FD.io VPP  v21.10.1-2-g0a485f517
Vector Packet Processing
ikev2.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __included_ikev2_h__
16 #define __included_ikev2_h__
17 
18 #include <vnet/vnet.h>
19 #include <vnet/ip/ip.h>
20 
21 #include <vppinfra/error.h>
22 
23 #define IKEV2_NONCE_SIZE 32
24 #define IKEV2_PORT 500
25 #define IKEV2_PORT_NATT 4500
26 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
27 
28 #define IKEV2_GCM_ICV_SIZE 16
29 #define IKEV2_GCM_NONCE_SIZE 12
30 #define IKEV2_GCM_SALT_SIZE 4
31 #define IKEV2_GCM_IV_SIZE (IKEV2_GCM_NONCE_SIZE - IKEV2_GCM_SALT_SIZE)
32 
33 typedef u8 v8;
34 
35 /* *INDENT-OFF* */
36 typedef CLIB_PACKED (struct {
37  u64 ispi;
38  u64 rspi;
39  u8 nextpayload;
40  u8 version;
41  u8 exchange;
42  u8 flags;
43  u32 msgid; u32 length; u8 payload[0];
44 }) ike_header_t;
45 /* *INDENT-ON* */
46 
47 #define ike_hdr_is_response(_h) ((_h)->flags & IKEV2_HDR_FLAG_RESPONSE)
48 #define ike_hdr_is_request(_h) (!ike_hdr_is_response(_h))
49 #define ike_hdr_is_initiator(_h) ((_h)->flags & IKEV2_HDR_FLAG_INITIATOR)
50 #define ike_hdr_is_responder(_h) (!(ike_hdr_is_initiator(_h)))
51 
52 /* *INDENT-OFF* */
53 typedef CLIB_PACKED (struct {
54  u8 nextpayload;
55  u8 flags;
56  u16 length;
57  u16 dh_group;
58  u8 reserved[2];
59  u8 payload[0];
60 }) ike_ke_payload_header_t;
61 /* *INDENT-ON* */
62 
63 /* *INDENT-OFF* */
64 typedef CLIB_PACKED (struct {
65  u8 nextpayload;
66  u8 flags;
67  u16 length; u8 payload[0];
68 }) ike_payload_header_t;
69 /* *INDENT-ON* */
70 
71 /* *INDENT-OFF* */
72 typedef CLIB_PACKED (struct {
73  u8 nextpayload;
74  u8 flags;
75  u16 length;
76  u8 auth_method;
77  u8 reserved[3];
78  u8 payload[0];
79 }) ike_auth_payload_header_t;
80 /* *INDENT-ON* */
81 
82 /* *INDENT-OFF* */
83 typedef CLIB_PACKED (struct {
84  u8 nextpayload;
85  u8 flags;
86  u16 length;
87  u8 id_type;
88  u8 reserved[3]; u8 payload[0];
89 }) ike_id_payload_header_t;
90 /* *INDENT-ON* */
91 
92 #define IKE_VERSION_2 0x20
93 
94 #define IKEV2_EXCHANGE_SA_INIT 34
95 #define IKEV2_EXCHANGE_IKE_AUTH 35
96 #define IKEV2_EXCHANGE_CREATE_CHILD_SA 36
97 #define IKEV2_EXCHANGE_INFORMATIONAL 37
98 
99 #define IKEV2_HDR_FLAG_INITIATOR (1<<3)
100 #define IKEV2_HDR_FLAG_VERSION (1<<4)
101 #define IKEV2_HDR_FLAG_RESPONSE (1<<5)
102 
103 #define IKEV2_PAYLOAD_FLAG_CRITICAL (1<<7)
104 
105 #define IKEV2_PAYLOAD_NONE 0
106 #define IKEV2_PAYLOAD_NAT_D 20
107 #define IKEV2_PAYLOAD_NAT_OA 21
108 #define IKEV2_PAYLOAD_SA 33
109 #define IKEV2_PAYLOAD_KE 34
110 #define IKEV2_PAYLOAD_IDI 35
111 #define IKEV2_PAYLOAD_IDR 36
112 #define IKEV2_PAYLOAD_AUTH 39
113 #define IKEV2_PAYLOAD_NONCE 40
114 #define IKEV2_PAYLOAD_NOTIFY 41
115 #define IKEV2_PAYLOAD_DELETE 42
116 #define IKEV2_PAYLOAD_VENDOR 43
117 #define IKEV2_PAYLOAD_TSI 44
118 #define IKEV2_PAYLOAD_TSR 45
119 #define IKEV2_PAYLOAD_SK 46
