FD.io VPP  v21.10.1-2-g0a485f517
Vector Packet Processing
ipsec_spd_policy.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __IPSEC_SPD_POLICY_H__
16 #define __IPSEC_SPD_POLICY_H__
17 
18 #include <vnet/ipsec/ipsec_spd.h>
19 
20 #define foreach_ipsec_policy_action \
21  _ (0, BYPASS, "bypass") \
22  _ (1, DISCARD, "discard") \
23  _ (2, RESOLVE, "resolve") \
24  _ (3, PROTECT, "protect")
25 
26 typedef enum
27 {
28 #define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
29  foreach_ipsec_policy_action
30 #undef _
31 } ipsec_policy_action_t;
32 
33 #define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
34 
35 typedef struct
36 {
37  ip46_address_t start, stop;
38 } ip46_address_range_t;
39 
40 typedef struct
41 {
42  u16 start, stop;
43 } port_range_t;
44 
45 /**
46  * @brief
47  * Policy packet & bytes counters
48  */
49 extern vlib_combined_counter_main_t ipsec_spd_policy_counters;
50 
51 /**
52  * @brief A Secruity Policy. An entry in an SPD
53  */
54 typedef struct ipsec_policy_t_
55 {
56  u32 id;
57  i32 priority;
58 
59  // the type of policy
60  ipsec_spd_policy_type_t type;
61 
62  // Selector
63  u8 is_ipv6;
64  ip46_address_range_t laddr;
65  ip46_address_range_t raddr;
66  u8 protocol;
67  port_range_t lport;
68  port_range_t rport;
69 
70  // Policy
71  ipsec_policy_action_t policy;
72  u32 sa_id;
73  u32 sa_index;
74 } ipsec_policy_t;
75 
76 /**
77  * @brief Add/Delete a SPD
78  */
79 extern int ipsec_add_del_policy (vlib_main_t * vm,
80  ipsec_policy_t * policy,
81  int is_add, u32 * stat_index);
82 
83 extern u8 *format_ipsec_policy (u8 * s, va_list * args);
84 extern u8 *format_ipsec_policy_action (u8 * s, va_list * args);
85 extern uword unformat_ipsec_policy_action (unformat_input_t * input,
86  va_list * args);
87 
88 
89 extern int ipsec_policy_mk_type (bool is_outbound,
90  bool is_ipv6,
91  ipsec_policy_action_t action,
92  ipsec_spd_policy_type_t * type);
93 
94 #endif /* __IPSEC_SPD_POLICY_H__ */
95 
96 /*
97  * fd.io coding-style-patch-verification: ON
98  *
99  * Local Variables:
100  * eval: (c-set-style "gnu")
101  * End:
102  */
foreach_ipsec_policy_action
#define foreach_ipsec_policy_action
Definition: ipsec_spd_policy.h:20
is_ipv6
bool is_ipv6
Definition: dhcp.api:202
ipsec_policy_t_::priority
i32 priority
Definition: ipsec_spd_policy.h:57
port_range_t::stop
u16 stop
Definition: ipsec_spd_policy.h:42
ipsec_policy_t_::raddr
ip46_address_range_t raddr
Definition: ipsec_spd_policy.h:65
policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:99
unformat_ipsec_policy_action
uword unformat_ipsec_policy_action(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:65
u16
unsigned short u16
Definition: types.h:57
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
unformat_input_t
struct _unformat_input_t unformat_input_t
ipsec_policy_action_t
ipsec_policy_action_t
Definition: ipsec_spd_policy.h:26
ipsec_policy_t_::is_ipv6
u8 is_ipv6
Definition: ipsec_spd_policy.h:63
i32
signed int i32
Definition: types.h:77
port_range_t
Definition: ipsec_spd_policy.h:40
is_outbound
bool is_outbound
Definition: ipsec.api:96
ip46_address_range_t
Definition: ipsec_spd_policy.h:35
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec_spd_policy.h:37
ipsec_policy_t
struct ipsec_policy_t_ ipsec_policy_t
A Secruity Policy.
uword
u64 uword
Definition: types.h:112
ipsec_policy_t_::sa_id
u32 sa_id
Definition: ipsec_spd_policy.h:72
ipsec_spd_policy_counters
vlib_combined_counter_main_t ipsec_spd_policy_counters
Policy packet & bytes counters.
Definition: ipsec_spd_policy.c:22
ipsec_policy_t_::rport
port_range_t rport
Definition: ipsec_spd_policy.h:68
vlib_combined_counter_main_t
A collection of combined counters.
Definition: counter.h:203
u32
unsigned int u32
Definition: types.h:88
ipsec_policy_t_
A Secruity Policy.
Definition: ipsec_spd_policy.h:54
ipsec_spd.h
ipsec_policy_t_::lport
port_range_t lport
Definition: ipsec_spd_policy.h:67
ipsec_policy_t_::type
ipsec_spd_policy_type_t type
Definition: ipsec_spd_policy.h:60
vlib_main_t
Definition: main.h:102
ipsec_policy_t_::laddr
ip46_address_range_t laddr
Definition: ipsec_spd_policy.h:64
u8
unsigned char u8
Definition: types.h:56
ipsec_policy_mk_type
int ipsec_policy_mk_type(bool is_outbound, bool is_ipv6, ipsec_policy_action_t action, ipsec_spd_policy_type_t *type)
Definition: ipsec_spd_policy.c:100
ipsec_policy_t_::id
u32 id
Definition: ipsec_spd_policy.h:56
format_ipsec_policy_action
u8 * format_ipsec_policy_action(u8 *s, va_list *args)
Definition: ipsec_format.c:29
ipsec_spd_policy_type_t
enum ipsec_spd_policy_t_ ipsec_spd_policy_type_t
ipsec_policy_t_::policy
ipsec_policy_action_t policy
Definition: ipsec_spd_policy.h:71
action
vl_api_mac_event_action_t action
Definition: l2.api:211
format_ipsec_policy
u8 * format_ipsec_policy(u8 *s, va_list *args)
Definition: ipsec_format.c:157
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add, u32 *stat_index)
Add/Delete a SPD.
Definition: ipsec_spd_policy.c:140
ipsec_policy_t_::sa_index
u32 sa_index
Definition: ipsec_spd_policy.h:73
type
vl_api_fib_path_type_t type
Definition: fib_types.api:123
ipsec_policy_t_::protocol
u8 protocol
Definition: ipsec_spd_policy.h:66