FD.io VPP  v20.01-48-g3e0dafb74
Vector Packet Processing
ipsec.c
Go to the documentation of this file.
1 /*
2  * ipsec.c : IPSEC module functions
3  *
4  * Copyright (c) 2015 Cisco and/or its affiliates.
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
18 #include <vnet/vnet.h>
19 #include <vnet/api_errno.h>
20 #include <vnet/ip/ip.h>
21 #include <vnet/interface.h>
22 #include <vnet/udp/udp.h>
23 
24 #include <vnet/ipsec/ipsec.h>
25 #include <vnet/ipsec/esp.h>
26 #include <vnet/ipsec/ah.h>
27 
29 
30 static clib_error_t *
32 {
33  ipsec_main_t *im = &ipsec_main;
34 
35  if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
36  return clib_error_return (0, "unsupported none integ-alg");
37 
39  return clib_error_return (0, "No crypto engine support for %U",
41 
42  return 0;
43 }
44 
45 static clib_error_t *
47 {
48  ipsec_main_t *im = &ipsec_main;
49 
50  if (IPSEC_INTEG_ALG_NONE != sa->integ_alg)
51  {
53  return clib_error_return (0, "No crypto engine support for %U",
55  }
56  if (IPSEC_CRYPTO_ALG_NONE != sa->crypto_alg)
57  {
59  return clib_error_return (0, "No crypto engine support for %U",
61  }
62 
63  return (0);
64 }
65 
67 ipsec_add_del_sa_sess_cb (ipsec_main_t * im, u32 sa_index, u8 is_add)
68 {
69  ipsec_ah_backend_t *ah =
71  if (ah->add_del_sa_sess_cb)
72  {
73  clib_error_t *err = ah->add_del_sa_sess_cb (sa_index, is_add);
74  if (err)
75  return err;
76  }
77  ipsec_esp_backend_t *esp =
79  if (esp->add_del_sa_sess_cb)
80  {
81  clib_error_t *err = esp->add_del_sa_sess_cb (sa_index, is_add);
82  if (err)
83  return err;
84  }
85  return 0;
86 }
87 
90 {
91  clib_error_t *error = 0;
92 
94  {
95  ipsec_ah_backend_t *ah =
98  error = ah->check_support_cb (sa);
99  }
100  else
101  {
102  ipsec_esp_backend_t *esp =
104  ASSERT (esp->check_support_cb);
105  error = esp->check_support_cb (sa);
106  }
107  return error;
108 }
109 
110 
111 static void
112 ipsec_add_node (vlib_main_t * vm, const char *node_name,
113  const char *prev_node_name, u32 * out_node_index,
114  u32 * out_next_index)
115 {
116  vlib_node_t *prev_node, *node;
117  prev_node = vlib_get_node_by_name (vm, (u8 *) prev_node_name);
118  ASSERT (prev_node);
119  node = vlib_get_node_by_name (vm, (u8 *) node_name);
120  ASSERT (node);
121  *out_node_index = node->index;
122  *out_next_index = vlib_node_add_next (vm, prev_node->index, node->index);
123 }
124 
125 void
126 ipsec_add_feature (const char *arc_name,
127  const char *node_name, u32 * out_feature_index)
128 {
129  u8 arc;
130 
131  arc = vnet_get_feature_arc_index (arc_name);
132  ASSERT (arc != (u8) ~ 0);
133  *out_feature_index = vnet_get_feature_index (arc, node_name);
134 }
135 
136 u32
138  const char *name,
139  const char *ah4_encrypt_node_name,
140  const char *ah4_decrypt_node_name,
141  const char *ah6_encrypt_node_name,
142  const char *ah6_decrypt_node_name,
143  check_support_cb_t ah_check_support_cb,
144  add_del_sa_sess_cb_t ah_add_del_sa_sess_cb)
145 {
147  pool_get (im->ah_backends, b);
