FD.io VPP  v19.04-6-g6f05f72
Vector Packet Processing
ikev2.c File Reference
+ Include dependency graph for ikev2.c:

Go to the source code of this file.

Data Structures

struct  ikev2_trace_t
 

Macros

#define ikev2_set_state(sa, v)
 
#define foreach_ikev2_error
 

Enumerations

enum  ikev2_error_t { IKEV2_N_ERROR }
 
enum  ikev2_next_t { IKEV2_NEXT_IP4_LOOKUP, IKEV2_NEXT_ERROR_DROP, IKEV2_N_NEXT }
 

Functions

static int ikev2_delete_tunnel_interface (vnet_main_t *vnm, ikev2_sa_t *sa, ikev2_child_sa_t *child)
 
static u8format_ikev2_trace (u8 *s, va_list *args)
 
static ikev2_sa_transform_tikev2_find_transform_data (ikev2_sa_transform_t *t)
 
static ikev2_sa_proposal_tikev2_select_proposal (ikev2_sa_proposal_t *proposals, ikev2_protocol_id_t prot_id)
 
ikev2_sa_transform_tikev2_sa_get_td_for_type (ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
 
ikev2_child_sa_tikev2_sa_get_child (ikev2_sa_t *sa, u32 spi, ikev2_protocol_id_t prot_id, int by_initiator)
 
void ikev2_sa_free_proposal_vector (ikev2_sa_proposal_t **v)
 
static void ikev2_sa_free_all_child_sa (ikev2_child_sa_t **childs)
 
static void ikev2_sa_del_child_sa (ikev2_sa_t *sa, ikev2_child_sa_t *child)
 
static void ikev2_sa_free_all_vec (ikev2_sa_t *sa)
 
static void ikev2_delete_sa (ikev2_sa_t *sa)
 
static void ikev2_generate_sa_init_data (ikev2_sa_t *sa)
 
static void ikev2_complete_sa_data (ikev2_sa_t *sa, ikev2_sa_t *sai)
 
static void ikev2_calc_keys (ikev2_sa_t *sa)
 
static void ikev2_calc_child_keys (ikev2_sa_t *sa, ikev2_child_sa_t *child)
 
static void ikev2_process_sa_init_req (vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
 
static void ikev2_process_sa_init_resp (vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
 
static u8ikev2_decrypt_sk_payload (ikev2_sa_t *sa, ike_header_t *ike, u8 *payload)
 
static void ikev2_initial_contact_cleanup (ikev2_sa_t *sa)
 
static void ikev2_process_auth_req (vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
 
static void ikev2_process_informational_req (vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
 
static void ikev2_process_create_child_sa_req (vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike)
 
static u8ikev2_sa_generate_authmsg (ikev2_sa_t *sa, int is_responder)
 
static int ikev2_ts_cmp (ikev2_ts_t *ts1, ikev2_ts_t *ts2)
 
static void ikev2_sa_match_ts (ikev2_sa_t *sa)
 
static void ikev2_sa_auth (ikev2_sa_t *sa)
 
static void ikev2_sa_auth_init (ikev2_sa_t *sa)
 
static int ikev2_create_tunnel_interface (vnet_main_t *vnm, ikev2_sa_t *sa, ikev2_child_sa_t *child)
 
static u32 ikev2_generate_message (ikev2_sa_t *sa, ike_header_t *ike, void *user)
 
static int ikev2_retransmit_sa_init (ike_header_t *ike, ip4_address_t iaddr, ip4_address_t raddr)
 
static int ikev2_retransmit_resp (ikev2_sa_t *sa, ike_header_t *ike)
 
static uword ikev2_node_fn (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
 
static clib_error_tikev2_set_initiator_proposals (vlib_main_t *vm, ikev2_sa_t *sa, ikev2_transforms_set *ts, ikev2_sa_proposal_t **proposals, int is_ike)
 
static ikev2_profile_tikev2_profile_index_by_name (u8 *name)
 
static void ikev2_send_ike (vlib_main_t *vm, ip4_address_t *src, ip4_address_t *dst, u32 bi0, u32 len)
 
static u32 ikev2_get_new_ike_header_buff (vlib_main_t *vm, ike_header_t **ike)
 
clib_error_tikev2_set_local_key (vlib_main_t *vm, u8 *file)
 
clib_error_tikev2_add_del_profile (vlib_main_t *vm, u8 *name, int is_add)
 
clib_error_tikev2_set_profile_auth (vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
 
clib_error_tikev2_set_profile_id (vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
 
clib_error_tikev2_set_profile_ts (vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip4_address_t start_addr, ip4_address_t end_addr, int is_local)
 
