FD.io VPP  v21.06
Vector Packet Processing
ipsec_api.c
Go to the documentation of this file.
1 /*
2  *------------------------------------------------------------------
3  * ipsec_api.c - ipsec api
4  *
5  * Copyright (c) 2016 Cisco and/or its affiliates.
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at:
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  *------------------------------------------------------------------
18  */
19 
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
22 
23 #include <vnet/interface.h>
24 #include <vnet/api_errno.h>
25 #include <vnet/ip/ip.h>
26 #include <vnet/ip/ip_types_api.h>
27 #include <vnet/ipsec/ipsec_types_api.h>
28 #include <vnet/tunnel/tunnel_types_api.h>
29 #include <vnet/fib/fib.h>
30 #include <vnet/ipip/ipip.h>
31 #include <vnet/tunnel/tunnel_types_api.h>
32 
33 #include <vnet/vnet_msg_enum.h>
34 
35 #include <vnet/ipsec/ipsec.h>
36 #include <vnet/ipsec/ipsec_tun.h>
37 #include <vnet/ipsec/ipsec_itf.h>
38 
39 #define vl_typedefs /* define message structures */
40 #include <vnet/vnet_all_api_h.h>
41 #undef vl_typedefs
42 
43 #define vl_endianfun /* define message structures */
44 #include <vnet/vnet_all_api_h.h>
45 #undef vl_endianfun
46 
47 /* instantiate all the print functions we know about */
48 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
49 #define vl_printfun
50 #include <vnet/vnet_all_api_h.h>
51 #undef vl_printfun
52 
53 #include <vlibapi/api_helper_macros.h>
54 
55 #define foreach_vpe_api_msg \
56  _ (IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \
57  _ (IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \
58  _ (IPSEC_SPD_ENTRY_ADD_DEL, ipsec_spd_entry_add_del) \
59  _ (IPSEC_SAD_ENTRY_ADD_DEL, ipsec_sad_entry_add_del) \
60  _ (IPSEC_SAD_ENTRY_ADD_DEL_V2, ipsec_sad_entry_add_del_v2) \
61  _ (IPSEC_SAD_ENTRY_ADD_DEL_V3, ipsec_sad_entry_add_del_v3) \
62  _ (IPSEC_SA_DUMP, ipsec_sa_dump) \
63  _ (IPSEC_SA_V2_DUMP, ipsec_sa_v2_dump) \
64  _ (IPSEC_SA_V3_DUMP, ipsec_sa_v3_dump) \
65  _ (IPSEC_SPDS_DUMP, ipsec_spds_dump) \
66  _ (IPSEC_SPD_DUMP, ipsec_spd_dump) \
67  _ (IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump) \
68  _ (IPSEC_ITF_CREATE, ipsec_itf_create) \
69  _ (IPSEC_ITF_DELETE, ipsec_itf_delete) \
70  _ (IPSEC_ITF_DUMP, ipsec_itf_dump) \
71  _ (IPSEC_SELECT_BACKEND, ipsec_select_backend) \
72  _ (IPSEC_BACKEND_DUMP, ipsec_backend_dump) \
73  _ (IPSEC_TUNNEL_PROTECT_UPDATE, ipsec_tunnel_protect_update) \
74  _ (IPSEC_TUNNEL_PROTECT_DEL, ipsec_tunnel_protect_del) \
75  _ (IPSEC_TUNNEL_PROTECT_DUMP, ipsec_tunnel_protect_dump) \
76  _ (IPSEC_SET_ASYNC_MODE, ipsec_set_async_mode)
77 
78 static void
79 vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp)
80 {
81  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
82  vl_api_ipsec_spd_add_del_reply_t *rmp;
83  int rv;
84 
85  rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
86 
87  REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
88 }
89 
90 static void vl_api_ipsec_interface_add_del_spd_t_handler
91  (vl_api_ipsec_interface_add_del_spd_t * mp)
92 {
93  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
94  vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
95  int rv;
96  u32 sw_if_index __attribute__ ((unused));
97  u32 spd_id __attribute__ ((unused));
98 
99  sw_if_index = ntohl (mp->sw_if_index);
100  spd_id = ntohl (mp->spd_id);
101 
102  VALIDATE_SW_IF_INDEX (mp);
103 
104  rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
105 
106  BAD_SW_IF_INDEX_LABEL;
107 
108  REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
109 }
110 
111 static void vl_api_ipsec_tunnel_protect_update_t_handler
112  (vl_api_ipsec_tunnel_protect_update_t * mp)
113 {
114  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
115  vl_api_ipsec_tunnel_protect_update_reply_t *rmp;
116  u32 sw_if_index, ii, *sa_ins = NULL;
117  ip_address_t nh;
118  int rv;
119 
120  sw_if_index = ntohl (mp->tunnel.sw_if_index);
121 
122  VALIDATE_SW_IF_INDEX (&(mp->tunnel));
123 
124  for (ii = 0; ii < mp->tunnel.n_sa_in; ii++)
125  vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii]));
126 
127  ip_address_decode2 (&mp->tunnel.nh, &nh);
128 
129  rv = ipsec_tun_protect_update (sw_if_index, &nh,
130  ntohl (mp->tunnel.sa_out), sa_ins);
131 
132  BAD_SW_IF_INDEX_LABEL;
133 
134  REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_UPDATE_REPLY);
135 }
136 
137 static void vl_api_ipsec_tunnel_protect_del_t_handler
138  (vl_api_ipsec_tunnel_protect_del_t * mp)
139 {
140  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
141  vl_api_ipsec_tunnel_protect_del_reply_t *rmp;
142  ip_address_t nh;
143  u32 sw_if_index;
144  int rv;
145 
146  sw_if_index = ntohl (mp->sw_if_index);
147 
148  VALIDATE_SW_IF_INDEX (mp);
149 
150  ip_address_decode2 (&mp->nh, &nh);
151  rv = ipsec_tun_protect_del (sw_if_index, &nh);
152 
153  BAD_SW_IF_INDEX_LABEL;
154 
155  REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_DEL_REPLY);
156 }
157 
158 typedef struct ipsec_dump_walk_ctx_t_
159 {
160  vl_api_registration_t *reg;
161  u32 context;
162 } ipsec_dump_walk_ctx_t;
163 
164 static walk_rc_t
165 send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
166 {
167  ipsec_dump_walk_ctx_t *ctx = arg;
168  vl_api_ipsec_tunnel_protect_details_t *mp;
169  ipsec_tun_protect_t *itp;
170  u32 ii = 0;
171  ipsec_sa_t *sa;
172 
173  itp = ipsec_tun_protect_get (itpi);
174 
175  mp = vl_msg_api_alloc (sizeof (*mp) + (sizeof (u32) * itp->itp_n_sa_in));
176  clib_memset (mp, 0, sizeof (*mp));
177  mp->_vl_msg_id = ntohs (VL_API_IPSEC_TUNNEL_PROTECT_DETAILS);
178  mp->context = ctx->context;
179 
180  mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
181  ip_address_encode2 (itp->itp_key, &mp->tun.nh);
182 
183  sa = ipsec_sa_get (itp->itp_out_sa);
184  mp->tun.sa_out = htonl (sa->id);
185  mp->tun.n_sa_in = itp->itp_n_sa_in;
186  /* *INDENT-OFF* */
187  FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
188  ({
189  mp->tun.sa_in[ii++] = htonl (sa->id);
190  }));
191  /* *INDENT-ON* */
192 
193  vl_api_send_msg (ctx->reg, (u8 *) mp);
194 
195  return (WALK_CONTINUE);
196 }
197 
198 static void
199 vl_api_ipsec_tunnel_protect_dump_t_handler (vl_api_ipsec_tunnel_protect_dump_t
200  * mp)
201 {
202  vl_api_registration_t *reg;
203  u32 sw_if_index;
204 
205  reg = vl_api_client_index_to_registration (mp->client_index);
206  if (!reg)
207  return;
208 
209  ipsec_dump_walk_ctx_t ctx = {
210  .reg = reg,
211  .context = mp->context,
212  };
213 
214  sw_if_index = ntohl (mp->sw_if_index);
215 
216  if (~0 == sw_if_index)
217  {
218  ipsec_tun_protect_walk (send_ipsec_tunnel_protect_details, &ctx);
219  }
220  else
221  {
222  ipsec_tun_protect_walk_itf (sw_if_index,
223  send_ipsec_tunnel_protect_details, &ctx);
224  }
225 }
226 
227 static int
228 ipsec_spd_action_decode (vl_api_ipsec_spd_action_t in,
229  ipsec_policy_action_t * out)
230 {
231  in = clib_net_to_host_u32 (in);
232 
233  switch (in)
234  {
235 #define _(v,f,s) case IPSEC_API_SPD_ACTION_##f: \
236  *out = IPSEC_POLICY_ACTION_##f; \
237  return (0);
238  foreach_ipsec_policy_action
239 #undef _
240  }
241  return (VNET_API_ERROR_UNIMPLEMENTED);
242 }
243 
244 static void vl_api_ipsec_spd_entry_add_del_t_handler
245  (vl_api_ipsec_spd_entry_add_del_t * mp)
246 {
247  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
248  vl_api_ipsec_spd_entry_add_del_reply_t *rmp;
249  ip46_type_t itype;
250  u32 stat_index;
251  int rv;
252 
253  stat_index = ~0;
254 
255  ipsec_policy_t p;
256 
257  clib_memset (&p, 0, sizeof (p));
258 
259  p.id = ntohl (mp->entry.spd_id);
260  p.priority = ntohl (mp->entry.priority);
261 
262  itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start);
263  ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop);
264  ip_address_decode (&mp->entry.local_address_start, &p.laddr.start);
265  ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop);
266 
267  p.is_ipv6 = (itype == IP46_TYPE_IP6);
268 
269  p.protocol = mp->entry.protocol;
270  p.rport.start = ntohs (mp->entry.remote_port_start);
271  p.rport.stop = ntohs (mp->entry.remote_port_stop);
272  p.lport.start = ntohs (mp->entry.local_port_start);
273  p.lport.stop = ntohs (mp->entry.local_port_stop);
274 
275  rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
276 
277  if (rv)
278  goto out;
279 
280  /* policy action resolve unsupported */
281  if (p.policy == IPSEC_POLICY_ACTION_RESOLVE)
282  {
283  clib_warning ("unsupported action: 'resolve'");
284  rv = VNET_API_ERROR_UNIMPLEMENTED;
285  goto out;
286  }
287  p.sa_id = ntohl (mp->entry.sa_id);
288  rv =
289  ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy,
290  &p.type);
291  if (rv)
292  goto out;
293 
294  rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index);
295  if (rv)
296  goto out;
297 
298 out:
299  /* *INDENT-OFF* */
300  REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY,
301  ({
302  rmp->stat_index = ntohl(stat_index);
303  }));
304  /* *INDENT-ON* */
305 }
306 
307 static void vl_api_ipsec_sad_entry_add_del_t_handler
308  (vl_api_ipsec_sad_entry_add_del_t * mp)
309 {
310  vl_api_ipsec_sad_entry_add_del_reply_t *rmp;
311  ipsec_key_t crypto_key, integ_key;
312  ipsec_crypto_alg_t crypto_alg;
313  ipsec_integ_alg_t integ_alg;
314  ipsec_protocol_t proto;
315  ipsec_sa_flags_t flags;
316  u32 id, spi, sa_index = ~0;
317  tunnel_t tun = {
318  .t_flags = TUNNEL_FLAG_NONE,
319  .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
320  .t_dscp = 0,
321  .t_mode = TUNNEL_MODE_P2P,
322  .t_table_id = 0,
323  .t_hop_limit = 255,
324  };
325  int rv;
326 
327  id = ntohl (mp->entry.sad_id);
328  spi = ntohl (mp->entry.spi);
329 
330  rv = ipsec_proto_decode (mp->entry.protocol, &proto);
331 
332  if (rv)
333  goto out;
334 
335  rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
336 
337  if (rv)
338  goto out;
339 
340  rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
341 
342  if (rv)
343  goto out;
344 
345  ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
346  ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
347 
348  flags = ipsec_sa_flags_decode (mp->entry.flags);
349 
350  ip_address_decode2 (&mp->entry.tunnel_src, &tun.t_src);
351  ip_address_decode2 (&mp->entry.tunnel_dst, &tun.t_dst);
352 
353  if (mp->is_add)
354  rv = ipsec_sa_add_and_lock (
355  id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
356  mp->entry.salt, htons (mp->entry.udp_src_port),
357  htons (mp->entry.udp_dst_port), &tun, &sa_index);
358  else
359  rv = ipsec_sa_unlock_id (id);
360 
361 out:
362  /* *INDENT-OFF* */
363  REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY,
364  {
365  rmp->stat_index = htonl (sa_index);
366  });
367  /* *INDENT-ON* */
368 }
369 
370 static void vl_api_ipsec_sad_entry_add_del_v2_t_handler
371  (vl_api_ipsec_sad_entry_add_del_v2_t * mp)
372 {
373  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
374  vl_api_ipsec_sad_entry_add_del_v2_reply_t *rmp;
375  ipsec_key_t crypto_key, integ_key;
376  ipsec_crypto_alg_t crypto_alg;
377  ipsec_integ_alg_t integ_alg;
378  ipsec_protocol_t proto;
379  ipsec_sa_flags_t flags;
380  u32 id, spi, sa_index = ~0;
381  int rv;
382  tunnel_t tun = {
383  .t_flags = TUNNEL_FLAG_NONE,
384  .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
385  .t_dscp = 0,
386  .t_mode = TUNNEL_MODE_P2P,
387  .t_table_id = htonl (mp->entry.tx_table_id),
388  .t_hop_limit = 255,
389  };
390 
391  id = ntohl (mp->entry.sad_id);
392  spi = ntohl (mp->entry.spi);
393 
394  rv = ipsec_proto_decode (mp->entry.protocol, &proto);
395 
396  if (rv)
397  goto out;
398 
399  rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
400 
401  if (rv)
402  goto out;
403 
404  rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
405 
406  if (rv)
407  goto out;
408 
409  rv = tunnel_encap_decap_flags_decode (mp->entry.tunnel_flags,
410  &tun.t_encap_decap_flags);
411 
412  if (rv)
413  goto out;
414 
415  ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
416  ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
417 
418  flags = ipsec_sa_flags_decode (mp->entry.flags);
419  tun.t_dscp = ip_dscp_decode (mp->entry.dscp);
420 
421  ip_address_decode2 (&mp->entry.tunnel_src, &tun.t_src);
422  ip_address_decode2 (&mp->entry.tunnel_dst, &tun.t_dst);
423 
424  if (mp->is_add)
425  rv = ipsec_sa_add_and_lock (
426  id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
427  mp->entry.salt, htons (mp->entry.udp_src_port),
428  htons (mp->entry.udp_dst_port), &tun, &sa_index);
429  else
430  rv = ipsec_sa_unlock_id (id);
431 
432 out:
433  /* *INDENT-OFF* */
434  REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V2_REPLY,
435  {
436  rmp->stat_index = htonl (sa_index);
437  });
438  /* *INDENT-ON* */
439 }
440 
441 static void
442 vl_api_ipsec_sad_entry_add_del_v3_t_handler (
443  vl_api_ipsec_sad_entry_add_del_v3_t *mp)
444 {
445  vl_api_ipsec_sad_entry_add_del_v3_reply_t *rmp;
446  ipsec_key_t crypto_key, integ_key;
447  ipsec_crypto_alg_t crypto_alg;
448  ipsec_integ_alg_t integ_alg;
449  ipsec_protocol_t proto;
450  ipsec_sa_flags_t flags;
451  u32 id, spi, sa_index = ~0;
452  tunnel_t tun;
453  int rv;
454 
455  id = ntohl (mp->entry.sad_id);
456  spi = ntohl (mp->entry.spi);
457 
458  rv = ipsec_proto_decode (mp->entry.protocol, &proto);
459 
460  if (rv)
461  goto out;
462 
463  rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
464 
465  if (rv)
466  goto out;
467 
468  rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
469 
470  if (rv)
471  goto out;
472 
473  flags = ipsec_sa_flags_decode (mp->entry.flags);
474 
475  if (flags & IPSEC_SA_FLAG_IS_TUNNEL)
476  {
477  rv = tunnel_decode (&mp->entry.tunnel, &tun);
478 
479  if (rv)
480  goto out;
481  }
482 
483  ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
484  ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
485 
486  if (mp->is_add)
487  rv = ipsec_sa_add_and_lock (
488  id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
489  mp->entry.salt, htons (mp->entry.udp_src_port),
490  htons (mp->entry.udp_dst_port), &tun, &sa_index);
491  else
492  rv = ipsec_sa_unlock_id (id);
493 
494 out:
495  REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V3_REPLY,
496  { rmp->stat_index = htonl (sa_index); });
497 }
498 
499 static void
500 send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg,
501  u32 context)
502 {
503  vl_api_ipsec_spds_details_t *mp;
504  u32 n_policies = 0;
505 
506  mp = vl_msg_api_alloc (sizeof (*mp));
507  clib_memset (mp, 0, sizeof (*mp));
508  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPDS_DETAILS);
509  mp->context = context;
510 
511  mp->spd_id = htonl (spd->id);
512 #define _(s, n) n_policies += vec_len (spd->policies[IPSEC_SPD_POLICY_##s]);
513  foreach_ipsec_spd_policy_type
514 #undef _
515  mp->npolicies = htonl (n_policies);
516 
517  vl_api_send_msg (reg, (u8 *) mp);
518 }
519 
520 static void
521 vl_api_ipsec_spds_dump_t_handler (vl_api_ipsec_spds_dump_t * mp)
522 {
523  vl_api_registration_t *reg;
524  ipsec_main_t *im = &ipsec_main;
525  ipsec_spd_t *spd;
526 
527  reg = vl_api_client_index_to_registration (mp->client_index);
528  if (!reg)
529  return;
530 
531  pool_foreach (spd, im->spds) {
532  send_ipsec_spds_details (spd, reg, mp->context);
533  }
534 }
535 
536 vl_api_ipsec_spd_action_t
537 ipsec_spd_action_encode (ipsec_policy_action_t in)
538 {
539  vl_api_ipsec_spd_action_t out = IPSEC_API_SPD_ACTION_BYPASS;
540 
541  switch (in)
542  {
543 #define _(v,f,s) case IPSEC_POLICY_ACTION_##f: \
544  out = IPSEC_API_SPD_ACTION_##f; \
545  break;
546  foreach_ipsec_policy_action
547 #undef _
548  }
549  return (clib_host_to_net_u32 (out));
