aboutsummaryrefslogtreecommitdiffstats
path: root/src/vppinfra/pfhash.h
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2017-06-06 14:50:03 +0200
committerDamjan Marion <dmarion.lists@gmail.com>2017-06-07 13:38:29 +0000
commit6295d50b37ded4a335058722545dd5310202b8c0 (patch)
tree4bd4c273646fba5990a4c71b10747e7404619fe6 /src/vppinfra/pfhash.h
parent5dbfbb7110a52595915acd5ec034f82ce517846a (diff)
acl-plugin: add a plugin-specific control-ping message api and make the test code use it
This fixes the undesirable pause in the dump commands in case there is nothing to dump. Change-Id: I0554556c9e442038aa2a1ed8c88234f21f7fe9b9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/vppinfra/pfhash.h')
0 files changed, 0 insertions, 0 deletions
>137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 
/* Hey Emacs use -*- mode: C -*- */
/*
 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

option version = "5.0.2";

import "vnet/ipsec/ipsec_types.api";
import "vnet/interface_types.api";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
import "vnet/tunnel/tunnel_types.api";

/** \brief IPsec: Add/delete Security Policy Database
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param is_add - add SPD if non-zero, else delete
    @param spd_id - SPD instance id (control plane allocated)
*/

autoreply define ipsec_spd_add_del
{
  u32 client_index;
  u32 context;
  bool is_add;
  u32 spd_id;
};

/** \brief IPsec: Add/delete SPD from interface

    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param is_add - add security mode if non-zero, else delete
    @param sw_if_index - index of the interface
    @param spd_id - SPD instance id to use for lookups
*/


autoreply define ipsec_interface_add_del_spd
{
  u32 client_index;
  u32 context;

  bool is_add;
  vl_api_interface_index_t sw_if_index;
  u32 spd_id;
};

/** \brief IPsec: Add/delete Security Policy Database entry

    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param is_add - add SPD if non-zero, else delete
    @param entry - Description of the entry to add/dell
*/
define ipsec_spd_entry_add_del
{
  option deprecated;
  u32 client_index;
  u32 context;
  bool is_add;
  vl_api_ipsec_spd_entry_t entry;
};

/** \brief IPsec: Add/delete Security Policy Database entry v2

    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param is_add - add SPD if non-zero, else delete
    @param entry - Description of the entry to add/dell
*/
define ipsec_spd_entry_add_del_v2
{
  u32 client_index;
  u32 context;
  bool is_add;
  vl_api_ipsec_spd_entry_v2_t entry;
};

/** \brief IPsec: Reply Add/delete Security Policy Database entry

    @param context - sender context, to match reply w/ request
    @param retval - success/fail rutrun code
    @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
*/
define ipsec_spd_entry_add_del_reply
{
  option deprecated;
  u32 context;
  i32 retval;
  u32 stat_index;
};

/** \brief IPsec: Reply Add/delete Security Policy Database entry v2

    @param context - sender context, to match reply w/ request
    @param retval - success/fail rutrun code
    @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
*/
define ipsec_spd_entry_add_del_v2_reply
{
  u32 context;
  i32 retval;
  u32 stat_index;
};

/** \brief Dump IPsec all SPD IDs
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
*/
define ipsec_spds_dump {
  u32 client_index;
  u32 context;
};

/** \brief Dump IPsec all SPD IDs response
    @param client_index - opaque cookie to identify the sender
    @param spd_id - SPD instance id (control plane allocated)
    @param npolicies - number of policies in SPD
*/
define ipsec_spds_details {
  u32 context;
  u32 spd_id;
  u32 npolicies;
};

/** \brief Dump ipsec policy database data
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param spd_id - SPD instance id
    @param sa_id - SA id, optional, set to ~0 to see all policies in SPD
*/
define ipsec_spd_dump {
    u32 client_index;
    u32 context;
    u32 spd_id;
    u32 sa_id;
};

/** \brief IPsec policy database response
    @param context - sender context which was passed in the request
    €param entry - The SPD entry.
    @param bytes - byte count of packets matching this policy
    @param packets - count of packets matching this policy
*/
define ipsec_spd_details {
    u32 context;
    vl_api_ipsec_spd_entry_t entry;
};

/** \brief IPsec: Add/delete Security Association Database entry
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param entry - Entry to add or delete
 */
define ipsec_sad_entry_add_del
{
  option deprecated;

  u32 client_index;
  u32 context;
  bool is_add;
  vl_api_ipsec_sad_entry_t entry;
};

define ipsec_sad_entry_add_del_v2
{
  option deprecated;

  u32 client_index;
  u32 context;
  bool is_add;
  vl_api_ipsec_sad_entry_v2_t entry;
};

define ipsec_sad_entry_add_del_v3
{
  u32 client_index;
  u32 context;
  bool is_add;
  vl_api_ipsec_sad_entry_v3_t entry;
};
define ipsec_sad_entry_add
{
  u32 client_index;
  u32 context;
  vl_api_ipsec_sad_entry_v3_t entry;
};
autoreply define ipsec_sad_entry_del
{
  u32 client_index;
  u32 context;
  u32 id;
};


/** \brief An API to bind an SAD entry to a specific worker

    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sa_id - the id of the SA to bind
    @param worker - the worker's index to which the SA will be bound to
 */
autoreply define ipsec_sad_bind
{
  u32 client_index;
  u32 context;
  u32 sa_id;
  u32 worker;
};

autoreply define ipsec_sad_unbind
{
  u32 client_index;
  u32 context;
  u32 sa_id;
};

/** \brief An API to update the tunnel parameters and the ports associated with an SA

    Used in the NAT-T case when the NAT data changes
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sa_id - the id of the SA to update
    @param is_tun - update the tunnel if non-zero, else update only the ports
    @param tunnel - sender context, to match reply w/ request
    @param udp_src_port - new src port for NAT-T. Used if different from 0xffff
    @param udp_dst_port - new dst port for NAT-T. Used if different from 0xffff
 */
autoreply define ipsec_sad_entry_update
{
  u32 client_index;
  u32 context;
  u32 sad_id;
  bool is_tun;
  vl_api_tunnel_t tunnel;
  u16 udp_src_port [default=0xffff];
  u16 udp_dst_port [default=0xffff];
};

define ipsec_sad_entry_add_del_reply
{
  option deprecated;

  u32 context;
  i32 retval;
  u32 stat_index;
};

define ipsec_sad_entry_add_del_v2_reply
{
  option deprecated;

  u32 context;
  i32 retval;
  u32 stat_index;
};

define ipsec_sad_entry_add_del_v3_reply
{
  u32 context;
  i32 retval;
  u32 stat_index;
};
define ipsec_sad_entry_add_reply
{
  u32 context;
  i32 retval;
  u32 stat_index;
};

/** \brief Add or Update Protection for a tunnel with IPSEC

    Tunnel protection directly associates an SA with all packets
    ingress and egress on the tunnel. This could also be achieved by
    assigning an SPD to the tunnel, but that would incur an unnessccary
    SPD entry lookup.

    For tunnels the ESP acts on the post-encapsulated packet. So if this
    packet:
      +---------+------+
      | Payload | O-IP |
      +---------+------+
    where O-IP is the overlay IP addrees that was routed into the tunnel,
    the resulting encapsulated packet will be:
      +---------+------+------+
      | Payload | O-IP | T-IP |
      +---------+------+------+
    where T-IP is the tunnel's src.dst IP addresses.
    If the SAs used for protection are in transport mode then the ESP is
    inserted before T-IP, i.e.:
      +---------+------+-----+------+
      | Payload | O-IP | ESP | T-IP |
      +---------+------+-----+------+
    If the SAs used for protection are in tunnel mode then another
    encapsulation occurs, i.e.:
      +---------+------+------+-----+------+
      | Payload | O-IP | T-IP | ESP | C-IP |
      +---------+------+------+-----+------+
    where C-IP are the crypto endpoint IP addresses defined as the tunnel
    endpoints in the SA.
    The mode for the inbound and outbound SA must be the same.

