ipsec_spd_action_encode (p->policy);
631  mp->entry.sa_id = htonl (p->sa_id);
632 
633  vl_api_send_msg (reg, (u8 *) mp);
634 }
635 
636 static void
637 vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp)
638 {
639  vl_api_registration_t *reg;
640  ipsec_main_t *im = &ipsec_main;
641  ipsec_spd_policy_type_t ptype;
642  ipsec_policy_t *policy;
643  ipsec_spd_t *spd;
644  uword *p;
645  u32 spd_index, *ii;
646 #if WITH_LIBSSL > 0
647  reg = vl_api_client_index_to_registration (mp->client_index);
648  if (!reg)
649  return;
650 
651  p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id));
652  if (!p)
653  return;
654 
655  spd_index = p[0];
656  spd = pool_elt_at_index (im->spds, spd_index);
657 
658  /* *INDENT-OFF* */
659  FOR_EACH_IPSEC_SPD_POLICY_TYPE(ptype) {
660  vec_foreach(ii, spd->policies[ptype])
661  {
662  policy = pool_elt_at_index(im->policies, *ii);
663 
664  if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
665  send_ipsec_spd_details (policy, reg, mp->context);
666  }
667  }
668  /* *INDENT-ON* */
669 #else
670  clib_warning ("unimplemented");
671 #endif
672 }
673 
674 static void
675 send_ipsec_spd_interface_details (vl_api_registration_t * reg, u32 spd_index,
676  u32 sw_if_index, u32 context)
677 {
678  vl_api_ipsec_spd_interface_details_t *mp;
679 
680  mp = vl_msg_api_alloc (sizeof (*mp));
681  clib_memset (mp, 0, sizeof (*mp));
682  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_INTERFACE_DETAILS);
683  mp->context = context;
684 
685  mp->spd_index = htonl (spd_index);
686  mp->sw_if_index = htonl (sw_if_index);
687 
688  vl_api_send_msg (reg, (u8 *) mp);
689 }
690 
691 static void
692 vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t *
693  mp)
694 {
695  ipsec_main_t *im = &ipsec_main;
696  vl_api_registration_t *reg;
697  u32 k, v, spd_index;
698 
699 #if WITH_LIBSSL > 0
700  reg = vl_api_client_index_to_registration (mp->client_index);
701  if (!reg)
702  return;
703 
704  if (mp->spd_index_valid)
705  {
706  spd_index = ntohl (mp->spd_index);
707  /* *INDENT-OFF* */
708  hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
709  if (v == spd_index)
710  send_ipsec_spd_interface_details(reg, v, k, mp->context);
711  }));
712  /* *INDENT-ON* */
713  }
714  else
715  {
716  /* *INDENT-OFF* */
717  hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
718  send_ipsec_spd_interface_details(reg, v, k, mp->context);
719  }));
720  /* *INDENT-ON* */
721  }
722 
723 #else
724  clib_warning ("unimplemented");
725 #endif
726 }
727 
728 static void
729 vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
730  mp)
731 {
732  vl_api_ipsec_tunnel_if_add_del_reply_t *rmp;
733  ipsec_main_t *im = &ipsec_main;
734  vnet_main_t *vnm = im->vnet_main;
735  u32 sw_if_index = ~0;
736  ip46_type_t itype;
737  int rv;
738 
739 #if WITH_LIBSSL > 0
740  ipsec_add_del_tunnel_args_t tun;
741 
742  clib_memset (&tun, 0, sizeof (ipsec_add_del_tunnel_args_t));
743 
744  tun.is_add = mp->is_add;
745  tun.esn = mp->esn;
746  tun.anti_replay = mp->anti_replay;
747  tun.local_spi = ntohl (mp->local_spi);
748  tun.remote_spi = ntohl (mp->remote_spi);
749  tun.crypto_alg = mp->crypto_alg;
750  tun.local_crypto_key_len = mp->local_crypto_key_len;
751  tun.remote_crypto_key_len = mp->remote_crypto_key_len;
752  tun.integ_alg = mp->integ_alg;
753  tun.local_integ_key_len = mp->local_integ_key_len;
754  tun.remote_integ_key_len = mp->remote_integ_key_len;
755  tun.udp_encap = mp->udp_encap;
756  tun.tx_table_id = ntohl (mp->tx_table_id);
757  tun.salt = mp->salt;
758  itype = ip_address_decode (&mp->local_ip, &tun.local_ip);
759  itype = ip_address_decode (&mp->remote_ip, &tun.remote_ip);
760  tun.is_ip6 = (IP46_TYPE_IP6 == itype);
761  memcpy (&tun.local_crypto_key, &mp->local_crypto_key,
762  mp->local_crypto_key_len);
763  memcpy (&tun.remote_crypto_key, &mp->remote_crypto_key,
764  mp->remote_crypto_key_len);
765  memcpy (&tun.local_integ_key, &mp->local_integ_key,
766  mp->local_integ_key_len);
767  memcpy (&tun.remote_integ_key, &mp->remote_integ_key,
768  mp->remote_integ_key_len);
769  tun.renumber = mp->renumber;
770  tun.show_instance = ntohl (mp->show_instance);
771 
772  rv = ipsec_add_del_tunnel_if_internal (vnm, &tun, &sw_if_index);
773 
774 #else
775  rv = VNET_API_ERROR_UNIMPLEMENTED;
776 #endif
777 
778  /* *INDENT-OFF* */
779  REPLY_MACRO2 (VL_API_IPSEC_TUNNEL_IF_ADD_DEL_REPLY,
780  ({
781  rmp->sw_if_index = htonl (sw_if_index);
782  }));
783  /* *INDENT-ON* */
784 }
785 
786 static void
787 send_ipsec_sa_details (ipsec_sa_t * sa, vl_api_registration_t * reg,
788  u32 context, u32 sw_if_index)
789 {
790  vl_api_ipsec_sa_details_t *mp;
791 
792  mp = vl_msg_api_alloc (sizeof (*mp));
793  clib_memset (mp, 0, sizeof (*mp));
794  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS);
795  mp->context = context;
796 
797  mp->entry.sad_id = htonl (sa->id);
798  mp->entry.spi = htonl (sa->spi);
799  mp->entry.protocol = ipsec_proto_encode (sa->protocol);
800  mp->entry.tx_table_id =
801  htonl (fib_table_get_table_id (sa->tx_fib_index, FIB_PROTOCOL_IP4));
802 
803  mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
804  ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
805 
806  mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
807  ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
808 
809  mp->entry.flags = ipsec_sad_flags_encode (sa);
810 
811  if (ipsec_sa_is_set_IS_TUNNEL (sa))
812  {
813  ip_address_encode (&sa->tunnel_src_addr, IP46_TYPE_ANY,
814  &mp->entry.tunnel_src);
815  ip_address_encode (&sa->tunnel_dst_addr, IP46_TYPE_ANY,
816  &mp->entry.tunnel_dst);
817  }
818 
819  mp->sw_if_index = htonl (sw_if_index);
820  mp->salt = clib_host_to_net_u32 (sa->salt);
821  mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
822  mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
823  if (ipsec_sa_is_set_USE_ESN (sa))
824  {
825  mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
826  mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
827  }
828  if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
829  mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
830 
831  vl_api_send_msg (reg, (u8 *) mp);
832 }
833 
834 
835 static void
836 vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp)
837 {
838  vl_api_registration_t *reg;
839  ipsec_main_t *im = &ipsec_main;
840  vnet_main_t *vnm = im->vnet_main;
841  ipsec_sa_t *sa;
842  ipsec_tunnel_if_t *t;
843  u32 *sa_index_to_tun_if_index = 0;
844 
845 #if WITH_LIBSSL > 0
846  reg = vl_api_client_index_to_registration (mp->client_index);
847  if (!reg || pool_elts (im->sad) == 0)
848  return;
849 
850  vec_validate_init_empty (sa_index_to_tun_if_index, vec_len (im->sad) - 1,
851  ~0);
852 
853  /* *INDENT-OFF* */
854  pool_foreach (t, im->tunnel_interfaces,
855  ({
856  vnet_hw_interface_t *hi;
857  u32 sw_if_index = ~0;
858 
859  hi = vnet_get_hw_interface (vnm, t->hw_if_index);
860  sw_if_index = hi->sw_if_index;
861  sa_index_to_tun_if_index[t->input_sa_index] = sw_if_index;
862  sa_index_to_tun_if_index[t->output_sa_index] = sw_if_index;
863  }));
864 
865  pool_foreach (sa, im->sad,
866  ({
867  if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == sa->id)
868  send_ipsec_sa_details (sa, reg, mp->context,
869  sa_index_to_tun_if_index[sa - im->sad]);
870  }));
871  /* *INDENT-ON* */
872 
873  vec_free (sa_index_to_tun_if_index);
874 #else
875  clib_warning ("unimplemented");
876 #endif
877 }
878 
879 static void
880 vl_api_ipsec_tunnel_if_set_sa_t_handler (vl_api_ipsec_tunnel_if_set_sa_t * mp)
881 {
882  vl_api_ipsec_tunnel_if_set_sa_reply_t *rmp;
883  ipsec_main_t *im = &ipsec_main;
884  vnet_main_t *vnm = im->vnet_main;
885  vnet_sw_interface_t *sw;
886  int rv;
887 
888 #if WITH_LIBSSL > 0
889  sw = vnet_get_sw_interface (vnm, ntohl (mp->sw_if_index));
890 
891  rv = ipsec_set_interface_sa (vnm, sw->hw_if_index, ntohl (mp->sa_id),
892  mp->is_outbound);
893 #else
894  clib_warning ("unimplemented");
895 #endif
896 
897  REPLY_MACRO (VL_API_IPSEC_TUNNEL_IF_SET_SA_REPLY);
898 }
899 
900 static void
901 vl_api_ipsec_backend_dump_t_handler (vl_api_ipsec_backend_dump_t * mp)
902 {
903  vl_api_registration_t *rp;
904  ipsec_main_t *im = &ipsec_main;
905  u32 context = mp->context;
906 
907  rp = vl_api_client_index_to_registration (mp->client_index);
908 
909  if (rp == 0)
910  {
911  clib_warning ("Client %d AWOL", mp->client_index);
912  return;
913  }
914 
915  ipsec_ah_backend_t *ab;
916  ipsec_esp_backend_t *eb;
917  /* *INDENT-OFF* */
918  pool_foreach (ab, im->ah_backends, {
919  vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
920  clib_memset (mp, 0, sizeof (*mp));
921  mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS);
922  mp->context = context;
923  snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (ab->name),
924  ab->name);
925  mp->protocol = ntohl (IPSEC_API_PROTO_AH);
926  mp->index = ab - im->ah_backends;
927  mp->active = mp->index == im->ah_current_backend ? 1 : 0;
928  vl_api_send_msg (rp, (u8 *)mp);
929  });
930  pool_foreach (eb, im->esp_backends, {
931  vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
932  clib_memset (mp, 0, sizeof (*mp));
933  mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS);
934  mp->context = context;
935  snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (eb->name),
936  eb->name);
937  mp->protocol = ntohl (IPSEC_API_PROTO_ESP);
938  mp->index = eb - im->esp_backends;
939  mp->active = mp->index == im->esp_current_backend ? 1 : 0;
940  vl_api_send_msg (rp, (u8 *)mp);
941  });
942  /* *INDENT-ON* */
943 }
944 
945 static void
946 vl_api_ipsec_select_backend_t_handler (vl_api_ipsec_select_backend_t * mp)
947 {
948  ipsec_main_t *im = &ipsec_main;
949  vl_api_ipsec_select_backend_reply_t *rmp;
950  ipsec_protocol_t protocol;
951  int rv = 0;
952  if (pool_elts (im->sad) > 0)
953  {
954  rv = VNET_API_ERROR_INSTANCE_IN_USE;
955  goto done;
956  }
957 
958  rv = ipsec_proto_decode (mp->protocol, &protocol);
959 
960  if (rv)
961  goto done;
962 
963 #if WITH_LIBSSL > 0
964  switch (protocol)
965  {
966  case IPSEC_PROTOCOL_ESP:
967  rv = ipsec_select_esp_backend (im, mp->index);
968  break;
969  case IPSEC_PROTOCOL_AH:
970  rv = ipsec_select_ah_backend (im, mp->index);
971  break;
972  default:
973  rv = VNET_API_ERROR_INVALID_PROTOCOL;
974  break;
975  }
976 #else
977  clib_warning ("unimplemented"); /* FIXME */
978 #endif
979 done:
980  REPLY_MACRO (VL_API_IPSEC_SELECT_BACKEND_REPLY);
981 }
982 
983 /*
984  * ipsec_api_hookup
985  * Add vpe's API message handlers to the table.
