diff options
author | Prashant Maheshwari <pmahesh2@cisco.com> | 2019-11-14 12:42:59 +0530 |
---|---|---|
committer | Neale Ranns <nranns@cisco.com> | 2019-12-03 05:45:27 +0000 |
commit | dbf68c9aa258238260df34c0e864223ea4f3a987 (patch) | |
tree | 545f58115df3ef1570ea526675401018cf59ccea /src/vnet | |
parent | abde62fb83ebd0e0e1204fc77affe909fc95ba51 (diff) |
ipsec: Changes to make ipsec encoder/decoders reusable by the plugins
Type: fix
Signed-off-by: Prashant Maheshwari <pmahesh2@cisco.com>
Change-Id: I81b937fc8cfec36f8fb5de711ffbb02f23f3664e
Signed-off-by: Prashant Maheshwari <pmahesh2@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/CMakeLists.txt | 3 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec.api | 109 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec.h | 1 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_api.c | 148 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_types.api | 132 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_types_api.c | 177 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_types_api.h | 53 |
7 files changed, 368 insertions, 255 deletions
diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt index 8afbc1cec13..18898e152d1 100644 --- a/src/vnet/CMakeLists.txt +++ b/src/vnet/CMakeLists.txt @@ -584,6 +584,7 @@ list(APPEND VNET_SOURCES ipsec/ah_decrypt.c ipsec/ah_encrypt.c ipsec/ipsec_api.c + ipsec/ipsec_types_api.c ) list(APPEND VNET_MULTIARCH_SOURCES @@ -596,6 +597,7 @@ list(APPEND VNET_MULTIARCH_SOURCES ipsec/ipsec_tun_in.c ) +list(APPEND VNET_API_FILES ipsec/ipsec_types.api) list(APPEND VNET_API_FILES ipsec/ipsec.api) list(APPEND VNET_SOURCES @@ -608,6 +610,7 @@ list(APPEND VNET_HEADERS ipsec/ipsec_spd_policy.h ipsec/ipsec_sa.h ipsec/ipsec_tun.h + ipsec/ipsec_types_api.h ipsec/ipsec_punt.h ipsec/esp.h ipsec/ah.h diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api index 72677d6e0ea..6d34d056003 100644 --- a/src/vnet/ipsec/ipsec.api +++ b/src/vnet/ipsec/ipsec.api @@ -16,7 +16,7 @@ option version = "3.0.0"; -import "vnet/ip/ip_types.api"; +import "vnet/ipsec/ipsec_types.api"; import "vnet/interface_types.api"; /** \brief IPsec: Add/delete Security Policy Database @@ -180,113 +180,6 @@ define ipsec_spd_details { vl_api_ipsec_spd_entry_t entry; }; -/* - * @brief Support cryptographic algorithms - */ -enum ipsec_crypto_alg -{ - IPSEC_API_CRYPTO_ALG_NONE = 0, - IPSEC_API_CRYPTO_ALG_AES_CBC_128, - IPSEC_API_CRYPTO_ALG_AES_CBC_192, - IPSEC_API_CRYPTO_ALG_AES_CBC_256, - IPSEC_API_CRYPTO_ALG_AES_CTR_128, - IPSEC_API_CRYPTO_ALG_AES_CTR_192, - IPSEC_API_CRYPTO_ALG_AES_CTR_256, - IPSEC_API_CRYPTO_ALG_AES_GCM_128, - IPSEC_API_CRYPTO_ALG_AES_GCM_192, - IPSEC_API_CRYPTO_ALG_AES_GCM_256, - IPSEC_API_CRYPTO_ALG_DES_CBC, - IPSEC_API_CRYPTO_ALG_3DES_CBC, -}; - -/* - * @brief Supported Integrity Algorithms - */ -enum ipsec_integ_alg -{ - IPSEC_API_INTEG_ALG_NONE = 0, - /* RFC2403 */ - IPSEC_API_INTEG_ALG_MD5_96, - /* RFC2404 */ - IPSEC_API_INTEG_ALG_SHA1_96, - /* draft-ietf-ipsec-ciph-sha-256-00 */ - IPSEC_API_INTEG_ALG_SHA_256_96, - /* RFC4868 */ - IPSEC_API_INTEG_ALG_SHA_256_128, - /* RFC4868 */ - IPSEC_API_INTEG_ALG_SHA_384_192, - /* RFC4868 */ - IPSEC_API_INTEG_ALG_SHA_512_256, -}; - -enum ipsec_sad_flags -{ - IPSEC_API_SAD_FLAG_NONE = 0, - /* Enable extended sequence numbers */ - IPSEC_API_SAD_FLAG_USE_ESN = 0x01, - /* Enable Anti-replay */ - IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY = 0x02, - /* IPsec tunnel mode if non-zero, else transport mode */ - IPSEC_API_SAD_FLAG_IS_TUNNEL = 0x04, - /* IPsec tunnel mode is IPv6 if non-zero, - * else IPv4 tunnel only valid if is_tunnel is non-zero */ - IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08, - /* enable UDP encapsulation for NAT traversal */ - IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10, -}; - -enum ipsec_proto -{ - IPSEC_API_PROTO_ESP, - IPSEC_API_PROTO_AH, -}; - -typedef key -{ - /* the length of the key */ - u8 length; - /* The data for the key */ - u8 data[128]; -}; - -/** \brief IPsec: Security Association Database entry - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - add SAD entry if non-zero, else delete - @param sad_id - sad id - @param spi - security parameter index - @param protocol - 0 = AH, 1 = ESP - @param crypto_algorithm - a supported crypto algorithm - @param crypto_key - crypto keying material - @param integrity_algorithm - one of the supported algorithms - @param integrity_key - integrity keying material - @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero - @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero - @param tx_table_id - the FIB id used for encapsulated packets - @param salt - for use with counter mode ciphers - */ -typedef ipsec_sad_entry -{ - u32 sad_id; - - u32 spi; - - vl_api_ipsec_proto_t protocol; - - vl_api_ipsec_crypto_alg_t crypto_algorithm; - vl_api_key_t crypto_key; - - vl_api_ipsec_integ_alg_t integrity_algorithm; - vl_api_key_t integrity_key; - - vl_api_ipsec_sad_flags_t flags; - - vl_api_address_t tunnel_src; - vl_api_address_t tunnel_dst; - u32 tx_table_id; - u32 salt; -}; - /** \brief IPsec: Add/delete Security Association Database entry @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h index be928a2572e..975ebc63a48 100644 --- a/src/vnet/ipsec/ipsec.h +++ b/src/vnet/ipsec/ipsec.h @@ -245,6 +245,7 @@ ipsec_sa_get (u32 sa_index) void ipsec_add_feature (const char *arc_name, const char *node_name, u32 * out_feature_index); + #endif /* __IPSEC_H__ */ /* diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 6784f0b08f9..893eee45ac9 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -24,6 +24,7 @@ #include <vnet/api_errno.h> #include <vnet/ip/ip.h> #include <vnet/ip/ip_types_api.h> +#include <vnet/ipsec/ipsec_types_api.h> #include <vnet/fib/fib.h> #include <vnet/ipip/ipip.h> @@ -321,153 +322,6 @@ out: /* *INDENT-ON* */ } -static int -ipsec_proto_decode (vl_api_ipsec_proto_t in, ipsec_protocol_t * out) -{ - in = clib_net_to_host_u32 (in); - - switch (in) - { - case IPSEC_API_PROTO_ESP: - *out = IPSEC_PROTOCOL_ESP; - return (0); - case IPSEC_API_PROTO_AH: - *out = IPSEC_PROTOCOL_AH; - return (0); - } - return (VNET_API_ERROR_INVALID_PROTOCOL); -} - -static vl_api_ipsec_proto_t -ipsec_proto_encode (ipsec_protocol_t p) -{ - switch (p) - { - case IPSEC_PROTOCOL_ESP: - return clib_host_to_net_u32 (IPSEC_API_PROTO_ESP); - case IPSEC_PROTOCOL_AH: - return clib_host_to_net_u32 (IPSEC_API_PROTO_AH); - } - return (VNET_API_ERROR_UNIMPLEMENTED); -} - -static int -ipsec_crypto_algo_decode (vl_api_ipsec_crypto_alg_t in, - ipsec_crypto_alg_t * out) -{ - in = clib_net_to_host_u32 (in); - - switch (in) - { -#define _(v,f,s) case IPSEC_API_CRYPTO_ALG_##f: \ - *out = IPSEC_CRYPTO_ALG_##f; \ - return (0); - foreach_ipsec_crypto_alg -#undef _ - } - return (VNET_API_ERROR_INVALID_ALGORITHM); -} - -static vl_api_ipsec_crypto_alg_t -ipsec_crypto_algo_encode (ipsec_crypto_alg_t c) -{ - switch (c) - { -#define _(v,f,s) case IPSEC_CRYPTO_ALG_##f: \ - return clib_host_to_net_u32(IPSEC_API_CRYPTO_ALG_##f); - foreach_ipsec_crypto_alg -#undef _ - case IPSEC_CRYPTO_N_ALG: - break; - } - ASSERT (0); - return (VNET_API_ERROR_UNIMPLEMENTED); -} - -static int -ipsec_integ_algo_decode (vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t * out) -{ - in = clib_net_to_host_u32 (in); - - switch (in) - { -#define _(v,f,s) case IPSEC_API_INTEG_ALG_##f: \ - *out = IPSEC_INTEG_ALG_##f; \ - return (0); - foreach_ipsec_integ_alg -#undef _ - } - return (VNET_API_ERROR_INVALID_ALGORITHM); -} - -static vl_api_ipsec_integ_alg_t -ipsec_integ_algo_encode (ipsec_integ_alg_t i) -{ - switch (i) - { -#define _(v,f,s) case IPSEC_INTEG_ALG_##f: \ - return (clib_host_to_net_u32(IPSEC_API_INTEG_ALG_##f)); - foreach_ipsec_integ_alg -#undef _ - case IPSEC_INTEG_N_ALG: - break; - } - ASSERT (0); - return (VNET_API_ERROR_UNIMPLEMENTED); -} - -static void -ipsec_key_decode (const vl_api_key_t * key, ipsec_key_t * out) -{ - ipsec_mk_key (out, key->data, key->length); -} - -static void -ipsec_key_encode (const ipsec_key_t * in, vl_api_key_t * out) -{ - out->length = in->len; - clib_memcpy (out->data, in->data, out->length); -} - -static ipsec_sa_flags_t -ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in) -{ - ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE; - in = clib_net_to_host_u32 (in); - - if (in & IPSEC_API_SAD_FLAG_USE_ESN) - flags |= IPSEC_SA_FLAG_USE_ESN; - if (in & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) - flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY; - if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL) - flags |= IPSEC_SA_FLAG_IS_TUNNEL; - if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6) - flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6; - if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP) - flags |= IPSEC_SA_FLAG_UDP_ENCAP; - - return (flags); -} - -static vl_api_ipsec_sad_flags_t -ipsec_sad_flags_encode (const ipsec_sa_t * sa) -{ - vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE; - - if (ipsec_sa_is_set_USE_ESN (sa)) - flags |= IPSEC_API_SAD_FLAG_USE_ESN; - if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) - flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY; - if (ipsec_sa_is_set_IS_TUNNEL (sa)) - flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL; - if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa)) - flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6; - if (ipsec_sa_is_set_UDP_ENCAP (sa)) - flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP; - - return clib_host_to_net_u32 (flags); -} - static void vl_api_ipsec_sad_entry_add_del_t_handler (vl_api_ipsec_sad_entry_add_del_t * mp) { diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api new file mode 100644 index 00000000000..3015613b3c9 --- /dev/null +++ b/src/vnet/ipsec/ipsec_types.api @@ -0,0 +1,132 @@ +/* Hey Emacs use -*- mode: C -*- */ +/* + * Copyright (c) 2015-2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +option version = "3.0.0"; + +import "vnet/ip/ip_types.api"; + +/* + * @brief Support cryptographic algorithms + */ +enum ipsec_crypto_alg +{ + IPSEC_API_CRYPTO_ALG_NONE = 0, + IPSEC_API_CRYPTO_ALG_AES_CBC_128, + IPSEC_API_CRYPTO_ALG_AES_CBC_192, + IPSEC_API_CRYPTO_ALG_AES_CBC_256, + IPSEC_API_CRYPTO_ALG_AES_CTR_128, + IPSEC_API_CRYPTO_ALG_AES_CTR_192, + IPSEC_API_CRYPTO_ALG_AES_CTR_256, + IPSEC_API_CRYPTO_ALG_AES_GCM_128, + IPSEC_API_CRYPTO_ALG_AES_GCM_192, + IPSEC_API_CRYPTO_ALG_AES_GCM_256, + IPSEC_API_CRYPTO_ALG_DES_CBC, + IPSEC_API_CRYPTO_ALG_3DES_CBC, +}; + +/* + * @brief Supported Integrity Algorithms + */ +enum ipsec_integ_alg +{ + IPSEC_API_INTEG_ALG_NONE = 0, + /* RFC2403 */ + IPSEC_API_INTEG_ALG_MD5_96, + /* RFC2404 */ + IPSEC_API_INTEG_ALG_SHA1_96, + /* draft-ietf-ipsec-ciph-sha-256-00 */ + IPSEC_API_INTEG_ALG_SHA_256_96, + /* RFC4868 */ + IPSEC_API_INTEG_ALG_SHA_256_128, + /* RFC4868 */ + IPSEC_API_INTEG_ALG_SHA_384_192, + /* RFC4868 */ + IPSEC_API_INTEG_ALG_SHA_512_256, +}; + +enum ipsec_sad_flags +{ + IPSEC_API_SAD_FLAG_NONE = 0, + /* Enable extended sequence numbers */ + IPSEC_API_SAD_FLAG_USE_ESN = 0x01, + /* Enable Anti-replay */ + IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY = 0x02, + /* IPsec tunnel mode if non-zero, else transport mode */ + IPSEC_API_SAD_FLAG_IS_TUNNEL = 0x04, + /* IPsec tunnel mode is IPv6 if non-zero, + * else IPv4 tunnel only valid if is_tunnel is non-zero */ + IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08, + /* enable UDP encapsulation for NAT traversal */ + IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10, +}; + +enum ipsec_proto +{ + IPSEC_API_PROTO_ESP, + IPSEC_API_PROTO_AH, +}; + +typedef key +{ + /* the length of the key */ + u8 length; + /* The data for the key */ + u8 data[128]; +}; + +/** \brief IPsec: Security Association Database entry + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - add SAD entry if non-zero, else delete + @param sad_id - sad id + @param spi - security parameter index + @param protocol - 0 = AH, 1 = ESP + @param crypto_algorithm - a supported crypto algorithm + @param crypto_key - crypto keying material + @param integrity_algorithm - one of the supported algorithms + @param integrity_key - integrity keying material + @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero + @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero + @param tx_table_id - the FIB id used for encapsulated packets + @param salt - for use with counter mode ciphers + */ +typedef ipsec_sad_entry +{ + u32 sad_id; + + u32 spi; + + vl_api_ipsec_proto_t protocol; + + vl_api_ipsec_crypto_alg_t crypto_algorithm; + vl_api_key_t crypto_key; + + vl_api_ipsec_integ_alg_t integrity_algorithm; + vl_api_key_t integrity_key; + + vl_api_ipsec_sad_flags_t flags; + + vl_api_address_t tunnel_src; + vl_api_address_t tunnel_dst; + u32 tx_table_id; + u32 salt; +}; + +/* + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipsec/ipsec_types_api.c b/src/vnet/ipsec/ipsec_types_api.c new file mode 100644 index 00000000000..0c59e48c645 --- /dev/null +++ b/src/vnet/ipsec/ipsec_types_api.c @@ -0,0 +1,177 @@ +/* + * Copyright (c) 2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include <vnet/ipsec/ipsec_types_api.h> +#include <vlibapi/api_types.h> + +#define vl_typedefs /* define message structures */ +#include <vnet/vnet_all_api_h.h> +#undef vl_typedefs + +int +ipsec_proto_decode (vl_api_ipsec_proto_t in, ipsec_protocol_t * out) +{ + in = clib_net_to_host_u32 (in); + + switch (in) + { + case IPSEC_API_PROTO_ESP: + *out = IPSEC_PROTOCOL_ESP; + return (0); + case IPSEC_API_PROTO_AH: + *out = IPSEC_PROTOCOL_AH; + return (0); + } + return (VNET_API_ERROR_INVALID_PROTOCOL); +} + +vl_api_ipsec_proto_t +ipsec_proto_encode (ipsec_protocol_t p) +{ + switch (p) + { + case IPSEC_PROTOCOL_ESP: + return clib_host_to_net_u32 (IPSEC_API_PROTO_ESP); + case IPSEC_PROTOCOL_AH: + return clib_host_to_net_u32 (IPSEC_API_PROTO_AH); + } + return (VNET_API_ERROR_UNIMPLEMENTED); +} + +int +ipsec_crypto_algo_decode (vl_api_ipsec_crypto_alg_t in, + ipsec_crypto_alg_t * out) +{ + in = clib_net_to_host_u32 (in); + + switch (in) + { +#define _(v,f,s) case IPSEC_API_CRYPTO_ALG_##f: \ + *out = IPSEC_CRYPTO_ALG_##f; \ + return (0); + foreach_ipsec_crypto_alg +#undef _ + } + return (VNET_API_ERROR_INVALID_ALGORITHM); +} + +vl_api_ipsec_crypto_alg_t +ipsec_crypto_algo_encode (ipsec_crypto_alg_t c) +{ + switch (c) + { +#define _(v,f,s) case IPSEC_CRYPTO_ALG_##f: \ + return clib_host_to_net_u32(IPSEC_API_CRYPTO_ALG_##f); + foreach_ipsec_crypto_alg +#undef _ + case IPSEC_CRYPTO_N_ALG: + break; + } + ASSERT (0); + return (VNET_API_ERROR_UNIMPLEMENTED); +} + +int +ipsec_integ_algo_decode (vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t * out) +{ + in = clib_net_to_host_u32 (in); + + switch (in) + { +#define _(v,f,s) case IPSEC_API_INTEG_ALG_##f: \ + *out = IPSEC_INTEG_ALG_##f; \ + return (0); + foreach_ipsec_integ_alg +#undef _ + } + return (VNET_API_ERROR_INVALID_ALGORITHM); +} + +vl_api_ipsec_integ_alg_t +ipsec_integ_algo_encode (ipsec_integ_alg_t i) +{ + switch (i) + { +#define _(v,f,s) case IPSEC_INTEG_ALG_##f: \ + return (clib_host_to_net_u32(IPSEC_API_INTEG_ALG_##f)); + foreach_ipsec_integ_alg +#undef _ + case IPSEC_INTEG_N_ALG: + break; + } + ASSERT (0); + return (VNET_API_ERROR_UNIMPLEMENTED); +} + +void +ipsec_key_decode (const vl_api_key_t * key, ipsec_key_t * out) +{ + ipsec_mk_key (out, key->data, key->length); +} + +void +ipsec_key_encode (const ipsec_key_t * in, vl_api_key_t * out) +{ + out->length = in->len; + clib_memcpy (out->data, in->data, out->length); +} + +ipsec_sa_flags_t +ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in) +{ + ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE; + in = clib_net_to_host_u32 (in); + + if (in & IPSEC_API_SAD_FLAG_USE_ESN) + flags |= IPSEC_SA_FLAG_USE_ESN; + if (in & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY) + flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY; + if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL) + flags |= IPSEC_SA_FLAG_IS_TUNNEL; + if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6) + flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6; + if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP) + flags |= IPSEC_SA_FLAG_UDP_ENCAP; + + return (flags); +} + +vl_api_ipsec_sad_flags_t +ipsec_sad_flags_encode (const ipsec_sa_t * sa) +{ + vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE; + + if (ipsec_sa_is_set_USE_ESN (sa)) + flags |= IPSEC_API_SAD_FLAG_USE_ESN; + if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) + flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY; + if (ipsec_sa_is_set_IS_TUNNEL (sa)) + flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL; + if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa)) + flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6; + if (ipsec_sa_is_set_UDP_ENCAP (sa)) + flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP; + + return clib_host_to_net_u32 (flags); +} + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipsec/ipsec_types_api.h b/src/vnet/ipsec/ipsec_types_api.h new file mode 100644 index 00000000000..2b180831db1 --- /dev/null +++ b/src/vnet/ipsec/ipsec_types_api.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Encode/decode function from/to API to internal types + */ +#ifndef __IPSEC_TYPES_API_H__ +#define __IPSEC_TYPES_API_H__ + +#include <vnet/ipsec/ipsec.h> +#include <vnet/ipsec/ipsec.api_types.h> + +extern int ipsec_proto_decode (vl_api_ipsec_proto_t in, + ipsec_protocol_t * out); +extern vl_api_ipsec_proto_t ipsec_proto_encode (ipsec_protocol_t p); + +extern int ipsec_crypto_algo_decode (vl_api_ipsec_crypto_alg_t in, + ipsec_crypto_alg_t * out); +extern vl_api_ipsec_crypto_alg_t ipsec_crypto_algo_encode (ipsec_crypto_alg_t + c); + +extern int ipsec_integ_algo_decode (vl_api_ipsec_integ_alg_t in, + ipsec_integ_alg_t * out); +extern vl_api_ipsec_integ_alg_t ipsec_integ_algo_encode (ipsec_integ_alg_t i); + +extern void ipsec_key_decode (const vl_api_key_t * key, ipsec_key_t * out); +extern void ipsec_key_encode (const ipsec_key_t * in, vl_api_key_t * out); + +extern ipsec_sa_flags_t ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in); +extern vl_api_ipsec_sad_flags_t ipsec_sad_flags_encode (const ipsec_sa_t * + sa); + +#endif + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |