da/d5d/ikev2__priv_8h_source.html

 /*
  * Copyright (c) 2015 Cisco and/or its affiliates.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 #ifndef __included_ikev2_priv_h__
 #define __included_ikev2_priv_h__

 #include <vnet/vnet.h>
 #include <vnet/ip/ip.h>
 #include <vnet/ethernet/ethernet.h>

 #include <plugins/ikev2/ikev2.h>

 #include <vppinfra/hash.h>
 #include <vppinfra/elog.h>
 #include <vppinfra/error.h>

 #include <openssl/rand.h>
 #include <openssl/dh.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>

 #define foreach_ikev2_log_level \
   _(0x00, LOG_NONE)             \
   _(0x01, LOG_ERROR)            \
   _(0x02, LOG_WARNING)          \
   _(0x03, LOG_INFO)             \
   _(0x04, LOG_DEBUG)            \
   _(0x05, LOG_DETAIL)           \


 typedef enum ikev2_log_level_t_
 {
 #define _(n,f) IKEV2_##f = n,
   foreach_ikev2_log_level
 #undef _
   IKEV2_LOG_MAX
 } ikev2_log_level_t;

 /* dataplane logging */
 #define _ikev2_elog(_level, _msg)                                             \
 do {                                                                          \
   ikev2_main_t *km = &ikev2_main;                                             \
   if (PREDICT_FALSE (km->log_level >= _level))                                \
     {                                                                         \
       ELOG_TYPE_DECLARE (e) =                                                 \
         {                                                                     \
           .format = "ikev2 " _msg,                                            \
           .format_args = "",                                                  \
         };                                                                    \
       ELOG_DATA (&vlib_global_main.elog_main, e);                             \
     }                                                                         \
 } while (0)

 #define ikev2_elog_sa_state(_format, _ispi)                                   \
 do {                                                                          \
   ikev2_main_t *km = &ikev2_main;                                             \
   if (PREDICT_FALSE (km->log_level >= IKEV2_LOG_DEBUG))                       \
     {                                                                         \
       ELOG_TYPE_DECLARE (e) =                                                 \
         {                                                                     \
           .format = "ikev2: " _format,                                        \
           .format_args = "i8",                                                \
         };                                                                    \
       CLIB_PACKED(struct                                                      \
         {                                                                     \
           u64 ispi;                                                           \
         }) *ed;                                                               \
       ed = ELOG_DATA (&vlib_global_main.elog_main, e);                        \
       ed->ispi = _ispi;                                                       \
     }                                                                         \
 } while (0)                                                                   \

 #define ikev2_elog_exchange(_format, _ispi, _rspi, _addr)                     \
 do {                                                                          \
   ikev2_main_t *km = &ikev2_main;                                             \
   if (PREDICT_FALSE (km->log_level >= IKEV2_LOG_DEBUG))                       \
     {                                                                         \
       ELOG_TYPE_DECLARE (e) =                                                 \
         {                                                                     \
           .format = "ikev2: " _format,                                        \
           .format_args = "i8i8i1i1i1i1",                                      \
         };                                                                    \
       CLIB_PACKED(struct                                                      \
         {                                                                     \
           u64 ispi;                                                           \
           u64 rspi;                                                           \
           u8 oct1;                                                            \
           u8 oct2;                                                            \
           u8 oct3;                                                            \
           u8 oct4;                                                            \
         }) *ed;                                                               \
       ed = ELOG_DATA (&vlib_global_main.elog_main, e);                        \
       ed->ispi = _ispi;                                                       \
       ed->rspi = _rspi;                                                       \
       ed->oct4 = (_addr) >> 24;                                               \
       ed->oct3 = (_addr) >> 16;                                               \
       ed->oct2 = (_addr) >> 8;                                                \
       ed->oct1 = (_addr);                                                     \
     }                                                                         \
 } while (0)                                                                   \

 #define ikev2_elog_uint(_level, _format, _val)                                \
 do {                                                                          \
   ikev2_main_t *km = &ikev2_main;                                             \
   if (PREDICT_FALSE (km->log_level >= _level))                                \
     {                                                                         \
       ELOG_TYPE_DECLARE (e) =                                                 \
         {                                                                     \
           .format = "ikev2: " _format,                                        \
           .format_args = "i8",                                                \
         };                                                                    \
       CLIB_PACKED(struct                                                      \
         {                                                                     \
           u64 val;                                                            \
         }) *ed;                                                               \
       ed = ELOG_DATA (&vlib_global_main.elog_main, e);                        \
       ed->val = _val;                                                         \
     }                                                                         \
 } while (0)

 #define ikev2_elog_uint_peers(_level, _format, _val, _ip1, _ip2)              \
 do {                                                                          \
   ikev2_main_t *km = &ikev2_main;                                             \
   if (PREDICT_FALSE (km->log_level >= _level))                                \
     {                                                                         \
       ELOG_TYPE_DECLARE (e) =                                                 \
         {                                                                     \
           .format = "ikev2: " _format,                                        \
           .format_args = "i8i1i1i1i1i1i1i1i1",                                \
         };                                                                    \
       CLIB_PACKED(struct {                                                    \
         u64 val;                                                              \
         u8 i11; u8 i12; u8 i13; u8 i14;                                       \
         u8 i21; u8 i22; u8 i23; u8 i24; }) *ed;                               \
       ed = ELOG_DATA (&vlib_global_main.elog_main, e);                        \
       ed->val = _val;                                                         \
       ed->i14 = (_ip1) >> 24;                                                 \
       ed->i13 = (_ip1) >> 16;                                                 \
       ed->i12 = (_ip1) >> 8;                                                  \
       ed->i11 = (_ip1);                                                       \
       ed->i24 = (_ip2) >> 24;                                                 \
       ed->i23 = (_ip2) >> 16;                                                 \
       ed->i22 = (_ip2) >> 8;                                                  \
       ed->i21 = (_ip2);                                                       \
     }                                                                         \
 } while (0)