986  * vlib has already mapped shared memory and
987  * added the client registration handlers.
988  * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process()
989  */
990 #define vl_msg_name_crc_list
991 #include <vnet/vnet_all_api_h.h>
992 #undef vl_msg_name_crc_list
993 
994 static void
995 setup_message_id_table (api_main_t * am)
996 {
997 #define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id);
998  foreach_vl_msg_name_crc_ipsec;
999 #undef _
1000 }
1001 
1002 static clib_error_t *
1003 ipsec_api_hookup (vlib_main_t * vm)
1004 {
1005  api_main_t *am = &api_main;
1006 
1007 #define _(N,n) \
1008  vl_msg_api_set_handlers(VL_API_##N, #n, \
1009  vl_api_##n##_t_handler, \
1010  vl_noop_handler, \
1011  vl_api_##n##_t_endian, \
1012  vl_api_##n##_t_print, \
1013  sizeof(vl_api_##n##_t), 1);
1014  foreach_vpe_api_msg;
1015 #undef _
1016 
1017  /*
1018  * Set up the (msg_name, crc, message-id) table
1019  */
1020  setup_message_id_table (am);
1021 
1022  return 0;
1023 }
1024 
1025 VLIB_API_INIT_FUNCTION (ipsec_api_hookup);
1026 
1027 /*
1028  * fd.io coding-style-patch-verification: ON
1029  *
1030  * Local Variables:
1031  * eval: (c-set-style "gnu")
1032  * End:
1033  */
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec_spd_policy.h:37
ipsec_main_t::spds
ipsec_spd_t * spds
Definition: ipsec.h:95
vl_api_ipsec_spd_entry_add_del_t
IPsec: Add/delete Security Policy Database entry.
Definition: ipsec.api:118
flags
u32 flags
Definition: vhost_user.h:141
ipsec_spd_action_encode
vl_api_ipsec_spd_action_t ipsec_spd_action_encode(ipsec_policy_action_t in)
Definition: ipsec_api.c:586
ipsec_main_t::tunnel_interfaces
ipsec_tunnel_if_t * tunnel_interfaces
Definition: ipsec.h:102
port_range_t::stop
u16 stop
Definition: ipsec_spd_policy.h:42
vl_api_ipsec_sa_dump_t::client_index
u32 client_index
Definition: ipsec.api:482
ipsec_sa_t::tunnel_src_addr
ip46_address_t tunnel_src_addr
Definition: ipsec_sa.h:154
IP46_TYPE_IP6
Definition: ip6_packet.h:74
ipsec_policy_t_::sa_id
u32 sa_id
Definition: ipsec_spd_policy.h:72
ipsec_spd_policy_type_t
enum ipsec_spd_policy_t_ ipsec_spd_policy_type_t
vl_api_ipsec_tunnel_if_add_del_t::crypto_alg
u8 crypto_alg
Definition: ipsec.api:448
ipsec_sa_t::id
u32 id
Definition: ipsec_sa.h:142
IP46_TYPE_ANY
Definition: ip6_packet.h:72
vl_api_ipsec_spd_interface_details_t
IPsec: SPD interface response.
Definition: ipsec.api:405
ipsec_add_del_tunnel_args_t::local_ip
ip46_address_t local_ip
Definition: ipsec_if.h:38
vl_api_ipsec_tunnel_if_add_del_t::anti_replay
u8 anti_replay
Definition: ipsec.api:443
vl_api_ipsec_backend_dump_t
Dump IPsec backends.
Definition: ipsec.api:546
vl_api_ipsec_backend_dump_t::client_index
u32 client_index
Definition: ipsec.api:547
ip_types_api.h
ipsec_integ_alg_t
ipsec_integ_alg_t
Definition: ipsec_sa.h:58
VLIB_API_INIT_FUNCTION
VLIB_API_INIT_FUNCTION(ipsec_api_hookup)
vl_api_ipsec_sa_details_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:518
ipsec_crypto_algo_encode
static vl_api_ipsec_crypto_alg_t ipsec_crypto_algo_encode(ipsec_crypto_alg_t c)
Definition: ipsec_api.c:373
ipsec_ah_backend_t
Definition: ipsec.h:33
u64
unsigned long u64
Definition: types.h:89
ipsec_policy_t_::laddr
ip46_address_range_t laddr
Definition: ipsec_spd_policy.h:64
ipsec_policy_t_::id
u32 id
Definition: ipsec_spd_policy.h:56
REPLY_MACRO2
#define REPLY_MACRO2(t, body)
Definition: api_helper_macros.h:46
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
ipsec_add_del_tunnel_args_t::renumber
u8 renumber
Definition: ipsec_if.h:51
foreach_ipsec_crypto_alg
#define foreach_ipsec_crypto_alg
Definition: ipsec_sa.h:22
FOR_EACH_IPSEC_SPD_POLICY_TYPE
#define FOR_EACH_IPSEC_SPD_POLICY_TYPE(_t)
Definition: ipsec_spd.h:36
vl_api_ipsec_tunnel_protect_dump_t::context
u32 context
Definition: ipsec.api:376
ipsec_set_interface_sa
int ipsec_set_interface_sa(vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
Definition: ipsec_if.c:454
ipsec_policy_mk_type
int ipsec_policy_mk_type(bool is_outbound, bool is_ipv6, ipsec_policy_action_t action, ipsec_spd_policy_type_t *type)
Definition: ipsec_spd_policy.c:100
WALK_CONTINUE
Definition: interface_funcs.h:174
vl_api_send_msg
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
Definition: api.h:35
ipsec_sa_t::crypto_key
ipsec_key_t crypto_key
Definition: ipsec_sa.h:147
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec_sa.h:150
vl_api_ipsec_backend_dump_t::context
u32 context
Definition: ipsec.api:548
vl_api_ipsec_tunnel_if_add_del_t::integ_alg
u8 integ_alg
Definition: ipsec.api:453
index_t
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:41
vec_add1
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:522
ipsec_add_del_tunnel_args_t::remote_integ_key
u8 remote_integ_key[128]
Definition: ipsec_if.h:50
ipsec_protocol_t
ipsec_protocol_t
Definition: ipsec_sa.h:66
vl_api_ipsec_spd_interface_details_t::context
u32 context
Definition: ipsec.api:406
ipsec_add_del_tunnel_args_t::remote_crypto_key
u8 remote_crypto_key[128]
Definition: ipsec_if.h:45
vl_api_ipsec_tunnel_if_add_del_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec.api:451
setup_message_id_table
static void setup_message_id_table(api_main_t *am)
Definition: ipsec_api.c:995
vl_api_ipsec_spd_interface_dump_t::spd_index
u32 spd_index
Definition: ipsec.api:396
vl_api_ipsec_spd_dump_t::spd_id
u32 spd_id
Definition: ipsec.api:168
i
int i
Definition: flowhash_template.h:376
IPSEC_PROTOCOL_ESP
Definition: ipsec_sa.h:69
foreach_ipsec_integ_alg
#define foreach_ipsec_integ_alg
Definition: ipsec_sa.h:49
policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:96
vl_api_ipsec_spd_add_del_t::is_add
u8 is_add
Definition: ipsec.api:33
vl_api_ipsec_sa_dump_t_handler
static void vl_api_ipsec_sa_dump_t_handler(vl_api_ipsec_sa_dump_t *mp)
Definition: ipsec_api.c:836
vnet_get_sw_interface
static vnet_sw_interface_t * vnet_get_sw_interface(vnet_main_t *vnm, u32 sw_if_index)
Definition: interface_funcs.h:58
ipsec_add_del_tunnel_args_t::udp_encap
u8 udp_encap
Definition: ipsec_if.h:53
vnet_sw_interface_t
Definition: interface.h:699
ipsec_select_ah_backend
int ipsec_select_ah_backend(ipsec_main_t *im, u32 backend_idx)
Definition: ipsec.c:218
FOR_EACH_IPSEC_PROTECT_INPUT_SA
#define FOR_EACH_IPSEC_PROTECT_INPUT_SA(_itp, _sa, body)
Definition: ipsec_tun.h:60
IPSEC_INTEG_N_ALG
Definition: ipsec_sa.h:63
ipsec_spd_t
A Secruity Policy Database.
Definition: ipsec_spd.h:44
ipsec_sa_flags_decode
static ipsec_sa_flags_t ipsec_sa_flags_decode(vl_api_ipsec_sad_flags_t in)
Definition: ipsec_api.c:435
ipsec_tunnel_if_t
Definition: ipsec_if.h:20
vnet_msg_enum.h
ipsec_tunnel_protect_walk_ctx_t_
Definition: ipsec_api.c:162
vl_msg_api_alloc
void * vl_msg_api_alloc(int nbytes)
Definition: memory_shared.c:199
ipsec_tun_protect_walk
void ipsec_tun_protect_walk(ipsec_tun_protect_walk_cb_t fn, void *ctx)
Definition: ipsec_tun.c:370
ipsec_mk_key
void ipsec_mk_key(ipsec_key_t *key, const u8 *data, u8 len)
Definition: ipsec_sa.c:56
ipsec_key_t_::len
u8 len
Definition: ipsec_sa.h:75
vl_api_ipsec_spd_entry_add_del_t::is_add
u8 is_add
Definition: ipsec.api:122
vl_api_ipsec_tunnel_if_add_del_t::remote_spi
u32 remote_spi
Definition: ipsec.api:447
ipsec_tun_protect_t_::itp_n_sa_in
u32 itp_n_sa_in
Definition: ipsec_tun.h:39
vl_api_ipsec_tunnel_if_add_del_reply_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:473
u8
unsigned char u8
Definition: types.h:56
foreach_vpe_api_msg
#define foreach_vpe_api_msg
Definition: ipsec_api.c:52
vl_api_ipsec_tunnel_protect_dump_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:377
vl_api_ipsec_tunnel_if_add_del_t::remote_ip
vl_api_address_t remote_ip
Definition: ipsec.api:445
ipsec_sa_t::spi
u32 spi
Definition: ipsec_sa.h:117
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec_sa.h:119
ipsec_main_t::spd_index_by_sw_if_index
uword * spd_index_by_sw_if_index
Definition: ipsec.h:112
vl_api_ipsec_interface_add_del_spd_t_handler
static void vl_api_ipsec_interface_add_del_spd_t_handler(vl_api_ipsec_interface_add_del_spd_t *mp)
Definition: ipsec_api.c:87
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:180
walk_rc_t
enum walk_rc_t_ walk_rc_t
Walk return code.
vl_api_ipsec_tunnel_protect_del_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:370
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec_sa.h:122
crypto_key
vl_api_key_t crypto_key
Definition: ipsec.api:279
ipsec_policy_t_::protocol
u8 protocol
Definition: ipsec_spd_policy.h:66
ipsec_add_del_tunnel_args_t::remote_spi
u32 remote_spi
Definition: ipsec_if.h:40
vl_api_ipsec_select_backend_t
Select IPsec backend.
Definition: ipsec.api:571
pool_foreach
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
Definition: pool.h:493
vl_api_ipsec_tunnel_if_add_del_t::is_add
u8 is_add
Definition: ipsec.api:441
ipsec_add_del_tunnel_args_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec_if.h:49
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: gre.api:50
ipsec_proto_decode
static int ipsec_proto_decode(vl_api_ipsec_proto_t in, ipsec_protocol_t *out)
Definition: ipsec_api.c:326
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.c:28
ipsec_add_del_tunnel_args_t::local_spi
u32 local_spi
Definition: ipsec_if.h:39
vl_api_ipsec_sad_entry_add_del_reply_t
Definition: ipsec.api:304
vl_api_ipsec_tunnel_if_add_del_t::renumber
u8 renumber
Definition: ipsec.api:458
vl_api_ipsec_tunnel_if_add_del_t_handler
static void vl_api_ipsec_tunnel_if_add_del_t_handler(vl_api_ipsec_tunnel_if_add_del_t *mp)
Definition: ipsec_api.c:729
vl_api_ipsec_backend_dump_t_handler
static void vl_api_ipsec_backend_dump_t_handler(vl_api_ipsec_backend_dump_t *mp)
Definition: ipsec_api.c:901
foreach_ipsec_policy_action
Definition: ipsec_spd_policy.h:29
ipsec_select_esp_backend
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
Definition: ipsec.c:241
hash_foreach
#define hash_foreach(key_var, value_var, h, body)
Definition: hash.h:442
vl_api_ipsec_spd_dump_t_handler
static void vl_api_ipsec_spd_dump_t_handler(vl_api_ipsec_spd_dump_t *mp)
Definition: ipsec_api.c:637
vl_api_ipsec_spd_interface_dump_t_handler
static void vl_api_ipsec_spd_interface_dump_t_handler(vl_api_ipsec_spd_interface_dump_t *mp)
Definition: ipsec_api.c:692
vl_api_ipsec_tunnel_if_add_del_t::local_ip
vl_api_address_t local_ip
Definition: ipsec.api:444
ipsec_add_del_tunnel_args_t::is_ip6
u8 is_ip6
Definition: ipsec_if.h:35
port_range_t::start
u16 start
Definition: ipsec_spd_policy.h:42
api_errno.h
ipsec_sa_unlock_id
int ipsec_sa_unlock_id(u32 id)
Definition: ipsec_sa.c:332
vl_api_ipsec_tunnel_if_set_sa_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:537
vl_api_ipsec_interface_add_del_spd_t::is_add
u8 is_add
Definition: ipsec.api:52
IPSEC_CRYPTO_N_ALG
Definition: ipsec_sa.h:41
ipsec_policy_t_::rport
port_range_t rport
Definition: ipsec_spd_policy.h:68
vl_api_ipsec_tunnel_protect_dump_t
Definition: ipsec.api:373
u32
unsigned int u32
Definition: types.h:88
vl_api_ipsec_spd_entry_add_del_reply_t
IPsec: Reply Add/delete Security Policy Database entry.
Definition: ipsec.api:132
vl_api_ipsec_sa_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:521
ipsec_main_t
Definition: ipsec.h:92
ip_address_decode
ip46_type_t ip_address_decode(const vl_api_address_t *in, ip46_address_t *out)
Definition: ip_types_api.c:161
vl_api_ipsec_sa_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:520
vl_api_ipsec_spd_add_del_t_handler
static void vl_api_ipsec_spd_add_del_t_handler(vl_api_ipsec_spd_add_del_t *mp)
Definition: ipsec_api.c:70
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec_sa.h:120
api_helper_macros.h
hash_get
#define hash_get(h, key)
Definition: hash.h:249
vl_api_ipsec_sad_entry_add_del_t
IPsec: Add/delete Security Association Database entry.
Definition: ipsec.api:297
ipsec_sa_t::tx_fib_index
u32 tx_fib_index
Definition: ipsec_sa.h:160
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:514
vl_api_ipsec_tunnel_if_add_del_t::remote_crypto_key
u8 remote_crypto_key[128]
Definition: ipsec.api:452
vl_api_ipsec_spds_details_t
Dump IPsec all SPD IDs response.
Definition: ipsec.api:153
vl_api_ipsec_tunnel_if_add_del_reply_t
Add/delete IPsec tunnel interface response.
Definition: ipsec.api:470
vl_api_ipsec_tunnel_if_add_del_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec.api:456
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
protocol
vl_api_ip_proto_t protocol
Definition: punt.api:39
vl_api_ipsec_spd_add_del_t
IPsec: Add/delete Security Policy Database.
Definition: ipsec.api:29
ipsec_sa_t::salt
u32 salt
Definition: ipsec_sa.h:163
ipsec_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ipsec.h:108
vl_api_ipsec_tunnel_protect_details_t::tun
vl_api_ipsec_tunnel_protect_t tun
Definition: ipsec.api:383
ipsec_tun_protect_t_
Definition: ipsec_tun.h:32
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add, u32 *stat_index)
Add/Delete a SPD.
Definition: ipsec_spd_policy.c:136
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec_sa.h:121
vl_api_ipsec_tunnel_if_add_del_t::local_integ_key
u8 local_integ_key[128]
Definition: ipsec.api:455
ipsec_spd_action_decode
static int ipsec_spd_action_decode(vl_api_ipsec_spd_action_t in, ipsec_policy_action_t *out)
Definition: ipsec_api.c:240
ipsec_add_del_tunnel_args_t::remote_ip
ip46_address_t remote_ip
Definition: ipsec_if.h:38
ipsec_add_del_tunnel_args_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec_if.h:42
vl_api_ipsec_tunnel_protect_del_t
Definition: ipsec.api:365
vl_api_ipsec_tunnel_if_add_del_t::udp_encap
u8 udp_encap
Definition: ipsec.api:460
REPLY_MACRO
#define REPLY_MACRO(t)
Definition: api_helper_macros.h:30
vl_api_ipsec_tunnel_protect_update_t::tunnel
vl_api_ipsec_tunnel_protect_t tunnel
Definition: ipsec.api:362
ipsec_policy_t_::type
ipsec_spd_policy_type_t type
Definition: ipsec_spd_policy.h:60
ipsec_sad_flags_encode
static vl_api_ipsec_sad_flags_t ipsec_sad_flags_encode(const ipsec_sa_t *sa)
Definition: ipsec_api.c:457
vl_api_ipsec_spd_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:169
ipsec_tun_protect_del
int ipsec_tun_protect_del(u32 sw_if_index)
Definition: ipsec_tun.c:339
ipsec_sa_t
Definition: ipsec_sa.h:107
vl_api_ipsec_interface_add_del_spd_t::spd_id
u32 spd_id
Definition: ipsec.api:54
ipsec_add_del_tunnel_args_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec_if.h:47
send_ipsec_sa_details
static void send_ipsec_sa_details(ipsec_sa_t *sa, vl_api_registration_t *reg, u32 context, u32 sw_if_index)
Definition: ipsec_api.c:787
ipsec_sa_get
static ipsec_sa_t * ipsec_sa_get(u32 sa_index)
Definition: ipsec.h:244
ipsec_policy_action_t
ipsec_policy_action_t
Definition: ipsec_spd_policy.h:26
ipsec_main_t::spd_index_by_spd_id
uword * spd_index_by_spd_id
Definition: ipsec.h:111
vl_api_ipsec_spd_interface_details_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:408
vl_api_ipsec_spds_dump_t::client_index
u32 client_index
Definition: ipsec.api:144
vl_api_ipsec_tunnel_if_set_sa_t_handler
static void vl_api_ipsec_tunnel_if_set_sa_t_handler(vl_api_ipsec_tunnel_if_set_sa_t *mp)
Definition: ipsec_api.c:880
api_main_t
API main structure, used by both vpp and binary API clients.
Definition: api_common.h:203
ipsec_sa_t::tunnel_dst_addr
ip46_address_t tunnel_dst_addr
Definition: ipsec_sa.h:155
vl_api_ipsec_tunnel_protect_update_t
Definition: ipsec.api:357
vl_api_ipsec_tunnel_if_add_del_t::remote_integ_key
u8 remote_integ_key[128]
Definition: ipsec.api:457
vl_api_registration_
An API client registration, only in vpp/vlib.
Definition: api_common.h:46
ipsec_tun_protect_t_::itp_sw_if_index
u32 itp_sw_if_index
Definition: ipsec_tun.h:42
BAD_SW_IF_INDEX_LABEL
#define BAD_SW_IF_INDEX_LABEL
Definition: api_helper_macros.h:125
vl_api_ipsec_interface_add_del_spd_t
IPsec: Add/delete SPD from interface.
Definition: ipsec.api:47
ipsec_add_del_tunnel_args_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec_if.h:41
c
svmdb_client_t * c
Definition: vpp_get_metrics.c:49
vl_api_ipsec_tunnel_if_add_del_t::esn
u8 esn
Definition: ipsec.api:442
ipsec_add_del_tunnel_args_t
Definition: ipsec_if.h:32
ipsec_add_del_tunnel_args_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec_if.h:44
vm
vlib_main_t * vm
Definition: buffer.c:323
ipsec_tun_protect_update
int ipsec_tun_protect_update(u32 sw_if_index, u32 sa_out, u32 *sas_in)
Definition: ipsec_tun.c:224
ipsec_main_t::ah_backends
ipsec_ah_backend_t * ah_backends
Definition: ipsec.h:150
ipsec_policy_t_::priority
i32 priority
Definition: ipsec_spd_policy.h:57
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:341
vl_api_ipsec_spds_dump_t
Dump IPsec all SPD IDs.
Definition: ipsec.api:143
vl_api_ipsec_sad_entry_add_del_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:302
vl_api_ipsec_select_backend_t::index
u8 index
Definition: ipsec.api:575
ipsec_policy_t_::policy
ipsec_policy_action_t policy
Definition: ipsec_spd_policy.h:71
ip46_address_range_t::start
ip46_address_t start
Definition: ipsec_spd_policy.h:37
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
vl_api_ipsec_tunnel_if_add_del_t::local_spi
u32 local_spi
Definition: ipsec.api:446
ipsec_crypto_algo_decode
static int ipsec_crypto_algo_decode(vl_api_ipsec_crypto_alg_t in, ipsec_crypto_alg_t *out)
Definition: ipsec_api.c:356
ipsec_sa_flags_t
enum ipsec_sad_flags_t_ ipsec_sa_flags_t
vl_api_ipsec_select_backend_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:574
ipsec_tunnel_protect_walk_ctx_t_::reg
vl_api_registration_t * reg
Definition: ipsec_api.c:164
ipsec_esp_backend_t
Definition: ipsec.h:50
vl_api_ipsec_tunnel_if_set_sa_t
Set new SA on IPsec interface.
Definition: ipsec.api:534
vl_api_client_index_to_registration
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
Definition: api.h:57
ipsec_policy_t_
A Secruity Policy.
Definition: ipsec_spd_policy.h:54
vl_api_ipsec_spd_add_del_t::spd_id
u32 spd_id
Definition: ipsec.api:34
vl_api_ipsec_spds_dump_t_handler
static void vl_api_ipsec_spds_dump_t_handler(vl_api_ipsec_spds_dump_t *mp)
Definition: ipsec_api.c:565
vl_api_ipsec_tunnel_protect_dump_t_handler
static void vl_api_ipsec_tunnel_protect_dump_t_handler(vl_api_ipsec_tunnel_protect_dump_t *mp)
Definition: ipsec_api.c:203
send_ipsec_spd_interface_details
static void send_ipsec_spd_interface_details(vl_api_registration_t *reg, u32 spd_index, u32 sw_if_index, u32 context)
Definition: ipsec_api.c:675
vl_api_ipsec_spd_dump_t::client_index
u32 client_index
Definition: ipsec.api:166
vl_api_ipsec_sa_details_t::salt
u32 salt
Definition: ipsec.api:519
vl_api_ipsec_sa_details_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:516
vnet_main_t
Definition: vnet.h:51
send_ipsec_spd_details
static void send_ipsec_spd_details(ipsec_policy_t *p, vl_api_registration_t *reg, u32 context)
Definition: ipsec_api.c:602
ipsec_key_t_::data
u8 data[IPSEC_KEY_MAX_LEN]
Definition: ipsec_sa.h:76
ipsec_add_del_tunnel_args_t::local_crypto_key
u8 local_crypto_key[128]
Definition: ipsec_if.h:43
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
vl_api_ipsec_tunnel_if_add_del_t::salt
u32 salt
Definition: ipsec.api:462
spi
u32 spi
Definition: ipsec.api:274
vl_api_ipsec_spd_entry_add_del_t_handler
static void vl_api_ipsec_spd_entry_add_del_t_handler(vl_api_ipsec_spd_entry_add_del_t *mp)
Definition: ipsec_api.c:257
ipsec_main_t::policies
ipsec_policy_t * policies
Definition: ipsec.h:99
vl_api_ipsec_tunnel_if_add_del_t::local_crypto_key
u8 local_crypto_key[128]
Definition: ipsec.api:450
vl_api_ipsec_sa_dump_t
Dump IPsec security association.
Definition: ipsec.api:481
ipsec_add_del_tunnel_args_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec_if.h:46
ipsec_add_del_tunnel_args_t::esn
u8 esn
Definition: ipsec_if.h:36
ip46_type_t
ip46_type_t
Definition: ip6_packet.h:70
ipsec_main_t::sad
ipsec_sa_t * sad
Definition: ipsec.h:97
vl_api_ipsec_spd_interface_dump_t::spd_index_valid
u8 spd_index_valid
Definition: ipsec.api:397
fib_table_get_table_id
u32 fib_table_get_table_id(u32 fib_index, fib_protocol_t proto)
Get the Table-ID of the FIB from protocol and index.
Definition: fib_table.c:1069
ipsec_tun_protect_get
static ipsec_tun_protect_t * ipsec_tun_protect_get(u32 index)
Definition: ipsec_tun.h:103
ipsec_spd_t::policies
u32 * policies[IPSEC_SPD_POLICY_N_TYPES]
vectors for each of the policy types
Definition: ipsec_spd.h:49
ipsec_add_del_tunnel_args_t::tx_table_id
u32 tx_table_id
Definition: ipsec_if.h:54
vl_api_ipsec_tunnel_protect_details_t::context
u32 context
Definition: ipsec.api:382
vl_api_ipsec_spd_dump_t
Dump ipsec policy database data.
Definition: ipsec.api:165
vl_api_ipsec_spd_dump_t::context
u32 context
Definition: ipsec.api:167
vl_api_ipsec_spd_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:136
vnet_sw_interface_t::hw_if_index
u32 hw_if_index
Definition: interface.h:717
vl_api_ipsec_sa_details_t::replay_window
u64 replay_window
Definition: ipsec.api:522
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec_sa.h:144
vl_api_ipsec_tunnel_protect_update_t_handler
static void vl_api_ipsec_tunnel_protect_update_t_handler(vl_api_ipsec_tunnel_protect_update_t *mp)
Definition: ipsec_api.c:112
send_ipsec_spds_details
static void send_ipsec_spds_details(ipsec_spd_t *spd, vl_api_registration_t *reg, u32 context)
Definition: ipsec_api.c:544
ipsec_tunnel_protect_walk_ctx_t_::context
u32 context
Definition: ipsec_api.c:165
ipsec_proto_encode
static vl_api_ipsec_proto_t ipsec_proto_encode(ipsec_protocol_t p)
Definition: ipsec_api.c:343
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
vl_api_ipsec_spds_details_t::spd_id
u32 spd_id
Definition: ipsec.api:155
ipsec_sa_t::seq
u32 seq
Definition: ipsec_sa.h:118
vl_api_ipsec_spd_details_t
IPsec policy database response.
Definition: ipsec.api:178
clib_error_t
Definition: clib_error.h:21
vl_api_ipsec_spd_interface_dump_t
IPsec: Get SPD interfaces.
Definition: ipsec.api:393
vl_api_ipsec_spd_details_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:180
vl_api_ipsec_spd_entry_add_del_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:123
vl_api_ipsec_tunnel_if_add_del_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec.api:454
ipsec_sa_add_and_lock
int ipsec_sa_add_and_lock(u32 id, u32 spi, ipsec_protocol_t proto, ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, ipsec_sa_flags_t flags, u32 tx_table_id, u32 salt, const ip46_address_t *tun_src, const ip46_address_t *tun_dst, u32 *sa_out_index)
Definition: ipsec_sa.c:127
vnet_all_api_h.h
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:143
vl_api_ipsec_tunnel_if_add_del_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec.api:449
ipsec_add_del_tunnel_args_t::salt
u32 salt
Definition: ipsec_if.h:55
vl_api_ipsec_spd_details_t::context
u32 context
Definition: ipsec.api:179
ipsec_policy_t_::raddr
ip46_address_range_t raddr
Definition: ipsec_spd_policy.h:65
FIB_PROTOCOL_IP4
Definition: fib_types.h:37
INDEX_INVALID
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
Definition: dpo.h:47
vlib_main_t
Definition: main.h:83
uword
u64 uword
Definition: types.h:112
ipsec_crypto_alg_t
ipsec_crypto_alg_t
Definition: ipsec_sa.h:36
key
typedef key
Definition: ipsec.api:247
ipsec_integ_algo_decode
static int ipsec_integ_algo_decode(vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t *out)
Definition: ipsec_api.c:390
vl_api_ipsec_sad_entry_add_del_t::is_add
u8 is_add
Definition: ipsec.api:301
vl_api_ipsec_tunnel_if_set_sa_t::is_outbound
u8 is_outbound
Definition: ipsec.api:539
vl_api_ipsec_tunnel_protect_dump_t::client_index
u32 client_index
Definition: ipsec.api:375
vl_api_ipsec_tunnel_if_set_sa_t::sa_id
u32 sa_id
Definition: ipsec.api:538
ipsec_set_interface_spd
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Bind/attach a SPD to an interface.
Definition: ipsec_spd.c:63
ipsec_integ_algo_encode
static vl_api_ipsec_integ_alg_t ipsec_integ_algo_encode(ipsec_integ_alg_t i)
Definition: ipsec_api.c:406
tun
vl_api_gbp_endpoint_tun_t tun
Definition: gbp.api:125
ip_address_encode
void ip_address_encode(const ip46_address_t *in, ip46_type_t type, vl_api_address_t *out)
Definition: ip_types_api.c:178
ipsec_key_decode
static void ipsec_key_decode(const vl_api_key_t *key, ipsec_key_t *out)
Definition: ipsec_api.c:422
vl_api_ipsec_sa_details_t::context
u32 context
Definition: ipsec.api:515
ipsec_spd_t::id
u32 id
the User&#39;s ID for this policy
Definition: ipsec_spd.h:47
ipsec_key_encode
static void ipsec_key_encode(const ipsec_key_t *in, vl_api_key_t *out)
Definition: ipsec_api.c:428
ipsec_tun.h
vl_api_ipsec_tunnel_protect_details_t
Definition: ipsec.api:380
ipsec_tunnel_protect_walk_ctx_t
struct ipsec_tunnel_protect_walk_ctx_t_ ipsec_tunnel_protect_walk_ctx_t
vl_api_ipsec_spds_details_t::npolicies
u32 npolicies
Definition: ipsec.api:156
ipsec_add_del_tunnel_args_t::is_add
u8 is_add
Definition: ipsec_if.h:34
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec_sa.h:146
ipsec_policy_t_::lport
port_range_t lport
Definition: ipsec_spd_policy.h:67
ipsec_tun_protect_find
index_t ipsec_tun_protect_find(u32 sw_if_index)
Definition: ipsec_tun.c:215
ipsec_add_del_spd
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Add/Delete a SPD.
Definition: ipsec_spd.c:20
ipsec_api_hookup
static clib_error_t * ipsec_api_hookup(vlib_main_t *vm)
Definition: ipsec_api.c:1003
foreach_ipsec_spd_policy_type
#define foreach_ipsec_spd_policy_type
Definition: ipsec_spd.h:20
vl_api_ipsec_tunnel_protect_del_t_handler
static void vl_api_ipsec_tunnel_protect_del_t_handler(vl_api_ipsec_tunnel_protect_del_t *mp)
Definition: ipsec_api.c:140
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:197
id
u32 id
Definition: udp.api:45
ipsec_add_del_tunnel_if_internal
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index_p)
Definition: ipsec_if.c:269
vl_api_ipsec_tunnel_if_add_del_t::tx_table_id
u32 tx_table_id
Definition: ipsec.api:461
send_ipsec_tunnel_protect_details
static walk_rc_t send_ipsec_tunnel_protect_details(index_t itpi, void *arg)
Definition: ipsec_api.c:169
vl_api_ipsec_spds_details_t::context
u32 context
Definition: ipsec.api:154
vl_api_ipsec_spd_interface_details_t::spd_index
u32 spd_index
Definition: ipsec.api:407
vl_api_ipsec_select_backend_t_handler
static void vl_api_ipsec_select_backend_t_handler(vl_api_ipsec_select_backend_t *mp)
Definition: ipsec_api.c:946
vl_api_ipsec_sa_details_t
IPsec security association database response.
Definition: ipsec.api:514
ipsec_main_t::esp_backends
ipsec_esp_backend_t * esp_backends
Definition: ipsec.h:152
vec_validate_init_empty
#define vec_validate_init_empty(V, I, INIT)
Make sure vector is long enough for given index and initialize empty space (no header, unspecified alignment)
Definition: vec.h:486
ipsec_sa_t::integ_key
ipsec_key_t integ_key
Definition: ipsec_sa.h:151
ipsec_key_t_
Definition: ipsec_sa.h:73
ipsec_add_del_tunnel_args_t::anti_replay
u8 anti_replay
Definition: ipsec_if.h:37
vl_api_ipsec_spd_interface_dump_t::client_index
u32 client_index
Definition: ipsec.api:394
api_main
api_main_t api_main
Definition: api_shared.c:35
vl_api_ipsec_tunnel_if_add_del_t
Add or delete IPsec tunnel interface.
Definition: ipsec.api:438
ipsec_policy_t_::is_ipv6
u8 is_ipv6
Definition: ipsec_spd_policy.h:63
IPSEC_PROTOCOL_AH
Definition: ipsec_sa.h:68
vl_api_ipsec_interface_add_del_spd_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:53
proto
vl_api_fib_path_nh_proto_t proto
Definition: fib_types.api:125
ipsec_add_del_tunnel_args_t::local_integ_key
u8 local_integ_key[128]
Definition: ipsec_if.h:48
VALIDATE_SW_IF_INDEX
#define VALIDATE_SW_IF_INDEX(mp)
Definition: api_helper_macros.h:117
ipsec_tun_protect_t_::itp_out_sa
index_t itp_out_sa
Definition: ipsec_tun.h:35
ipsec_add_del_tunnel_args_t::show_instance
u32 show_instance
Definition: ipsec_if.h:52
vl_api_ipsec_sad_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:308
vl_api_ipsec_sad_entry_add_del_t_handler
static void vl_api_ipsec_sad_entry_add_del_t_handler(vl_api_ipsec_sad_entry_add_del_t *mp)
Definition: ipsec_api.c:478
vl_api_ipsec_tunnel_if_add_del_t::show_instance
u32 show_instance
Definition: ipsec.api:459
pool_elts
static uword pool_elts(void *v)
Number of active elements in a pool.
Definition: pool.h:128