550 }
551 
552 static void
553 send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg,
554  u32 context)
555 {
556  vl_api_ipsec_spd_details_t *mp;
557 
558  mp = vl_msg_api_alloc (sizeof (*mp));
559  clib_memset (mp, 0, sizeof (*mp));
560  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
561  mp->context = context;
562 
563  mp->entry.spd_id = htonl (p->id);
564  mp->entry.priority = htonl (p->priority);
565  mp->entry.is_outbound = ((p->type == IPSEC_SPD_POLICY_IP6_OUTBOUND) ||
566  (p->type == IPSEC_SPD_POLICY_IP4_OUTBOUND));
567 
568  ip_address_encode (&p->laddr.start, IP46_TYPE_ANY,
569  &mp->entry.local_address_start);
570  ip_address_encode (&p->laddr.stop, IP46_TYPE_ANY,
571  &mp->entry.local_address_stop);
572  ip_address_encode (&p->raddr.start, IP46_TYPE_ANY,
573  &mp->entry.remote_address_start);
574  ip_address_encode (&p->raddr.stop, IP46_TYPE_ANY,
575  &mp->entry.remote_address_stop);
576  mp->entry.local_port_start = htons (p->lport.start);
577  mp->entry.local_port_stop = htons (p->lport.stop);
578  mp->entry.remote_port_start = htons (p->rport.start);
579  mp->entry.remote_port_stop = htons (p->rport.stop);
580  mp->entry.protocol = p->protocol;
581  mp->entry.policy = ipsec_spd_action_encode (p->policy);
582  mp->entry.sa_id = htonl (p->sa_id);
583 
584  vl_api_send_msg (reg, (u8 *) mp);
585 }
586 
587 static void
588 vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp)
589 {
590  vl_api_registration_t *reg;
591  ipsec_main_t *im = &ipsec_main;
592  ipsec_spd_policy_type_t ptype;
593  ipsec_policy_t *policy;
594  ipsec_spd_t *spd;
595  uword *p;
596  u32 spd_index, *ii;
597 
598  reg = vl_api_client_index_to_registration (mp->client_index);
599  if (!reg)
600  return;
601 
602  p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id));
603  if (!p)
604  return;
605 
606  spd_index = p[0];
607  spd = pool_elt_at_index (im->spds, spd_index);
608 
609  FOR_EACH_IPSEC_SPD_POLICY_TYPE(ptype) {
610  vec_foreach(ii, spd->policies[ptype])
611  {
612  policy = pool_elt_at_index(im->policies, *ii);
613 
614  if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
615  send_ipsec_spd_details (policy, reg, mp->context);
616  }
617  }
618 }
619 
620 static void
621 send_ipsec_spd_interface_details (vl_api_registration_t * reg, u32 spd_index,
622  u32 sw_if_index, u32 context)
623 {
624  vl_api_ipsec_spd_interface_details_t *mp;
625 
626  mp = vl_msg_api_alloc (sizeof (*mp));
627  clib_memset (mp, 0, sizeof (*mp));
628  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_INTERFACE_DETAILS);
629  mp->context = context;
630 
631  mp->spd_index = htonl (spd_index);
632  mp->sw_if_index = htonl (sw_if_index);
633 
634  vl_api_send_msg (reg, (u8 *) mp);
635 }
636 
637 static void
638 vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t *
639  mp)
640 {
641  ipsec_main_t *im = &ipsec_main;
642  vl_api_registration_t *reg;
643  u32 k, v, spd_index;
644 
645  reg = vl_api_client_index_to_registration (mp->client_index);
646  if (!reg)
647  return;
648 
649  if (mp->spd_index_valid)
650  {
651  spd_index = ntohl (mp->spd_index);
652  /* *INDENT-OFF* */
653  hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
654  if (v == spd_index)
655  send_ipsec_spd_interface_details(reg, v, k, mp->context);
656  }));
657  /* *INDENT-ON* */
658  }
659  else
660  {
661  hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
662  send_ipsec_spd_interface_details(reg, v, k, mp->context);
663  }));
664  }
665 }
666 
667 static void
668 vl_api_ipsec_itf_create_t_handler (vl_api_ipsec_itf_create_t * mp)
669 {
670  vl_api_ipsec_itf_create_reply_t *rmp;
671  tunnel_mode_t mode;
672  u32 sw_if_index = ~0;
673  int rv;
674 
675  rv = tunnel_mode_decode (mp->itf.mode, &mode);
676 
677  if (!rv)
678  rv = ipsec_itf_create (ntohl (mp->itf.user_instance), mode, &sw_if_index);
679 
680  /* *INDENT-OFF* */
681  REPLY_MACRO2 (VL_API_IPSEC_ITF_CREATE_REPLY,
682  ({
683  rmp->sw_if_index = htonl (sw_if_index);
684  }));
685  /* *INDENT-ON* */
686 }
687 
688 static void
689 vl_api_ipsec_itf_delete_t_handler (vl_api_ipsec_itf_delete_t * mp)
690 {
691  vl_api_ipsec_itf_delete_reply_t *rmp;
692  int rv;
693 
694  rv = ipsec_itf_delete (ntohl (mp->sw_if_index));
695 
696  REPLY_MACRO (VL_API_IPSEC_ITF_DELETE_REPLY);
697 }
698 
699 static void
700 vl_api_ipsec_itf_dump_t_handler (vl_api_ipsec_itf_dump_t * mp)
701 {
702 }
703 
704 typedef struct ipsec_sa_dump_match_ctx_t_
705 {
706  index_t sai;
707  u32 sw_if_index;
708 } ipsec_sa_dump_match_ctx_t;
709 
710 static walk_rc_t
711 ipsec_sa_dump_match_sa (index_t itpi, void *arg)
712 {
713  ipsec_sa_dump_match_ctx_t *ctx = arg;
714  ipsec_tun_protect_t *itp;
715  index_t sai;
716 
717  itp = ipsec_tun_protect_get (itpi);
718 
719  if (itp->itp_out_sa == ctx->sai)
720  {
721  ctx->sw_if_index = itp->itp_sw_if_index;
722  return (WALK_STOP);
723  }
724 
725  FOR_EACH_IPSEC_PROTECT_INPUT_SAI (itp, sai,
726  ({
727  if (sai == ctx->sai)
728  {
729  ctx->sw_if_index = itp->itp_sw_if_index;
730  return (WALK_STOP);
731  }
732  }));
733 
734  return (WALK_CONTINUE);
735 }
736 
737 static walk_rc_t
738 send_ipsec_sa_details (ipsec_sa_t * sa, void *arg)
739 {
740  ipsec_dump_walk_ctx_t *ctx = arg;
741  vl_api_ipsec_sa_details_t *mp;
742 
743  mp = vl_msg_api_alloc (sizeof (*mp));
744  clib_memset (mp, 0, sizeof (*mp));
745  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS);
746  mp->context = ctx->context;
747 
748  mp->entry.sad_id = htonl (sa->id);
749  mp->entry.spi = htonl (sa->spi);
750  mp->entry.protocol = ipsec_proto_encode (sa->protocol);
751  mp->entry.tx_table_id = htonl (sa->tunnel.t_table_id);
752 
753  mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
754  ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
755 
756  mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
757  ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
758 
759  mp->entry.flags = ipsec_sad_flags_encode (sa);
760  mp->entry.salt = clib_host_to_net_u32 (sa->salt);
761 
762  if (ipsec_sa_is_set_IS_PROTECT (sa))
763  {
764  ipsec_sa_dump_match_ctx_t ctx = {
765  .sai = sa - ipsec_sa_pool,
766  .sw_if_index = ~0,
767  };
768  ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
769 
770  mp->sw_if_index = htonl (ctx.sw_if_index);
771  }
772  else
773  mp->sw_if_index = ~0;
774 
775  if (ipsec_sa_is_set_IS_TUNNEL (sa))
776  {
777  ip_address_encode2 (&sa->tunnel.t_src, &mp->entry.tunnel_src);
778  ip_address_encode2 (&sa->tunnel.t_dst, &mp->entry.tunnel_dst);
779  }
780  if (ipsec_sa_is_set_UDP_ENCAP (sa))
781  {
782  mp->entry.udp_src_port = sa->udp_hdr.src_port;
783  mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
784  }
785 
786  mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
787  mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
788  if (ipsec_sa_is_set_USE_ESN (sa))
789  {
790  mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
791  mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
792  }
793  if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
794  mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
795 
796  mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
797 
798  vl_api_send_msg (ctx->reg, (u8 *) mp);
799 
800  return (WALK_CONTINUE);
801 }
802 
803 static void
804 vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp)
805 {
806  vl_api_registration_t *reg;
807 
808  reg = vl_api_client_index_to_registration (mp->client_index);
809  if (!reg)
810  return;
811 
812  ipsec_dump_walk_ctx_t ctx = {
813  .reg = reg,
814  .context = mp->context,
815  };
816 
817  ipsec_sa_walk (send_ipsec_sa_details, &ctx);
818 }
819 
820 static walk_rc_t
821 send_ipsec_sa_v2_details (ipsec_sa_t * sa, void *arg)
822 {
823  ipsec_dump_walk_ctx_t *ctx = arg;
824  vl_api_ipsec_sa_v2_details_t *mp;
825 
826  mp = vl_msg_api_alloc (sizeof (*mp));
827  clib_memset (mp, 0, sizeof (*mp));
828  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_V2_DETAILS);
829  mp->context = ctx->context;
830 
831  mp->entry.sad_id = htonl (sa->id);
832  mp->entry.spi = htonl (sa->spi);
833  mp->entry.protocol = ipsec_proto_encode (sa->protocol);
834  mp->entry.tx_table_id = htonl (sa->tunnel.t_table_id);
835 
836  mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
837  ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
838 
839  mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
840  ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
841 
842  mp->entry.flags = ipsec_sad_flags_encode (sa);
843  mp->entry.salt = clib_host_to_net_u32 (sa->salt);
844 
845  if (ipsec_sa_is_set_IS_PROTECT (sa))
846  {
847  ipsec_sa_dump_match_ctx_t ctx = {
848  .sai = sa - ipsec_sa_pool,
849  .sw_if_index = ~0,
850  };
851  ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
852 
853  mp->sw_if_index = htonl (ctx.sw_if_index);
854  }
855  else
856  mp->sw_if_index = ~0;
857 
858  if (ipsec_sa_is_set_IS_TUNNEL (sa))
859  {
860  ip_address_encode2 (&sa->tunnel.t_src, &mp->entry.tunnel_src);
861  ip_address_encode2 (&sa->tunnel.t_dst, &mp->entry.tunnel_dst);
862  }
863  if (ipsec_sa_is_set_UDP_ENCAP (sa))
864  {
865  mp->entry.udp_src_port = sa->udp_hdr.src_port;
866  mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
867  }
868 
869  mp->entry.tunnel_flags =
870  tunnel_encap_decap_flags_encode (sa->tunnel.t_encap_decap_flags);
871  mp->entry.dscp = ip_dscp_encode (sa->tunnel.t_dscp);
872 
873  mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
874  mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
875  if (ipsec_sa_is_set_USE_ESN (sa))
876  {
877  mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
878  mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
879  }
880  if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
881  mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
882 
883  mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
884 
885  vl_api_send_msg (ctx->reg, (u8 *) mp);
886 
887  return (WALK_CONTINUE);
888 }
889 
890 static void
891 vl_api_ipsec_sa_v2_dump_t_handler (vl_api_ipsec_sa_v2_dump_t *mp)
892 {
893  vl_api_registration_t *reg;
894 
895  reg = vl_api_client_index_to_registration (mp->client_index);
896  if (!reg)
897  return;
898 
899  ipsec_dump_walk_ctx_t ctx = {
900  .reg = reg,
901  .context = mp->context,
902  };
903 
904  ipsec_sa_walk (send_ipsec_sa_v2_details, &ctx);
905 }
906 
907 static walk_rc_t
908 send_ipsec_sa_v3_details (ipsec_sa_t *sa, void *arg)
909 {
910  ipsec_dump_walk_ctx_t *ctx = arg;
911  vl_api_ipsec_sa_v3_details_t *mp;
912 
913  mp = vl_msg_api_alloc (sizeof (*mp));
914  clib_memset (mp, 0, sizeof (*mp));
915  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_V3_DETAILS);
916  mp->context = ctx->context;
917 
918  mp->entry.sad_id = htonl (sa->id);
919  mp->entry.spi = htonl (sa->spi);
920  mp->entry.protocol = ipsec_proto_encode (sa->protocol);
921 
922  mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
923  ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
924 
925  mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
926  ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
927 
928  mp->entry.flags = ipsec_sad_flags_encode (sa);
929  mp->entry.salt = clib_host_to_net_u32 (sa->salt);
930 
931  if (ipsec_sa_is_set_IS_PROTECT (sa))
932  {
933  ipsec_sa_dump_match_ctx_t ctx = {
934  .sai = sa - ipsec_sa_pool,
935  .sw_if_index = ~0,
936  };
937  ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
938 
939  mp->sw_if_index = htonl (ctx.sw_if_index);
940  }
941  else
942  mp->sw_if_index = ~0;
943 
944  if (ipsec_sa_is_set_IS_TUNNEL (sa))
945  tunnel_encode (&sa->tunnel, &mp->entry.tunnel);
946 
947  if (ipsec_sa_is_set_UDP_ENCAP (sa))
948  {
949  mp->entry.udp_src_port = sa->udp_hdr.src_port;
950  mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
951  }
952 
953  mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
954  mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
955  if (ipsec_sa_is_set_USE_ESN (sa))
956  {
957  mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
958  mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
959  }
960  if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
961  mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
962 
963  mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
964 
965  vl_api_send_msg (ctx->reg, (u8 *) mp);
966 
967  return (WALK_CONTINUE);
968 }
969 
970 static void
971 vl_api_ipsec_sa_v3_dump_t_handler (vl_api_ipsec_sa_v3_dump_t *mp)
972 {
973  vl_api_registration_t *reg;
974 
975  reg = vl_api_client_index_to_registration (mp->client_index);
976  if (!reg)
977  return;
978 
979  ipsec_dump_walk_ctx_t ctx = {
980  .reg = reg,
981  .context = mp->context,
982  };
983 
984  ipsec_sa_walk (send_ipsec_sa_v3_details, &ctx);
985 }
986 
987 static void
988 vl_api_ipsec_backend_dump_t_handler (vl_api_ipsec_backend_dump_t * mp)
989 {
990  vl_api_registration_t *rp;
991  ipsec_main_t *im = &ipsec_main;
992  u32 context = mp->context;
993 
994  rp = vl_api_client_index_to_registration (mp->client_index);
995 
996  if (rp == 0)
997  {
998  clib_warning ("Client %d AWOL", mp->client_index);
999  return;
1000  }
1001 
1002  ipsec_ah_backend_t *ab;
1003  ipsec_esp_backend_t *eb;
1004  /* *INDENT-OFF* */
1005  pool_foreach (ab, im->ah_backends) {
1006  vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
1007  clib_memset (mp, 0, sizeof (*mp));
1008  mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS);
1009  mp->context = context;
1010  snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (ab->name),
1011  ab->name);
1012  mp->protocol = ntohl (IPSEC_API_PROTO_AH);
1013  mp->index = ab - im->ah_backends;
1014  mp->active = mp->index == im->ah_current_backend ? 1 : 0;
1015  vl_api_send_msg (rp, (u8 *)mp);
1016  }
1017  pool_foreach (eb, im->esp_backends) {
1018  vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
1019  clib_memset (mp, 0, sizeof (*mp));
1020  mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS);
1021  mp->context = context;
1022  snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (eb->name),
1023  eb->name);
1024  mp->protocol = ntohl (IPSEC_API_PROTO_ESP);
1025  mp->index = eb - im->esp_backends;
1026  mp->active = mp->index == im->esp_current_backend ? 1 : 0;
1027  vl_api_send_msg (rp, (u8 *)mp);
1028  }
1029  /* *INDENT-ON* */
1030 }
1031 
1032 static void
1033 vl_api_ipsec_select_backend_t_handler (vl_api_ipsec_select_backend_t * mp)
1034 {
1035  ipsec_main_t *im = &ipsec_main;
1036  vl_api_ipsec_select_backend_reply_t *rmp;
1037  ipsec_protocol_t protocol;
1038  int rv = 0;
1039  if (pool_elts (ipsec_sa_pool) > 0)
1040  {
1041  rv = VNET_API_ERROR_INSTANCE_IN_USE;
1042  goto done;
1043  }
1044 
1045  rv = ipsec_proto_decode (mp->protocol, &protocol);
1046 
1047  if (rv)
1048  goto done;
1049 
1050  switch (protocol)
1051  {
1052  case IPSEC_PROTOCOL_ESP:
1053  rv = ipsec_select_esp_backend (im, mp->index);
1054  break;
1055  case IPSEC_PROTOCOL_AH:
1056  rv = ipsec_select_ah_backend (im, mp->index);
1057  break;
1058  default:
1059  rv = VNET_API_ERROR_INVALID_PROTOCOL;
1060  break;
1061  }
1062 done:
1063  REPLY_MACRO (VL_API_IPSEC_SELECT_BACKEND_REPLY);
1064 }
1065 
1066 static void
1067 vl_api_ipsec_set_async_mode_t_handler (vl_api_ipsec_set_async_mode_t * mp)
1068 {
1069  vl_api_ipsec_set_async_mode_reply_t *rmp;
1070  int rv = 0;
1071 
1072  ipsec_set_async_mode (mp->async_enable);
1073 
1074  REPLY_MACRO (VL_API_IPSEC_SET_ASYNC_MODE_REPLY);
1075 }
1076 
1077 /*
1078  * ipsec_api_hookup
1079  * Add vpe's API message handlers to the table.
1080  * vlib has already mapped shared memory and
1081  * added the client registration handlers.