 #define ikev2_elog_peers(_level, _format, _ip1, _ip2)                         \
 do {                                                                          \
   ikev2_main_t *km = &ikev2_main;                                             \
   if (PREDICT_FALSE (km->log_level >= _level))                                \
     {                                                                         \
       ELOG_TYPE_DECLARE (e) =                                                 \
         {                                                                     \
           .format = "ikev2: " _format,                                        \
           .format_args = "i1i1i1i1i1i1i1i1",                                  \
         };                                                                    \
       CLIB_PACKED(struct {                                                    \
         u8 i11; u8 i12; u8 i13; u8 i14;                                       \
         u8 i21; u8 i22; u8 i23; u8 i24; }) *ed;                               \
       ed = ELOG_DATA (&vlib_global_main.elog_main, e);                        \
       ed->i14 = (_ip1) >> 24;                                                 \
       ed->i13 = (_ip1) >> 16;                                                 \
       ed->i12 = (_ip1) >> 8;                                                  \
       ed->i11 = (_ip1);                                                       \
       ed->i24 = (_ip2) >> 24;                                                 \
       ed->i23 = (_ip2) >> 16;                                                 \
       ed->i22 = (_ip2) >> 8;                                                  \
       ed->i21 = (_ip2);                                                       \
     }                                                                         \
 } while (0)

 #define ikev2_elog_error(_msg) \
   _ikev2_elog(IKEV2_LOG_ERROR, "[error] " _msg)
 #define ikev2_elog_warning(_msg) \
   _ikev2_elog(IKEV2_LOG_WARNING, "[warning] " _msg)
 #define ikev2_elog_debug(_msg) \
   _ikev2_elog(IKEV2_LOG_DEBUG, "[debug] " _msg)
 #define ikev2_elog_detail(_msg) \
   _ikev2_elog(IKEV2_LOG_DETAIL, "[detail] " _msg)

 /* logging for main thread */
 #define ikev2_log_error(...) \
   vlib_log(VLIB_LOG_LEVEL_ERR, ikev2_main.log_class, __VA_ARGS__)
 #define ikev2_log_warning(...) \
   vlib_log(VLIB_LOG_LEVEL_WARNING, ikev2_main.log_class, __VA_ARGS__)
 #define ikev2_log_debug(...) \
   vlib_log(VLIB_LOG_LEVEL_DEBUG, ikev2_main.log_class, __VA_ARGS__)

 typedef enum
 {
   IKEV2_STATE_UNKNOWN,
   IKEV2_STATE_SA_INIT,
   IKEV2_STATE_DELETED,
   IKEV2_STATE_AUTH_FAILED,
   IKEV2_STATE_AUTHENTICATED,
   IKEV2_STATE_NOTIFY_AND_DELETE,
   IKEV2_STATE_TS_UNACCEPTABLE,
   IKEV2_STATE_NO_PROPOSAL_CHOSEN,
 } ikev2_state_t;

 typedef struct
 {
   ikev2_auth_method_t method:8;
   u8 *data;
   u8 hex;                       /* hex encoding of the shared secret */
   EVP_PKEY *key;
 } ikev2_auth_t;

 typedef enum
 {
   IKEV2_DH_GROUP_MODP = 0,
   IKEV2_DH_GROUP_ECP = 1,
 } ikev2_dh_group_t;

 typedef struct
 {
   ikev2_transform_type_t type;
   union
   {
     u16 transform_id;
     ikev2_transform_encr_type_t encr_type:16;
     ikev2_transform_prf_type_t prf_type:16;
     ikev2_transform_integ_type_t integ_type:16;
     ikev2_transform_dh_type_t dh_type:16;
     ikev2_transform_esn_type_t esn_type:16;
   };
   u8 *attrs;
   u16 key_len;
   u16 key_trunc;
   u16 block_size;
   u8 dh_group;
   int nid;
   const char *dh_p;
   const char *dh_g;
   const void *md;
   const void *cipher;
 } ikev2_sa_transform_t;

 typedef struct
 {
   u8 proposal_num;
   ikev2_protocol_id_t protocol_id:8;
   u32 spi;
   ikev2_sa_transform_t *transforms;
 } ikev2_sa_proposal_t;

 typedef struct
 {
   u8 ts_type;
   u8 protocol_id;
   u16 selector_len;
   u16 start_port;
   u16 end_port;
   ip4_address_t start_addr;
   ip4_address_t end_addr;
 } ikev2_ts_t;

 typedef struct
 {
   u32 sw_if_index;
   ip4_address_t ip4;
 } ikev2_responder_t;

 typedef struct
 {
   ikev2_transform_encr_type_t crypto_alg;
   ikev2_transform_integ_type_t integ_alg;
   ikev2_transform_dh_type_t dh_type;
   u32 crypto_key_size;
 } ikev2_transforms_set;


 typedef struct
 {
   ikev2_id_type_t type:8;
   u8 *data;
 } ikev2_id_t;

 typedef struct
 {
   /* sa proposals vectors */
   ikev2_sa_proposal_t *i_proposals;
   ikev2_sa_proposal_t *r_proposals;

   /* Traffic Selectors */
   ikev2_ts_t *tsi;
   ikev2_ts_t *tsr;

   /* keys */
   u8 *sk_ai;
   u8 *sk_ar;
   u8 *sk_ei;
   u8 *sk_er;
   u32 salt_ei;
   u32 salt_er;

   /* installed data */
   u32 local_sa_id;
   u32 remote_sa_id;

   /* lifetime data */
   f64 time_to_expiration;
   u8 is_expired;
   i8 rekey_retries;
 } ikev2_child_sa_t;

 typedef struct
 {
   u8 protocol_id;
   u32 spi;                      /*for ESP and AH SPI size is 4, for IKE size is 0 */
 } ikev2_delete_t;

 typedef struct
 {
   u8 protocol_id;
   u32 spi;
   u32 ispi;
   ikev2_sa_proposal_t *i_proposal;
   ikev2_sa_proposal_t *r_proposal;
   ikev2_ts_t *tsi;
   ikev2_ts_t *tsr;
 } ikev2_rekey_t;

 typedef struct
 {
   u16 msg_type;
   u8 protocol_id;
   u32 spi;
   u8 *data;
 } ikev2_notify_t;

 typedef struct
 {
   u8 *name;
   u8 is_enabled;

   ikev2_auth_t auth;
   ikev2_id_t loc_id;
   ikev2_id_t rem_id;
   ikev2_ts_t loc_ts;
   ikev2_ts_t rem_ts;
   ikev2_responder_t responder;
   ikev2_transforms_set ike_ts;
   ikev2_transforms_set esp_ts;
   u64 lifetime;
   u64 lifetime_maxdata;
   u32 lifetime_jitter;
   u32 handover;
   u16 dst_port;

   u32 tun_itf;
   u8 udp_encap;
 } ikev2_profile_t;

 typedef struct
 {
   ikev2_state_t state;
   u8 unsupported_cp;
   u8 initial_contact;
   ip4_address_t iaddr;
   ip4_address_t raddr;
   u64 ispi;
   u64 rspi;
   u8 *i_nonce;
   u8 *r_nonce;

   /* DH data */
   u16 dh_group;
   u8 *dh_shared_key;
   u8 *dh_private_key;
   u8 *i_dh_data;
   u8 *r_dh_data;

   /* sa proposals vectors */
   ikev2_sa_proposal_t *i_proposals;
   ikev2_sa_proposal_t *r_proposals;

   /* keys */
   u8 *sk_d;
   u8 *sk_ai;
   u8 *sk_ar;
   u8 *sk_ei;
   u8 *sk_er;
   u8 *sk_pi;
   u8 *sk_pr;

   /* auth */
   ikev2_auth_t i_auth;
   ikev2_auth_t r_auth;

   /* ID */
   ikev2_id_t i_id;
   ikev2_id_t r_id;

   /* pending deletes */
   ikev2_delete_t *del;

   /* pending rekeyings */
   ikev2_rekey_t *rekey;

   /* packet data */
   u8 *last_sa_init_req_packet_data;
   u8 *last_sa_init_res_packet_data;

   /* retransmit */
   u32 last_msg_id;
   u8 *last_res_packet_data;

   u8 is_initiator;
   u32 last_init_msg_id;
   u8 is_profile_index_set;
   u32 profile_index;
   u8 is_tun_itf_set;
   u32 tun_itf;
   u8 udp_encap;
   u16 dst_port;

   f64 old_id_expiration;
   u32 current_remote_id_mask;
   u32 old_remote_id;
   u8 old_remote_id_present;
   u8 init_response_received;

   ikev2_child_sa_t *childs;

   u8 liveness_retries;
   f64 liveness_period_check;
 } ikev2_sa_t;


 typedef struct
 {
   CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);

   /* pool of IKEv2 Security Associations */
   ikev2_sa_t *sas;

   /* hash */
   uword *sa_by_rspi;
 } ikev2_main_per_thread_data_t;

 typedef struct
 {
   /* pool of IKEv2 profiles */
   ikev2_profile_t *profiles;

   /* vector of supported transform types */
   ikev2_sa_transform_t *supported_transforms;

   /* hash */
   mhash_t profile_index_by_name;

   /* local private key */
   EVP_PKEY *pkey;

   /* convenience */
   vlib_main_t *vlib_main;
   vnet_main_t *vnet_main;

   /* pool of IKEv2 Security Associations created in initiator mode */
   ikev2_sa_t *sais;
   /* hash */
   uword *sa_by_ispi;

   ikev2_main_per_thread_data_t *per_thread_data;

   /* interface indices managed by IKE */
   uword *sw_if_indices;

   /* API message ID base */
   u16 msg_id_base;

   /* log class used for main thread */
   vlib_log_class_t log_class;

   /* logging level */
   ikev2_log_level_t log_level;

   /* custom ipsec-over-udp ports managed by ike */
   uword *udp_ports;

   /* how often a liveness check will be performed */
   u32 liveness_period;

   /* max number of retries before considering peer dead */
   u32 liveness_max_retries;
 } ikev2_main_t;

 extern ikev2_main_t ikev2_main;

 void ikev2_sa_free_proposal_vector (ikev2_sa_proposal_t ** v);
 ikev2_sa_transform_t *ikev2_sa_get_td_for_type (ikev2_sa_proposal_t * p,
                                                 ikev2_transform_type_t type);

 /* ikev2_crypto.c */
 v8 *ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data);
 u8 *ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed,
                         int len);
 v8 *ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data,
                        int len);
 v8 *ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len);
 int ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst);
 void ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t);
 void ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t);
 int ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data);
 u8 *ikev2_calc_sign (EVP_PKEY * pkey, u8 * data);
 EVP_PKEY *ikev2_load_cert_file (u8 * file);
 EVP_PKEY *ikev2_load_key_file (u8 * file);
 void ikev2_crypto_init (ikev2_main_t * km);

 /* ikev2_payload.c */
 typedef struct
 {
   u8 first_payload_type;
   u16 last_hdr_off;
   u8 *data;
 } ikev2_payload_chain_t;

 #define ikev2_payload_new_chain(V) vec_validate (V, 0)
 #define ikev2_payload_destroy_chain(V) do { \
   vec_free((V)->data);                 \
   vec_free(V);                         \
 } while (0)

 void ikev2_payload_add_notify (ikev2_payload_chain_t * c, u16 msg_type,
                                u8 * data);
 void ikev2_payload_add_notify_2 (ikev2_payload_chain_t * c, u16 msg_type,
                                  u8 * data, ikev2_notify_t * notify);
 void ikev2_payload_add_sa (ikev2_payload_chain_t * c,
                            ikev2_sa_proposal_t * proposals);
 void ikev2_payload_add_ke (ikev2_payload_chain_t * c, u16 dh_group,
                            u8 * dh_data);
 void ikev2_payload_add_nonce (ikev2_payload_chain_t * c, u8 * nonce);
 void ikev2_payload_add_id (ikev2_payload_chain_t * c, ikev2_id_t * id,
                            u8 type);
 void ikev2_payload_add_auth (ikev2_payload_chain_t * c, ikev2_auth_t * auth);
 void ikev2_payload_add_ts (ikev2_payload_chain_t * c, ikev2_ts_t * ts,
                            u8 type);
 void ikev2_payload_add_delete (ikev2_payload_chain_t * c, ikev2_delete_t * d);
 void ikev2_payload_chain_add_padding (ikev2_payload_chain_t * c, int bs);
 void ikev2_parse_vendor_payload (ike_payload_header_t * ikep);
 ikev2_sa_proposal_t *ikev2_parse_sa_payload (ike_payload_header_t * ikep);
 ikev2_ts_t *ikev2_parse_ts_payload (ike_payload_header_t * ikep);
 ikev2_delete_t *ikev2_parse_delete_payload (ike_payload_header_t * ikep);
 ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep);
 int ikev2_set_log_level (ikev2_log_level_t log_level);
 #endif /* __included_ikev2_priv_h__ */


 /*
  * fd.io coding-style-patch-verification: ON
  *
  * Local Variables:
  * eval: (c-set-style "gnu")
  * End:
  */
ikev2_main_t::per_thread_data
ikev2_main_per_thread_data_t * per_thread_data
Definition: ikev2_priv.h:477

ikev2_payload_chain_t
Definition: ikev2_priv.h:524

ikev2_auth_t
Definition: ikev2_priv.h:213

ikev2_main_t::liveness_period
u32 liveness_period
Definition: ikev2_priv.h:495

ikev2_sa_t::dh_shared_key
u8 * dh_shared_key
Definition: ikev2_priv.h:381

ikev2_main_t::sais
ikev2_sa_t * sais
Definition: ikev2_priv.h:473

ikev2_profile_t
Definition: ikev2_priv.h:344

mhash_t
Definition: mhash.h:46

ikev2_profile_t::dst_port
u16 dst_port
Definition: ikev2_priv.h:361

ikev2_sa_t::dh_private_key
u8 * dh_private_key
Definition: ikev2_priv.h:382

ikev2_sa_transform_t::type
ikev2_transform_type_t type
Definition: ikev2_priv.h:229

ikev2_payload_add_sa
void ikev2_payload_add_sa(ikev2_payload_chain_t *c, ikev2_sa_proposal_t *proposals)
Definition: ikev2_payload.c:161

ikev2_notify_t::msg_type
u16 msg_type
Definition: ikev2_priv.h:338

CLIB_CACHE_LINE_ALIGN_MARK
#define CLIB_CACHE_LINE_ALIGN_MARK(mark)
Definition: cache.h:60

ikev2_child_sa_t::local_sa_id
u32 local_sa_id
Definition: ikev2_priv.h:310

ikev2_sa_t::r_id
ikev2_id_t r_id
Definition: ikev2_priv.h:405

IKEV2_STATE_SA_INIT
Definition: ikev2_priv.h:204

ikev2_id_t::type
ikev2_id_type_t type
Definition: ikev2_priv.h:287

ikev2_profile_t::ike_ts
ikev2_transforms_set ike_ts
Definition: ikev2_priv.h:355

ikev2_sa_t::old_remote_id
u32 old_remote_id
Definition: ikev2_priv.h:432

ikev2_payload_add_notify
void ikev2_payload_add_notify(ikev2_payload_chain_t *c, u16 msg_type, u8 *data)
Definition: ikev2_payload.c:133

ikev2_profile_t::lifetime
u64 lifetime
Definition: ikev2_priv.h:357

ikev2_transform_integ_type_t
ikev2_transform_integ_type_t
Definition: ikev2.h:268

ikev2_sa_t::dst_port
u16 dst_port
Definition: ikev2_priv.h:428

IKEV2_DH_GROUP_ECP
Definition: ikev2_priv.h:224

ikev2_main_t::pkey
EVP_PKEY * pkey
Definition: ikev2_priv.h:466

ikev2_calc_prfplus
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:287

ikev2_auth_method_t
ikev2_auth_method_t
Definition: ikev2.h:340

ikev2_child_sa_t
Definition: ikev2_priv.h:291

ikev2_sa_t::last_init_msg_id
u32 last_init_msg_id
Definition: ikev2_priv.h:422

ikev2_sa_get_td_for_type
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:197

ikev2_transforms_set::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:280

ikev2_main_t::profiles
ikev2_profile_t * profiles
Definition: ikev2_priv.h:457

u64
unsigned long u64
Definition: types.h:89

ikev2_id_t
Definition: ikev2_priv.h:285

v8
u8 v8
Definition: ikev2.h:27

ikev2_sa_t::current_remote_id_mask
u32 current_remote_id_mask
Definition: ikev2_priv.h:431

ikev2_sa_transform_t::block_size
u16 block_size
Definition: ikev2_priv.h:242

ikev2_ts_t
Definition: ikev2_priv.h:259

ikev2_rekey_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:327

ikev2_sa_transform_t::esn_type
ikev2_transform_esn_type_t esn_type
Definition: ikev2_priv.h:237

ikev2_sa_proposal_t::spi
u32 spi
Definition: ikev2_priv.h:255

ikev2_sa_t::state
ikev2_state_t state
Definition: ikev2_priv.h:369

ikev2_transforms_set::crypto_key_size
u32 crypto_key_size
Definition: ikev2_priv.h:281

src
vl_api_address_t src
Definition: gre.api:54

ikev2_transforms_set::crypto_alg
ikev2_transform_encr_type_t crypto_alg
Definition: ikev2_priv.h:278

ikev2_sa_t::sk_pi
u8 * sk_pi
Definition: ikev2_priv.h:396

ikev2_main
ikev2_main_t ikev2_main
Definition: ikev2.c:35

ikev2_responder_t::ip4
ip4_address_t ip4
Definition: ikev2_priv.h:273

ikev2_profile_t::lifetime_maxdata
u64 lifetime_maxdata
Definition: ikev2_priv.h:358

ikev2_sa_t::initial_contact
u8 initial_contact
Definition: ikev2_priv.h:371

ikev2_rekey_t::tsi
ikev2_ts_t * tsi
Definition: ikev2_priv.h:332

IKEV2_STATE_NO_PROPOSAL_CHOSEN
Definition: ikev2_priv.h:210

ikev2_payload_add_id
void ikev2_payload_add_id(ikev2_payload_chain_t *c, ikev2_id_t *id, u8 type)
Definition: ikev2_payload.c:234

ikev2_sa_t::r_auth
ikev2_auth_t r_auth
Definition: ikev2_priv.h:401

ip.h

ikev2_auth_t::hex
u8 hex
Definition: ikev2_priv.h:217

ikev2_sa_t::last_sa_init_res_packet_data
u8 * last_sa_init_res_packet_data
Definition: ikev2_priv.h:415

u8
unsigned char u8
Definition: types.h:56

hash.h

ikev2_sa_t::init_response_received
u8 init_response_received
Definition: ikev2_priv.h:434

ikev2_profile_t::auth
ikev2_auth_t auth
Definition: ikev2_priv.h:349

ikev2_sa_transform_t::nid
int nid
Definition: ikev2_priv.h:244

f64
double f64
Definition: types.h:142

ikev2_rekey_t::tsr
ikev2_ts_t * tsr
Definition: ikev2_priv.h:333

ikev2_parse_ts_payload
ikev2_ts_t * ikev2_parse_ts_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:401

ikev2_profile_t::rem_id
ikev2_id_t rem_id
Definition: ikev2_priv.h:351

ikev2_sa_t::sk_d
u8 * sk_d
Definition: ikev2_priv.h:391

ikev2_transform_dh_type_t
ikev2_transform_dh_type_t
Definition: ikev2.h:318

log_level
log_level
Definition: vpe_types.api:32

ikev2_load_cert_file
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:797

ikev2_main_t
Definition: ikev2_priv.h:454

ikev2_payload_add_ts
void ikev2_payload_add_ts(ikev2_payload_chain_t *c, ikev2_ts_t *ts, u8 type)
Definition: ikev2_payload.c:290

vlib_log_class_t
u32 vlib_log_class_t
Definition: vlib.h:51

ikev2_child_sa_t::is_expired
u8 is_expired
Definition: ikev2_priv.h:315

ikev2_sa_t::last_msg_id
u32 last_msg_id
Definition: ikev2_priv.h:418

ikev2_ts_t::ts_type
u8 ts_type
Definition: ikev2_priv.h:261

IKEV2_STATE_UNKNOWN
Definition: ikev2_priv.h:203

ikev2_child_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:295

ikev2_payload_chain_t::first_payload_type
u8 first_payload_type
Definition: ikev2_priv.h:526

ikev2_profile_t::lifetime_jitter
u32 lifetime_jitter
Definition: ikev2_priv.h:359

ikev2_sa_transform_t::transform_id
u16 transform_id
Definition: ikev2_priv.h:232

ikev2_main_t::liveness_max_retries
u32 liveness_max_retries
Definition: ikev2_priv.h:498

ikev2_ts_t::start_addr
ip4_address_t start_addr
Definition: ikev2_priv.h:266

ikev2_profile_t::tun_itf
u32 tun_itf
Definition: ikev2_priv.h:363

ikev2_ts_t::selector_len
u16 selector_len
Definition: ikev2_priv.h:263

ikev2_delete_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:321

ikev2_load_key_file
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:827

ikev2.h

ikev2_sa_t::i_proposals
ikev2_sa_proposal_t * i_proposals
Definition: ikev2_priv.h:387

ikev2_main_t::sw_if_indices
uword * sw_if_indices
Definition: ikev2_priv.h:480

ikev2_main_per_thread_data_t::sas
ikev2_sa_t * sas
Definition: ikev2_priv.h:448

ikev2_verify_sign
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:734

ikev2_id_t::data
u8 * data
Definition: ikev2_priv.h:288

ikev2_transforms_set::integ_alg
ikev2_transform_integ_type_t integ_alg
Definition: ikev2_priv.h:279

u32
unsigned int u32
Definition: types.h:88

ikev2_sa_t::i_auth
ikev2_auth_t i_auth
Definition: ikev2_priv.h:400

ikev2_child_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:305

ikev2_sa_proposal_t::proposal_num
u8 proposal_num
Definition: ikev2_priv.h:253

ikev2_transforms_set
Definition: ikev2_priv.h:276

ikev2_profile_t::loc_id
ikev2_id_t loc_id
Definition: ikev2_priv.h:350

ikev2_sa_proposal_t::transforms
ikev2_sa_transform_t * transforms
Definition: ikev2_priv.h:256

ikev2_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:393

ikev2_child_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:303

ikev2_responder_t
Definition: ikev2_priv.h:270

ikev2_sa_t::r_dh_data
u8 * r_dh_data
Definition: ikev2_priv.h:384

ikev2_profile_t::responder
ikev2_responder_t responder
Definition: ikev2_priv.h:354

type
vl_api_fib_path_type_t type
Definition: fib_types.api:123

ip4_address_t
Definition: ip4_packet.h:49

ethernet.h

ikev2_sa_t::last_sa_init_req_packet_data
u8 * last_sa_init_req_packet_data
Definition: ikev2_priv.h:414

ikev2_set_log_level
int ikev2_set_log_level(ikev2_log_level_t log_level)
Definition: ikev2.c:3846

ikev2_profile_t::rem_ts
ikev2_ts_t rem_ts
Definition: ikev2_priv.h:353

ikev2_child_sa_t::salt_er
u32 salt_er
Definition: ikev2_priv.h:307

ikev2_sa_t::i_dh_data
u8 * i_dh_data
Definition: ikev2_priv.h:383

u16
unsigned short u16
Definition: types.h:57

ikev2_child_sa_t::i_proposals
ikev2_sa_proposal_t * i_proposals
Definition: ikev2_priv.h:294

ikev2_sa_t::r_nonce
u8 * r_nonce
Definition: ikev2_priv.h:377

IKEV2_DH_GROUP_MODP
Definition: ikev2_priv.h:223

ikev2_main_t::profile_index_by_name
mhash_t profile_index_by_name
Definition: ikev2_priv.h:463

ikev2_ts_t::end_port
u16 end_port
Definition: ikev2_priv.h:265

ikev2_main_t::supported_transforms
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:460

ikev2_main_per_thread_data_t::sa_by_rspi
uword * sa_by_rspi
Definition: ikev2_priv.h:451

ikev2_sa_t::rekey
ikev2_rekey_t * rekey
Definition: ikev2_priv.h:411

ikev2_sa_transform_t::dh_group
u8 dh_group
Definition: ikev2_priv.h:243

ikev2_payload_chain_add_padding
void ikev2_payload_chain_add_padding(ikev2_payload_chain_t *c, int bs)
Definition: ikev2_payload.c:321

ikev2_sa_transform_t
Definition: ikev2_priv.h:227

i8
signed char i8
Definition: types.h:45

ikev2_protocol_id_t
ikev2_protocol_id_t
Definition: ikev2.h:107

ikev2_auth_t::data
u8 * data
Definition: ikev2_priv.h:216

dst
vl_api_address_t dst
Definition: gre.api:55

ikev2_ts_t::end_addr
ip4_address_t end_addr
Definition: ikev2_priv.h:267

ikev2_sa_t::rspi
u64 rspi
Definition: ikev2_priv.h:375

ikev2_sa_t::iaddr
ip4_address_t iaddr
Definition: ikev2_priv.h:372

ikev2_calc_sign
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:763

ikev2_calc_prf
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:257

vnet.h

ikev2_sa_t::i_nonce
u8 * i_nonce
Definition: ikev2_priv.h:376

len
u8 len
Definition: ip_types.api:92

ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:394

ikev2_sa_t::old_remote_id_present
u8 old_remote_id_present
Definition: ikev2_priv.h:433

ikev2_parse_delete_payload
ikev2_delete_t * ikev2_parse_delete_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:470

elog.h
The fine-grained event logger allows lightweight, thread-safe event logging at minimum cost...

ikev2_profile_t::udp_encap
u8 udp_encap
Definition: ikev2_priv.h:364

ikev2_sa_transform_t::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:236

c
svmdb_client_t * c
Definition: vpp_get_metrics.c:49

ikev2_sa_t
Definition: ikev2_priv.h:367

ikev2_parse_sa_payload
ikev2_sa_proposal_t * ikev2_parse_sa_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:330

ikev2_auth_t::method
ikev2_auth_method_t method
Definition: ikev2_priv.h:215

ikev2_transform_encr_type_t
ikev2_transform_encr_type_t
Definition: ikev2.h:227

ikev2_sa_t::del
ikev2_delete_t * del
Definition: ikev2_priv.h:408

ikev2_child_sa_t::tsi
ikev2_ts_t * tsi
Definition: ikev2_priv.h:298

ikev2_decrypt_data
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
Definition: ikev2_crypto.c:373

IKEV2_STATE_AUTH_FAILED
Definition: ikev2_priv.h:206

ikev2_payload_add_nonce
void ikev2_payload_add_nonce(ikev2_payload_chain_t *c, u8 *nonce)
Definition: ikev2_payload.c:226

IKEV2_STATE_NOTIFY_AND_DELETE
Definition: ikev2_priv.h:208

ikev2_sa_t::raddr
ip4_address_t raddr
Definition: ikev2_priv.h:373

ikev2_child_sa_t::salt_ei
u32 salt_ei
Definition: ikev2_priv.h:306

ikev2_main_t::udp_ports
uword * udp_ports
Definition: ikev2_priv.h:492

ikev2_child_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:304

ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:395

ikev2_sa_t::is_initiator
u8 is_initiator
Definition: ikev2_priv.h:421

ikev2_sa_transform_t::cipher
const void * cipher
Definition: ikev2_priv.h:248

ikev2_notify_t::data
u8 * data
Definition: ikev2_priv.h:341

ikev2_profile_t::loc_ts
ikev2_ts_t loc_ts
Definition: ikev2_priv.h:352

ikev2_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:388

IKEV2_STATE_AUTHENTICATED
Definition: ikev2_priv.h:207

ikev2_child_sa_t::rekey_retries
i8 rekey_retries
Definition: ikev2_priv.h:316

ikev2_sa_t::old_id_expiration
f64 old_id_expiration
Definition: ikev2_priv.h:430

ikev2_log_level_t
enum ikev2_log_level_t_ ikev2_log_level_t

vnet_main_t
Definition: vnet.h:51

ikev2_sa_proposal_t::protocol_id
ikev2_protocol_id_t protocol_id
Definition: ikev2_priv.h:254

ikev2_ts_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:262

ikev2_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ikev2_priv.h:470

ikev2_id_type_t
ikev2_id_type_t
Definition: ikev2.h:356

ikev2_parse_notify_payload
ikev2_notify_t * ikev2_parse_notify_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:428

data
u8 data[128]
Definition: ipsec_types.api:89

ikev2_sa_t::liveness_period_check
f64 liveness_period_check
Definition: ikev2_priv.h:439

ikev2_complete_dh
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:627

ikev2_payload_chain_t::last_hdr_off
u16 last_hdr_off
Definition: ikev2_priv.h:527

ikev2_main_per_thread_data_t
Definition: ikev2_priv.h:443

ikev2_transform_esn_type_t
ikev2_transform_esn_type_t
Definition: ikev2.h:329

ikev2_rekey_t
Definition: ikev2_priv.h:325

ikev2_rekey_t::r_proposal
ikev2_sa_proposal_t * r_proposal
Definition: ikev2_priv.h:331

ikev2_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:392

IKEV2_LOG_MAX
Definition: ikev2_priv.h:47

ikev2_calc_integr
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:329

ikev2_profile_t::handover
u32 handover
Definition: ikev2_priv.h:360

ikev2_sa_proposal_t
Definition: ikev2_priv.h:251

ikev2_rekey_t::spi
u32 spi
Definition: ikev2_priv.h:328

ikev2_sa_t::dh_group
u16 dh_group
Definition: ikev2_priv.h:380

ikev2_sa_t::is_tun_itf_set
u8 is_tun_itf_set
Definition: ikev2_priv.h:425

ikev2_delete_t::spi
u32 spi
Definition: ikev2_priv.h:322

ikev2_child_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:302

ikev2_main_t::log_level
ikev2_log_level_t log_level
Definition: ikev2_priv.h:489

ikev2_notify_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:339

ikev2_rekey_t::i_proposal
ikev2_sa_proposal_t * i_proposal
Definition: ikev2_priv.h:330

ikev2_sa_transform_t::dh_p
const char * dh_p
Definition: ikev2_priv.h:245

ikev2_auth_t::key
EVP_PKEY * key
Definition: ikev2_priv.h:218

ikev2_sa_t::liveness_retries
u8 liveness_retries
Definition: ikev2_priv.h:438

ikev2_dh_group_t
ikev2_dh_group_t
Definition: ikev2_priv.h:221

ikev2_sa_transform_t::md
const void * md
Definition: ikev2_priv.h:247

ikev2_crypto_init
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:849

ikev2_payload_chain_t::data
u8 * data
Definition: ikev2_priv.h:528

key
typedef key
Definition: ipsec_types.api:85

ikev2_sa_transform_t::encr_type
ikev2_transform_encr_type_t encr_type
Definition: ikev2_priv.h:233