clib_error_tikev2_set_profile_responder (vlib_main_t *vm, u8 *name, u32 sw_if_index, ip4_address_t ip4)
 
clib_error_tikev2_set_profile_ike_transforms (vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
 
clib_error_tikev2_set_profile_esp_transforms (vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
 
clib_error_tikev2_set_profile_sa_lifetime (vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
 
clib_error_tikev2_initiate_sa_init (vlib_main_t *vm, u8 *name)
 
static void ikev2_delete_child_sa_internal (vlib_main_t *vm, ikev2_sa_t *sa, ikev2_child_sa_t *csa)
 
clib_error_tikev2_initiate_delete_child_sa (vlib_main_t *vm, u32 ispi)
 
clib_error_tikev2_initiate_delete_ike_sa (vlib_main_t *vm, u64 ispi)
 
static void ikev2_rekey_child_sa_internal (vlib_main_t *vm, ikev2_sa_t *sa, ikev2_child_sa_t *csa)
 
clib_error_tikev2_initiate_rekey_child_sa (vlib_main_t *vm, u32 ispi)
 
clib_error_tikev2_init (vlib_main_t *vm)
 
static u8 ikev2_mngr_process_child_sa (ikev2_sa_t *sa, ikev2_child_sa_t *csa)
 
static void ikev2_mngr_process_ipsec_sa (ipsec_sa_t *ipsec_sa)
 
static uword ikev2_mngr_process_fn (vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f)
 
 VLIB_PLUGIN_REGISTER ()
 

Variables

ikev2_main_t ikev2_main
 
static vlib_node_registration_t ikev2_node
 (constructor) VLIB_REGISTER_NODE (ikev2_node) More...
 
static char * ikev2_error_strings []
 
static vlib_node_registration_t ikev2_mngr_process_node
 (constructor) VLIB_REGISTER_NODE (ikev2_mngr_process_node) More...
 

Macro Definition Documentation

#define foreach_ikev2_error
Value:
_(PROCESSED, "IKEv2 packets processed") \
_(IKE_SA_INIT_RETRANSMIT, "IKE_SA_INIT retransmit ") \
_(IKE_SA_INIT_IGNORE, "IKE_SA_INIT ignore (IKE SA already auth)") \
_(IKE_REQ_RETRANSMIT, "IKE request retransmit") \
_(IKE_REQ_IGNORE, "IKE request ignore (old msgid)") \
_(NOT_IKEV2, "Non IKEv2 packets received")

Definition at line 60 of file ikev2.c.

#define ikev2_set_state (   sa,
 
)
Value:
do { \
(sa)->state = v; \
clib_warning("sa state changed to " #v); \
} while(0);
vhost_vring_state_t state
Definition: vhost_user.h:120
#define clib_warning(format, args...)
Definition: error.h:59

Definition at line 35 of file ikev2.c.

Enumeration Type Documentation

Enumerator
IKEV2_N_ERROR 

Definition at line 68 of file ikev2.c.

Enumerator
IKEV2_NEXT_IP4_LOOKUP 
IKEV2_NEXT_ERROR_DROP 
IKEV2_N_NEXT 

Definition at line 82 of file ikev2.c.

Function Documentation

static u8* format_ikev2_trace ( u8 s,
va_list *  args 
)
static

Definition at line 47 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_add_del_profile ( vlib_main_t vm,
u8 name,
int  is_add 
)

Definition at line 2685 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_calc_child_keys ( ikev2_sa_t sa,
ikev2_child_sa_t child 
)
static

Definition at line 511 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_calc_keys ( ikev2_sa_t sa)
static

Definition at line 434 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_complete_sa_data ( ikev2_sa_t sa,
ikev2_sa_t sai 
)
static

Definition at line 378 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static int ikev2_create_tunnel_interface ( vnet_main_t vnm,
ikev2_sa_t sa,
ikev2_child_sa_t child 
)
static

Definition at line 1478 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static u8* ikev2_decrypt_sk_payload ( ikev2_sa_t sa,
ike_header_t *  ike,
u8 payload 
)
static

Definition at line 713 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_delete_child_sa_internal ( vlib_main_t vm,
ikev2_sa_t sa,
ikev2_child_sa_t csa 
)
static

Definition at line 3075 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_delete_sa ( ikev2_sa_t sa)
static

Definition at line 308 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static int ikev2_delete_tunnel_interface ( vnet_main_t vnm,
ikev2_sa_t sa,
ikev2_child_sa_t child 
)
static

Definition at line 1636 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ikev2_sa_transform_t* ikev2_find_transform_data ( ikev2_sa_transform_t t)
static

Definition at line 90 of file ikev2.c.

