FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
ikev2_priv.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __included_ikev2_priv_h__
16 #define __included_ikev2_priv_h__
17 
18 #include <vnet/vnet.h>
19 #include <vnet/ip/ip.h>
20 #include <vnet/ethernet/ethernet.h>
21 
22 #include <plugins/ikev2/ikev2.h>
23 
24 #include <vppinfra/hash.h>
25 #include <vppinfra/elog.h>
26 #include <vppinfra/error.h>
27 
28 #include <openssl/rand.h>
29 #include <openssl/dh.h>
30 #include <openssl/hmac.h>
31 #include <openssl/evp.h>
32 
33 #define foreach_ikev2_log_level \
34  _(0x00, LOG_NONE) \
35  _(0x01, LOG_ERROR) \
36  _(0x02, LOG_WARNING) \
37  _(0x03, LOG_INFO) \
38  _(0x04, LOG_DEBUG) \
39  _(0x05, LOG_DETAIL) \
40 
41 
42 typedef enum ikev2_log_level_t_
43 {
44 #define _(n,f) IKEV2_##f = n,
45  foreach_ikev2_log_level
46 #undef _
47  IKEV2_LOG_MAX
48 } ikev2_log_level_t;
49 
50 /* dataplane logging */
51 #define _ikev2_elog(_level, _msg) \
52 do { \
53  ikev2_main_t *km = &ikev2_main; \
54  if (PREDICT_FALSE (km->log_level >= _level)) \
55  { \
56  ELOG_TYPE_DECLARE (e) = \
57  { \
58  .format = "ikev2 " _msg, \
59  .format_args = "", \
60  }; \
61  ELOG_DATA (&vlib_global_main.elog_main, e); \
62  } \
63 } while (0)
64 
65 #define ikev2_elog_sa_state(_format, _ispi) \
66 do { \
67  ikev2_main_t *km = &ikev2_main; \
68  if (PREDICT_FALSE (km->log_level >= IKEV2_LOG_DEBUG)) \
69  { \
70  ELOG_TYPE_DECLARE (e) = \
71  { \
72  .format = "ikev2: " _format, \
73  .format_args = "i8", \
74  }; \
75  CLIB_PACKED(struct \
76  { \
77  u64 ispi; \
78  }) *ed; \
79  ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
80  ed->ispi = _ispi; \
81  } \
82 } while (0) \
83 
84 #define ikev2_elog_exchange_internal(_format, _ispi, _rspi, _addr) \
85 do { \
86  ikev2_main_t *km = &ikev2_main; \
87  if (PREDICT_FALSE (km->log_level >= IKEV2_LOG_DEBUG)) \
88  { \
89  ELOG_TYPE_DECLARE (e) = \
90  { \
91  .format = "ikev2: " _format, \
92  .format_args = "i8i8i1i1i1i1", \
93  }; \
94  CLIB_PACKED(struct \
95  { \
96  u64 ispi; \
97  u64 rspi; \
98  u8 oct1; \
99  u8 oct2; \
100  u8 oct3; \
101  u8 oct4; \
102  }) *ed; \
103  ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
104  ed->ispi = _ispi; \
105  ed->rspi = _rspi; \
106  ed->oct4 = (_addr) >> 24; \
107  ed->oct3 = (_addr) >> 16; \
108  ed->oct2 = (_addr) >> 8; \
109  ed->oct1 = (_addr); \
110  } \
111 } while (0) \
112 
113 #define IKE_ELOG_IP4_FMT "%d.%d.%d.%d"
114 #define IKE_ELOG_IP6_FMT "[v6]:%x%x:%x%x"
115 
116 #define ikev2_elog_exchange(_fmt, _ispi, _rspi, _addr, _v4) \
117 do { \
118  if (_v4) \
119  ikev2_elog_exchange_internal (_fmt IKE_ELOG_IP4_FMT, _ispi, _rspi, _addr);\
120  else \
121  ikev2_elog_exchange_internal (_fmt IKE_ELOG_IP6_FMT, _ispi, _rspi, _addr);\
122 } while (0)
123 
124 #define ikev2_elog_uint(_level, _format, _val) \
125 do { \
126  ikev2_main_t *km = &ikev2_main; \
127  if (PREDICT_FALSE (km->log_level >= _level)) \
128  { \
129  ELOG_TYPE_DECLARE (e) = \
130  { \
131  .format = "ikev2: " _format, \
132  .format_args = "i8", \
133  }; \
134  CLIB_PACKED(struct \
135  { \
136  u64 val; \
137  }) *ed; \
138  ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
139  ed->val = _val; \
140  } \
141 } while (0)
142 
143 #define ikev2_elog_uint_peers(_level, _format, _val, _ip1, _ip2) \
144 do { \
145  ikev2_main_t *km = &ikev2_main; \
146  if (PREDICT_FALSE (km->log_level >= _level)) \
147  { \
148  ELOG_TYPE_DECLARE (e) = \
149  { \
150  .format = "ikev2: " _format, \
151  .format_args = "i8i1i1i1i1i1i1i1i1", \
152  }; \
153  CLIB_PACKED(struct { \
154  u64 val; \
155  u8 i11; u8 i12; u8 i13; u8 i14; \
156  u8 i21; u8 i22; u8 i23; u8 i24; }) *ed; \
157  ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
158  ed->val = _val; \
159  ed->i14 = (_ip1) >> 24; \
160  ed->i13 = (_ip1) >> 16; \
161  ed->i12 = (_ip1) >> 8; \
162  ed->i11 = (_ip1); \
163  ed->i24 = (_ip2) >> 24; \
164  ed->i23 = (_ip2) >> 16; \
165  ed->i22 = (_ip2) >> 8; \
166  ed->i21 = (_ip2); \
167  } \
168 } while (0)
169 
170 #define ikev2_elog_error(_msg) \
171  _ikev2_elog(IKEV2_LOG_ERROR, "[error] " _msg)
172 #define ikev2_elog_warning(_msg) \
173  _ikev2_elog(IKEV2_LOG_WARNING, "[warning] " _msg)
174 #define ikev2_elog_debug(_msg) \
175  _ikev2_elog(IKEV2_LOG_DEBUG, "[debug] " _msg)
176 #define ikev2_elog_detail(_msg) \
177  _ikev2_elog(IKEV2_LOG_DETAIL, "[detail] " _msg)
178 
179 /* logging for main thread */
180 #define ikev2_log_error(...) \
181  vlib_log(VLIB_LOG_LEVEL_ERR, ikev2_main.log_class, __VA_ARGS__)
182 #define ikev2_log_warning(...) \
183  vlib_log(VLIB_LOG_LEVEL_WARNING, ikev2_main.log_class, __VA_ARGS__)
184 #define ikev2_log_debug(...) \
185  vlib_log(VLIB_LOG_LEVEL_DEBUG, ikev2_main.log_class, __VA_ARGS__)
186 
187 typedef enum
188 {
189  IKEV2_STATE_UNKNOWN,
190  IKEV2_STATE_SA_INIT,
191  IKEV2_STATE_DELETED,
192  IKEV2_STATE_AUTH_FAILED,
193  IKEV2_STATE_AUTHENTICATED,
194  IKEV2_STATE_NOTIFY_AND_DELETE,
195  IKEV2_STATE_TS_UNACCEPTABLE,
196  IKEV2_STATE_NO_PROPOSAL_CHOSEN,
197 } ikev2_state_t;
198 
199 typedef struct
200 {
201  ikev2_auth_method_t method:8;
202  u8 *data;
203  u8 hex; /* hex encoding of the shared secret */
204  EVP_PKEY *key;
205 } ikev2_auth_t;
206 
207 typedef enum
208 {
209  IKEV2_DH_GROUP_MODP = 0,
210  IKEV2_DH_GROUP_ECP = 1,
211 } ikev2_dh_group_t;
212 
213 typedef struct
214 {
215  ikev2_transform_type_t type;
216  union
217  {
218  u16 transform_id;
219  ikev2_transform_encr_type_t encr_type:16;
220  ikev2_transform_prf_type_t prf_type:16;
221  ikev2_transform_integ_type_t integ_type:16;
222  ikev2_transform_dh_type_t dh_type:16;
223  ikev2_transform_esn_type_t esn_type:16;
224  };
225  u8 *attrs;
226  u16 key_len;
227  u16 key_trunc;
228  u16 block_size;
229  u8 dh_group;
230  int nid;
231  const char *dh_p;
232  const char *dh_g;
233  const void *md;
234  const void *cipher;
235 } ikev2_sa_transform_t;
236 
237 typedef struct
238 {
239  u8 proposal_num;
240  ikev2_protocol_id_t protocol_id:8;
241  u32 spi;
242  ikev2_sa_transform_t *transforms;
243 } ikev2_sa_proposal_t;
244 
245 typedef struct
246 {
247  ikev2_traffic_selector_type_t ts_type;
248  u8 protocol_id;
249  u16 selector_len;
250  u16 start_port;
251  u16 end_port;
252  ip_address_t start_addr;
253  ip_address_t end_addr;
254 } ikev2_ts_t;
255 
256 typedef struct
257 {
258  u32 sw_if_index;
259  ip_address_t addr;
260 } ikev2_responder_t;
261 
262 typedef struct
263 {
264  ikev2_transform_encr_type_t crypto_alg;
265  ikev2_transform_integ_type_t integ_alg;
266  ikev2_transform_dh_type_t dh_type;
267  u32 crypto_key_size;
268 } ikev2_transforms_set;
269 
270 
271 typedef struct
272 {
273  ikev2_id_type_t type:8;
274  u8 *data;
275 } ikev2_id_t;
276 
277 typedef struct
278 {
279  /* sa proposals vectors */
280  ikev2_sa_proposal_t *i_proposals;
281  ikev2_sa_proposal_t *r_proposals;
282 
283  /* Traffic Selectors */
284  ikev2_ts_t *tsi;
285  ikev2_ts_t *tsr;
286 
287  /* keys */
288  u8 *sk_ai;
289  u8 *sk_ar;
290  u8 *sk_ei;
291  u8 *sk_er;
292  u32 salt_ei;
293  u32 salt_er;
294 
295  /* installed data */
296  u32 local_sa_id;
297  u32 remote_sa_id;
298 
299  /* lifetime data */
300  f64 time_to_expiration;
301  u8 is_expired;
302  i8 rekey_retries;
303 } ikev2_child_sa_t;
304 
305 typedef struct
306 {
307  u8 protocol_id;
308  u32 spi; /*for ESP and AH SPI size is 4, for IKE size is 0 */
309 } ikev2_delete_t;
310 
311 typedef struct
312 {
313  u8 protocol_id;
314  u32 spi;
315  u32 ispi;
316  ikev2_sa_proposal_t *i_proposal;
317  ikev2_sa_proposal_t *r_proposal;
318  ikev2_ts_t *tsi;
319  ikev2_ts_t *tsr;
320 } ikev2_rekey_t;
321 
322 typedef struct
323 {
324  u16 msg_type;
325  u8 protocol_id;
326  u32 spi;
327  u8 *data;
328 } ikev2_notify_t;
329 
330 typedef struct
331 {
332  u8 *name;
333 
334  ikev2_auth_t auth;
335  ikev2_id_t loc_id;
336  ikev2_id_t rem_id;
337  ikev2_ts_t loc_ts;
338  ikev2_ts_t rem_ts;
339  ikev2_responder_t responder;
340  ikev2_transforms_set ike_ts;
341  ikev2_transforms_set esp_ts;
342  u64 lifetime;
343  u64 lifetime_maxdata;
344  u32 lifetime_jitter;
345  u32 handover;
346  u16 ipsec_over_udp_port;
347 
348  u32 tun_itf;
349  u8 udp_encap;
350  u8 natt_disabled;
351 } ikev2_profile_t;
352 
353 typedef enum
354 {
355  /* SA will switch to port 4500 when NAT is detected.
356  * This is the default. */
357  IKEV2_NATT_ENABLED,
358 
359  /* Do nothing when NAT is detected */
360  IKEV2_NATT_DISABLED,
361 
362  /* NAT was detected and port switched to 4500 */
363  IKEV2_NATT_ACTIVE,
364 } ikev2_natt_state_t;
365 
366 #define ikev2_natt_active(_sa) ((_sa)->natt_state == IKEV2_NATT_ACTIVE)
367 
368 typedef struct
369 {
370  ikev2_state_t state;
371  u8 unsupported_cp;
372  u8 initial_contact;
373  ip_address_t iaddr;
374  ip_address_t raddr;
375  u64 ispi;
376  u64 rspi;
377  u8 *i_nonce;
378  u8 *r_nonce;
379 
380  /* DH data */
381  u16 dh_group;
382  u8 *dh_shared_key;
383  u8 *dh_private_key;
384  u8 *i_dh_data;
385  u8 *r_dh_data;
386 
387  /* sa proposals vectors */
388  ikev2_sa_proposal_t *i_proposals;
389  ikev2_sa_proposal_t *r_proposals;
390 
391  /* keys */
392  u8 *sk_d;
393  u8 *sk_ai;
394  u8 *sk_ar;
395  u8 *sk_ei;
396  u8 *sk_er;
397  u8 *sk_pi;
398  u8 *sk_pr;
399 
400  /* auth */
401  ikev2_auth_t i_auth;
402  ikev2_auth_t r_auth;
403 
404  /* ID */
405  ikev2_id_t i_id;
406  ikev2_id_t r_id;
407 
408  /* pending deletes */
409  ikev2_delete_t *del;
410 
411  /* pending rekeyings */
412  ikev2_rekey_t *rekey;
413 
414  /* packet data */
415  u8 *last_sa_init_req_packet_data;
416  u8 *last_sa_init_res_packet_data;
417 
418  /* retransmit */
419  /* message id expected in the request from the other peer */
420  u32 last_msg_id;
421  u8 *last_res_packet_data;
422 
423  u8 is_initiator;
424  /* last message id that was used for an initiated request */
425  u32 last_init_msg_id;
426  u32 profile_index;
427  u8 is_tun_itf_set;
428  u32 tun_itf;
429  u8 udp_encap;
430  u16 ipsec_over_udp_port;
431 
432  f64 old_id_expiration;
433  u32 current_remote_id_mask;
434  u32 old_remote_id;
435  u8 old_remote_id_present;
436  u8 init_response_received;
437 
438  ikev2_child_sa_t *childs;
439 
440  u8 liveness_retries;
441  f64 liveness_period_check;
442 
443  u16 dst_port;
444  u32 sw_if_index;
445 
446  /* is NAT traversal mode */
447  ikev2_natt_state_t natt_state;
448  u8 keys_generated;
449 } ikev2_sa_t;
450 
451 
452 typedef struct
453 {
454  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
455 
456  /* pool of IKEv2 Security Associations */
457  ikev2_sa_t *sas;
458 
459  /* hash */
460  uword *sa_by_rspi;
461 
462  EVP_CIPHER_CTX *evp_ctx;
463  HMAC_CTX *hmac_ctx;
464 #if OPENSSL_VERSION_NUMBER < 0x10100000L
465  HMAC_CTX _hmac_ctx;
466  EVP_CIPHER_CTX _evp_ctx;
467 #endif
468 } ikev2_main_per_thread_data_t;
469 
470 typedef struct
471 {
472  /* pool of IKEv2 profiles */
473  ikev2_profile_t *profiles;
474 
475  /* vector of supported transform types */
476  ikev2_sa_transform_t *supported_transforms;
477 
478  /* hash */
479  mhash_t profile_index_by_name;
480 
481  /* local private key */
482  EVP_PKEY *pkey;
483 
484  /* convenience */
485  vlib_main_t *vlib_main;
486  vnet_main_t *vnet_main;
487 
488  /* pool of IKEv2 Security Associations created in initiator mode */
489  ikev2_sa_t *sais;
490  /* hash */
491  uword *sa_by_ispi;
492 
493  ikev2_main_per_thread_data_t *per_thread_data;
494 
495  /* interface indices managed by IKE */
496  uword *sw_if_indices;
497 
498  /* API message ID base */
499  u16 msg_id_base;
500 
501  /* log class used for main thread */
502  vlib_log_class_t log_class;
503 
504  /* logging level */
505  ikev2_log_level_t log_level;
506 
507  /* custom ipsec-over-udp ports managed by ike */
508  uword *udp_ports;
509 
510  /* how often a liveness check will be performed */
511  u32 liveness_period;
512 
513  /* max number of retries before considering peer dead */
514  u32 liveness_max_retries;
515 
516  /* dead peer detection */
517  u8 dpd_disabled;
518 } ikev2_main_t;
519 
520 extern ikev2_main_t ikev2_main;
521 
522 void ikev2_sa_free_proposal_vector (ikev2_sa_proposal_t ** v);
523 ikev2_sa_transform_t *ikev2_sa_get_td_for_type (ikev2_sa_proposal_t * p,
524  ikev2_transform_type_t type);
525 
526 /* ikev2_crypto.c */
527 v8 *ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data);
528 u8 *ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed,
529  int len);
530 v8 *ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data,
531  int len);
532 int ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
533  ikev2_sa_transform_t * tr_encr, u8 * data, int len,
534  u32 * out_len);
535 int ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
536  ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst);
537 int ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd,
538  ikev2_sa_t * sa, ikev2_sa_transform_t * tr_encr,
539  v8 * src, u8 * dst, u8 * aad,
540  u32 aad_len, u8 * tag);
541 int ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd,
542  ikev2_sa_t * sa, ikev2_sa_transform_t * tr_encr,
543  u8 * data, int data_len, u8 * aad, u32 aad_len,
544  u8 * tag, u32 * out_len);
545 void ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t);
546 void ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t);
547 int ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data);
548 u8 *ikev2_calc_sign (EVP_PKEY * pkey, u8 * data);
549 EVP_PKEY *ikev2_load_cert_file (u8 * file);
550 EVP_PKEY *ikev2_load_key_file (u8 * file);
551 void ikev2_crypto_init (ikev2_main_t * km);
552 
553 /* ikev2_payload.c */
554 typedef struct
555 {
556  u8 first_payload_type;
557  u16 last_hdr_off;
558  u8 *data;
559 } ikev2_payload_chain_t;
560 
561 #define ikev2_payload_new_chain(V) vec_validate (V, 0)
562 #define ikev2_payload_destroy_chain(V) do { \
563  vec_free((V)->data); \
564  vec_free(V); \
565 } while (0)
566 
567 void ikev2_payload_add_notify (ikev2_payload_chain_t * c, u16 msg_type,
568  u8 * data);
569 void ikev2_payload_add_notify_2 (ikev2_payload_chain_t * c, u16 msg_type,
570  u8 * data, ikev2_notify_t * notify);
571 void ikev2_payload_add_sa (ikev2_payload_chain_t * c,
572  ikev2_sa_proposal_t * proposals);
573 void ikev2_payload_add_ke (ikev2_payload_chain_t * c, u16 dh_group,
574  u8 * dh_data);
575 void ikev2_payload_add_nonce (ikev2_payload_chain_t * c, u8 * nonce);
576 void ikev2_payload_add_id (ikev2_payload_chain_t * c, ikev2_id_t * id,
577  u8 type);
578 void ikev2_payload_add_auth (ikev2_payload_chain_t * c, ikev2_auth_t * auth);
579 void ikev2_payload_add_ts (ikev2_payload_chain_t * c, ikev2_ts_t * ts,
580  u8 type);
581 void ikev2_payload_add_delete (ikev2_payload_chain_t * c, ikev2_delete_t * d);
582 void ikev2_payload_chain_add_padding (ikev2_payload_chain_t * c, int bs);
583 void ikev2_parse_vendor_payload (ike_payload_header_t * ikep);
584 ikev2_sa_proposal_t *ikev2_parse_sa_payload (ike_payload_header_t * ikep,
585  u32 rlen);
586 ikev2_ts_t *ikev2_parse_ts_payload (ike_payload_header_t * ikep, u32 rlen);
587 ikev2_delete_t *ikev2_parse_delete_payload (ike_payload_header_t * ikep,
588  u32 rlen);
589 ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep,
590  u32 rlen);
591 int ikev2_set_log_level (ikev2_log_level_t log_level);
592 u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type);
593 void ikev2_disable_dpd (void);
594 clib_error_t *ikev2_profile_natt_disable (u8 * name);
595 
596 static_always_inline ikev2_main_per_thread_data_t *
597 ikev2_get_per_thread_data ()
598 {
599  u32 thread_index = vlib_get_thread_index ();
600  return vec_elt_at_index (ikev2_main.per_thread_data, thread_index);
601 }
602 #endif /* __included_ikev2_priv_h__ */
603 
604 
605 /*
606  * fd.io coding-style-patch-verification: ON
607  *
608  * Local Variables:
609  * eval: (c-set-style "gnu")
610  * End:
611  */
ikev2_main_t::per_thread_data
ikev2_main_per_thread_data_t * per_thread_data
Definition: ikev2_priv.h:493
ikev2_payload_chain_t
Definition: ikev2_priv.h:554
ikev2_auth_t
Definition: ikev2_priv.h:199
ikev2_main_t::liveness_period
u32 liveness_period
Definition: ikev2_priv.h:511
ikev2_sa_t::dh_shared_key
u8 * dh_shared_key
Definition: ikev2_priv.h:382
ikev2_main_t::sais
ikev2_sa_t * sais
Definition: ikev2_priv.h:489
ikev2_profile_t
Definition: ikev2_priv.h:330
mhash_t
Definition: mhash.h:46
ikev2_sa_t::dh_private_key
u8 * dh_private_key
Definition: ikev2_priv.h:383
ikev2_sa_transform_t::type
ikev2_transform_type_t type
Definition: ikev2_priv.h:215
ikev2_payload_add_sa
void ikev2_payload_add_sa(ikev2_payload_chain_t *c, ikev2_sa_proposal_t *proposals)
Definition: ikev2_payload.c:170
ikev2_decrypt_aead_data
int ikev2_decrypt_aead_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, u8 *data, int data_len, u8 *aad, u32 aad_len, u8 *tag, u32 *out_len)
Definition: ikev2_crypto.c:353
ikev2_notify_t::msg_type
u16 msg_type
Definition: ikev2_priv.h:324
CLIB_CACHE_LINE_ALIGN_MARK
#define CLIB_CACHE_LINE_ALIGN_MARK(mark)
Definition: cache.h:60
ikev2_child_sa_t::local_sa_id
u32 local_sa_id
Definition: ikev2_priv.h:296
ikev2_sa_t::r_id
ikev2_id_t r_id
Definition: ikev2_priv.h:406
IKEV2_STATE_SA_INIT
Definition: ikev2_priv.h:190
ikev2_id_t::type
ikev2_id_type_t type
Definition: ikev2_priv.h:273
ikev2_profile_t::ike_ts
ikev2_transforms_set ike_ts
Definition: ikev2_priv.h:340
ikev2_ts_t::end_addr
ip_address_t end_addr
Definition: ikev2_priv.h:253
ikev2_sa_t::old_remote_id
u32 old_remote_id
Definition: ikev2_priv.h:434
ikev2_payload_add_notify
void ikev2_payload_add_notify(ikev2_payload_chain_t *c, u16 msg_type, u8 *data)
Definition: ikev2_payload.c:142
ikev2_profile_t::lifetime
u64 lifetime
Definition: ikev2_priv.h:342
ikev2_transform_integ_type_t
ikev2_transform_integ_type_t
Definition: ikev2.h:282
ikev2_sa_t::dst_port
u16 dst_port
Definition: ikev2_priv.h:443
IKEV2_DH_GROUP_ECP
Definition: ikev2_priv.h:210
ikev2_sa_t::natt_state
ikev2_natt_state_t natt_state
Definition: ikev2_priv.h:447
ikev2_parse_ts_payload
ikev2_ts_t * ikev2_parse_ts_payload(ike_payload_header_t *ikep, u32 rlen)
Definition: ikev2_payload.c:447
ikev2_main_t::pkey
EVP_PKEY * pkey
Definition: ikev2_priv.h:482
ikev2_ts_t::ts_type
ikev2_traffic_selector_type_t ts_type
Definition: ikev2_priv.h:247
ikev2_encrypt_aead_data
int ikev2_encrypt_aead_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, v8 *src, u8 *dst, u8 *aad, u32 aad_len, u8 *tag)
Definition: ikev2_crypto.c:424
ikev2_calc_prfplus
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:274
ikev2_auth_method_t
ikev2_auth_method_t
Definition: ikev2.h:354
ikev2_child_sa_t
Definition: ikev2_priv.h:277
ikev2_sa_t::last_init_msg_id
u32 last_init_msg_id
Definition: ikev2_priv.h:425
ikev2_parse_notify_payload
ikev2_notify_t * ikev2_parse_notify_payload(ike_payload_header_t *ikep, u32 rlen)
Definition: ikev2_payload.c:505
ikev2_sa_get_td_for_type
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:252
ikev2_transforms_set::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:266
auth
vl_api_ikev2_auth_t auth
Definition: ikev2_types.api:88
ikev2_main_t::profiles
ikev2_profile_t * profiles
Definition: ikev2_priv.h:473
u64
unsigned long u64
Definition: types.h:89
ikev2_id_t
Definition: ikev2_priv.h:271
v8
u8 v8
Definition: ikev2.h:33
ikev2_natt_state_t
ikev2_natt_state_t
Definition: ikev2_priv.h:353
ikev2_sa_t::current_remote_id_mask
u32 current_remote_id_mask
Definition: ikev2_priv.h:433
ikev2_sa_transform_t::block_size
u16 block_size
Definition: ikev2_priv.h:228
ikev2_ts_t
Definition: ikev2_priv.h:245
ikev2_rekey_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:313
ikev2_traffic_selector_type_t
ikev2_traffic_selector_type_t
Definition: ikev2.h:377
ikev2_main_per_thread_data_t::hmac_ctx
HMAC_CTX * hmac_ctx
Definition: ikev2_priv.h:463
ikev2_responder_t::addr
ip_address_t addr
Definition: ikev2_priv.h:259
ikev2_sa_transform_t::esn_type
ikev2_transform_esn_type_t esn_type
Definition: ikev2_priv.h:223
ikev2_sa_proposal_t::spi
u32 spi
Definition: ikev2_priv.h:241
ikev2_sa_t::state
ikev2_state_t state
Definition: ikev2_priv.h:370
ikev2_transforms_set::crypto_key_size
u32 crypto_key_size
Definition: ikev2_priv.h:267
src
vl_api_address_t src
Definition: gre.api:54
ikev2_transforms_set::crypto_alg
ikev2_transform_encr_type_t crypto_alg
Definition: ikev2_priv.h:264
ikev2_main_t::dpd_disabled
u8 dpd_disabled
Definition: ikev2_priv.h:517
ikev2_sa_t::sk_pi
u8 * sk_pi
Definition: ikev2_priv.h:397
ikev2_main
ikev2_main_t ikev2_main
Definition: ikev2.c:36
ikev2_profile_t::lifetime_maxdata
u64 lifetime_maxdata
Definition: ikev2_priv.h:343
ikev2_sa_t::initial_contact
u8 initial_contact
Definition: ikev2_priv.h:372
ikev2_rekey_t::tsi
ikev2_ts_t * tsi
Definition: ikev2_priv.h:318
IKEV2_STATE_NO_PROPOSAL_CHOSEN
Definition: ikev2_priv.h:196
ikev2_sa_t::iaddr
ip_address_t iaddr
Definition: ikev2_priv.h:373
ikev2_payload_add_id
void ikev2_payload_add_id(ikev2_payload_chain_t *c, ikev2_id_t *id, u8 type)
Definition: ikev2_payload.c:243
ikev2_sa_t::r_auth
ikev2_auth_t r_auth
Definition: ikev2_priv.h:402
ikev2_parse_delete_payload
ikev2_delete_t * ikev2_parse_delete_payload(ike_payload_header_t *ikep, u32 rlen)
Definition: ikev2_payload.c:560
dh_group
u8 dh_group
Definition: ikev2_types.api:60
IKEV2_NATT_DISABLED
Definition: ikev2_priv.h:360
ikev2_profile_t::ipsec_over_udp_port
u16 ipsec_over_udp_port
Definition: ikev2_priv.h:346
ikev2_auth_t::hex
u8 hex
Definition: ikev2_priv.h:203
ikev2_sa_t::last_sa_init_res_packet_data
u8 * last_sa_init_res_packet_data
Definition: ikev2_priv.h:416
u8
unsigned char u8
Definition: types.h:56
ikev2_sa_t::init_response_received
u8 init_response_received
Definition: ikev2_priv.h:436
data
u8 data[128]
Definition: ipsec_types.api:89
ikev2_profile_t::auth
ikev2_auth_t auth
Definition: ikev2_priv.h:334
ikev2_sa_transform_t::nid
int nid
Definition: ikev2_priv.h:230
f64
double f64
Definition: types.h:142
ikev2_rekey_t::tsr
ikev2_ts_t * tsr
Definition: ikev2_priv.h:319
ikev2_profile_t::rem_id
ikev2_id_t rem_id
Definition: ikev2_priv.h:336
ikev2_sa_t::sk_d
u8 * sk_d
Definition: ikev2_priv.h:392
ikev2_transform_dh_type_t
ikev2_transform_dh_type_t
Definition: ikev2.h:332
log_level
log_level
Definition: vpe_types.api:32
ikev2_load_cert_file
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:818
ikev2_main_t
Definition: ikev2_priv.h:470
ikev2_payload_add_ts
void ikev2_payload_add_ts(ikev2_payload_chain_t *c, ikev2_ts_t *ts, u8 type)
Definition: ikev2_payload.c:333
vlib_log_class_t
u32 vlib_log_class_t
Definition: vlib.h:51
IKEV2_NATT_ACTIVE
Definition: ikev2_priv.h:363
ikev2_child_sa_t::is_expired
u8 is_expired
Definition: ikev2_priv.h:301
ikev2_sa_t::last_msg_id
u32 last_msg_id
Definition: ikev2_priv.h:420
static_always_inline
#define static_always_inline
Definition: clib.h:108
IKEV2_STATE_UNKNOWN
Definition: ikev2_priv.h:189
ikev2_child_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:281
ikev2_payload_chain_t::first_payload_type
u8 first_payload_type
Definition: ikev2_priv.h:556
ikev2_profile_t::lifetime_jitter
u32 lifetime_jitter
Definition: ikev2_priv.h:344
ikev2_sa_transform_t::transform_id
u16 transform_id
Definition: ikev2_priv.h:218
ikev2_main_t::liveness_max_retries
u32 liveness_max_retries
Definition: ikev2_priv.h:514
ikev2_parse_sa_payload
ikev2_sa_proposal_t * ikev2_parse_sa_payload(ike_payload_header_t *ikep, u32 rlen)
Definition: ikev2_payload.c:365
ikev2_profile_t::tun_itf
u32 tun_itf
Definition: ikev2_priv.h:348
ikev2_ts_t::selector_len
u16 selector_len
Definition: ikev2_priv.h:249
ikev2_delete_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:307
vec_elt_at_index
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
Definition: vec_bootstrap.h:202
ikev2_load_key_file
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:849
ikev2_sa_t::i_proposals
ikev2_sa_proposal_t * i_proposals
Definition: ikev2_priv.h:388
ikev2_main_t::sw_if_indices
uword * sw_if_indices
Definition: ikev2_priv.h:496
ikev2_main_per_thread_data_t::sas
ikev2_sa_t * sas
Definition: ikev2_priv.h:457
ikev2_verify_sign
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:755
ikev2_id_t::data
u8 * data
Definition: ikev2_priv.h:274
ikev2_transforms_set::integ_alg
ikev2_transform_integ_type_t integ_alg
Definition: ikev2_priv.h:265
u32
unsigned int u32
Definition: types.h:88
ikev2_sa_t::i_auth
ikev2_auth_t i_auth
Definition: ikev2_priv.h:401
ikev2_child_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:291
ikev2_sa_proposal_t::proposal_num
u8 proposal_num
Definition: ikev2_priv.h:239
ikev2_transforms_set
Definition: ikev2_priv.h:262
ikev2_profile_t::loc_id
ikev2_id_t loc_id
Definition: ikev2_priv.h:335
ikev2_sa_proposal_t::transforms
ikev2_sa_transform_t * transforms
Definition: ikev2_priv.h:242
ikev2_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:394
ikev2_child_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:289
ikev2_responder_t
Definition: ikev2_priv.h:256
ikev2_sa_t::r_dh_data
u8 * r_dh_data
Definition: ikev2_priv.h:385
ikev2_profile_t::responder
ikev2_responder_t responder
Definition: ikev2_priv.h:339
type
vl_api_fib_path_type_t type
Definition: fib_types.api:123
ikev2_sa_t::last_sa_init_req_packet_data
u8 * last_sa_init_req_packet_data
Definition: ikev2_priv.h:415
ikev2_set_log_level
int ikev2_set_log_level(ikev2_log_level_t log_level)
Definition: ikev2.c:4784
ikev2_profile_t::rem_ts
ikev2_ts_t rem_ts
Definition: ikev2_priv.h:338
ikev2_child_sa_t::salt_er
u32 salt_er
Definition: ikev2_priv.h:293
ikev2_sa_t::i_dh_data
u8 * i_dh_data
Definition: ikev2_priv.h:384
u16
unsigned short u16
Definition: types.h:57
ikev2_child_sa_t::i_proposals
ikev2_sa_proposal_t * i_proposals
Definition: ikev2_priv.h:280
data_len
u8 data_len
Definition: ikev2_types.api:24
ikev2_main_per_thread_data_t::evp_ctx
EVP_CIPHER_CTX * evp_ctx
Definition: ikev2_priv.h:462
ikev2_sa_t::r_nonce
u8 * r_nonce
Definition: ikev2_priv.h:378
IKEV2_DH_GROUP_MODP
Definition: ikev2_priv.h:209
ikev2_main_t::profile_index_by_name
mhash_t profile_index_by_name
Definition: ikev2_priv.h:479
ikev2_ts_t::end_port
u16 end_port
Definition: ikev2_priv.h:251
ikev2_main_t::supported_transforms
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:476
ikev2_main_per_thread_data_t::sa_by_rspi
uword * sa_by_rspi
Definition: ikev2_priv.h:460
ikev2_profile_t::natt_disabled
u8 natt_disabled
Definition: ikev2_priv.h:350
ikev2_sa_t::rekey
ikev2_rekey_t * rekey
Definition: ikev2_priv.h:412
ikev2_sa_transform_t::dh_group
u8 dh_group
Definition: ikev2_priv.h:229
ikev2_payload_chain_add_padding
void ikev2_payload_chain_add_padding(ikev2_payload_chain_t *c, int bs)
Definition: ikev2_payload.c:356
ikev2_sa_transform_t
Definition: ikev2_priv.h:213
ikev2_get_per_thread_data
static_always_inline ikev2_main_per_thread_data_t * ikev2_get_per_thread_data()
Definition: ikev2_priv.h:597
i8
signed char i8
Definition: types.h:45
ikev2_protocol_id_t
ikev2_protocol_id_t
Definition: ikev2.h:121
ikev2_auth_t::data
u8 * data
Definition: ikev2_priv.h:202
dst
vl_api_address_t dst
Definition: gre.api:55
ikev2_sa_t::rspi
u64 rspi
Definition: ikev2_priv.h:376
ikev2_calc_sign
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:784
ikev2_calc_prf
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:257
ikev2_sa_t::i_nonce
u8 * i_nonce
Definition: ikev2_priv.h:377
len
u8 len
Definition: ip_types.api:92
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:395
ip_address
Definition: ip_types.h:47
ikev2_sa_t::old_remote_id_present
u8 old_remote_id_present
Definition: ikev2_priv.h:435
elog.h
The fine-grained event logger allows lightweight, thread-safe event logging at minimum cost...