1082  * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process()
1083  */
1084 #define vl_msg_name_crc_list
1085 #include <vnet/vnet_all_api_h.h>
1086 #undef vl_msg_name_crc_list
1087 
1088 static void
1089 setup_message_id_table (api_main_t * am)
1090 {
1091 #define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id);
1092  foreach_vl_msg_name_crc_ipsec;
1093 #undef _
1094 }
1095 
1096 static clib_error_t *
1097 ipsec_api_hookup (vlib_main_t * vm)
1098 {
1099  api_main_t *am = vlibapi_get_main ();
1100 
1101 #define _(N,n) \
1102  vl_msg_api_set_handlers(VL_API_##N, #n, \
1103  vl_api_##n##_t_handler, \
1104  vl_noop_handler, \
1105  vl_api_##n##_t_endian, \
1106  vl_api_##n##_t_print, \
1107  sizeof(vl_api_##n##_t), 1);
1108  foreach_vpe_api_msg;
1109 #undef _
1110 
1111  /*
1112  * Set up the (msg_name, crc, message-id) table
1113  */
1114  setup_message_id_table (am);
1115 
1116  return 0;
1117 }
1118 
1119 VLIB_API_INIT_FUNCTION (ipsec_api_hookup);
1120 
1121 /*
1122  * fd.io coding-style-patch-verification: ON
1123  *
1124  * Local Variables:
1125  * eval: (c-set-style "gnu")
1126  * End:
1127  */
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec_spd_policy.h:37
vl_api_ipsec_sa_v2_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:446
vl_api_ipsec_backend_details_t::context
u32 context
Definition: ipsec.api:480
ipsec_sa_dump_match_ctx_t_::sai
index_t sai
Definition: ipsec_api.c:706
ipsec_main_t::spds
ipsec_spd_t * spds
Definition: ipsec.h:111
vl_api_ipsec_sa_v2_details_t::context
u32 context
Definition: ipsec.api:441
vl_api_ipsec_spd_entry_add_del_t
IPsec: Add/delete Security Policy Database entry.
Definition: ipsec.api:122
ipsec_spd_action_encode
vl_api_ipsec_spd_action_t ipsec_spd_action_encode(ipsec_policy_action_t in)
Definition: ipsec_api.c:537
IPSEC_PROTOCOL_ESP
Definition: ipsec_sa.h:76
vl_api_ipsec_sa_v2_details_t::replay_window
u64 replay_window
Definition: ipsec.api:448
port_range_t::stop
u16 stop
Definition: ipsec_spd_policy.h:42
ipsec_dump_walk_ctx_t_::context
u32 context
Definition: ipsec_api.c:161
vl_api_ipsec_sad_entry_add_del_v2_t_handler
static void vl_api_ipsec_sad_entry_add_del_v2_t_handler(vl_api_ipsec_sad_entry_add_del_v2_t *mp)
Definition: ipsec_api.c:371
tunnel_types_api.h
ipsec_key_decode
void ipsec_key_decode(const vl_api_key_t *key, ipsec_key_t *out)
Definition: ipsec_types_api.c:120
vl_api_ipsec_sa_dump_t::client_index
u32 client_index
Definition: ipsec.api:398
vl_api_ipsec_spd_entry_add_del_t::is_add
bool is_add
Definition: ipsec.api:126
vl_api_ipsec_sad_entry_add_del_v3_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:232
ipsec_policy_t_::sa_id
u32 sa_id
Definition: ipsec_spd_policy.h:72
ip_address_encode2
void ip_address_encode2(const ip_address_t *in, vl_api_address_t *out)
Definition: ip_types_api.c:242
vl_api_ipsec_sad_entry_add_del_v3_t
Definition: ipsec.api:207
flags
vl_api_wireguard_peer_flags_t flags
Definition: wireguard.api:105
ipsec_spd_policy_type_t
enum ipsec_spd_policy_t_ ipsec_spd_policy_type_t
vl_api_ipsec_sad_entry_add_del_v3_t::is_add
bool is_add
Definition: ipsec.api:211
ipsec_sa_t::id
u32 id
Definition: ipsec_sa.h:211
vl_api_ipsec_itf_create_t_handler
static void vl_api_ipsec_itf_create_t_handler(vl_api_ipsec_itf_create_t *mp)
Definition: ipsec_api.c:668
ntohs
#define ntohs(x)
Definition: af_xdp.bpf.c:29
vl_api_ipsec_spd_interface_details_t
IPsec: SPD interface response.
Definition: ipsec.api:337
vl_api_ipsec_sa_v3_dump_t::client_index
u32 client_index
Definition: ipsec.api:410
nh
vl_api_fib_path_nh_t nh
Definition: fib_types.api:126
vl_api_ipsec_sa_v3_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:457
vl_api_ipsec_backend_dump_t
Dump IPsec backends.
Definition: ipsec.api:468
vl_api_ipsec_itf_create_reply_t
Add IPsec interface interface response.
Definition: ipsec.api:363
pool_foreach
#define pool_foreach(VAR, POOL)
Iterate through pool.
Definition: pool.h:534
vl_api_ipsec_backend_dump_t::client_index
u32 client_index
Definition: ipsec.api:469
ip_types_api.h
VLIB_API_INIT_FUNCTION
VLIB_API_INIT_FUNCTION(ipsec_api_hookup)
ipsec_ah_backend_t
Definition: ipsec.h:37
u64
unsigned long u64
Definition: types.h:89
vl_api_ipsec_backend_details_t::active
bool active
Definition: ipsec.api:484
ipsec_policy_t_::laddr
ip46_address_range_t laddr
Definition: ipsec_spd_policy.h:64
ipsec_policy_t_::id
u32 id
Definition: ipsec_spd_policy.h:56
protocol
vl_api_ip_proto_t protocol
Definition: lb_types.api:72
vl_api_ipsec_sa_v2_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:447
REPLY_MACRO2
#define REPLY_MACRO2(t, body)
Definition: api_helper_macros.h:65
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
FOR_EACH_IPSEC_SPD_POLICY_TYPE
#define FOR_EACH_IPSEC_SPD_POLICY_TYPE(_t)
Definition: ipsec_spd.h:38
vl_api_ipsec_tunnel_protect_dump_t::context
u32 context
Definition: ipsec.api:308
vl_api_ipsec_backend_details_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:482
ipsec_policy_mk_type
int ipsec_policy_mk_type(bool is_outbound, bool is_ipv6, ipsec_policy_action_t action, ipsec_spd_policy_type_t *type)
Definition: ipsec_spd_policy.c:100
WALK_CONTINUE
Definition: interface_funcs.h:174
vl_api_send_msg
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
Definition: api.h:35
ipsec_sa_t::crypto_key
ipsec_key_t crypto_key
Definition: ipsec_sa.h:221
vl_api_ipsec_sad_entry_add_del_v2_t::entry
vl_api_ipsec_sad_entry_v2_t entry
Definition: ipsec.api:205
vl_api_ipsec_sa_v3_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:458
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec_sa.h:218
vl_api_ipsec_backend_dump_t::context
u32 context
Definition: ipsec.api:470
index_t
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:43
tunnel_t_
A representation of an IP tunnel config.
Definition: tunnel.h:85
vec_add1
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:607
vl_api_ipsec_spd_interface_details_t::context
u32 context
Definition: ipsec.api:338
ipsec_tun_protect_walk_itf
void ipsec_tun_protect_walk_itf(u32 sw_if_index, ipsec_tun_protect_walk_cb_t fn, void *ctx)
Definition: ipsec_tun.c:759
setup_message_id_table
static void setup_message_id_table(api_main_t *am)
Definition: ipsec_api.c:1089
send_ipsec_sa_v2_details
static walk_rc_t send_ipsec_sa_v2_details(ipsec_sa_t *sa, void *arg)
Definition: ipsec_api.c:821
vl_api_ipsec_spd_interface_dump_t::spd_index
u32 spd_index
Definition: ipsec.api:328
ipsec_integ_algo_decode
int ipsec_integ_algo_decode(vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t *out)
Definition: ipsec_types_api.c:88
vl_api_ipsec_spd_dump_t::spd_id
u32 spd_id
Definition: ipsec.api:172
vl_api_ipsec_itf_create_t::itf
vl_api_ipsec_itf_t itf
Definition: ipsec.api:355
ipsec_sa_pool
ipsec_sa_t * ipsec_sa_pool
Pool of IPSec SAs.
Definition: ipsec_sa.c:32
policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:99
vl_api_ipsec_sa_dump_t_handler
static void vl_api_ipsec_sa_dump_t_handler(vl_api_ipsec_sa_dump_t *mp)
Definition: ipsec_api.c:804
ipsec_main_t::ah_current_backend
u32 ah_current_backend
Definition: ipsec.h:176
FOR_EACH_IPSEC_PROTECT_INPUT_SA
#define FOR_EACH_IPSEC_PROTECT_INPUT_SA(_itp, _sa, body)
Definition: ipsec_tun.h:138
tunnel_encap_decap_flags_encode
vl_api_tunnel_encap_decap_flags_t tunnel_encap_decap_flags_encode(tunnel_encap_decap_flags_t f)
Definition: tunnel_types_api.c:46
ipsec_spd_t
A Secruity Policy Database.
Definition: ipsec_spd.h:46
vl_api_ipsec_sa_v2_details_t::stat_index
u32 stat_index
Definition: ipsec.api:450
IPSEC_API_PROTO_ESP
Definition: ipsec_types.api:83
vnet_msg_enum.h
ipsec_main_t::esp_current_backend
u32 esp_current_backend
Definition: ipsec.h:178
vl_api_ipsec_sa_v2_details_t
Definition: ipsec.api:440
ipsec_itf.h
vl_msg_api_alloc
void * vl_msg_api_alloc(int nbytes)
Definition: memory_shared.c:199
ipsec_tun_protect_walk
void ipsec_tun_protect_walk(ipsec_tun_protect_walk_cb_t fn, void *ctx)
Definition: ipsec_tun.c:746
tunnel_encode
void tunnel_encode(const tunnel_t *in, vl_api_tunnel_t *out)
Definition: tunnel_types_api.c:147
tunnel_decode
int tunnel_decode(const vl_api_tunnel_t *in, tunnel_t *out)
Definition: tunnel_types_api.c:103
ipsec_dump_walk_ctx_t_
Definition: ipsec_api.c:158
ipsec_tun_protect_t_::itp_n_sa_in
u32 itp_n_sa_in
Definition: ipsec_tun.h:114
u8
unsigned char u8
Definition: types.h:56
foreach_vpe_api_msg
#define foreach_vpe_api_msg
Definition: ipsec_api.c:55
vl_api_ipsec_tunnel_protect_dump_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:309
ip_dscp_decode
ip_dscp_t ip_dscp_decode(vl_api_ip_dscp_t in)
Definition: ip_types_api.c:99
id
u8 id[64]
Definition: dhcp.api:160
ipsec_sa_t::spi
u32 spi
Definition: ipsec_sa.h:131
ipsec_sa_dump_match_ctx_t
struct ipsec_sa_dump_match_ctx_t_ ipsec_sa_dump_match_ctx_t
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec_sa.h:133
ipsec_main_t::spd_index_by_sw_if_index
uword * spd_index_by_sw_if_index
Definition: ipsec.h:126
u32
unsigned int u32
Definition: types.h:88
vl_api_ipsec_interface_add_del_spd_t_handler
static void vl_api_ipsec_interface_add_del_spd_t_handler(vl_api_ipsec_interface_add_del_spd_t *mp)
Definition: ipsec_api.c:91
walk_rc_t
enum walk_rc_t_ walk_rc_t
Walk return code.
vl_api_ipsec_tunnel_protect_del_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:298
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec_sa.h:136
ipsec_policy_t_::protocol
u8 protocol
Definition: ipsec_spd_policy.h:66
udp_header_t::src_port
u16 src_port
Definition: udp_packet.h:48
vl_api_ipsec_sa_v3_details_t::stat_index
u32 stat_index
Definition: ipsec.api:461
ipsec_sa_walk
void ipsec_sa_walk(ipsec_sa_walk_cb_t cb, void *ctx)
Definition: ipsec_sa.c:424
vl_api_ipsec_select_backend_t
Select IPsec backend.
Definition: ipsec.api:493
tunnel_t_::t_dst
ip_address_t t_dst
Definition: tunnel.h:88
vl_api_ipsec_sad_entry_add_del_reply_t
Definition: ipsec.api:215
ipsec_tun_protect_del
int ipsec_tun_protect_del(u32 sw_if_index, const ip_address_t *nh)
Definition: ipsec_tun.c:714
tunnel_t_::t_table_id
u32 t_table_id
Definition: tunnel.h:92
vl_api_ipsec_backend_dump_t_handler
static void vl_api_ipsec_backend_dump_t_handler(vl_api_ipsec_backend_dump_t *mp)
Definition: ipsec_api.c:988
foreach_ipsec_policy_action
Definition: ipsec_spd_policy.h:29
hash_foreach
#define hash_foreach(key_var, value_var, h, body)
Definition: hash.h:442
vl_api_ipsec_spd_dump_t_handler
static void vl_api_ipsec_spd_dump_t_handler(vl_api_ipsec_spd_dump_t *mp)
Definition: ipsec_api.c:588
vl_api_ipsec_spd_interface_dump_t_handler
static void vl_api_ipsec_spd_interface_dump_t_handler(vl_api_ipsec_spd_interface_dump_t *mp)
Definition: ipsec_api.c:638
IPSEC_PROTOCOL_AH
Definition: ipsec_sa.h:75
vl_api_ipsec_sad_entry_add_del_v3_reply_t
Definition: ipsec.api:228
port_range_t::start
u16 start
Definition: ipsec_spd_policy.h:42
api_errno.h
ipsec_sa_unlock_id
int ipsec_sa_unlock_id(u32 id)
Definition: ipsec_sa.c:402
ipsec_policy_t_::rport
port_range_t rport
Definition: ipsec_spd_policy.h:68
vl_api_ipsec_tunnel_protect_dump_t
Dump all tunnel protections.
Definition: ipsec.api:305
ipsec_crypto_algo_encode
vl_api_ipsec_crypto_alg_t ipsec_crypto_algo_encode(ipsec_crypto_alg_t c)
Definition: ipsec_types_api.c:72
rv
int __clib_unused rv
Definition: application.c:491
vl_api_ipsec_spd_entry_add_del_reply_t
IPsec: Reply Add/delete Security Policy Database entry.
Definition: ipsec.api:136
vl_api_ipsec_sa_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:435
vl_api_ipsec_sa_v3_dump_t::context
u32 context
Definition: ipsec.api:411
ipsec_main_t
Definition: ipsec.h:108
vl_api_ipsec_sa_dump_t::context
u32 context
Definition: ipsec.api:399
ip_address_decode
ip46_type_t ip_address_decode(const vl_api_address_t *in, ip46_address_t *out)
Decode/Encode for struct/union types.
Definition: ip_types_api.c:186
vl_api_ipsec_sa_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:434
ipsec_sa_t::stat_index
u32 stat_index
Definition: ipsec_sa.h:212
vl_api_ipsec_spd_add_del_t_handler
static void vl_api_ipsec_spd_add_del_t_handler(vl_api_ipsec_spd_add_del_t *mp)
Definition: ipsec_api.c:79
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec_sa.h:134
api_helper_macros.h
hash_get
#define hash_get(h, key)
Definition: hash.h:249
vl_api_ipsec_sad_entry_add_del_t
IPsec: Add/delete Security Association Database entry.
Definition: ipsec.api:192
ipsec_sa_dump_match_ctx_t_
Definition: ipsec_api.c:704
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:553
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34
vl_api_ipsec_sad_entry_add_del_v2_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:226
integ_alg
u8 integ_alg
Definition: ikev2_types.api:59
vl_api_ipsec_spds_details_t
Dump IPsec all SPD IDs response.
Definition: ipsec.api:157
proto
vl_api_ip_proto_t proto
Definition: acl_types.api:51
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
vl_api_ipsec_spd_add_del_t
IPsec: Add/delete Security Policy Database.
Definition: ipsec.api:32
ipsec_sa_t::salt
u32 salt
Definition: ipsec_sa.h:174
vl_api_ipsec_tunnel_protect_details_t::tun
vl_api_ipsec_tunnel_protect_t tun
Definition: ipsec.api:315
ipsec_proto_encode
vl_api_ipsec_proto_t ipsec_proto_encode(ipsec_protocol_t p)
Definition: ipsec_types_api.c:42
ipsec_sa_add_and_lock
int ipsec_sa_add_and_lock(u32 id, u32 spi, ipsec_protocol_t proto, ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, ipsec_sa_flags_t flags, u32 salt, u16 src_port, u16 dst_port, const tunnel_t *tun, u32 *sa_out_index)
Definition: ipsec_sa.c:170
vl_api_ipsec_sa_v3_details_t
Definition: ipsec.api:452
ipsec_tun_protect_t_
Definition: ipsec_tun.h:107
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add, u32 *stat_index)
Add/Delete a SPD.
Definition: ipsec_spd_policy.c:140
vl_api_ipsec_sa_v2_dump_t
Definition: ipsec.api:402
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec_sa.h:135
ipsec_spd_action_decode
static int ipsec_spd_action_decode(vl_api_ipsec_spd_action_t in, ipsec_policy_action_t *out)
Definition: ipsec_api.c:228
vl_api_ipsec_tunnel_protect_del_t
Definition: ipsec.api:293
vl_api_ipsec_sad_entry_add_del_v2_reply_t
Definition: ipsec.api:222
vl_api_ipsec_itf_create_reply_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:367
tunnel_t_::t_src
ip_address_t t_src
Definition: tunnel.h:87
vl_api_ipsec_sa_v2_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:444
REPLY_MACRO
#define REPLY_MACRO(t)
Definition: api_helper_macros.h:30
vl_api_ipsec_tunnel_protect_update_t::tunnel
vl_api_ipsec_tunnel_protect_t tunnel
Definition: ipsec.api:290
ipsec_policy_t_::type
ipsec_spd_policy_type_t type
Definition: ipsec_spd_policy.h:60
ipsec_ah_backend_t::name
u8 * name
Definition: ipsec.h:39
vl_api_ipsec_spd_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:173
ipsec_sa_t
Definition: ipsec_sa.h:116
vl_api_ipsec_interface_add_del_spd_t::spd_id
u32 spd_id
Definition: ipsec.api:57
send_ipsec_sa_v3_details
static walk_rc_t send_ipsec_sa_v3_details(ipsec_sa_t *sa, void *arg)
Definition: ipsec_api.c:908
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
tunnel_mode_decode
int tunnel_mode_decode(vl_api_tunnel_mode_t in, tunnel_mode_t *out)
Definition: tunnel_types_api.c:69
vl_api_ipsec_interface_add_del_spd_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:56
mode
vl_api_tunnel_mode_t mode
Definition: gre.api:48
ipsec_policy_action_t
ipsec_policy_action_t
Definition: ipsec_spd_policy.h:26
ipsec_main_t::spd_index_by_spd_id
uword * spd_index_by_spd_id
Definition: ipsec.h:125
vl_api_ipsec_spds_dump_t::client_index
u32 client_index
Definition: ipsec.api:148
api_main_t
API main structure, used by both vpp and binary API clients.
Definition: api_common.h:228
vl_api_ipsec_tunnel_protect_update_t
Definition: ipsec.api:285
ip_address
Definition: ip_types.h:79
ip_address_decode2
void ip_address_decode2(const vl_api_address_t *in, ip_address_t *out)
Definition: ip_types_api.c:192
vl_api_registration_
An API client registration, only in vpp/vlib.
Definition: api_common.h:47
ipsec_tun_protect_t_::itp_sw_if_index
u32 itp_sw_if_index
Definition: ipsec_tun.h:117
vl_api_ipsec_set_async_mode_t_handler
static void vl_api_ipsec_set_async_mode_t_handler(vl_api_ipsec_set_async_mode_t *mp)
Definition: ipsec_api.c:1067
BAD_SW_IF_INDEX_LABEL
#define BAD_SW_IF_INDEX_LABEL
Definition: api_helper_macros.h:289
vl_api_ipsec_interface_add_del_spd_t
IPsec: Add/delete SPD from interface.
Definition: ipsec.api:50
ipsec_sa_dump_match_sa
static walk_rc_t ipsec_sa_dump_match_sa(index_t itpi, void *arg)
Definition: ipsec_api.c:711
ipsec_main_t::ah_backends
ipsec_ah_backend_t * ah_backends
Definition: ipsec.h:172
udp_header_t::dst_port
u16 dst_port
Definition: udp_packet.h:48
ipsec_sad_flags_encode
vl_api_ipsec_sad_flags_t ipsec_sad_flags_encode(const ipsec_sa_t *sa)
Definition: ipsec_types_api.c:157
ipsec_policy_t_::priority
i32 priority
Definition: ipsec_spd_policy.h:57
vl_api_ipsec_spds_dump_t
Dump IPsec all SPD IDs.
Definition: ipsec.api:147
vl_api_ipsec_sad_entry_add_del_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:198
vl_api_ipsec_select_backend_t::index
u8 index
Definition: ipsec.api:497
vl_api_ipsec_itf_dump_t
Definition: ipsec.api:377
ipsec_policy_t_::policy
ipsec_policy_action_t policy
Definition: ipsec_spd_policy.h:71
ip46_address_range_t::start
ip46_address_t start
Definition: ipsec_spd_policy.h:37
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
vl_api_ipsec_set_async_mode_t::async_enable
bool async_enable
Definition: ipsec.api:509
crypto_key
vl_api_key_t crypto_key
Definition: ipsec_types.api:126
im
vnet_interface_main_t * im
Definition: interface_output.c:395
ipsec_sa_t::udp_hdr
udp_header_t udp_hdr
Definition: ipsec_sa.h:171
ipsec_sa_flags_t
enum ipsec_sad_flags_t_ ipsec_sa_flags_t
vl_api_ipsec_select_backend_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:496
spi
u32 spi
Definition: flow_types.api:140
FOR_EACH_IPSEC_PROTECT_INPUT_SAI
#define FOR_EACH_IPSEC_PROTECT_INPUT_SAI(_itp, _sai, body)
Definition: ipsec_tun.h:130
vl_api_ipsec_sad_entry_add_del_t::is_add
bool is_add
Definition: ipsec.api:197
tunnel_t_::t_encap_decap_flags
tunnel_encap_decap_flags_t t_encap_decap_flags
Definition: tunnel.h:89
ipsec_esp_backend_t
Definition: ipsec.h:54
vl_api_ipsec_sa_v3_details_t::context
u32 context
Definition: ipsec.api:453
vl_api_ipsec_sad_entry_add_del_v3_t_handler
static void vl_api_ipsec_sad_entry_add_del_v3_t_handler(vl_api_ipsec_sad_entry_add_del_v3_t *mp)
Definition: ipsec_api.c:442
vl_api_client_index_to_registration
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
Definition: api.h:79
ipsec_policy_t_
A Secruity Policy.
Definition: ipsec_spd_policy.h:54
vl_api_ipsec_spd_add_del_t::spd_id
u32 spd_id
Definition: ipsec.api:37
ipsec_esp_backend_t::name
u8 * name
Definition: ipsec.h:56
vl_api_ipsec_spds_dump_t_handler
static void vl_api_ipsec_spds_dump_t_handler(vl_api_ipsec_spds_dump_t *mp)
Definition: ipsec_api.c:521
vl_api_ipsec_tunnel_protect_dump_t_handler
static void vl_api_ipsec_tunnel_protect_dump_t_handler(vl_api_ipsec_tunnel_protect_dump_t *mp)
Definition: ipsec_api.c:199
send_ipsec_spd_interface_details
static void send_ipsec_spd_interface_details(vl_api_registration_t *reg, u32 spd_index, u32 sw_if_index, u32 context)
Definition: ipsec_api.c:621
vl_api_ipsec_spd_dump_t::client_index
u32 client_index
Definition: ipsec.api:170
vl_api_ipsec_sa_details_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:430
vl_api_ipsec_spd_add_del_t::is_add
bool is_add
Definition: ipsec.api:36
send_ipsec_spd_details
static void send_ipsec_spd_details(ipsec_policy_t *p, vl_api_registration_t *reg, u32 context)
Definition: ipsec_api.c:553
vl_api_ipsec_itf_dump_t_handler
static void vl_api_ipsec_itf_dump_t_handler(vl_api_ipsec_itf_dump_t *mp)
Definition: ipsec_api.c:700
vl_api_ipsec_sa_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:432
IPSEC_API_PROTO_AH
Definition: ipsec_types.api:84
vl_api_ipsec_spd_entry_add_del_t_handler
static void vl_api_ipsec_spd_entry_add_del_t_handler(vl_api_ipsec_spd_entry_add_del_t *mp)
Definition: ipsec_api.c:245
ipsec_main_t::policies
ipsec_policy_t * policies
Definition: ipsec.h:113
vl_api_ipsec_spds_dump_t::context
u32 context
Definition: ipsec.api:149
ip_dscp_encode
vl_api_ip_dscp_t ip_dscp_encode(ip_dscp_t dscp)
Definition: ip_types_api.c:105
vl_api_ipsec_sa_dump_t
Dump IPsec security association.
Definition: ipsec.api:395
vl_api_ipsec_itf_delete_t_handler
static void vl_api_ipsec_itf_delete_t_handler(vl_api_ipsec_itf_delete_t *mp)
Definition: ipsec_api.c:689
vl_api_ipsec_spd_interface_dump_t::spd_index_valid
u8 spd_index_valid
Definition: ipsec.api:329
ipsec_tun_protect_get
static ipsec_tun_protect_t * ipsec_tun_protect_get(u32 index)
Definition: ipsec_tun.h:172
IP46_TYPE_ANY
Definition: ip46_address.h:24
ipsec_integ_algo_encode
vl_api_ipsec_integ_alg_t ipsec_integ_algo_encode(ipsec_integ_alg_t i)
Definition: ipsec_types_api.c:104
ipsec_spd_t::policies
u32 * policies[IPSEC_SPD_POLICY_N_TYPES]
vectors for each of the policy types
Definition: ipsec_spd.h:51
ipsec_sa_flags_decode
ipsec_sa_flags_t ipsec_sa_flags_decode(vl_api_ipsec_sad_flags_t in)
Definition: ipsec_types_api.c:133
vl_api_ipsec_interface_add_del_spd_t::is_add
bool is_add
Definition: ipsec.api:55
vl_api_ipsec_tunnel_protect_details_t::context
u32 context
Definition: ipsec.api:314
vl_api_ipsec_spd_dump_t
Dump ipsec policy database data.
Definition: ipsec.api:169
vl_api_ipsec_spd_dump_t::context
u32 context
Definition: ipsec.api:171
vl_api_ipsec_spd_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:140
ipsec_sa_dump_match_ctx_t_::sw_if_index
u32 sw_if_index
Definition: ipsec_api.c:707
vl_api_ipsec_sa_details_t::replay_window
u64 replay_window
Definition: ipsec.api:436
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec_sa.h:176
vl_api_ipsec_tunnel_protect_update_t_handler
static void vl_api_ipsec_tunnel_protect_update_t_handler(vl_api_ipsec_tunnel_protect_update_t *mp)
Definition: ipsec_api.c:112
ipsec_itf_delete
int ipsec_itf_delete(u32 sw_if_index)
Definition: ipsec_itf.c:320
send_ipsec_spds_details
static void send_ipsec_spds_details(ipsec_spd_t *spd, vl_api_registration_t *reg, u32 context)
Definition: ipsec_api.c:500
vl_api_ipsec_set_async_mode_t
IPsec Set Async mode.
Definition: ipsec.api:506
vl_api_ipsec_backend_details_t::index
u8 index
Definition: ipsec.api:483
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:38
vl_api_ipsec_spds_details_t::spd_id
u32 spd_id
Definition: ipsec.api:159
ipsec_sa_t::seq
u32 seq
Definition: ipsec_sa.h:132
vl_api_ipsec_spd_details_t
IPsec policy database response.
