index : vpp	master stable/1606 stable/1609 stable/1701 stable/1704 stable/1707 stable/1710 stable/1801 stable/1804 stable/1807 stable/1810 stable/1901 stable/1904 stable/1908 stable/2001 stable/2005 stable/2009 stable/2101 stable/2106 stable/2110 stable/2202 stable/2206 stable/2210 stable/2302 stable/2306 stable/2310 stable/2402 stable/2406 stable/2410 stable/test
	Vector Packet Processing	Grokmirror user

summaryrefslogtreecommitdiffstats

log msg author committer range

path: root/src/scripts/vnet/ipsec

Age	Commit message (Collapse)	Author	Files	Lines
2019-04-30	crypto: enforce per-alg crypto key length	Benoît Ganne	1	-2/+2
	Crypto algorithms have different requirements on key length. As we do not support key stretching (eg. PBKDF2), user must provide the exact key length used by the algorithm. Failing that means low-level crypto functions might read garbage (eg. aes128_key_expand() will read 16-bytes, regardless of the key provided by the user). Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-04	IPSEC: script to bounce IPSEC traffic through a pipe to test encrypt and decrpyt	Neale Ranns	1	-0/+66
	Change-Id: I262a9412951b5df616920a8fad16c61eae96d0cc Signed-off-by: Neale Ranns <nranns@cisco.com>

© 2016 FD.io a Linux Foundation Collaborative Project. All Rights Reserved.

Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.

Please see our privacy policy and terms of use

/*
 * Copyright (c) 2019 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <vlib/vlib.h>

#include <netlink/route/link.h>
#include <netlink/route/route.h>
#include <netlink/route/neighbour.h>
#include <netlink/route/addr.h>

typedef void (*nl_rt_link_cb_t) (struct rtnl_link *rl, void *ctx);
typedef void (*nl_rt_link_sync_cb_t) (void);
typedef void (*nl_rt_addr_cb_t) (struct rtnl_addr *ra);
typedef void (*nl_rt_addr_sync_cb_t) (void);
typedef void (*nl_rt_neigh_cb_t) (struct rtnl_neigh *rr);
typedef void (*nl_rt_neigh_sync_cb_t) (void);
typedef void (*nl_rt_route_add_cb_t) (struct rtnl_route *rn, int is_replace);
typedef void (*nl_rt_route_del_cb_t) (struct rtnl_route *rn);
typedef void (*nl_rt_route_sync_cb_t) (void);

#define NL_RT_COMMON uword is_mp_safe

typedef struct nl_rt_link_t_
{
  NL_RT_COMMON;

  nl_rt_link_cb_t cb;
} nl_rt_link_t;

typedef struct nl_rt_link_sync_t_
{
  NL_RT_COMMON;

  nl_rt_link_sync_cb_t cb;
} nl_rt_link_sync_t;

typedef struct nl_rt_addr_t_
{
  NL_RT_COMMON;

  nl_rt_addr_cb_t cb;
} nl_rt_addr_t;

typedef struct nl_rt_addr_sync_t_
{
  NL_RT_COMMON;

  nl_rt_addr_sync_cb_t cb;
} nl_rt_addr_sync_t;

typedef struct nl_rt_neigh_t_
{
  NL_RT_COMMON;

  nl_rt_neigh_cb_t cb;
} nl_rt_neigh_t;

typedef struct nl_rt_neigh_sync_t_
{
  NL_RT_COMMON;

  nl_rt_neigh_sync_cb_t cb;
} nl_rt_neigh_sync_t;

typedef struct nl_rt_route_add_t_
{
  NL_RT_COMMON;

  nl_rt_route_add_cb_t cb;
} nl_rt_route_add_t;

typedef struct nl_rt_route_del_t_
{
  NL_RT_COMMON;

  nl_rt_route_del_cb_t cb;
} nl_rt_route_del_t;

typedef struct nl_rt_route_sync_t_
{
  NL_RT_COMMON;

  nl_rt_route_sync_cb_t cb;
} nl_rt_route_sync_t;

#undef NL_RT_COMMON

typedef struct nl_vft_t_
{
  nl_rt_link_t nvl_rt_link_add;
  nl_rt_link_t nvl_rt_link_del;
  nl_rt_link_sync_t nvl_rt_link_sync_begin;
  nl_rt_link_sync_t nvl_rt_link_sync_end;
  nl_rt_addr_t nvl_rt_addr_add;
  nl_rt_addr_t nvl_rt_addr_del;
  nl_rt_addr_sync_t nvl_rt_addr_sync_begin;
  nl_rt_addr_sync_t nvl_rt_addr_sync_end;
  nl_rt_neigh_t nvl_rt_neigh_add;
  nl_rt_neigh_t nvl_rt_neigh_del;
  nl_rt_neigh_sync_t nvl_rt_neigh_sync_begin;
  nl_rt_neigh_sync_t nvl_rt_neigh_sync_end;
  nl_rt_route_add_t nvl_rt_route_add;
  nl_rt_route_del_t nvl_rt_route_del;
  nl_rt_route_sync_t nvl_rt_route_sync_begin;
  nl_rt_route_sync_t nvl_rt_route_sync_end;
} nl_vft_t;

extern void nl_register_vft (const nl_vft_t *nv);

typedef enum lcp_nl_obj_t_
{
  LCP_NL_LINK,
  LCP_NL_ADDR,
  LCP_NL_NEIGH,
  LCP_NL_ROUTE,
} lcp_nl_obj_t;

/* struct type to hold context on the netlink message being processed.
 *
 * At creation of a pair, a tap/tun is created and configured to match its
 * corresponding hardware interface (MAC address, link state, MTU). Netlink
 * messages are sent announcing the creation and subsequent configuration.
 * We do not need to (and should not) act on those messages since applying
 * those same configurations again is unnecessary and can be disruptive. So
 * a timestamp for a message is stored and can be compared against the time
 * the interface came under linux-cp management in order to figure out
 * whether we should apply any configuration.
 */
typedef struct nl_msg_info
{
  struct nl_msg *msg;
  f64 ts;
} nl_msg_info_t;

#define LCP_NL_N_OBJS (LCP_NL_ROUTE + 1)

extern struct nl_cache *lcp_nl_get_cache (lcp_nl_obj_t t);
extern int lcp_nl_drain_messages (void);
extern void lcp_nl_set_buffer_size (u32 buf_size);
extern void lcp_nl_set_batch_size (u32 batch_size);
extern void lcp_nl_set_batch_delay (u32 batch_delay_ms);

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */