|
FD.io VPP
v21.06-3-gbb25fbf28
Vector Packet Processing
|
Go to the documentation of this file.
36 #define _(v,f,str) case IPSEC_POLICY_ACTION_##f: t = str; break;
54 #define _(f,str) case IPSEC_SPD_POLICY_##f: t = str; break;
70 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_POLICY_ACTION_##f;
86 #define _(v,f,str) case IPSEC_CRYPTO_ALG_##f: t = (u8 *) str; break;
99 ipsec_crypto_alg_t *
r = va_arg (*args, ipsec_crypto_alg_t *);
102 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_CRYPTO_ALG_##f;
118 #define _(v,f,str) case IPSEC_INTEG_ALG_##f: t = (u8 *) str; break;
122 s =
format (s,
"unknown");
131 ipsec_integ_alg_t *
r = va_arg (*args, ipsec_integ_alg_t *);
134 #define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_INTEG_ALG_##f;
145 u64 w = va_arg (*args,
u64);
148 for (
i = 0;
i < 64;
i++)
150 s =
format (s,
"%u", w & (1ULL <<
i) ? 1 : 0);
159 u32 pi = va_arg (*args,
u32);
167 s =
format (s,
" [%d] priority %d action %U type %U protocol ",
179 if (p->
policy == IPSEC_POLICY_ACTION_PROTECT)
188 s =
format (s,
"\n local addr range %U - %U port range %u - %u",
192 s =
format (s,
"\n remote addr range %U - %U port range %u - %u",
213 s =
format (s,
"No such SPD index: %d",
si);
222 s = format (s, "\n %s:", n); \
223 vec_foreach(i, spd->policies[IPSEC_SPD_POLICY_##v]) \
225 s = format (s, "\n %U", format_ipsec_policy, *i); \
263 #define _(v, f, str) if (flags & IPSEC_SA_FLAG_##f) s = format(s, "%s ", str);
272 u32 sai = va_arg (*args,
u32);
279 s =
format (s,
"No such SA index: %d", sai);
285 s =
format (s,
"[%d] sa %u (0x%x) spi %u (0x%08x) protocol:%s flags:[%U]",
293 s =
format (s,
"\n salt 0x%x", clib_net_to_host_u32 (sa->
salt));
296 s =
format (s,
"\n last-seq %u last-seq-hi %u window %U",
299 s =
format (s,
"\n crypto alg %U",
304 s =
format (s,
" key [redacted]");
305 s =
format (s,
"\n integrity alg %U",
310 s =
format (s,
" key [redacted]");
311 s =
format (s,
"\n UDP:[src:%d dst:%d]",
318 if (ipsec_sa_is_set_IS_TUNNEL (sa))
332 return (
format (s,
"No such tunnel index: %d", itpi));
347 else if (flags & IPSEC_PROTECT_##a) \
348 s = format (s, "%s", c); \
349 foreach_ipsec_protect_flags
366 s =
format (s,
"\n output-sa:");
370 s =
format (s,
"\n input-sa:");
390 s =
format (s,
"remote:%U spi:%u (0x%08x) sa:%d tun:%d",
392 clib_net_to_host_u32 (
spi),
393 clib_net_to_host_u32 (
spi),
404 s =
format (s,
"remote:%U spi:%u (0x%08x) sa:%d tun:%d",
406 clib_net_to_host_u32 (kv->
key.
spi),
407 clib_net_to_host_u32 (kv->
key.
spi),
420 s =
format (s,
"[%d] %U %U",
ipsec_tun_lkup_result_t value
vnet_interface_main_t * im
ipsec_tun_protect_t * ipsec_tun_protect_pool
Pool of tunnel protection objects.
ipsec_protocol_t protocol
ipsec_protect_flags_t itp_flags
ip46_address_range_t raddr
#define foreach_ipsec_spd_policy_type
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
A dedicated IPSec interface type.
u32 fn_locks
Number of dependents on this node.
vnet_hw_if_output_node_runtime_t * r
@ foreach_ipsec_policy_action
u32 id
the User's ID for this policy
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
u8 * format_tunnel_mode(u8 *s, va_list *args)
#define FOR_EACH_IPSEC_PROTECT_INPUT_SAI(_itp, _sai, body)
enum ipsec_sad_flags_t_ ipsec_sa_flags_t
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
#define foreach_ipsec_integ_alg
static ipsec_sa_t * ipsec_sa_get(u32 sa_index)
vnet_main_t * vnet_get_main(void)
Combined counter to hold both packets and byte differences.
vlib_combined_counter_main_t ipsec_sa_counters
SA packet & bytes counters.
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
u8 * format_ip_address(u8 *s, va_list *args)
sll srl srl sll sra u16x4 i
counter_t packets
packet counter
static void ipsec4_tunnel_extract_key(const ipsec4_tunnel_kv_t *k, ip4_address_t *ip, u32 *spi)
ipsec_crypto_alg_t crypto_alg
bool ip_address_is_zero(const ip_address_t *ip)
static void vlib_get_combined_counter(const vlib_combined_counter_main_t *cm, u32 index, vlib_counter_t *result)
Get the value of a combined counter, never called in the speed path Scrapes the entire set of per-thr...
#define vec_free(V)
Free vector's memory (no header).
void ipsec_mk_key(ipsec_key_t *key, const u8 *data, u8 len)
format_function_t format_vnet_sw_if_index_name
ipsec_itf_t * ipsec_itf_get(index_t ii)
description fragment has unexpected format
vlib_combined_counter_main_t ipsec_spd_policy_counters
Policy packet & bytes counters.
format_function_t format_ip46_address
counter_t bytes
byte counter
A Secruity Policy Database.
ipsec_spd_policy_type_t type
ip46_address_range_t laddr
ipsec_integ_alg_t integ_alg
enum ipsec_protect_flags_t_ ipsec_protect_flags_t
u8 * format_tunnel(u8 *s, va_list *args)
ipsec_policy_action_t policy
#define foreach_ipsec_crypto_alg
enum ipsec_format_flags_t_ ipsec_format_flags_t
ipsec_tun_lkup_result_t value
struct ipsec6_tunnel_kv_t_::@455 key
ipsec_sa_t * ipsec_sa_pool
Pool of IPSec SAs.
vl_api_wireguard_peer_flags_t flags