FD.io VPP  v19.01.2-3-gf61a1a8
Vector Packet Processing
ipsec_if.c
Go to the documentation of this file.
1 /*
2  * ipsec_if.c : IPSec interface support
3  *
4  * Copyright (c) 2015 Cisco and/or its affiliates.
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
18 #include <vnet/vnet.h>
19 #include <vnet/api_errno.h>
20 #include <vnet/ip/ip.h>
21 #include <vnet/fib/fib.h>
22 
23 #include <vnet/ipsec/ipsec.h>
24 #include <vnet/ipsec/esp.h>
25 
26 void vl_api_rpc_call_main_thread (void *fp, u8 * data, u32 data_length);
27 
28 static u8 *
29 format_ipsec_name (u8 * s, va_list * args)
30 {
31  u32 dev_instance = va_arg (*args, u32);
32  ipsec_main_t *im = &ipsec_main;
33  ipsec_tunnel_if_t *t = im->tunnel_interfaces + dev_instance;
34 
35  return format (s, "ipsec%d", t->show_instance);
36 }
37 
38 /* Statistics (not really errors) */
39 #define foreach_ipsec_if_tx_error \
40 _(TX, "good packets transmitted")
41 
42 static char *ipsec_if_tx_error_strings[] = {
43 #define _(sym,string) string,
45 #undef _
46 };
47 
48 typedef enum
49 {
50 #define _(sym,str) IPSEC_IF_OUTPUT_ERROR_##sym,
52 #undef _
55 
56 typedef struct
57 {
61 
62 u8 *
63 format_ipsec_if_tx_trace (u8 * s, va_list * args)
64 {
65  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
66  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
67  ipsec_if_tx_trace_t *t = va_arg (*args, ipsec_if_tx_trace_t *);
68 
69  s = format (s, "IPSec: spi %u seq %u", t->spi, t->seq);
70  return s;
71 }
72 
73 static uword
75  vlib_frame_t * from_frame)
76 {
77  ipsec_main_t *im = &ipsec_main;
78  vnet_main_t *vnm = im->vnet_main;
80  u32 *from, *to_next = 0, next_index;
81  u32 n_left_from, sw_if_index0, last_sw_if_index = ~0;
82  u32 thread_index = vm->thread_index;
83  u32 n_bytes = 0, n_packets = 0;
84 
85  from = vlib_frame_vector_args (from_frame);
86  n_left_from = from_frame->n_vectors;
87  next_index = node->cached_next_index;
88 
89  while (n_left_from > 0)
90  {
91  u32 n_left_to_next;
92 
93  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
94 
95  while (n_left_from > 0 && n_left_to_next > 0)
96  {
97  u32 bi0, next0, len0;
98  vlib_buffer_t *b0;
100  vnet_hw_interface_t *hi0;
101 
102  bi0 = to_next[0] = from[0];
103  from += 1;
104  n_left_from -= 1;
105  to_next += 1;
106  n_left_to_next -= 1;
107  b0 = vlib_get_buffer (vm, bi0);
108  sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_TX];
109  hi0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
111  vnet_buffer (b0)->ipsec.sad_index = t0->output_sa_index;
112  next0 = IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT;
113 
114  len0 = vlib_buffer_length_in_chain (vm, b0);
115 
116  if (PREDICT_TRUE (sw_if_index0 == last_sw_if_index))
117  {
118  n_packets++;
119  n_bytes += len0;
120  }
121  else
122  {
125  thread_index, sw_if_index0,
126  n_packets, n_bytes);
127  last_sw_if_index = sw_if_index0;
128  n_packets = 1;
129  n_bytes = len0;
130  }
131 
132  if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
133  {
134  ipsec_if_tx_trace_t *tr =
135  vlib_add_trace (vm, node, b0, sizeof (*tr));
136  ipsec_sa_t *sa0 =
138  tr->spi = sa0->spi;
139  tr->seq = sa0->seq;
140  }
141 
142  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
143  n_left_to_next, bi0, next0);
144  }
145  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
146  }
147 
148  if (last_sw_if_index != ~0)
149  {
152  thread_index,
153  last_sw_if_index, n_packets, n_bytes);
154  }
155 
156  return from_frame->n_vectors;
157 }
158 
159 
160 static clib_error_t *
162 {
163  ipsec_main_t *im = &ipsec_main;
164  clib_error_t *err = 0;
167  ipsec_sa_t *sa;
168 
169  hi = vnet_get_hw_interface (vnm, hw_if_index);
171 
173  {
174  sa = pool_elt_at_index (im->sad, t->input_sa_index);
175 
176  err = ipsec_check_support_cb (im, sa);
177  if (err)
178  return err;
179 
180  err = ipsec_add_del_sa_sess_cb (im, t->input_sa_index, 1);
181  if (err)
182  return err;
183 
184  sa = pool_elt_at_index (im->sad, t->output_sa_index);
185 
186  err = ipsec_check_support_cb (im, sa);
187  if (err)
188  return err;
189 
190  err = ipsec_add_del_sa_sess_cb (im, t->output_sa_index, 1);
191  if (err)
192  return err;
193 
194  vnet_hw_interface_set_flags (vnm, hw_if_index,
196  }
197  else
198  {
199  vnet_hw_interface_set_flags (vnm, hw_if_index, 0 /* down */ );
200  sa = pool_elt_at_index (im->sad, t->input_sa_index);
201  err = ipsec_add_del_sa_sess_cb (im, t->input_sa_index, 0);
202  if (err)
203  return err;
204  sa = pool_elt_at_index (im->sad, t->output_sa_index);
205  err = ipsec_add_del_sa_sess_cb (im, t->output_sa_index, 0);
206  if (err)
207  return err;
208  }
209 
210  return /* no error */ 0;
211 }
212 
213 
214 /* *INDENT-OFF* */
215 VNET_DEVICE_CLASS (ipsec_device_class, static) =
216 {
217  .name = "IPSec",
218  .format_device_name = format_ipsec_name,
219  .format_tx_trace = format_ipsec_if_tx_trace,
220  .tx_function = ipsec_if_tx_node_fn,
221  .tx_function_n_errors = IPSEC_IF_TX_N_ERROR,
222  .tx_function_error_strings = ipsec_if_tx_error_strings,
223  .admin_up_down_function = ipsec_admin_up_down_function,
224 };
225 /* *INDENT-ON* */
226 
227 /* *INDENT-OFF* */
228 VNET_HW_INTERFACE_CLASS (ipsec_hw_class) =
229 {
230  .name = "IPSec",
231  .build_rewrite = default_build_rewrite,
233 };
234 /* *INDENT-ON* */
235 
236 static int
238 {
239  vnet_main_t *vnm = vnet_get_main ();
240  ASSERT (vlib_get_thread_index () == 0);
241 
242  return ipsec_add_del_tunnel_if_internal (vnm, a, NULL);
243 }
244 
245 int
247 {
249  (u8 *) args, sizeof (*args));
250  return 0;
251 }
252 
253 int
256  u32 * sw_if_index)
257 {
259  ipsec_main_t *im = &ipsec_main;
261  u32 hw_if_index = ~0;
262  uword *p;
263  ipsec_sa_t *sa;
264  u32 dev_instance;
265  u32 slot;
266  u32 tx_fib_index = ~0;
267 
268  u64 key = (u64) args->remote_ip.as_u32 << 32 | (u64) args->remote_spi;
269  p = hash_get (im->ipsec_if_pool_index_by_key, key);
270 
271  if (args->is_add)
272  {
273  /* check if same src/dst pair exists */
274  if (p)
275  return VNET_API_ERROR_INVALID_VALUE;
276 
277  tx_fib_index = fib_table_find (FIB_PROTOCOL_IP4, args->tx_table_id);
278  if (tx_fib_index == ~((u32) 0))
