FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
ipsec_sa.h File Reference
+ Include dependency graph for ipsec_sa.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ipsec_key_t_
 
struct  ipsec_sa_t
 

Macros

#define foreach_ipsec_crypto_alg
 
#define IPSEC_CRYPTO_ALG_IS_GCM(_alg)
 
#define foreach_ipsec_integ_alg
 
#define IPSEC_KEY_MAX_LEN   128
 
#define foreach_ipsec_sa_flags
 
#define IPSEC_UDP_PORT_NONE   ((u16)~0)
 
#define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE   (64)
 
#define IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX   (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE-1)
 
#define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND(_tl)   (_tl - IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE + 1)
 

Typedefs

typedef struct ipsec_key_t_ ipsec_key_t
 
typedef enum ipsec_sad_flags_t_ ipsec_sa_flags_t
 
typedef walk_rc_t(* ipsec_sa_walk_cb_t) (ipsec_sa_t *sa, void *ctx)
 

Enumerations

enum  ipsec_crypto_alg_t { IPSEC_CRYPTO_N_ALG }
 
enum  ipsec_integ_alg_t { IPSEC_INTEG_N_ALG }
 
enum  ipsec_protocol_t { IPSEC_PROTOCOL_AH = 0, IPSEC_PROTOCOL_ESP = 1 }
 
enum  ipsec_sad_flags_t_ { foreach_ipsec_sa_flags }
 

Functions

 STATIC_ASSERT (sizeof(ipsec_sa_flags_t)==1, "IPSEC SA flags > 1 byte")
 
 STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES)
 
void ipsec_mk_key (ipsec_key_t *key, const u8 *data, u8 len)
 
int ipsec_sa_add_and_lock (u32 id, u32 spi, ipsec_protocol_t proto, ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, ipsec_sa_flags_t flags, u32 tx_table_id, u32 salt, const ip46_address_t *tunnel_src_addr, const ip46_address_t *tunnel_dst_addr, u32 *sa_index, u16 src_port, u16 dst_port)
 
index_t ipsec_sa_find_and_lock (u32 id)
 
int ipsec_sa_unlock_id (u32 id)
 
void ipsec_sa_unlock (index_t sai)
 
void ipsec_sa_lock (index_t sai)
 
void ipsec_sa_clear (index_t sai)
 
void ipsec_sa_set_crypto_alg (ipsec_sa_t *sa, ipsec_crypto_alg_t crypto_alg)
 
void ipsec_sa_set_integ_alg (ipsec_sa_t *sa, ipsec_integ_alg_t integ_alg)
 
void ipsec_sa_walk (ipsec_sa_walk_cb_t cd, void *ctx)
 
u8format_ipsec_crypto_alg (u8 *s, va_list *args)
 
u8format_ipsec_integ_alg (u8 *s, va_list *args)
 
u8format_ipsec_sa (u8 *s, va_list *args)
 
u8format_ipsec_key (u8 *s, va_list *args)
 
uword unformat_ipsec_crypto_alg (unformat_input_t *input, va_list *args)
 
uword unformat_ipsec_integ_alg (unformat_input_t *input, va_list *args)
 
uword unformat_ipsec_key (unformat_input_t *input, va_list *args)
 
static int ipsec_sa_anti_replay_check (ipsec_sa_t *sa, u32 seq)
 
static void ipsec_sa_anti_replay_advance (ipsec_sa_t *sa, u32 seq)
 
static u32 ipsec_sa_assign_thread (u32 thread_id)
 

Variables

foreach_ipsec_sa_flags vlib_combined_counter_main_t ipsec_sa_counters
 SA packet & bytes counters. More...
 

Macro Definition Documentation

◆ foreach_ipsec_crypto_alg

#define foreach_ipsec_crypto_alg
Value:
_ (0, NONE, "none") \
_ (1, AES_CBC_128, "aes-cbc-128") \
_ (2, AES_CBC_192, "aes-cbc-192") \
_ (3, AES_CBC_256, "aes-cbc-256") \
_ (4, AES_CTR_128, "aes-ctr-128") \
_ (5, AES_CTR_192, "aes-ctr-192") \
_ (6, AES_CTR_256, "aes-ctr-256") \
_ (7, AES_GCM_128, "aes-gcm-128") \
_ (8, AES_GCM_192, "aes-gcm-192") \
_ (9, AES_GCM_256, "aes-gcm-256") \
_ (10, DES_CBC, "des-cbc") \
_ (11, 3DES_CBC, "3des-cbc")

Definition at line 23 of file ipsec_sa.h.

◆ foreach_ipsec_integ_alg

#define foreach_ipsec_integ_alg
Value:
_ (0, NONE, "none") \
_ (1, MD5_96, "md5-96") /* RFC2403 */ \
_ (2, SHA1_96, "sha1-96") /* RFC2404 */ \
_ (3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
_ (4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
_ (5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
_ (6, SHA_512_256, "sha-512-256") /* RFC4868 */

Definition at line 50 of file ipsec_sa.h.

◆ foreach_ipsec_sa_flags

#define foreach_ipsec_sa_flags
Value:
_ (0, NONE, "none") \
_ (1, USE_ESN, "esn") \
_ (2, USE_ANTI_REPLAY, "anti-replay") \
_ (4, IS_TUNNEL, "tunnel") \
_ (8, IS_TUNNEL_V6, "tunnel-v6") \
_ (16, UDP_ENCAP, "udp-encap") \
_ (32, IS_PROTECT, "Protect") \
_ (64, IS_INBOUND, "inbound") \
_ (128, IS_AEAD, "aead") \

Definition at line 88 of file ipsec_sa.h.

◆ IPSEC_CRYPTO_ALG_IS_GCM

#define IPSEC_CRYPTO_ALG_IS_GCM (   _alg)
Value:
(((_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) || \
(_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) || \
(_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)))

Definition at line 45 of file ipsec_sa.h.

◆ IPSEC_KEY_MAX_LEN

#define IPSEC_KEY_MAX_LEN   128

Definition at line 73 of file ipsec_sa.h.

◆ IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND

#define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (   _tl)    (_tl - IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE + 1)

Definition at line 291 of file ipsec_sa.h.

◆ IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX

#define IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX   (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE-1)

Definition at line 284 of file ipsec_sa.h.

◆ IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE

#define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE   (64)

Definition at line 283 of file ipsec_sa.h.

◆ IPSEC_UDP_PORT_NONE

#define IPSEC_UDP_PORT_NONE   ((u16)~0)

Definition at line 277 of file ipsec_sa.h.

Typedef Documentation

◆ ipsec_key_t

typedef struct ipsec_key_t_ ipsec_key_t

◆ ipsec_sa_flags_t

◆ ipsec_sa_walk_cb_t

typedef walk_rc_t(* ipsec_sa_walk_cb_t) (ipsec_sa_t *sa, void *ctx)

Definition at line 264 of file ipsec_sa.h.

Enumeration Type Documentation

◆ ipsec_crypto_alg_t

Enumerator
IPSEC_CRYPTO_N_ALG 

Definition at line 37 of file ipsec_sa.h.

◆ ipsec_integ_alg_t

Enumerator
IPSEC_INTEG_N_ALG 

Definition at line 59 of file ipsec_sa.h.

◆ ipsec_protocol_t

Enumerator
IPSEC_PROTOCOL_AH 
IPSEC_PROTOCOL_ESP 

Definition at line 67 of file ipsec_sa.h.

◆ ipsec_sad_flags_t_

Enumerator
foreach_ipsec_sa_flags 

Definition at line 99 of file ipsec_sa.h.

Function Documentation

◆ format_ipsec_crypto_alg()

u8* format_ipsec_crypto_alg ( u8 s,
va_list *  args 
)

Definition at line 78 of file ipsec_format.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ format_ipsec_integ_alg()

u8* format_ipsec_integ_alg ( u8 s,
va_list *  args 
)

Definition at line 110 of file ipsec_format.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ format_ipsec_key()

u8* format_ipsec_key ( u8 s,
va_list *  args 
)

Definition at line 234 of file ipsec_format.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ format_ipsec_sa()

u8* format_ipsec_sa ( u8 s,
va_list *  args 
)

Definition at line 269 of file ipsec_format.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ipsec_mk_key()

void ipsec_mk_key ( ipsec_key_t key,
const u8 data,
u8  len 
)

Definition at line 56 of file ipsec_sa.c.

+ Here is the caller graph for this function:

◆ ipsec_sa_add_and_lock()

int ipsec_sa_add_and_lock ( u32  id,
u32  spi,
ipsec_protocol_t  proto,
ipsec_crypto_alg_t  crypto_alg,
const ipsec_key_t ck,
ipsec_integ_alg_t  integ_alg,
const ipsec_key_t ik,
ipsec_sa_flags_t  flags,
u32  tx_table_id,
u32  salt,
const ip46_address_t *  tunnel_src_addr,
const ip46_address_t *  tunnel_dst_addr,
u32 sa_index,
u16  src_port,
u16  dst_port 
)

Definition at line 170 of file ipsec_sa.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ipsec_sa_anti_replay_advance()

static void ipsec_sa_anti_replay_advance ( ipsec_sa_t sa,
u32  seq 
)
inlinestatic

Definition at line 425 of file ipsec_sa.h.

+ Here is the caller graph for this function:

◆ ipsec_sa_anti_replay_check()

static int ipsec_sa_anti_replay_check ( ipsec_sa_t sa,
u32  seq 
)
inlinestatic

Definition at line 298 of file ipsec_sa.h.

+ Here is the caller graph for this function:

◆ ipsec_sa_assign_thread()

static u32 ipsec_sa_assign_thread ( u32  thread_id)
inlinestatic

Definition at line 490 of file ipsec_sa.h.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ipsec_sa_clear()

void ipsec_sa_clear ( index_t  sai)

Definition at line 444 of file ipsec_sa.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ipsec_sa_find_and_lock()

index_t ipsec_sa_find_and_lock ( u32  id)

Definition at line 409 of file ipsec_sa.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ipsec_sa_lock()

void ipsec_sa_lock ( index_t  sai)

Definition at line 395 of file ipsec_sa.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ipsec_sa_set_crypto_alg()

void ipsec_sa_set_crypto_alg ( ipsec_sa_t sa,
ipsec_crypto_alg_t  crypto_alg 
)

Definition at line 97 of file ipsec_sa.c.

+ Here is the caller graph for this function:

◆ ipsec_sa_set_integ_alg()

void ipsec_sa_set_integ_alg ( ipsec_sa_t sa,
ipsec_integ_alg_t  integ_alg 
)

Definition at line 116 of file ipsec_sa.c.

+ Here is the caller graph for this function:

◆ ipsec_sa_unlock()

void ipsec_sa_unlock ( index_t  sai)

Definition at line 381 of file ipsec_sa.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ipsec_sa_unlock_id()

int ipsec_sa_unlock_id ( u32  id)

Definition at line 428 of file ipsec_sa.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ ipsec_sa_walk()

void ipsec_sa_walk ( ipsec_sa_walk_cb_t  cd,
void *  ctx 
)

Definition at line 450 of file ipsec_sa.c.

+ Here is the caller graph for this function:

◆ STATIC_ASSERT()

STATIC_ASSERT ( sizeof(ipsec_sa_flags_t = =1,
"IPSEC SA  flags,
1 byte"   
)

◆ STATIC_ASSERT_OFFSET_OF()

STATIC_ASSERT_OFFSET_OF ( ipsec_sa_t  ,
cacheline1  ,
CLIB_CACHE_LINE_BYTES   
)

◆ unformat_ipsec_crypto_alg()

uword unformat_ipsec_crypto_alg ( unformat_input_t input,
va_list *  args 
)

Definition at line 96 of file ipsec_format.c.

+ Here is the caller graph for this function:

◆ unformat_ipsec_integ_alg()

uword unformat_ipsec_integ_alg ( unformat_input_t input,
va_list *  args 
)

Definition at line 128 of file ipsec_format.c.

+ Here is the caller graph for this function:

◆ unformat_ipsec_key()

uword unformat_ipsec_key ( unformat_input_t input,
va_list *  args 
)

Definition at line 242 of file ipsec_format.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ ipsec_sa_counters

SA packet & bytes counters.

Definition at line 27 of file ipsec_sa.c.