 |
FD.io VPP
v21.10.1-2-g0a485f517
Vector Packet Processing
|
Go to the documentation of this file.
37 #include <vnet/ipsec/ipsec.api_enum.h>
38 #include <vnet/ipsec/ipsec.api_types.h>
40 #define REPLY_MSG_ID_BASE ipsec_main.msg_id_base
47 vl_api_ipsec_spd_add_del_reply_t *rmp;
59 vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
62 u32 spd_id __attribute__ ((unused));
65 spd_id = ntohl (mp->
spd_id);
73 REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
80 vl_api_ipsec_tunnel_protect_update_reply_t *rmp;
89 for (ii = 0; ii < mp->
tunnel.n_sa_in; ii++)
95 ntohl (mp->
tunnel.sa_out), sa_ins);
99 REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_UPDATE_REPLY);
106 vl_api_ipsec_tunnel_protect_del_reply_t *rmp;
120 REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_DEL_REPLY);
150 mp->
tun.sa_out = htonl (sa->
id);
155 mp->
tun.sa_in[ii++] = htonl (sa->
id);
197 in = clib_net_to_host_u32 (in);
201 #define _(v,f,s) case IPSEC_API_SPD_ACTION_##f: \
202 *out = IPSEC_POLICY_ACTION_##f; \
207 return (VNET_API_ERROR_UNIMPLEMENTED);
225 p.
id = ntohl (mp->
entry.spd_id);
247 if (p.
policy == IPSEC_POLICY_ACTION_RESOLVE)
250 rv = VNET_API_ERROR_UNIMPLEMENTED;
278 ipsec_crypto_alg_t crypto_alg;
280 ipsec_protocol_t
proto;
285 .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
287 .t_mode = TUNNEL_MODE_P2P,
293 id = ntohl (mp->
entry.sad_id);
326 htons (mp->
entry.udp_src_port),
327 htons (mp->
entry.udp_dst_port), &
tun, &sa_index);
344 ipsec_crypto_alg_t crypto_alg;
346 ipsec_protocol_t
proto;
352 .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
354 .t_mode = TUNNEL_MODE_P2P,
355 .t_table_id = htonl (mp->
entry.tx_table_id),
359 id = ntohl (mp->
entry.sad_id);
384 &
tun.t_encap_decap_flags);
400 mp->
entry.salt, htons (mp->
entry.udp_src_port),
401 htons (mp->
entry.udp_dst_port), &
tun, &sa_index);
417 ipsec_crypto_alg_t crypto_alg;
419 ipsec_protocol_t
proto;
425 id = ntohl (entry->sad_id);
426 spi = ntohl (entry->spi);
445 if (
flags & IPSEC_SA_FLAG_IS_TUNNEL)
458 htons (entry->udp_src_port),
459 htons (entry->udp_dst_port), &
tun, sa_index);
467 u32 id, sa_index = ~0;
470 id = ntohl (mp->
entry.sad_id);
488 vl_api_ipsec_sad_entry_del_reply_t *rmp;
522 #define _(s, n) n_policies += vec_len (spd->policies[IPSEC_SPD_POLICY_##s]);
546 vl_api_ipsec_spd_action_t
553 #define _(v,f,s) case IPSEC_POLICY_ACTION_##f: \
554 out = IPSEC_API_SPD_ACTION_##f; \
559 return (clib_host_to_net_u32 (out));
573 mp->
entry.spd_id = htonl (p->
id);
575 mp->
entry.is_outbound = ((p->
type == IPSEC_SPD_POLICY_IP6_OUTBOUND) ||
576 (p->
type == IPSEC_SPD_POLICY_IP4_OUTBOUND));
579 &mp->
entry.local_address_start);
581 &mp->
entry.local_address_stop);
583 &mp->
entry.remote_address_start);
585 &mp->
entry.remote_address_stop);
666 send_ipsec_spd_interface_details(reg, v, k, mp->context);
673 send_ipsec_spd_interface_details(reg, v, k, mp->context);
702 vl_api_ipsec_itf_delete_reply_t *rmp;
771 ctx->sw_if_index = itp->itp_sw_if_index;
790 mp->
entry.sad_id = htonl (sa->
id);
802 mp->
entry.salt = clib_host_to_net_u32 (sa->
salt);
804 if (ipsec_sa_is_set_IS_PROTECT (sa))
817 if (ipsec_sa_is_set_IS_TUNNEL (sa))
822 if (ipsec_sa_is_set_UDP_ENCAP (sa))
830 if (ipsec_sa_is_set_USE_ESN (sa))
835 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
873 mp->
entry.sad_id = htonl (sa->
id);
885 mp->
entry.salt = clib_host_to_net_u32 (sa->
salt);
887 if (ipsec_sa_is_set_IS_PROTECT (sa))
900 if (ipsec_sa_is_set_IS_TUNNEL (sa))
905 if (ipsec_sa_is_set_UDP_ENCAP (sa))
911 mp->
entry.tunnel_flags =
917 if (ipsec_sa_is_set_USE_ESN (sa))
922 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
960 mp->
entry.sad_id = htonl (sa->
id);
971 mp->
entry.salt = clib_host_to_net_u32 (sa->
salt);
973 if (ipsec_sa_is_set_IS_PROTECT (sa))
986 if (ipsec_sa_is_set_IS_TUNNEL (sa))
989 if (ipsec_sa_is_set_UDP_ENCAP (sa))
997 if (ipsec_sa_is_set_USE_ESN (sa))
1002 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1055 mp->
index = ab -
im->ah_backends;
1067 mp->
index = eb -
im->esp_backends;
1078 vl_api_ipsec_select_backend_reply_t *rmp;
1083 rv = VNET_API_ERROR_INSTANCE_IN_USE;
1101 rv = VNET_API_ERROR_INVALID_PROTOCOL;
1111 vl_api_ipsec_set_async_mode_reply_t *rmp;
1119 #include <vnet/ipsec/ipsec.api.c>
int ipsec_integ_algo_decode(vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t *out)
Dump IPsec security association.
vl_api_registration_t * reg
vl_api_ipsec_sad_entry_v2_t entry
vl_api_interface_index_t sw_if_index
vl_api_ipsec_sad_entry_v3_t entry
vnet_interface_main_t * im
#define VALIDATE_SW_IF_INDEX(mp)
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Add/Delete a SPD.
ipsec_protocol_t protocol
vl_api_tunnel_mode_t tunnel_mode_encode(tunnel_mode_t in)
vl_api_interface_index_t sw_if_index
static int ipsec_spd_action_decode(vl_api_ipsec_spd_action_t in, ipsec_policy_action_t *out)
#define REPLY_MACRO2(t, body)
struct ipsec_sa_dump_match_ctx_t_ ipsec_sa_dump_match_ctx_t
IPsec: Add/delete Security Association Database entry.
ip46_address_range_t raddr
IPsec policy database response.
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
vl_api_ipsec_spd_action_t policy
#define foreach_ipsec_spd_policy_type
static void vl_api_ipsec_select_backend_t_handler(vl_api_ipsec_select_backend_t *mp)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
A representation of an IP tunnel config.
A dedicated IPSec interface type.
vl_api_ip_dscp_t ip_dscp_encode(ip_dscp_t dscp)
Add IPsec interface interface response.
static void vl_api_ipsec_backend_dump_t_handler(vl_api_ipsec_backend_dump_t *mp)
IPsec: Reply Add/delete Security Policy Database entry.
void ipsec_key_encode(const ipsec_key_t *in, vl_api_key_t *out)
static walk_rc_t send_ipsec_sa_details(ipsec_sa_t *sa, void *arg)
#define hash_foreach(key_var, value_var, h, body)
vl_api_ipsec_proto_t ipsec_proto_encode(ipsec_protocol_t p)
vl_api_tunnel_mode_t mode
vl_api_interface_index_t sw_if_index
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Bind/attach a SPD to an interface.
static walk_rc_t ipsec_sa_dump_match_sa(index_t itpi, void *arg)
vl_api_ipsec_tunnel_protect_t tun
vl_api_ipsec_spd_entry_t entry
void ipsec_sa_walk(ipsec_sa_walk_cb_t cb, void *ctx)
static void vl_api_ipsec_spd_dump_t_handler(vl_api_ipsec_spd_dump_t *mp)
@ foreach_ipsec_policy_action
static void vl_api_ipsec_itf_dump_t_handler(vl_api_ipsec_itf_dump_t *mp)
IPsec: Add/delete Security Policy Database.
static void vl_api_ipsec_sa_v3_dump_t_handler(vl_api_ipsec_sa_v3_dump_t *mp)
vl_api_interface_index_t sw_if_index
IPsec: Add/delete Security Policy Database entry.
void ipsec_key_decode(const vl_api_key_t *key, ipsec_key_t *out)
void ip_address_encode2(const ip_address_t *in, vl_api_address_t *out)
ip46_type_t ip_address_decode(const vl_api_address_t *in, ip46_address_t *out)
Decode/Encode for struct/union types.
u32 id
the User's ID for this policy
#define FOR_EACH_IPSEC_SPD_POLICY_TYPE(_t)
static void send_ipsec_spd_interface_details(vl_api_registration_t *reg, u32 spd_index, u32 sw_if_index, u32 context)
#define FOR_EACH_IPSEC_PROTECT_INPUT_SAI(_itp, _sai, body)
#define pool_foreach(VAR, POOL)
Iterate through pool.
int ipsec_itf_create(u32 user_instance, tunnel_mode_t mode, u32 *sw_if_indexp)
enum ipsec_sad_flags_t_ ipsec_sa_flags_t
int tunnel_encap_decap_flags_decode(vl_api_tunnel_encap_decap_flags_t f, tunnel_encap_decap_flags_t *o)
Conversion functions to/from (decode/encode) API types to VPP internal types.
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
IPsec: Add/delete SPD from interface.
static void send_ipsec_spds_details(ipsec_spd_t *spd, vl_api_registration_t *reg, u32 context)
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
int ipsec_policy_mk_type(bool is_outbound, bool is_ipv6, ipsec_policy_action_t action, ipsec_spd_policy_type_t *type)
static ipsec_sa_t * ipsec_sa_get(u32 sa_index)
An API client registration, only in vpp/vlib.
static void setup_message_id_table(api_main_t *am)
vl_api_ipsec_sad_entry_v3_t entry
static void vl_api_ipsec_tunnel_protect_del_t_handler(vl_api_ipsec_tunnel_protect_del_t *mp)
IPsec: SPD interface response.
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
static void vl_api_ipsec_sa_dump_t_handler(vl_api_ipsec_sa_dump_t *mp)
static clib_error_t * ipsec_api_hookup(vlib_main_t *vm)
vl_api_interface_index_t sw_if_index
Create an IPSec interface.
ip_dscp_t ip_dscp_decode(vl_api_ip_dscp_t in)
int ipsec_tun_protect_update(u32 sw_if_index, const ip_address_t *nh, u32 sa_out, u32 *sas_in)
Dump IPsec all SPD IDs response.
vl_api_ipsec_spd_action_t ipsec_spd_action_encode(ipsec_policy_action_t in)
static walk_rc_t send_ipsec_sa_v2_details(ipsec_sa_t *sa, void *arg)
vl_api_interface_index_t sw_if_index
struct ipsec_dump_walk_ctx_t_ ipsec_dump_walk_ctx_t
vl_api_interface_index_t sw_if_index
static void vl_api_ipsec_sad_entry_add_del_v3_t_handler(vl_api_ipsec_sad_entry_add_del_v3_t *mp)
ipsec_crypto_alg_t crypto_alg
static void vl_api_ipsec_spd_interface_dump_t_handler(vl_api_ipsec_spd_interface_dump_t *mp)
void ip_address_decode2(const vl_api_address_t *in, ip_address_t *out)
#define BAD_SW_IF_INDEX_LABEL
vl_api_ipsec_proto_t protocol
static void vl_api_ipsec_interface_add_del_spd_t_handler(vl_api_ipsec_interface_add_del_spd_t *mp)
VLIB_API_INIT_FUNCTION(ipsec_api_hookup)
static void vl_api_ipsec_spd_add_del_t_handler(vl_api_ipsec_spd_add_del_t *mp)
vl_api_ipsec_sad_entry_t entry
vl_api_ipsec_sad_entry_v2_t entry
vl_api_ipsec_tunnel_protect_t tunnel
static void vl_api_ipsec_spd_entry_add_del_t_handler(vl_api_ipsec_spd_entry_add_del_t *mp)
static void vl_api_ipsec_sad_entry_add_t_handler(vl_api_ipsec_sad_entry_add_t *mp)
static void vl_api_ipsec_tunnel_protect_dump_t_handler(vl_api_ipsec_tunnel_protect_dump_t *mp)
static void vl_api_ipsec_itf_delete_t_handler(vl_api_ipsec_itf_delete_t *mp)
@ IPSEC_API_SPD_ACTION_BYPASS
static walk_rc_t send_ipsec_itf_details(ipsec_itf_t *itf, void *arg)
void tunnel_encode(const tunnel_t *in, vl_api_tunnel_t *out)
Dump ipsec policy database data.
vl_api_ipsec_spd_entry_t entry
vl_api_ip_proto_t protocol
int ipsec_tun_protect_del(u32 sw_if_index, const ip_address_t *nh)
int ipsec_proto_decode(vl_api_ipsec_proto_t in, ipsec_protocol_t *out)
Encode/decode function from/to API to internal types.
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add, u32 *stat_index)
Add/Delete a SPD.
static void send_ipsec_spd_details(ipsec_policy_t *p, vl_api_registration_t *reg, u32 context)
void ipsec_set_async_mode(u32 is_enabled)
#define vec_foreach(var, vec)
Vector iterator.