148  b->name = format (0, "%s%c", name, 0);
149 
150  ipsec_add_node (vm, ah4_encrypt_node_name, "ipsec4-output-feature",
152  ipsec_add_node (vm, ah4_decrypt_node_name, "ipsec4-input-feature",
154  ipsec_add_node (vm, ah6_encrypt_node_name, "ipsec6-output-feature",
156  ipsec_add_node (vm, ah6_decrypt_node_name, "ipsec6-input-feature",
158 
159  b->check_support_cb = ah_check_support_cb;
160  b->add_del_sa_sess_cb = ah_add_del_sa_sess_cb;
161  return b - im->ah_backends;
162 }
163 
164 u32
166  const char *name,
167  const char *esp4_encrypt_node_name,
168  const char *esp4_encrypt_node_tun_name,
169  const char *esp4_decrypt_node_name,
170  const char *esp4_decrypt_tun_node_name,
171  const char *esp6_encrypt_node_name,
172  const char *esp6_encrypt_node_tun_name,
173  const char *esp6_decrypt_node_name,
174  const char *esp6_decrypt_tun_node_name,
175  check_support_cb_t esp_check_support_cb,
176  add_del_sa_sess_cb_t esp_add_del_sa_sess_cb)
177 {
179 
180  pool_get (im->esp_backends, b);
181  b->name = format (0, "%s%c", name, 0);
182 
183  ipsec_add_node (vm, esp4_encrypt_node_name, "ipsec4-output-feature",
185  ipsec_add_node (vm, esp4_decrypt_node_name, "ipsec4-input-feature",
187  ipsec_add_node (vm, esp6_encrypt_node_name, "ipsec6-output-feature",
189  ipsec_add_node (vm, esp6_decrypt_node_name, "ipsec6-input-feature",
191  ipsec_add_node (vm, esp4_decrypt_tun_node_name, "ipsec4-tun-input",
194  ipsec_add_node (vm, esp6_decrypt_tun_node_name, "ipsec6-tun-input",
197 
198  ipsec_add_feature ("ip4-output", esp4_encrypt_node_tun_name,
200  ipsec_add_feature ("ip4-output", esp6_encrypt_node_tun_name,
202  ipsec_add_feature ("ip6-output", esp6_encrypt_node_tun_name,
204  ipsec_add_feature ("ip6-output", esp4_encrypt_node_tun_name,
206 
207  b->check_support_cb = esp_check_support_cb;
208  b->add_del_sa_sess_cb = esp_add_del_sa_sess_cb;
209  return b - im->esp_backends;
210 }
211 
212 clib_error_t *
214 {
215  /* return an error is crypto resource are in use */
216  if (pool_elts (im->sad) > 0)
217  return clib_error_return (0,
218  "%d SA entries configured",
219  pool_elts (im->sad));
220 
221  return (NULL);
222 }
223 
224 int
226 {
227  if (ipsec_rsc_in_use (im))
228  return VNET_API_ERROR_RSRC_IN_USE;
229 
230  if (pool_is_free_index (im->ah_backends, backend_idx))
231  return VNET_API_ERROR_INVALID_VALUE;
232 
233  ipsec_ah_backend_t *b = pool_elt_at_index (im->ah_backends, backend_idx);
234  im->ah_current_backend = backend_idx;
243 
244  return 0;
245 }
246 
247 int
249 {
250  if (ipsec_rsc_in_use (im))
251  return VNET_API_ERROR_RSRC_IN_USE;
252 
253  if (pool_is_free_index (im->esp_backends, backend_idx))
254  return VNET_API_ERROR_INVALID_VALUE;
255 
256  ipsec_esp_backend_t *b = pool_elt_at_index (im->esp_backends, backend_idx);
257  im->esp_current_backend = backend_idx;
270 
275 
276  return 0;
277 }
278 
279 static clib_error_t *
281 {
282  clib_error_t *error;
283  ipsec_main_t *im = &ipsec_main;
285 
286  /* Backend registration requires the feature arcs to be set up */
287  if ((error = vlib_call_init_function (vm, vnet_feature_init)))
288  return (error);
289 
290  im->vnet_main = vnet_get_main ();
291  im->vlib_main = vm;
292 
293  im->spd_index_by_spd_id = hash_create (0, sizeof (uword));
294  im->sa_index_by_sa_id = hash_create (0, sizeof (uword));
295  im->spd_index_by_sw_if_index = hash_create (0, sizeof (uword));
296 
297  vlib_node_t *node = vlib_get_node_by_name (vm, (u8 *) "error-drop");
298  ASSERT (node);
299  im->error_drop_node_index = node->index;
300 
301  u32 idx = ipsec_register_ah_backend (vm, im, "crypto engine backend",
302  "ah4-encrypt",
303  "ah4-decrypt",
304  "ah6-encrypt",
305  "ah6-decrypt",
307  NULL);
308 
309  im->ah_default_backend = idx;
310  int rv = ipsec_select_ah_backend (im, idx);
311  ASSERT (0 == rv);
312  (void) (rv); // avoid warning
313 
314  idx = ipsec_register_esp_backend (vm, im, "crypto engine backend",
315  "esp4-encrypt",
316  "esp4-encrypt-tun",
317  "esp4-decrypt",
318  "esp4-decrypt-tun",
319  "esp6-encrypt",
320  "esp6-encrypt-tun",
321  "esp6-decrypt",
322  "esp6-decrypt-tun",
324  im->esp_default_backend = idx;
325 
326  rv = ipsec_select_esp_backend (im, idx);
327  ASSERT (0 == rv);
328  (void) (rv); // avoid warning
329 
330  if ((error = vlib_call_init_function (vm, ipsec_cli_init)))
331  return error;
332 
334 
335  a = im->crypto_algs + IPSEC_CRYPTO_ALG_NONE;
339  a->iv_size = 0;
340  a->block_size = 1;
341 
342  a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC;
343  a->enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
344  a->dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
345  a->alg = VNET_CRYPTO_ALG_DES_CBC;
346  a->iv_size = a->block_size = 8;
347 
348  a = im->crypto_algs + IPSEC_CRYPTO_ALG_3DES_CBC;
349  a->enc_op_id = VNET_CRYPTO_OP_3DES_CBC_ENC;
350  a->dec_op_id = VNET_CRYPTO_OP_3DES_CBC_DEC;
351  a->alg = VNET_CRYPTO_ALG_3DES_CBC;
352  a->iv_size = a->block_size = 8;
353 
354  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_128;
355  a->enc_op_id = VNET_CRYPTO_OP_AES_128_CBC_ENC;
356  a->dec_op_id = VNET_CRYPTO_OP_AES_128_CBC_DEC;
357  a->alg = VNET_CRYPTO_ALG_AES_128_CBC;
358  a->iv_size = a->block_size = 16;
359 
360  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_192;
361  a->enc_op_id = VNET_CRYPTO_OP_AES_192_CBC_ENC;
362  a->dec_op_id = VNET_CRYPTO_OP_AES_192_CBC_DEC;
363  a->alg = VNET_CRYPTO_ALG_AES_192_CBC;
364  a->iv_size = a->block_size = 16;
365 
366  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_256;
367  a->enc_op_id = VNET_CRYPTO_OP_AES_256_CBC_ENC;
368  a->dec_op_id = VNET_CRYPTO_OP_AES_256_CBC_DEC;
369  a->alg = VNET_CRYPTO_ALG_AES_256_CBC;
370  a->iv_size = a->block_size = 16;
371 
372  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_128;
373  a->enc_op_id = VNET_CRYPTO_OP_AES_128_GCM_ENC;
374  a->dec_op_id = VNET_CRYPTO_OP_AES_128_GCM_DEC;
375  a->alg = VNET_CRYPTO_ALG_AES_128_GCM;
376  a->iv_size = a->block_size = 8;