    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sw_id_index - Tunnel interface to protect
    @param nh - The peer/next-hop on the tunnel to which the traffic
                should be protected. For a P2P interface set this to the
                all 0s address.
    @param sa_in - The ID [set] of inbound SAs
    @param sa_out - The ID of outbound SA
*/
typedef ipsec_tunnel_protect
{
  vl_api_interface_index_t sw_if_index;
  vl_api_address_t nh;
  u32 sa_out;
  u8 n_sa_in;
  u32 sa_in[n_sa_in];
};

autoreply define ipsec_tunnel_protect_update
{
  u32 client_index;
  u32 context;

  vl_api_ipsec_tunnel_protect_t tunnel;
};

autoreply define ipsec_tunnel_protect_del
{
  u32 client_index;
  u32 context;

  vl_api_interface_index_t sw_if_index;
  vl_api_address_t nh;
};

/**
 * @brief Dump all tunnel protections
 */
define ipsec_tunnel_protect_dump
{
  u32 client_index;
  u32 context;
  vl_api_interface_index_t sw_if_index;
};

define ipsec_tunnel_protect_details
{
  u32 context;
  vl_api_ipsec_tunnel_protect_t tun;
};

/** \brief IPsec: Get SPD interfaces
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param spd_index - SPD index
    @param spd_index_valid - if 1 spd_index is used to filter
      spd_index's, if 0 no filtering is done
*/
define ipsec_spd_interface_dump {
    u32 client_index;
    u32 context;
    u32 spd_index;
    u8 spd_index_valid;
};

/** \brief IPsec: SPD interface response
    @param context - sender context which was passed in the request
    @param spd_index - SPD index
    @param sw_if_index - index of the interface
*/
define ipsec_spd_interface_details {
    u32 context;
    u32 spd_index;
    vl_api_interface_index_t sw_if_index;
};

typedef ipsec_itf
{
  u32 user_instance [default=0xffffffff];
  vl_api_tunnel_mode_t mode;
  vl_api_interface_index_t sw_if_index;
};

/** \brief Create an IPSec interface
 */
define ipsec_itf_create {
  u32 client_index;
  u32 context;
  vl_api_ipsec_itf_t itf;
};

/** \brief Add IPsec interface interface response
    @param context - sender context, to match reply w/ request
    @param retval - return status
    @param sw_if_index - sw_if_index of new interface (for successful add)
*/
define ipsec_itf_create_reply
{
  u32 context;
  i32 retval;
  vl_api_interface_index_t sw_if_index;
};

autoreply define ipsec_itf_delete
{
  u32 client_index;
  u32 context;
  vl_api_interface_index_t sw_if_index;
};

define ipsec_itf_dump
{
  u32 client_index;
  u32 context;
  vl_api_interface_index_t sw_if_index;
};

define ipsec_itf_details
{
  u32 context;
  vl_api_ipsec_itf_t itf;
};

/** \brief Dump IPsec security association
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param sa_id - optional ID of an SA to dump, if ~0 dump all SAs in SAD
*/
define ipsec_sa_dump
{
  option deprecated;

  u32 client_index;
  u32 context;
  u32 sa_id;
};
define ipsec_sa_v2_dump
{
  option deprecated;

  u32 client_index;
  u32 context;
  u32 sa_id;
};
define ipsec_sa_v3_dump
{
  u32 client_index;
  u32 context;
  u32 sa_id;
};
define ipsec_sa_v4_dump
{
  u32 client_index;
  u32 context;
  u32 sa_id;
};

/** \brief IPsec security association database response
    @param context - sender context which was passed in the request
    @param entry - The SA details
    @param sw_if_index - sw_if_index of tunnel interface, policy-based SAs = ~0
    @param salt - 4 byte salt
    @param seq - current sequence number for outbound
    @param seq_hi - high 32 bits of ESN for outbound
    @param last_seq - highest sequence number received inbound
    @param last_seq_hi - high 32 bits of highest ESN received inbound
    @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
    @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa
*/
define ipsec_sa_details {
  option deprecated;

  u32 context;
  vl_api_ipsec_sad_entry_t entry;

  vl_api_interface_index_t sw_if_index;
  u32 salt;
  u64 seq_outbound;
  u64 last_seq_inbound;
  u64 replay_window;

  u32 stat_index;
};
define ipsec_sa_v2_details {
  option deprecated;

