2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include <vnet/ip/ip.h>
19 #include <vnet/crypto/crypto.h>
20 #include <vnet/feature/feature.h>
22 #include <vppinfra/types.h>
23 #include <vppinfra/cache.h>
25 #include <vnet/ipsec/ipsec_spd.h>
26 #include <vnet/ipsec/ipsec_spd_policy.h>
27 #include <vnet/ipsec/ipsec_sa.h>
28 #include <vnet/ipsec/ipsec_if.h>
30 typedef clib_error_t *(*add_del_sa_sess_cb_t) (u32 sa_index, u8 is_add);
31 typedef clib_error_t *(*check_support_cb_t) (ipsec_sa_t * sa);
36 /* add/del callback */
37 add_del_sa_sess_cb_t add_del_sa_sess_cb;
38 /* check support function */
39 check_support_cb_t check_support_cb;
40 u32 ah4_encrypt_node_index;
41 u32 ah4_decrypt_node_index;
42 u32 ah4_encrypt_next_index;
43 u32 ah4_decrypt_next_index;
44 u32 ah6_encrypt_node_index;
45 u32 ah6_decrypt_node_index;
46 u32 ah6_encrypt_next_index;
47 u32 ah6_decrypt_next_index;
53 /* add/del callback */
54 add_del_sa_sess_cb_t add_del_sa_sess_cb;
55 /* check support function */
56 check_support_cb_t check_support_cb;
57 u32 esp4_encrypt_node_index;
58 u32 esp4_decrypt_node_index;
59 u32 esp4_encrypt_next_index;
60 u32 esp4_decrypt_next_index;
61 u32 esp6_encrypt_node_index;
62 u32 esp6_decrypt_node_index;
63 u32 esp6_encrypt_next_index;
64 u32 esp6_decrypt_next_index;
65 } ipsec_esp_backend_t;
69 vnet_crypto_op_type_t enc_op_type;
70 vnet_crypto_op_type_t dec_op_type;
73 } ipsec_main_crypto_alg_t;
77 vnet_crypto_op_type_t op_type;
79 } ipsec_main_integ_alg_t;
83 /* pool of tunnel instances */
85 /* Pool of security associations */
87 /* pool of policies */
88 ipsec_policy_t *policies;
90 /* pool of tunnel interfaces */
91 ipsec_tunnel_if_t *tunnel_interfaces;
93 uword *tunnel_index_by_key;
96 vlib_main_t *vlib_main;
97 vnet_main_t *vnet_main;
100 uword *spd_index_by_spd_id;
101 uword *spd_index_by_sw_if_index;
102 uword *sa_index_by_sa_id;
103 uword *ipsec_if_pool_index_by_key;
104 uword *ipsec_if_real_dev_by_show_dev;
107 u32 error_drop_node_index;
108 u32 esp4_encrypt_node_index;
109 u32 esp4_decrypt_node_index;
110 u32 ah4_encrypt_node_index;
111 u32 ah4_decrypt_node_index;
112 u32 esp6_encrypt_node_index;
113 u32 esp6_decrypt_node_index;
114 u32 ah6_encrypt_node_index;
115 u32 ah6_decrypt_node_index;
116 /* next node indices */
117 u32 esp4_encrypt_next_index;
118 u32 esp4_decrypt_next_index;
119 u32 ah4_encrypt_next_index;
120 u32 ah4_decrypt_next_index;
121 u32 esp6_encrypt_next_index;
122 u32 esp6_decrypt_next_index;
123 u32 ah6_encrypt_next_index;
124 u32 ah6_decrypt_next_index;
126 /* pool of ah backends */
127 ipsec_ah_backend_t *ah_backends;
128 /* pool of esp backends */
129 ipsec_esp_backend_t *esp_backends;
130 /* index of current ah backend */
131 u32 ah_current_backend;
132 /* index of current esp backend */
133 u32 esp_current_backend;
134 /* index of default ah backend */
135 u32 ah_default_backend;
136 /* index of default esp backend */
137 u32 esp_default_backend;
139 /* crypto alg data */
140 ipsec_main_crypto_alg_t *crypto_algs;
142 /* crypto integ data */
143 ipsec_main_integ_alg_t *integ_algs;
146 extern ipsec_main_t ipsec_main;
148 clib_error_t *ipsec_add_del_sa_sess_cb (ipsec_main_t * im, u32 sa_index,
151 clib_error_t *ipsec_check_support_cb (ipsec_main_t * im, ipsec_sa_t * sa);
153 extern vlib_node_registration_t esp4_encrypt_node;
154 extern vlib_node_registration_t esp4_decrypt_node;
155 extern vlib_node_registration_t ah4_encrypt_node;
156 extern vlib_node_registration_t ah4_decrypt_node;
157 extern vlib_node_registration_t esp6_encrypt_node;
158 extern vlib_node_registration_t esp6_decrypt_node;
159 extern vlib_node_registration_t ah6_encrypt_node;
160 extern vlib_node_registration_t ah6_decrypt_node;
161 extern vlib_node_registration_t ipsec_if_input_node;
166 u8 *format_ipsec_replay_window (u8 * s, va_list * args);
172 static_always_inline u32
173 get_next_output_feature_node_index (vlib_buffer_t * b,
174 vlib_node_runtime_t * nr)
177 vlib_main_t *vm = vlib_get_main ();
178 vlib_node_t *node = vlib_get_node (vm, nr->node_index);
180 vnet_feature_next (&next, b);
181 return node->next_nodes[next];
184 u32 ipsec_register_ah_backend (vlib_main_t * vm, ipsec_main_t * im,
186 const char *ah4_encrypt_node_name,
187 const char *ah4_decrypt_node_name,
188 const char *ah6_encrypt_node_name,
189 const char *ah6_decrypt_node_name,
190 check_support_cb_t ah_check_support_cb,
191 add_del_sa_sess_cb_t ah_add_del_sa_sess_cb);
193 u32 ipsec_register_esp_backend (vlib_main_t * vm, ipsec_main_t * im,
195 const char *esp4_encrypt_node_name,
196 const char *esp4_decrypt_node_name,
197 const char *esp6_encrypt_node_name,
198 const char *esp6_decrypt_node_name,
199 check_support_cb_t esp_check_support_cb,
200 add_del_sa_sess_cb_t esp_add_del_sa_sess_cb);
202 int ipsec_select_ah_backend (ipsec_main_t * im, u32 ah_backend_idx);
203 int ipsec_select_esp_backend (ipsec_main_t * im, u32 esp_backend_idx);
204 #endif /* __IPSEC_H__ */
207 * fd.io coding-style-patch-verification: ON
210 * eval: (c-set-style "gnu")