120 
121 typedef enum
122 {
123  IKEV2_PROTOCOL_IKE = 1,
124  IKEV2_PROTOCOL_AH = 2,
125  IKEV2_PROTOCOL_ESP = 3,
126 } ikev2_protocol_id_t;
127 
128 #define foreach_ikev2_notify_msg_type \
129  _( 0, NONE) \
130  _( 1, UNSUPPORTED_CRITICAL_PAYLOAD) \
131  _( 4, INVALID_IKE_SPI) \
132  _( 5, INVALID_MAJOR_VERSION) \
133  _( 7, INVALID_SYNTAX) \
134  _( 8, INVALID_MESSAGE_ID) \
135  _( 11, INVALID_SPI) \
136  _( 14, NO_PROPOSAL_CHOSEN) \
137  _( 17, INVALID_KE_PAYLOAD) \
138  _( 24, AUTHENTICATION_FAILED) \
139  _( 34, SINGLE_PAIR_REQUIRED) \
140  _( 35, NO_ADDITIONAL_SAS) \
141  _( 36, INTERNAL_ADDRESS_FAILURE) \
142  _( 37, FAILED_CP_REQUIRED) \
143  _( 38, TS_UNACCEPTABLE) \
144  _( 39, INVALID_SELECTORS) \
145  _( 40, UNACCEPTABLE_ADDRESSES) \
146  _( 41, UNEXPECTED_NAT_DETECTED) \
147  _( 42, USE_ASSIGNED_HoA) \
148  _( 43, TEMPORARY_FAILURE) \
149  _( 44, CHILD_SA_NOT_FOUND) \
150  _( 45, INVALID_GROUP_ID) \
151  _( 46, AUTHORIZATION_FAILED) \
152  _(16384, INITIAL_CONTACT) \
153  _(16385, SET_WINDOW_SIZE) \
154  _(16386, ADDITIONAL_TS_POSSIBLE) \
155  _(16387, IPCOMP_SUPPORTED) \
156  _(16388, NAT_DETECTION_SOURCE_IP) \
157  _(16389, NAT_DETECTION_DESTINATION_IP) \
158  _(16390, COOKIE) \
159  _(16391, USE_TRANSPORT_MODE) \
160  _(16392, HTTP_CERT_LOOKUP_SUPPORTED) \
161  _(16393, REKEY_SA) \
162  _(16394, ESP_TFC_PADDING_NOT_SUPPORTED) \
163  _(16395, NON_FIRST_FRAGMENTS_ALSO) \
164  _(16396, MOBIKE_SUPPORTED) \
165  _(16397, ADDITIONAL_IP4_ADDRESS) \
166  _(16398, ADDITIONAL_IP6_ADDRESS) \
167  _(16399, NO_ADDITIONAL_ADDRESSES) \
168  _(16400, UPDATE_SA_ADDRESSES) \
169  _(16401, COOKIE2) \
170  _(16402, NO_NATS_ALLOWED) \
171  _(16403, AUTH_LIFETIME) \
172  _(16404, MULTIPLE_AUTH_SUPPORTED) \
173  _(16405, ANOTHER_AUTH_FOLLOWS) \
174  _(16406, REDIRECT_SUPPORTED) \
175  _(16407, REDIRECT) \
176  _(16408, REDIRECTED_FROM) \
177  _(16409, TICKET_LT_OPAQUE) \
178  _(16410, TICKET_REQUEST) \
179  _(16411, TICKET_ACK) \
180  _(16412, TICKET_NACK) \
181  _(16413, TICKET_OPAQUE) \
182  _(16414, LINK_ID) \
183  _(16415, USE_WESP_MODE) \
184  _(16416, ROHC_SUPPORTED) \
185  _(16417, EAP_ONLY_AUTHENTICATION) \
186  _(16418, CHILDLESS_IKEV2_SUPPORTED) \
187  _(16419, QUICK_CRASH_DETECTION) \
188  _(16420, IKEV2_MESSAGE_ID_SYNC_SUPPORTED) \
189  _(16421, IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED) \
190  _(16422, IKEV2_MESSAGE_ID_SYNC) \
191  _(16423, IPSEC_REPLAY_COUNTER_SYNC) \
192  _(16424, SECURE_PASSWORD_METHODS) \
193  _(16425, PSK_PERSIST) \
194  _(16426, PSK_CONFIRM) \
195  _(16427, ERX_SUPPORTED) \
196  _(16428, IFOM_CAPABILITY) \
197  _(16429, SENDER_REQUEST_ID) \
198  _(16430, IKEV2_FRAGMENTATION_SUPPORTED) \
199  _(16431, SIGNATURE_HASH_ALGORITHMS)
200 
201 
202 typedef enum
203 {
204 #define _(v,f) IKEV2_NOTIFY_MSG_##f = v,
205  foreach_ikev2_notify_msg_type
206 #undef _
207 } ikev2_notify_msg_type_t;
208 
209 #define foreach_ikev2_transform_type \
210  _(0, UNDEFINED, "undefined") \
211  _(1, ENCR, "encr") \
212  _(2, PRF, "prf") \
213  _(3, INTEG, "integ") \
214  _(4, DH, "dh-group") \
215  _(5, ESN, "esn")
216 
217 typedef enum
218 {
219 #define _(v,f,s) IKEV2_TRANSFORM_TYPE_##f = v,
220  foreach_ikev2_transform_type
221 #undef _
222  IKEV2_TRANSFORM_NUM_TYPES
223 } ikev2_transform_type_t;
224 
225 
226 #define foreach_ikev2_transform_encr_type \
227  _(1 , DES_IV64, "des-iv64") \
228  _(2 , DES, "des") \
229  _(3 , 3DES, "3des") \
230  _(4 , RC5, "rc5") \
231  _(5 , IDEA, "idea") \
232  _(6 , CAST, "cast") \
233  _(7 , BLOWFISH, "blowfish") \
234  _(8 , 3IDEA, "3idea") \
235  _(9 , DES_IV32, "des-iv32") \
236  _(11, NULL, "null") \
237  _(12, AES_CBC, "aes-cbc") \
238  _(13, AES_CTR, "aes-ctr") \
239  _(20, AES_GCM_16, "aes-gcm-16")
240 
241 typedef enum
242 {
243 #define _(v,f,str) IKEV2_TRANSFORM_ENCR_TYPE_##f = v,
244  foreach_ikev2_transform_encr_type
245 #undef _
246 } ikev2_transform_encr_type_t;
247 
248 #define foreach_ikev2_transform_prf_type \
249  _(1, PRF_HMAC_MD5, "hmac-md5") \
250  _(2, PRF_HMAC_SHA1, "hmac-sha1") \
251  _(3, PRF_MAC_TIGER, "mac-tiger") \
252  _(4, PRF_AES128_XCBC, "aes128-xcbc") \
253  _(5, PRF_HMAC_SHA2_256, "hmac-sha2-256") \
254  _(6, PRF_HMAC_SHA2_384, "hmac-sha2-384") \
255  _(7, PRF_HMAC_SHA2_512, "hmac-sha2-512") \
256  _(8, PRF_AES128_CMAC, "aes128-cmac")
257 
258 typedef enum
259 {
260 #define _(v,f,str) IKEV2_TRANSFORM_PRF_TYPE_##f = v,
261  foreach_ikev2_transform_prf_type
262 #undef _
263 } ikev2_transform_prf_type_t;
264 
265 #define foreach_ikev2_transform_integ_type \
266  _(0, NONE, "none") \
267  _(1, AUTH_HMAC_MD5_96, "md5-96") \
268  _(2, AUTH_HMAC_SHA1_96, "sha1-96") \
269  _(3, AUTH_DES_MAC, "des-mac") \
270  _(4, AUTH_KPDK_MD5, "kpdk-md5") \
271  _(5, AUTH_AES_XCBC_96, "aes-xcbc-96") \
272  _(6, AUTH_HMAC_MD5_128, "md5-128") \
273  _(7, AUTH_HMAC_SHA1_160, "sha1-160") \
274  _(8, AUTH_AES_CMAC_96, "cmac-96") \
275  _(9, AUTH_AES_128_GMAC, "aes-128-gmac") \
276  _(10, AUTH_AES_192_GMAC, "aes-192-gmac") \
277  _(11, AUTH_AES_256_GMAC, "aes-256-gmac") \
278  _(12, AUTH_HMAC_SHA2_256_128, "hmac-sha2-256-128") \
279  _(13, AUTH_HMAC_SHA2_384_192, "hmac-sha2-384-192") \
280  _(14, AUTH_HMAC_SHA2_512_256, "hmac-sha2-512-256")
281 
282 typedef enum
283 {
284 #define _(v,f, str) IKEV2_TRANSFORM_INTEG_TYPE_##f = v,
285  foreach_ikev2_transform_integ_type
286 #undef _
287 } ikev2_transform_integ_type_t;
288 
289 #if defined(OPENSSL_NO_CISCO_FECDH)
290 #define foreach_ikev2_transform_dh_type \
291  _(0, NONE, "none") \
292  _(1, MODP_768, "modp-768") \
293  _(2, MODP_1024, "modp-1024") \
294  _(5, MODP_1536, "modp-1536") \
295  _(14, MODP_2048, "modp-2048") \
296  _(15, MODP_3072, "modp-3072") \
297  _(16, MODP_4096, "modp-4096") \
298  _(17, MODP_6144, "modp-6144") \
299  _(18, MODP_8192, "modp-8192") \
300  _(19, ECP_256, "ecp-256") \
301  _(20, ECP_384, "ecp-384") \
302  _(21, ECP_521, "ecp-521") \
303  _(22, MODP_1024_160, "modp-1024-160") \
304  _(23, MODP_2048_224, "modp-2048-224") \
305  _(24, MODP_2048_256, "modp-2048-256") \
306  _(25, ECP_192, "ecp-192") \
307  _(26, ECP_224, "ecp-224") \
308  _(27, BRAINPOOL_224, "brainpool-224") \
309  _(28, BRAINPOOL_256, "brainpool-256") \
310  _(29, BRAINPOOL_384, "brainpool-384") \
311  _(30, BRAINPOOL_512, "brainpool-512")
312 #else
313 #define foreach_ikev2_transform_dh_type \
314  _(0, NONE, "none") \
315  _(1, MODP_768, "modp-768") \
316  _(2, MODP_1024, "modp-1024") \
317  _(5, MODP_1536, "modp-1536") \
318  _(14, MODP_2048, "modp-2048") \
319  _(15, MODP_3072, "modp-3072") \
320  _(16, MODP_4096, "modp-4096") \
321  _(17, MODP_6144, "modp-6144") \
322  _(18, MODP_8192, "modp-8192") \
323  _(19, ECP_256, "ecp-256") \
324  _(20, ECP_384, "ecp-384") \
325  _(21, ECP_521, "ecp-521") \
326  _(22, MODP_1024_160, "modp-1024-160") \
327  _(23, MODP_2048_224, "modp-2048-224") \
328  _(24, MODP_2048_256, "modp-2048-256") \
329  _(25, ECP_192, "ecp-192")
330 #endif
331 
332 typedef enum
333 {
334 #define _(v,f, str) IKEV2_TRANSFORM_DH_TYPE_##f = v,
335  foreach_ikev2_transform_dh_type
336 #undef _
337 } ikev2_transform_dh_type_t;
338 
339 #define foreach_ikev2_transform_esn_type \
340  _(0, NO_ESN, "no") \
341  _(1, ESN, "yes")
342 
343 typedef enum
344 {
345 #define _(v,f,str) IKEV2_TRANSFORM_ESN_TYPE_##f = v,
346  foreach_ikev2_transform_esn_type
347 #undef _
348 } ikev2_transform_esn_type_t;
349 
350 #define foreach_ikev2_auth_method \
351  _( 1, RSA_SIG, "rsa-sig") \
352  _( 2, SHARED_KEY_MIC, "shared-key-mic")
353 
354 typedef enum
355 {
356 #define _(v,f,s) IKEV2_AUTH_METHOD_##f = v,
357  foreach_ikev2_auth_method
358 #undef _
359 } ikev2_auth_method_t;
360 
361 #define foreach_ikev2_id_type \
362  _( 1, ID_IPV4_ADDR, "ip4-addr") \
363  _( 2, ID_FQDN, "fqdn") \
364  _( 3, ID_RFC822_ADDR, "rfc822") \
365  _( 5, ID_IPV6_ADDR, "ip6-addr") \
366  _( 9, ID_DER_ASN1_DN, "der-asn1-dn") \
367  _(10, ID_DER_ASN1_GN, "der-asn1-gn") \
368  _(11, ID_KEY_ID, "key-id")
369 
370 typedef enum
371 {
372 #define _(v,f,s) IKEV2_ID_TYPE_##f = v,
373  foreach_ikev2_id_type
374 #undef _
375 } ikev2_id_type_t;
376 
377 typedef enum
378 {
379  TS_IPV4_ADDR_RANGE = 7,
380  TS_IPV6_ADDR_RANGE = 8,
381 } ikev2_traffic_selector_type_t;
382 
383 clib_error_t *ikev2_init (vlib_main_t * vm);
384 clib_error_t *ikev2_set_local_key (vlib_main_t * vm, u8 * file);
385 clib_error_t *ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add);
386 clib_error_t *ikev2_set_profile_auth (vlib_main_t * vm, u8 * name,
387  u8 auth_method, u8 * data,
388  u8 data_hex_format);
389 clib_error_t *ikev2_set_profile_id (vlib_main_t * vm, u8 * name,
390  u8 id_type, u8 * data, int is_local);
391 clib_error_t *ikev2_set_profile_ts (vlib_main_t * vm, u8 * name,
392  u8 protocol_id, u16 start_port,
393  u16 end_port, ip_address_t start_addr,
394  ip_address_t end_addr, int is_local);
395 clib_error_t *ikev2_set_profile_responder (vlib_main_t * vm, u8 * name,
396  u32 sw_if_index,
397  ip_address_t addr);
398 clib_error_t *ikev2_set_profile_responder_hostname (vlib_main_t *vm, u8 *name,
399  u8 *hostname,
400  u32 sw_if_index);
401 clib_error_t *ikev2_set_profile_ike_transforms (vlib_main_t * vm, u8 * name,
402  ikev2_transform_encr_type_t
403  crypto_alg,
404  ikev2_transform_integ_type_t
405  integ_alg,
406  ikev2_transform_dh_type_t
407  dh_type, u32 crypto_key_size);
408 clib_error_t *ikev2_set_profile_esp_transforms (vlib_main_t * vm, u8 * name,
409  ikev2_transform_encr_type_t
410  crypto_alg,
411  ikev2_transform_integ_type_t
412  integ_alg,
413  u32 crypto_key_size);
414 clib_error_t *ikev2_set_profile_sa_lifetime (vlib_main_t * vm, u8 * name,
415  u64 lifetime, u32 jitter,
416  u32 handover, u64 maxdata);
417 clib_error_t *ikev2_set_profile_tunnel_interface (vlib_main_t * vm, u8 * name,
418  u32 sw_if_index);
419 vnet_api_error_t ikev2_set_profile_ipsec_udp_port (vlib_main_t * vm,
420  u8 * name, u16 port,
421  u8 is_set);
422 clib_error_t *ikev2_set_profile_udp_encap (vlib_main_t * vm, u8 * name);
423 clib_error_t *ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name);
424 clib_error_t *ikev2_initiate_delete_child_sa (vlib_main_t * vm, u32 ispi);
425 clib_error_t *ikev2_initiate_delete_ike_sa (vlib_main_t * vm, u64 ispi);
426 clib_error_t *ikev2_initiate_rekey_child_sa (vlib_main_t * vm, u32 ispi);
427 
428 /* ikev2_format.c */
429 u8 *format_ikev2_auth_method (u8 * s, va_list * args);
430 u8 *format_ikev2_id_type (u8 * s, va_list * args);
431 u8 *format_ikev2_transform_type (u8 * s, va_list * args);
432 u8 *format_ikev2_notify_msg_type (u8 * s, va_list * args);
433 u8 *format_ikev2_transform_encr_type (u8 * s, va_list * args);
434 u8 *format_ikev2_transform_prf_type (u8 * s, va_list * args);
435 u8 *format_ikev2_transform_integ_type (u8 * s, va_list * args);
436 u8 *format_ikev2_transform_dh_type (u8 * s, va_list * args);
437 u8 *format_ikev2_transform_esn_type (u8 * s, va_list * args);
438 u8 *format_ikev2_sa_transform (u8 * s, va_list * args);
439 
440 uword unformat_ikev2_auth_method (unformat_input_t * input, va_list * args);
441 uword unformat_ikev2_id_type (unformat_input_t * input, va_list * args);
442 uword unformat_ikev2_transform_type (unformat_input_t * input,
443  va_list * args);
444 uword unformat_ikev2_transform_encr_type (unformat_input_t * input,
445  va_list * args);
446 uword unformat_ikev2_transform_prf_type (unformat_input_t * input,
447  va_list * args);
448 uword unformat_ikev2_transform_integ_type (unformat_input_t * input,
