35 #define _(v,f,str) case IPSEC_POLICY_ACTION_##f: t = str; break; 53 #define _(f,str) case IPSEC_SPD_POLICY_##f: t = str; break; 66 u32 *r = va_arg (*args,
u32 *);
69 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_POLICY_ACTION_##f; 85 #define _(v,f,str) case IPSEC_CRYPTO_ALG_##f: t = (u8 *) str; break; 101 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_CRYPTO_ALG_##f; 117 #define _(v,f,str) case IPSEC_INTEG_ALG_##f: t = (u8 *) str; break; 121 s =
format (s,
"unknown");
133 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_INTEG_ALG_##f; 144 u64 w = va_arg (*args,
u64);
147 for (i = 0; i < 64; i++)
149 s =
format (s,
"%u", w & (1ULL << i) ? 1 : 0);
158 u32 pi = va_arg (*args,
u32);
166 s =
format (s,
" [%d] priority %d action %U type %U protocol ",
178 if (p->
policy == IPSEC_POLICY_ACTION_PROTECT)
187 s =
format (s,
"\n local addr range %U - %U port range %u - %u",
191 s =
format (s,
"\n remote addr range %U - %U port range %u - %u",
212 s =
format (s,
"No such SPD index: %d", si);
221 s = format (s, "\n %s:", n); \ 222 vec_foreach(i, spd->policies[IPSEC_SPD_POLICY_##v]) \ 224 s = format (s, "\n %U", format_ipsec_policy, *i); \ 262 #define _(v, f, str) if (flags & IPSEC_SA_FLAG_##f) s = format(s, "%s ", str); 271 u32 sai = va_arg (*args,
u32);
280 s =
format (s,
"No such SA index: %d", sai);
286 s =
format (s,
"[%d] sa %u (0x%x) spi %u (0x%08x) protocol:%s flags:[%U]",
294 s =
format (s,
"\n salt 0x%x", clib_net_to_host_u32 (sa->
salt));
295 s =
format (s,
"\n thread-indices [encrypt:%d decrypt:%d]",
298 s =
format (s,
"\n last-seq %u last-seq-hi %u window %U",
301 s =
format (s,
"\n crypto alg %U",
306 s =
format (s,
" key [redacted]");
307 s =
format (s,
"\n integrity alg %U",
309 if (sa->
integ_alg && (flags & IPSEC_FORMAT_INSECURE))
312 s =
format (s,
" key [redacted]");
313 s =
format (s,
"\n UDP:[src:%d dst:%d]",
320 if (ipsec_sa_is_set_IS_TUNNEL (sa))
324 s =
format (s,
"\n table-ID %d tunnel src %U dst %U",
328 if (!ipsec_sa_is_set_IS_INBOUND (sa))
331 format (s,
"\n resovle via fib-entry: %d",
333 s =
format (s,
"\n stacked on:");
349 return (
format (s,
"No such tunnel index: %d", itpi));
364 else if (flags & IPSEC_PROTECT_##a) \ 365 s = format (s, "%s", c); \ 366 foreach_ipsec_protect_flags 383 s =
format (s,
"\n output-sa:");
387 s =
format (s,
"\n input-sa:");
401 ipsec4_tunnel_key_t *
key = va_arg (*args, ipsec4_tunnel_key_t *);
403 s =
format (s,
"remote:%U spi:%u (0x%08x)",
405 clib_net_to_host_u32 (key->spi),
406 clib_net_to_host_u32 (key->spi));
414 ipsec6_tunnel_key_t *
key = va_arg (*args, ipsec6_tunnel_key_t *);
416 s =
format (s,
"remote:%U spi:%u (0x%08x)",
418 clib_net_to_host_u32 (key->spi),
419 clib_net_to_host_u32 (key->spi));
ip46_address_t tunnel_src_addr
vl_api_wireguard_peer_flags_t flags
vnet_main_t * vnet_get_main(void)
ip46_address_range_t laddr
#define foreach_ipsec_crypto_alg
enum ipsec_format_flags_t_ ipsec_format_flags_t
ipsec_integ_alg_t integ_alg
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Combined counter to hold both packets and byte differences.
#define foreach_ipsec_integ_alg
A Secruity Policy Database.
void ipsec_mk_key(ipsec_key_t *key, const u8 *data, u8 len)
format_function_t format_vnet_sw_if_index_name
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
vlib_combined_counter_main_t ipsec_spd_policy_counters
Policy packet & bytes counters.
counter_t packets
packet counter
ipsec_tun_protect_t * ipsec_tun_protect_pool
Pool of tunnel protection objects.
fib_node_index_t fib_entry_index
bool ip_address_is_zero(const ip_address_t *ip)
ipsec_spd_policy_type_t type
ip46_address_t tunnel_dst_addr
format_function_t format_ip46_address
static void vlib_get_combined_counter(const vlib_combined_counter_main_t *cm, u32 index, vlib_counter_t *result)
Get the value of a combined counter, never called in the speed path Scrapes the entire set of per-thr...
sll srl srl sll sra u16x4 i
#define vec_free(V)
Free vector's memory (no header).
ipsec_policy_action_t policy
u8 * format_ip_address(u8 *s, va_list *args)
enum ipsec_sad_flags_t_ ipsec_sa_flags_t
#define FOR_EACH_IPSEC_PROTECT_INPUT_SAI(_itp, _sai, body)
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
vlib_combined_counter_main_t ipsec_sa_counters
SA packet & bytes counters.
u8 data[IPSEC_KEY_MAX_LEN]
ipsec_policy_t * policies
u32 fib_table_get_table_id(u32 fib_index, fib_protocol_t proto)
Get the Table-ID of the FIB from protocol and index.
ipsec_protocol_t protocol
u8 * format_dpo_id(u8 *s, va_list *args)
Format a DPO_id_t oject.
counter_t bytes
byte counter
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
ip46_address_range_t raddr
u32 fn_locks
Number of dependents on this node.
ipsec_protect_flags_t itp_flags
u32 id
the User's ID for this policy
ipsec_crypto_alg_t crypto_alg
#define foreach_ipsec_spd_policy_type
enum ipsec_protect_flags_t_ ipsec_protect_flags_t