35 if (sa->
integ_alg == IPSEC_INTEG_ALG_NONE)
50 if (IPSEC_INTEG_ALG_NONE != sa->
integ_alg)
113 const char *prev_node_name,
u32 * out_node_index,
114 u32 * out_next_index)
121 *out_node_index = node->
index;
127 const char *node_name,
u32 * out_feature_index)
139 const char *ah4_encrypt_node_name,
140 const char *ah4_decrypt_node_name,
141 const char *ah6_encrypt_node_name,
142 const char *ah6_decrypt_node_name,
150 ipsec_add_node (vm, ah4_encrypt_node_name,
"ipsec4-output-feature",
152 ipsec_add_node (vm, ah4_decrypt_node_name,
"ipsec4-input-feature",
154 ipsec_add_node (vm, ah6_encrypt_node_name,
"ipsec6-output-feature",
156 ipsec_add_node (vm, ah6_decrypt_node_name,
"ipsec6-input-feature",
167 const char *esp4_encrypt_node_name,
168 const char *esp4_encrypt_node_tun_name,
169 const char *esp4_decrypt_node_name,
170 const char *esp4_decrypt_tun_node_name,
171 const char *esp6_encrypt_node_name,
172 const char *esp6_encrypt_node_tun_name,
173 const char *esp6_decrypt_node_name,
174 const char *esp6_decrypt_tun_node_name,
183 ipsec_add_node (vm, esp4_encrypt_node_name,
"ipsec4-output-feature",
185 ipsec_add_node (vm, esp4_decrypt_node_name,
"ipsec4-input-feature",
187 ipsec_add_node (vm, esp6_encrypt_node_name,
"ipsec6-output-feature",
189 ipsec_add_node (vm, esp6_decrypt_node_name,
"ipsec6-input-feature",
191 ipsec_add_node (vm, esp4_decrypt_tun_node_name,
"ipsec4-tun-input",
194 ipsec_add_node (vm, esp6_decrypt_tun_node_name,
"ipsec6-tun-input",
218 "%d SA entries configured",
228 return VNET_API_ERROR_RSRC_IN_USE;
231 return VNET_API_ERROR_INVALID_VALUE;
251 return VNET_API_ERROR_RSRC_IN_USE;
254 return VNET_API_ERROR_INVALID_VALUE;
343 a->
enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
344 a->
dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
345 a->
alg = VNET_CRYPTO_ALG_DES_CBC;
349 a->
enc_op_id = VNET_CRYPTO_OP_3DES_CBC_ENC;
350 a->
dec_op_id = VNET_CRYPTO_OP_3DES_CBC_DEC;
351 a->
alg = VNET_CRYPTO_ALG_3DES_CBC;
354 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_128;
355 a->
enc_op_id = VNET_CRYPTO_OP_AES_128_CBC_ENC;
356 a->
dec_op_id = VNET_CRYPTO_OP_AES_128_CBC_DEC;
357 a->
alg = VNET_CRYPTO_ALG_AES_128_CBC;
360 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_192;
361 a->
enc_op_id = VNET_CRYPTO_OP_AES_192_CBC_ENC;
362 a->
dec_op_id = VNET_CRYPTO_OP_AES_192_CBC_DEC;
363 a->
alg = VNET_CRYPTO_ALG_AES_192_CBC;
366 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_CBC_256;
367 a->
enc_op_id = VNET_CRYPTO_OP_AES_256_CBC_ENC;
368 a->
dec_op_id = VNET_CRYPTO_OP_AES_256_CBC_DEC;
369 a->
alg = VNET_CRYPTO_ALG_AES_256_CBC;
372 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_128;
373 a->
enc_op_id = VNET_CRYPTO_OP_AES_128_GCM_ENC;
374 a->
dec_op_id = VNET_CRYPTO_OP_AES_128_GCM_DEC;
375 a->
alg = VNET_CRYPTO_ALG_AES_128_GCM;
379 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_192;
380 a->
enc_op_id = VNET_CRYPTO_OP_AES_192_GCM_ENC;
381 a->
dec_op_id = VNET_CRYPTO_OP_AES_192_GCM_DEC;
382 a->
alg = VNET_CRYPTO_ALG_AES_192_GCM;
386 a = im->
crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_256;
387 a->
enc_op_id = VNET_CRYPTO_OP_AES_256_GCM_ENC;
388 a->
dec_op_id = VNET_CRYPTO_OP_AES_256_GCM_DEC;
389 a->
alg = VNET_CRYPTO_ALG_AES_256_GCM;
397 i->
op_id = VNET_CRYPTO_OP_MD5_HMAC;
398 i->
alg = VNET_CRYPTO_ALG_HMAC_MD5;
402 i->
op_id = VNET_CRYPTO_OP_SHA1_HMAC;
403 i->
alg = VNET_CRYPTO_ALG_HMAC_SHA1;
406 i = &im->
integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
407 i->
op_id = VNET_CRYPTO_OP_SHA1_HMAC;
408 i->
alg = VNET_CRYPTO_ALG_HMAC_SHA256;
411 i = &im->
integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
412 i->
op_id = VNET_CRYPTO_OP_SHA256_HMAC;
413 i->
alg = VNET_CRYPTO_ALG_HMAC_SHA256;
416 i = &im->
integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
417 i->
op_id = VNET_CRYPTO_OP_SHA384_HMAC;
418 i->
alg = VNET_CRYPTO_ALG_HMAC_SHA384;
421 i = &im->
integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
422 i->
op_id = VNET_CRYPTO_OP_SHA512_HMAC;
423 i->
alg = VNET_CRYPTO_ALG_HMAC_SHA512;
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
u32 esp4_decrypt_tun_node_index
u32 ipsec_register_ah_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *ah4_encrypt_node_name, const char *ah4_decrypt_node_name, const char *ah6_encrypt_node_name, const char *ah6_decrypt_node_name, check_support_cb_t ah_check_support_cb, add_del_sa_sess_cb_t ah_add_del_sa_sess_cb)
u32 esp4_encrypt_next_index
ipsec_main_crypto_alg_t * crypto_algs
ipsec_per_thread_data_t * ptd
u32 esp6_decrypt_node_index
u8 vnet_get_feature_arc_index(const char *s)
u32 ah4_decrypt_next_index
vnet_main_t * vnet_get_main(void)
static void ipsec_add_node(vlib_main_t *vm, const char *node_name, const char *prev_node_name, u32 *out_node_index, u32 *out_next_index)
u32 esp4_decrypt_node_index
u32 vlib_frame_queue_main_init(u32 node_index, u32 frame_queue_nelts)
ipsec_integ_alg_t integ_alg
u32 ah6_decrypt_next_index
u32 esp6_decrypt_tun_node_index
u32 esp6_decrypt_next_index
u32 esp46_encrypt_tun_feature_index
u32 ah4_encrypt_next_index
u32 ah4_encrypt_node_index
u32 esp6_encrypt_node_index
vlib_node_registration_t ah6_encrypt_node
(constructor) VLIB_REGISTER_NODE (ah6_encrypt_node)
int ipsec_select_ah_backend(ipsec_main_t *im, u32 backend_idx)
u32 esp6_decrypt_tun_next_index
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
u32 ah6_decrypt_node_index
static uword vlib_node_add_next(vlib_main_t *vm, uword node, uword next_node)
vlib_node_registration_t esp4_encrypt_tun_node
(constructor) VLIB_REGISTER_NODE (esp4_encrypt_tun_node)
uword * spd_index_by_sw_if_index
int vnet_crypto_is_set_handler(vnet_crypto_alg_t alg)
u32 esp4_decrypt_tun_next_index
u32 esp4_enc_tun_fq_index
vlib_node_registration_t esp6_decrypt_tun_node
(constructor) VLIB_REGISTER_NODE (esp6_decrypt_tun_node)
u32 esp6_encrypt_next_index
static clib_error_t * ipsec_check_ah_support(ipsec_sa_t *sa)
u32 esp44_encrypt_tun_feature_index
u32 ah6_encrypt_node_index
vlib_node_registration_t ah6_decrypt_node
(constructor) VLIB_REGISTER_NODE (ah6_decrypt_node)
#define VLIB_INIT_FUNCTION(x)
u32 esp6_encrypt_node_index
u32 esp4_decrypt_next_index
u32 ah6_encrypt_next_index
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
u32 esp4_dec_tun_fq_index
u32 esp44_encrypt_tun_feature_index
#define clib_error_return(e, args...)
check_support_cb_t check_support_cb
vlib_node_registration_t esp4_decrypt_tun_node
(constructor) VLIB_REGISTER_NODE (esp4_decrypt_tun_node)
clib_error_t *(* add_del_sa_sess_cb_t)(u32 sa_index, u8 is_add)
#define vlib_call_init_function(vm, x)
u32 esp6_decrypt_node_index
u32 vnet_get_feature_index(u8 arc, const char *s)
static clib_error_t * vnet_feature_init(vlib_main_t *vm)
u32 ah4_decrypt_node_index
vlib_node_registration_t esp6_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp6_encrypt_node)
u32 error_drop_node_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
vlib_node_registration_t esp6_encrypt_tun_node
(constructor) VLIB_REGISTER_NODE (esp6_encrypt_tun_node)
u32 esp4_encrypt_node_index
clib_error_t * ipsec_check_support_cb(ipsec_main_t *im, ipsec_sa_t *sa)
vnet_crypto_op_id_t enc_op_id
u32 ah4_decrypt_next_index
u32 esp6_dec_tun_fq_index
clib_error_t * ipsec_rsc_in_use(ipsec_main_t *im)
u32 esp4_decrypt_tun_next_index
u32 ah4_enc_fq_index
Worker handoff.
u32 esp6_decrypt_tun_node_index
u32 esp64_encrypt_tun_feature_index
vlib_node_registration_t ah4_encrypt_node
(constructor) VLIB_REGISTER_NODE (ah4_encrypt_node)
u32 esp66_encrypt_tun_feature_index
u32 esp4_encrypt_node_index
uword * spd_index_by_spd_id
u32 ah4_decrypt_node_index
clib_error_t * ipsec_add_del_sa_sess_cb(ipsec_main_t *im, u32 sa_index, u8 is_add)
u32 ah6_encrypt_next_index
u32 ipsec_register_esp_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *esp4_encrypt_node_name, const char *esp4_encrypt_node_tun_name, const char *esp4_decrypt_node_name, const char *esp4_decrypt_tun_node_name, const char *esp6_encrypt_node_name, const char *esp6_encrypt_node_tun_name, const char *esp6_decrypt_node_name, const char *esp6_decrypt_tun_node_name, check_support_cb_t esp_check_support_cb, add_del_sa_sess_cb_t esp_add_del_sa_sess_cb)
u32 esp6_decrypt_tun_next_index
ipsec_ah_backend_t * ah_backends
u32 esp46_encrypt_tun_feature_index
clib_error_t * ipsec_cli_init(vlib_main_t *vm)
vlib_node_registration_t ah4_decrypt_node
(constructor) VLIB_REGISTER_NODE (ah4_decrypt_node)
u32 esp6_enc_tun_fq_index
u32 esp4_encrypt_next_index
vlib_node_registration_t esp4_encrypt_node
(constructor) VLIB_REGISTER_NODE (esp4_encrypt_node)
u32 ah4_encrypt_next_index
uword * sa_index_by_sa_id
u32 esp6_decrypt_next_index
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
vlib_main_t vlib_node_runtime_t * node
static clib_error_t * ipsec_init(vlib_main_t *vm)
u32 esp6_encrypt_next_index
static clib_error_t * ipsec_check_esp_support(ipsec_sa_t *sa)
clib_error_t *(* check_support_cb_t)(ipsec_sa_t *sa)
#define hash_create(elts, value_bytes)
vnet_crypto_op_id_t op_id
u32 ah4_encrypt_node_index
ipsec_main_integ_alg_t * integ_algs
u32 esp4_decrypt_node_index
u32 esp64_encrypt_tun_feature_index
ipsec_protocol_t protocol
add_del_sa_sess_cb_t add_del_sa_sess_cb
vnet_crypto_op_id_t dec_op_id
u32 ah6_decrypt_node_index
u32 esp66_encrypt_tun_feature_index
u32 ah6_encrypt_node_index
u32 ah6_decrypt_next_index
check_support_cb_t check_support_cb
u32 esp4_decrypt_tun_node_index
void ipsec_add_feature(const char *arc_name, const char *node_name, u32 *out_feature_index)
u32 esp4_decrypt_next_index
ipsec_crypto_alg_t crypto_alg
static u32 vlib_num_workers()
add_del_sa_sess_cb_t add_del_sa_sess_cb
ipsec_esp_backend_t * esp_backends
#define CLIB_CACHE_LINE_BYTES
vlib_node_registration_t esp6_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp6_decrypt_node)
vlib_node_registration_t esp4_decrypt_node
(constructor) VLIB_REGISTER_NODE (esp4_decrypt_node)
static uword pool_elts(void *v)
Number of active elements in a pool.