2 * esp_decrypt.c : IPSec ESP decrypt node
4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/vnet.h>
19 #include <vnet/api_errno.h>
20 #include <vnet/ip/ip.h>
21 #include <vnet/l2/l2_input.h>
23 #include <vnet/ipsec/ipsec.h>
24 #include <vnet/ipsec/esp.h>
25 #include <vnet/ipsec/ipsec_io.h>
26 #include <vnet/ipsec/ipsec_tun.h>
28 #include <vnet/gre/gre.h>
30 #define foreach_esp_decrypt_next \
31 _(DROP, "error-drop") \
32 _(IP4_INPUT, "ip4-input-no-checksum") \
33 _(IP6_INPUT, "ip6-input") \
34 _(L2_INPUT, "l2-input") \
37 #define _(v, s) ESP_DECRYPT_NEXT_##v,
40 foreach_esp_decrypt_next
46 #define foreach_esp_decrypt_error \
47 _(RX_PKTS, "ESP pkts received") \
48 _(DECRYPTION_FAILED, "ESP decryption failed") \
49 _(INTEG_ERROR, "Integrity check failed") \
50 _(CRYPTO_ENGINE_ERROR, "crypto engine error (packet dropped)") \
51 _(REPLAY, "SA replayed packet") \
52 _(RUNT, "undersized packet") \
53 _(CHAINED_BUFFER, "chained buffers (packet dropped)") \
54 _(OVERSIZED_HEADER, "buffer with oversized header (dropped)") \
55 _(NO_TAIL_SPACE, "no enough buffer tail space (dropped)") \
56 _(TUN_NO_PROTO, "no tunnel protocol") \
57 _(UNSUP_PAYLOAD, "unsupported payload") \
62 #define _(sym,str) ESP_DECRYPT_ERROR_##sym,
63 foreach_esp_decrypt_error
66 } esp_decrypt_error_t;
68 static char *esp_decrypt_error_strings[] = {
69 #define _(sym,string) string,
70 foreach_esp_decrypt_error
79 ipsec_crypto_alg_t crypto_alg;
80 ipsec_integ_alg_t integ_alg;
81 } esp_decrypt_trace_t;
83 /* packet trace format function */
85 format_esp_decrypt_trace (u8 * s, va_list * args)
87 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
88 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
89 esp_decrypt_trace_t *t = va_arg (*args, esp_decrypt_trace_t *);
93 "esp: crypto %U integrity %U pkt-seq %d sa-seq %u sa-seq-hi %u",
94 format_ipsec_crypto_alg, t->crypto_alg, format_ipsec_integ_alg,
95 t->integ_alg, t->seq, t->sa_seq, t->sa_seq_hi);
107 ipsec_sa_flags_t flags;
117 } esp_decrypt_packet_data_t;
119 STATIC_ASSERT_SIZEOF (esp_decrypt_packet_data_t, 3 * sizeof (u64));
121 #define ESP_ENCRYPT_PD_F_FD_TRANSPORT (1 << 2)
124 esp_decrypt_inline (vlib_main_t * vm,
125 vlib_node_runtime_t * node, vlib_frame_t * from_frame,
126 int is_ip6, int is_tun)
128 ipsec_main_t *im = &ipsec_main;
129 u32 thread_index = vm->thread_index;
130 u16 buffer_data_size = vlib_buffer_get_default_data_size (vm);
132 ipsec_per_thread_data_t *ptd = vec_elt_at_index (im->ptd, thread_index);
133 u32 *from = vlib_frame_vector_args (from_frame);
134 u32 n, n_left = from_frame->n_vectors;
135 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
136 u16 nexts[VLIB_FRAME_SIZE], *next = nexts;
137 esp_decrypt_packet_data_t pkt_data[VLIB_FRAME_SIZE], *pd = pkt_data;
138 esp_decrypt_packet_data_t cpd = { };
139 u32 current_sa_index = ~0, current_sa_bytes = 0, current_sa_pkts = 0;
140 const u8 esp_sz = sizeof (esp_header_t);
143 vlib_get_buffers (vm, from, b, n_left);
144 vec_reset_length (ptd->crypto_ops);
145 vec_reset_length (ptd->integ_ops);
146 clib_memset_u16 (nexts, -1, n_left);
155 vlib_prefetch_buffer_header (b[2], LOAD);
156 p = vlib_buffer_get_current (b[1]);
157 CLIB_PREFETCH (p, CLIB_CACHE_LINE_BYTES, LOAD);
158 p -= CLIB_CACHE_LINE_BYTES;
159 CLIB_PREFETCH (p, CLIB_CACHE_LINE_BYTES, LOAD);
162 if (vlib_buffer_chain_linearize (vm, b[0]) != 1)
164 b[0]->error = node->errors[ESP_DECRYPT_ERROR_CHAINED_BUFFER];
165 next[0] = ESP_DECRYPT_NEXT_DROP;
169 if (vnet_buffer (b[0])->ipsec.sad_index != current_sa_index)
172 vlib_increment_combined_counter (&ipsec_sa_counters, thread_index,
176 current_sa_bytes = current_sa_pkts = 0;
178 current_sa_index = vnet_buffer (b[0])->ipsec.sad_index;
179 sa0 = pool_elt_at_index (im->sad, current_sa_index);
180 cpd.icv_sz = sa0->integ_icv_size;
181 cpd.iv_sz = sa0->crypto_iv_size;
182 cpd.flags = sa0->flags;
183 cpd.sa_index = current_sa_index;
186 if (PREDICT_FALSE (~0 == sa0->decrypt_thread_index))
188 /* this is the first packet to use this SA, claim the SA
189 * for this thread. this could happen simultaneously on
191 clib_atomic_cmp_and_swap (&sa0->decrypt_thread_index, ~0,
192 ipsec_sa_assign_thread (thread_index));
195 if (PREDICT_TRUE (thread_index != sa0->decrypt_thread_index))
197 next[0] = ESP_DECRYPT_NEXT_HANDOFF;
201 /* store packet data for next round for easier prefetch */
202 pd->sa_data = cpd.sa_data;
203 pd->current_data = b[0]->current_data;
204 pd->current_length = b[0]->current_length;
205 pd->hdr_sz = pd->current_data - vnet_buffer (b[0])->l3_hdr_offset;
206 payload = b[0]->data + pd->current_data;
207 pd->seq = clib_host_to_net_u32 (((esp_header_t *) payload)->seq);
209 /* we need 4 extra bytes for HMAC calculation when ESN are used */
210 if (ipsec_sa_is_set_USE_ESN (sa0) && pd->icv_sz &&
211 (pd->current_data + pd->current_length + 4 > buffer_data_size))
213 b[0]->error = node->errors[ESP_DECRYPT_ERROR_NO_TAIL_SPACE];
214 next[0] = ESP_DECRYPT_NEXT_DROP;
218 /* anti-reply check */
219 if (ipsec_sa_anti_replay_check (sa0, pd->seq))
221 b[0]->error = node->errors[ESP_DECRYPT_ERROR_REPLAY];
222 next[0] = ESP_DECRYPT_NEXT_DROP;
226 if (pd->current_length < cpd.icv_sz + esp_sz + cpd.iv_sz)
228 b[0]->error = node->errors[ESP_DECRYPT_ERROR_RUNT];
229 next[0] = ESP_DECRYPT_NEXT_DROP;
233 len = pd->current_length - cpd.icv_sz;
234 current_sa_pkts += 1;
235 current_sa_bytes += pd->current_length;
237 if (PREDICT_TRUE (sa0->integ_op_id != VNET_CRYPTO_OP_NONE))
239 vnet_crypto_op_t *op;
240 vec_add2_aligned (ptd->integ_ops, op, 1, CLIB_CACHE_LINE_BYTES);
242 vnet_crypto_op_init (op, sa0->integ_op_id);
243 op->key_index = sa0->integ_key_index;
245 op->flags = VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
246 op->user_data = b - bufs;
247 op->digest = payload + len;
248 op->digest_len = cpd.icv_sz;
250 if (ipsec_sa_is_set_USE_ESN (sa0))
252 /* shift ICV by 4 bytes to insert ESN */
253 u32 seq_hi = clib_host_to_net_u32 (sa0->seq_hi);
254 u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa0->seq_hi);
255 clib_memcpy_fast (tmp, payload + len, ESP_MAX_ICV_SIZE);
256 clib_memcpy_fast (payload + len, &seq_hi, sz);
257 clib_memcpy_fast (payload + len + sz, tmp, ESP_MAX_ICV_SIZE);
266 if (sa0->crypto_enc_op_id != VNET_CRYPTO_OP_NONE)
268 vnet_crypto_op_t *op;
269 vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES);
270 vnet_crypto_op_init (op, sa0->crypto_dec_op_id);
271 op->key_index = sa0->crypto_key_index;
274 if (ipsec_sa_is_set_IS_AEAD (sa0))
281 * construct the AAD and the nonce (Salt || IV) in a scratch
282 * space in front of the IP header.
