2 * esp_decrypt.c : IPSec ESP decrypt node
4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/vnet.h>
19 #include <vnet/api_errno.h>
20 #include <vnet/ip/ip.h>
22 #include <vnet/ipsec/ipsec.h>
23 #include <vnet/ipsec/esp.h>
24 #include <vnet/ipsec/ipsec_io.h>
25 #include <vnet/ipsec/ipsec_tun.h>
27 #include <vnet/gre/gre.h>
29 #define foreach_esp_decrypt_next \
30 _(DROP, "error-drop") \
31 _(IP4_INPUT, "ip4-input-no-checksum") \
32 _(IP6_INPUT, "ip6-input") \
33 _(L2_INPUT, "l2-input") \
36 #define _(v, s) ESP_DECRYPT_NEXT_##v,
39 foreach_esp_decrypt_next
45 #define foreach_esp_decrypt_error \
46 _(RX_PKTS, "ESP pkts received") \
47 _(DECRYPTION_FAILED, "ESP decryption failed") \
48 _(INTEG_ERROR, "Integrity check failed") \
49 _(CRYPTO_ENGINE_ERROR, "crypto engine error (packet dropped)") \
50 _(REPLAY, "SA replayed packet") \
51 _(RUNT, "undersized packet") \
52 _(CHAINED_BUFFER, "chained buffers (packet dropped)") \
53 _(OVERSIZED_HEADER, "buffer with oversized header (dropped)") \
54 _(NO_TAIL_SPACE, "no enough buffer tail space (dropped)") \
55 _(TUN_NO_PROTO, "no tunnel protocol") \
56 _(UNSUP_PAYLOAD, "unsupported payload") \
61 #define _(sym,str) ESP_DECRYPT_ERROR_##sym,
62 foreach_esp_decrypt_error
65 } esp_decrypt_error_t;
67 static char *esp_decrypt_error_strings[] = {
68 #define _(sym,string) string,
69 foreach_esp_decrypt_error
78 ipsec_crypto_alg_t crypto_alg;
79 ipsec_integ_alg_t integ_alg;
80 } esp_decrypt_trace_t;
82 /* packet trace format function */
84 format_esp_decrypt_trace (u8 * s, va_list * args)
86 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
87 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
88 esp_decrypt_trace_t *t = va_arg (*args, esp_decrypt_trace_t *);
92 "esp: crypto %U integrity %U pkt-seq %d sa-seq %u sa-seq-hi %u",
93 format_ipsec_crypto_alg, t->crypto_alg, format_ipsec_integ_alg,
94 t->integ_alg, t->seq, t->sa_seq, t->sa_seq_hi);
106 ipsec_sa_flags_t flags;
116 } esp_decrypt_packet_data_t;
118 STATIC_ASSERT_SIZEOF (esp_decrypt_packet_data_t, 3 * sizeof (u64));
120 #define ESP_ENCRYPT_PD_F_FD_TRANSPORT (1 << 2)
123 esp_decrypt_inline (vlib_main_t * vm,
124 vlib_node_runtime_t * node, vlib_frame_t * from_frame,
125 int is_ip6, int is_tun)
127 ipsec_main_t *im = &ipsec_main;
128 u32 thread_index = vm->thread_index;
129 u16 buffer_data_size = vlib_buffer_get_default_data_size (vm);
131 ipsec_per_thread_data_t *ptd = vec_elt_at_index (im->ptd, thread_index);
132 u32 *from = vlib_frame_vector_args (from_frame);
133 u32 n, n_left = from_frame->n_vectors;
134 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
135 u16 nexts[VLIB_FRAME_SIZE], *next = nexts;
136 esp_decrypt_packet_data_t pkt_data[VLIB_FRAME_SIZE], *pd = pkt_data;
137 esp_decrypt_packet_data_t cpd = { };
138 u32 current_sa_index = ~0, current_sa_bytes = 0, current_sa_pkts = 0;
139 const u8 esp_sz = sizeof (esp_header_t);
142 vlib_get_buffers (vm, from, b, n_left);
143 vec_reset_length (ptd->crypto_ops);
144 vec_reset_length (ptd->integ_ops);
145 clib_memset_u16 (nexts, -1, n_left);
154 vlib_prefetch_buffer_header (b[2], LOAD);
155 p = vlib_buffer_get_current (b[1]);
156 CLIB_PREFETCH (p, CLIB_CACHE_LINE_BYTES, LOAD);
157 p -= CLIB_CACHE_LINE_BYTES;
158 CLIB_PREFETCH (p, CLIB_CACHE_LINE_BYTES, LOAD);
