Blame - src/vnet/ipsec/ipsec_spd_policy.h - fdio/vpp

blob: d4472e68d89547eea5397fdbe394796bf6bc6096 [file] [log] [blame]

Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	1	/*
				2	* Copyright (c) 2015 Cisco and/or its affiliates.
				3	* Licensed under the Apache License, Version 2.0 (the "License");
				4	* you may not use this file except in compliance with the License.
				5	* You may obtain a copy of the License at:
				6	*
				7	* http://www.apache.org/licenses/LICENSE-2.0
				8	*
				9	* Unless required by applicable law or agreed to in writing, software
				10	* distributed under the License is distributed on an "AS IS" BASIS,
				11	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				12	* See the License for the specific language governing permissions and
				13	* limitations under the License.
				14	*/
				15	#ifndef __IPSEC_SPD_POLICY_H__
				16	#define __IPSEC_SPD_POLICY_H__
				17
Neale Ranns	9f231d4	2019-03-19 10:06:00 +0000	[diff] [blame]	18	#include <vnet/ipsec/ipsec_spd.h>
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	19
				20	#define foreach_ipsec_policy_action \
				21	_ (0, BYPASS, "bypass") \
				22	_ (1, DISCARD, "discard") \
				23	_ (2, RESOLVE, "resolve") \
				24	_ (3, PROTECT, "protect")
				25
				26	typedef enum
				27	{
				28	#define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
				29	foreach_ipsec_policy_action
				30	#undef _
				31	} ipsec_policy_action_t;
				32
				33	#define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
				34
				35	typedef struct
				36	{
				37	ip46_address_t start, stop;
				38	} ip46_address_range_t;
				39
				40	typedef struct
				41	{
Neale Ranns	231c469	2019-03-18 17:11:28 +0000	[diff] [blame^]	42	/* Ports stored in network byte order */
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	43	u16 start, stop;
				44	} port_range_t;
				45
				46	/**
Neale Ranns	a09c1ff	2019-02-04 01:10:30 -0800	[diff] [blame]	47	* @brief
				48	* Policy packet & bytes counters
				49	*/
				50	extern vlib_combined_counter_main_t ipsec_spd_policy_counters;
				51
				52	/**
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	53	* @brief A Secruity Policy. An entry in an SPD
				54	*/
				55	typedef struct ipsec_policy_t_
				56	{
				57	u32 id;
				58	i32 priority;
Neale Ranns	9f231d4	2019-03-19 10:06:00 +0000	[diff] [blame]	59
				60	// the type of policy
				61	ipsec_spd_policy_type_t type;
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	62
				63	// Selector
				64	u8 is_ipv6;
				65	ip46_address_range_t laddr;
				66	ip46_address_range_t raddr;
				67	u8 protocol;
				68	port_range_t lport;
				69	port_range_t rport;
				70
				71	// Policy
				72	ipsec_policy_action_t policy;
				73	u32 sa_id;
				74	u32 sa_index;
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	75	} ipsec_policy_t;
				76
				77	/**
				78	* @brief Add/Delete a SPD
				79	*/
				80	extern int ipsec_add_del_policy (vlib_main_t * vm,
Neale Ranns	a09c1ff	2019-02-04 01:10:30 -0800	[diff] [blame]	81	ipsec_policy_t * policy,
				82	int is_add, u32 * stat_index);
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	83
Neale Ranns	a09c1ff	2019-02-04 01:10:30 -0800	[diff] [blame]	84	extern u8 format_ipsec_policy (u8 s, va_list * args);
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	85	extern u8 format_ipsec_policy_action (u8 s, va_list * args);
				86	extern uword unformat_ipsec_policy_action (unformat_input_t * input,
				87	va_list * args);
				88
				89
Neale Ranns	9f231d4	2019-03-19 10:06:00 +0000	[diff] [blame]	90	extern int ipsec_policy_mk_type (bool is_outbound,
				91	bool is_ipv6,
				92	ipsec_policy_action_t action,
				93	ipsec_spd_policy_type_t * type);
				94
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	95	#endif /* __IPSEC_SPD_POLICY_H__ */
				96
				97	/*
				98	* fd.io coding-style-patch-verification: ON
				99	*
				100	* Local Variables:
				101	* eval: (c-set-style "gnu")
				102	* End:
				103	*/