377  a->icv_size = 16;
378 
379  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_192;
380  a->enc_op_id = VNET_CRYPTO_OP_AES_192_GCM_ENC;
381  a->dec_op_id = VNET_CRYPTO_OP_AES_192_GCM_DEC;
382  a->alg = VNET_CRYPTO_ALG_AES_192_GCM;
383  a->iv_size = a->block_size = 8;
384  a->icv_size = 16;
385 
386  a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_256;
387  a->enc_op_id = VNET_CRYPTO_OP_AES_256_GCM_ENC;
388  a->dec_op_id = VNET_CRYPTO_OP_AES_256_GCM_DEC;
389  a->alg = VNET_CRYPTO_ALG_AES_256_GCM;
390  a->iv_size = a->block_size = 8;
391  a->icv_size = 16;
392 
395 
396  i = &im->integ_algs[IPSEC_INTEG_ALG_MD5_96];
397  i->op_id = VNET_CRYPTO_OP_MD5_HMAC;
398  i->alg = VNET_CRYPTO_ALG_HMAC_MD5;
399  i->icv_size = 12;
400 
401  i = &im->integ_algs[IPSEC_INTEG_ALG_SHA1_96];
402  i->op_id = VNET_CRYPTO_OP_SHA1_HMAC;
403  i->alg = VNET_CRYPTO_ALG_HMAC_SHA1;
404  i->icv_size = 12;
405 
406  i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
407  i->op_id = VNET_CRYPTO_OP_SHA1_HMAC;
408  i->alg = VNET_CRYPTO_ALG_HMAC_SHA256;
409  i->icv_size = 12;
410 
411  i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
412  i->op_id = VNET_CRYPTO_OP_SHA256_HMAC;
413  i->alg = VNET_CRYPTO_ALG_HMAC_SHA256;
414  i->icv_size = 16;
415 
416  i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
417  i->op_id = VNET_CRYPTO_OP_SHA384_HMAC;
418  i->alg = VNET_CRYPTO_ALG_HMAC_SHA384;
419  i->icv_size = 24;
420 
421  i = &im->integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
422  i->op_id = VNET_CRYPTO_OP_SHA512_HMAC;
423  i->alg = VNET_CRYPTO_ALG_HMAC_SHA512;
424  i->icv_size = 32;
425 
427 
428  im->ah4_enc_fq_index =
430  im->ah4_dec_fq_index =
432  im->ah6_enc_fq_index =
434  im->ah6_dec_fq_index =
436 
437  im->esp4_enc_fq_index =
439  im->esp4_dec_fq_index =
441  im->esp6_enc_fq_index =
443  im->esp6_dec_fq_index =
453 
454  return 0;
455 }
456 
458 
459 /*
460  * fd.io coding-style-patch-verification: ON
461  *
462  * Local Variables:
463  * eval: (c-set-style "gnu")
464  * End:
465  */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:440
u32 esp4_decrypt_tun_node_index
Definition: ipsec.h:127
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:110
u32 ipsec_register_ah_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *ah4_encrypt_node_name, const char *ah4_decrypt_node_name, const char *ah6_encrypt_node_name, const char *ah6_decrypt_node_name, check_support_cb_t ah_check_support_cb, add_del_sa_sess_cb_t ah_add_del_sa_sess_cb)
Definition: ipsec.c:137
u32 esp_default_backend
Definition: ipsec.h:168
u32 esp4_encrypt_next_index
Definition: ipsec.h:58
ipsec_main_crypto_alg_t * crypto_algs
Definition: ipsec.h:171
ipsec_per_thread_data_t * ptd
Definition: ipsec.h:177
u32 esp6_decrypt_node_index
Definition: ipsec.h:131
u8 vnet_get_feature_arc_index(const char *s)
Definition: feature.c:198
u32 ah4_decrypt_next_index
Definition: ipsec.h:140
a
Definition: bitmap.h:538
vnet_main_t * vnet_get_main(void)
Definition: misc.c:46