279  return VNET_API_ERROR_NO_SUCH_FIB;
280 
282  clib_memset (t, 0, sizeof (*t));
283 
284  dev_instance = t - im->tunnel_interfaces;
285  if (args->renumber)
286  t->show_instance = args->show_instance;
287  else
288  t->show_instance = dev_instance;
289 
291  {
292  pool_put (im->tunnel_interfaces, t);
293  return VNET_API_ERROR_INSTANCE_IN_USE;
294  }
295 
297  dev_instance);
298 
299  pool_get (im->sad, sa);
300  clib_memset (sa, 0, sizeof (*sa));
301  t->input_sa_index = sa - im->sad;
303  sa->spi = args->remote_spi;
304  sa->tunnel_src_addr.ip4.as_u32 = args->remote_ip.as_u32;
305  sa->tunnel_dst_addr.ip4.as_u32 = args->local_ip.as_u32;
306  sa->is_tunnel = 1;
307  sa->use_esn = args->esn;
308  sa->use_anti_replay = args->anti_replay;
309  sa->integ_alg = args->integ_alg;
310  sa->udp_encap = args->udp_encap;
311  sa->tx_fib_index = ~((u32) 0); /* Not used, but set for troubleshooting */
312  if (args->remote_integ_key_len <= sizeof (args->remote_integ_key))
313  {
316  args->remote_integ_key_len);
317  }
318  sa->crypto_alg = args->crypto_alg;
319  if (args->remote_crypto_key_len <= sizeof (args->remote_crypto_key))
320  {
323  args->remote_crypto_key_len);
324  }
325 
326  pool_get (im->sad, sa);
327  clib_memset (sa, 0, sizeof (*sa));
328  t->output_sa_index = sa - im->sad;
330  sa->spi = args->local_spi;
331  sa->tunnel_src_addr.ip4.as_u32 = args->local_ip.as_u32;
332  sa->tunnel_dst_addr.ip4.as_u32 = args->remote_ip.as_u32;
333  sa->is_tunnel = 1;
334  sa->use_esn = args->esn;
335  sa->use_anti_replay = args->anti_replay;
336  sa->integ_alg = args->integ_alg;
337  sa->udp_encap = args->udp_encap;
338  sa->tx_fib_index = tx_fib_index;
339  if (args->local_integ_key_len <= sizeof (args->local_integ_key))
340  {
343  args->local_integ_key_len);
344  }
345  sa->crypto_alg = args->crypto_alg;
346  if (args->local_crypto_key_len <= sizeof (args->local_crypto_key))
347  {
350  args->local_crypto_key_len);
351  }
352 
354  t - im->tunnel_interfaces);
355 
356  hw_if_index = vnet_register_interface (vnm, ipsec_device_class.index,
357  t - im->tunnel_interfaces,
358  ipsec_hw_class.index,
359  t - im->tunnel_interfaces);
360 
361  hi = vnet_get_hw_interface (vnm, hw_if_index);
362 
365  IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT);
366 
367  ASSERT (slot == IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT);
368 
369  t->hw_if_index = hw_if_index;
370 
371  vnet_feature_enable_disable ("interface-output", "ipsec-if-output",
372  hi->sw_if_index, 1, 0, 0);
373 
374  /*1st interface, register protocol */
375  if (pool_elts (im->tunnel_interfaces) == 1)
376  ip4_register_protocol (IP_PROTOCOL_IPSEC_ESP,
377  ipsec_if_input_node.index);
378 
379  }
380  else
381  {
382  /* check if exists */
383  if (!p)
384  return VNET_API_ERROR_INVALID_VALUE;
385 
386  t = pool_elt_at_index (im->tunnel_interfaces, p[0]);
387  hi = vnet_get_hw_interface (vnm, t->hw_if_index);
388  vnet_sw_interface_set_flags (vnm, hi->sw_if_index, 0); /* admin down */
389 
390  vnet_feature_enable_disable ("interface-output", "ipsec-if-output",
