diff options
Diffstat (limited to 'vnet/vnet/sr/sr.h')
-rw-r--r-- | vnet/vnet/sr/sr.h | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/vnet/vnet/sr/sr.h b/vnet/vnet/sr/sr.h new file mode 100644 index 00000000000..3c6d981d17e --- /dev/null +++ b/vnet/vnet/sr/sr.h @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef included_vnet_sr_h +#define included_vnet_sr_h + +#include <vnet/vnet.h> +#include <vnet/sr/sr_packet.h> +#include <vnet/ip/ip6_packet.h> + +#include <openssl/opensslconf.h> +#include <stdlib.h> +#include <string.h> + +#include <openssl/crypto.h> +#include <openssl/sha.h> +#include <openssl/opensslv.h> +#include <openssl/hmac.h> + +typedef struct { + ip6_address_t src; + ip6_address_t dst; +} ip6_sr_tunnel_key_t; + +typedef struct { + /* src, dst address */ + ip6_sr_tunnel_key_t key; + + /* mask width for FIB entry */ + u32 dst_mask_width; + + /* first hop, to save 1 elt in the segment list */ + ip6_address_t first_hop; + + /* Fib indices */ + u32 rx_fib_index; + u32 tx_fib_index; + + /* The actual ip6 sr header */ + u8 * rewrite; +} ip6_sr_tunnel_t; + +typedef struct { + u8 * shared_secret; +} ip6_sr_hmac_key_t; + +typedef struct { + /* Key (header imposition case) */ + ip6_address_t *src_address; + ip6_address_t *dst_address; + u32 dst_mask_width; + u32 rx_table_id; + u32 tx_table_id; + + /* segment list, when inserting an ip6 SR header*/ + ip6_address_t *segments; + + /* + * "Tag" list, aka segments inserted at the end of the list, + * past last_seg + */ + ip6_address_t *tags; + + /* Shared secret => generate SHA-256 HMAC security fields */ + u8 * shared_secret; + + /* Flags, e.g. cleanup, policy-list flags */ + u16 flags_net_byte_order; + + /* Delete the tunnnel? */ + u8 is_del; +} ip6_sr_add_del_tunnel_args_t; + +typedef struct { + /* pool of tunnel instances, sr entry only */ + ip6_sr_tunnel_t *tunnels; + + /* find an sr "tunnel" by its outer-IP src/dst */ + uword * tunnel_index_by_key; + + /* ip6-lookup next index for imposition FIB entries */ + u32 ip6_lookup_sr_next_index; + + /* hmac key id by shared secret */ + uword * hmac_key_by_shared_secret; + + /* ip6-rewrite next index for reinstalling the original dst address */ + u32 ip6_rewrite_sr_next_index; + + /* application API callback */ + void *sr_local_cb; + + /* validate hmac keys */ + u8 validate_hmac; + + /* pool of hmac keys */ + ip6_sr_hmac_key_t * hmac_keys; + + /* Openssl vbls */ + EVP_MD * md; + HMAC_CTX * hmac_ctx; + + /* enable debug spew */ + u8 is_debug; + + /* convenience */ + vlib_main_t * vlib_main; + vnet_main_t * vnet_main; +} ip6_sr_main_t; + +ip6_sr_main_t sr_main; + +format_function_t format_ip6_sr_header; +format_function_t format_ip6_sr_header_with_length; + +vlib_node_registration_t ip6_sr_input_node; + +int ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a); +void vnet_register_sr_app_callback (void *cb); + +#endif /* included_vnet_sr_h */ |