A Secruity Policy Database.
static uword pool_elts(void *v)
Number of active elements in a pool.
vl_api_ipsec_sad_flags_t ipsec_sad_flags_encode(const ipsec_sa_t *sa)
static void vl_api_ipsec_sa_v2_dump_t_handler(vl_api_ipsec_sa_v2_dump_t *mp)
vl_api_ipsec_proto_t protocol
ipsec_spd_policy_type_t type
enum tunnel_mode_t_ tunnel_mode_t
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
static void vl_api_ipsec_itf_create_t_handler(vl_api_ipsec_itf_create_t *mp)
#define REPLY_MSG_ID_BASE
static void vl_api_ipsec_sad_entry_add_del_v2_t_handler(vl_api_ipsec_sad_entry_add_del_v2_t *mp)
void ip_address_encode(const ip46_address_t *in, ip46_type_t type, vl_api_address_t *out)
static vlib_main_t * vlib_get_main(void)
ip46_address_range_t laddr
vl_api_ipsec_sad_entry_v3_t entry
static void vl_api_ipsec_sad_entry_add_del_t_handler(vl_api_ipsec_sad_entry_add_del_t *mp)
tunnel_encap_decap_flags_t t_encap_decap_flags
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
int ipsec_select_ah_backend(ipsec_main_t *im, u32 backend_idx)
ipsec_integ_alg_t integ_alg
vl_api_tunnel_encap_decap_flags_t tunnel_encap_decap_flags_encode(tunnel_encap_decap_flags_t f)
#define clib_warning(format, args...)
u32 * policies[IPSEC_SPD_POLICY_N_TYPES]
vectors for each of the policy types
IPsec security association database response.
int tunnel_mode_decode(vl_api_tunnel_mode_t in, tunnel_mode_t *out)
Dump all tunnel protections.
void ipsec_itf_walk(ipsec_itf_walk_cb_t cb, void *ctx)
#define FOR_EACH_IPSEC_PROTECT_INPUT_SA(_itp, _sa, body)
vl_api_interface_index_t sw_if_index
int ipsec_itf_delete(u32 sw_if_index)
int tunnel_decode(const vl_api_tunnel_t *in, tunnel_t *out)
static void vl_api_ipsec_spds_dump_t_handler(vl_api_ipsec_spds_dump_t *mp)
int ipsec_sa_add_and_lock(u32 id, u32 spi, ipsec_protocol_t proto, ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, ipsec_sa_flags_t flags, u32 salt, u16 src_port, u16 dst_port, const tunnel_t *tun, u32 *sa_out_index)
enum ipsec_spd_policy_t_ ipsec_spd_policy_type_t
static ipsec_tun_protect_t * ipsec_tun_protect_get(u32 index)
ipsec_policy_action_t policy
static walk_rc_t send_ipsec_sa_v3_details(ipsec_sa_t *sa, void *arg)
vl_api_ipsec_crypto_alg_t ipsec_crypto_algo_encode(ipsec_crypto_alg_t c)
void ipsec_tun_protect_walk_itf(u32 sw_if_index, ipsec_tun_protect_walk_cb_t fn, void *ctx)
vl_api_interface_index_t sw_if_index
vl_api_gbp_endpoint_tun_t tun
static walk_rc_t send_ipsec_tunnel_protect_details(index_t itpi, void *arg)
enum walk_rc_t_ walk_rc_t
Walk return code.
int ipsec_sa_unlock_id(u32 id)
static int ipsec_sad_entry_add_v3(const vl_api_ipsec_sad_entry_v3_t *entry, u32 *sa_index)
int ipsec_crypto_algo_decode(vl_api_ipsec_crypto_alg_t in, ipsec_crypto_alg_t *out)
vl_api_ipsec_sad_entry_t entry
static void vl_api_ipsec_tunnel_protect_update_t_handler(vl_api_ipsec_tunnel_protect_update_t *mp)
ipsec_sa_t * ipsec_sa_pool
Pool of IPSec SAs.
void ipsec_tun_protect_walk(ipsec_tun_protect_walk_cb_t fn, void *ctx)
vl_api_ipsec_integ_alg_t ipsec_integ_algo_encode(ipsec_integ_alg_t i)
vl_api_interface_index_t sw_if_index
ipsec_sa_flags_t ipsec_sa_flags_decode(vl_api_ipsec_sad_flags_t in)
static void vl_api_ipsec_sad_entry_del_t_handler(vl_api_ipsec_sad_entry_del_t *mp)
void * vl_msg_api_alloc(int nbytes)
IPsec: Get SPD interfaces.
vl_api_wireguard_peer_flags_t flags
static void vl_api_ipsec_set_async_mode_t_handler(vl_api_ipsec_set_async_mode_t *mp)
1.8.17