1/*
2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#ifndef __IPSEC_SPD_POLICY_H__
16#define __IPSEC_SPD_POLICY_H__
17
18#include <vnet/ipsec/ipsec_spd.h>
19
20#define foreach_ipsec_policy_action \
21  _ (0, BYPASS, "bypass")           \
22  _ (1, DISCARD, "discard")         \
23  _ (2, RESOLVE, "resolve")         \
24  _ (3, PROTECT, "protect")
25
26typedef enum
27{
28#define _(v, f, s) IPSEC_POLICY_ACTION_##f = v,
29  foreach_ipsec_policy_action
30#undef _
31} ipsec_policy_action_t;
32
33#define IPSEC_POLICY_N_ACTION (IPSEC_POLICY_ACTION_PROTECT + 1)
34
35typedef struct
36{
37  ip46_address_t start, stop;
38} ip46_address_range_t;
39
40typedef struct
41{
42  u16 start, stop;
43} port_range_t;
44
45/**
46 * @brief
47 * Policy packet & bytes counters
48 */
49extern vlib_combined_counter_main_t ipsec_spd_policy_counters;
50
51/**
52 * @brief A Secruity Policy. An entry in an SPD
53 */
54typedef struct ipsec_policy_t_
55{
56  u32 id;
57  i32 priority;
58
59  // the type of policy
60  ipsec_spd_policy_type_t type;
61
62  // Selector
63  u8 is_ipv6;
64  ip46_address_range_t laddr;
65  ip46_address_range_t raddr;
66  u8 protocol;
67  port_range_t lport;
68  port_range_t rport;
69
70  // Policy
71  ipsec_policy_action_t policy;
72  u32 sa_id;
73  u32 sa_index;
74} ipsec_policy_t;
75
76/**
77 * @brief Add/Delete a SPD
78 */
79extern int ipsec_add_del_policy (vlib_main_t * vm,
80				 ipsec_policy_t * policy,
81				 int is_add, u32 * stat_index);
82
83extern u8 *format_ipsec_policy (u8 * s, va_list * args);
84extern u8 *format_ipsec_policy_action (u8 * s, va_list * args);
85extern uword unformat_ipsec_policy_action (unformat_input_t * input,
86					   va_list * args);
87
88
89extern int ipsec_policy_mk_type (bool is_outbound,
90				 bool is_ipv6,
91				 ipsec_policy_action_t action,
92				 ipsec_spd_policy_type_t * type);
93
94#endif /* __IPSEC_SPD_POLICY_H__ */
95
96/*
97 * fd.io coding-style-patch-verification: ON
98 *
99 * Local Variables:
100 * eval: (c-set-style "gnu")
101 * End:
102 */
103