aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec-gre/ipsec_gre.h
blob: 730cd717795eacf45fbd04f09cc2281d82fd10c2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/*
 * Copyright (c) 2016 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/**
 * @file
 * @brief L2-GRE over IPSec packet processing.
*/

#ifndef included_ipsec_gre_h
#define included_ipsec_gre_h

#include <vnet/vnet.h>
#include <vnet/gre/packet.h>
#include <vnet/gre/gre.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/ip4.h>
#include <vnet/ip/ip4_packet.h>
#include <vnet/pg/pg.h>
#include <vnet/ip/format.h>
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/ipsec_if.h>

extern vnet_hw_interface_class_t ipsec_gre_hw_interface_class;

/**
 * @brief IPSec-GRE errors.
 *
*/
typedef enum
{
#define ipsec_gre_error(n,s) IPSEC_GRE_ERROR_##n,
#include <vnet/ipsec-gre/error.def>
#undef ipsec_gre_error
  IPSEC_GRE_N_ERROR,
} ipsec_gre_error_t;

/**
 * @brief IPSec-GRE tunnel parameters.
 *
*/
typedef struct
{
  /* Required for pool_get_aligned */
  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
  ip4_address_t tunnel_src; /**< tunnel IPv4 src address */
  ip4_address_t tunnel_dst; /**< tunnel IPv4 dst address */
  u32 local_sa;		    /**< local IPSec SA index */
  u32 remote_sa;	    /**< remote IPSec SA index */
  u32 local_sa_id;	    /**< local IPSec SA id */
  u32 remote_sa_id;	    /**< remote IPSec SA id */
  u32 hw_if_index;;	    /**< hardware interface index */
  u32 sw_if_index;;	    /**< software interface index */
} ipsec_gre_tunnel_t;

/**
 * @brief IPSec-GRE state.
 *
*/
typedef struct
{
  ipsec_gre_tunnel_t *tunnels; /**< pool of tunnel instances */

  uword *tunnel_by_key;	 /**< hash mapping src/dst addr pair to tunnel */

  u32 *free_ipsec_gre_tunnel_hw_if_indices;  /**< free vlib hw_if_indices */

  u32 *tunnel_index_by_sw_if_index;  /**< mapping from sw_if_index to tunnel
                                          index */

  vlib_main_t *vlib_main;  /**< convenience */
  vnet_main_t *vnet_main;  /**< convenience */
} ipsec_gre_main_t;

extern ipsec_gre_main_t ipsec_gre_main;

extern vlib_node_registration_t ipsec_gre_input_node;
extern vnet_device_class_t ipsec_gre_device_class;

/* manually added to the interface output node in ipsec_gre.c */
#define IPSEC_GRE_OUTPUT_NEXT_ESP_ENCRYPT 0

extern int vnet_ipsec_gre_tunnel_add_del (const
					  ipsec_gre_tunnel_add_del_args_t * a,
					  u32 * sw_if_indexp);

#endif /* included_ipsec_gre_h */

/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/