FD.io VPP  v19.08.1-401-g8e4ed521a
Vector Packet Processing
ipsec_api.c
Go to the documentation of this file.
1 /*
2  *------------------------------------------------------------------
3  * ipsec_api.c - ipsec api
4  *
5  * Copyright (c) 2016 Cisco and/or its affiliates.
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at:
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  *------------------------------------------------------------------
18  */
19 
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
22 
23 #include <vnet/interface.h>
24 #include <vnet/api_errno.h>
25 #include <vnet/ip/ip.h>
26 #include <vnet/ip/ip_types_api.h>
27 #include <vnet/fib/fib.h>
28 
29 #include <vnet/vnet_msg_enum.h>
30 
31 #if WITH_LIBSSL > 0
32 #include <vnet/ipsec/ipsec.h>
33 #include <vnet/ipsec/ipsec_tun.h>
34 #endif /* IPSEC */
35 
36 #define vl_typedefs /* define message structures */
37 #include <vnet/vnet_all_api_h.h>
38 #undef vl_typedefs
39 
40 #define vl_endianfun /* define message structures */
41 #include <vnet/vnet_all_api_h.h>
42 #undef vl_endianfun
43 
44 /* instantiate all the print functions we know about */
45 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
46 #define vl_printfun
47 #include <vnet/vnet_all_api_h.h>
48 #undef vl_printfun
49 
50 #include <vlibapi/api_helper_macros.h>
51 
52 #define foreach_vpe_api_msg \
53 _(IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \
54 _(IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \
55 _(IPSEC_SPD_ENTRY_ADD_DEL, ipsec_spd_entry_add_del) \
56 _(IPSEC_SAD_ENTRY_ADD_DEL, ipsec_sad_entry_add_del) \
57 _(IPSEC_SA_DUMP, ipsec_sa_dump) \
58 _(IPSEC_SPDS_DUMP, ipsec_spds_dump) \
59 _(IPSEC_SPD_DUMP, ipsec_spd_dump) \
60 _(IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump) \
61 _(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del) \
62 _(IPSEC_TUNNEL_IF_SET_SA, ipsec_tunnel_if_set_sa) \
63 _(IPSEC_SELECT_BACKEND, ipsec_select_backend) \
64 _(IPSEC_BACKEND_DUMP, ipsec_backend_dump) \
65 _(IPSEC_TUNNEL_PROTECT_UPDATE, ipsec_tunnel_protect_update) \
66 _(IPSEC_TUNNEL_PROTECT_DEL, ipsec_tunnel_protect_del) \
67 _(IPSEC_TUNNEL_PROTECT_DUMP, ipsec_tunnel_protect_dump)
68 
69 static void
70 vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp)
71 {
72 #if WITH_LIBSSL == 0
73  clib_warning ("unimplemented");
74 #else
75 
76  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
77  vl_api_ipsec_spd_add_del_reply_t *rmp;
78  int rv;
79 
80  rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
81 
82  REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
83 #endif
84 }
85 
86 static void vl_api_ipsec_interface_add_del_spd_t_handler
87  (vl_api_ipsec_interface_add_del_spd_t * mp)
88 {
89  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
90  vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
91  int rv;
92  u32 sw_if_index __attribute__ ((unused));
93  u32 spd_id __attribute__ ((unused));
94 
95  sw_if_index = ntohl (mp->sw_if_index);
96  spd_id = ntohl (mp->spd_id);
97 
98  VALIDATE_SW_IF_INDEX (mp);
99 
100 #if WITH_LIBSSL > 0
101  rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
102 #else
103  rv = VNET_API_ERROR_UNIMPLEMENTED;
104 #endif
105 
106  BAD_SW_IF_INDEX_LABEL;
107 
108  REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
109 }
110 
111 static void vl_api_ipsec_tunnel_protect_update_t_handler
112  (vl_api_ipsec_tunnel_protect_update_t * mp)
113 {
114  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
115  vl_api_ipsec_tunnel_protect_update_reply_t *rmp;
116  u32 sw_if_index, ii, *sa_ins = NULL;
117  int rv;
118 
119  sw_if_index = ntohl (mp->tunnel.sw_if_index);
120 
121  VALIDATE_SW_IF_INDEX (&(mp->tunnel));
122 
123 #if WITH_LIBSSL > 0
124 
125  for (ii = 0; ii < mp->tunnel.n_sa_in; ii++)
126  vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii]));
127 
128  rv = ipsec_tun_protect_update (sw_if_index,
129  ntohl (mp->tunnel.sa_out), sa_ins);
130 #else
131  rv = VNET_API_ERROR_UNIMPLEMENTED;
132 #endif
133 
134  BAD_SW_IF_INDEX_LABEL;
135 
136  REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_UPDATE_REPLY);
137 }
138 
139 static void vl_api_ipsec_tunnel_protect_del_t_handler
140  (vl_api_ipsec_tunnel_protect_del_t * mp)
141 {
142  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
143  vl_api_ipsec_tunnel_protect_del_reply_t *rmp;
144  int rv;
145  u32 sw_if_index;
146 
147  sw_if_index = ntohl (mp->sw_if_index);
148 
149  VALIDATE_SW_IF_INDEX (mp);
150 
151 #if WITH_LIBSSL > 0
152  rv = ipsec_tun_protect_del (sw_if_index);
153 #else
154  rv = VNET_API_ERROR_UNIMPLEMENTED;
155 #endif
156 
157  BAD_SW_IF_INDEX_LABEL;
158 
159  REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_DEL_REPLY);
160 }
161 
162 typedef struct ipsec_tunnel_protect_walk_ctx_t_
163 {
164  vl_api_registration_t *reg;
165  u32 context;
166 } ipsec_tunnel_protect_walk_ctx_t;
167 
168 static walk_rc_t
169 send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
170 {
171  ipsec_tunnel_protect_walk_ctx_t *ctx = arg;
172  vl_api_ipsec_tunnel_protect_details_t *mp;
173  ipsec_tun_protect_t *itp;
174  u32 sai, ii = 0;
175 
176  itp = ipsec_tun_protect_get (itpi);
177 
178 
179  mp = vl_msg_api_alloc (sizeof (*mp) + (sizeof (u32) * itp->itp_n_sa_in));
180  clib_memset (mp, 0, sizeof (*mp));
181  mp->_vl_msg_id = ntohs (VL_API_IPSEC_TUNNEL_PROTECT_DETAILS);
182  mp->context = ctx->context;
183 
184  mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
185 
186  mp->tun.sa_out = htonl (itp->itp_out_sa);
187  mp->tun.n_sa_in = itp->itp_n_sa_in;
188  /* *INDENT-OFF* */
189  FOR_EACH_IPSEC_PROTECT_INPUT_SAI(itp, sai,
190  ({
191  mp->tun.sa_in[ii++] = htonl (sai);
192  }));
193  /* *INDENT-ON* */
194 
195  vl_api_send_msg (ctx->reg, (u8 *) mp);
196 
197  return (WALK_CONTINUE);
198 }
199 
200 static void
201 vl_api_ipsec_tunnel_protect_dump_t_handler (vl_api_ipsec_tunnel_protect_dump_t
202  * mp)
203 {
204  vl_api_registration_t *reg;
205  u32 sw_if_index;
206 
207 #if WITH_LIBSSL > 0
208  reg = vl_api_client_index_to_registration (mp->client_index);
209  if (!reg)
210  return;
211 
212  ipsec_tunnel_protect_walk_ctx_t ctx = {
213  .reg = reg,
214  .context = mp->context,
215  };
216 
217  sw_if_index = ntohl (mp->sw_if_index);
218 
219  if (~0 == sw_if_index)
220  {
221  ipsec_tun_protect_walk (send_ipsec_tunnel_protect_details, &ctx);
222  }
223  else
224  {
225  index_t itpi;
226 
227  itpi = ipsec_tun_protect_find (sw_if_index);
228 
229  if (INDEX_INVALID != itpi)
230  send_ipsec_tunnel_protect_details (itpi, &ctx);
231  }
232 #else
233  clib_warning ("unimplemented");
234 #endif
235 }
236 
237 static int
238 ipsec_spd_action_decode (vl_api_ipsec_spd_action_t in,
239  ipsec_policy_action_t * out)
240 {
241  in = clib_net_to_host_u32 (in);
242 
243  switch (in)
244  {
245 #define _(v,f,s) case IPSEC_API_SPD_ACTION_##f: \
246  *out = IPSEC_POLICY_ACTION_##f; \
247  return (0);
248  foreach_ipsec_policy_action
249 #undef _
250  }
251  return (VNET_API_ERROR_UNIMPLEMENTED);
252 }
253 
254 static void vl_api_ipsec_spd_entry_add_del_t_handler
255  (vl_api_ipsec_spd_entry_add_del_t * mp)
256 {
257  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
258  vl_api_ipsec_spd_entry_add_del_reply_t *rmp;
259  ip46_type_t itype;
260  u32 stat_index;
261  int rv;
262 
263  stat_index = ~0;
264 
265 #if WITH_LIBSSL > 0
266  ipsec_policy_t p;
267 
268  clib_memset (&p, 0, sizeof (p));
269 
270  p.id = ntohl (mp->entry.spd_id);
271  p.priority = ntohl (mp->entry.priority);
272 
273  itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start);
274  ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop);
275  ip_address_decode (&mp->entry.local_address_start, &p.laddr.start);
276  ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop);
277 
278  p.is_ipv6 = (itype == IP46_TYPE_IP6);
279 
280  p.protocol = mp->entry.protocol;
281  p.rport.start = ntohs (mp->entry.remote_port_start);
282  p.rport.stop = ntohs (mp->entry.remote_port_stop);
283  p.lport.start = ntohs (mp->entry.local_port_start);
284  p.lport.stop = ntohs (mp->entry.local_port_stop);
285 
286  rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
287 
288  if (rv)
289  goto out;
290 
291  /* policy action resolve unsupported */
292  if (p.policy == IPSEC_POLICY_ACTION_RESOLVE)
293  {
294  clib_warning ("unsupported action: 'resolve'");
295  rv = VNET_API_ERROR_UNIMPLEMENTED;
296  goto out;
297  }
298  p.sa_id = ntohl (mp->entry.sa_id);
299  rv =
300  ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy,
301  &p.type);
302  if (rv)
303  goto out;
304 
305  rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index);
306  if (rv)
307  goto out;
308 
309 #else
310  rv = VNET_API_ERROR_UNIMPLEMENTED;
311  goto out;
312 #endif
313 
314 out:
315  /* *INDENT-OFF* */
316  REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY,
317  ({
318  rmp->stat_index = ntohl(stat_index);
319  }));
320  /* *INDENT-ON* */
321 }
322 
323 static int
324 ipsec_proto_decode (vl_api_ipsec_proto_t in, ipsec_protocol_t * out)
325 {
326  in = clib_net_to_host_u32 (in);
327 
328  switch (in)
329  {
330  case IPSEC_API_PROTO_ESP:
331  *out = IPSEC_PROTOCOL_ESP;
332  return (0);
333  case IPSEC_API_PROTO_AH:
334  *out = IPSEC_PROTOCOL_AH;
335  return (0);
336  }
337  return (VNET_API_ERROR_INVALID_PROTOCOL);
338 }
339 
340 static vl_api_ipsec_proto_t
341 ipsec_proto_encode (ipsec_protocol_t p)
342 {
343  switch (p)
344  {
345  case IPSEC_PROTOCOL_ESP:
346  return clib_host_to_net_u32 (IPSEC_API_PROTO_ESP);
347  case IPSEC_PROTOCOL_AH:
348  return clib_host_to_net_u32 (IPSEC_API_PROTO_AH);
349  }
350  return (VNET_API_ERROR_UNIMPLEMENTED);
351 }
352 
353 static int
354 ipsec_crypto_algo_decode (vl_api_ipsec_crypto_alg_t in,
355  ipsec_crypto_alg_t * out)
356 {
357  in = clib_net_to_host_u32 (in);
358 
359  switch (in)
360  {
361 #define _(v,f,s) case IPSEC_API_CRYPTO_ALG_##f: \
362  *out = IPSEC_CRYPTO_ALG_##f; \
363  return (0);
364  foreach_ipsec_crypto_alg
365 #undef _
366  }
367  return (VNET_API_ERROR_INVALID_ALGORITHM);
368 }
369 
370 static vl_api_ipsec_crypto_alg_t
371 ipsec_crypto_algo_encode (ipsec_crypto_alg_t c)
372 {
373  switch (c)
374  {
375 #define _(v,f,s) case IPSEC_CRYPTO_ALG_##f: \
376  return clib_host_to_net_u32(IPSEC_API_CRYPTO_ALG_##f);
377  foreach_ipsec_crypto_alg
378 #undef _
379  case IPSEC_CRYPTO_N_ALG:
380  break;
381  }
382  ASSERT (0);
383  return (VNET_API_ERROR_UNIMPLEMENTED);
384 }
385 
386 
387 static int
388 ipsec_integ_algo_decode (vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t * out)
389 {
390  in = clib_net_to_host_u32 (in);
391 
392  switch (in)
393  {
394 #define _(v,f,s) case IPSEC_API_INTEG_ALG_##f: \
395  *out = IPSEC_INTEG_ALG_##f; \
396  return (0);
397  foreach_ipsec_integ_alg
398 #undef _
399  }
400  return (VNET_API_ERROR_INVALID_ALGORITHM);
401 }
402 
403 static vl_api_ipsec_integ_alg_t
404 ipsec_integ_algo_encode (ipsec_integ_alg_t i)
405 {
406  switch (i)
407  {
408 #define _(v,f,s) case IPSEC_INTEG_ALG_##f: \
409  return (clib_host_to_net_u32(IPSEC_API_INTEG_ALG_##f));
410  foreach_ipsec_integ_alg
411 #undef _
412  case IPSEC_INTEG_N_ALG:
413  break;
414  }
415  ASSERT (0);
416  return (VNET_API_ERROR_UNIMPLEMENTED);
417 }
418 
419 static void
420 ipsec_key_decode (const vl_api_key_t * key, ipsec_key_t * out)
421 {
422  ipsec_mk_key (out, key->data, key->length);
423 }
424 
425 static void
426 ipsec_key_encode (const ipsec_key_t * in, vl_api_key_t * out)
427 {
428  out->length = in->len;
429  clib_memcpy (out->data, in->data, out->length);
430 }
431 
432 static ipsec_sa_flags_t
433 ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in)
434 {
435  ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE;
436  in = clib_net_to_host_u32 (in);
437 
438  if (in & IPSEC_API_SAD_FLAG_USE_ESN)
439  flags |= IPSEC_SA_FLAG_USE_ESN;
440  if (in & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
441  flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
442  if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL)
443  flags |= IPSEC_SA_FLAG_IS_TUNNEL;
444  if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6)
445  flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6;
446  if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP)
447  flags |= IPSEC_SA_FLAG_UDP_ENCAP;
448  if (in & IPSEC_API_SAD_FLAG_IS_INBOUND)
449  flags |= IPSEC_SA_FLAG_IS_INBOUND;
450 
451  return (flags);
452 }
453 
454 static vl_api_ipsec_sad_flags_t
455 ipsec_sad_flags_encode (const ipsec_sa_t * sa)
456 {
457  vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
458 
459  if (ipsec_sa_is_set_USE_ESN (sa))
460  flags |= IPSEC_API_SAD_FLAG_USE_ESN;
461  if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
462  flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
463  if (ipsec_sa_is_set_IS_TUNNEL (sa))
464  flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
465  if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
466  flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
467  if (ipsec_sa_is_set_UDP_ENCAP (sa))
468  flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP;
469  if (ipsec_sa_is_set_IS_INBOUND (sa))
470  flags |= IPSEC_API_SAD_FLAG_IS_INBOUND;
471 
472  return clib_host_to_net_u32 (flags);
473 }
474 
475 static void vl_api_ipsec_sad_entry_add_del_t_handler
476  (vl_api_ipsec_sad_entry_add_del_t * mp)
477 {
478  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
479  vl_api_ipsec_sad_entry_add_del_reply_t *rmp;
480  ip46_address_t tun_src = { }, tun_dst =
481  {
482  };
483  ipsec_key_t crypto_key, integ_key;
484  ipsec_crypto_alg_t crypto_alg;
485  ipsec_integ_alg_t integ_alg;
486  ipsec_protocol_t proto;
487  ipsec_sa_flags_t flags;
488  u32 id, spi, sa_index = ~0;
489  int rv;
490 
491 #if WITH_LIBSSL > 0
492 
493  id = ntohl (mp->entry.sad_id);
494  spi = ntohl (mp->entry.spi);
495 
496  rv = ipsec_proto_decode (mp->entry.protocol, &proto);
497 
498  if (rv)
499  goto out;
500 
501  rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
502 
503  if (rv)
504  goto out;
505 
506  rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
507 
508  if (rv)
509  goto out;
510 
511  ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
512  ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
513 
514  flags = ipsec_sa_flags_decode (mp->entry.flags);
515 
516  ip_address_decode (&mp->entry.tunnel_src, &tun_src);
517  ip_address_decode (&mp->entry.tunnel_dst, &tun_dst);
518 
519  if (mp->is_add)
520  rv = ipsec_sa_add_and_lock (id, spi, proto,
521  crypto_alg, &crypto_key,
522  integ_alg, &integ_key, flags,
523  0, mp->entry.salt, &tun_src, &tun_dst,
524  &sa_index);
525  else
526  rv = ipsec_sa_unlock_id (id);
527 
528 #else
529  rv = VNET_API_ERROR_UNIMPLEMENTED;
530 #endif
531 
532 out:
533  /* *INDENT-OFF* */
534  REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY,
535  {
536  rmp->stat_index = htonl (sa_index);
537  });
538  /* *INDENT-ON* */
539 }
540 
541 static void
542 send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg,
543  u32 context)
544 {
545  vl_api_ipsec_spds_details_t *mp;
546  u32 n_policies = 0;
547 
548  mp = vl_msg_api_alloc (sizeof (*mp));
549  clib_memset (mp, 0, sizeof (*mp));
550  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPDS_DETAILS);
551  mp->context = context;
552 
553  mp->spd_id = htonl (spd->id);
554 #define _(s, n) n_policies += vec_len (spd->policies[IPSEC_SPD_POLICY_##s]);
555  foreach_ipsec_spd_policy_type
556 #undef _
557  mp->npolicies = htonl (n_policies);
558 
559  vl_api_send_msg (reg, (u8 *) mp);
560 }
561 
562 static void
563 vl_api_ipsec_spds_dump_t_handler (vl_api_ipsec_spds_dump_t * mp)
564 {
565  vl_api_registration_t *reg;
566  ipsec_main_t *im = &ipsec_main;
567  ipsec_spd_t *spd;
568 #if WITH_LIBSSL > 0
569  reg = vl_api_client_index_to_registration (mp->client_index);
570  if (!reg)
571  return;
572 
573  /* *INDENT-OFF* */
574  pool_foreach (spd, im->spds, ({
575  send_ipsec_spds_details (spd, reg, mp->context);
576  }));
577  /* *INDENT-ON* */
578 #else
579  clib_warning ("unimplemented");
580 #endif
581 }
582 
583 vl_api_ipsec_spd_action_t
584 ipsec_spd_action_encode (ipsec_policy_action_t in)
585 {
586  vl_api_ipsec_spd_action_t out = IPSEC_API_SPD_ACTION_BYPASS;
587 
588  switch (in)
589  {
590 #define _(v,f,s) case IPSEC_POLICY_ACTION_##f: \
591  out = IPSEC_API_SPD_ACTION_##f; \
592  break;
593  foreach_ipsec_policy_action
594 #undef _
595  }
596  return (clib_host_to_net_u32 (out));
597 }
598 
599 static void
600 send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg,
601  u32 context)
602 {
603  vl_api_ipsec_spd_details_t *mp;
604 
605  mp = vl_msg_api_alloc (sizeof (*mp));
606  clib_memset (mp, 0, sizeof (*mp));
607  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
608  mp->context = context;
609 
610  mp->entry.spd_id = htonl (p->id);
611  mp->entry.priority = htonl (p->priority);
612  mp->entry.is_outbound = ((p->type == IPSEC_SPD_POLICY_IP6_OUTBOUND) ||
613  (p->type == IPSEC_SPD_POLICY_IP4_OUTBOUND));
614 
615  ip_address_encode (&p->laddr.start, IP46_TYPE_ANY,
616  &mp->entry.local_address_start);
617  ip_address_encode (&p->laddr.stop, IP46_TYPE_ANY,
618  &mp->entry.local_address_stop);
619  ip_address_encode (&p->raddr.start, IP46_TYPE_ANY,
620  &mp->entry.remote_address_start);
621  ip_address_encode (&p->raddr.stop, IP46_TYPE_ANY,
622  &mp->entry.remote_address_stop);
623  mp->entry.local_port_start = htons (p->lport.start);
624  mp->entry.local_port_stop = htons (p->lport.stop);
625  mp->entry.remote_port_start = htons (p->rport.start);
626  mp->entry.remote_port_stop = htons (p->rport.stop);
627  mp->entry.protocol = p->protocol;
628  mp->entry.policy = ipsec_spd_action_encode (p->policy);
629  mp->entry.sa_id = htonl (p->sa_id);
630 
631  vl_api_send_msg (reg, (u8 *) mp);
632 }
633 
634 static void
635 vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp)
636 {
637  vl_api_registration_t *reg;
638  ipsec_main_t *im = &ipsec_main;
639  ipsec_spd_policy_type_t ptype;
640  ipsec_policy_t *policy;
641  ipsec_spd_t *spd;
642  uword *p;
643  u32 spd_index, *ii;
644 #if WITH_LIBSSL > 0
645  reg = vl_api_client_index_to_registration (mp->client_index);
646  if (!reg)
647  return;
648 
649  p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id));
650  if (!p)
651  return;
652 
653  spd_index = p[0];
654  spd = pool_elt_at_index (im->spds, spd_index);
655 
656  /* *INDENT-OFF* */
657  FOR_EACH_IPSEC_SPD_POLICY_TYPE(ptype) {
658  vec_foreach(ii, spd->policies[ptype])
659  {
660  policy = pool_elt_at_index(im->policies, *ii);
661 
662  if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
663  send_ipsec_spd_details (policy, reg, mp->context);
664  }
665  }
666  /* *INDENT-ON* */
667 #else
668  clib_warning ("unimplemented");
669 #endif
670 }
671 
672 static void
673 send_ipsec_spd_interface_details (vl_api_registration_t * reg, u32 spd_index,
674  u32 sw_if_index, u32 context)
675 {
676  vl_api_ipsec_spd_interface_details_t *mp;
677 
678  mp = vl_msg_api_alloc (sizeof (*mp));
679  clib_memset (mp, 0, sizeof (*mp));
680  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_INTERFACE_DETAILS);
681  mp->context = context;
682 
683  mp->spd_index = htonl (spd_index);
684  mp->sw_if_index = htonl (sw_if_index);
685 
686  vl_api_send_msg (reg, (u8 *) mp);
687 }
688 
689 static void
690 vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t *
691  mp)
692 {
693  ipsec_main_t *im = &ipsec_main;
694  vl_api_registration_t *reg;
695  u32 k, v, spd_index;
696 
697 #if WITH_LIBSSL > 0
698  reg = vl_api_client_index_to_registration (mp->client_index);
699  if (!reg)
700  return;
701 
702  if (mp->spd_index_valid)
703  {
704  spd_index = ntohl (mp->spd_index);
705  /* *INDENT-OFF* */
706  hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
707  if (v == spd_index)
708  send_ipsec_spd_interface_details(reg, v, k, mp->context);
709  }));
710  /* *INDENT-ON* */
711  }
712  else
713  {
714  /* *INDENT-OFF* */
715  hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
716  send_ipsec_spd_interface_details(reg, v, k, mp->context);
717  }));
718  /* *INDENT-ON* */
719  }
720 
721 #else
722  clib_warning ("unimplemented");
723 #endif
724 }
725 
726 static void
727 vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
728  mp)
729 {
730  vl_api_ipsec_tunnel_if_add_del_reply_t *rmp;
731  ipsec_main_t *im = &ipsec_main;
732  vnet_main_t *vnm = im->vnet_main;
733  u32 sw_if_index = ~0;
734  ip46_type_t itype;
735  int rv;
736 
737 #if WITH_LIBSSL > 0
738  ipsec_add_del_tunnel_args_t tun;
739 
740  clib_memset (&tun, 0, sizeof (ipsec_add_del_tunnel_args_t));
741 
742  tun.is_add = mp->is_add;
743  tun.esn = mp->esn;
744  tun.anti_replay = mp->anti_replay;
745  tun.local_spi = ntohl (mp->local_spi);
746  tun.remote_spi = ntohl (mp->remote_spi);
747  tun.crypto_alg = mp->crypto_alg;
748  tun.local_crypto_key_len = mp->local_crypto_key_len;
749  tun.remote_crypto_key_len = mp->remote_crypto_key_len;
750  tun.integ_alg = mp->integ_alg;
751  tun.local_integ_key_len = mp->local_integ_key_len;
752  tun.remote_integ_key_len = mp->remote_integ_key_len;
753  tun.udp_encap = mp->udp_encap;
754  tun.tx_table_id = ntohl (mp->tx_table_id);
755  tun.salt = mp->salt;
756  itype = ip_address_decode (&mp->local_ip, &tun.local_ip);
757  itype = ip_address_decode (&mp->remote_ip, &tun.remote_ip);
758  tun.is_ip6 = (IP46_TYPE_IP6 == itype);
759  memcpy (&tun.local_crypto_key, &mp->local_crypto_key,
760  mp->local_crypto_key_len);
761  memcpy (&tun.remote_crypto_key, &mp->remote_crypto_key,
762  mp->remote_crypto_key_len);
763  memcpy (&tun.local_integ_key, &mp->local_integ_key,
764  mp->local_integ_key_len);
765  memcpy (&tun.remote_integ_key, &mp->remote_integ_key,
766  mp->remote_integ_key_len);
767  tun.renumber = mp->renumber;
768  tun.show_instance = ntohl (mp->show_instance);
769 
770  rv = ipsec_add_del_tunnel_if_internal (vnm, &tun, &sw_if_index);
771 
772 #else
773  rv = VNET_API_ERROR_UNIMPLEMENTED;
774 #endif
775 
776  /* *INDENT-OFF* */
777  REPLY_MACRO2 (VL_API_IPSEC_TUNNEL_IF_ADD_DEL_REPLY,
778  ({
779  rmp->sw_if_index = htonl (sw_if_index);
780  }));
781  /* *INDENT-ON* */
782 }
783 
784 static void
785 send_ipsec_sa_details (ipsec_sa_t * sa, vl_api_registration_t * reg,
786  u32 context, u32 sw_if_index)
787 {
788  vl_api_ipsec_sa_details_t *mp;
789 
790  mp = vl_msg_api_alloc (sizeof (*mp));
791  clib_memset (mp, 0, sizeof (*mp));
792  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS);
793  mp->context = context;
794 
795  mp->entry.sad_id = htonl (sa->id);
796  mp->entry.spi = htonl (sa->spi);
797  mp->entry.protocol = ipsec_proto_encode (sa->protocol);
798  mp->entry.tx_table_id =
799  htonl (fib_table_get_table_id (sa->tx_fib_index, FIB_PROTOCOL_IP4));
800 
801  mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
802  ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
803 
804  mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
805  ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
806 
807  mp->entry.flags = ipsec_sad_flags_encode (sa);
808 
809  if (ipsec_sa_is_set_IS_TUNNEL (sa))
810  {
811  ip_address_encode (&sa->tunnel_src_addr, IP46_TYPE_ANY,
812  &mp->entry.tunnel_src);
813  ip_address_encode (&sa->tunnel_dst_addr, IP46_TYPE_ANY,
814  &mp->entry.tunnel_dst);
815  }
816 
817  mp->sw_if_index = htonl (sw_if_index);
818  mp->salt = clib_host_to_net_u32 (sa->salt);
819  mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
820  mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
821  if (ipsec_sa_is_set_USE_ESN (sa))
822  {
823  mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
824  mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
825  }
826  if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
827  mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
828 
829  vl_api_send_msg (reg, (u8 *) mp);
830 }
831 
832 
833 static void
834 vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp)
835 {
836  vl_api_registration_t *reg;
837  ipsec_main_t *im = &ipsec_main;
838  vnet_main_t *vnm = im->vnet_main;
839  ipsec_sa_t *sa;
840  ipsec_tunnel_if_t *t;
841  u32 *sa_index_to_tun_if_index = 0;
842 
843 #if WITH_LIBSSL > 0
844  reg = vl_api_client_index_to_registration (mp->client_index);
845  if (!reg || pool_elts (im->sad) == 0)
846  return;
847 
848  vec_validate_init_empty (sa_index_to_tun_if_index, vec_len (im->sad) - 1,
849  ~0);
850 
851  /* *INDENT-OFF* */
852  pool_foreach (t, im->tunnel_interfaces,
853  ({
854  vnet_hw_interface_t *hi;
855  u32 sw_if_index = ~0;
856 
857  hi = vnet_get_hw_interface (vnm, t->hw_if_index);
858  sw_if_index = hi->sw_if_index;
859  sa_index_to_tun_if_index[t->input_sa_index] = sw_if_index;
860  sa_index_to_tun_if_index[t->output_sa_index] = sw_if_index;
861  }));
862 
863  pool_foreach (sa, im->sad,
864  ({
865  if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == sa->id)
866  send_ipsec_sa_details (sa, reg, mp->context,
867  sa_index_to_tun_if_index[sa - im->sad]);
868  }));
869  /* *INDENT-ON* */
870 
871  vec_free (sa_index_to_tun_if_index);
872 #else
873  clib_warning ("unimplemented");
874 #endif
875 }
876 
877 static void
878 vl_api_ipsec_tunnel_if_set_sa_t_handler (vl_api_ipsec_tunnel_if_set_sa_t * mp)
879 {
880  vl_api_ipsec_tunnel_if_set_sa_reply_t *rmp;
881  ipsec_main_t *im = &ipsec_main;
882  vnet_main_t *vnm = im->vnet_main;
883  vnet_sw_interface_t *sw;
884  int rv;
885 
886 #if WITH_LIBSSL > 0
887  sw = vnet_get_sw_interface (vnm, ntohl (mp->sw_if_index));
888 
889  rv = ipsec_set_interface_sa (vnm, sw->hw_if_index, ntohl (mp->sa_id),
890  mp->is_outbound);
891 #else
892  clib_warning ("unimplemented");
893 #endif
894 
895  REPLY_MACRO (VL_API_IPSEC_TUNNEL_IF_SET_SA_REPLY);
896 }
897 
898 static void
899 vl_api_ipsec_backend_dump_t_handler (vl_api_ipsec_backend_dump_t * mp)
900 {
901  vl_api_registration_t *rp;
902  ipsec_main_t *im = &ipsec_main;
903  u32 context = mp->context;
904 
905  rp = vl_api_client_index_to_registration (mp->client_index);
906 
907  if (rp == 0)
908  {
909  clib_warning ("Client %d AWOL", mp->client_index);
910  return;
911  }
912 
913  ipsec_ah_backend_t *ab;
914  ipsec_esp_backend_t *eb;
915  /* *INDENT-OFF* */
916  pool_foreach (ab, im->ah_backends, {
917  vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
918  clib_memset (mp, 0, sizeof (*mp));
919  mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS);
920  mp->context = context;
921  snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (ab->name),
922  ab->name);
923  mp->protocol = ntohl (IPSEC_API_PROTO_AH);
924  mp->index = ab - im->ah_backends;
925  mp->active = mp->index == im->ah_current_backend ? 1 : 0;
926  vl_api_send_msg (rp, (u8 *)mp);
927  });
928  pool_foreach (eb, im->esp_backends, {
929  vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
930  clib_memset (mp, 0, sizeof (*mp));
931  mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS);
932  mp->context = context;
933  snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (eb->name),
934  eb->name);
935  mp->protocol = ntohl (IPSEC_API_PROTO_ESP);
936  mp->index = eb - im->esp_backends;
937  mp->active = mp->index == im->esp_current_backend ? 1 : 0;
938  vl_api_send_msg (rp, (u8 *)mp);
939  });
940  /* *INDENT-ON* */
941 }
942 
943 static void
944 vl_api_ipsec_select_backend_t_handler (vl_api_ipsec_select_backend_t * mp)
945 {
946  ipsec_main_t *im = &ipsec_main;
947  vl_api_ipsec_select_backend_reply_t *rmp;
948  ipsec_protocol_t protocol;
949  int rv = 0;
950  if (pool_elts (im->sad) > 0)
951  {
952  rv = VNET_API_ERROR_INSTANCE_IN_USE;
953  goto done;
954  }
955 
956  rv = ipsec_proto_decode (mp->protocol, &protocol);
957 
958  if (rv)
959  goto done;
960 
961 #if WITH_LIBSSL > 0
962  switch (protocol)
963  {
964  case IPSEC_PROTOCOL_ESP:
965  rv = ipsec_select_esp_backend (im, mp->index);
966  break;
967  case IPSEC_PROTOCOL_AH:
968  rv = ipsec_select_ah_backend (im, mp->index);
969  break;
970  default:
971  rv = VNET_API_ERROR_INVALID_PROTOCOL;
972  break;
973  }
974 #else
975  clib_warning ("unimplemented"); /* FIXME */
976 #endif
977 done:
978  REPLY_MACRO (VL_API_IPSEC_SELECT_BACKEND_REPLY);
979 }
980 
981 /*
982  * ipsec_api_hookup
983  * Add vpe's API message handlers to the table.
984  * vlib has already mapped shared memory and
985  * added the client registration handlers.