449  va_list * args);
450 uword unformat_ikev2_transform_dh_type (unformat_input_t * input,
451  va_list * args);
452 uword unformat_ikev2_transform_esn_type (unformat_input_t * input,
453  va_list * args);
454 void ikev2_cli_reference (void);
455 
456 clib_error_t *ikev2_set_liveness_params (u32 period, u32 max_retries);
457 
458 #endif /* __included_ikev2_h__ */
459 
460 
461 /*
462  * fd.io coding-style-patch-verification: ON
463  *
464  * Local Variables:
465  * eval: (c-set-style "gnu")
466  * End:
467  */
ikev2_protocol_id_t
ikev2_protocol_id_t
Definition: ikev2.h:121
ip_address
Definition: ip_types.h:79
ispi
u64 ispi
Definition: ikev2_types.api:146
end_addr
vl_api_address_t end_addr
Definition: ikev2_types.api:38
foreach_ikev2_notify_msg_type
#define foreach_ikev2_notify_msg_type
Definition: ikev2.h:128
format_ikev2_sa_transform
u8 * format_ikev2_sa_transform(u8 *s, va_list *args)
Definition: ikev2_format.c:25
ikev2_transform_esn_type_t
ikev2_transform_esn_type_t
Definition: ikev2.h:343
unformat_ikev2_id_type
uword unformat_ikev2_id_type(unformat_input_t *input, va_list *args)
foreach_ikev2_transform_integ_type
#define foreach_ikev2_transform_integ_type
Definition: ikev2.h:265
ikev2_set_profile_auth
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *data, u8 data_hex_format)
Definition: ikev2.c:3918
foreach_ikev2_auth_method
#define foreach_ikev2_auth_method
Definition: ikev2.h:350
name
string name[64]
Definition: fib.api:25
format_ikev2_id_type
u8 * format_ikev2_id_type(u8 *s, va_list *args)
ikev2_set_profile_responder_hostname
clib_error_t * ikev2_set_profile_responder_hostname(vlib_main_t *vm, u8 *name, u8 *hostname, u32 sw_if_index)
Definition: ikev2.c:4055
foreach_ikev2_transform_encr_type
#define foreach_ikev2_transform_encr_type
Definition: ikev2.h:226
handover
u32 handover
Definition: ikev2_types.api:83
format_ikev2_transform_prf_type
u8 * format_ikev2_transform_prf_type(u8 *s, va_list *args)
ikev2_set_profile_sa_lifetime
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
Definition: ikev2.c:4210
TS_IPV4_ADDR_RANGE
@ TS_IPV4_ADDR_RANGE
Definition: ikev2.h:379
unformat_ikev2_transform_type
uword unformat_ikev2_transform_type(unformat_input_t *input, va_list *args)
u16
unsigned short u16
Definition: types.h:57
foreach_ikev2_transform_esn_type
#define foreach_ikev2_transform_esn_type
Definition: ikev2.h:339
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
IKEV2_PROTOCOL_ESP
@ IKEV2_PROTOCOL_ESP
Definition: ikev2.h:125
ikev2_init
clib_error_t * ikev2_init(vlib_main_t *vm)
Definition: ikev2.c:4750
port
u16 port
Definition: lb_types.api:73
unformat_input_t
struct _unformat_input_t unformat_input_t
start_addr
vl_api_address_t start_addr
Definition: ikev2_types.api:37
addr
vhost_vring_addr_t addr
Definition: vhost_user.h:130
start_port
u16 start_port
Definition: ikev2_types.api:35
unformat_ikev2_transform_encr_type
uword unformat_ikev2_transform_encr_type(unformat_input_t *input, va_list *args)
hostname
string hostname[64]
Definition: dhcp.api:159
ikev2_transform_prf_type_t
ikev2_transform_prf_type_t
Definition: ikev2.h:258
error.h
v8
u8 v8
Definition: ikev2.h:33
IKEV2_PROTOCOL_AH
@ IKEV2_PROTOCOL_AH
Definition: ikev2.h:124
ikev2_set_local_key
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
Definition: ikev2.c:3711
ikev2_auth_method_t
ikev2_auth_method_t
Definition: ikev2.h:354
format_ikev2_transform_type
u8 * format_ikev2_transform_type(u8 *s, va_list *args)
ikev2_set_profile_ipsec_udp_port
vnet_api_error_t ikev2_set_profile_ipsec_udp_port(vlib_main_t *vm, u8 *name, u16 port, u8 is_set)
Definition: ikev2.c:4167
format_ikev2_transform_dh_type
u8 * format_ikev2_transform_dh_type(u8 *s, va_list *args)
foreach_ikev2_transform_prf_type
#define foreach_ikev2_transform_prf_type
Definition: ikev2.h:248
uword
u64 uword
Definition: types.h:112
lifetime
u64 lifetime
Definition: ikev2_types.api:80
format_ikev2_transform_integ_type
u8 * format_ikev2_transform_integ_type(u8 *s, va_list *args)
foreach_ikev2_id_type
#define foreach_ikev2_id_type
Definition: ikev2.h:361
unformat_ikev2_transform_dh_type
uword unformat_ikev2_transform_dh_type(unformat_input_t *input, va_list *args)
IKEV2_PROTOCOL_IKE
@ IKEV2_PROTOCOL_IKE
Definition: ikev2.h:123
crypto_key_size
u32 crypto_key_size
Definition: ikev2_types.api:58
ikev2_id_type_t
ikev2_id_type_t
Definition: ikev2.h:370
ikev2_notify_msg_type_t
ikev2_notify_msg_type_t
Definition: ikev2.h:202
format_ikev2_transform_esn_type
u8 * format_ikev2_transform_esn_type(u8 *s, va_list *args)
dh_group
u8 dh_group
Definition: ikev2_types.api:60
ikev2_set_profile_udp_encap
clib_error_t * ikev2_set_profile_udp_encap(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:4194
unformat_ikev2_transform_esn_type
uword unformat_ikev2_transform_esn_type(unformat_input_t *input, va_list *args)
data
u8 data[128]
Definition: ipsec_types.api:95
ikev2_set_profile_ike_transforms
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:4099
CLIB_PACKED
typedef CLIB_PACKED(struct { u64 ispi;u64 rspi;u8 nextpayload;u8 version;u8 exchange;u8 flags;u32 msgid;u32 length;u8 payload[0];}) ike_header_t
ikev2_initiate_sa_init
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:4292
ikev2_initiate_rekey_child_sa
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:4642
ikev2_traffic_selector_type_t
ikev2_traffic_selector_type_t
Definition: ikev2.h:377
foreach_ikev2_transform_type
#define foreach_ikev2_transform_type
Definition: ikev2.h:209
u64
unsigned long u64
Definition: types.h:89
unformat_ikev2_transform_prf_type
uword unformat_ikev2_transform_prf_type(unformat_input_t *input, va_list *args)
end_port
u16 end_port
Definition: ikev2_types.api:36
version
option version
Definition: sample.api:19
foreach_ikev2_transform_dh_type
#define foreach_ikev2_transform_dh_type
Definition: ikev2.h:313
ikev2_initiate_delete_ike_sa
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
Definition: ikev2.c:4559
ikev2_cli_reference
void ikev2_cli_reference(void)
Definition: ikev2_cli.c:809
ip.h
IKEV2_TRANSFORM_NUM_TYPES
@ IKEV2_TRANSFORM_NUM_TYPES
Definition: ikev2.h:222
u32
unsigned int u32
Definition: types.h:88
integ_alg
u8 integ_alg
Definition: ikev2_types.api:59
protocol_id
u8 protocol_id
Definition: ikev2_types.api:34
format_ikev2_auth_method
u8 * format_ikev2_auth_method(u8 *s, va_list *args)
ikev2_set_liveness_params
clib_error_t * ikev2_set_liveness_params(u32 period, u32 max_retries)
Definition: ikev2.c:4931
ikev2_transform_dh_type_t
ikev2_transform_dh_type_t
Definition: ikev2.h:332
length
char const int length
Definition: cJSON.h:163
vlib_main_t
Definition: main.h:102
unformat_ikev2_transform_integ_type
uword unformat_ikev2_transform_integ_type(unformat_input_t *input, va_list *args)
u8
unsigned char u8
Definition: types.h:56
clib_error_t
Definition: clib_error.h:21
TS_IPV6_ADDR_RANGE
@ TS_IPV6_ADDR_RANGE
Definition: ikev2.h:380
format_ikev2_transform_encr_type
u8 * format_ikev2_transform_encr_type(u8 *s, va_list *args)
ikev2_set_profile_esp_transforms
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, u32 crypto_key_size)
Definition: ikev2.c:4124
ikev2_transform_encr_type_t
ikev2_transform_encr_type_t
Definition: ikev2.h:241
ikev2_set_profile_ts
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip_address_t start_addr, ip_address_t end_addr, int is_local)
Definition: ikev2.c:4016
ikev2_set_profile_id
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
Definition: ikev2.c:3961
vnet.h
is_local
bool is_local
Definition: ikev2_types.api:33
ikev2_set_profile_responder
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip_address_t addr)
Definition: ikev2.c:4077
ikev2_set_profile_tunnel_interface
clib_error_t * ikev2_set_profile_tunnel_interface(vlib_main_t *vm, u8 *name, u32 sw_if_index)
Definition: ikev2.c:4147
format_ikev2_notify_msg_type
u8 * format_ikev2_notify_msg_type(u8 *s, va_list *args)
rspi
u64 rspi
Definition: ikev2_types.api:147
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34
unformat_ikev2_auth_method
uword unformat_ikev2_auth_method(unformat_input_t *input, va_list *args)
ikev2_transform_integ_type_t
ikev2_transform_integ_type_t
Definition: ikev2.h:282
ikev2_add_del_profile
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
Definition: ikev2.c:3882
vnet_api_error_t
vnet_api_error_t
Definition: api_errno.h:162
ikev2_initiate_delete_child_sa
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:4519
ikev2_transform_type_t
ikev2_transform_type_t
Definition: ikev2.h:217
flags
vl_api_wireguard_peer_flags_t flags
Definition: wireguard.api:105