Include dependency graph for ipsec.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	ipsec_sa_t

struct	ip46_address_range_t

struct	port_range_t

struct	ipsec_add_del_tunnel_args_t

struct	ipsec_add_del_ipsec_gre_tunnel_args_t

struct	ipsec_policy_t

struct	ipsec_spd_t

struct	ip4_ipsec_config_t

struct	ip6_ipsec_config_t

struct	ipsec_tunnel_if_t

struct	ipsec_ah_backend_t

struct	ipsec_esp_backend_t

struct	ipsec_proto_main_crypto_alg_t

struct	ipsec_proto_main_integ_alg_t

struct	ipsec_proto_main_per_thread_data_t

struct	ipsec_proto_main_t

struct	ipsec_main_t

Macros
#define	IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)

#define	foreach_ipsec_output_next

#define	foreach_ipsec_input_next

#define	foreach_ipsec_policy_action

#define	foreach_ipsec_crypto_alg

#define	foreach_ipsec_integ_alg

Typedefs
typedef clib_error_t (	add_del_sa_sess_cb_t) (u32 sa_index, u8 is_add)

typedef clib_error_t (	check_support_cb_t) (ipsec_sa_t *sa)

Enumerations
enum	ipsec_output_next_t { IPSEC_OUTPUT_N_NEXT }

enum	ipsec_input_next_t { IPSEC_INPUT_N_NEXT }

enum	ipsec_policy_action_t { IPSEC_POLICY_N_ACTION }

enum	ipsec_crypto_alg_t { IPSEC_CRYPTO_N_ALG }

enum	ipsec_integ_alg_t { IPSEC_INTEG_N_ALG }

enum	ipsec_protocol_t { IPSEC_PROTOCOL_AH = 0, IPSEC_PROTOCOL_ESP = 1 }

enum	ipsec_if_set_key_type_t { IPSEC_IF_SET_KEY_TYPE_NONE, IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO, IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO, IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG, IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG }

Functions
clib_error_t *	ipsec_add_del_sa_sess_cb (ipsec_main_t *im, u32 sa_index, u8 is_add)

clib_error_t *	ipsec_check_support_cb (ipsec_main_t im, ipsec_sa_t sa)

int	ipsec_set_interface_spd (vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)

int	ipsec_add_del_spd (vlib_main_t *vm, u32 spd_id, int is_add)

int	ipsec_add_del_policy (vlib_main_t vm, ipsec_policy_t policy, int is_add)

int	ipsec_add_del_sa (vlib_main_t vm, ipsec_sa_t new_sa, int is_add)

int	ipsec_set_sa_key (vlib_main_t vm, ipsec_sa_t sa_update)

u32	ipsec_get_sa_index_by_sa_id (u32 sa_id)

u8	ipsec_is_sa_used (u32 sa_index)

u8 *	format_ipsec_policy_action (u8 s, va_list args)

u8 *	format_ipsec_crypto_alg (u8 s, va_list args)

u8 *	format_ipsec_integ_alg (u8 s, va_list args)

u8 *	format_ipsec_replay_window (u8 s, va_list args)

uword	unformat_ipsec_policy_action (unformat_input_t input, va_list args)

uword	unformat_ipsec_crypto_alg (unformat_input_t input, va_list args)

uword	unformat_ipsec_integ_alg (unformat_input_t input, va_list args)

int	ipsec_add_del_tunnel_if_internal (vnet_main_t vnm, ipsec_add_del_tunnel_args_t args, u32 *sw_if_index)

int	ipsec_add_del_tunnel_if (ipsec_add_del_tunnel_args_t *args)

int	ipsec_add_del_ipsec_gre_tunnel (vnet_main_t vnm, ipsec_add_del_ipsec_gre_tunnel_args_t args)

int	ipsec_set_interface_key (vnet_main_t vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 key)

int	ipsec_set_interface_sa (vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)

static void	ipsec_alloc_empty_buffers (vlib_main_t vm, ipsec_main_t im)

static_always_inline u32	get_next_output_feature_node_index (vlib_buffer_t b, vlib_node_runtime_t nr)

u32	ipsec_register_ah_backend (vlib_main_t vm, ipsec_main_t im, const char name, const char ah4_encrypt_node_name, const char ah4_decrypt_node_name, const char ah6_encrypt_node_name, const char *ah6_decrypt_node_name, check_support_cb_t ah_check_support_cb, add_del_sa_sess_cb_t ah_add_del_sa_sess_cb)

u32	ipsec_register_esp_backend (vlib_main_t vm, ipsec_main_t im, const char name, const char esp4_encrypt_node_name, const char esp4_decrypt_node_name, const char esp6_encrypt_node_name, const char *esp6_decrypt_node_name, check_support_cb_t esp_check_support_cb, add_del_sa_sess_cb_t esp_add_del_sa_sess_cb)

int	ipsec_select_ah_backend (ipsec_main_t *im, u32 ah_backend_idx)

int	ipsec_select_esp_backend (ipsec_main_t *im, u32 esp_backend_idx)

Variables
ipsec_proto_main_t	ipsec_proto_main

ipsec_main_t	ipsec_main

vlib_node_registration_t	esp4_encrypt_node
	(constructor) VLIB_REGISTER_NODE (esp4_encrypt_node) More...

vlib_node_registration_t	esp4_decrypt_node
	(constructor) VLIB_REGISTER_NODE (esp4_decrypt_node) More...

vlib_node_registration_t	ah4_encrypt_node
	(constructor) VLIB_REGISTER_NODE (ah4_encrypt_node) More...

vlib_node_registration_t	ah4_decrypt_node
	(constructor) VLIB_REGISTER_NODE (ah4_decrypt_node) More...

vlib_node_registration_t	esp6_encrypt_node
	(constructor) VLIB_REGISTER_NODE (esp6_encrypt_node) More...

vlib_node_registration_t	esp6_decrypt_node
	(constructor) VLIB_REGISTER_NODE (esp6_decrypt_node) More...

vlib_node_registration_t	ah6_encrypt_node
	(constructor) VLIB_REGISTER_NODE (ah6_encrypt_node) More...

vlib_node_registration_t	ah6_decrypt_node
	(constructor) VLIB_REGISTER_NODE (ah6_decrypt_node) More...

vlib_node_registration_t	ipsec_if_input_node
	(constructor) VLIB_REGISTER_NODE (ipsec_if_input_node) More...

Macro Definition Documentation

#define foreach_ipsec_crypto_alg

Value:

_ (0, NONE, "none")               \
  _ (1, AES_CBC_128, "aes-cbc-128") \
  _ (2, AES_CBC_192, "aes-cbc-192") \
  _ (3, AES_CBC_256, "aes-cbc-256") \
  _ (4, AES_CTR_128, "aes-ctr-128") \
  _ (5, AES_CTR_192, "aes-ctr-192") \
  _ (6, AES_CTR_256, "aes-ctr-256") \
  _ (7, AES_GCM_128, "aes-gcm-128") \
  _ (8, AES_GCM_192, "aes-gcm-192") \
  _ (9, AES_GCM_256, "aes-gcm-256") \
  _ (10, DES_CBC, "des-cbc")        \
  _ (11, 3DES_CBC, "3des-cbc")

Definition at line 74 of file ipsec.h.

#define foreach_ipsec_input_next

Value:

_ (DROP, "error-drop")           \
  _ (ESP4_DECRYPT, "esp4-decrypt") \
  _ (AH4_DECRYPT, "ah4-decrypt")   \
  _ (ESP6_DECRYPT, "esp6-decrypt") \
  _ (AH6_DECRYPT, "ah6-decrypt")

Definition at line 45 of file ipsec.h.

#define foreach_ipsec_integ_alg

Value:

_ (0, NONE, "none")                                                      \
  _ (1, MD5_96, "md5-96")           /* RFC2403 */                          \
  _ (2, SHA1_96, "sha1-96")         /* RFC2404 */                          \
  _ (3, SHA_256_96, "sha-256-96")   /* draft-ietf-ipsec-ciph-sha-256-00 */ \
  _ (4, SHA_256_128, "sha-256-128") /* RFC4868 */                          \
  _ (5, SHA_384_192, "sha-384-192") /* RFC4868 */                          \
  _ (6, SHA_512_256, "sha-512-256")     /* RFC4868 */

Definition at line 96 of file ipsec.h.

#define foreach_ipsec_output_next

Value:

_ (DROP, "error-drop")           \
  _ (ESP4_ENCRYPT, "esp4-encrypt") \
  _ (AH4_ENCRYPT, "ah4-encrypt")   \
  _ (ESP6_ENCRYPT, "esp6-encrypt") \
  _ (AH6_ENCRYPT, "ah6-encrypt")

Definition at line 30 of file ipsec.h.

#define foreach_ipsec_policy_action

Value:

_ (0, BYPASS, "bypass")           \
  _ (1, DISCARD, "discard")         \
  _ (2, RESOLVE, "resolve")         \
  _ (3, PROTECT, "protect")

Definition at line 60 of file ipsec.h.

