2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #ifndef included_vnet_sr_h
16 #define included_vnet_sr_h
18 #include <vnet/vnet.h>
19 #include <vnet/sr/sr_packet.h>
20 #include <vnet/ip/ip6_packet.h>
22 #include <openssl/opensslconf.h>
26 #include <openssl/crypto.h>
27 #include <openssl/sha.h>
28 #include <openssl/opensslv.h>
29 #include <openssl/hmac.h>
35 } ip6_sr_tunnel_key_t;
39 /* src, dst address */
40 ip6_sr_tunnel_key_t key;
42 /* optional tunnel name */
45 /* mask width for FIB entry */
48 /* first hop, to save 1 elt in the segment list */
49 ip6_address_t first_hop;
55 /* The actual ip6 sr header */
58 /* Indicates that this tunnel is part of a policy comprising
59 of multiple tunnels. */
70 /* Key (header imposition case) */
71 ip6_address_t *src_address;
72 ip6_address_t *dst_address;
77 /* optional name argument - for referencing SR tunnel/policy by name */
80 /* optional policy name */
83 /* segment list, when inserting an ip6 SR header */
84 ip6_address_t *segments;
87 * "Tag" list, aka segments inserted at the end of the list,
92 /* Shared secret => generate SHA-256 HMAC security fields */
95 /* Flags, e.g. cleanup, policy-list flags */
96 u16 flags_net_byte_order;
98 /* Delete the tunnnel? */
100 } ip6_sr_add_del_tunnel_args_t;
110 /* Delete the policy? */
112 } ip6_sr_add_del_policy_args_t;
120 /* vector to SR tunnel index */
127 /* multicast IP6 address */
128 ip6_address_t *multicast_address;
130 /* name of policy to map to */
133 /* Delete the mapping */
136 } ip6_sr_add_del_multicastmap_args_t;
140 /* pool of tunnel instances, sr entry only */
141 ip6_sr_tunnel_t *tunnels;
143 /* find an sr "tunnel" by its outer-IP src/dst */
144 uword *tunnel_index_by_key;
146 /* find an sr "tunnel" by its name */
147 uword *tunnel_index_by_name;
150 ip6_sr_policy_t *policies;
152 /* find a policy by name */
153 uword *policy_index_by_policy_name;
155 /* multicast address to policy mapping */
156 uword *policy_index_by_multicast_address;
158 /* ip6-lookup next index for imposition FIB entries */
159 u32 ip6_lookup_sr_next_index;
161 /* hmac key id by shared secret */
162 uword *hmac_key_by_shared_secret;
164 /* ip6-rewrite next index for reinstalling the original dst address */
165 u32 ip6_rewrite_sr_next_index;
167 /* ip6-replicate next index for multicast tunnel */
168 u32 ip6_lookup_sr_replicate_index;
170 /* application API callback */
173 /* validate hmac keys */
176 /* pool of hmac keys */
177 ip6_sr_hmac_key_t *hmac_keys;
183 /* enable debug spew */
187 vlib_main_t *vlib_main;
188 vnet_main_t *vnet_main;
191 ip6_sr_main_t sr_main;
193 format_function_t format_ip6_sr_header;
194 format_function_t format_ip6_sr_header_with_length;
196 vlib_node_registration_t ip6_sr_input_node;
199 extern vlib_node_registration_t sr_replicate_node;
202 int ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a);
203 int ip6_sr_add_del_policy (ip6_sr_add_del_policy_args_t * a);
204 int ip6_sr_add_del_multicastmap (ip6_sr_add_del_multicastmap_args_t * a);
206 void vnet_register_sr_app_callback (void *cb);
208 void sr_fix_hmac (ip6_sr_main_t * sm, ip6_header_t * ip,
209 ip6_sr_header_t * sr);
211 #endif /* included_vnet_sr_h */
214 * fd.io coding-style-patch-verification: ON
217 * eval: (c-set-style "gnu")