FD.io VPP  v21.06-3-gbb25fbf28
Vector Packet Processing
ipsec_format.c
Go to the documentation of this file.
1 /*
2  * decap.c : IPSec tunnel support
3  *
4  * Copyright (c) 2015 Cisco and/or its affiliates.
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
18 #include <vnet/vnet.h>
19 #include <vnet/api_errno.h>
20 #include <vnet/ip/ip.h>
21 #include <vnet/interface.h>
22 #include <vnet/fib/fib_table.h>
23 
24 #include <vnet/ipsec/ipsec.h>
25 #include <vnet/ipsec/ipsec_tun.h>
26 #include <vnet/ipsec/ipsec_itf.h>
27 
28 u8 *
29 format_ipsec_policy_action (u8 * s, va_list * args)
30 {
31  u32 i = va_arg (*args, u32);
32  char *t = 0;
33 
34  switch (i)
35  {
36 #define _(v,f,str) case IPSEC_POLICY_ACTION_##f: t = str; break;
38 #undef _
39  default:
40  s = format (s, "unknown");
41  }
42  s = format (s, "%s", t);
43  return s;
44 }
45 
46 u8 *
47 format_ipsec_policy_type (u8 * s, va_list * args)
48 {
49  u32 i = va_arg (*args, u32);
50  char *t = 0;
51 
52  switch (i)
53  {
54 #define _(f,str) case IPSEC_SPD_POLICY_##f: t = str; break;
56 #undef _
57  default:
58  s = format (s, "unknown");
59  }
60  s = format (s, "%s", t);
61  return s;
62 }
63 
64 uword
66 {
67  u32 *r = va_arg (*args, u32 *);
68 
69  if (0);
70 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_POLICY_ACTION_##f;
72 #undef _
73  else
74  return 0;
75  return 1;
76 }
77 
78 u8 *
79 format_ipsec_crypto_alg (u8 * s, va_list * args)
80 {
81  u32 i = va_arg (*args, u32);
82  u8 *t = 0;
83 
84  switch (i)
85  {
86 #define _(v,f,str) case IPSEC_CRYPTO_ALG_##f: t = (u8 *) str; break;
88 #undef _
89  default:
90  s = format (s, "unknown");
91  }
92  s = format (s, "%s", t);
93  return s;
94 }
95 
96 uword
98 {
99  ipsec_crypto_alg_t *r = va_arg (*args, ipsec_crypto_alg_t *);
100 
101  if (0);
102 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_CRYPTO_ALG_##f;
104 #undef _
105  else
106  return 0;
107  return 1;
108 }
109 
110 u8 *
111 format_ipsec_integ_alg (u8 * s, va_list * args)
112 {
113  u32 i = va_arg (*args, u32);
114  u8 *t = 0;
115 
116  switch (i)
117  {
118 #define _(v,f,str) case IPSEC_INTEG_ALG_##f: t = (u8 *) str; break;
120 #undef _
121  default:
122  s = format (s, "unknown");
123  }
124  s = format (s, "%s", t);
125  return s;
126 }
127 
128 uword
130 {
131  ipsec_integ_alg_t *r = va_arg (*args, ipsec_integ_alg_t *);
132 
133  if (0);
134 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_INTEG_ALG_##f;
136 #undef _
137  else
138  return 0;
139  return 1;
140 }
141 
142 u8 *
143 format_ipsec_replay_window (u8 * s, va_list * args)
144 {
145  u64 w = va_arg (*args, u64);
146  u8 i;
147 
148  for (i = 0; i < 64; i++)
149  {
150  s = format (s, "%u", w & (1ULL << i) ? 1 : 0);
151  }
152 
153  return s;
154 }
155 
156 u8 *
157 format_ipsec_policy (u8 * s, va_list * args)
158 {
159  u32 pi = va_arg (*args, u32);
160  ip46_type_t ip_type = IP46_TYPE_IP4;
162  ipsec_policy_t *p;
163  vlib_counter_t counts;
164 
165  p = pool_elt_at_index (im->policies, pi);
166 
167  s = format (s, " [%d] priority %d action %U type %U protocol ",
168  pi, p->priority,
171  if (p->protocol)
172  {
173  s = format (s, "%U", format_ip_protocol, p->protocol);
174  }
175  else
176  {
177  s = format (s, "any");
178  }
179  if (p->policy == IPSEC_POLICY_ACTION_PROTECT)
180  {
181  s = format (s, " sa %u", p->sa_id);
182  }
183  if (p->is_ipv6)
184  {
185  ip_type = IP46_TYPE_IP6;
186  }
187 
188  s = format (s, "\n local addr range %U - %U port range %u - %u",
189  format_ip46_address, &p->laddr.start, ip_type,
190  format_ip46_address, &p->laddr.stop, ip_type,
191  p->lport.start, p->lport.stop);
192  s = format (s, "\n remote addr range %U - %U port range %u - %u",
193  format_ip46_address, &p->raddr.start, ip_type,
194  format_ip46_address, &p->raddr.stop, ip_type,
195  p->rport.start, p->rport.stop);
196 
198  s = format (s, "\n packets %u bytes %u", counts.packets, counts.bytes);
199 
200  return (s);
201 }
202 
203 u8 *
204 format_ipsec_spd (u8 * s, va_list * args)
205 {
206  u32 si = va_arg (*args, u32);
208  ipsec_spd_t *spd;
209  u32 *i;
210 
211  if (pool_is_free_index (im->spds, si))
212  {
213  s = format (s, "No such SPD index: %d", si);
214  goto done;
215  }
216 
217  spd = pool_elt_at_index (im->spds, si);
218 
219  s = format (s, "spd %u", spd->id);
220 
221 #define _(v, n) \
222  s = format (s, "\n %s:", n); \
223  vec_foreach(i, spd->policies[IPSEC_SPD_POLICY_##v]) \
224  { \
225  s = format (s, "\n %U", format_ipsec_policy, *i); \
226  }
228 #undef _
229 
230 done:
231  return (s);
232 }
233 
234 u8 *
235 format_ipsec_key (u8 * s, va_list * args)
236 {
237  ipsec_key_t *key = va_arg (*args, ipsec_key_t *);
238 
239  return (format (s, "%U", format_hex_bytes, key->data, key->len));
240 }
241 
242 uword
243 unformat_ipsec_key (unformat_input_t * input, va_list * args)
244 {
245  ipsec_key_t *key = va_arg (*args, ipsec_key_t *);
246  u8 *data;
247 
248  if (unformat (input, "%U", unformat_hex_string, &data))
249  {
251  vec_free (data);
252  }
253  else
254  return 0;
255  return 1;
256 }
257 
258 u8 *
259 format_ipsec_sa_flags (u8 * s, va_list * args)
260 {
261  ipsec_sa_flags_t flags = va_arg (*args, int);
262 
263 #define _(v, f, str) if (flags & IPSEC_SA_FLAG_##f) s = format(s, "%s ", str);
265 #undef _
266  return (s);
267 }
268 
269 u8 *
270 format_ipsec_sa (u8 * s, va_list * args)
271 {
272  u32 sai = va_arg (*args, u32);
274  vlib_counter_t counts;
275  ipsec_sa_t *sa;
276 
278  {
279  s = format (s, "No such SA index: %d", sai);
280  goto done;
281  }
282 
283  sa = ipsec_sa_get (sai);
284 
285  s = format (s, "[%d] sa %u (0x%x) spi %u (0x%08x) protocol:%s flags:[%U]",
286  sai, sa->id, sa->id, sa->spi, sa->spi,
287  sa->protocol ? "esp" : "ah", format_ipsec_sa_flags, sa->flags);
288 
289  if (!(flags & IPSEC_FORMAT_DETAIL))
290  goto done;
291 
292  s = format (s, "\n locks %d", sa->node.fn_locks);
293  s = format (s, "\n salt 0x%x", clib_net_to_host_u32 (sa->salt));
294  s = format (s, "\n thread-index:%d", sa->thread_index);
295  s = format (s, "\n seq %u seq-hi %u", sa->seq, sa->seq_hi);
296  s = format (s, "\n last-seq %u last-seq-hi %u window %U",
297  sa->last_seq, sa->last_seq_hi,
299  s = format (s, "\n crypto alg %U",
301  if (sa->crypto_alg && (flags & IPSEC_FORMAT_INSECURE))
302  s = format (s, " key %U", format_ipsec_key, &sa->crypto_key);
303  else
304  s = format (s, " key [redacted]");
305  s = format (s, "\n integrity alg %U",
307  if (sa->integ_alg && (flags & IPSEC_FORMAT_INSECURE))
308  s = format (s, " key %U", format_ipsec_key, &sa->integ_key);
309  else
310  s = format (s, " key [redacted]");
311  s = format (s, "\n UDP:[src:%d dst:%d]",
312  clib_host_to_net_u16 (sa->udp_hdr.src_port),
313  clib_host_to_net_u16 (sa->udp_hdr.dst_port));
314 
316  s = format (s, "\n packets %u bytes %u", counts.packets, counts.bytes);
317 
318  if (ipsec_sa_is_set_IS_TUNNEL (sa))
319  s = format (s, "\n%U", format_tunnel, &sa->tunnel, 3);
320 
321 done:
322  return (s);
323 }
324 
325 u8 *
326 format_ipsec_tun_protect_index (u8 * s, va_list * args)
327 {
328  u32 itpi = va_arg (*args, index_t);
329  ipsec_tun_protect_t *itp;
330 
332  return (format (s, "No such tunnel index: %d", itpi));
333 
335 
336  return (format (s, "%U", format_ipsec_tun_protect, itp));
337 }
338 
339 u8 *
340 format_ipsec_tun_protect_flags (u8 * s, va_list * args)
341 {
342  ipsec_protect_flags_t flags = va_arg (*args, int);
343 
344  if (IPSEC_PROTECT_NONE == flags)
345  s = format (s, "none");
346 #define _(a,b,c) \
347  else if (flags & IPSEC_PROTECT_##a) \
348  s = format (s, "%s", c); \
349  foreach_ipsec_protect_flags
350 #undef _
351 
352  return (s);
353 }
354 
355 u8 *
356 format_ipsec_tun_protect (u8 * s, va_list * args)
357 {
358  ipsec_tun_protect_t *itp = va_arg (*args, ipsec_tun_protect_t *);
359  u32 sai;
360 
361  s = format (s, "%U flags:[%U]", format_vnet_sw_if_index_name,
364  if (!ip_address_is_zero (itp->itp_key))
365  s = format (s, ": %U", format_ip_address, itp->itp_key);
366  s = format (s, "\n output-sa:");
367  s = format (s, "\n %U", format_ipsec_sa, itp->itp_out_sa,
369 
370  s = format (s, "\n input-sa:");
371  /* *INDENT-OFF* */
373  ({
374  s = format (s, "\n %U", format_ipsec_sa, sai, IPSEC_FORMAT_BRIEF);
375  }));
376  /* *INDENT-ON* */
377 
378  return (s);
379 }
380 
381 u8 *
382 format_ipsec4_tunnel_kv (u8 * s, va_list * args)
383 {
384  ipsec4_tunnel_kv_t *kv = va_arg (*args, ipsec4_tunnel_kv_t *);
386  u32 spi;
387 
389 
390  s = format (s, "remote:%U spi:%u (0x%08x) sa:%d tun:%d",
392  clib_net_to_host_u32 (spi),
393  clib_net_to_host_u32 (spi),
394  kv->value.sa_index, kv->value.tun_index);
395 
396  return (s);
397 }
398 
399 u8 *
400 format_ipsec6_tunnel_kv (u8 * s, va_list * args)
401 {
402  ipsec6_tunnel_kv_t *kv = va_arg (*args, ipsec6_tunnel_kv_t *);
403 
404  s = format (s, "remote:%U spi:%u (0x%08x) sa:%d tun:%d",
406  clib_net_to_host_u32 (kv->key.spi),
407  clib_net_to_host_u32 (kv->key.spi),
408  kv->value.sa_index, kv->value.tun_index);
409 
410  return (s);
411 }
412 
413 u8 *
414 format_ipsec_itf (u8 * s, va_list * a)
415 {
416  index_t ii = va_arg (*a, index_t);
417  ipsec_itf_t *itf;
418 
419  itf = ipsec_itf_get (ii);
420  s = format (s, "[%d] %U %U",
423 
424  return (s);
425 }
426 
427 /*
428  * fd.io coding-style-patch-verification: ON
429  *
430  * Local Variables:
431  * eval: (c-set-style "gnu")
432  * End:
433  */
ipsec.h
ipsec4_tunnel_kv_t::value
ipsec_tun_lkup_result_t value
Definition: ipsec_tun.h:55
im
vnet_interface_main_t * im
Definition: interface_output.c:395
udp_header_t::src_port
u16 src_port
Definition: udp_packet.h:48
ipsec_tun.h
ipsec_tun_protect_pool
ipsec_tun_protect_t * ipsec_tun_protect_pool
Pool of tunnel protection objects.
Definition: ipsec_tun.c:43
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec_sa.h:176
ipsec_itf_t_::ii_mode
tunnel_mode_t ii_mode
Definition: ipsec_itf.h:96
ipsec_itf_t_::ii_sw_if_index
u32 ii_sw_if_index
Definition: ipsec_itf.h:98
ipsec_policy_t_::priority
i32 priority
Definition: ipsec_spd_policy.h:57
ipsec_tun_lkup_result_t_::tun_index
u32 tun_index
Definition: ipsec_tun.h:41
unformat_ipsec_key
uword unformat_ipsec_key(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:243
format_ip4_address
format_function_t format_ip4_address
Definition: format.h:73
format_ipsec_integ_alg
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:111
ipsec_tun_protect_t_::itp_flags
ipsec_protect_flags_t itp_flags
Definition: ipsec_tun.h:121
port_range_t::stop
u16 stop
Definition: ipsec_spd_policy.h:42
ipsec_policy_t_::raddr
ip46_address_range_t raddr
Definition: ipsec_spd_policy.h:65
ipsec_sa_t::thread_index
u32 thread_index
Definition: ipsec_sa.h:129
foreach_ipsec_spd_policy_type
#define foreach_ipsec_spd_policy_type
Definition: ipsec_spd.h:20
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:553
ipsec_itf_t_
A dedicated IPSec interface type.
Definition: ipsec_itf.h:94
format_ipsec_key
u8 * format_ipsec_key(u8 *s, va_list *args)
Definition: ipsec_format.c:235
format_hex_bytes
u8 * format_hex_bytes(u8 *s, va_list *va)
Definition: std-formats.c:84
IP46_TYPE_IP4
@ IP46_TYPE_IP4
Definition: ip46_address.h:26
ipsec6_tunnel_kv_t_::spi
u32 spi
Definition: ipsec_tun.h:86
fib_table.h
fib_node_t_::fn_locks
u32 fn_locks
Number of dependents on this node.
