src/vnet/ipsec/ipsec_spd_policy.h

   1 /*
   2  * Copyright (c) 2015 Cisco and/or its affiliates.
   3  * Licensed under the Apache License, Version 2.0 (the "License");
   4  * you may not use this file except in compliance with the License.
   5  * You may obtain a copy of the License at:
   6  *
   7  *     http://www.apache.org/licenses/LICENSE-2.0
   8  *
   9  * Unless required by applicable law or agreed to in writing, software
  10  * distributed under the License is distributed on an "AS IS" BASIS,
  11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12  * See the License for the specific language governing permissions and
  13  * limitations under the License.
  14  */
  15 #ifndef __IPSEC_SPD_POLICY_H__
  16 #define __IPSEC_SPD_POLICY_H__
  17
  18 #include <vnet/ipsec/ipsec_spd.h>
  19
  20 #define IPSEC_POLICY_PROTOCOL_ANY IP_PROTOCOL_RESERVED
  21
  22 #define foreach_ipsec_policy_action \
  23   _ (0, BYPASS, "bypass")           \
  24   _ (1, DISCARD, "discard")         \
  25   _ (2, RESOLVE, "resolve")         \
  26   _ (3, PROTECT, "protect")
  27
  28 typedef enum
  29 {
  30 #define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
  31   foreach_ipsec_policy_action
  32 #undef _
  33 } ipsec_policy_action_t;
  34
  35 #define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
  36
  37 typedef struct
  38 {
  39   ip46_address_t start, stop;
  40 } ip46_address_range_t;
  41
  42 typedef struct
  43 {
  44   u16 start, stop;
  45 } port_range_t;
  46
  47 /**
  48  * @brief
  49  * Policy packet & bytes counters
  50  */
  51 extern vlib_combined_counter_main_t ipsec_spd_policy_counters;
  52
  53 /**
  54  * @brief A Secruity Policy. An entry in an SPD
  55  */
  56 typedef struct ipsec_policy_t_
  57 {
  58   u32 id;
  59   i32 priority;
  60
  61   // the type of policy
  62   ipsec_spd_policy_type_t type;
  63
  64   // Selector
  65   u8 is_ipv6;
  66   ip46_address_range_t laddr;
  67   ip46_address_range_t raddr;
  68   u8 protocol;
  69   port_range_t lport;
  70   port_range_t rport;
  71
  72   // Policy
  73   ipsec_policy_action_t policy;
  74   u32 sa_id;
  75   u32 sa_index;
  76 } ipsec_policy_t;
  77
  78 /**
  79  * @brief Add/Delete a SPD
  80  */
  81 extern int ipsec_add_del_policy (vlib_main_t * vm,
  82                                  ipsec_policy_t * policy,
  83                                  int is_add, u32 * stat_index);
  84
  85 extern u8 *format_ipsec_policy (u8 * s, va_list * args);
  86 extern u8 *format_ipsec_policy_action (u8 * s, va_list * args);
  87 extern uword unformat_ipsec_policy_action (unformat_input_t * input,
  88                                            va_list * args);
  89
  90
  91 extern int ipsec_policy_mk_type (bool is_outbound,
  92                                  bool is_ipv6,
  93                                  ipsec_policy_action_t action,
  94                                  ipsec_spd_policy_type_t * type);
  95
  96 #endif /* __IPSEC_SPD_POLICY_H__ */
  97
  98 /*
  99  * fd.io coding-style-patch-verification: ON
 100  *
 101  * Local Variables:
 102  * eval: (c-set-style "gnu")
 103  * End:
 104  */