ikev2_sa_t::sw_if_index
u32 sw_if_index
Definition: ikev2_priv.h:444
ikev2_sa_t::raddr
ip_address_t raddr
Definition: ikev2_priv.h:374
ikev2_profile_t::udp_encap
u8 udp_encap
Definition: ikev2_priv.h:349
ikev2_sa_transform_t::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:222
c
svmdb_client_t * c
Definition: vpp_get_metrics.c:49
ikev2_sa_t
Definition: ikev2_priv.h:368
vlib_get_thread_index
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:219
ikev2_auth_t::method
ikev2_auth_method_t method
Definition: ikev2_priv.h:201
ikev2_transform_encr_type_t
ikev2_transform_encr_type_t
Definition: ikev2.h:241
ikev2_sa_t::del
ikev2_delete_t * del
Definition: ikev2_priv.h:409
ikev2_child_sa_t::tsi
ikev2_ts_t * tsi
Definition: ikev2_priv.h:284
IKEV2_STATE_AUTH_FAILED
Definition: ikev2_priv.h:192
ikev2_payload_add_nonce
void ikev2_payload_add_nonce(ikev2_payload_chain_t *c, u8 *nonce)
Definition: ikev2_payload.c:235
IKEV2_STATE_NOTIFY_AND_DELETE
Definition: ikev2_priv.h:194
ikev2_child_sa_t::salt_ei
u32 salt_ei
Definition: ikev2_priv.h:292
ikev2_main_t::udp_ports
uword * udp_ports
Definition: ikev2_priv.h:508
ikev2_child_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:290
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:396
ikev2_sa_t::is_initiator
u8 is_initiator
Definition: ikev2_priv.h:423
ikev2_sa_transform_t::cipher
const void * cipher
Definition: ikev2_priv.h:234
ikev2_notify_t::data
u8 * data
Definition: ikev2_priv.h:327
name
string name[64]
Definition: ip.api:44
ikev2_profile_t::loc_ts
ikev2_ts_t loc_ts
Definition: ikev2_priv.h:337
ikev2_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:389
IKEV2_STATE_AUTHENTICATED
Definition: ikev2_priv.h:193
ikev2_child_sa_t::rekey_retries
i8 rekey_retries
Definition: ikev2_priv.h:302
ikev2_sa_t::old_id_expiration
f64 old_id_expiration
Definition: ikev2_priv.h:432
ikev2_log_level_t
enum ikev2_log_level_t_ ikev2_log_level_t
vnet_main_t
Definition: vnet.h:54
ikev2_sa_proposal_t::protocol_id
ikev2_protocol_id_t protocol_id
Definition: ikev2_priv.h:240
ikev2_ts_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:248
ikev2_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ikev2_priv.h:486
ikev2_id_type_t
ikev2_id_type_t
Definition: ikev2.h:370
ikev2_sa_t::liveness_period_check
f64 liveness_period_check
Definition: ikev2_priv.h:441
ikev2_complete_dh
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:648
ikev2_payload_chain_t::last_hdr_off
u16 last_hdr_off
Definition: ikev2_priv.h:557
ikev2_main_per_thread_data_t
Definition: ikev2_priv.h:452
ikev2_transform_esn_type_t
ikev2_transform_esn_type_t
Definition: ikev2.h:343
ikev2_rekey_t
Definition: ikev2_priv.h:311
ikev2_rekey_t::r_proposal
ikev2_sa_proposal_t * r_proposal
Definition: ikev2_priv.h:317
ikev2_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:393
IKEV2_LOG_MAX
Definition: ikev2_priv.h:47
ikev2_calc_integr
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:316
ikev2_profile_t::handover
u32 handover
Definition: ikev2_priv.h:345
ikev2_sa_proposal_t
Definition: ikev2_priv.h:237
ikev2_rekey_t::spi
u32 spi
Definition: ikev2_priv.h:314
ikev2_sa_t::dh_group
u16 dh_group
Definition: ikev2_priv.h:381
ikev2_sa_t::is_tun_itf_set
u8 is_tun_itf_set
Definition: ikev2_priv.h:427
ikev2_delete_t::spi
u32 spi
Definition: ikev2_priv.h:308
ikev2_child_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:288
ikev2_main_t::log_level
ikev2_log_level_t log_level
Definition: ikev2_priv.h:505
ikev2_notify_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:325
ikev2_rekey_t::i_proposal
ikev2_sa_proposal_t * i_proposal
Definition: ikev2_priv.h:316
ikev2_sa_transform_t::dh_p
const char * dh_p
Definition: ikev2_priv.h:231
ikev2_auth_t::key
EVP_PKEY * key
Definition: ikev2_priv.h:204
ikev2_sa_t::liveness_retries
u8 liveness_retries
Definition: ikev2_priv.h:440
ikev2_dh_group_t
ikev2_dh_group_t
Definition: ikev2_priv.h:207
ikev2_sa_transform_t::md
const void * md
Definition: ikev2_priv.h:233
ikev2_crypto_init
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:871
clib_error_t
Definition: clib_error.h:21
ikev2_payload_chain_t::data
u8 * data
Definition: ikev2_priv.h:558
key
typedef key
Definition: ipsec_types.api:85
ikev2_decrypt_data
int ikev2_decrypt_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, u8 *data, int len, u32 *out_len)
