Blame - src/vnet/ipsec/ipsec_spd_policy.h - fdio/vpp

blob: 6d6b69592b0b5372178e8115e23c87f9293f2ff1 [file] [log] [blame]

Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	1	/*
				2	* Copyright (c) 2015 Cisco and/or its affiliates.
				3	* Licensed under the Apache License, Version 2.0 (the "License");
				4	* you may not use this file except in compliance with the License.
				5	* You may obtain a copy of the License at:
				6	*
				7	* http://www.apache.org/licenses/LICENSE-2.0
				8	*
				9	* Unless required by applicable law or agreed to in writing, software
				10	* distributed under the License is distributed on an "AS IS" BASIS,
				11	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				12	* See the License for the specific language governing permissions and
				13	* limitations under the License.
				14	*/
				15	#ifndef __IPSEC_SPD_POLICY_H__
				16	#define __IPSEC_SPD_POLICY_H__
				17
Neale Ranns	9f231d4	2019-03-19 10:06:00 +0000	[diff] [blame]	18	#include <vnet/ipsec/ipsec_spd.h>
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	19
				20	#define foreach_ipsec_policy_action \
				21	_ (0, BYPASS, "bypass") \
				22	_ (1, DISCARD, "discard") \
				23	_ (2, RESOLVE, "resolve") \
				24	_ (3, PROTECT, "protect")
				25
				26	typedef enum
				27	{
				28	#define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
				29	foreach_ipsec_policy_action
				30	#undef _
				31	} ipsec_policy_action_t;
				32
				33	#define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
				34
				35	typedef struct
				36	{
				37	ip46_address_t start, stop;
				38	} ip46_address_range_t;
				39
				40	typedef struct
				41	{
				42	u16 start, stop;
				43	} port_range_t;
				44
				45	/**
Neale Ranns	a09c1ff	2019-02-04 01:10:30 -0800	[diff] [blame]	46	* @brief
				47	* Policy packet & bytes counters
				48	*/
				49	extern vlib_combined_counter_main_t ipsec_spd_policy_counters;
				50
				51	/**
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	52	* @brief A Secruity Policy. An entry in an SPD
				53	*/
				54	typedef struct ipsec_policy_t_
				55	{
				56	u32 id;
				57	i32 priority;
Neale Ranns	9f231d4	2019-03-19 10:06:00 +0000	[diff] [blame]	58
				59	// the type of policy
				60	ipsec_spd_policy_type_t type;
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	61
				62	// Selector
				63	u8 is_ipv6;
				64	ip46_address_range_t laddr;
				65	ip46_address_range_t raddr;
				66	u8 protocol;
				67	port_range_t lport;
				68	port_range_t rport;
				69
				70	// Policy
				71	ipsec_policy_action_t policy;
				72	u32 sa_id;
				73	u32 sa_index;
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	74	} ipsec_policy_t;
				75
				76	/**
				77	* @brief Add/Delete a SPD
				78	*/
				79	extern int ipsec_add_del_policy (vlib_main_t * vm,
Neale Ranns	a09c1ff	2019-02-04 01:10:30 -0800	[diff] [blame]	80	ipsec_policy_t * policy,
				81	int is_add, u32 * stat_index);
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	82
Neale Ranns	a09c1ff	2019-02-04 01:10:30 -0800	[diff] [blame]	83	extern u8 format_ipsec_policy (u8 s, va_list * args);
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	84	extern u8 format_ipsec_policy_action (u8 s, va_list * args);
				85	extern uword unformat_ipsec_policy_action (unformat_input_t * input,
				86	va_list * args);
				87
				88
Neale Ranns	9f231d4	2019-03-19 10:06:00 +0000	[diff] [blame]	89	extern int ipsec_policy_mk_type (bool is_outbound,
				90	bool is_ipv6,
				91	ipsec_policy_action_t action,
				92	ipsec_spd_policy_type_t * type);
				93
Neale Ranns	999c8ee	2019-02-01 03:31:24 -0800	[diff] [blame]	94	#endif /* __IPSEC_SPD_POLICY_H__ */
				95
				96	/*
				97	* fd.io coding-style-patch-verification: ON
				98	*
				99	* Local Variables:
				100	* eval: (c-set-style "gnu")
				101	* End:
				102	*/