#define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)

Definition at line 28 of file ipsec.h.

Typedef Documentation

typedef clib_error_t*(* add_del_sa_sess_cb_t) (u32 sa_index, u8 is_add)

Definition at line 265 of file ipsec.h.

typedef clib_error_t*(* check_support_cb_t) (ipsec_sa_t *sa)

Definition at line 266 of file ipsec.h.

Enumeration Type Documentation

enum ipsec_crypto_alg_t

Enumerator
IPSEC_CRYPTO_N_ALG

Definition at line 88 of file ipsec.h.

enum ipsec_if_set_key_type_t

Enumerator
IPSEC_IF_SET_KEY_TYPE_NONE
IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO
IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO
IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG
IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG

Definition at line 199 of file ipsec.h.

enum ipsec_input_next_t

Enumerator
IPSEC_INPUT_N_NEXT

Definition at line 53 of file ipsec.h.

enum ipsec_integ_alg_t

Enumerator
IPSEC_INTEG_N_ALG

Definition at line 105 of file ipsec.h.

enum ipsec_output_next_t

Enumerator
IPSEC_OUTPUT_N_NEXT

Definition at line 38 of file ipsec.h.

enum ipsec_policy_action_t

Enumerator
IPSEC_POLICY_N_ACTION

Definition at line 66 of file ipsec.h.

enum ipsec_protocol_t

Enumerator
IPSEC_PROTOCOL_AH
IPSEC_PROTOCOL_ESP

Definition at line 113 of file ipsec.h.

Function Documentation

u8* format_ipsec_crypto_alg	(	u8 *	s,
		va_list *	args
	)

Definition at line 58 of file ipsec_format.c.

Here is the call graph for this function:

Here is the caller graph for this function:

u8* format_ipsec_integ_alg	(	u8 *	s,
		va_list *	args
	)

Definition at line 90 of file ipsec_format.c.

Here is the call graph for this function:

Here is the caller graph for this function:

u8* format_ipsec_policy_action	(	u8 *	s,
		va_list *	args
	)

Definition at line 26 of file ipsec_format.c.

Here is the call graph for this function:

u8* format_ipsec_replay_window	(	u8 *	s,
		va_list *	args
	)

Definition at line 122 of file ipsec_format.c.

Here is the call graph for this function:

static_always_inline u32 get_next_output_feature_node_index	(	vlib_buffer_t *	b,
		vlib_node_runtime_t *	nr
	)

Definition at line 490 of file ipsec.h.

Here is the call graph for this function:

int ipsec_add_del_ipsec_gre_tunnel	(	vnet_main_t *	vnm,
		ipsec_add_del_ipsec_gre_tunnel_args_t *	args
	)

Definition at line 416 of file ipsec_if.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_add_del_policy	(	vlib_main_t *	vm,
		ipsec_policy_t *	policy,
		int	is_add
	)

Definition at line 154 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_add_del_sa	(	vlib_main_t *	vm,
		ipsec_sa_t *	new_sa,
		int	is_add
	)

Definition at line 432 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

clib_error_t* ipsec_add_del_sa_sess_cb	(	ipsec_main_t *	im,
		u32	sa_index,
		u8	is_add
	)

Definition at line 557 of file ipsec.c.

Here is the caller graph for this function:

int ipsec_add_del_spd	(	vlib_main_t *	vm,
		u32	spd_id,
		int	is_add
	)

Definition at line 93 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_add_del_tunnel_if ( ipsec_add_del_tunnel_args_t * args )

Definition at line 246 of file ipsec_if.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_add_del_tunnel_if_internal	(	vnet_main_t *	vnm,
		ipsec_add_del_tunnel_args_t *	args,
		u32 *	sw_if_index
	)

Definition at line 254 of file ipsec_if.c.

Here is the call graph for this function:

Here is the caller graph for this function:

static void ipsec_alloc_empty_buffers	(	vlib_main_t *	vm,
		ipsec_main_t *	im
	)

inlinestatic

Definition at line 469 of file ipsec.h.

Here is the call graph for this function:

Here is the caller graph for this function:

clib_error_t* ipsec_check_support_cb	(	ipsec_main_t *	im,
		ipsec_sa_t *	sa
	)

Definition at line 579 of file ipsec.c.

Here is the caller graph for this function:

u32 ipsec_get_sa_index_by_sa_id ( u32 sa_id )

Definition at line 33 of file ipsec.c.

Here is the caller graph for this function:

u8 ipsec_is_sa_used ( u32 sa_index )

Definition at line 380 of file ipsec.c.