  u32 context;
  vl_api_ipsec_sad_entry_v2_t entry;

  vl_api_interface_index_t sw_if_index;
  u32 salt;
  u64 seq_outbound;
  u64 last_seq_inbound;
  u64 replay_window;

  u32 stat_index;
};
define ipsec_sa_v3_details {
  u32 context;
  vl_api_ipsec_sad_entry_v3_t entry;

  vl_api_interface_index_t sw_if_index;
  u64 seq_outbound;
  u64 last_seq_inbound;
  u64 replay_window;

  u32 stat_index;
};
define ipsec_sa_v4_details {
  u32 context;
  vl_api_ipsec_sad_entry_v3_t entry;

  vl_api_interface_index_t sw_if_index;
  u64 seq_outbound;
  u64 last_seq_inbound;
  u64 replay_window;

  u32 thread_index;
  u32 stat_index;
};

/** \brief Dump IPsec backends
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
*/
define ipsec_backend_dump {
  u32 client_index;
  u32 context;
};

/** \brief IPsec backend details
    @param name - name of the backend
    @param protocol - IPsec protocol (value from ipsec_protocol_t)
    @param index - backend index
    @param active - set to 1 if the backend is active, otherwise 0
*/
define ipsec_backend_details {
  u32 context;
  string name[128];
  vl_api_ipsec_proto_t protocol;
  u8 index;
  bool active;
};

/** \brief Select IPsec backend
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param protocol - IPsec protocol (value from ipsec_protocol_t)
    @param index - backend index
*/
autoreply define ipsec_select_backend {
  u32 client_index;
  u32 context;
  vl_api_ipsec_proto_t protocol;
  u8 index;
};


/** \brief IPsec Set Async mode
    @param client_index - opaque cookie to identify the sender
    @param context - sender context, to match reply w/ request
    @param async_enable - ipsec async mode on or off
*/
autoreply define ipsec_set_async_mode {
  u32 client_index;
  u32 context;
  bool async_enable;
};

counters esp_decrypt {
  rx_pkts {
    severity info;
    type counter64;
    units "packets";
    description "ESP pkts received";
  };
  rx_post_pkts {
    severity info;
    type counter64;
    units "packets";
    description "ESP-POST pkts received";
  };
  handoff {
    severity info;
    type counter64;
    units "packets";
    description "hand-off";
  };
  decryption_failed {
    severity error;
    type counter64;
    units "packets";
    description "ESP decryption failed";
  };
  integ_error {
    severity error;
    type counter64;
    units "packets";
    description "integrity check failed";
  };
  crypto_engine_error {
    severity error;
    type counter64;
    units "packets";
    description "crypto engine error (packet dropped)";
  };
  replay {
    severity error;
    type counter64;
    units "packets";
    description "SA replayed packet";
  };
  runt {
    severity error;
    type counter64;
    units "packets";
    description "undersized packet";
  };
  no_buffers {
    severity error;
    type counter64;
    units "packets";
    description "no buffers (packet dropped)";
  };
  oversized_header {
    severity error;
    type counter64;
    units "packets";
    description "buffer with oversized header (dropped)";
  };
  no_tail_space {
    severity error;
    type counter64;
    units "packets";
    description "no enough buffer tail space (dropped)";
  };
  tun_no_proto {
    severity error;
    type counter64;
    units "packets";
    description "no tunnel protocol";
  };
  unsup_payload {
    severity error;
    type counter64;
    units "packets";
    description "unsupported payload";
  };
  no_avail_frame {
  severity error;
  type counter64;
  units "packets";
  description "no available frame (packet dropped)";
  };
};

counters esp_encrypt {
  rx_pkts {
    severity info;
    type counter64;
    units "packets";
    description "ESP pkts received";
  };
  post_rx_pkts {
    severity info;
    type counter64;
    units "packets";
    description "ESP-post pkts received";
  };
  handoff {
    severity info;
    type counter64;
    units "packets";
    description "Hand-off";
  };
  seq_cycled {
    severity error;
    type counter64;
    units "packets";
    description "sequence number cycled (packet dropped)";
  };
  crypto_engine_error {
    severity error;
    type counter64;
    units "packets";
    description "crypto engine error (packet dropped)";
  };
  crypto_queue_full {
    severity error;
    type counter64;
    units "packets";
    description "crypto queue full (packet dropped)";
  };
  no_buffers {
    severity error;
    type counter64;
    units "packets";
    description "no buffers (packet dropped)";
  };
  no_protection {
    severity error;
    type counter64;
    units "packets";
    description "no protecting SA (packet dropped)";
  };
  no_encryption {
    severity error;
    type counter64;
    units "packets";
    description "no Encrypting SA (packet dropped)";
  };
  no_avail_frame {
  severity error;
  type counter64;
  units "packets";
  description "no available frame (packet dropped)";
  };
};

counters ah_encrypt {
  rx_pkts {
    severity info;
    type counter64;
    units "packets";
    description "AH pkts received";
  };
  crypto_engine_error {
    severity error;
    type counter64;
    units "packets";
    description "crypto engine error (packet dropped)";
  };
  seq_cycled {
    severity error;
    type counter64;
    units "packets";
    description "sequence number cycled (packet dropped)";
  };
};

counters ah_decrypt {
  rx_pkts {
    severity info;
    type counter64;
    units "packets";
    description "AH pkts received";
  };
  decryption_failed {
    severity error;
    type counter64;
    units "packets";
    description "AH decryption failed";
  };
  integ_error {
    severity error;
    type counter64;
    units "packets";
    description "Integrity check failed";
  };
  no_tail_space {
    severity error;
    type counter64;
    units "packets";
    description "not enough buffer tail space (dropped)";
  };
  drop_fragments {
    severity error;
    type counter64;
    units "packets";
    description "IP fragments drop";
  };
  replay {
    severity error;
    type counter64;
    units "packets";
    description "SA replayed packet";
  };
};

counters ipsec_tun {
  rx {
    severity info;
    type counter64;
    units "packets";
    description "good packets received";
  };
  disabled {
    severity error;
    type counter64;
    units "packets";
    description "ipsec packets received on disabled interface";
  };
  no_tunnel {
    severity error;
    type counter64;
    units "packets";
    description "no matching tunnel";
  };
  tunnel_mismatch {
    severity error;
    type counter64;
    units "packets";
    description "SPI-tunnel mismatch";
  };
  nat_keepalive {
    severity info;
    type counter64;
    units "packets";
    description "NAT Keepalive";
  };
  too_short {
    severity error;
    type counter64;
    units "packets";
    description "Too Short";
  };
  spi_0 {
    severity info;
    type counter64;
    units "packets";
    description "SPI 0";
  };
};

paths {
  "/err/esp4-encrypt" "esp_encrypt";
  "/err/esp4-encrypt-post" "esp_encrypt";
  "/err/esp4-encrypt-tun" "esp_encrypt";
  "/err/esp4-encrypt-tun-post" "esp_encrypt";
  "/err/esp6-encrypt" "esp_encrypt";
  "/err/esp6-encrypt-post" "esp_encrypt";
  "/err/esp6-encrypt-tun" "esp_encrypt";
  "/err/esp6-encrypt-tun-post" "esp_encrypt";
  "/err/esp-mpls-encrypt-tun" "esp_encrypt";
  "/err/esp-mpls-encrypt-tun-post" "esp_encrypt";
  "/err/esp4-decrypt" "esp_decrypt";
  "/err/esp4-decrypt-post" "esp_decrypt";
  "/err/esp4-decrypt-tun" "esp_decrypt";
  "/err/esp4-decrypt-tun-post" "esp_decrypt";
  "/err/esp6-decrypt" "esp_decrypt";
  "/err/esp6-decrypt-post" "esp_decrypt";
  "/err/esp6-decrypt-tun" "esp_decrypt";
  "/err/esp6-decrypt-tun-post" "esp_decrypt";
  "/err/ah4-encrypt" "ah_encrypt";
  "/err/ah6-encrypt" "ah_encrypt";
  "/err/ipsec4-tun-input" "ipsec_tun";
  "/err/ipsec6-tun-input" "ipsec_tun";
};

/*
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */