FD.io VPP  v19.04.4-rc0-5-ge88582fac
Vector Packet Processing
ipsec_if_in.c
Go to the documentation of this file.
1 /*
2  * ipsec_if_in.c : IPSec interface input node
3  *
4  * Copyright (c) 2015 Cisco and/or its affiliates.
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
18 #include <vnet/vnet.h>
19 #include <vnet/api_errno.h>
20 #include <vnet/ip/ip.h>
21 
22 #include <vnet/ipsec/ipsec.h>
23 #include <vnet/ipsec/esp.h>
24 #include <vnet/ipsec/ipsec_io.h>
25 #include <vnet/ipsec/ipsec_punt.h>
26 
27 /* Statistics (not really errors) */
28 #define foreach_ipsec_if_input_error \
29 _(RX, "good packets received") \
30 _(DISABLED, "ipsec packets received on disabled interface") \
31 _(NO_TUNNEL, "no matching tunnel") \
32 _(SPI_0, "SPI 0")
33 
34 static char *ipsec_if_input_error_strings[] = {
35 #define _(sym,string) string,
36  foreach_ipsec_if_input_error
37 #undef _
38 };
39 
40 typedef enum
41 {
42 #define _(sym,str) IPSEC_IF_INPUT_ERROR_##sym,
43  foreach_ipsec_if_input_error
44 #undef _
45  IPSEC_IF_INPUT_N_ERROR,
46 } ipsec_if_input_error_t;
47 
48 
49 typedef struct
50 {
51  u32 spi;
52  u32 seq;
53 } ipsec_if_input_trace_t;
54 
55 static u8 *
56 format_ipsec_if_input_trace (u8 * s, va_list * args)
57 {
58  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
59  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
60  ipsec_if_input_trace_t *t = va_arg (*args, ipsec_if_input_trace_t *);
61 
62  s = format (s, "IPSec: spi %u seq %u", t->spi, t->seq);
63  return s;
64 }
65 
66 always_inline u16
67 ipsec_ip4_if_no_tunnel (vlib_node_runtime_t * node,
68  vlib_buffer_t * b,
69  const esp_header_t * esp,
70  const ip4_header_t * ip4, u16 offset)
71 {
72  if (PREDICT_FALSE (0 == esp->spi))
73  {
74  b->error = node->errors[IPSEC_IF_INPUT_ERROR_SPI_0];
75  b->punt_reason =
76  ipsec_punt_reason[(ip4->protocol == IP_PROTOCOL_UDP ?
77  IPSEC_PUNT_IP4_SPI_UDP_0 : IPSEC_PUNT_IP4_SPI_0)];
78  }
79  else
80  {
81  b->error = node->errors[IPSEC_IF_INPUT_ERROR_NO_TUNNEL];
82  b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP4_NO_SUCH_TUNNEL];
83  }
84  vlib_buffer_advance (b, -offset);
85  return IPSEC_INPUT_NEXT_PUNT;
86 }
87 
88 always_inline u16
89 ipsec_ip6_if_no_tunnel (vlib_node_runtime_t * node,
90  vlib_buffer_t * b,
91  const esp_header_t * esp, u16 offset)
92 {
93  if (PREDICT_FALSE (0 == esp->spi))
94  {
95  b->error = node->errors[IPSEC_IF_INPUT_ERROR_NO_TUNNEL];
96  b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_SPI_0];
97  }
98  else
99  {
100  b->error = node->errors[IPSEC_IF_INPUT_ERROR_NO_TUNNEL];
101  b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_NO_SUCH_TUNNEL];
102  }
103  vlib_buffer_advance (b, -offset);
104  return (IPSEC_INPUT_NEXT_PUNT);
105 }
106 
107 always_inline uword
108 ipsec_if_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
109  vlib_frame_t * from_frame, int is_ip6)
110 {
111  ipsec_main_t *im = &ipsec_main;
112  vnet_main_t *vnm = im->vnet_main;
113  vnet_interface_main_t *vim = &vnm->interface_main;
114 
115  int is_trace = node->flags & VLIB_NODE_FLAG_TRACE;
116  u32 thread_index = vm->thread_index;
117 
118  u32 n_left_from, *from;
119  u16 nexts[VLIB_FRAME_SIZE], *next;
120  vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
121 
122  from = vlib_frame_vector_args (from_frame);
123  n_left_from = from_frame->n_vectors;
124 
125  vlib_get_buffers (vm, from, bufs, n_left_from);
126  b = bufs;
127  next = nexts;
128 
129  clib_memset_u16 (nexts, im->esp4_decrypt_next_index, n_left_from);
130 
131  u64 n_bytes = 0, n_packets = 0;
132  u32 n_disabled = 0, n_no_tunnel = 0;
133 
134  u32 last_sw_if_index = ~0;
135  u32 last_tunnel_id = ~0;
136  ipsec4_tunnel_key_t last_key4;
137  ipsec6_tunnel_key_t last_key6;
138 
139  vlib_combined_counter_main_t *rx_counter;
140  vlib_combined_counter_main_t *drop_counter;
141 
142  if (is_ip6)
143  clib_memset (&last_key6, 0xff, sizeof (last_key6));
144  else
145  last_key4.as_u64 = ~0;
146 
147  rx_counter = vim->combined_sw_if_counters + VNET_INTERFACE_COUNTER_RX;
148  drop_counter = vim->combined_sw_if_counters + VNET_INTERFACE_COUNTER_DROP;
149 
150  while (n_left_from >= 2)
151  {
152  u32 sw_if_index0, sw_if_index1;
153  ip4_header_t *ip40, *ip41;
154  ip6_header_t *ip60, *ip61;
155  esp_header_t *esp0, *esp1;
156  u32 len0, len1;
157  u16 buf_adv0, buf_adv1;
158  u32 tid0, tid1;
159  ipsec_tunnel_if_t *t0, *t1;
160  ipsec4_tunnel_key_t key40, key41;
161  ipsec6_tunnel_key_t key60, key61;
162 
163  if (n_left_from >= 4)
164  {
165  CLIB_PREFETCH (b[2], CLIB_CACHE_LINE_BYTES, STORE);
166  CLIB_PREFETCH (b[2]->data, CLIB_CACHE_LINE_BYTES, LOAD);
167  CLIB_PREFETCH (b[3], CLIB_CACHE_LINE_BYTES, STORE);
168  CLIB_PREFETCH (b[3]->data, CLIB_CACHE_LINE_BYTES, LOAD);
169  }
170 
171  ip40 =
172  (ip4_header_t *) (b[0]->data + vnet_buffer (b[0])->l3_hdr_offset);
173  ip41 =
174  (ip4_header_t *) (b[1]->data + vnet_buffer (b[1])->l3_hdr_offset);
175 
176  if (is_ip6)
177  {
178  ip60 = (ip6_header_t *) ip40;
179  ip61 = (ip6_header_t *) ip41;
180  esp0 = (esp_header_t *) ((u8 *) ip60 + sizeof (ip6_header_t));
181  esp1 = (esp_header_t *) ((u8 *) ip61 + sizeof (ip6_header_t));
182  buf_adv0 = sizeof (ip6_header_t);
183  buf_adv1 = sizeof (ip6_header_t);
184  }
185  else
186  {
187  /* NAT UDP port 4500 case, don't advance any more */
188  if (ip40->protocol == IP_PROTOCOL_UDP)
189  {
190  esp0 =
191  (esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40) +
192  sizeof (udp_header_t));
193  buf_adv0 = 0;
194  }
195  else
196  {
197  esp0 = (esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40));
198  buf_adv0 = ip4_header_bytes (ip40);
199  }
200  /* NAT UDP port 4500 case, don't advance any more */
201  if (ip41->protocol == IP_PROTOCOL_UDP)
202  {
203  esp1 =
204  (esp_header_t *) ((u8 *) ip41 + ip4_header_bytes (ip41) +
205  sizeof (udp_header_t));
206  buf_adv1 = 0;
207  }
208  else
209  {
210  esp1 = (esp_header_t *) ((u8 *) ip41 + ip4_header_bytes (ip41));
211  buf_adv1 = ip4_header_bytes (ip41);
212  }
213  }
214 
215  vlib_buffer_advance (b[0], buf_adv0);
216  vlib_buffer_advance (b[1], buf_adv1);
217 
218  len0 = vlib_buffer_length_in_chain (vm, b[0]);
219  len1 = vlib_buffer_length_in_chain (vm, b[1]);
220 
221  if (is_ip6)
222  {
223  key60.remote_ip = ip60->src_address;
224  key60.spi = esp0->spi;
225 
226  if (memcmp (&key60, &last_key6, sizeof (last_key6)) == 0)
227  {
228  tid0 = last_tunnel_id;
229  }
230  else
231  {
232  uword *p =
233  hash_get_mem (im->ipsec6_if_pool_index_by_key, &key60);
234  if (p)
235  {
236  tid0 = p[0];
237  last_tunnel_id = tid0;
238  clib_memcpy_fast (&last_key6, &key60, sizeof (key60));
239  }
240  else
241  {
242  next[0] =
243  ipsec_ip6_if_no_tunnel (node, b[0], esp0, buf_adv0);
244  n_no_tunnel++;
245  goto pkt1;
246  }
247  }
248  }
249  else /* !is_ip6 */
250  {
251  key40.remote_ip = ip40->src_address.as_u32;
252  key40.spi = esp0->spi;
253 
254  if (key40.as_u64 == last_key4.as_u64)
255  {
256  tid0 = last_tunnel_id;
257  }
258  else
259  {
260  uword *p =
261  hash_get (im->ipsec4_if_pool_index_by_key, key40.as_u64);
262  if (p)
263  {
264  tid0 = p[0];
265  last_tunnel_id = tid0;
266  last_key4.as_u64 = key40.as_u64;
267  }
268  else
269  {
270  next[0] =
271  ipsec_ip4_if_no_tunnel (node, b[0], esp0, ip40, buf_adv0);
272  n_no_tunnel++;
273  goto pkt1;
274  }
275  }
276  }
277 
278  t0 = pool_elt_at_index (im->tunnel_interfaces, tid0);
279  vnet_buffer (b[0])->ipsec.sad_index = t0->input_sa_index;
280 
281  if (PREDICT_TRUE (t0->hw_if_index != ~0))
282  {
283  sw_if_index0 = t0->sw_if_index;
284  vnet_buffer (b[0])->sw_if_index[VLIB_RX] = sw_if_index0;
285 
286  if (PREDICT_FALSE (!(t0->flags & VNET_HW_INTERFACE_FLAG_LINK_UP)))
287  {
288  vlib_increment_combined_counter
289  (drop_counter, thread_index, sw_if_index0, 1, len0);
290  n_disabled++;
291  b[0]->error = node->errors[IPSEC_IF_INPUT_ERROR_DISABLED];
292  next[0] = IPSEC_INPUT_NEXT_DROP;
293  goto pkt1;
294  }
295 
296  if (PREDICT_TRUE (sw_if_index0 == last_sw_if_index))
297  {
298  n_packets++;
299  n_bytes += len0;
300  }
301  else
302  {
303  if (n_packets)
304  {
305  vlib_increment_combined_counter
306  (rx_counter, thread_index, last_sw_if_index,
307  n_packets, n_bytes);
308  }
309 
310  last_sw_if_index = sw_if_index0;
311  n_packets = 1;
312  n_bytes = len0;
313  }
314  }
315 
316  pkt1:
317  if (is_ip6)
318  {
319  key61.remote_ip = ip61->src_address;
320  key61.spi = esp1->spi;
321 
322  if (memcmp (&key61, &last_key6, sizeof (last_key6)) == 0)
323  {
324  tid1 = last_tunnel_id;
325  }
326  else
327  {
328  uword *p =
329  hash_get_mem (im->ipsec6_if_pool_index_by_key, &key61);
330  if (p)
331  {
332  tid1 = p[0];
333  last_tunnel_id = tid1;
334  clib_memcpy_fast (&last_key6, &key61, sizeof (key61));
335  }
336  else
337  {
338  next[1] =
339  ipsec_ip6_if_no_tunnel (node, b[1], esp1, buf_adv1);
340  n_no_tunnel++;
341  goto trace1;
342  }
343  }
344  }
345  else /* !is_ip6 */
346  {
347  key41.remote_ip = ip41->src_address.as_u32;
348  key41.spi = esp1->spi;
349 
350  if (key41.as_u64 == last_key4.as_u64)
351  {
352  tid1 = last_tunnel_id;
353  }
354  else
355  {
356  uword *p =
357  hash_get (im->ipsec4_if_pool_index_by_key, key41.as_u64);
358  if (p)
359  {
360  tid1 = p[0];
361  last_tunnel_id = tid1;
362  last_key4.as_u64 = key41.as_u64;
363  }
364  else
365  {
366  next[1] =
367  ipsec_ip4_if_no_tunnel (node, b[1], esp1, ip41, buf_adv1);
368  n_no_tunnel++;
369  goto trace1;
370  }
371  }
372  }
373 
374  t1 = pool_elt_at_index (im->tunnel_interfaces, tid1);
375  vnet_buffer (b[1])->ipsec.sad_index = t1->input_sa_index;
376 
377  if (PREDICT_TRUE (t1->hw_if_index != ~0))
378  {
379  sw_if_index1 = t1->sw_if_index;
380  vnet_buffer (b[1])->sw_if_index[VLIB_RX] = sw_if_index1;
381 
382  if (PREDICT_FALSE (!(t1->flags & VNET_HW_INTERFACE_FLAG_LINK_UP)))
383  {
384  vlib_increment_combined_counter
385  (drop_counter, thread_index, sw_if_index1, 1, len1);
386  n_disabled++;
387  b[1]->error = node->errors[IPSEC_IF_INPUT_ERROR_DISABLED];
388  next[1] = IPSEC_INPUT_NEXT_DROP;
389  goto trace1;
390  }
391 
392  if (PREDICT_TRUE (sw_if_index1 == last_sw_if_index))
393  {
394  n_packets++;
395  n_bytes += len1;
396  }
397  else
398  {
399  if (n_packets)
400  {
401  vlib_increment_combined_counter
402  (rx_counter, thread_index, last_sw_if_index,
403  n_packets, n_bytes);
404  }
405 
406  last_sw_if_index = sw_if_index1;
407  n_packets = 1;
408  n_bytes = len1;
409  }
410  }
411 
412  trace1:
413  if (PREDICT_FALSE (is_trace))
414  {
415  if (b[0]->flags & VLIB_BUFFER_IS_TRACED)
416  {
417  ipsec_if_input_trace_t *tr =
418  vlib_add_trace (vm, node, b[0], sizeof (*tr));
419  tr->spi = clib_host_to_net_u32 (esp0->spi);
420  tr->seq = clib_host_to_net_u32 (esp0->seq);
421  }
422  if (b[1]->flags & VLIB_BUFFER_IS_TRACED)
423  {
424  ipsec_if_input_trace_t *tr =
425  vlib_add_trace (vm, node, b[1], sizeof (*tr));
426  tr->spi = clib_host_to_net_u32 (esp1->spi);
427  tr->seq = clib_host_to_net_u32 (esp1->seq);
428  }
429  }
430 
431  /* next */
432  b += 2;
433  next += 2;
434  n_left_from -= 2;
435  }
436  while (n_left_from > 0)
437  {
438  u32 sw_if_index0;
439  ip4_header_t *ip40;
440  ip6_header_t *ip60;
441  esp_header_t *esp0;
442  u32 len0;
443  u16 buf_adv0;
444  u32 tid0;
445  ipsec_tunnel_if_t *t0;
446  ipsec4_tunnel_key_t key40;
447  ipsec6_tunnel_key_t key60;
448 
449  ip40 =
450  (ip4_header_t *) (b[0]->data + vnet_buffer (b[0])->l3_hdr_offset);
451 
452  if (is_ip6)
453  {
454  ip60 = (ip6_header_t *) ip40;
455  esp0 = (esp_header_t *) ((u8 *) ip60 + sizeof (ip6_header_t));
456  buf_adv0 = sizeof (ip6_header_t);
457  }
458  else
459  {
460  /* NAT UDP port 4500 case, don't advance any more */
461  if (ip40->protocol == IP_PROTOCOL_UDP)
462  {
463  esp0 =
464  (esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40) +
465  sizeof (udp_header_t));
466  buf_adv0 = 0;
467  }
468  else
469  {
470  esp0 = (esp_header_t *) ((u8 *) ip40 + ip4_header_bytes (ip40));
471  buf_adv0 = ip4_header_bytes (ip40);
472  }
473  }
474 
475  /* stats for the tunnel include all the data after the IP header
476  just like a norml IP-IP tunnel */
477  vlib_buffer_advance (b[0], buf_adv0);
478  len0 = vlib_buffer_length_in_chain (vm, b[0]);
479 
480  if (is_ip6)
481  {
482  key60.remote_ip = ip60->src_address;
483  key60.spi = esp0->spi;
484 
485  if (memcmp (&key60, &last_key6, sizeof (last_key6)) == 0)
486  {
487  tid0 = last_tunnel_id;
488  }
489  else
490  {
491  uword *p =
492  hash_get_mem (im->ipsec6_if_pool_index_by_key, &key60);
493  if (p)
494  {
495  tid0 = p[0];
496  last_tunnel_id = tid0;
497  clib_memcpy_fast (&last_key6, &key60, sizeof (key60));
498  }
499  else
500  {
501  next[0] =
502  ipsec_ip6_if_no_tunnel (node, b[0], esp0, buf_adv0);
503  n_no_tunnel++;
504  goto trace00;
505  }
506  }
507  }
508  else /* !is_ip6 */
509  {
510  key40.remote_ip = ip40->src_address.as_u32;
511  key40.spi = esp0->spi;
512 
513  if (key40.as_u64 == last_key4.as_u64)
514  {
515  tid0 = last_tunnel_id;
516  }
517  else
518  {
519  uword *p =
520  hash_get (im->ipsec4_if_pool_index_by_key, key40.as_u64);
521  if (p)
522  {
523  tid0 = p[0];
524  last_tunnel_id = tid0;
525  last_key4.as_u64 = key40.as_u64;
526  }
527  else
528  {
529  next[0] =
530  ipsec_ip4_if_no_tunnel (node, b[0], esp0, ip40, buf_adv0);
531  n_no_tunnel++;
532  goto trace00;
533  }
534  }
535  }
536 
537  t0 = pool_elt_at_index (im->tunnel_interfaces, tid0);
538  vnet_buffer (b[0])->ipsec.sad_index = t0->input_sa_index;
539 
540  if (PREDICT_TRUE (t0->hw_if_index != ~0))
541  {
542  sw_if_index0 = t0->sw_if_index;
543  vnet_buffer (b[0])->sw_if_index[VLIB_RX] = sw_if_index0;
544 
545  if (PREDICT_FALSE (!(t0->flags & VNET_HW_INTERFACE_FLAG_LINK_UP)))
546  {
547  vlib_increment_combined_counter
548  (drop_counter, thread_index, sw_if_index0, 1, len0);
549  n_disabled++;
550  b[0]->error = node->errors[IPSEC_IF_INPUT_ERROR_DISABLED];
551  next[0] = IPSEC_INPUT_NEXT_DROP;
552  goto trace00;
553  }
554 
555  if (PREDICT_TRUE (sw_if_index0 == last_sw_if_index))
556  {
557  n_packets++;
558  n_bytes += len0;
559  }
560  else
561  {
562  if (n_packets)
563  {
564  vlib_increment_combined_counter
565  (rx_counter, thread_index, last_sw_if_index,
566  n_packets, n_bytes);
567  }
568 
569  last_sw_if_index = sw_if_index0;
570  n_packets = 1;
571  n_bytes = len0;
572  }
573  }
574 
575  trace00:
576  if (PREDICT_FALSE (is_trace))
577  {
578  if (b[0]->flags & VLIB_BUFFER_IS_TRACED)
579  {
580  ipsec_if_input_trace_t *tr =
581  vlib_add_trace (vm, node, b[0], sizeof (*tr));
582  tr->spi = clib_host_to_net_u32 (esp0->spi);
583  tr->seq = clib_host_to_net_u32 (esp0->seq);
584  }
585  }
586 
587  /* next */
588  b += 1;
589  next += 1;
590  n_left_from -= 1;
591  }
592 
593  if (n_packets)
594  {
595  vlib_increment_combined_counter (rx_counter,
596  thread_index,
597  last_sw_if_index, n_packets, n_bytes);
598  }
599 
600  vlib_node_increment_counter (vm, node->node_index,
601  IPSEC_IF_INPUT_ERROR_RX,
602  from_frame->n_vectors - (n_disabled +
603  n_no_tunnel));
604 
605  vlib_buffer_enqueue_to_next (vm, node, from, nexts, from_frame->n_vectors);
606 
607  return from_frame->n_vectors;
608 }
609 
610 VLIB_NODE_FN (ipsec4_if_input_node) (vlib_main_t * vm,
611  vlib_node_runtime_t * node,
612  vlib_frame_t * from_frame)
613 {
614  return ipsec_if_input_inline (vm, node, from_frame, 0 /* is_ip6 */ );
615 }
616 
617 /* *INDENT-OFF* */
618 VLIB_REGISTER_NODE (ipsec4_if_input_node) = {
619  .name = "ipsec4-if-input",
620  .vector_size = sizeof (u32),
621  .format_trace = format_ipsec_if_input_trace,
622  .type = VLIB_NODE_TYPE_INTERNAL,
623  .n_errors = ARRAY_LEN(ipsec_if_input_error_strings),
624  .error_strings = ipsec_if_input_error_strings,
625  .sibling_of = "ipsec4-input-feature",
626 };
627 /* *INDENT-ON* */
628 
629 VLIB_NODE_FN (ipsec6_if_input_node) (vlib_main_t * vm,
630  vlib_node_runtime_t * node,
631  vlib_frame_t * from_frame)
632 {
633  return ipsec_if_input_inline (vm, node, from_frame, 1 /* is_ip6 */ );
634 }
635 
636 /* *INDENT-OFF* */
637 VLIB_REGISTER_NODE (ipsec6_if_input_node) = {
638  .name = "ipsec6-if-input",
639  .vector_size = sizeof (u32),
640  .format_trace = format_ipsec_if_input_trace,
641  .type = VLIB_NODE_TYPE_INTERNAL,
642  .n_errors = ARRAY_LEN(ipsec_if_input_error_strings),
643  .error_strings = ipsec_if_input_error_strings,
644  .sibling_of = "ipsec6-input-feature",
645 };
646 /* *INDENT-ON* */
647 
648 /*
649  * fd.io coding-style-patch-verification: ON
650  *
651  * Local Variables:
652  * eval: (c-set-style "gnu")
653  * End:
654  */
ipsec_if_input_error_t
ipsec_if_input_error_t
Definition: ipsec_if_in.c:40
flags
u32 flags
Definition: vhost_user.h:115
vnet_interface_main_t
Definition: interface.h:798
CLIB_UNUSED
#define CLIB_UNUSED(x)
Definition: clib.h:82
ipsec_main_t::tunnel_interfaces
ipsec_tunnel_if_t * tunnel_interfaces
Definition: ipsec.h:100
vlib_increment_combined_counter
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 thread_index, u32 index, u64 n_packets, u64 n_bytes)
Increment a combined counter.
Definition: counter.h:220
ipsec4_if_input_node
vlib_node_registration_t ipsec4_if_input_node
(constructor) VLIB_REGISTER_NODE (ipsec4_if_input_node)
Definition: ipsec_if_in.c:618
ip4_header_t::src_address
ip4_address_t src_address
Definition: ip4_packet.h:170
ipsec_main_t::ipsec4_if_pool_index_by_key
uword * ipsec4_if_pool_index_by_key
Definition: ipsec.h:112
vnet_main_t::interface_main
vnet_interface_main_t interface_main
Definition: vnet.h:56
PREDICT_TRUE
#define PREDICT_TRUE(x)
Definition: clib.h:112
u64
unsigned long u64
Definition: types.h:89
foreach_ipsec_if_input_error
#define foreach_ipsec_if_input_error
Definition: ipsec_if_in.c:28
clib_memcpy_fast
#define clib_memcpy_fast(a, b, c)
Definition: string.h:81
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
vlib_main_t::thread_index
u32 thread_index
Definition: main.h:197
format_ipsec_if_input_trace
static u8 * format_ipsec_if_input_trace(u8 *s, va_list *args)
Definition: ipsec_if_in.c:56
ipsec_if_input_trace_t
Definition: ipsec_if_in.c:49
format
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
data
u8 data[128]
Definition: ipsec.api:248
VLIB_NODE_FN
#define VLIB_NODE_FN(node)
Definition: node.h:201
ipsec_tunnel_if_t
Definition: ipsec_if.h:29
vlib_node_runtime_t::errors
vlib_error_t * errors
Vector of errors for this node.
Definition: node.h:468
ipsec_ip4_if_no_tunnel
static u16 ipsec_ip4_if_no_tunnel(vlib_node_runtime_t *node, vlib_buffer_t *b, const esp_header_t *esp, const ip4_header_t *ip4, u16 offset)
Definition: ipsec_if_in.c:67
vlib_buffer_length_in_chain
static uword vlib_buffer_length_in_chain(vlib_main_t *vm, vlib_buffer_t *b)
Get length in bytes of the buffer chain.
Definition: buffer_funcs.h:366
udp_header_t
Definition: udp_packet.h:43
ip6_header_t::src_address
ip6_address_t src_address
Definition: ip6_packet.h:385
u8
unsigned char u8
Definition: types.h:56
vlib_frame_t
Definition: node.h:380
IPSEC_IF_INPUT_N_ERROR
Definition: ipsec_if_in.c:45
ipsec_io.h
vlib_node_runtime_t
Definition: node.h:462
ipsec_main_t::ipsec6_if_pool_index_by_key
uword * ipsec6_if_pool_index_by_key
Definition: ipsec.h:113
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.c:28
always_inline
#define always_inline
Definition: clib.h:98
vnet_interface_main_t::combined_sw_if_counters
vlib_combined_counter_main_t * combined_sw_if_counters
Definition: interface.h:824
ipsec_main_t::esp4_decrypt_next_index
u32 esp4_decrypt_next_index
Definition: ipsec.h:129
api_errno.h
u32
unsigned int u32
Definition: types.h:88
VLIB_FRAME_SIZE
#define VLIB_FRAME_SIZE
Definition: node.h:376
ipsec_main_t
Definition: ipsec.h:90
ipsec_punt.h
vlib_buffer_t::error
vlib_error_t error
Error code for buffers to be enqueued to error handler.
Definition: buffer.h:136
hash_get
#define hash_get(h, key)
Definition: hash.h:249
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:514
ipsec_tunnel_if_t::sw_if_index
u32 sw_if_index
Definition: ipsec_if.h:36
ipsec_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ipsec.h:106
u16
unsigned short u16
Definition: types.h:57
esp_header_t
Definition: esp.h:22
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:111
ipsec_ip6_if_no_tunnel
static u16 ipsec_ip6_if_no_tunnel(vlib_node_runtime_t *node, vlib_buffer_t *b, const esp_header_t *esp, u16 offset)
Definition: ipsec_if_in.c:89
vlib_node_runtime_t::node_index
u32 node_index
Node index.
Definition: node.h:494
vlib_node_increment_counter
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
Definition: node_funcs.h:1150
vlib_buffer_t::punt_reason
u32 punt_reason
Definition: buffer.h:149
ipsec_punt_reason
vlib_punt_reason_t ipsec_punt_reason[IPSEC_PUNT_N_REASONS]
Definition: ipsec_punt.c:23
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169
vlib_frame_t::n_vectors
u16 n_vectors
Definition: node.h:395
CLIB_PREFETCH
#define CLIB_PREFETCH(addr, size, type)
Definition: cache.h:80
vm
vlib_main_t * vm
Definition: buffer.c:312
vlib_buffer_enqueue_to_next
static_always_inline void vlib_buffer_enqueue_to_next(vlib_main_t *vm, vlib_node_runtime_t *node, u32 *buffers, u16 *nexts, uword count)
Definition: buffer_node.h:332
ipsec6_if_input_node
vlib_node_registration_t ipsec6_if_input_node
(constructor) VLIB_REGISTER_NODE (ipsec6_if_input_node)
Definition: ipsec_if_in.c:637
ARRAY_LEN
#define ARRAY_LEN(x)
Definition: clib.h:62
ipsec_if_input_error_strings
static char * ipsec_if_input_error_strings[]
Definition: ipsec_if_in.c:34
vnet_main_t
Definition: vnet.h:51
ip4_header_t::protocol
u8 protocol
Definition: ip4_packet.h:160
ipsec_tunnel_if_t::flags
vnet_hw_interface_flags_t flags
Definition: ipsec_if.h:37
ipsec_tunnel_if_t::hw_if_index
u32 hw_if_index
Definition: ipsec_if.h:35
ip6_header_t
Definition: ip6_packet.h:369
esp_header_t::seq
u32 seq
Definition: esp.h:25
vlib_buffer_advance
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
Definition: buffer.h:248
esp_header_t::spi
u32 spi
Definition: esp.h:24
ipsec_tunnel_if_t::input_sa_index
u32 input_sa_index
Definition: ipsec_if.h:33
vlib_add_trace
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace_funcs.h:57
clib_memset_u16
static_always_inline void clib_memset_u16(void *p, u16 val, uword count)
Definition: string.h:378
clib_bihash_value
template key/value backing page structure
Definition: bihash_doc.h:44
vlib_main_t
Definition: main.h:68
vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:102
uword
u64 uword
Definition: types.h:112
vlib_node_t
Definition: node.h:257
ipsec_if_input_inline
static uword ipsec_if_input_inline(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame, int is_ip6)
Definition: ipsec_if_in.c:108
vlib_frame_vector_args
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:244
ipsec_if_input_trace_t::spi
u32 spi
Definition: ipsec_if_in.c:51
vlib_combined_counter_main_t
A collection of combined counters.
Definition: counter.h:188
hash_get_mem
#define hash_get_mem(h, key)
Definition: hash.h:269
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:369
vlib_node_runtime_t::flags
u16 flags
Copy of main node flags.
Definition: node.h:507
ip4_address_t::as_u32
u32 as_u32
Definition: ip4_packet.h:56
ip4_header_bytes
static int ip4_header_bytes(const ip4_header_t *i)
Definition: ip4_packet.h:235
ipsec_if_input_trace_t::seq
u32 seq
Definition: ipsec_if_in.c:52
vlib_get_buffers
static_always_inline void vlib_get_buffers(vlib_main_t *vm, u32 *bi, vlib_buffer_t **b, int count)
Translate array of buffer indices into buffer pointers.
Definition: buffer_funcs.h:244
VLIB_NODE_FLAG_TRACE
#define VLIB_NODE_FLAG_TRACE
Definition: node.h:301
CLIB_CACHE_LINE_BYTES
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
ip4_header_t
Definition: ip4_packet.h:132
VLIB_RX
Definition: defs.h:46