284 scratch = payload - esp_sz;
285 esp0 = (esp_header_t *) (scratch);
287 scratch -= (sizeof (*aad) + pd->hdr_sz);
290 esp_aad_fill (op, esp0, sa0);
293 * we don't need to refer to the ESP header anymore so we
294 * can overwrite it with the salt and use the IV where it is
295 * to form the nonce = (Salt + IV)
297 op->iv -= sizeof (sa0->salt);
298 clib_memcpy_fast (op->iv, &sa0->salt, sizeof (sa0->salt));
300 op->tag = payload + len;
303 op->src = op->dst = payload += cpd.iv_sz;
304 op->len = len - cpd.iv_sz;
305 op->user_data = b - bufs;
316 if (PREDICT_TRUE (~0 != current_sa_index))
317 vlib_increment_combined_counter (&ipsec_sa_counters, thread_index,
318 current_sa_index, current_sa_pkts,
321 if ((n = vec_len (ptd->integ_ops)))
323 vnet_crypto_op_t *op = ptd->integ_ops;
324 n -= vnet_crypto_process_ops (vm, op, n);
327 ASSERT (op - ptd->integ_ops < vec_len (ptd->integ_ops));
328 if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
330 u32 err, bi = op->user_data;
331 if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC)
332 err = ESP_DECRYPT_ERROR_INTEG_ERROR;
334 err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;
335 bufs[bi]->error = node->errors[err];
336 nexts[bi] = ESP_DECRYPT_NEXT_DROP;
342 if ((n = vec_len (ptd->crypto_ops)))
344 vnet_crypto_op_t *op = ptd->crypto_ops;
345 n -= vnet_crypto_process_ops (vm, op, n);
348 ASSERT (op - ptd->crypto_ops < vec_len (ptd->crypto_ops));
349 if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
355 if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC)
356 err = ESP_DECRYPT_ERROR_DECRYPTION_FAILED;
358 err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;
360 bufs[bi]->error = node->errors[err];
361 nexts[bi] = ESP_DECRYPT_NEXT_DROP;
368 /* Post decryption ronud - adjust packet data start and length and next
371 n_left = from_frame->n_vectors;
378 const u8 tun_flags = IPSEC_SA_FLAG_IS_TUNNEL |
379 IPSEC_SA_FLAG_IS_TUNNEL_V6;
383 void *data = b[1]->data + pd[1].current_data;
385 /* buffer metadata */
386 vlib_prefetch_buffer_header (b[1], LOAD);
389 CLIB_PREFETCH (data + pd[1].current_length - pd[1].icv_sz - 2,
390 CLIB_CACHE_LINE_BYTES, LOAD);
393 CLIB_PREFETCH (data - CLIB_CACHE_LINE_BYTES,
394 CLIB_CACHE_LINE_BYTES * 2, LOAD);
397 if (next[0] < ESP_DECRYPT_N_NEXT)
400 sa0 = vec_elt_at_index (im->sad, pd->sa_index);
403 * redo the anti-reply check
404 * in this frame say we have sequence numbers, s, s+1, s+1, s+1
405 * and s and s+1 are in the window. When we did the anti-replay
406 * check above we did so against the state of the window (W),
407 * after packet s-1. So each of the packets in the sequence will be
409 * This time s will be cheked against Ws-1, s+1 chceked against Ws
410 * (i.e. the window state is updated/advnaced)
411 * so this time the successive s+! packet will be dropped.
412 * This is a consequence of batching the decrypts. If the
413 * check-dcrypt-advance process was done for each packet it would
414 * be fine. But we batch the decrypts because it's much more efficient
415 * to do so in SW and if we offload to HW and the process is async.
417 * You're probably thinking, but this means an attacker can send the
418 * above sequence and cause VPP to perform decrpyts that will fail,
419 * and that's true. But if the attacker can determine s (a valid
420 * sequence number in the window) which is non-trivial, it can generate
421 * a sequence s, s+1, s+2, s+3, ... s+n and nothing will prevent any
422 * implementation, sequential or batching, from decrypting these.
424 if (ipsec_sa_anti_replay_check (sa0, pd->seq))
426 b[0]->error = node->errors[ESP_DECRYPT_ERROR_REPLAY];
427 next[0] = ESP_DECRYPT_NEXT_DROP;
431 ipsec_sa_anti_replay_advance (sa0, pd->seq);
433 esp_footer_t *f = (esp_footer_t *) (b[0]->data + pd->current_data +
434 pd->current_length - sizeof (*f) -
436 u16 adv = pd->iv_sz + esp_sz;
437 u16 tail = sizeof (esp_footer_t) + f->pad_length + pd->icv_sz;
439 if ((pd->flags & tun_flags) == 0 && !is_tun) /* transport mode */
441 u8 udp_sz = (is_ip6 == 0 && pd->flags & IPSEC_SA_FLAG_UDP_ENCAP) ?
442 sizeof (udp_header_t) : 0;
443 u16 ip_hdr_sz = pd->hdr_sz - udp_sz;
444 u8 *old_ip = b[0]->data + pd->current_data - ip_hdr_sz - udp_sz;
445 u8 *ip = old_ip + adv + udp_sz;
447 if (is_ip6 && ip_hdr_sz > 64)
448 memmove (ip, old_ip, ip_hdr_sz);
450 clib_memcpy_le64 (ip, old_ip, ip_hdr_sz);
452 b[0]->current_data = pd->current_data + adv - ip_hdr_sz;
453 b[0]->current_length = pd->current_length + ip_hdr_sz - tail - adv;
457 ip6_header_t *ip6 = (ip6_header_t *) ip;
458 u16 len = clib_net_to_host_u16 (ip6->payload_length);
460 ip6->payload_length = clib_host_to_net_u16 (len);
461 ip6->protocol = f->next_header;
462 next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
466 ip4_header_t *ip4 = (ip4_header_t *) ip;
467 ip_csum_t sum = ip4->checksum;
468 u16 len = clib_net_to_host_u16 (ip4->length);
469 len = clib_host_to_net_u16 (len - adv - tail - udp_sz);
470 sum = ip_csum_update (sum, ip4->protocol, f->next_header,
471 ip4_header_t, protocol);
472 sum = ip_csum_update (sum, ip4->length, len,
473 ip4_header_t, length);
474 ip4->checksum = ip_csum_fold (sum);
475 ip4->protocol = f->next_header;
477 next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
482 if (PREDICT_TRUE (f->next_header == IP_PROTOCOL_IP_IN_IP))
484 next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
485 b[0]->current_data = pd->current_data + adv;
486 b[0]->current_length = pd->current_length - adv - tail;
488 else if (f->next_header == IP_PROTOCOL_IPV6)
490 next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
491 b[0]->current_data = pd->current_data + adv;
492 b[0]->current_length = pd->current_length - adv - tail;
496 if (is_tun && f->next_header == IP_PROTOCOL_GRE)
500 b[0]->current_data = pd->current_data + adv;
501 b[0]->current_length = pd->current_length - adv - tail;
503 gre = vlib_buffer_get_current (b[0]);
505 vlib_buffer_advance (b[0], sizeof (*gre));
507 switch (clib_net_to_host_u16 (gre->protocol))
509 case GRE_PROTOCOL_teb:
510 vnet_update_l2_len (b[0]);
511 next[0] = ESP_DECRYPT_NEXT_L2_INPUT;
513 case GRE_PROTOCOL_ip4:
514 next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
516 case GRE_PROTOCOL_ip6:
517 next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
521 node->errors[ESP_DECRYPT_ERROR_UNSUP_PAYLOAD];
522 next[0] = ESP_DECRYPT_NEXT_DROP;
528 next[0] = ESP_DECRYPT_NEXT_DROP;
529 b[0]->error = node->errors[ESP_DECRYPT_ERROR_UNSUP_PAYLOAD];
535 if (ipsec_sa_is_set_IS_PROTECT (sa0))
538 * There are two encap possibilities
539 * 1) the tunnel and ths SA are prodiving encap, i.e. it's
540 * MAC | SA-IP | TUN-IP | ESP | PAYLOAD
541 * implying the SA is in tunnel mode (on a tunnel interface)
542 * 2) only the tunnel provides encap
543 * MAC | TUN-IP | ESP | PAYLOAD
544 * implying the SA is in transport mode.
546 * For 2) we need only strip the tunnel encap and we're good.
547 * since the tunnel and crypto ecnap (int the tun=protect
548 * object) are the same and we verified above that these match
549 * for 1) we need to strip the SA-IP outer headers, to
550 * reveal the tunnel IP and then check that this matches
551 * the configured tunnel.
553 const ipsec_tun_protect_t *itp;
555 itp = ipsec_tun_protect_get
556 (vnet_buffer (b[0])->ipsec.protect_index);
558 if (PREDICT_TRUE (f->next_header == IP_PROTOCOL_IP_IN_IP))
560 const ip4_header_t *ip4;
562 ip4 = vlib_buffer_get_current (b[0]);
564 if (!ip46_address_is_equal_v4 (&itp->itp_tun.src,
565 &ip4->dst_address) ||
566 !ip46_address_is_equal_v4 (&itp->itp_tun.dst,
569 next[0] = ESP_DECRYPT_NEXT_DROP;
571 node->errors[ESP_DECRYPT_ERROR_TUN_NO_PROTO];
574 else if (f->next_header == IP_PROTOCOL_IPV6)
576 const ip6_header_t *ip6;
578 ip6 = vlib_buffer_get_current (b[0]);
580 if (!ip46_address_is_equal_v6 (&itp->itp_tun.src,
581 &ip6->dst_address) ||
582 !ip46_address_is_equal_v6 (&itp->itp_tun.dst,
585 next[0] = ESP_DECRYPT_NEXT_DROP;
587 node->errors[ESP_DECRYPT_ERROR_TUN_NO_PROTO];
595 if (PREDICT_FALSE (b[0]->flags & VLIB_BUFFER_IS_TRACED))
597 esp_decrypt_trace_t *tr;
598 tr = vlib_add_trace (vm, node, b[0], sizeof (*tr));
599 sa0 = pool_elt_at_index (im->sad,
600 vnet_buffer (b[0])->ipsec.sad_index);
601 tr->crypto_alg = sa0->crypto_alg;
602 tr->integ_alg = sa0->integ_alg;
604 tr->sa_seq = sa0->last_seq;
605 tr->sa_seq_hi = sa0->seq_hi;
615 n_left = from_frame->n_vectors;
616 vlib_node_increment_counter (vm, node->node_index,
617 ESP_DECRYPT_ERROR_RX_PKTS, n_left);
619 vlib_buffer_enqueue_to_next (vm, node, from, nexts, n_left);
625 VLIB_NODE_FN (esp4_decrypt_node) (vlib_main_t * vm,
626 vlib_node_runtime_t * node,
627 vlib_frame_t * from_frame)
629 return esp_decrypt_inline (vm, node, from_frame, 0, 0);
632 VLIB_NODE_FN (esp4_decrypt_tun_node) (vlib_main_t * vm,
633 vlib_node_runtime_t * node,
634 vlib_frame_t * from_frame)
636 return esp_decrypt_inline (vm, node, from_frame, 0, 1);
639 VLIB_NODE_FN (esp6_decrypt_node) (vlib_main_t * vm,
640 vlib_node_runtime_t * node,
641 vlib_frame_t * from_frame)
643 return esp_decrypt_inline (vm, node, from_frame, 1, 0);
646 VLIB_NODE_FN (esp6_decrypt_tun_node) (vlib_main_t * vm,
647 vlib_node_runtime_t * node,
648 vlib_frame_t * from_frame)
650 return esp_decrypt_inline (vm, node, from_frame, 1, 1);
654 VLIB_REGISTER_NODE (esp4_decrypt_node) = {
