1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
/* Copyright (c) 2014-2018, Linaro Limited
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef ODP_IPSEC_SA_DB_H_
#define ODP_IPSEC_SA_DB_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <odp_ipsec_misc.h>
typedef enum sa_mode_s {
IPSEC_SA_MODE_TRANSPORT,
IPSEC_SA_MODE_TUNNEL
} sa_mode_t;
/**
* Security Association (SA) data base entry
*/
typedef struct sa_db_entry_s {
struct sa_db_entry_s *next; /**< Next entry on list */
uint32_t src_ip; /**< Source IPv4 address */
uint32_t dst_ip; /**< Desitnation IPv4 address */
uint32_t spi; /**< Security Parameter Index */
ipsec_alg_t alg; /**< Cipher/auth algorithm */
ipsec_key_t key; /**< Cipher/auth key */
uint32_t block_len; /**< Cipher block length */
uint32_t iv_len; /**< Initialization Vector length */
uint32_t icv_len; /**< Integrity Check Value length */
sa_mode_t mode; /**< SA mode - transport/tun */
} sa_db_entry_t;
/**
* Security Association (SA) data base global structure
*/
typedef struct sa_db_s {
uint32_t index; /**< Index of next available entry */
sa_db_entry_t *list; /**< List of active entries */
sa_db_entry_t array[MAX_DB]; /**< Entry storage */
} sa_db_t;
/** Initialize SA database global control structure */
void init_sa_db(void);
/**
* Create an SA DB entry
*
* String is of the format "SrcIP,DstIP,Alg,SPI,Key"
*
* @param input Pointer to string describing SA
* @param cipher TRUE if cipher else FALSE for auth
*
* @return 0 if successful else -1
*/
int create_sa_db_entry(char *input, odp_bool_t cipher);
/**
* Display the SA DB
*/
void dump_sa_db(void);
/**
* Find a matching SA DB entry
*
* @param src Pointer to source subnet/range
* @param dst Pointer to destination subnet/range
* @param cipher TRUE if cipher else FALSE for auth
*
* @return pointer to SA DB entry else NULL
*/
sa_db_entry_t *find_sa_db_entry(ip_addr_range_t *src,
ip_addr_range_t *dst,
odp_bool_t cipher);
/**
* Tunnel entry
*/
typedef struct tun_db_entry_s {
struct tun_db_entry_s *next;
uint32_t src_ip; /**< Inner Source IPv4 address */
uint32_t dst_ip; /**< Inner Destination IPv4 address */
uint32_t tun_src_ip; /**< Tunnel Source IPv4 address */
uint32_t tun_dst_ip; /**< Tunnel Source IPv4 address */
} tun_db_entry_t;
/**
* Tunnel database
*/
typedef struct tun_db_s {
uint32_t index; /**< Index of next available entry */
tun_db_entry_t *list; /**< List of active entries */
tun_db_entry_t array[MAX_DB]; /**< Entry storage */
} tun_db_t;
/** Initialize tun database global control structure */
void init_tun_db(void);
/**
* Create an tunnel DB entry
*
* String is of the format "SrcIP,DstIP,TunSrcIp,TunDstIp"
*
* @param input Pointer to string describing tun
*
* @return 0 if successful else -1
*/
int create_tun_db_entry(char *input);
/**
* Display the tun DB
*/
void dump_tun_db(void);
/**
* Find a matching tun DB entry
*
* @param ip_src Inner source IP address
* @param ip_dst Inner destination IP address
*
* @return pointer to tun DB entry else NULL
*/
tun_db_entry_t *find_tun_db_entry(uint32_t ip_src,
uint32_t ip_dst);
#ifdef __cplusplus
}
#endif
#endif
|