Here is the caller graph for this function:

u32 ipsec_register_ah_backend	(	vlib_main_t *	vm,
		ipsec_main_t *	im,
		const char *	name,
		const char *	ah4_encrypt_node_name,
		const char *	ah4_decrypt_node_name,
		const char *	ah6_encrypt_node_name,
		const char *	ah6_decrypt_node_name,
		check_support_cb_t	ah_check_support_cb,
		add_del_sa_sess_cb_t	ah_add_del_sa_sess_cb
	)

Definition at line 616 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

u32 ipsec_register_esp_backend	(	vlib_main_t *	vm,
		ipsec_main_t *	im,
		const char *	name,
		const char *	esp4_encrypt_node_name,
		const char *	esp4_decrypt_node_name,
		const char *	esp6_encrypt_node_name,
		const char *	esp6_decrypt_node_name,
		check_support_cb_t	esp_check_support_cb,
		add_del_sa_sess_cb_t	esp_add_del_sa_sess_cb
	)

Definition at line 644 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_select_ah_backend	(	ipsec_main_t *	im,
		u32	ah_backend_idx
	)

Definition at line 672 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_select_esp_backend	(	ipsec_main_t *	im,
		u32	esp_backend_idx
	)

Definition at line 693 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_set_interface_key	(	vnet_main_t *	vnm,
		u32	hw_if_index,
		ipsec_if_set_key_type_t	type,
		u8	alg,
		u8 *	key
	)

Definition at line 478 of file ipsec_if.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_set_interface_sa	(	vnet_main_t *	vnm,
		u32	hw_if_index,
		u32	sa_id,
		u8	is_outbound
	)

Definition at line 528 of file ipsec_if.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_set_interface_spd	(	vlib_main_t *	vm,
		u32	sw_if_index,
		u32	spd_id,
		int	is_add
	)

Definition at line 44 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int ipsec_set_sa_key	(	vlib_main_t *	vm,
		ipsec_sa_t *	sa_update
	)

Definition at line 477 of file ipsec.c.

Here is the call graph for this function:

Here is the caller graph for this function:

uword unformat_ipsec_crypto_alg	(	unformat_input_t *	input,
		va_list *	args
	)

Definition at line 76 of file ipsec_format.c.

Here is the caller graph for this function:

uword unformat_ipsec_integ_alg	(	unformat_input_t *	input,
		va_list *	args
	)

Definition at line 108 of file ipsec_format.c.

Here is the caller graph for this function:

uword unformat_ipsec_policy_action	(	unformat_input_t *	input,
		va_list *	args
	)

Definition at line 44 of file ipsec_format.c.

Here is the caller graph for this function:

Variable Documentation

vlib_node_registration_t ah4_decrypt_node

(constructor) VLIB_REGISTER_NODE (ah4_decrypt_node)

Definition at line 317 of file ah_decrypt.c.

vlib_node_registration_t ah4_encrypt_node

(constructor) VLIB_REGISTER_NODE (ah4_encrypt_node)

Definition at line 328 of file ah_encrypt.c.

vlib_node_registration_t ah6_decrypt_node

(constructor) VLIB_REGISTER_NODE (ah6_decrypt_node)

Definition at line 343 of file ah_decrypt.c.

vlib_node_registration_t ah6_encrypt_node

(constructor) VLIB_REGISTER_NODE (ah6_encrypt_node)

Definition at line 354 of file ah_encrypt.c.

vlib_node_registration_t esp4_decrypt_node

(constructor) VLIB_REGISTER_NODE (esp4_decrypt_node)

Definition at line 417 of file esp_decrypt.c.

vlib_node_registration_t esp4_encrypt_node

(constructor) VLIB_REGISTER_NODE (esp4_encrypt_node)

Definition at line 448 of file esp_encrypt.c.

vlib_node_registration_t esp6_decrypt_node

(constructor) VLIB_REGISTER_NODE (esp6_decrypt_node)

Definition at line 443 of file esp_decrypt.c.

vlib_node_registration_t esp6_encrypt_node

(constructor) VLIB_REGISTER_NODE (esp6_encrypt_node)

Definition at line 474 of file esp_encrypt.c.

vlib_node_registration_t ipsec_if_input_node

(constructor) VLIB_REGISTER_NODE (ipsec_if_input_node)

Definition at line 224 of file ipsec_if_in.c.

ipsec_main_t ipsec_main

Definition at line 30 of file ipsec.c.

ipsec_proto_main_t ipsec_proto_main

Definition at line 26 of file esp_encrypt.c.

Data Structures

Macros

Typedefs

Enumerations

Functions

Variables

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation