#include <vppinfra/error.h>
#define IKEV2_NONCE_SIZE 32
-
+#define IKEV2_PORT 500
+#define IKEV2_PORT_NATT 4500
#define IKEV2_KEY_PAD "Key Pad for IKEv2"
+#define IKEV2_GCM_ICV_SIZE 16
+#define IKEV2_GCM_NONCE_SIZE 12
+#define IKEV2_GCM_SALT_SIZE 4
+#define IKEV2_GCM_IV_SIZE (IKEV2_GCM_NONCE_SIZE - IKEV2_GCM_SALT_SIZE)
+
typedef u8 v8;
/* *INDENT-OFF* */
}) ike_header_t;
/* *INDENT-ON* */
+#define ike_hdr_is_response(_h) ((_h)->flags & IKEV2_HDR_FLAG_RESPONSE)
+#define ike_hdr_is_request(_h) (!ike_hdr_is_response(_h))
+#define ike_hdr_is_initiator(_h) ((_h)->flags & IKEV2_HDR_FLAG_INITIATOR)
+#define ike_hdr_is_responder(_h) (!(ike_hdr_is_initiator(_h)))
+
/* *INDENT-OFF* */
-typedef CLIB_PACKED (struct
- {
- u8 nextpayload;
- u8 flags;
- u16 length;
- u16 dh_group;
- u8 reserved[2]; u8 payload[0];}) ike_ke_payload_header_t;
+typedef CLIB_PACKED (struct {
+ u8 nextpayload;
+ u8 flags;
+ u16 length;
+ u16 dh_group;
+ u8 reserved[2];
+ u8 payload[0];
+}) ike_ke_payload_header_t;
/* *INDENT-ON* */
/* *INDENT-OFF* */
#define IKEV2_PAYLOAD_FLAG_CRITICAL (1<<7)
#define IKEV2_PAYLOAD_NONE 0
+#define IKEV2_PAYLOAD_NAT_D 20
+#define IKEV2_PAYLOAD_NAT_OA 21
#define IKEV2_PAYLOAD_SA 33
#define IKEV2_PAYLOAD_KE 34
#define IKEV2_PAYLOAD_IDI 35
#undef _
} ikev2_id_type_t;
+typedef enum
+{
+ TS_IPV4_ADDR_RANGE = 7,
+ TS_IPV6_ADDR_RANGE = 8,
+} ikev2_traffic_selector_type_t;
+
clib_error_t *ikev2_init (vlib_main_t * vm);
clib_error_t *ikev2_set_local_key (vlib_main_t * vm, u8 * file);
clib_error_t *ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add);
u8 id_type, u8 * data, int is_local);
clib_error_t *ikev2_set_profile_ts (vlib_main_t * vm, u8 * name,
u8 protocol_id, u16 start_port,
- u16 end_port, ip4_address_t start_addr,
- ip4_address_t end_addr, int is_local);
+ u16 end_port, ip_address_t start_addr,
+ ip_address_t end_addr, int is_local);
clib_error_t *ikev2_set_profile_responder (vlib_main_t * vm, u8 * name,
u32 sw_if_index,
- ip4_address_t ip4);
+ ip_address_t addr);
+clib_error_t *ikev2_set_profile_responder_hostname (vlib_main_t *vm, u8 *name,
+ u8 *hostname,
+ u32 sw_if_index);
clib_error_t *ikev2_set_profile_ike_transforms (vlib_main_t * vm, u8 * name,
ikev2_transform_encr_type_t
crypto_alg,
crypto_alg,
ikev2_transform_integ_type_t
integ_alg,
- ikev2_transform_dh_type_t
- dh_type, u32 crypto_key_size);
+ u32 crypto_key_size);
clib_error_t *ikev2_set_profile_sa_lifetime (vlib_main_t * vm, u8 * name,
u64 lifetime, u32 jitter,
u32 handover, u64 maxdata);