391  hi->sw_if_index, 0, 0, 0);
392 
394 
395  /* delete input and output SA */
396 
397  sa = pool_elt_at_index (im->sad, t->input_sa_index);
398  pool_put (im->sad, sa);
399 
400  sa = pool_elt_at_index (im->sad, t->output_sa_index);
401  pool_put (im->sad, sa);
402 
405 
406  pool_put (im->tunnel_interfaces, t);
407  }
408 
409  if (sw_if_index)
410  *sw_if_index = hi->sw_if_index;
411 
412  return 0;
413 }
414 
415 int
418 {
419  ipsec_tunnel_if_t *t = 0;
420  ipsec_main_t *im = &ipsec_main;
421  uword *p;
422  ipsec_sa_t *sa;
423  u64 key;
424  u32 isa, osa;
425 
426  p = hash_get (im->sa_index_by_sa_id, args->local_sa_id);
427  if (!p)
428  return VNET_API_ERROR_INVALID_VALUE;
429  isa = p[0];
430 
431  p = hash_get (im->sa_index_by_sa_id, args->remote_sa_id);
432  if (!p)
433  return VNET_API_ERROR_INVALID_VALUE;
434  osa = p[0];
435  sa = pool_elt_at_index (im->sad, p[0]);
436 
437  if (sa->is_tunnel)
438  key = (u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 | (u64) sa->spi;
439  else
440  key = (u64) args->remote_ip.as_u32 << 32 | (u64) sa->spi;
441 
442  p = hash_get (im->ipsec_if_pool_index_by_key, key);
443 
444  if (args->is_add)
445  {
446  /* check if same src/dst pair exists */
447  if (p)
448  return VNET_API_ERROR_INVALID_VALUE;
449 
451  clib_memset (t, 0, sizeof (*t));
452 
453  t->input_sa_index = isa;
454  t->output_sa_index = osa;
455  t->hw_if_index = ~0;
457  t - im->tunnel_interfaces);
458 
459  /*1st interface, register protocol */
460  if (pool_elts (im->tunnel_interfaces) == 1)
461  ip4_register_protocol (IP_PROTOCOL_IPSEC_ESP,
462  ipsec_if_input_node.index);
463  }
464  else
465  {
466  /* check if exists */
467  if (!p)
468  return VNET_API_ERROR_INVALID_VALUE;
469 
470  t = pool_elt_at_index (im->tunnel_interfaces, p[0]);
472  pool_put (im->tunnel_interfaces, t);
473  }
474  return 0;
475 }
476 
477 int
479  ipsec_if_set_key_type_t type, u8 alg, u8 * key)
480 {
481  ipsec_main_t *im = &ipsec_main;
484  ipsec_sa_t *sa;
485 
486  hi = vnet_get_hw_interface (vnm, hw_if_index);
488 
490  return VNET_API_ERROR_SYSCALL_ERROR_1;
491 
493  {
494  sa = pool_elt_at_index (im->sad, t->output_sa_index);
495  sa->crypto_alg = alg;
496  sa->crypto_key_len = vec_len (key);
497  clib_memcpy (sa->crypto_key, key, vec_len (key));
498  }
499  else if (type == IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG)
500  {
501  sa = pool_elt_at_index (im->sad, t->output_sa_index);
502  sa->integ_alg = alg;
503  sa->integ_key_len = vec_len (key);
504  clib_memcpy (sa->integ_key, key, vec_len (key));
505  }
506  else if (type == IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO)
507  {
508  sa = pool_elt_at_index (im->sad, t->input_sa_index);
509  sa->crypto_alg = alg;
510  sa->crypto_key_len = vec_len (key);
511  clib_memcpy (sa->crypto_key, key, vec_len (key));
512  }
513  else if (type == IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG)
514  {
515  sa = pool_elt_at_index (im->sad, t->input_sa_index);
516  sa->integ_alg = alg;
517  sa->integ_key_len = vec_len (key);
518  clib_memcpy (sa->integ_key, key, vec_len (key));