ikev2_sa_t::last_res_packet_data
u8 * last_res_packet_data
Definition: ikev2_priv.h:419

ikev2_sa_transform_t::attrs
u8 * attrs
Definition: ikev2_priv.h:239

ikev2_sa_transform_t::dh_g
const char * dh_g
Definition: ikev2_priv.h:246

ikev2_sa_transform_t::integ_type
ikev2_transform_integ_type_t integ_type
Definition: ikev2_priv.h:235

ikev2_delete_t
Definition: ikev2_priv.h:319

ikev2_sa_transform_t::key_len
u16 key_len
Definition: ikev2_priv.h:240

ikev2_payload_add_auth
void ikev2_payload_add_auth(ikev2_payload_chain_t *c, ikev2_auth_t *auth)
Definition: ikev2_payload.c:277

ikev2_profile_t::is_enabled
u8 is_enabled
Definition: ikev2_priv.h:347

ikev2_ts_t::start_port
u16 start_port
Definition: ikev2_priv.h:264

ikev2_payload_add_ke
void ikev2_payload_add_ke(ikev2_payload_chain_t *c, u16 dh_group, u8 *dh_data)
Definition: ikev2_payload.c:215

ikev2_sa_t::sk_pr
u8 * sk_pr
Definition: ikev2_priv.h:397

vlib_main_t
Definition: main.h:83

uword
u64 uword
Definition: types.h:112

ikev2_sa_t::i_id
ikev2_id_t i_id
Definition: ikev2_priv.h:404

ikev2_child_sa_t::tsr
ikev2_ts_t * tsr
Definition: ikev2_priv.h:299

ikev2_payload_add_notify_2
void ikev2_payload_add_notify_2(ikev2_payload_chain_t *c, u16 msg_type, u8 *data, ikev2_notify_t *notify)
Definition: ikev2_payload.c:139

ikev2_sa_t::childs
ikev2_child_sa_t * childs
Definition: ikev2_priv.h:436

ikev2_main_t::log_class
vlib_log_class_t log_class
Definition: ikev2_priv.h:486

ikev2_sa_transform_t::prf_type
ikev2_transform_prf_type_t prf_type
Definition: ikev2_priv.h:234

ikev2_profile_t::name
u8 * name
Definition: ikev2_priv.h:346

ikev2_parse_vendor_payload
void ikev2_parse_vendor_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:463

ikev2_notify_t
Definition: ikev2_priv.h:336

ikev2_encrypt_data
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:425

ikev2_rekey_t::ispi
u32 ispi
Definition: ikev2_priv.h:329

error.h

ikev2_sa_t::tun_itf
u32 tun_itf
Definition: ikev2_priv.h:426

ikev2_payload_add_delete
void ikev2_payload_add_delete(ikev2_payload_chain_t *c, ikev2_delete_t *d)
Definition: ikev2_payload.c:246

ikev2_main_t::msg_id_base
u16 msg_id_base
Definition: ikev2_priv.h:483

ikev2_transform_prf_type_t
ikev2_transform_prf_type_t
Definition: ikev2.h:244

ikev2_main_t::sa_by_ispi
uword * sa_by_ispi
Definition: ikev2_priv.h:475

ikev2_sa_t::unsupported_cp
u8 unsupported_cp
Definition: ikev2_priv.h:370

ikev2_sa_t::is_profile_index_set
u8 is_profile_index_set
Definition: ikev2_priv.h:423

ikev2_sa_free_proposal_vector
void ikev2_sa_free_proposal_vector(ikev2_sa_proposal_t **v)
Definition: ikev2.c:230

ikev2_responder_t::sw_if_index
u32 sw_if_index
Definition: ikev2_priv.h:272

ikev2_sa_t::ispi
u64 ispi
Definition: ikev2_priv.h:374

ikev2_sa_t::profile_index
u32 profile_index
Definition: ikev2_priv.h:424

ikev2_child_sa_t::time_to_expiration
f64 time_to_expiration
Definition: ikev2_priv.h:314

IKEV2_STATE_DELETED
Definition: ikev2_priv.h:205

ikev2_sa_t::udp_encap
u8 udp_encap
Definition: ikev2_priv.h:427

foreach_ikev2_log_level
#define foreach_ikev2_log_level
Definition: ikev2_priv.h:33

ikev2_transform_type_t
ikev2_transform_type_t
Definition: ikev2.h:203

ikev2_notify_t::spi
u32 spi
Definition: ikev2_priv.h:340

ikev2_profile_t::esp_ts
ikev2_transforms_set esp_ts
Definition: ikev2_priv.h:356

ikev2_log_level_t_
ikev2_log_level_t_
Definition: ikev2_priv.h:42

ikev2_generate_dh
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:479

ikev2_main_t::vlib_main
vlib_main_t * vlib_main
Definition: ikev2_priv.h:469

IKEV2_STATE_TS_UNACCEPTABLE
Definition: ikev2_priv.h:209

ikev2_child_sa_t::remote_sa_id
u32 remote_sa_id
Definition: ikev2_priv.h:311

ikev2_sa_transform_t::key_trunc
u16 key_trunc
Definition: ikev2_priv.h:241

ikev2_state_t
ikev2_state_t
Definition: ikev2_priv.h:201