161 if (vlib_buffer_chain_linearize (vm, b[0]) != 1)
163 b[0]->error = node->errors[ESP_DECRYPT_ERROR_CHAINED_BUFFER];
164 next[0] = ESP_DECRYPT_NEXT_DROP;
168 if (vnet_buffer (b[0])->ipsec.sad_index != current_sa_index)
171 vlib_increment_combined_counter (&ipsec_sa_counters, thread_index,
175 current_sa_bytes = current_sa_pkts = 0;
177 current_sa_index = vnet_buffer (b[0])->ipsec.sad_index;
178 sa0 = pool_elt_at_index (im->sad, current_sa_index);
179 cpd.icv_sz = sa0->integ_icv_size;
180 cpd.iv_sz = sa0->crypto_iv_size;
181 cpd.flags = sa0->flags;
182 cpd.sa_index = current_sa_index;
185 if (PREDICT_FALSE (~0 == sa0->decrypt_thread_index))
187 /* this is the first packet to use this SA, claim the SA
188 * for this thread. this could happen simultaneously on
190 clib_atomic_cmp_and_swap (&sa0->decrypt_thread_index, ~0,
191 ipsec_sa_assign_thread (thread_index));
194 if (PREDICT_TRUE (thread_index != sa0->decrypt_thread_index))
196 next[0] = ESP_DECRYPT_NEXT_HANDOFF;
200 /* store packet data for next round for easier prefetch */
201 pd->sa_data = cpd.sa_data;
202 pd->current_data = b[0]->current_data;
203 pd->current_length = b[0]->current_length;
204 pd->hdr_sz = pd->current_data - vnet_buffer (b[0])->l3_hdr_offset;
205 payload = b[0]->data + pd->current_data;
206 pd->seq = clib_host_to_net_u32 (((esp_header_t *) payload)->seq);
208 /* we need 4 extra bytes for HMAC calculation when ESN are used */
209 if (ipsec_sa_is_set_USE_ESN (sa0) && pd->icv_sz &&
210 (pd->current_data + pd->current_length + 4 > buffer_data_size))
212 b[0]->error = node->errors[ESP_DECRYPT_ERROR_NO_TAIL_SPACE];
213 next[0] = ESP_DECRYPT_NEXT_DROP;
217 /* anti-reply check */
218 if (ipsec_sa_anti_replay_check (sa0, pd->seq))
220 b[0]->error = node->errors[ESP_DECRYPT_ERROR_REPLAY];
221 next[0] = ESP_DECRYPT_NEXT_DROP;
225 if (pd->current_length < cpd.icv_sz + esp_sz + cpd.iv_sz)
227 b[0]->error = node->errors[ESP_DECRYPT_ERROR_RUNT];
228 next[0] = ESP_DECRYPT_NEXT_DROP;
232 len = pd->current_length - cpd.icv_sz;
233 current_sa_pkts += 1;
234 current_sa_bytes += pd->current_length;
236 if (PREDICT_TRUE (sa0->integ_op_id != VNET_CRYPTO_OP_NONE))
238 vnet_crypto_op_t *op;
239 vec_add2_aligned (ptd->integ_ops, op, 1, CLIB_CACHE_LINE_BYTES);
241 vnet_crypto_op_init (op, sa0->integ_op_id);
242 op->key_index = sa0->integ_key_index;
244 op->flags = VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
245 op->user_data = b - bufs;
246 op->digest = payload + len;
247 op->digest_len = cpd.icv_sz;
249 if (ipsec_sa_is_set_USE_ESN (sa0))
251 /* shift ICV by 4 bytes to insert ESN */
252 u32 seq_hi = clib_host_to_net_u32 (sa0->seq_hi);
253 u8 tmp[ESP_MAX_ICV_SIZE], sz = sizeof (sa0->seq_hi);
254 clib_memcpy_fast (tmp, payload + len, ESP_MAX_ICV_SIZE);
255 clib_memcpy_fast (payload + len, &seq_hi, sz);
256 clib_memcpy_fast (payload + len + sz, tmp, ESP_MAX_ICV_SIZE);
265 if (sa0->crypto_enc_op_id != VNET_CRYPTO_OP_NONE)
267 vnet_crypto_op_t *op;
268 vec_add2_aligned (ptd->crypto_ops, op, 1, CLIB_CACHE_LINE_BYTES);
269 vnet_crypto_op_init (op, sa0->crypto_dec_op_id);
270 op->key_index = sa0->crypto_key_index;
273 if (ipsec_sa_is_set_IS_AEAD (sa0))
280 * construct the AAD and the nonce (Salt || IV) in a scratch
281 * space in front of the IP header.
283 scratch = payload - esp_sz;
284 esp0 = (esp_header_t *) (scratch);
286 scratch -= (sizeof (*aad) + pd->hdr_sz);
289 esp_aad_fill (op, esp0, sa0);
292 * we don't need to refer to the ESP header anymore so we
293 * can overwrite it with the salt and use the IV where it is
294 * to form the nonce = (Salt + IV)
296 op->iv -= sizeof (sa0->salt);
297 clib_memcpy_fast (op->iv, &sa0->salt, sizeof (sa0->salt));
299 op->tag = payload + len;
302 op->src = op->dst = payload += cpd.iv_sz;
303 op->len = len - cpd.iv_sz;
304 op->user_data = b - bufs;
315 if (PREDICT_TRUE (~0 != current_sa_index))
316 vlib_increment_combined_counter (&ipsec_sa_counters, thread_index,
317 current_sa_index, current_sa_pkts,
320 if ((n = vec_len (ptd->integ_ops)))
322 vnet_crypto_op_t *op = ptd->integ_ops;
323 n -= vnet_crypto_process_ops (vm, op, n);
326 ASSERT (op - ptd->integ_ops < vec_len (ptd->integ_ops));
327 if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
329 u32 err, bi = op->user_data;
330 if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC)
331 err = ESP_DECRYPT_ERROR_INTEG_ERROR;
333 err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;
334 bufs[bi]->error = node->errors[err];
335 nexts[bi] = ESP_DECRYPT_NEXT_DROP;
341 if ((n = vec_len (ptd->crypto_ops)))
343 vnet_crypto_op_t *op = ptd->crypto_ops;
344 n -= vnet_crypto_process_ops (vm, op, n);
347 ASSERT (op - ptd->crypto_ops < vec_len (ptd->crypto_ops));
348 if (op->status != VNET_CRYPTO_OP_STATUS_COMPLETED)
354 if (op->status == VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC)
355 err = ESP_DECRYPT_ERROR_DECRYPTION_FAILED;
357 err = ESP_DECRYPT_ERROR_CRYPTO_ENGINE_ERROR;
359 bufs[bi]->error = node->errors[err];
360 nexts[bi] = ESP_DECRYPT_NEXT_DROP;
367 /* Post decryption ronud - adjust packet data start and length and next
370 n_left = from_frame->n_vectors;
377 const u8 tun_flags = IPSEC_SA_FLAG_IS_TUNNEL |
378 IPSEC_SA_FLAG_IS_TUNNEL_V6;
382 void *data = b[1]->data + pd[1].current_data;
384 /* buffer metadata */
385 vlib_prefetch_buffer_header (b[1], LOAD);
388 CLIB_PREFETCH (data + pd[1].current_length - pd[1].icv_sz - 2,
389 CLIB_CACHE_LINE_BYTES, LOAD);
392 CLIB_PREFETCH (data - CLIB_CACHE_LINE_BYTES,
393 CLIB_CACHE_LINE_BYTES * 2, LOAD);
396 if (next[0] < ESP_DECRYPT_N_NEXT)
399 sa0 = vec_elt_at_index (im->sad, pd->sa_index);
402 * redo the anti-reply check
403 * in this frame say we have sequence numbers, s, s+1, s+1, s+1
404 * and s and s+1 are in the window. When we did the anti-replay
405 * check above we did so against the state of the window (W),
406 * after packet s-1. So each of the packets in the sequence will be
408 * This time s will be cheked against Ws-1, s+1 chceked against Ws
409 * (i.e. the window state is updated/advnaced)
410 * so this time the successive s+! packet will be dropped.
411 * This is a consequence of batching the decrypts. If the
412 * check-dcrypt-advance process was done for each packet it would
413 * be fine. But we batch the decrypts because it's much more efficient
414 * to do so in SW and if we offload to HW and the process is async.
416 * You're probably thinking, but this means an attacker can send the
417 * above sequence and cause VPP to perform decrpyts that will fail,
418 * and that's true. But if the attacker can determine s (a valid
419 * sequence number in the window) which is non-trivial, it can generate
420 * a sequence s, s+1, s+2, s+3, ... s+n and nothing will prevent any
421 * implementation, sequential or batching, from decrypting these.
423 if (ipsec_sa_anti_replay_check (sa0, pd->seq))
425 b[0]->error = node->errors[ESP_DECRYPT_ERROR_REPLAY];
426 next[0] = ESP_DECRYPT_NEXT_DROP;
430 ipsec_sa_anti_replay_advance (sa0, pd->seq);
432 esp_footer_t *f = (esp_footer_t *) (b[0]->data + pd->current_data +
433 pd->current_length - sizeof (*f) -
435 u16 adv = pd->iv_sz + esp_sz;
436 u16 tail = sizeof (esp_footer_t) + f->pad_length + pd->icv_sz;
438 if ((pd->flags & tun_flags) == 0 && !is_tun) /* transport mode */
440 u8 udp_sz = (is_ip6 == 0 && pd->flags & IPSEC_SA_FLAG_UDP_ENCAP) ?
441 sizeof (udp_header_t) : 0;
442 u16 ip_hdr_sz = pd->hdr_sz - udp_sz;
443 u8 *old_ip = b[0]->data + pd->current_data - ip_hdr_sz - udp_sz;
444 u8 *ip = old_ip + adv + udp_sz;
446 if (is_ip6 && ip_hdr_sz > 64)
447 memmove (ip, old_ip, ip_hdr_sz);
449 clib_memcpy_le64 (ip, old_ip, ip_hdr_sz);
451 b[0]->current_data = pd->current_data + adv - ip_hdr_sz;
452 b[0]->current_length = pd->current_length + ip_hdr_sz - tail - adv;
456 ip6_header_t *ip6 = (ip6_header_t *) ip;
457 u16 len = clib_net_to_host_u16 (ip6->payload_length);
459 ip6->payload_length = clib_host_to_net_u16 (len);
460 ip6->protocol = f->next_header;
461 next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
465 ip4_header_t *ip4 = (ip4_header_t *) ip;
466 ip_csum_t sum = ip4->checksum;
467 u16 len = clib_net_to_host_u16 (ip4->length);
468 len = clib_host_to_net_u16 (len - adv - tail - udp_sz);
469 sum = ip_csum_update (sum, ip4->protocol, f->next_header,
470 ip4_header_t, protocol);
471 sum = ip_csum_update (sum, ip4->length, len,
472 ip4_header_t, length);
473 ip4->checksum = ip_csum_fold (sum);
474 ip4->protocol = f->next_header;
476 next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
481 if (PREDICT_TRUE (f->next_header == IP_PROTOCOL_IP_IN_IP))
483 next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
484 b[0]->current_data = pd->current_data + adv;
485 b[0]->current_length = pd->current_length - adv - tail;
487 else if (f->next_header == IP_PROTOCOL_IPV6)
489 next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
490 b[0]->current_data = pd->current_data + adv;
491 b[0]->current_length = pd->current_length - adv - tail;
495 if (is_tun && f->next_header == IP_PROTOCOL_GRE)
499 b[0]->current_data = pd->current_data + adv;
500 b[0]->current_length = pd->current_length - adv - tail;
502 gre = vlib_buffer_get_current (b[0]);
504 vlib_buffer_advance (b[0], sizeof (*gre));
506 switch (clib_net_to_host_u16 (gre->protocol))
508 case GRE_PROTOCOL_teb:
509 next[0] = ESP_DECRYPT_NEXT_L2_INPUT;
511 case GRE_PROTOCOL_ip4:
512 next[0] = ESP_DECRYPT_NEXT_IP4_INPUT;
514 case GRE_PROTOCOL_ip6:
515 next[0] = ESP_DECRYPT_NEXT_IP6_INPUT;
519 node->errors[ESP_DECRYPT_ERROR_UNSUP_PAYLOAD];
520 next[0] = ESP_DECRYPT_NEXT_DROP;
526 next[0] = ESP_DECRYPT_NEXT_DROP;
527 b[0]->error = node->errors[ESP_DECRYPT_ERROR_UNSUP_PAYLOAD];
533 if (ipsec_sa_is_set_IS_PROTECT (sa0))
536 * There are two encap possibilities
537 * 1) the tunnel and ths SA are prodiving encap, i.e. it's
538 * MAC | SA-IP | TUN-IP | ESP | PAYLOAD
539 * implying the SA is in tunnel mode (on a tunnel interface)
540 * 2) only the tunnel provides encap
541 * MAC | TUN-IP | ESP | PAYLOAD
542 * implying the SA is in transport mode.
