FD.io VPP  v19.04.1-1-ge4a0f9f
Vector Packet Processing
ipsec_sa.h File Reference
+ Include dependency graph for ipsec_sa.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ipsec_key_t_
 
struct  ipsec_sa_t
 

Macros

#define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE   (64)
 
#define foreach_ipsec_crypto_alg
 
#define IPSEC_CRYPTO_ALG_IS_GCM(_alg)
 
#define foreach_ipsec_integ_alg
 
#define IPSEC_N_PROTOCOLS   (IPSEC_PROTOCOL_ESP+1)
 
#define IPSEC_KEY_MAX_LEN   128
 
#define foreach_ipsec_sa_flags
 

Typedefs

typedef struct ipsec_key_t_ ipsec_key_t
 
typedef enum ipsec_sad_flags_t_ ipsec_sa_flags_t
 
typedef walk_rc_t(* ipsec_sa_walk_cb_t) (ipsec_sa_t *sa, void *ctx)
 

Enumerations

enum  ipsec_crypto_alg_t { IPSEC_CRYPTO_N_ALG }
 
enum  ipsec_integ_alg_t { IPSEC_INTEG_N_ALG }
 
enum  ipsec_protocol_t { IPSEC_PROTOCOL_AH = 0, IPSEC_PROTOCOL_ESP = 1 }
 
enum  ipsec_sad_flags_t_ { foreach_ipsec_sa_flags }
 

Functions

 STATIC_ASSERT (sizeof(ipsec_sa_flags_t)==1,"IPSEC SA flags > 1 byte")
 
 STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES)
 
void ipsec_mk_key (ipsec_key_t *key, const u8 *data, u8 len)
 
int ipsec_sa_add (u32 id, u32 spi, ipsec_protocol_t proto, ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, ipsec_sa_flags_t flags, u32 tx_table_id, u32 salt, const ip46_address_t *tunnel_src_addr, const ip46_address_t *tunnel_dst_addr, u32 *sa_index)
 
u32 ipsec_sa_del (u32 id)
 
void ipsec_sa_set_crypto_alg (ipsec_sa_t *sa, ipsec_crypto_alg_t crypto_alg)
 
void ipsec_sa_set_integ_alg (ipsec_sa_t *sa, ipsec_integ_alg_t integ_alg)
 
u8 ipsec_is_sa_used (u32 sa_index)
 
int ipsec_set_sa_key (u32 id, const ipsec_key_t *ck, const ipsec_key_t *ik)
 
u32 ipsec_get_sa_index_by_sa_id (u32 sa_id)
 
void ipsec_sa_walk (ipsec_sa_walk_cb_t cd, void *ctx)
 
u8format_ipsec_crypto_alg (u8 *s, va_list *args)
 
u8format_ipsec_integ_alg (u8 *s, va_list *args)
 
u8format_ipsec_sa (u8 *s, va_list *args)
 
u8format_ipsec_key (u8 *s, va_list *args)
 
uword unformat_ipsec_crypto_alg (unformat_input_t *input, va_list *args)
 
uword unformat_ipsec_integ_alg (unformat_input_t *input, va_list *args)
 
uword unformat_ipsec_key (unformat_input_t *input, va_list *args)
 
static int ipsec_sa_anti_replay_check (ipsec_sa_t *sa, u32 *seqp)
 
static void ipsec_sa_anti_replay_advance (ipsec_sa_t *sa, u32 *seqp)
 

Variables

foreach_ipsec_sa_flags vlib_combined_counter_main_t ipsec_sa_counters
 SA packet & bytes counters. More...
 

Macro Definition Documentation

#define foreach_ipsec_crypto_alg
Value:
_ (0, NONE, "none") \
_ (1, AES_CBC_128, "aes-cbc-128") \
_ (2, AES_CBC_192, "aes-cbc-192") \
_ (3, AES_CBC_256, "aes-cbc-256") \
_ (4, AES_CTR_128, "aes-ctr-128") \
_ (5, AES_CTR_192, "aes-ctr-192") \
_ (6, AES_CTR_256, "aes-ctr-256") \
_ (7, AES_GCM_128, "aes-gcm-128") \
_ (8, AES_GCM_192, "aes-gcm-192") \
_ (9, AES_GCM_256, "aes-gcm-256") \
_ (10, DES_CBC, "des-cbc") \
_ (11, 3DES_CBC, "3des-cbc")

Definition at line 24 of file ipsec_sa.h.

#define foreach_ipsec_integ_alg
Value:
_ (0, NONE, "none") \
_ (1, MD5_96, "md5-96") /* RFC2403 */ \
_ (2, SHA1_96, "sha1-96") /* RFC2404 */ \
_ (3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
_ (4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
_ (5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
_ (6, SHA_512_256, "sha-512-256") /* RFC4868 */

Definition at line 51 of file ipsec_sa.h.

#define foreach_ipsec_sa_flags
Value:
_ (0, NONE, "none") \
_ (1, USE_ESN, "esn") \
_ (2, USE_ANTI_REPLAY, "anti-replay") \
_ (4, IS_TUNNEL, "tunnel") \
_ (8, IS_TUNNEL_V6, "tunnel-v6") \
_ (16, UDP_ENCAP, "udp-encap") \
_ (32, IS_GRE, "GRE") \
_ (64, IS_INBOUND, "inboud") \
_ (128, IS_AEAD, "aead") \

Definition at line 91 of file ipsec_sa.h.

#define IPSEC_CRYPTO_ALG_IS_GCM (   _alg)
Value:
(((_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) || \
(_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) || \
(_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)))

Definition at line 46 of file ipsec_sa.h.

#define IPSEC_KEY_MAX_LEN   128

Definition at line 76 of file ipsec_sa.h.

#define IPSEC_N_PROTOCOLS   (IPSEC_PROTOCOL_ESP+1)

Definition at line 74 of file ipsec_sa.h.

#define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE   (64)

Definition at line 22 of file ipsec_sa.h.

Typedef Documentation

typedef struct ipsec_key_t_ ipsec_key_t
typedef walk_rc_t(* ipsec_sa_walk_cb_t) (ipsec_sa_t *sa, void *ctx)

Definition at line 216 of file ipsec_sa.h.

Enumeration Type Documentation

Enumerator
IPSEC_CRYPTO_N_ALG 

Definition at line 38 of file ipsec_sa.h.

Enumerator
IPSEC_INTEG_N_ALG 

Definition at line 60 of file ipsec_sa.h.

Enumerator
IPSEC_PROTOCOL_AH 
IPSEC_PROTOCOL_ESP 

Definition at line 68 of file ipsec_sa.h.

Enumerator
foreach_ipsec_sa_flags 

Definition at line 102 of file ipsec_sa.h.

Function Documentation

u8* format_ipsec_crypto_alg ( u8 s,
va_list *  args 
)

Definition at line 77 of file ipsec_format.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

u8* format_ipsec_integ_alg ( u8 s,
va_list *  args 
)

Definition at line 109 of file ipsec_format.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

u8* format_ipsec_key ( u8 s,
va_list *  args 
)

Definition at line 230 of file ipsec_format.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

u8* format_ipsec_sa ( u8 s,
va_list *  args 
)

Definition at line 267 of file ipsec_format.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

u32 ipsec_get_sa_index_by_sa_id ( u32  sa_id)

Definition at line 362 of file ipsec_sa.c.

+ Here is the caller graph for this function:

u8 ipsec_is_sa_used ( u32  sa_index)

Definition at line 294 of file ipsec_sa.c.

+ Here is the caller graph for this function:

void ipsec_mk_key ( ipsec_key_t key,
const u8 data,
u8  len 
)

Definition at line 54 of file ipsec_sa.c.

+ Here is the caller graph for this function:

int ipsec_sa_add ( u32  id,
u32  spi,
ipsec_protocol_t  proto,
ipsec_crypto_alg_t  crypto_alg,
const ipsec_key_t ck,
ipsec_integ_alg_t  integ_alg,
const ipsec_key_t ik,
ipsec_sa_flags_t  flags,
u32  tx_table_id,
u32  salt,
const ip46_address_t *  tunnel_src_addr,
const ip46_address_t *  tunnel_dst_addr,
u32 sa_index 
)

Definition at line 123 of file ipsec_sa.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ipsec_sa_anti_replay_advance ( ipsec_sa_t sa,
u32 seqp 
)
inlinestatic

Definition at line 295 of file ipsec_sa.h.

+ Here is the caller graph for this function:

static int ipsec_sa_anti_replay_check ( ipsec_sa_t sa,
u32 seqp 
)
inlinestatic

Definition at line 230 of file ipsec_sa.h.

+ Here is the caller graph for this function:

u32 ipsec_sa_del ( u32  id)

Definition at line 254 of file ipsec_sa.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void ipsec_sa_set_crypto_alg ( ipsec_sa_t sa,
ipsec_crypto_alg_t  crypto_alg 
)

Definition at line 95 of file ipsec_sa.c.

+ Here is the caller graph for this function:

void ipsec_sa_set_integ_alg ( ipsec_sa_t sa,
ipsec_integ_alg_t  integ_alg 
)

Definition at line 113 of file ipsec_sa.c.

+ Here is the caller graph for this function:

void ipsec_sa_walk ( ipsec_sa_walk_cb_t  cd,
void *  ctx 
)

Definition at line 373 of file ipsec_sa.c.

int ipsec_set_sa_key ( u32  id,
const ipsec_key_t ck,
const ipsec_key_t ik 
)

Definition at line 321 of file ipsec_sa.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

STATIC_ASSERT ( sizeof(ipsec_sa_flags_t = =1,
"IPSEC SA  flags,
1 byte"   
)
STATIC_ASSERT_OFFSET_OF ( ipsec_sa_t  ,
cacheline1  ,
CLIB_CACHE_LINE_BYTES   
)
uword unformat_ipsec_crypto_alg ( unformat_input_t input,
va_list *  args 
)

Definition at line 95 of file ipsec_format.c.

+ Here is the caller graph for this function:

uword unformat_ipsec_integ_alg ( unformat_input_t input,
va_list *  args 
)

Definition at line 127 of file ipsec_format.c.

+ Here is the caller graph for this function:

uword unformat_ipsec_key ( unformat_input_t input,
va_list *  args 
)

Definition at line 238 of file ipsec_format.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Variable Documentation

SA packet & bytes counters.

Definition at line 25 of file ipsec_sa.c.