FD.io VPP  v18.01-8-g0eacf49
Vector Packet Processing
ipsec.h File Reference
+ Include dependency graph for ipsec.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ipsec_sa_t
 
struct  ip46_address_range_t
 
struct  port_range_t
 
struct  ipsec_add_del_tunnel_args_t
 
struct  ipsec_add_del_ipsec_gre_tunnel_args_t
 
struct  ipsec_policy_t
 
struct  ipsec_spd_t
 
struct  ip4_ipsec_config_t
 
struct  ip6_ipsec_config_t
 
struct  ipsec_tunnel_if_t
 
struct  ipsec_main_callbacks_t
 
struct  ipsec_main_t
 

Macros

#define IPSEC_FLAG_IPSEC_GRE_TUNNEL   (1 << 0)
 
#define foreach_ipsec_output_next
 
#define foreach_ipsec_input_next
 
#define foreach_ipsec_policy_action
 
#define foreach_ipsec_crypto_alg
 
#define foreach_ipsec_integ_alg
 

Enumerations

enum  ipsec_output_next_t { IPSEC_OUTPUT_N_NEXT }
 
enum  ipsec_input_next_t { IPSEC_INPUT_N_NEXT }
 
enum  ipsec_policy_action_t { IPSEC_POLICY_N_ACTION }
 
enum  ipsec_crypto_alg_t { IPSEC_CRYPTO_N_ALG }
 
enum  ipsec_integ_alg_t { IPSEC_INTEG_N_ALG }
 
enum  ipsec_protocol_t { IPSEC_PROTOCOL_AH = 0, IPSEC_PROTOCOL_ESP = 1 }
 
enum  ipsec_if_set_key_type_t {
  IPSEC_IF_SET_KEY_TYPE_NONE, IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO, IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO, IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG,
  IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG
}
 

Functions

int ipsec_set_interface_spd (vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
 
int ipsec_add_del_spd (vlib_main_t *vm, u32 spd_id, int is_add)
 
int ipsec_add_del_policy (vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
 
int ipsec_add_del_sa (vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
 
int ipsec_set_sa_key (vlib_main_t *vm, ipsec_sa_t *sa_update)
 
u32 ipsec_get_sa_index_by_sa_id (u32 sa_id)
 
u8 ipsec_is_sa_used (u32 sa_index)
 
u8format_ipsec_if_output_trace (u8 *s, va_list *args)
 
u8format_ipsec_policy_action (u8 *s, va_list *args)
 
u8format_ipsec_crypto_alg (u8 *s, va_list *args)
 
u8format_ipsec_integ_alg (u8 *s, va_list *args)
 
u8format_ipsec_replay_window (u8 *s, va_list *args)
 
uword unformat_ipsec_policy_action (unformat_input_t *input, va_list *args)
 
uword unformat_ipsec_crypto_alg (unformat_input_t *input, va_list *args)
 
uword unformat_ipsec_integ_alg (unformat_input_t *input, va_list *args)
 
int ipsec_add_del_tunnel_if_internal (vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index)
 
int ipsec_add_del_tunnel_if (ipsec_add_del_tunnel_args_t *args)
 
int ipsec_add_del_ipsec_gre_tunnel (vnet_main_t *vnm, ipsec_add_del_ipsec_gre_tunnel_args_t *args)
 
int ipsec_set_interface_key (vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
 
int ipsec_set_interface_sa (vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
 
static void ipsec_alloc_empty_buffers (vlib_main_t *vm, ipsec_main_t *im)
 
static_always_inline u32 get_next_output_feature_node_index (vlib_buffer_t *b, vlib_node_runtime_t *nr)
 

Variables

ipsec_main_t ipsec_main
 
vlib_node_registration_t esp_encrypt_node
 (constructor) VLIB_REGISTER_NODE (esp_encrypt_node) More...
 
vlib_node_registration_t esp_decrypt_node
 (constructor) VLIB_REGISTER_NODE (esp_decrypt_node) More...
 
vlib_node_registration_t ah_encrypt_node
 (constructor) VLIB_REGISTER_NODE (ah_encrypt_node) More...
 
vlib_node_registration_t ah_decrypt_node
 (constructor) VLIB_REGISTER_NODE (ah_decrypt_node) More...
 
vlib_node_registration_t ipsec_if_output_node
 (constructor) VLIB_REGISTER_NODE (ipsec_if_output_node) More...
 
vlib_node_registration_t ipsec_if_input_node
 (constructor) VLIB_REGISTER_NODE (ipsec_if_input_node) More...
 

Macro Definition Documentation

#define foreach_ipsec_crypto_alg
Value:
_(0, NONE, "none") \
_(1, AES_CBC_128, "aes-cbc-128") \
_(2, AES_CBC_192, "aes-cbc-192") \
_(3, AES_CBC_256, "aes-cbc-256") \
_(4, AES_CTR_128, "aes-ctr-128") \
_(5, AES_CTR_192, "aes-ctr-192") \
_(6, AES_CTR_256, "aes-ctr-256") \
_(7, AES_GCM_128, "aes-gcm-128") \
_(8, AES_GCM_192, "aes-gcm-192") \
_(9, AES_GCM_256, "aes-gcm-256") \
_(10, DES_CBC, "des-cbc") \
_(11, 3DES_CBC, "3des-cbc")

Definition at line 66 of file ipsec.h.

#define foreach_ipsec_input_next
Value:
_(DROP, "error-drop") \
_(ESP_DECRYPT, "esp-decrypt") \
_(AH_DECRYPT, "ah-decrypt")
DROP
Definition: error.def:41

Definition at line 38 of file ipsec.h.

#define foreach_ipsec_integ_alg
Value:
_(0, NONE, "none") \
_(1, MD5_96, "md5-96") /* RFC2403 */ \
_(2, SHA1_96, "sha1-96") /* RFC2404 */ \
_(3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
_(4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
_(5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
_(6, SHA_512_256, "sha-512-256") /* RFC4868 */

Definition at line 88 of file ipsec.h.

#define foreach_ipsec_output_next
Value:
_(DROP, "error-drop") \
_(ESP_ENCRYPT, "esp-encrypt") \
_(AH_ENCRYPT, "ah-encrypt")
DROP
Definition: error.def:41

Definition at line 24 of file ipsec.h.

#define foreach_ipsec_policy_action
Value:
_(0, BYPASS, "bypass") \
_(1, DISCARD, "discard") \
_(2, RESOLVE, "resolve") \
_(3, PROTECT, "protect")

Definition at line 52 of file ipsec.h.

#define IPSEC_FLAG_IPSEC_GRE_TUNNEL   (1 << 0)

Definition at line 21 of file ipsec.h.

Enumeration Type Documentation

Enumerator
IPSEC_CRYPTO_N_ALG 

Definition at line 80 of file ipsec.h.

Enumerator
IPSEC_IF_SET_KEY_TYPE_NONE 
IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO 
IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO 
IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG 
IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG 

Definition at line 185 of file ipsec.h.

Enumerator
IPSEC_INPUT_N_NEXT 

Definition at line 44 of file ipsec.h.

Enumerator
IPSEC_INTEG_N_ALG 

Definition at line 97 of file ipsec.h.

Enumerator
IPSEC_OUTPUT_N_NEXT 

Definition at line 30 of file ipsec.h.

Enumerator
IPSEC_POLICY_N_ACTION 

Definition at line 58 of file ipsec.h.

Enumerator
IPSEC_PROTOCOL_AH 
IPSEC_PROTOCOL_ESP 

Definition at line 105 of file ipsec.h.

Function Documentation

u8* format_ipsec_crypto_alg ( u8 s,
va_list *  args 
)

Definition at line 58 of file ipsec_format.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

u8* format_ipsec_if_output_trace ( u8 s,
va_list *  args 
)

Definition at line 50 of file ipsec_if_out.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

u8* format_ipsec_integ_alg ( u8 s,
va_list *  args 
)

Definition at line 90 of file ipsec_format.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

u8* format_ipsec_policy_action ( u8 s,
va_list *  args 
)

Definition at line 26 of file ipsec_format.c.

+ Here is the call graph for this function:

u8* format_ipsec_replay_window ( u8 s,
va_list *  args 
)

Definition at line 122 of file ipsec_format.c.

+ Here is the call graph for this function:

static_always_inline u32 get_next_output_feature_node_index ( vlib_buffer_t b,
vlib_node_runtime_t nr 
)

Definition at line 368 of file ipsec.h.

+ Here is the call graph for this function:

int ipsec_add_del_ipsec_gre_tunnel ( vnet_main_t vnm,
ipsec_add_del_ipsec_gre_tunnel_args_t args 
)

Definition at line 291 of file ipsec_if.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

int ipsec_add_del_policy ( vlib_main_t vm,
ipsec_policy_t policy,
int  is_add 
)

Definition at line 155 of file ipsec.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

int ipsec_add_del_sa ( vlib_main_t vm,
ipsec_sa_t new_sa,
int  is_add 
)

Definition at line 414 of file ipsec.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

int ipsec_add_del_spd ( vlib_main_t vm,
u32  spd_id,
int  is_add 
)

Definition at line 89 of file ipsec.c.

+ Here is the caller graph for this function:

int ipsec_add_del_tunnel_if ( ipsec_add_del_tunnel_args_t args)

Definition at line 143 of file ipsec_if.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

int ipsec_add_del_tunnel_if_internal ( vnet_main_t vnm,
ipsec_add_del_tunnel_args_t args,
u32 sw_if_index 
)

Definition at line 151 of file ipsec_if.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ipsec_alloc_empty_buffers ( vlib_main_t vm,
ipsec_main_t im 
)
inlinestatic

Definition at line 347 of file ipsec.h.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

u32 ipsec_get_sa_index_by_sa_id ( u32  sa_id)

Definition at line 31 of file ipsec.c.

+ Here is the caller graph for this function:

u8 ipsec_is_sa_used ( u32  sa_index)

Definition at line 384 of file ipsec.c.

+ Here is the caller graph for this function:

int ipsec_set_interface_key ( vnet_main_t vnm,
u32  hw_if_index,
ipsec_if_set_key_type_t  type,
u8  alg,
u8 key 
)

Definition at line 353 of file ipsec_if.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

int ipsec_set_interface_sa ( vnet_main_t vnm,
u32  hw_if_index,
u32  sa_id,
u8  is_outbound 
)

Definition at line 403 of file ipsec_if.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

int ipsec_set_interface_spd ( vlib_main_t vm,
u32  sw_if_index,
u32  spd_id,
int  is_add 
)

Definition at line 42 of file ipsec.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

int ipsec_set_sa_key ( vlib_main_t vm,
ipsec_sa_t sa_update 
)

Definition at line 465 of file ipsec.c.

+ Here is the caller graph for this function:

uword unformat_ipsec_crypto_alg ( unformat_input_t input,
va_list *  args 
)

Definition at line 76 of file ipsec_format.c.

+ Here is the caller graph for this function:

uword unformat_ipsec_integ_alg ( unformat_input_t input,
va_list *  args 
)

Definition at line 108 of file ipsec_format.c.

+ Here is the caller graph for this function:

uword unformat_ipsec_policy_action ( unformat_input_t input,
va_list *  args 
)

Definition at line 44 of file ipsec_format.c.

+ Here is the caller graph for this function:

Variable Documentation

vlib_node_registration_t ah_decrypt_node

(constructor) VLIB_REGISTER_NODE (ah_decrypt_node)

Definition at line 317 of file ah_decrypt.c.

vlib_node_registration_t ah_encrypt_node

(constructor) VLIB_REGISTER_NODE (ah_encrypt_node)

Definition at line 59 of file ah_encrypt.c.

vlib_node_registration_t esp_decrypt_node

(constructor) VLIB_REGISTER_NODE (esp_decrypt_node)

Definition at line 418 of file esp_decrypt.c.

vlib_node_registration_t esp_encrypt_node

(constructor) VLIB_REGISTER_NODE (esp_encrypt_node)

Definition at line 62 of file esp_encrypt.c.

vlib_node_registration_t ipsec_if_input_node

(constructor) VLIB_REGISTER_NODE (ipsec_if_input_node)

Definition at line 202 of file ipsec_if_in.c.

vlib_node_registration_t ipsec_if_output_node

(constructor) VLIB_REGISTER_NODE (ipsec_if_output_node)

Definition at line 151 of file ipsec_if_out.c.

ipsec_main_t ipsec_main

Definition at line 28 of file ipsec.c.