544 * For 2) we need only strip the tunnel encap and we're good.
545 * since the tunnel and crypto ecnap (int the tun=protect
546 * object) are the same and we verified above that these match
547 * for 1) we need to strip the SA-IP outer headers, to
548 * reveal the tunnel IP and then check that this matches
549 * the configured tunnel.
551 const ipsec_tun_protect_t *itp;
553 itp = ipsec_tun_protect_get
554 (vnet_buffer (b[0])->ipsec.protect_index);
556 if (PREDICT_TRUE (f->next_header == IP_PROTOCOL_IP_IN_IP))
558 const ip4_header_t *ip4;
560 ip4 = vlib_buffer_get_current (b[0]);
562 if (!ip46_address_is_equal_v4 (&itp->itp_tun.src,
563 &ip4->dst_address) ||
564 !ip46_address_is_equal_v4 (&itp->itp_tun.dst,
567 next[0] = ESP_DECRYPT_NEXT_DROP;
569 node->errors[ESP_DECRYPT_ERROR_TUN_NO_PROTO];
572 else if (f->next_header == IP_PROTOCOL_IPV6)
574 const ip6_header_t *ip6;
576 ip6 = vlib_buffer_get_current (b[0]);
578 if (!ip46_address_is_equal_v6 (&itp->itp_tun.src,
579 &ip6->dst_address) ||
580 !ip46_address_is_equal_v6 (&itp->itp_tun.dst,
583 next[0] = ESP_DECRYPT_NEXT_DROP;
585 node->errors[ESP_DECRYPT_ERROR_TUN_NO_PROTO];
593 if (PREDICT_FALSE (b[0]->flags & VLIB_BUFFER_IS_TRACED))
595 esp_decrypt_trace_t *tr;
596 tr = vlib_add_trace (vm, node, b[0], sizeof (*tr));
597 sa0 = pool_elt_at_index (im->sad,
598 vnet_buffer (b[0])->ipsec.sad_index);
599 tr->crypto_alg = sa0->crypto_alg;
600 tr->integ_alg = sa0->integ_alg;
602 tr->sa_seq = sa0->last_seq;
603 tr->sa_seq_hi = sa0->seq_hi;
613 n_left = from_frame->n_vectors;
614 vlib_node_increment_counter (vm, node->node_index,
615 ESP_DECRYPT_ERROR_RX_PKTS, n_left);
617 vlib_buffer_enqueue_to_next (vm, node, from, nexts, n_left);
623 VLIB_NODE_FN (esp4_decrypt_node) (vlib_main_t * vm,
624 vlib_node_runtime_t * node,
625 vlib_frame_t * from_frame)
627 return esp_decrypt_inline (vm, node, from_frame, 0, 0);
630 VLIB_NODE_FN (esp4_decrypt_tun_node) (vlib_main_t * vm,
631 vlib_node_runtime_t * node,
632 vlib_frame_t * from_frame)
634 return esp_decrypt_inline (vm, node, from_frame, 0, 1);
637 VLIB_NODE_FN (esp6_decrypt_node) (vlib_main_t * vm,
638 vlib_node_runtime_t * node,
639 vlib_frame_t * from_frame)
641 return esp_decrypt_inline (vm, node, from_frame, 1, 0);
644 VLIB_NODE_FN (esp6_decrypt_tun_node) (vlib_main_t * vm,
645 vlib_node_runtime_t * node,
646 vlib_frame_t * from_frame)
648 return esp_decrypt_inline (vm, node, from_frame, 1, 1);
652 VLIB_REGISTER_NODE (esp4_decrypt_node) = {
653 .name = "esp4-decrypt",
654 .vector_size = sizeof (u32),
655 .format_trace = format_esp_decrypt_trace,
656 .type = VLIB_NODE_TYPE_INTERNAL,
658 .n_errors = ARRAY_LEN(esp_decrypt_error_strings),
659 .error_strings = esp_decrypt_error_strings,
661 .n_next_nodes = ESP_DECRYPT_N_NEXT,
663 [ESP_DECRYPT_NEXT_DROP] = "ip4-drop",
664 [ESP_DECRYPT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
665 [ESP_DECRYPT_NEXT_IP6_INPUT] = "ip6-input",
666 [ESP_DECRYPT_NEXT_L2_INPUT] = "l2-input",
667 [ESP_DECRYPT_NEXT_HANDOFF] = "esp4-decrypt-handoff",
671 VLIB_REGISTER_NODE (esp6_decrypt_node) = {
672 .name = "esp6-decrypt",
673 .vector_size = sizeof (u32),
674 .format_trace = format_esp_decrypt_trace,
675 .type = VLIB_NODE_TYPE_INTERNAL,
677 .n_errors = ARRAY_LEN(esp_decrypt_error_strings),
678 .error_strings = esp_decrypt_error_strings,
680 .n_next_nodes = ESP_DECRYPT_N_NEXT,
682 [ESP_DECRYPT_NEXT_DROP] = "ip6-drop",
683 [ESP_DECRYPT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
684 [ESP_DECRYPT_NEXT_IP6_INPUT] = "ip6-input",
685 [ESP_DECRYPT_NEXT_L2_INPUT] = "l2-input",
686 [ESP_DECRYPT_NEXT_HANDOFF]= "esp6-decrypt-handoff",
690 VLIB_REGISTER_NODE (esp4_decrypt_tun_node) = {
691 .name = "esp4-decrypt-tun",
692 .vector_size = sizeof (u32),
693 .format_trace = format_esp_decrypt_trace,
694 .type = VLIB_NODE_TYPE_INTERNAL,
695 .n_errors = ARRAY_LEN(esp_decrypt_error_strings),
696 .error_strings = esp_decrypt_error_strings,
697 .n_next_nodes = ESP_DECRYPT_N_NEXT,
699 [ESP_DECRYPT_NEXT_DROP] = "ip4-drop",
700 [ESP_DECRYPT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
701 [ESP_DECRYPT_NEXT_IP6_INPUT] = "ip6-input",
702 [ESP_DECRYPT_NEXT_L2_INPUT] = "l2-input",
703 [ESP_DECRYPT_NEXT_HANDOFF] = "esp4-decrypt-tun-handoff",
707 VLIB_REGISTER_NODE (esp6_decrypt_tun_node) = {
708 .name = "esp6-decrypt-tun",
709 .vector_size = sizeof (u32),
710 .format_trace = format_esp_decrypt_trace,
711 .type = VLIB_NODE_TYPE_INTERNAL,
712 .n_errors = ARRAY_LEN(esp_decrypt_error_strings),
713 .error_strings = esp_decrypt_error_strings,
714 .n_next_nodes = ESP_DECRYPT_N_NEXT,
716 [ESP_DECRYPT_NEXT_DROP] = "ip6-drop",
717 [ESP_DECRYPT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
718 [ESP_DECRYPT_NEXT_IP6_INPUT] = "ip6-input",
719 [ESP_DECRYPT_NEXT_L2_INPUT] = "l2-input",
720 [ESP_DECRYPT_NEXT_HANDOFF]= "esp6-decrypt-tun-handoff",
726 * fd.io coding-style-patch-verification: ON
729 * eval: (c-set-style "gnu")