2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include <vnet/ip/ip.h>
19 #include <vnet/ipsec/ipsec.h>
20 #include <vnet/ipsec/ipsec.api_enum.h>
24 unsigned char nexthdr;
26 unsigned short reserved;
29 unsigned char auth_data[0];
34 typedef CLIB_PACKED (struct {
37 }) ip4_and_ah_header_t;
41 typedef CLIB_PACKED (struct {
44 }) ip6_and_ah_header_t;
48 ah_encrypt_err_to_sa_err (u32 err)
52 case AH_ENCRYPT_ERROR_CRYPTO_ENGINE_ERROR:
53 return IPSEC_SA_ERROR_CRYPTO_ENGINE_ERROR;
54 case AH_ENCRYPT_ERROR_SEQ_CYCLED:
55 return IPSEC_SA_ERROR_SEQ_CYCLED;
61 ah_decrypt_err_to_sa_err (u32 err)
65 case AH_DECRYPT_ERROR_DECRYPTION_FAILED:
66 return IPSEC_SA_ERROR_DECRYPTION_FAILED;
67 case AH_DECRYPT_ERROR_INTEG_ERROR:
68 return IPSEC_SA_ERROR_INTEG_ERROR;
69 case AH_DECRYPT_ERROR_NO_TAIL_SPACE:
70 return IPSEC_SA_ERROR_NO_TAIL_SPACE;
71 case AH_DECRYPT_ERROR_DROP_FRAGMENTS:
72 return IPSEC_SA_ERROR_DROP_FRAGMENTS;
73 case AH_DECRYPT_ERROR_REPLAY:
74 return IPSEC_SA_ERROR_REPLAY;
80 ah_encrypt_set_next_index (vlib_buffer_t *b, vlib_node_runtime_t *node,
81 u32 thread_index, u32 err, u16 index, u16 *nexts,
82 u16 drop_next, u32 sa_index)
84 ipsec_set_next_index (b, node, thread_index, err,
85 ah_encrypt_err_to_sa_err (err), index, nexts,
90 ah_decrypt_set_next_index (vlib_buffer_t *b, vlib_node_runtime_t *node,
91 u32 thread_index, u32 err, u16 index, u16 *nexts,
92 u16 drop_next, u32 sa_index)
94 ipsec_set_next_index (b, node, thread_index, err,
95 ah_decrypt_err_to_sa_err (err), index, nexts,
100 ah_calc_icv_padding_len (u8 icv_size, int is_ipv6)
102 ASSERT (0 == is_ipv6 || 1 == is_ipv6);
103 const u8 req_multiple = 4 + 4 * is_ipv6; // 4 for ipv4, 8 for ipv6
104 const u8 total_size = sizeof (ah_header_t) + icv_size;
105 return (req_multiple - total_size % req_multiple) % req_multiple;
108 #endif /* __AH_H__ */
111 * fd.io coding-style-patch-verification: ON
114 * eval: (c-set-style "gnu")