ikev2_child_sa_t *c;
/* find old IKE SAs with the same authenticated identity */
- /* *INDENT-OFF* */
pool_foreach (tmp, ptd->sas) {
if (!ikev2_is_id_equal (&tmp->i_id, &sa->i_id)
|| !ikev2_is_id_equal(&tmp->r_id, &sa->r_id))
if (sa->rspi != tmp->rspi)
vec_add1(delete, tmp - ptd->sas);
}
- /* *INDENT-ON* */
for (i = 0; i < vec_len (delete); i++)
{
ikev2_ts_t *ts, *p_tsi, *p_tsr, *tsi = 0, *tsr = 0;
ikev2_id_t *id_rem, *id_loc;
- /* *INDENT-OFF* */
pool_foreach (p, km->profiles) {
if (sa->is_initiator)
break;
}
- /* *INDENT-ON* */
if (tsi && tsr)
{
if (~0 == a->sw_if_index)
{
- /* *INDENT-OFF* */
ipip_tunnel_key_t key = {
.src = a->local_ip,
.dst = a->remote_ip,
.transport = IPIP_TRANSPORT_IP4,
.fib_index = 0,
};
- /* *INDENT-ON* */
ipip = ipip_tunnel_db_find (&key);
u32 res;
ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
- /* *INDENT-OFF* */
pool_foreach (sa, ptd->sas) {
res = ikev2_retransmit_sa_init_one (sa, ike, iaddr, raddr, rlen);
if (res)
return res;
}
- /* *INDENT-ON* */
/* req is not retransmit */
return 0;
return ikev2_node_internal (vm, node, frame, 0 /* is_ip4 */, 0);
}
-/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ikev2_node_ip4,static) = {
.function = ikev2_ip4,
.name = "ikev2-ip4",
[IKEV2_NEXT_IP6_ERROR_DROP] = "error-drop",
},
};
-/* *INDENT-ON* */
// set ikev2 proposals when vpp is used as initiator
static clib_error_t *
u32 *sai;
u32 *del_sai = 0;
- /* *INDENT-OFF* */
pool_foreach (sa, km->sais) {
if (pi == sa->profile_index)
vec_add1 (del_sai, sa - km->sais);
}
- /* *INDENT-ON* */
vec_foreach (sai, del_sai)
{
vec_foreach (tkm, km->per_thread_data)
{
- /* *INDENT-OFF* */
pool_foreach (sa, tkm->sas) {
if (sa->profile_index != ~0 && pi == sa->profile_index)
vec_add1 (del_sai, sa - tkm->sas);
}
- /* *INDENT-ON* */
vec_foreach (sai, del_sai)
{
ikev2_sa_t *sa;
if (fchild)
break;
- /* *INDENT-OFF* */
pool_foreach (sa, tkm->sas) {
fchild = ikev2_sa_get_child(sa, ispi, IKEV2_PROTOCOL_ESP, 1);
if (fchild)
break;
}
}
- /* *INDENT-ON* */
}
if (!fchild || !fsa)
ikev2_sa_t *sa;
if (fsa)
break;
- /* *INDENT-OFF* */
pool_foreach (sa, tkm->sas) {
if (sa->ispi == ispi)
{
break;
}
}
- /* *INDENT-ON* */
}
if (!fsa)
ikev2_sa_t *sa;
if (fchild)
break;
- /* *INDENT-OFF* */
pool_foreach (sa, tkm->sas) {
fchild = ikev2_sa_get_child(sa, ispi, IKEV2_PROTOCOL_ESP, 1);
if (fchild)
break;
}
}
- /* *INDENT-ON* */
}
if (!fchild || !fsa)
vec_foreach (tkm, km->per_thread_data)
{
- /* *INDENT-OFF* */
pool_foreach (sa, tkm->sas) {
if (ikev2_sa_sw_if_match (sa, sw_if_index))
vec_add1 (sa_vec, sa);
}
- /* *INDENT-ON* */
vec_foreach (sap, sa_vec)
{
}
vec_free (sa_vec);
- /* *INDENT-OFF* */
pool_foreach (sa, km->sais) {
if (ikev2_sa_sw_if_match (sa, sw_if_index))
vec_add1 (ispi_vec, sa->ispi);
}
- /* *INDENT-ON* */
vec_foreach (ispi, ispi_vec)
{
if (is_add)
return 0;
- /* *INDENT-OFF* */
pool_foreach (p, km->profiles) {
if (p->responder.sw_if_index == sw_if_index)
ikev2_sa_del (p, sw_if_index);
}
- /* *INDENT-ON* */
return 0;
}
return 0;
}
-/* *INDENT-OFF* */
VLIB_INIT_FUNCTION (ikev2_init) = {
.runs_after = VLIB_INITS ("ipsec_init", "ipsec_punt_init"),
};
-/* *INDENT-ON* */
static u8
ikev2_mngr_process_child_sa (ikev2_sa_t * sa, ikev2_child_sa_t * csa,
ip_addr_bytes (&sa->iaddr));
}
- /* *INDENT-OFF* */
ipip_tunnel_key_t key = {
.src = local_ip,
.dst = remote_ip,
.transport = IPIP_TRANSPORT_IP4,
.fib_index = 0,
};
- /* *INDENT-ON* */
ipip = ipip_tunnel_db_find (&key);
ikev2_sa_t *sa;
if (fchild)
break;
- /* *INDENT-OFF* */
pool_foreach (sa, tkm->sas) {
fchild = ikev2_sa_get_child(sa, ipsec_sa->spi, IKEV2_PROTOCOL_ESP, 1);
if (fchild)
break;
}
}
- /* *INDENT-ON* */
}
vlib_get_combined_counter (&ipsec_sa_counters,
ipsec_sa->stat_index, &counts);
u64 ispi;
ikev2_sa_t *sa;
- /* *INDENT-OFF* */
hash_foreach (ispi, sai, km->sa_by_ispi,
({
sa = pool_elt_at_index (km->sais, sai);
ikev2_process_pending_sa_init_one (vm, km, sa);
}));
- /* *INDENT-ON* */
}
static void
ikev2_sa_t *sa;
u32 *to_be_deleted = 0;
- /* *INDENT-OFF* */
pool_foreach (sa, tkm->sas) {
ikev2_child_sa_t *c;
u8 del_old_ids = 0;
/* process ipsec sas */
ipsec_sa_t *sa;
- /* *INDENT-OFF* */
pool_foreach (sa, ipsec_sa_pool)
{
ikev2_mngr_process_ipsec_sa (sa);
}
- /* *INDENT-ON* */
ikev2_process_pending_sa_init (vm, km);
}
return 0;
}
-/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ikev2_mngr_process_node, static) = {
.function = ikev2_mngr_process_fn,
.type = VLIB_NODE_TYPE_PROCESS,
.version = VPP_BUILD_VER,
.description = "Internet Key Exchange (IKEv2) Protocol",
};
-/* *INDENT-ON* */
/*
* fd.io coding-style-patch-verification: ON
Code Review / vpp.git / blobdiff