655 .name = "esp4-decrypt",
656 .vector_size = sizeof (u32),
657 .format_trace = format_esp_decrypt_trace,
658 .type = VLIB_NODE_TYPE_INTERNAL,
660 .n_errors = ARRAY_LEN(esp_decrypt_error_strings),
661 .error_strings = esp_decrypt_error_strings,
663 .n_next_nodes = ESP_DECRYPT_N_NEXT,
665 [ESP_DECRYPT_NEXT_DROP] = "ip4-drop",
666 [ESP_DECRYPT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
667 [ESP_DECRYPT_NEXT_IP6_INPUT] = "ip6-input",
668 [ESP_DECRYPT_NEXT_L2_INPUT] = "l2-input",
669 [ESP_DECRYPT_NEXT_HANDOFF] = "esp4-decrypt-handoff",
673 VLIB_REGISTER_NODE (esp6_decrypt_node) = {
674 .name = "esp6-decrypt",
675 .vector_size = sizeof (u32),
676 .format_trace = format_esp_decrypt_trace,
677 .type = VLIB_NODE_TYPE_INTERNAL,
679 .n_errors = ARRAY_LEN(esp_decrypt_error_strings),
680 .error_strings = esp_decrypt_error_strings,
682 .n_next_nodes = ESP_DECRYPT_N_NEXT,
684 [ESP_DECRYPT_NEXT_DROP] = "ip6-drop",
685 [ESP_DECRYPT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
686 [ESP_DECRYPT_NEXT_IP6_INPUT] = "ip6-input",
687 [ESP_DECRYPT_NEXT_L2_INPUT] = "l2-input",
688 [ESP_DECRYPT_NEXT_HANDOFF]= "esp6-decrypt-handoff",
692 VLIB_REGISTER_NODE (esp4_decrypt_tun_node) = {
693 .name = "esp4-decrypt-tun",
694 .vector_size = sizeof (u32),
695 .format_trace = format_esp_decrypt_trace,
696 .type = VLIB_NODE_TYPE_INTERNAL,
697 .n_errors = ARRAY_LEN(esp_decrypt_error_strings),
698 .error_strings = esp_decrypt_error_strings,
699 .n_next_nodes = ESP_DECRYPT_N_NEXT,
701 [ESP_DECRYPT_NEXT_DROP] = "ip4-drop",
702 [ESP_DECRYPT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
703 [ESP_DECRYPT_NEXT_IP6_INPUT] = "ip6-input",
704 [ESP_DECRYPT_NEXT_L2_INPUT] = "l2-input",
705 [ESP_DECRYPT_NEXT_HANDOFF] = "esp4-decrypt-tun-handoff",
709 VLIB_REGISTER_NODE (esp6_decrypt_tun_node) = {
710 .name = "esp6-decrypt-tun",
711 .vector_size = sizeof (u32),
712 .format_trace = format_esp_decrypt_trace,
713 .type = VLIB_NODE_TYPE_INTERNAL,
714 .n_errors = ARRAY_LEN(esp_decrypt_error_strings),
715 .error_strings = esp_decrypt_error_strings,
716 .n_next_nodes = ESP_DECRYPT_N_NEXT,
718 [ESP_DECRYPT_NEXT_DROP] = "ip6-drop",
719 [ESP_DECRYPT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
720 [ESP_DECRYPT_NEXT_IP6_INPUT] = "ip6-input",
721 [ESP_DECRYPT_NEXT_L2_INPUT] = "l2-input",
722 [ESP_DECRYPT_NEXT_HANDOFF]= "esp6-decrypt-tun-handoff",
728 * fd.io coding-style-patch-verification: ON
731 * eval: (c-set-style "gnu")