2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #ifndef __IPSEC_SPD_POLICY_H__
16 #define __IPSEC_SPD_POLICY_H__
18 #include <vnet/ipsec/ipsec_spd.h>
20 #define IPSEC_POLICY_PROTOCOL_ANY IP_PROTOCOL_RESERVED
22 #define foreach_ipsec_policy_action \
23 _ (0, BYPASS, "bypass") \
24 _ (1, DISCARD, "discard") \
25 _ (2, RESOLVE, "resolve") \
26 _ (3, PROTECT, "protect")
30 #define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
31 foreach_ipsec_policy_action
33 } ipsec_policy_action_t;
35 #define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
39 ip46_address_t start, stop;
40 } ip46_address_range_t;
49 * Policy packet & bytes counters
51 extern vlib_combined_counter_main_t ipsec_spd_policy_counters;
54 * @brief A Secruity Policy. An entry in an SPD
56 typedef struct ipsec_policy_t_
62 ipsec_spd_policy_type_t type;
66 ip46_address_range_t laddr;
67 ip46_address_range_t raddr;
73 ipsec_policy_action_t policy;
79 * @brief Add/Delete a SPD
81 extern int ipsec_add_del_policy (vlib_main_t * vm,
82 ipsec_policy_t * policy,
83 int is_add, u32 * stat_index);
85 extern u8 *format_ipsec_policy (u8 * s, va_list * args);
86 extern u8 *format_ipsec_policy_action (u8 * s, va_list * args);
87 extern uword unformat_ipsec_policy_action (unformat_input_t * input,
91 extern int ipsec_policy_mk_type (bool is_outbound,
93 ipsec_policy_action_t action,
94 ipsec_spd_policy_type_t * type);
96 #endif /* __IPSEC_SPD_POLICY_H__ */
99 * fd.io coding-style-patch-verification: ON
102 * eval: (c-set-style "gnu")