519  }
520  else
521  return VNET_API_ERROR_INVALID_VALUE;
522 
523  return 0;
524 }
525 
526 
527 int
528 ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id,
529  u8 is_outbound)
530 {
531  ipsec_main_t *im = &ipsec_main;
534  ipsec_sa_t *sa, *old_sa;
535  u32 sa_index, old_sa_index;
536  uword *p;
537 
538  hi = vnet_get_hw_interface (vnm, hw_if_index);
540 
541  sa_index = ipsec_get_sa_index_by_sa_id (sa_id);
542  if (sa_index == ~0)
543  {
544  clib_warning ("SA with ID %u not found", sa_id);
545  return VNET_API_ERROR_INVALID_VALUE;
546  }
547 
548  if (ipsec_is_sa_used (sa_index))
549  {
550  clib_warning ("SA with ID %u is already in use", sa_id);
551  return VNET_API_ERROR_INVALID_VALUE;
552  }
553 
554  sa = pool_elt_at_index (im->sad, sa_index);
555  if (sa->is_tunnel_ip6)
556  {
557  clib_warning ("IPsec interface not supported with IPv6 endpoints");
558  return VNET_API_ERROR_UNIMPLEMENTED;
559  }
560 
561  if (!is_outbound)
562  {
563  u64 key;
564 
565  old_sa_index = t->input_sa_index;
566  old_sa = pool_elt_at_index (im->sad, old_sa_index);
567 
568  /* unset old inbound hash entry. packets should stop arriving */
569  key =
570  (u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) old_sa->spi;
571  p = hash_get (im->ipsec_if_pool_index_by_key, key);
572  if (p)
574 
575  /* set new inbound SA, then set new hash entry */
576  t->input_sa_index = sa_index;
577  key = (u64) sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) sa->spi;
579  }
580  else
581  {
582  old_sa_index = t->output_sa_index;
583  old_sa = pool_elt_at_index (im->sad, old_sa_index);
584  t->output_sa_index = sa_index;
585  }
586 
587  /* remove sa_id to sa_index mapping on old SA */
588  if (ipsec_get_sa_index_by_sa_id (old_sa->id) == old_sa_index)
589  hash_unset (im->sa_index_by_sa_id, old_sa->id);
590 
591  if (ipsec_add_del_sa_sess_cb (im, old_sa_index, 0))
592  {
593  clib_warning ("IPsec backend add/del callback returned error");
594  return VNET_API_ERROR_SYSCALL_ERROR_1;
595  }
596  pool_put (im->sad, old_sa);
597 
598  return 0;
599 }
600 
601 
602 clib_error_t *
604 {
605  ipsec_main_t *im = &ipsec_main;
606 
607  im->ipsec_if_pool_index_by_key = hash_create (0, sizeof (uword));
608  im->ipsec_if_real_dev_by_show_dev = hash_create (0, sizeof (uword));
609 
610  return 0;
611 }
612 
614 
615 
616 /*
617  * fd.io coding-style-patch-verification: ON
618  *
619  * Local Variables:
620  * eval: (c-set-style "gnu")
621  * End:
622  */
vmrglw vmrglh hi
static char * ipsec_if_tx_error_strings[]
Definition: ipsec_if.c:42
VNET_DEVICE_CLASS(ipsec_device_class, static)
#define hash_set(h, key, value)
Definition: hash.h:255
u32 flags
Definition: vhost_user.h:115
#define CLIB_UNUSED(x)
Definition: clib.h:82
ipsec_tunnel_if_t * tunnel_interfaces
Definition: ipsec.h:356
ip46_address_t tunnel_src_addr
Definition: ipsec.h:139
#define hash_unset(h, key)
Definition: hash.h:261
a
Definition: bitmap.h:538
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 thread_index, u32 index, u64 n_packets, u64 n_bytes)
Increment a combined counter.
Definition: counter.h:220
u32 id
Definition: ipsec.h:121
vnet_main_t * vnet_get_main(void)
Definition: misc.c:47
static vnet_hw_interface_t * vnet_get_sup_hw_interface(vnet_main_t *vnm, u32 sw_if_index)
vnet_interface_main_t interface_main
Definition: vnet.h:56
#define PREDICT_TRUE(x)
Definition: clib.h:112
unsigned long u64
Definition: types.h:89
#define NULL
Definition: clib.h:58
int ipsec_set_interface_sa(vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
Definition: ipsec_if.c:528
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:129
static vnet_hw_interface_t * vnet_get_hw_interface(vnet_main_t *vnm, u32 hw_if_index)
u32 thread_index
Definition: main.h:179
int ipsec_add_del_tunnel_if(ipsec_add_del_tunnel_args_t *args)
Definition: ipsec_if.c:246
u8 is_tunnel
Definition: ipsec.h:136
clib_memset(h->entries, 0, sizeof(h->entries[0])*entries)
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:419
u32 ipsec_get_sa_index_by_sa_id(u32 sa_id)
Definition: ipsec.c:33
void ip4_register_protocol(u32 protocol, u32 node_index)
Definition: ip4_forward.c:1700
static uword vlib_buffer_length_in_chain(vlib_main_t *vm, vlib_buffer_t *b)
Get length in bytes of the buffer chain.
Definition: buffer_funcs.h:267
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:236
uword * ipsec_if_pool_index_by_key
Definition: ipsec.h:374
unsigned char u8
Definition: types.h:56
u8 crypto_key[128]
Definition: ipsec.h:127
u32 spi
Definition: ipsec.h:122
#define clib_memcpy(d, s, n)
Definition: string.h:180
clib_error_t * ipsec_tunnel_if_init(vlib_main_t *vm)
Definition: ipsec_if.c:603
u8 integ_key[128]
Definition: ipsec.h:131
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:163
ipsec_main_t ipsec_main
Definition: ipsec.c:30
u32 sw_if_index
Definition: vxlan_gbp.api:37
vlib_combined_counter_main_t * combined_sw_if_counters
Definition: interface.h:839
u8 use_esn
Definition: ipsec.h:133
vnet_hw_interface_flags_t flags
Definition: interface.h:516
ip4_address_t remote_ip
Definition: ipsec.h:171
uword vlib_node_add_next_with_slot(vlib_main_t *vm, uword node_index, uword next_node_index, uword slot)
Definition: node.c:205
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
Definition: ipsec_if.c:478
unsigned int u32
Definition: types.h:88
u32 fib_table_find(fib_protocol_t proto, u32 table_id)
Get the index of the FIB for a Table-ID.
Definition: fib_table.c:1064
static uword ipsec_if_tx_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame)
Definition: ipsec_if.c:74
u32 vnet_register_interface(vnet_main_t *vnm, u32 dev_class_index, u32 dev_instance, u32 hw_class_index, u32 hw_instance)
Definition: interface.c:740
static clib_error_t * ipsec_admin_up_down_function(vnet_main_t *vnm, u32 hw_if_index, u32 flags)
Definition: ipsec_if.c:161
u8 udp_encap
Definition: ipsec.h:138
#define hash_get(h, key)
Definition: hash.h:249
u32 tx_fib_index
Definition: ipsec.h:142
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:511
#define foreach_ipsec_if_tx_error
Definition: ipsec_if.c:39
vlib_main_t * vlib_main
Definition: vnet.h:80
u8 is_tunnel_ip6
Definition: ipsec.h:137
u32 esp4_encrypt_node_index
Definition: ipsec.h:379
vnet_main_t * vnet_main
Definition: ipsec.h:365
clib_error_t * ipsec_check_support_cb(ipsec_main_t *im, ipsec_sa_t *sa)
Definition: ipsec.c:579
#define pool_put(P, E)
Free an object E in pool P.
Definition: pool.h:286
#define PREDICT_FALSE(x)
Definition: clib.h:111
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
Definition: buffer_node.h:218
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
Definition: node_funcs.h:368
ip46_address_t tunnel_dst_addr
Definition: ipsec.h:140
ipsec_if_tx_error_t
Definition: ipsec_if.c:48
#define pool_get_aligned(P, E, A)
Allocate an object E from a pool P with alignment A.
Definition: pool.h:230
ipsec_if_set_key_type_t
Definition: ipsec.h:199
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:174
clib_error_t * ipsec_add_del_sa_sess_cb(ipsec_main_t *im, u32 sa_index, u8 is_add)
Definition: ipsec.c:557
u16 n_vectors
Definition: node.h:420
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:212
vlib_main_t * vm
Definition: buffer.c:301
u8 * format_ipsec_if_tx_trace(u8 *s, va_list *args)
Definition: ipsec_if.c:63
void vl_api_rpc_call_main_thread(void *fp, u8 *data, u32 data_length)
Definition: vlib_api.c:623
vlib_node_registration_t ipsec_if_input_node
(constructor) VLIB_REGISTER_NODE (ipsec_if_input_node)
Definition: ipsec_if_in.c:224
#define clib_warning(format, args...)
Definition: error.h:59
uword * sa_index_by_sa_id
Definition: ipsec.h:373
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
Definition: main.c:459
u32 output_sa_index
Definition: ipsec.h:260
uword * ipsec_if_real_dev_by_show_dev
Definition: ipsec.h:375
u8 * default_build_rewrite(vnet_main_t *vnm, u32 sw_if_index, vnet_link_t link_type, const void *dst_address)
Return a complete, zero-length (aka dummy) rewrite.
Definition: interface.c:1550
int ipsec_add_del_ipsec_gre_tunnel(vnet_main_t *vnm, ipsec_add_del_ipsec_gre_tunnel_args_t *args)
Definition: ipsec_if.c:416
#define hash_create(elts, value_bytes)
Definition: hash.h:696
u8 ipsec_is_sa_used(u32 sa_index)
Definition: ipsec.c:380
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
Definition: node.h:538
#define ASSERT(truth)
static int ipsec_add_del_tunnel_if_rpc_callback(ipsec_add_del_tunnel_args_t *a)
Definition: ipsec_if.c:237
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:179
ip4_address_t local_ip
Definition: ipsec.h:171
ipsec_sa_t * sad
Definition: ipsec.h:353
u8 integ_key_len
Definition: ipsec.h:130
u32 show_instance
Definition: ipsec.h:262
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index)
Definition: ipsec_if.c:254
ipsec_protocol_t protocol
Definition: ipsec.h:123
void vnet_delete_hw_interface(vnet_main_t *vnm, u32 hw_if_index)
Definition: interface.c:950
u32 input_sa_index
Definition: ipsec.h:259
u32 seq
Definition: ipsec.h:146
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace_funcs.h:57
u8 crypto_key_len
Definition: ipsec.h:126
Definition: defs.h:47
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
VNET_HW_INTERFACE_CLASS(ipsec_hw_class)
clib_error_t * vnet_hw_interface_set_flags(vnet_main_t *vnm, u32 hw_if_index, vnet_hw_interface_flags_t flags)
Definition: interface.c:504
u64 uword
Definition: types.h:112
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:274
a point 2 point interface
Definition: interface.h:382
#define vnet_buffer(b)
Definition: buffer.h:368
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:125
static u8 * format_ipsec_name(u8 *s, va_list *args)
Definition: ipsec_if.c:29
clib_error_t * vnet_sw_interface_set_flags(vnet_main_t *vnm, u32 sw_if_index, vnet_sw_interface_flags_t flags)
Definition: interface.c:513
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
Definition: buffer.h:117
u8 use_anti_replay
Definition: ipsec.h:134
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:62
int vnet_feature_enable_disable(const char *arc_name, const char *node_name, u32 sw_if_index, int enable_disable, void *feature_config, u32 n_feature_config_bytes)
Definition: feature.c:274
static uword pool_elts(void *v)
Number of active elements in a pool.
Definition: pool.h:128