static void ipsec_add_node(vlib_main_t *vm, const char *node_name, const char *prev_node_name, u32 *out_node_index, u32 *out_next_index)
Definition: ipsec.c:112
#define NULL
Definition: clib.h:58
u32 index
Definition: node.h:280
u32 esp4_decrypt_node_index
Definition: ipsec.h:57
u32 vlib_frame_queue_main_init(u32 node_index, u32 frame_queue_nelts)
Definition: threads.c:1810
ipsec_integ_alg_t integ_alg
Definition: ipsec_sa.h:152
u32 ah6_decrypt_next_index
Definition: ipsec.h:46
u32 esp6_decrypt_tun_node_index
Definition: ipsec.h:132
u32 esp6_decrypt_next_index
Definition: ipsec.h:63
u32 esp46_encrypt_tun_feature_index
Definition: ipsec.h:150
u32 ah4_encrypt_next_index
Definition: ipsec.h:139
u32 ah4_encrypt_node_index
Definition: ipsec.h:39
u32 esp6_encrypt_node_index
Definition: ipsec.h:60
vlib_node_registration_t ah6_encrypt_node
(constructor) VLIB_REGISTER_NODE (ah6_encrypt_node)
Definition: ah_encrypt.c:452
int i
int ipsec_select_ah_backend(ipsec_main_t *im, u32 backend_idx)
Definition: ipsec.c:225
u32 ah_current_backend
Definition: ipsec.h:162
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
u32 esp6_decrypt_tun_next_index
Definition: ipsec.h:67
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
Definition: vec.h:451
u32 esp_current_backend
Definition: ipsec.h:164
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:237
u32 ah6_decrypt_node_index
Definition: ipsec.h:44
static uword vlib_node_add_next(vlib_main_t *vm, uword node, uword next_node)
Definition: node_funcs.h:1092
unsigned char u8
Definition: types.h:56
vlib_node_registration_t esp4_encrypt_tun_node
(constructor) VLIB_REGISTER_NODE (esp4_encrypt_tun_node)
Definition: esp_encrypt.c:645
uword * spd_index_by_sw_if_index
Definition: ipsec.h:114
int vnet_crypto_is_set_handler(vnet_crypto_alg_t alg)
Definition: crypto.c:133
u32 esp4_decrypt_tun_next_index
Definition: ipsec.h:138
vnet_crypto_alg_t alg
Definition: ipsec.h:87
u32 esp4_enc_tun_fq_index
Definition: ipsec.h:189
vlib_node_registration_t esp6_decrypt_tun_node
(constructor) VLIB_REGISTER_NODE (esp6_decrypt_tun_node)
Definition: esp_decrypt.c:709
u32 esp6_encrypt_next_index
Definition: ipsec.h:62
static clib_error_t * ipsec_check_ah_support(ipsec_sa_t *sa)
Definition: ipsec.c:31
u32 esp44_encrypt_tun_feature_index
Definition: ipsec.h:148
u32 ah6_encrypt_node_index
Definition: ipsec.h:43
vlib_node_registration_t ah6_decrypt_node
(constructor) VLIB_REGISTER_NODE (ah6_decrypt_node)
Definition: ah_decrypt.c:456
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:173
ipsec_main_t ipsec_main
Definition: ipsec.c:28
u32 ah_default_backend
Definition: ipsec.h:166
u32 esp6_encrypt_node_index
Definition: ipsec.h:130
u32 esp4_decrypt_next_index
Definition: ipsec.h:137
u32 ah6_encrypt_next_index
Definition: ipsec.h:45
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
Definition: ipsec.c:248
u32 esp4_dec_tun_fq_index
Definition: ipsec.h:191
u32 esp44_encrypt_tun_feature_index
Definition: ipsec.h:68
#define clib_error_return(e, args...)
Definition: error.h:99
check_support_cb_t check_support_cb
Definition: ipsec.h:55
vlib_node_registration_t esp4_decrypt_tun_node
(constructor) VLIB_REGISTER_NODE (esp4_decrypt_tun_node)
Definition: esp_decrypt.c:692
u32 ah6_dec_fq_index
Definition: ipsec.h:183
u32 esp4_dec_fq_index
Definition: ipsec.h:186
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:78
unsigned int u32
Definition: types.h:88
clib_error_t *(* add_del_sa_sess_cb_t)(u32 sa_index, u8 is_add)
Definition: ipsec.h:29
#define vlib_call_init_function(vm, x)
Definition: init.h:270
u32 esp6_decrypt_node_index
Definition: ipsec.h:61
u32 vnet_get_feature_index(u8 arc, const char *s)
Definition: feature.c:234
static clib_error_t * vnet_feature_init(vlib_main_t *vm)
Definition: feature.c:51
u32 ah4_decrypt_node_index
Definition: ipsec.h:129
vlib_node_registration_t esp6_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp6_encrypt_node)
Definition: esp_encrypt.c:619
u32 error_drop_node_index
Definition: ipsec.h:124
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:519
vlib_node_registration_t esp6_encrypt_tun_node
(constructor) VLIB_REGISTER_NODE (esp6_encrypt_tun_node)
Definition: esp_encrypt.c:692
u32 esp4_encrypt_node_index
Definition: ipsec.h:125
vnet_main_t * vnet_main
Definition: ipsec.h:110
clib_error_t * ipsec_check_support_cb(ipsec_main_t *im, ipsec_sa_t *sa)
Definition: ipsec.c:89
vnet_crypto_op_id_t enc_op_id
Definition: ipsec.h:76
u32 ah4_decrypt_next_index
Definition: ipsec.h:42
u32 esp6_dec_tun_fq_index
Definition: ipsec.h:192
clib_error_t * ipsec_rsc_in_use(ipsec_main_t *im)
Definition: ipsec.c:213
u32 esp4_decrypt_tun_next_index
Definition: ipsec.h:65
#define PREDICT_FALSE(x)
Definition: clib.h:111
u32 ah4_enc_fq_index
Worker handoff.
Definition: ipsec.h:180
u32 esp6_decrypt_tun_node_index
Definition: ipsec.h:66
u32 esp64_encrypt_tun_feature_index
Definition: ipsec.h:71
vlib_node_registration_t ah4_encrypt_node
(constructor) VLIB_REGISTER_NODE (ah4_encrypt_node)
Definition: ah_encrypt.c:426
u32 ah4_dec_fq_index
Definition: ipsec.h:181
u32 esp66_encrypt_tun_feature_index
Definition: ipsec.h:70
u32 esp4_encrypt_node_index
Definition: ipsec.h:56
vlib_main_t * vm
Definition: in2out_ed.c:1810
uword * spd_index_by_spd_id
Definition: ipsec.h:113
u32 ah6_enc_fq_index
Definition: ipsec.h:182
u32 ah4_decrypt_node_index
Definition: ipsec.h:40
clib_error_t * ipsec_add_del_sa_sess_cb(ipsec_main_t *im, u32 sa_index, u8 is_add)
Definition: ipsec.c:67
u32 ah6_encrypt_next_index
Definition: ipsec.h:144
u32 ipsec_register_esp_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *esp4_encrypt_node_name, const char *esp4_encrypt_node_tun_name, const char *esp4_decrypt_node_name, const char *esp4_decrypt_tun_node_name, const char *esp6_encrypt_node_name, const char *esp6_encrypt_node_tun_name, const char *esp6_decrypt_node_name, const char *esp6_decrypt_tun_node_name, check_support_cb_t esp_check_support_cb, add_del_sa_sess_cb_t esp_add_del_sa_sess_cb)
Definition: ipsec.c:165
u32 esp6_decrypt_tun_next_index
Definition: ipsec.h:143
ipsec_ah_backend_t * ah_backends
Definition: ipsec.h:158
u32 esp46_encrypt_tun_feature_index