986  * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process()
987  */
988 #define vl_msg_name_crc_list
989 #include <vnet/vnet_all_api_h.h>
990 #undef vl_msg_name_crc_list
991 
992 static void
993 setup_message_id_table (api_main_t * am)
994 {
995 #define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id);
996  foreach_vl_msg_name_crc_ipsec;
997 #undef _
998 }
999 
1000 static clib_error_t *
1001 ipsec_api_hookup (vlib_main_t * vm)
1002 {
1003  api_main_t *am = &api_main;
1004 
1005 #define _(N,n) \
1006  vl_msg_api_set_handlers(VL_API_##N, #n, \
1007  vl_api_##n##_t_handler, \
1008  vl_noop_handler, \
1009  vl_api_##n##_t_endian, \
1010  vl_api_##n##_t_print, \
1011  sizeof(vl_api_##n##_t), 1);
1012  foreach_vpe_api_msg;
1013 #undef _
1014 
1015  /*
1016  * Adding and deleting SAs is MP safe since when they are added/delete
1017  * no traffic is using them
1018  */
1019  am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL] = 1;
1020  am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY] = 1;
1021 
1022  /*
1023  * Set up the (msg_name, crc, message-id) table
1024  */
1025  setup_message_id_table (am);
1026 
1027  return 0;
1028 }
1029 
1030 VLIB_API_INIT_FUNCTION (ipsec_api_hookup);
1031 
1032 /*
1033  * fd.io coding-style-patch-verification: ON
1034  *
1035  * Local Variables:
1036  * eval: (c-set-style "gnu")
1037  * End:
1038  */
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec_spd_policy.h:37
ipsec_main_t::spds
ipsec_spd_t * spds
Definition: ipsec.h:95
vl_api_ipsec_spd_entry_add_del_t
IPsec: Add/delete Security Policy Database entry.
Definition: ipsec.api:118
flags
u32 flags
Definition: vhost_user.h:141
ipsec_spd_action_encode
vl_api_ipsec_spd_action_t ipsec_spd_action_encode(ipsec_policy_action_t in)
Definition: ipsec_api.c:584
ipsec_main_t::tunnel_interfaces
ipsec_tunnel_if_t * tunnel_interfaces
Definition: ipsec.h:102
port_range_t::stop
u16 stop
Definition: ipsec_spd_policy.h:42
vl_api_ipsec_sa_dump_t::client_index
u32 client_index
Definition: ipsec.api:482
ipsec_sa_t::tunnel_src_addr
ip46_address_t tunnel_src_addr
Definition: ipsec_sa.h:154
IP46_TYPE_IP6
Definition: ip6_packet.h:74
ipsec_policy_t_::sa_id
u32 sa_id
Definition: ipsec_spd_policy.h:72
ipsec_spd_policy_type_t
enum ipsec_spd_policy_t_ ipsec_spd_policy_type_t
vl_api_ipsec_tunnel_if_add_del_t::crypto_alg
u8 crypto_alg
Definition: ipsec.api:448
ipsec_sa_t::id
u32 id
Definition: ipsec_sa.h:142
IP46_TYPE_ANY
Definition: ip6_packet.h:72
vl_api_ipsec_spd_interface_details_t
IPsec: SPD interface response.
Definition: ipsec.api:405
ipsec_add_del_tunnel_args_t::local_ip
ip46_address_t local_ip
Definition: ipsec_if.h:38
vl_api_ipsec_tunnel_if_add_del_t::anti_replay
u8 anti_replay
Definition: ipsec.api:443
vl_api_ipsec_backend_dump_t
Dump IPsec backends.
Definition: ipsec.api:546
vl_api_ipsec_backend_dump_t::client_index
u32 client_index
Definition: ipsec.api:547
ip_types_api.h
ipsec_integ_alg_t
ipsec_integ_alg_t
Definition: ipsec_sa.h:58
VLIB_API_INIT_FUNCTION
VLIB_API_INIT_FUNCTION(ipsec_api_hookup)
vl_api_ipsec_sa_details_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:518
ipsec_crypto_algo_encode
static vl_api_ipsec_crypto_alg_t ipsec_crypto_algo_encode(ipsec_crypto_alg_t c)
Definition: ipsec_api.c:371
ipsec_ah_backend_t
Definition: ipsec.h:33
u64
unsigned long u64
Definition: types.h:89
ipsec_policy_t_::laddr
ip46_address_range_t laddr
Definition: ipsec_spd_policy.h:64
ipsec_policy_t_::id
u32 id
Definition: ipsec_spd_policy.h:56
REPLY_MACRO2
#define REPLY_MACRO2(t, body)
Definition: api_helper_macros.h:46
NULL
#define NULL
Definition: clib.h:58
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
ipsec_add_del_tunnel_args_t::renumber
u8 renumber
Definition: ipsec_if.h:51
foreach_ipsec_crypto_alg
#define foreach_ipsec_crypto_alg
Definition: ipsec_sa.h:22
FOR_EACH_IPSEC_SPD_POLICY_TYPE
#define FOR_EACH_IPSEC_SPD_POLICY_TYPE(_t)
Definition: ipsec_spd.h:36
vl_api_ipsec_tunnel_protect_dump_t::context
u32 context
Definition: ipsec.api:376
ipsec_set_interface_sa
int ipsec_set_interface_sa(vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
Definition: ipsec_if.c:454
ipsec_policy_mk_type
int ipsec_policy_mk_type(bool is_outbound, bool is_ipv6, ipsec_policy_action_t action, ipsec_spd_policy_type_t *type)
Definition: ipsec_spd_policy.c:100
WALK_CONTINUE
Definition: interface_funcs.h:174
vl_api_send_msg
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
Definition: api.h:35
ipsec_sa_t::crypto_key
ipsec_key_t crypto_key
Definition: ipsec_sa.h:147
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec_sa.h:150
vl_api_ipsec_backend_dump_t::context
u32 context
Definition: ipsec.api:548
vl_api_ipsec_tunnel_if_add_del_t::integ_alg
u8 integ_alg
Definition: ipsec.api:453
index_t
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:41
vec_add1
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:522
ipsec_add_del_tunnel_args_t::remote_integ_key
u8 remote_integ_key[128]
Definition: ipsec_if.h:50
ipsec_protocol_t
ipsec_protocol_t
Definition: ipsec_sa.h:66
vl_api_ipsec_spd_interface_details_t::context
u32 context
Definition: ipsec.api:406
ipsec_add_del_tunnel_args_t::remote_crypto_key
u8 remote_crypto_key[128]
Definition: ipsec_if.h:45
vl_api_ipsec_tunnel_if_add_del_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec.api:451
setup_message_id_table
static void setup_message_id_table(api_main_t *am)
Definition: ipsec_api.c:993
vl_api_ipsec_spd_interface_dump_t::spd_index
u32 spd_index
Definition: ipsec.api:396
vl_api_ipsec_spd_dump_t::spd_id
u32 spd_id
Definition: ipsec.api:168
i
int i
Definition: flowhash_template.h:376
IPSEC_PROTOCOL_ESP
Definition: ipsec_sa.h:69
foreach_ipsec_integ_alg
#define foreach_ipsec_integ_alg
Definition: ipsec_sa.h:49
policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:96
vl_api_ipsec_spd_add_del_t::is_add
u8 is_add
Definition: ipsec.api:33
vl_api_ipsec_sa_dump_t_handler
static void vl_api_ipsec_sa_dump_t_handler(vl_api_ipsec_sa_dump_t *mp)
Definition: ipsec_api.c:834
vnet_get_sw_interface
static vnet_sw_interface_t * vnet_get_sw_interface(vnet_main_t *vnm, u32 sw_if_index)
Definition: interface_funcs.h:58
ipsec_add_del_tunnel_args_t::udp_encap
u8 udp_encap
Definition: ipsec_if.h:53
vnet_sw_interface_t
Definition: interface.h:699
ipsec_select_ah_backend
int ipsec_select_ah_backend(ipsec_main_t *im, u32 backend_idx)
Definition: ipsec.c:218
IPSEC_INTEG_N_ALG
Definition: ipsec_sa.h:63
ipsec_spd_t
A Secruity Policy Database.
Definition: ipsec_spd.h:44
ipsec_sa_flags_decode
static ipsec_sa_flags_t ipsec_sa_flags_decode(vl_api_ipsec_sad_flags_t in)
Definition: ipsec_api.c:433
ipsec_tunnel_if_t
Definition: ipsec_if.h:20
vnet_msg_enum.h
ipsec_tunnel_protect_walk_ctx_t_
Definition: ipsec_api.c:162
vl_msg_api_alloc
void * vl_msg_api_alloc(int nbytes)
Definition: memory_shared.c:199
ipsec_tun_protect_walk
void ipsec_tun_protect_walk(ipsec_tun_protect_walk_cb_t fn, void *ctx)
Definition: ipsec_tun.c:370
ipsec_mk_key
void ipsec_mk_key(ipsec_key_t *key, const u8 *data, u8 len)
Definition: ipsec_sa.c:56
ipsec_key_t_::len
u8 len
Definition: ipsec_sa.h:75
vl_api_ipsec_spd_entry_add_del_t::is_add
u8 is_add
Definition: ipsec.api:122
vl_api_ipsec_tunnel_if_add_del_t::remote_spi
u32 remote_spi
Definition: ipsec.api:447
ipsec_tun_protect_t_::itp_n_sa_in
u32 itp_n_sa_in
Definition: ipsec_tun.h:39
vl_api_ipsec_tunnel_if_add_del_reply_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:473
u8
unsigned char u8
Definition: types.h:56
foreach_vpe_api_msg
#define foreach_vpe_api_msg
Definition: ipsec_api.c:52
vl_api_ipsec_tunnel_protect_dump_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:377
vl_api_ipsec_tunnel_if_add_del_t::remote_ip
vl_api_address_t remote_ip
Definition: ipsec.api:445
ipsec_sa_t::spi
u32 spi
Definition: ipsec_sa.h:117
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec_sa.h:119
ipsec_main_t::spd_index_by_sw_if_index
uword * spd_index_by_sw_if_index
Definition: ipsec.h:112
vl_api_ipsec_interface_add_del_spd_t_handler
static void vl_api_ipsec_interface_add_del_spd_t_handler(vl_api_ipsec_interface_add_del_spd_t *mp)
Definition: ipsec_api.c:87
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:180
walk_rc_t
enum walk_rc_t_ walk_rc_t
Walk return code.
vl_api_ipsec_tunnel_protect_del_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:370
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec_sa.h:122
crypto_key
vl_api_key_t crypto_key
Definition: ipsec.api:279
ipsec_policy_t_::protocol
u8 protocol
Definition: ipsec_spd_policy.h:66
ipsec_add_del_tunnel_args_t::remote_spi
u32 remote_spi
Definition: ipsec_if.h:40
vl_api_ipsec_select_backend_t
Select IPsec backend.
Definition: ipsec.api:571
pool_foreach
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
Definition: pool.h:493
vl_api_ipsec_tunnel_if_add_del_t::is_add
u8 is_add
Definition: ipsec.api:441
ipsec_add_del_tunnel_args_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec_if.h:49
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: gre.api:50
ipsec_proto_decode
static int ipsec_proto_decode(vl_api_ipsec_proto_t in, ipsec_protocol_t *out)
Definition: ipsec_api.c:324
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.c:28
ipsec_add_del_tunnel_args_t::local_spi
u32 local_spi
Definition: ipsec_if.h:39
vl_api_ipsec_sad_entry_add_del_reply_t
Definition: ipsec.api:304
vl_api_ipsec_tunnel_if_add_del_t::renumber
u8 renumber
Definition: ipsec.api:458
vl_api_ipsec_tunnel_if_add_del_t_handler
static void vl_api_ipsec_tunnel_if_add_del_t_handler(vl_api_ipsec_tunnel_if_add_del_t *mp)
Definition: ipsec_api.c:727
vl_api_ipsec_backend_dump_t_handler
static void vl_api_ipsec_backend_dump_t_handler(vl_api_ipsec_backend_dump_t *mp)
Definition: ipsec_api.c:899
foreach_ipsec_policy_action
Definition: ipsec_spd_policy.h:29
ipsec_select_esp_backend
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
Definition: ipsec.c:241
hash_foreach
#define hash_foreach(key_var, value_var, h, body)
Definition: hash.h:442
vl_api_ipsec_spd_dump_t_handler
static void vl_api_ipsec_spd_dump_t_handler(vl_api_ipsec_spd_dump_t *mp)
Definition: ipsec_api.c:635
vl_api_ipsec_spd_interface_dump_t_handler
static void vl_api_ipsec_spd_interface_dump_t_handler(vl_api_ipsec_spd_interface_dump_t *mp)
Definition: ipsec_api.c:690
vl_api_ipsec_tunnel_if_add_del_t::local_ip
vl_api_address_t local_ip
Definition: ipsec.api:444
ipsec_add_del_tunnel_args_t::is_ip6
u8 is_ip6
Definition: ipsec_if.h:35
port_range_t::start
u16 start
Definition: ipsec_spd_policy.h:42
api_errno.h
ipsec_sa_unlock_id
int ipsec_sa_unlock_id(u32 id)
Definition: ipsec_sa.c:332
vl_api_ipsec_tunnel_if_set_sa_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:537
vl_api_ipsec_interface_add_del_spd_t::is_add
u8 is_add
Definition: ipsec.api:52
IPSEC_CRYPTO_N_ALG
Definition: ipsec_sa.h:41
ipsec_policy_t_::rport
port_range_t rport
Definition: ipsec_spd_policy.h:68
vl_api_ipsec_tunnel_protect_dump_t
Definition: ipsec.api:373
u32
unsigned int u32
Definition: types.h:88
vl_api_ipsec_spd_entry_add_del_reply_t
IPsec: Reply Add/delete Security Policy Database entry.
Definition: ipsec.api:132
vl_api_ipsec_sa_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:521
ipsec_main_t
Definition: ipsec.h:92
ip_address_decode
ip46_type_t ip_address_decode(const vl_api_address_t *in, ip46_address_t *out)
Definition: ip_types_api.c:161
vl_api_ipsec_sa_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:520
vl_api_ipsec_spd_add_del_t_handler
static void vl_api_ipsec_spd_add_del_t_handler(vl_api_ipsec_spd_add_del_t *mp)
Definition: ipsec_api.c:70
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec_sa.h:120
api_helper_macros.h
hash_get
#define hash_get(h, key)
Definition: hash.h:249
vl_api_ipsec_sad_entry_add_del_t
IPsec: Add/delete Security Association Database entry.
Definition: ipsec.api:297
ipsec_sa_t::tx_fib_index
u32 tx_fib_index
Definition: ipsec_sa.h:160
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:514
vl_api_ipsec_tunnel_if_add_del_t::remote_crypto_key
u8 remote_crypto_key[128]
Definition: ipsec.api:452
vl_api_ipsec_spds_details_t
Dump IPsec all SPD IDs response.
Definition: ipsec.api:153
vl_api_ipsec_tunnel_if_add_del_reply_t
Add/delete IPsec tunnel interface response.
Definition: ipsec.api:470
vl_api_ipsec_tunnel_if_add_del_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec.api:456
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
protocol
vl_api_ip_proto_t protocol
Definition: punt.api:39
vl_api_ipsec_spd_add_del_t
IPsec: Add/delete Security Policy Database.
Definition: ipsec.api:29
ipsec_sa_t::salt
u32 salt
Definition: ipsec_sa.h:163
ipsec_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ipsec.h:108
vl_api_ipsec_tunnel_protect_details_t::tun
vl_api_ipsec_tunnel_protect_t tun
Definition: ipsec.api:383
ipsec_tun_protect_t_
Definition: ipsec_tun.h:32
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add, u32 *stat_index)
Add/Delete a SPD.
Definition: ipsec_spd_policy.c:136
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec_sa.h:121
vl_api_ipsec_tunnel_if_add_del_t::local_integ_key
u8 local_integ_key[128]
Definition: ipsec.api:455
ipsec_spd_action_decode
static int ipsec_spd_action_decode(vl_api_ipsec_spd_action_t in, ipsec_policy_action_t *out)
Definition: ipsec_api.c:238
ipsec_add_del_tunnel_args_t::remote_ip
ip46_address_t remote_ip
Definition: ipsec_if.h:38
ipsec_add_del_tunnel_args_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec_if.h:42
vl_api_ipsec_tunnel_protect_del_t
Definition: ipsec.api:365
vl_api_ipsec_tunnel_if_add_del_t::udp_encap
u8 udp_encap
Definition: ipsec.api:460
REPLY_MACRO
#define REPLY_MACRO(t)
Definition: api_helper_macros.h:30
vl_api_ipsec_tunnel_protect_update_t::tunnel
vl_api_ipsec_tunnel_protect_t tunnel
Definition: ipsec.api:362
ipsec_policy_t_::type
ipsec_spd_policy_type_t type
Definition: ipsec_spd_policy.h:60
ipsec_sad_flags_encode
static vl_api_ipsec_sad_flags_t ipsec_sad_flags_encode(const ipsec_sa_t *sa)
Definition: ipsec_api.c:455
vl_api_ipsec_spd_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:169
ipsec_tun_protect_del
int ipsec_tun_protect_del(u32 sw_if_index)
Definition: ipsec_tun.c:339
ipsec_sa_t
Definition: ipsec_sa.h:107
vl_api_ipsec_interface_add_del_spd_t::spd_id
u32 spd_id
Definition: ipsec.api:54
ipsec_add_del_tunnel_args_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec_if.h:47
send_ipsec_sa_details
static void send_ipsec_sa_details(ipsec_sa_t *sa, vl_api_registration_t *reg, u32 context, u32 sw_if_index)
Definition: ipsec_api.c:785
ipsec_policy_action_t
ipsec_policy_action_t
Definition: ipsec_spd_policy.h:26
ipsec_main_t::spd_index_by_spd_id
uword * spd_index_by_spd_id
Definition: ipsec.h:111
vl_api_ipsec_spd_interface_details_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:408
vl_api_ipsec_spds_dump_t::client_index
u32 client_index
Definition: ipsec.api:144
vl_api_ipsec_tunnel_if_set_sa_t_handler
static void vl_api_ipsec_tunnel_if_set_sa_t_handler(vl_api_ipsec_tunnel_if_set_sa_t *mp)
Definition: ipsec_api.c:878
api_main_t
API main structure, used by both vpp and binary API clients.
Definition: api_common.h:203
ipsec_sa_t::tunnel_dst_addr
ip46_address_t tunnel_dst_addr
Definition: ipsec_sa.h:155
vl_api_ipsec_tunnel_protect_update_t
Definition: ipsec.api:357
vl_api_ipsec_tunnel_if_add_del_t::remote_integ_key
u8 remote_integ_key[128]
Definition: ipsec.api:457
vl_api_registration_
An API client registration, only in vpp/vlib.
Definition: api_common.h:46
ipsec_tun_protect_t_::itp_sw_if_index
u32 itp_sw_if_index
Definition: ipsec_tun.h:42
BAD_SW_IF_INDEX_LABEL
#define BAD_SW_IF_INDEX_LABEL
Definition: api_helper_macros.h:125
vl_api_ipsec_interface_add_del_spd_t
IPsec: Add/delete SPD from interface.
Definition: ipsec.api:47
ipsec_add_del_tunnel_args_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec_if.h:41
c
svmdb_client_t * c
Definition: vpp_get_metrics.c:49
vl_api_ipsec_tunnel_if_add_del_t::esn
u8 esn
Definition: ipsec.api:442
ipsec_add_del_tunnel_args_t
Definition: ipsec_if.h:32
ipsec_add_del_tunnel_args_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec_if.h:44
vm
vlib_main_t * vm
Definition: buffer.c:323
ipsec_tun_protect_update
int ipsec_tun_protect_update(u32 sw_if_index, u32 sa_out, u32 *sas_in)
Definition: ipsec_tun.c:224
ipsec_main_t::ah_backends
ipsec_ah_backend_t * ah_backends
Definition: ipsec.h:150
ipsec_policy_t_::priority
i32 priority
Definition: ipsec_spd_policy.h:57
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:341
vl_api_ipsec_spds_dump_t
Dump IPsec all SPD IDs.
Definition: ipsec.api:143
vl_api_ipsec_sad_entry_add_del_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:302
vl_api_ipsec_select_backend_t::index
u8 index
Definition: ipsec.api:575
ipsec_policy_t_::policy
ipsec_policy_action_t policy
Definition: ipsec_spd_policy.h:71
ip46_address_range_t::start
ip46_address_t start
Definition: ipsec_spd_policy.h:37
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
vl_api_ipsec_tunnel_if_add_del_t::local_spi
u32 local_spi
Definition: ipsec.api:446
ipsec_crypto_algo_decode
static int ipsec_crypto_algo_decode(vl_api_ipsec_crypto_alg_t in, ipsec_crypto_alg_t *out)
Definition: ipsec_api.c:354
ipsec_sa_flags_t
enum ipsec_sad_flags_t_ ipsec_sa_flags_t
vl_api_ipsec_select_backend_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:574
ipsec_tunnel_protect_walk_ctx_t_::reg
vl_api_registration_t * reg
Definition: ipsec_api.c:164
FOR_EACH_IPSEC_PROTECT_INPUT_SAI
#define FOR_EACH_IPSEC_PROTECT_INPUT_SAI(_itp, _sai, body)
Definition: ipsec_tun.h:52
ipsec_esp_backend_t
Definition: ipsec.h:50
vl_api_ipsec_tunnel_if_set_sa_t
Set new SA on IPsec interface.
Definition: ipsec.api:534
vl_api_client_index_to_registration
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
Definition: api.h:57
ipsec_policy_t_
A Secruity Policy.
Definition: ipsec_spd_policy.h:54
vl_api_ipsec_spd_add_del_t::spd_id
u32 spd_id
Definition: ipsec.api:34
vl_api_ipsec_spds_dump_t_handler
static void vl_api_ipsec_spds_dump_t_handler(vl_api_ipsec_spds_dump_t *mp)
Definition: ipsec_api.c:563
vl_api_ipsec_tunnel_protect_dump_t_handler
static void vl_api_ipsec_tunnel_protect_dump_t_handler(vl_api_ipsec_tunnel_protect_dump_t *mp)
Definition: ipsec_api.c:201
send_ipsec_spd_interface_details
static void send_ipsec_spd_interface_details(vl_api_registration_t *reg, u32 spd_index, u32 sw_if_index, u32 context)
Definition: ipsec_api.c:673
vl_api_ipsec_spd_dump_t::client_index
u32 client_index
Definition: ipsec.api:166
vl_api_ipsec_sa_details_t::salt
u32 salt
Definition: ipsec.api:519
vl_api_ipsec_sa_details_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:516
vnet_main_t
Definition: vnet.h:51
send_ipsec_spd_details
static void send_ipsec_spd_details(ipsec_policy_t *p, vl_api_registration_t *reg, u32 context)
Definition: ipsec_api.c:600
ipsec_key_t_::data
u8 data[IPSEC_KEY_MAX_LEN]
Definition: ipsec_sa.h:76
ipsec_add_del_tunnel_args_t::local_crypto_key
u8 local_crypto_key[128]
Definition: ipsec_if.h:43
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
vl_api_ipsec_tunnel_if_add_del_t::salt
u32 salt
Definition: ipsec.api:462
spi
u32 spi
Definition: ipsec.api:274
vl_api_ipsec_spd_entry_add_del_t_handler
static void vl_api_ipsec_spd_entry_add_del_t_handler(vl_api_ipsec_spd_entry_add_del_t *mp)
Definition: ipsec_api.c:255
ipsec_main_t::policies
ipsec_policy_t * policies
Definition: ipsec.h:99
vl_api_ipsec_tunnel_if_add_del_t::local_crypto_key
u8 local_crypto_key[128]
Definition: ipsec.api:450
vl_api_ipsec_sa_dump_t
Dump IPsec security association.
Definition: ipsec.api:481
ipsec_add_del_tunnel_args_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec_if.h:46
ipsec_add_del_tunnel_args_t::esn
u8 esn
Definition: ipsec_if.h:36
ip46_type_t
ip46_type_t
Definition: ip6_packet.h:70
ipsec_main_t::sad
ipsec_sa_t * sad
Definition: ipsec.h:97
vl_api_ipsec_spd_interface_dump_t::spd_index_valid
u8 spd_index_valid
Definition: ipsec.api:397
fib_table_get_table_id
u32 fib_table_get_table_id(u32 fib_index, fib_protocol_t proto)
Get the Table-ID of the FIB from protocol and index.
Definition: fib_table.c:1069
ipsec_tun_protect_get
static ipsec_tun_protect_t * ipsec_tun_protect_get(u32 index)
Definition: ipsec_tun.h:103
ipsec_spd_t::policies
u32 * policies[IPSEC_SPD_POLICY_N_TYPES]
vectors for each of the policy types
Definition: ipsec_spd.h:49
ipsec_add_del_tunnel_args_t::tx_table_id
u32 tx_table_id
Definition: ipsec_if.h:54
vl_api_ipsec_tunnel_protect_details_t::context
u32 context
Definition: ipsec.api:382
vl_api_ipsec_spd_dump_t
Dump ipsec policy database data.
Definition: ipsec.api:165
vl_api_ipsec_spd_dump_t::context
u32 context
Definition: ipsec.api:167
vl_api_ipsec_spd_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:136
vnet_sw_interface_t::hw_if_index
u32 hw_if_index
Definition: interface.h:717
vl_api_ipsec_sa_details_t::replay_window
u64 replay_window
Definition: ipsec.api:522
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec_sa.h:144
vl_api_ipsec_tunnel_protect_update_t_handler
static void vl_api_ipsec_tunnel_protect_update_t_handler(vl_api_ipsec_tunnel_protect_update_t *mp)
Definition: ipsec_api.c:112
send_ipsec_spds_details
static void send_ipsec_spds_details(ipsec_spd_t *spd, vl_api_registration_t *reg, u32 context)
Definition: ipsec_api.c:542
ipsec_tunnel_protect_walk_ctx_t_::context
u32 context
Definition: ipsec_api.c:165
ipsec_proto_encode
static vl_api_ipsec_proto_t ipsec_proto_encode(ipsec_protocol_t p)
Definition: ipsec_api.c:341
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
vl_api_ipsec_spds_details_t::spd_id
u32 spd_id
Definition: ipsec.api:155
ipsec_sa_t::seq
u32 seq
Definition: ipsec_sa.h:118
vl_api_ipsec_spd_details_t
IPsec policy database response.
Definition: ipsec.api:178
clib_error_t
Definition: clib_error.h:21
vl_api_ipsec_spd_interface_dump_t
IPsec: Get SPD interfaces.
Definition: ipsec.api:393
vl_api_ipsec_spd_details_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:180
vl_api_ipsec_spd_entry_add_del_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:123
vl_api_ipsec_tunnel_if_add_del_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec.api:454
ipsec_sa_add_and_lock
int ipsec_sa_add_and_lock(u32 id, u32 spi, ipsec_protocol_t proto, ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, ipsec_sa_flags_t flags, u32 tx_table_id, u32 salt, const ip46_address_t *tun_src, const ip46_address_t *tun_dst, u32 *sa_out_index)
Definition: ipsec_sa.c:127
vnet_all_api_h.h
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:143
vl_api_ipsec_tunnel_if_add_del_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec.api:449
ipsec_add_del_tunnel_args_t::salt
u32 salt
Definition: ipsec_if.h:55
vl_api_ipsec_spd_details_t::context
u32 context
Definition: ipsec.api:179
ipsec_policy_t_::raddr
ip46_address_range_t raddr
Definition: ipsec_spd_policy.h:65
FIB_PROTOCOL_IP4
Definition: fib_types.h:37
INDEX_INVALID
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
Definition: dpo.h:47
vlib_main_t
Definition: main.h:83
uword
u64 uword
Definition: types.h:112
ipsec_crypto_alg_t
ipsec_crypto_alg_t
Definition: ipsec_sa.h:36
key
typedef key
Definition: ipsec.api:247
ipsec_integ_algo_decode
static int ipsec_integ_algo_decode(vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t *out)
Definition: ipsec_api.c:388
vl_api_ipsec_sad_entry_add_del_t::is_add
u8 is_add
Definition: ipsec.api:301
vl_api_ipsec_tunnel_if_set_sa_t::is_outbound
u8 is_outbound
Definition: ipsec.api:539
vl_api_ipsec_tunnel_protect_dump_t::client_index
u32 client_index
Definition: ipsec.api:375
vl_api_ipsec_tunnel_if_set_sa_t::sa_id
u32 sa_id
Definition: ipsec.api:538
ipsec_set_interface_spd
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Bind/attach a SPD to an interface.
Definition: ipsec_spd.c:63
ipsec_integ_algo_encode
static vl_api_ipsec_integ_alg_t ipsec_integ_algo_encode(ipsec_integ_alg_t i)
Definition: ipsec_api.c:404
tun
vl_api_gbp_endpoint_tun_t tun
Definition: gbp.api:125
ip_address_encode
void ip_address_encode(const ip46_address_t *in, ip46_type_t type, vl_api_address_t *out)
Definition: ip_types_api.c:178
ipsec_key_decode
static void ipsec_key_decode(const vl_api_key_t *key, ipsec_key_t *out)
Definition: ipsec_api.c:420
vl_api_ipsec_sa_details_t::context
u32 context
Definition: ipsec.api:515
ipsec_spd_t::id
u32 id
the User&#39;s ID for this policy
Definition: ipsec_spd.h:47
ipsec_key_encode
static void ipsec_key_encode(const ipsec_key_t *in, vl_api_key_t *out)
Definition: ipsec_api.c:426
ipsec_tun.h
vl_api_ipsec_tunnel_protect_details_t
Definition: ipsec.api:380
ipsec_tunnel_protect_walk_ctx_t
struct ipsec_tunnel_protect_walk_ctx_t_ ipsec_tunnel_protect_walk_ctx_t
vl_api_ipsec_spds_details_t::npolicies
u32 npolicies
Definition: ipsec.api:156
ipsec_add_del_tunnel_args_t::is_add
u8 is_add
Definition: ipsec_if.h:34
api_main_t::is_mp_safe
u8 * is_mp_safe
Message is mp safe vector.
Definition: api_common.h:226
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec_sa.h:146
ipsec_policy_t_::lport
port_range_t lport
Definition: ipsec_spd_policy.h:67
ipsec_tun_protect_find
index_t ipsec_tun_protect_find(u32 sw_if_index)
Definition: ipsec_tun.c:215
ipsec_add_del_spd
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Add/Delete a SPD.
Definition: ipsec_spd.c:20
ipsec_api_hookup
static clib_error_t * ipsec_api_hookup(vlib_main_t *vm)
Definition: ipsec_api.c:1001
foreach_ipsec_spd_policy_type
#define foreach_ipsec_spd_policy_type
Definition: ipsec_spd.h:20
vl_api_ipsec_tunnel_protect_del_t_handler
static void vl_api_ipsec_tunnel_protect_del_t_handler(vl_api_ipsec_tunnel_protect_del_t *mp)
Definition: ipsec_api.c:140
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:197
id
u32 id
Definition: udp.api:45
ipsec_add_del_tunnel_if_internal
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index_p)
Definition: ipsec_if.c:269
vl_api_ipsec_tunnel_if_add_del_t::tx_table_id
u32 tx_table_id
Definition: ipsec.api:461
send_ipsec_tunnel_protect_details
static walk_rc_t send_ipsec_tunnel_protect_details(index_t itpi, void *arg)
Definition: ipsec_api.c:169
vl_api_ipsec_spds_details_t::context
u32 context
Definition: ipsec.api:154
vl_api_ipsec_spd_interface_details_t::spd_index
u32 spd_index
Definition: ipsec.api:407
vl_api_ipsec_select_backend_t_handler
static void vl_api_ipsec_select_backend_t_handler(vl_api_ipsec_select_backend_t *mp)
Definition: ipsec_api.c:944
vl_api_ipsec_sa_details_t
IPsec security association database response.
Definition: ipsec.api:514
ipsec_main_t::esp_backends
ipsec_esp_backend_t * esp_backends
Definition: ipsec.h:152
vec_validate_init_empty
#define vec_validate_init_empty(V, I, INIT)
Make sure vector is long enough for given index and initialize empty space (no header, unspecified alignment)
Definition: vec.h:486
ipsec_sa_t::integ_key
ipsec_key_t integ_key
Definition: ipsec_sa.h:151
ipsec_key_t_
Definition: ipsec_sa.h:73
ipsec_add_del_tunnel_args_t::anti_replay
u8 anti_replay
Definition: ipsec_if.h:37
vl_api_ipsec_spd_interface_dump_t::client_index
u32 client_index
Definition: ipsec.api:394
api_main
api_main_t api_main
Definition: api_shared.c:35
vl_api_ipsec_tunnel_if_add_del_t
Add or delete IPsec tunnel interface.
Definition: ipsec.api:438
ipsec_policy_t_::is_ipv6
u8 is_ipv6
Definition: ipsec_spd_policy.h:63
IPSEC_PROTOCOL_AH
Definition: ipsec_sa.h:68
vl_api_ipsec_interface_add_del_spd_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:53
proto
vl_api_fib_path_nh_proto_t proto
Definition: fib_types.api:125
ipsec_add_del_tunnel_args_t::local_integ_key
u8 local_integ_key[128]
Definition: ipsec_if.h:48
VALIDATE_SW_IF_INDEX
#define VALIDATE_SW_IF_INDEX(mp)
Definition: api_helper_macros.h:117
ipsec_tun_protect_t_::itp_out_sa
index_t itp_out_sa
Definition: ipsec_tun.h:35
ipsec_add_del_tunnel_args_t::show_instance
u32 show_instance
Definition: ipsec_if.h:52
vl_api_ipsec_sad_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:308
vl_api_ipsec_sad_entry_add_del_t_handler
static void vl_api_ipsec_sad_entry_add_del_t_handler(vl_api_ipsec_sad_entry_add_del_t *mp)
Definition: ipsec_api.c:476
vl_api_ipsec_tunnel_if_add_del_t::show_instance
u32 show_instance
Definition: ipsec.api:459
pool_elts
static uword pool_elts(void *v)
Number of active elements in a pool.
Definition: pool.h:128