+ Here is the caller graph for this function:

static u32 ikev2_generate_message ( ikev2_sa_t sa,
ike_header_t *  ike,
void *  user 
)
static

Definition at line 1669 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_generate_sa_init_data ( ikev2_sa_t sa)
static

Definition at line 325 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static u32 ikev2_get_new_ike_header_buff ( vlib_main_t vm,
ike_header_t **  ike 
)
static

Definition at line 2659 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_init ( vlib_main_t vm)

Definition at line 3295 of file ikev2.c.

+ Here is the call graph for this function:

static void ikev2_initial_contact_cleanup ( ikev2_sa_t sa)
static

Definition at line 778 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_initiate_delete_child_sa ( vlib_main_t vm,
u32  ispi 
)

Definition at line 3105 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_initiate_delete_ike_sa ( vlib_main_t vm,
u64  ispi 
)

Definition at line 3145 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_initiate_rekey_child_sa ( vlib_main_t vm,
u32  ispi 
)

Definition at line 3255 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_initiate_sa_init ( vlib_main_t vm,
u8 name 
)

Definition at line 2920 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static u8 ikev2_mngr_process_child_sa ( ikev2_sa_t sa,
ikev2_child_sa_t csa 
)
static

Definition at line 3334 of file ikev2.c.

+ Here is the call graph for this function:

static uword ikev2_mngr_process_fn ( vlib_main_t vm,
vlib_node_runtime_t rt,
vlib_frame_t f 
)
static

Definition at line 3420 of file ikev2.c.

+ Here is the call graph for this function:

static void ikev2_mngr_process_ipsec_sa ( ipsec_sa_t ipsec_sa)
static

Definition at line 3377 of file ikev2.c.

+ Here is the call graph for this function:

static uword ikev2_node_fn ( vlib_main_t vm,
vlib_node_runtime_t node,
vlib_frame_t frame 
)
static

Definition at line 2064 of file ikev2.c.

+ Here is the call graph for this function:

static void ikev2_process_auth_req ( vlib_main_t vm,
ikev2_sa_t sa,
ike_header_t *  ike 
)
static

Definition at line 817 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_process_create_child_sa_req ( vlib_main_t vm,
ikev2_sa_t sa,
ike_header_t *  ike 
)
static

Definition at line 1048 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_process_informational_req ( vlib_main_t vm,
ikev2_sa_t sa,
ike_header_t *  ike 
)
static

Definition at line 977 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_process_sa_init_req ( vlib_main_t vm,
ikev2_sa_t sa,
ike_header_t *  ike 
)
static

Definition at line 558 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_process_sa_init_resp ( vlib_main_t vm,
ikev2_sa_t sa,
ike_header_t *  ike 
)
static

Definition at line 633 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ikev2_profile_t* ikev2_profile_index_by_name ( u8 name)
static

Definition at line 2602 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_rekey_child_sa_internal ( vlib_main_t vm,
ikev2_sa_t sa,
ikev2_child_sa_t csa 
)
static

Definition at line 3221 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static int ikev2_retransmit_resp ( ikev2_sa_t sa,
ike_header_t *  ike 
)
static

Definition at line 2020 of file ikev2.c.

+ Here is the caller graph for this function:

static int ikev2_retransmit_sa_init ( ike_header_t *  ike,
ip4_address_t  iaddr,
ip4_address_t  raddr 
)
static

Definition at line 1950 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_sa_auth ( ikev2_sa_t sa)
static

Definition at line 1311 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_sa_auth_init ( ikev2_sa_t sa)
static

Definition at line 1434 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_sa_del_child_sa ( ikev2_sa_t sa,
ikev2_child_sa_t child 
)
static

Definition at line 264 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_sa_free_all_child_sa ( ikev2_child_sa_t **  childs)
static

Definition at line 247 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_sa_free_all_vec ( ikev2_sa_t sa)
static

Definition at line 277 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

void ikev2_sa_free_proposal_vector ( ikev2_sa_proposal_t **  v)

Definition at line 227 of file ikev2.c.

+ Here is the caller graph for this function:

static u8* ikev2_sa_generate_authmsg ( ikev2_sa_t sa,
int  is_responder 
)
static

Definition at line 1189 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ikev2_child_sa_t* ikev2_sa_get_child ( ikev2_sa_t sa,
u32  spi,
ikev2_protocol_id_t  prot_id,
int  by_initiator 
)

Definition at line 211 of file ikev2.c.