Definition: ipsec.api:182
clib_error_t
Definition: clib_error.h:21
vl_api_ipsec_spd_interface_dump_t
IPsec: Get SPD interfaces.
Definition: ipsec.api:325
vl_api_ipsec_spd_details_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:184
vl_api_ipsec_spd_entry_add_del_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:127
ipsec_dump_walk_ctx_t
struct ipsec_dump_walk_ctx_t_ ipsec_dump_walk_ctx_t
send_ipsec_sa_details
static walk_rc_t send_ipsec_sa_details(ipsec_sa_t *sa, void *arg)
Definition: ipsec_api.c:738
ipsec_select_ah_backend
int ipsec_select_ah_backend(ipsec_main_t *im, u32 backend_idx)
Definition: ipsec.c:257
vl_api_ipsec_sa_v3_dump_t_handler
static void vl_api_ipsec_sa_v3_dump_t_handler(vl_api_ipsec_sa_v3_dump_t *mp)
Definition: ipsec_api.c:971
vnet_all_api_h.h
ipsec_sa_get
static ipsec_sa_t * ipsec_sa_get(u32 sa_index)
Definition: ipsec_sa.h:519
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
vl_api_ipsec_spd_details_t::context
u32 context
Definition: ipsec.api:183
ipsec_policy_t_::raddr
ip46_address_range_t raddr
Definition: ipsec_spd_policy.h:65
IP46_TYPE_IP6
Definition: ip46_address.h:27
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.c:28
vlib_main_t
Definition: main.h:102
uword
u64 uword
Definition: types.h:112
ipsec_select_esp_backend
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
Definition: ipsec.c:280
vl_api_ipsec_tunnel_protect_dump_t::client_index
u32 client_index
Definition: ipsec.api:307
vl_api_ipsec_backend_details_t
IPsec backend details.
Definition: ipsec.api:479
vl_api_ipsec_itf_create_t
Create an IPSec interface.
Definition: ipsec.api:352
ipsec_set_interface_spd
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Bind/attach a SPD to an interface.
Definition: ipsec_spd.c:63
tun
vl_api_gbp_endpoint_tun_t tun
Definition: gbp.api:134
ip_address_encode
void ip_address_encode(const ip46_address_t *in, ip46_type_t type, vl_api_address_t *out)
Definition: ip_types_api.c:220
vl_api_ipsec_sa_details_t::context
u32 context
Definition: ipsec.api:429
ipsec_spd_t::id
u32 id
the User&#39;s ID for this policy
Definition: ipsec_spd.h:49
ipsec_tun.h
vl_api_ipsec_tunnel_protect_details_t
Definition: ipsec.api:312
ipsec_types_api.h
vlibapi_get_main
static api_main_t * vlibapi_get_main(void)
Definition: api_common.h:390
vl_api_ipsec_spds_details_t::npolicies
u32 npolicies
Definition: ipsec.api:160
ipsec_itf_create
int ipsec_itf_create(u32 user_instance, tunnel_mode_t mode, u32 *sw_if_indexp)
Definition: ipsec_itf.c:272
ipsec_dump_walk_ctx_t_::reg
vl_api_registration_t * reg
Definition: ipsec_api.c:160
vl_api_ipsec_sa_v2_details_t::entry
vl_api_ipsec_sad_entry_v2_t entry
Definition: ipsec.api:442
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec_sa.h:217
ipsec_policy_t_::lport
port_range_t lport
Definition: ipsec_spd_policy.h:67
ipsec_add_del_spd
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Add/Delete a SPD.
Definition: ipsec_spd.c:20
vl_api_ipsec_sa_v3_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:456
ipsec_api_hookup
static clib_error_t * ipsec_api_hookup(vlib_main_t *vm)
Definition: ipsec_api.c:1097
foreach_ipsec_spd_policy_type
#define foreach_ipsec_spd_policy_type
Definition: ipsec_spd.h:20
vl_api_ipsec_sad_entry_add_del_v2_t
Definition: ipsec.api:200
vl_api_ipsec_tunnel_protect_del_t_handler
static void vl_api_ipsec_tunnel_protect_del_t_handler(vl_api_ipsec_tunnel_protect_del_t *mp)
Definition: ipsec_api.c:138
vl_api_ipsec_itf_delete_t
Definition: ipsec.api:370
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:213
vl_api_ipsec_sad_entry_add_del_v2_t::is_add
bool is_add
Definition: ipsec.api:204
ipsec_tun_protect_t_::itp_key
ip_address_t * itp_key
Definition: ipsec_tun.h:126
tunnel_encap_decap_flags_decode
int tunnel_encap_decap_flags_decode(vl_api_tunnel_encap_decap_flags_t f, tunnel_encap_decap_flags_t *o)
Conversion functions to/from (decode/encode) API types to VPP internal types.
Definition: tunnel_types_api.c:34
send_ipsec_tunnel_protect_details
static walk_rc_t send_ipsec_tunnel_protect_details(index_t itpi, void *arg)
Definition: ipsec_api.c:165
vl_api_ipsec_sa_v2_dump_t_handler
static void vl_api_ipsec_sa_v2_dump_t_handler(vl_api_ipsec_sa_v2_dump_t *mp)
Definition: ipsec_api.c:891
vl_api_ipsec_spds_details_t::context
u32 context
Definition: ipsec.api:158
vl_api_ipsec_spd_interface_details_t::spd_index
u32 spd_index
Definition: ipsec.api:339
WALK_STOP
Definition: interface_funcs.h:173
vl_api_ipsec_select_backend_t_handler
static void vl_api_ipsec_select_backend_t_handler(vl_api_ipsec_select_backend_t *mp)
Definition: ipsec_api.c:1033
ipsec_set_async_mode
void ipsec_set_async_mode(u32 is_enabled)
Definition: ipsec.c:327
vl_api_ipsec_sa_details_t
IPsec security association database response.
Definition: ipsec.api:427
ipsec_main_t::esp_backends
ipsec_esp_backend_t * esp_backends
Definition: ipsec.h:174
vl_api_ipsec_sad_entry_add_del_v3_t::entry
vl_api_ipsec_sad_entry_v3_t entry
Definition: ipsec.api:212
ipsec_crypto_algo_decode
int ipsec_crypto_algo_decode(vl_api_ipsec_crypto_alg_t in, ipsec_crypto_alg_t *out)
Definition: ipsec_types_api.c:55
ipsec_sa_t::integ_key
ipsec_key_t integ_key
Definition: ipsec_sa.h:220
vl_api_ipsec_backend_details_t::name
string name[128]
Definition: ipsec.api:481
ipsec_key_t_
Definition: ipsec_sa.h:80
vl_api_ipsec_spd_interface_dump_t::client_index
u32 client_index
Definition: ipsec.api:326
vl_api_ipsec_itf_delete_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:374
vl_api_ipsec_sa_v2_dump_t::client_index
u32 client_index
Definition: ipsec.api:404
am
app_main_t * am
Definition: application.c:489
vl_api_ipsec_sa_v3_dump_t
Definition: ipsec.api:408
tunnel_mode_t
enum tunnel_mode_t_ tunnel_mode_t
vl_api_ipsec_sa_details_t::stat_index
u32 stat_index
Definition: ipsec.api:438
ipsec_policy_t_::is_ipv6
u8 is_ipv6
Definition: ipsec_spd_policy.h:63
vl_api_ipsec_sa_v3_details_t::entry
vl_api_ipsec_sad_entry_v3_t entry
Definition: ipsec.api:454
vl_api_ipsec_tunnel_protect_del_t::nh
vl_api_address_t nh
Definition: ipsec.api:299
ipsec_proto_decode
int ipsec_proto_decode(vl_api_ipsec_proto_t in, ipsec_protocol_t *out)
Encode/decode function from/to API to internal types.
Definition: ipsec_types_api.c:25
vl_api_ipsec_sa_v2_dump_t::context
u32 context
Definition: ipsec.api:405
ipsec_sa_t::tunnel
tunnel_t tunnel
Definition: ipsec_sa.h:206
VALIDATE_SW_IF_INDEX
#define VALIDATE_SW_IF_INDEX(mp)
Definition: api_helper_macros.h:281
ipsec_tun_protect_t_::itp_out_sa
index_t itp_out_sa
Definition: ipsec_tun.h:110
ip46_type_t
ip46_type_t
Definition: ip46_address.h:22
vl_api_ipsec_spd_interface_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:340
vl_api_ipsec_sad_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:220
ipsec_tun_protect_update
int ipsec_tun_protect_update(u32 sw_if_index, const ip_address_t *nh, u32 sa_out, u32 *sas_in)
Definition: ipsec_tun.c:564
vl_api_ipsec_sad_entry_add_del_t_handler
static void vl_api_ipsec_sad_entry_add_del_t_handler(vl_api_ipsec_sad_entry_add_del_t *mp)
Definition: ipsec_api.c:308
vl_api_ipsec_sa_v3_details_t::replay_window
u64 replay_window
Definition: ipsec.api:459
tunnel_t_::t_dscp
ip_dscp_t t_dscp
Definition: tunnel.h:93
ipsec_key_encode
void ipsec_key_encode(const ipsec_key_t *in, vl_api_key_t *out)
Definition: ipsec_types_api.c:126
pool_elts
static uword pool_elts(void *v)
Number of active elements in a pool.
Definition: pool.h:127