Definition: fib_node.h:321
format_ipsec_tun_protect_index
u8 * format_ipsec_tun_protect_index(u8 *s, va_list *args)
Definition: ipsec_format.c:326
ipsec_tun_protect_t_::itp_sw_if_index
u32 itp_sw_if_index
Definition: ipsec_tun.h:117
format_ipsec4_tunnel_kv
u8 * format_ipsec4_tunnel_kv(u8 *s, va_list *args)
Definition: ipsec_format.c:382
ipsec_sa_t::crypto_key
ipsec_key_t crypto_key
Definition: ipsec_sa.h:221
unformat_input_t
struct _unformat_input_t unformat_input_t
r
vnet_hw_if_output_node_runtime_t * r
Definition: interface_output.c:1071
ipsec_tun_lkup_result_t_::sa_index
u32 sa_index
Definition: ipsec_tun.h:42
ipsec_sa_t::tunnel
tunnel_t tunnel
Definition: ipsec_sa.h:206
ipsec_policy_t_::is_ipv6
u8 is_ipv6
Definition: ipsec_spd_policy.h:63
foreach_ipsec_policy_action
@ foreach_ipsec_policy_action
Definition: ipsec_spd_policy.h:29
ipsec_sa_t::udp_hdr
udp_header_t udp_hdr
Definition: ipsec_sa.h:171
unformat_ipsec_crypto_alg
uword unformat_ipsec_crypto_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:97
key
typedef key
Definition: ipsec_types.api:88
format_ipsec_replay_window
u8 * format_ipsec_replay_window(u8 *s, va_list *args)
Definition: ipsec_format.c:143
unformat
uword unformat(unformat_input_t *i, const char *fmt,...)
Definition: unformat.c:978
ipsec_spd_t::id
u32 id
the User's ID for this policy
Definition: ipsec_spd.h:49
pool_is_free_index
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
Definition: pool.h:302
ipsec4_tunnel_kv_t
Definition: ipsec_tun.h:48
format_tunnel_mode
u8 * format_tunnel_mode(u8 *s, va_list *args)
Definition: tunnel.c:36
FOR_EACH_IPSEC_PROTECT_INPUT_SAI
#define FOR_EACH_IPSEC_PROTECT_INPUT_SAI(_itp, _sai, body)
Definition: ipsec_tun.h:130
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec_sa.h:135
ipsec_sa_flags_t
enum ipsec_sad_flags_t_ ipsec_sa_flags_t
format_ipsec_tun_protect
u8 * format_ipsec_tun_protect(u8 *s, va_list *args)
Definition: ipsec_format.c:356
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
foreach_ipsec_integ_alg
#define foreach_ipsec_integ_alg
Definition: ipsec_sa.h:56
ipsec_tun_protect_t_
Definition: ipsec_tun.h:107
ipsec_itf.h
format_ipsec_crypto_alg
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:79
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec_sa.h:136
ipsec_sa_get
static ipsec_sa_t * ipsec_sa_get(u32 sa_index)
Definition: ipsec_sa.h:519
format_ipsec_tun_protect_flags
u8 * format_ipsec_tun_protect_flags(u8 *s, va_list *args)
Definition: ipsec_format.c:340
vnet_get_main
vnet_main_t * vnet_get_main(void)
Definition: pnat_test_stubs.h:56
vlib_counter_t
Combined counter to hold both packets and byte differences.
Definition: counter_types.h:26
ipsec_sa_counters
vlib_combined_counter_main_t ipsec_sa_counters
SA packet & bytes counters.
Definition: ipsec_sa.c:27
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec_spd_policy.h:37
ipsec_sa_t::integ_key
ipsec_key_t integ_key
Definition: ipsec_sa.h:220
format_ipsec6_tunnel_kv
u8 * format_ipsec6_tunnel_kv(u8 *s, va_list *args)
Definition: ipsec_format.c:400
ipsec_main_t
Definition: ipsec.h:108
index_t
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:43
ipsec_sa_t::seq
u32 seq
Definition: ipsec_sa.h:132
format_ip_address
u8 * format_ip_address(u8 *s, va_list *args)
Definition: ip_types.c:21
uword
u64 uword
Definition: types.h:112
format_ip_protocol
format_function_t format_ip_protocol
Definition: format.h:45
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.c:28
ipsec_tun_protect_t_::itp_out_sa
index_t itp_out_sa
Definition: ipsec_tun.h:110
interface.h
format_ipsec_spd
u8 * format_ipsec_spd(u8 *s, va_list *args)
Definition: ipsec_format.c:204
i
sll srl srl sll sra u16x4 i
Definition: vector_sse42.h:261
IPSEC_PROTECT_NONE
@ IPSEC_PROTECT_NONE
Definition: ipsec_tun.h:28
IPSEC_FORMAT_INSECURE
@ IPSEC_FORMAT_INSECURE
Definition: ipsec.h:216
ipsec_key_t_
Definition: ipsec_sa.h:80
format_ipsec_sa
u8 * format_ipsec_sa(u8 *s, va_list *args)
Definition: ipsec_format.c:270
ip4_address_t
Definition: ip4_packet.h:50
ipsec6_tunnel_kv_t_
Definition: ipsec_tun.h:77
vlib_counter_t::packets
counter_t packets
packet counter
Definition: counter_types.h:28
IP46_TYPE_IP6
@ IP46_TYPE_IP6
Definition: ip46_address.h:27
ipsec4_tunnel_extract_key
static void ipsec4_tunnel_extract_key(const ipsec4_tunnel_kv_t *k, ip4_address_t *ip, u32 *spi)
Definition: ipsec_tun.h:70
IPSEC_FORMAT_BRIEF
@ IPSEC_FORMAT_BRIEF
Definition: ipsec.h:214
ipsec_policy_t_::sa_id
u32 sa_id
Definition: ipsec_spd_policy.h:72
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec_sa.h:217
unformat_hex_string
unformat_function_t unformat_hex_string
Definition: format.h:281
data
u8 data[128]
Definition: ipsec_types.api:92
ipsec_sa_t
Definition: ipsec_sa.h:116
ip_address_is_zero
bool ip_address_is_zero(const ip_address_t *ip)
Definition: ip_types.c:102
vlib_get_combined_counter
static void vlib_get_combined_counter(const vlib_combined_counter_main_t *cm, u32 index, vlib_counter_t *result)
Get the value of a combined counter, never called in the speed path Scrapes the entire set of per-thr...
Definition: counter.h:272
vec_free
#define vec_free(V)
Free vector's memory (no header).
Definition: vec.h:395
ipsec_mk_key
void ipsec_mk_key(ipsec_key_t *key, const u8 *data, u8 len)
Definition: ipsec_sa.c:57
ip46_address_range_t::start
ip46_address_t start
Definition: ipsec_spd_policy.h:37
format_ipsec_policy_type
u8 * format_ipsec_policy_type(u8 *s, va_list *args)
Definition: ipsec_format.c:47
ipsec_policy_t_::rport
port_range_t rport
Definition: ipsec_spd_policy.h:68
spi
u32 spi
Definition: flow_types.api:140
u64
unsigned long u64
Definition: types.h:89
format_vnet_sw_if_index_name
format_function_t format_vnet_sw_if_index_name
Definition: interface_funcs.h:455
ipsec_itf_get
ipsec_itf_t * ipsec_itf_get(index_t ii)
Definition: ipsec_itf.c:34
format
description fragment has unexpected format
Definition: map.api:433
ipsec_spd_policy_counters
vlib_combined_counter_main_t ipsec_spd_policy_counters
Policy packet & bytes counters.
Definition: ipsec_spd_policy.c:22
format_ip46_address
format_function_t format_ip46_address
Definition: ip46_address.h:50
ip.h
u32
unsigned int u32
Definition: types.h:88
udp_header_t::dst_port
u16 dst_port
Definition: udp_packet.h:48
ipsec_policy_t_
A Secruity Policy.
Definition: ipsec_spd_policy.h:54
vlib_counter_t::bytes
counter_t bytes
byte counter
Definition: counter_types.h:29
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec_sa.h:134
ipsec_sa_t::node
fib_node_t node
Definition: ipsec_sa.h:208
foreach_ipsec_sa_flags
@ foreach_ipsec_sa_flags
Definition: ipsec_sa.h:110
si
vnet_sw_interface_t * si
Definition: interface_output.c:398
format_ipsec_policy
u8 * format_ipsec_policy(u8 *s, va_list *args)
Definition: ipsec_format.c:157
ipsec_spd_t
A Secruity Policy Database.
Definition: ipsec_spd.h:46
ipsec_sa_t::salt
u32 salt
Definition: ipsec_sa.h:174
ipsec6_tunnel_kv_t_::remote_ip
ip6_address_t remote_ip
Definition: ipsec_tun.h:85
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec_sa.h:133
ipsec_tun_protect_t_::itp_key
ip_address_t * itp_key
Definition: ipsec_tun.h:126
port_range_t::start
u16 start
Definition: ipsec_spd_policy.h:42
ipsec_policy_t_::lport
port_range_t lport
Definition: ipsec_spd_policy.h:67
ipsec_sa_t::id
u32 id
Definition: ipsec_sa.h:211
ipsec_policy_t_::type
ipsec_spd_policy_type_t type
Definition: ipsec_spd_policy.h:60
ipsec_policy_t_::laddr
ip46_address_range_t laddr
Definition: ipsec_spd_policy.h:64
u8
unsigned char u8
Definition: types.h:56
a
a
Definition: bitmap.h:544
unformat_ipsec_policy_action
uword unformat_ipsec_policy_action(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:65
ip
vl_api_address_t ip
Definition: l2.api:558
format_ip6_address
format_function_t format_ip6_address
Definition: format.h:91
IPSEC_FORMAT_DETAIL
@ IPSEC_FORMAT_DETAIL
Definition: ipsec.h:215
ip46_type_t
ip46_type_t
Definition: ip46_address.h:22
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec_sa.h:218
ipsec_protect_flags_t
enum ipsec_protect_flags_t_ ipsec_protect_flags_t
unformat_ipsec_integ_alg
uword unformat_ipsec_integ_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:129
ipsec_sa_t::flags
ipsec_sa_flags_t flags
Definition: ipsec_sa.h:121
vnet.h
api_errno.h
format_tunnel
u8 * format_tunnel(u8 *s, va_list *args)
Definition: tunnel.c:150
ipsec_policy_t_::policy
ipsec_policy_action_t policy
Definition: ipsec_spd_policy.h:71
format_ipsec_policy_action
u8 * format_ipsec_policy_action(u8 *s, va_list *args)
Definition: ipsec_format.c:29
foreach_ipsec_crypto_alg
#define foreach_ipsec_crypto_alg
Definition: ipsec_sa.h:24
ipsec_format_flags_t
enum ipsec_format_flags_t_ ipsec_format_flags_t
format_ipsec_itf
u8 * format_ipsec_itf(u8 *s, va_list *a)
Definition: ipsec_format.c:414
ipsec6_tunnel_kv_t_::value
ipsec_tun_lkup_result_t value
Definition: ipsec_tun.h:89
ipsec6_tunnel_kv_t_::key
struct ipsec6_tunnel_kv_t_::@455 key
ipsec_sa_t::spi
u32 spi
Definition: ipsec_sa.h:131
format_ipsec_sa_flags
u8 * format_ipsec_sa_flags(u8 *s, va_list *args)
Definition: ipsec_format.c:259
ipsec_sa_pool
ipsec_sa_t * ipsec_sa_pool
Pool of IPSec SAs.
Definition: ipsec_sa.c:32
ipsec_policy_t_::protocol
u8 protocol
Definition: ipsec_spd_policy.h:66
flags
vl_api_wireguard_peer_flags_t flags
Definition: wireguard.api:105