+ Here is the caller graph for this function:

ikev2_sa_transform_t* ikev2_sa_get_td_for_type ( ikev2_sa_proposal_t p,
ikev2_transform_type_t  type 
)

Definition at line 194 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_sa_match_ts ( ikev2_sa_t sa)
static

Definition at line 1244 of file ikev2.c.

+ Here is the caller graph for this function:

static ikev2_sa_proposal_t* ikev2_select_proposal ( ikev2_sa_proposal_t proposals,
ikev2_protocol_id_t  prot_id 
)
static

Definition at line 118 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static void ikev2_send_ike ( vlib_main_t vm,
ip4_address_t src,
ip4_address_t dst,
u32  bi0,
u32  len 
)
static

Definition at line 2616 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static clib_error_t* ikev2_set_initiator_proposals ( vlib_main_t vm,
ikev2_sa_t sa,
ikev2_transforms_set ts,
ikev2_sa_proposal_t **  proposals,
int  is_ike 
)
static

Definition at line 2480 of file ikev2.c.

+ Here is the caller graph for this function:

clib_error_t* ikev2_set_local_key ( vlib_main_t vm,
u8 file 
)

Definition at line 2673 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_set_profile_auth ( vlib_main_t vm,
u8 name,
u8  auth_method,
u8 auth_data,
u8  data_hex_format 
)

Definition at line 2716 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_set_profile_esp_transforms ( vlib_main_t vm,
u8 name,
ikev2_transform_encr_type_t  crypto_alg,
ikev2_transform_integ_type_t  integ_alg,
ikev2_transform_dh_type_t  dh_type,
u32  crypto_key_size 
)

Definition at line 2872 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_set_profile_id ( vlib_main_t vm,
u8 name,
u8  id_type,
u8 data,
int  is_local 
)

Definition at line 2748 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_set_profile_ike_transforms ( vlib_main_t vm,
u8 name,
ikev2_transform_encr_type_t  crypto_alg,
ikev2_transform_integ_type_t  integ_alg,
ikev2_transform_dh_type_t  dh_type,
u32  crypto_key_size 
)

Definition at line 2847 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_set_profile_responder ( vlib_main_t vm,
u8 name,
u32  sw_if_index,
ip4_address_t  ip4 
)

Definition at line 2826 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_set_profile_sa_lifetime ( vlib_main_t vm,
u8 name,
u64  lifetime,
u32  jitter,
u32  handover,
u64  maxdata 
)

Definition at line 2897 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

clib_error_t* ikev2_set_profile_ts ( vlib_main_t vm,
u8 name,
u8  protocol_id,
u16  start_port,
u16  end_port,
ip4_address_t  start_addr,
ip4_address_t  end_addr,
int  is_local 
)

Definition at line 2787 of file ikev2.c.

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static int ikev2_ts_cmp ( ikev2_ts_t ts1,
ikev2_ts_t ts2 
)
static

Definition at line 1232 of file ikev2.c.

VLIB_PLUGIN_REGISTER ( )

+ Here is the caller graph for this function:

Variable Documentation

char* ikev2_error_strings[]
static
Initial value:
= {
#define _(sym,string)
}
#define foreach_ikev2_error
Definition: ikev2.c:60

Definition at line 76 of file ikev2.c.

ikev2_main_t ikev2_main

Definition at line 29 of file ikev2.c.

static vlib_node_registration_t ikev2_mngr_process_node
static
Initial value:
= {
.function = ikev2_mngr_process_fn,
.name =
"ikev2-manager-process",
}
static uword ikev2_mngr_process_fn(vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f)
Definition: ikev2.c:3420

(constructor) VLIB_REGISTER_NODE (ikev2_mngr_process_node)

Definition at line 3417 of file ikev2.c.

static vlib_node_registration_t ikev2_node
static
Initial value:
= {
.function = ikev2_node_fn,
.name = "ikev2",
.vector_size = sizeof (u32),
.format_trace = format_ikev2_trace,
.error_strings = ikev2_error_strings,
.n_next_nodes = IKEV2_N_NEXT,
.next_nodes = {
[IKEV2_NEXT_IP4_LOOKUP] = "ip4-lookup",
[IKEV2_NEXT_ERROR_DROP] = "error-drop",
},
}
static u8 * format_ikev2_trace(u8 *s, va_list *args)
Definition: ikev2.c:47
unsigned int u32
Definition: types.h:88
static uword ikev2_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ikev2.c:2064
#define ARRAY_LEN(x)
Definition: clib.h:62
static char * ikev2_error_strings[]
Definition: ikev2.c:76

(constructor) VLIB_REGISTER_NODE (ikev2_node)

Definition at line 58 of file ikev2.c.