FD.io VPP
v20.01-48-g3e0dafb74
Vector Packet Processing
ipsec_spd_policy.h
Go to the documentation of this file.
1
/*
2
* Copyright (c) 2015 Cisco and/or its affiliates.
3
* Licensed under the Apache License, Version 2.0 (the "License");
4
* you may not use this file except in compliance with the License.
5
* You may obtain a copy of the License at:
6
*
7
* http://www.apache.org/licenses/LICENSE-2.0
8
*
9
* Unless required by applicable law or agreed to in writing, software
10
* distributed under the License is distributed on an "AS IS" BASIS,
11
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
* See the License for the specific language governing permissions and
13
* limitations under the License.
14
*/
15
#ifndef __IPSEC_SPD_POLICY_H__
16
#define __IPSEC_SPD_POLICY_H__
17
18
#include <
vnet/ipsec/ipsec_spd.h
>
19
20
#define foreach_ipsec_policy_action \
21
_ (0, BYPASS, "bypass") \
22
_ (1, DISCARD, "discard") \
23
_ (2, RESOLVE, "resolve") \
24
_ (3, PROTECT, "protect")
25
26
typedef
enum
27
{
28
#define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
29
foreach_ipsec_policy_action
30
#undef _
31
}
ipsec_policy_action_t
;
32
33
#define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
34
35
typedef
struct
36
{
37
ip46_address_t start,
stop
;
38
}
ip46_address_range_t
;
39
40
typedef
struct
41
{
42
u16
start,
stop
;
43
}
port_range_t
;
44
45
/**
46
* @brief
47
* Policy packet & bytes counters
48
*/
49
extern
vlib_combined_counter_main_t
ipsec_spd_policy_counters
;
50
51
/**
52
* @brief A Secruity Policy. An entry in an SPD
53
*/
54
typedef
struct
ipsec_policy_t_
55
{
56
u32
id
;
57
i32
priority
;
58
59
// the type of policy
60
ipsec_spd_policy_type_t
type
;
61
62
// Selector
63
u8
is_ipv6
;
64
ip46_address_range_t
laddr
;
65
ip46_address_range_t
raddr
;
66
u8
protocol
;
67
port_range_t
lport
;
68
port_range_t
rport
;
69
70
// Policy
71
ipsec_policy_action_t
policy
;
72
u32
sa_id
;
73
u32
sa_index
;
74
}
ipsec_policy_t
;
75
76
/**
77
* @brief Add/Delete a SPD
78
*/
79
extern
int
ipsec_add_del_policy
(
vlib_main_t
*
vm
,
80
ipsec_policy_t
*
policy
,
81
int
is_add,
u32
* stat_index);
82
83
extern
u8
*
format_ipsec_policy
(
u8
* s, va_list * args);
84
extern
u8
*
format_ipsec_policy_action
(
u8
* s, va_list * args);
85
extern
uword
unformat_ipsec_policy_action
(
unformat_input_t
* input,
86
va_list * args);
87
88
89
extern
int
ipsec_policy_mk_type
(
bool
is_outbound
,
90
bool
is_ipv6
,
91
ipsec_policy_action_t
action
,
92
ipsec_spd_policy_type_t
*
type
);
93
94
#endif
/* __IPSEC_SPD_POLICY_H__ */
95
96
/*
97
* fd.io coding-style-patch-verification: ON
98
*
99
* Local Variables:
100
* eval: (c-set-style "gnu")
101
* End:
102
*/
ip46_address_range_t::stop
ip46_address_t stop
Definition:
ipsec_spd_policy.h:37
port_range_t::stop
u16 stop
Definition:
ipsec_spd_policy.h:42
ipsec_policy_t_::sa_id
u32 sa_id
Definition:
ipsec_spd_policy.h:72
ipsec_spd_policy_type_t
enum ipsec_spd_policy_t_ ipsec_spd_policy_type_t
ipsec_policy_t_::laddr
ip46_address_range_t laddr
Definition:
ipsec_spd_policy.h:64
ipsec_policy_t_::id
u32 id
Definition:
ipsec_spd_policy.h:56
format_ipsec_policy
u8 * format_ipsec_policy(u8 *s, va_list *args)
Definition:
ipsec_format.c:156
u8
unsigned char u8
Definition:
types.h:56
ipsec_policy_t_::protocol
u8 protocol
Definition:
ipsec_spd_policy.h:66
port_range_t
Definition:
ipsec_spd_policy.h:40
ipsec_policy_t_::rport
port_range_t rport
Definition:
ipsec_spd_policy.h:68
u32
unsigned int u32
Definition:
types.h:88
ipsec_spd_policy_counters
vlib_combined_counter_main_t ipsec_spd_policy_counters
Policy packet & bytes counters.
Definition:
ipsec_spd_policy.c:22
unformat_input_t
struct _unformat_input_t unformat_input_t
u16
unsigned short u16
Definition:
types.h:57
ipsec_policy_t_::type
ipsec_spd_policy_type_t type
Definition:
ipsec_spd_policy.h:60
format_ipsec_policy_action
u8 * format_ipsec_policy_action(u8 *s, va_list *args)
Definition:
ipsec_format.c:28
vm
vlib_main_t * vm
Definition:
in2out_ed.c:1810
ipsec_policy_action_t
ipsec_policy_action_t
Definition:
ipsec_spd_policy.h:26
ipsec_policy_mk_type
int ipsec_policy_mk_type(bool is_outbound, bool is_ipv6, ipsec_policy_action_t action, ipsec_spd_policy_type_t *type)
Definition:
ipsec_spd_policy.c:100
ipsec_spd.h
ipsec_policy_t_::priority
i32 priority
Definition:
ipsec_spd_policy.h:57
ipsec_policy_t_::policy
ipsec_policy_action_t policy
Definition:
ipsec_spd_policy.h:71
is_outbound
u8 is_outbound
Definition:
ipsec.api:93
ipsec_policy_t_
A Secruity Policy.
Definition:
ipsec_spd_policy.h:54
ipsec_policy_t_::sa_index
u32 sa_index
Definition:
ipsec_spd_policy.h:73
foreach_ipsec_policy_action
#define foreach_ipsec_policy_action
Definition:
ipsec_spd_policy.h:20
i32
signed int i32
Definition:
types.h:77
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add, u32 *stat_index)
Add/Delete a SPD.
Definition:
ipsec_spd_policy.c:136
ipsec_policy_t
struct ipsec_policy_t_ ipsec_policy_t
A Secruity Policy.
action
u8 action
Definition:
l2.api:173
ipsec_policy_t_::raddr
ip46_address_range_t raddr
Definition:
ipsec_spd_policy.h:65
ip46_address_range_t
Definition:
ipsec_spd_policy.h:35
vlib_main_t
Definition:
main.h:83
uword
u64 uword
Definition:
types.h:112
vlib_combined_counter_main_t
A collection of combined counters.
Definition:
counter.h:188
unformat_ipsec_policy_action
uword unformat_ipsec_policy_action(unformat_input_t *input, va_list *args)
Definition:
ipsec_format.c:64
ipsec_policy_t_::lport
port_range_t lport
Definition:
ipsec_spd_policy.h:67
ipsec_policy_t_::is_ipv6
u8 is_ipv6
Definition:
ipsec_spd_policy.h:63
src
vnet
ipsec
ipsec_spd_policy.h
Generated on Wed Sep 9 2020 00:05:14 for FD.io VPP by
1.8.13