Definition: ikev2_crypto.c:391
ikev2_sa_transform_t::encr_type
ikev2_transform_encr_type_t encr_type
Definition: ikev2_priv.h:219
ikev2_sa_t::last_res_packet_data
u8 * last_res_packet_data
Definition: ikev2_priv.h:421
ikev2_sa_transform_t::attrs
u8 * attrs
Definition: ikev2_priv.h:225
ikev2_sa_transform_t::dh_g
const char * dh_g
Definition: ikev2_priv.h:232
ikev2_sa_transform_t::integ_type
ikev2_transform_integ_type_t integ_type
Definition: ikev2_priv.h:221
ikev2_find_ike_notify_payload
u8 * ikev2_find_ike_notify_payload(ike_header_t *ike, u32 msg_type)
Definition: ikev2_payload.c:592
ikev2_delete_t
Definition: ikev2_priv.h:305
ikev2_sa_transform_t::key_len
u16 key_len
Definition: ikev2_priv.h:226
ikev2_payload_add_auth
void ikev2_payload_add_auth(ikev2_payload_chain_t *c, ikev2_auth_t *auth)
Definition: ikev2_payload.c:286
ikev2_ts_t::start_port
u16 start_port
Definition: ikev2_priv.h:250
ikev2_payload_add_ke
void ikev2_payload_add_ke(ikev2_payload_chain_t *c, u16 dh_group, u8 *dh_data)
Definition: ikev2_payload.c:224
ikev2_sa_t::sk_pr
u8 * sk_pr
Definition: ikev2_priv.h:398
vlib_main_t
Definition: main.h:120
uword
u64 uword
Definition: types.h:112
ikev2_sa_t::i_id
ikev2_id_t i_id
Definition: ikev2_priv.h:405
ikev2_child_sa_t::tsr
ikev2_ts_t * tsr
Definition: ikev2_priv.h:285
ikev2_payload_add_notify_2
void ikev2_payload_add_notify_2(ikev2_payload_chain_t *c, u16 msg_type, u8 *data, ikev2_notify_t *notify)
Definition: ikev2_payload.c:148
ikev2_sa_t::childs
ikev2_child_sa_t * childs
Definition: ikev2_priv.h:438
ikev2_main_t::log_class
vlib_log_class_t log_class
Definition: ikev2_priv.h:502
ikev2_sa_transform_t::prf_type
ikev2_transform_prf_type_t prf_type
Definition: ikev2_priv.h:220
ikev2_profile_t::name
u8 * name
Definition: ikev2_priv.h:332
ikev2_parse_vendor_payload
void ikev2_parse_vendor_payload(ike_payload_header_t *ikep)
Definition: ikev2_payload.c:553
ikev2_notify_t
Definition: ikev2_priv.h:322
ikev2_rekey_t::ispi
u32 ispi
Definition: ikev2_priv.h:315
ikev2_sa_t::tun_itf
u32 tun_itf
Definition: ikev2_priv.h:428
ikev2_payload_add_delete
void ikev2_payload_add_delete(ikev2_payload_chain_t *c, ikev2_delete_t *d)
Definition: ikev2_payload.c:255
ikev2_main_t::msg_id_base
u16 msg_id_base
Definition: ikev2_priv.h:499
ikev2_transform_prf_type_t
ikev2_transform_prf_type_t
Definition: ikev2.h:258
ikev2_main_t::sa_by_ispi
uword * sa_by_ispi
Definition: ikev2_priv.h:491
ikev2_ts_t::start_addr
ip_address_t start_addr
Definition: ikev2_priv.h:252
ikev2_sa_t::unsupported_cp
u8 unsupported_cp
Definition: ikev2_priv.h:371
ikev2_sa_free_proposal_vector
void ikev2_sa_free_proposal_vector(ikev2_sa_proposal_t **v)
Definition: ikev2.c:285
ikev2_responder_t::sw_if_index
u32 sw_if_index
Definition: ikev2_priv.h:258
ikev2_sa_t::ispi
u64 ispi
Definition: ikev2_priv.h:375
ikev2_sa_t::profile_index
u32 profile_index
Definition: ikev2_priv.h:426
ikev2_child_sa_t::time_to_expiration
f64 time_to_expiration
Definition: ikev2_priv.h:300
IKEV2_STATE_DELETED
Definition: ikev2_priv.h:191
ikev2_sa_t::udp_encap
u8 udp_encap
Definition: ikev2_priv.h:429
foreach_ikev2_log_level
#define foreach_ikev2_log_level
Definition: ikev2_priv.h:33
ikev2_transform_type_t
ikev2_transform_type_t
Definition: ikev2.h:217
ikev2_notify_t::spi
u32 spi
Definition: ikev2_priv.h:326
ikev2_profile_t::esp_ts
ikev2_transforms_set esp_ts
Definition: ikev2_priv.h:341
ikev2_log_level_t_
ikev2_log_level_t_
Definition: ikev2_priv.h:42
IKEV2_NATT_ENABLED
Definition: ikev2_priv.h:357
ikev2_disable_dpd
void ikev2_disable_dpd(void)
Definition: ikev2.c:4979
ikev2_generate_dh
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:500
ikev2_main_t::vlib_main
vlib_main_t * vlib_main
Definition: ikev2_priv.h:485
IKEV2_STATE_TS_UNACCEPTABLE
Definition: ikev2_priv.h:195
ikev2_sa_t::keys_generated
u8 keys_generated
Definition: ikev2_priv.h:448
ikev2_child_sa_t::remote_sa_id
u32 remote_sa_id
Definition: ikev2_priv.h:297
ikev2_sa_transform_t::key_trunc
u16 key_trunc
Definition: ikev2_priv.h:227
ikev2_encrypt_data
int ikev2_encrypt_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:455
ikev2_sa_t::ipsec_over_udp_port
u16 ipsec_over_udp_port
Definition: ikev2_priv.h:430
ikev2_profile_natt_disable
clib_error_t * ikev2_profile_natt_disable(u8 *name)
Definition: ikev2.c:4812
ikev2_state_t
ikev2_state_t
Definition: ikev2_priv.h:187