Definition: ipsec.h:69
clib_error_t * ipsec_cli_init(vlib_main_t *vm)
Definition: ipsec_cli.c:1026
vlib_node_registration_t ah4_decrypt_node
(constructor) VLIB_REGISTER_NODE (ah4_decrypt_node)
Definition: ah_decrypt.c:429
u32 esp6_enc_tun_fq_index
Definition: ipsec.h:190
u32 esp4_encrypt_next_index
Definition: ipsec.h:136
vlib_node_registration_t esp4_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp4_encrypt_node)
Definition: esp_encrypt.c:593
u32 ah4_encrypt_next_index
Definition: ipsec.h:41
uword * sa_index_by_sa_id
Definition: ipsec.h:115
u32 esp6_decrypt_next_index
Definition: ipsec.h:142
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
Definition: pool.h:284
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
Definition: node.c:45
vlib_main_t * vlib_main
Definition: ipsec.h:109
string name[64]
Definition: ip.api:44
vlib_main_t vlib_node_runtime_t * node
Definition: in2out_ed.c:1810
static clib_error_t * ipsec_init(vlib_main_t *vm)
Definition: ipsec.c:280
u32 esp6_encrypt_next_index
Definition: ipsec.h:141
static clib_error_t * ipsec_check_esp_support(ipsec_sa_t *sa)
Definition: ipsec.c:46
clib_error_t *(* check_support_cb_t)(ipsec_sa_t *sa)
Definition: ipsec.h:30
#define hash_create(elts, value_bytes)
Definition: hash.h:696
vnet_crypto_op_id_t op_id
Definition: ipsec.h:86
#define ASSERT(truth)
u32 ah4_encrypt_node_index
Definition: ipsec.h:128
ipsec_main_integ_alg_t * integ_algs
Definition: ipsec.h:174
u32 esp6_dec_fq_index
Definition: ipsec.h:188
u32 esp6_enc_fq_index
Definition: ipsec.h:187
ipsec_sa_t * sad
Definition: ipsec.h:102
u32 esp4_decrypt_node_index
Definition: ipsec.h:126
u32 esp64_encrypt_tun_feature_index
Definition: ipsec.h:149
ipsec_protocol_t protocol
Definition: ipsec_sa.h:146
add_del_sa_sess_cb_t add_del_sa_sess_cb
Definition: ipsec.h:53
vnet_crypto_op_id_t dec_op_id
Definition: ipsec.h:77
u32 ah6_decrypt_node_index
Definition: ipsec.h:134
u32 esp66_encrypt_tun_feature_index
Definition: ipsec.h:151
u32 esp4_enc_fq_index
Definition: ipsec.h:185
u32 ah6_encrypt_node_index
Definition: ipsec.h:133
u32 ah6_decrypt_next_index
Definition: ipsec.h:145
check_support_cb_t check_support_cb
Definition: ipsec.h:38
u32 esp4_decrypt_tun_node_index
Definition: ipsec.h:64
u64 uword
Definition: types.h:112
void ipsec_add_feature(const char *arc_name, const char *node_name, u32 *out_feature_index)
Definition: ipsec.c:126
u32 esp4_decrypt_next_index
Definition: ipsec.h:59
ipsec_crypto_alg_t crypto_alg
Definition: ipsec_sa.h:148
static u32 vlib_num_workers()
Definition: threads.h:372
vnet_crypto_alg_t alg
Definition: ipsec.h:78
add_del_sa_sess_cb_t add_del_sa_sess_cb
Definition: ipsec.h:36
ipsec_esp_backend_t * esp_backends
Definition: ipsec.h:160
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
vlib_node_registration_t esp6_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp6_decrypt_node)
Definition: esp_decrypt.c:673
vlib_node_registration_t esp4_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp4_decrypt_node)
Definition: esp_decrypt.c:654
static uword pool_elts(void *v)
Number of active elements in a pool.
Definition: pool.h:128