vpp_ipsec

package
v3.2.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 18, 2020 License: Apache-2.0 Imports: 6 Imported by: 5

Documentation

Index

Constants

View Source
const (
	// InvalidKeyPart is used in key for parts which are invalid
	InvalidKeyPart = "<invalid>"
)
View Source
const ModuleName = "vpp.ipsec"

ModuleName is the module name used for models.

Variables

View Source
var (
	ModelSecurityPolicyDatabase = models.Register(&SecurityPolicyDatabase{}, models.Spec{
		Module:  ModuleName,
		Version: "v2",
		Type:    "spd",
	}, models.WithNameTemplate("{{.Index}}"))

	ModelSecurityAssociation = models.Register(&SecurityAssociation{}, models.Spec{
		Module:  ModuleName,
		Version: "v2",
		Type:    "sa",
	}, models.WithNameTemplate("{{.Index}}"))

	ModelTunnelProtection = models.Register(&TunnelProtection{}, models.Spec{
		Module:  ModuleName,
		Version: "v2",
		Type:    "tun-protect",
	}, models.WithNameTemplate(
		`{{.Interface}}`,
	))
)
View Source
var CryptoAlg_name = map[int32]string{
	0:  "NONE_CRYPTO",
	1:  "AES_CBC_128",
	2:  "AES_CBC_192",
	3:  "AES_CBC_256",
	4:  "AES_CTR_128",
	5:  "AES_CTR_192",
	6:  "AES_CTR_256",
	7:  "AES_GCM_128",
	8:  "AES_GCM_192",
	9:  "AES_GCM_256",
	10: "DES_CBC",
	11: "DES3_CBC",
}
View Source
var CryptoAlg_value = map[string]int32{
	"NONE_CRYPTO": 0,
	"AES_CBC_128": 1,
	"AES_CBC_192": 2,
	"AES_CBC_256": 3,
	"AES_CTR_128": 4,
	"AES_CTR_192": 5,
	"AES_CTR_256": 6,
	"AES_GCM_128": 7,
	"AES_GCM_192": 8,
	"AES_GCM_256": 9,
	"DES_CBC":     10,
	"DES3_CBC":    11,
}
View Source
var IntegAlg_name = map[int32]string{
	0: "NONE_INTEG",
	1: "MD5_96",
	2: "SHA1_96",
	3: "SHA_256_96",
	4: "SHA_256_128",
	5: "SHA_384_192",
	6: "SHA_512_256",
}
View Source
var IntegAlg_value = map[string]int32{
	"NONE_INTEG":  0,
	"MD5_96":      1,
	"SHA1_96":     2,
	"SHA_256_96":  3,
	"SHA_256_128": 4,
	"SHA_384_192": 5,
	"SHA_512_256": 6,
}
View Source
var SecurityAssociation_IPSecProtocol_name = map[int32]string{
	0: "AH",
	1: "ESP",
}
View Source
var SecurityAssociation_IPSecProtocol_value = map[string]int32{
	"AH":  0,
	"ESP": 1,
}
View Source
var SecurityPolicyDatabase_PolicyEntry_Action_name = map[int32]string{
	0: "BYPASS",
	1: "DISCARD",
	2: "RESOLVE",
	3: "PROTECT",
}
View Source
var SecurityPolicyDatabase_PolicyEntry_Action_value = map[string]int32{
	"BYPASS":  0,
	"DISCARD": 1,
	"RESOLVE": 2,
	"PROTECT": 3,
}

Functions

func ParseSPDInterfaceKey

func ParseSPDInterfaceKey(key string) (spdIndex string, iface string, isSPDIfaceKey bool)

ParseSPDInterfaceKey parses key representing binding between interface and a security policy database

func ParseSPDPolicyKey

func ParseSPDPolicyKey(key string) (spdIndex string, saIndex string, isSPDIfaceKey bool)

ParseSPDPolicyKey parses key representing binding between policy (security association) and a security policy database

func SAKey

func SAKey(index uint32) string

SAKey returns the key used in NB DB to store the configuration of the given security association configuration.

func SPDInterfaceKey

func SPDInterfaceKey(spdIndex uint32, ifName string) string

SPDInterfaceKey returns the key used to represent binding between the given interface and the security policy database.

func SPDKey

func SPDKey(index uint32) string

SPDKey returns the key used in NB DB to store the configuration of the given security policy database configuration.

func SPDPolicyKey

func SPDPolicyKey(spdIndex uint32, saIndex uint32) string

SPDPolicyKey returns the key used to represent binding between the given policy (security association) and the security policy database.

Types

type CryptoAlg

type CryptoAlg int32

Cryptographic algorithm for encryption

const (
	CryptoAlg_NONE_CRYPTO CryptoAlg = 0
	CryptoAlg_AES_CBC_128 CryptoAlg = 1
	CryptoAlg_AES_CBC_192 CryptoAlg = 2
	CryptoAlg_AES_CBC_256 CryptoAlg = 3
	CryptoAlg_AES_CTR_128 CryptoAlg = 4
	CryptoAlg_AES_CTR_192 CryptoAlg = 5
	CryptoAlg_AES_CTR_256 CryptoAlg = 6
	CryptoAlg_AES_GCM_128 CryptoAlg = 7
	CryptoAlg_AES_GCM_192 CryptoAlg = 8
	CryptoAlg_AES_GCM_256 CryptoAlg = 9
	CryptoAlg_DES_CBC     CryptoAlg = 10
	CryptoAlg_DES3_CBC    CryptoAlg = 11
)

func (CryptoAlg) EnumDescriptor

func (CryptoAlg) EnumDescriptor() ([]byte, []int)

func (CryptoAlg) String

func (x CryptoAlg) String() string

type IntegAlg

type IntegAlg int32

Cryptographic algorithm for authentication

const (
	IntegAlg_NONE_INTEG  IntegAlg = 0
	IntegAlg_MD5_96      IntegAlg = 1
	IntegAlg_SHA1_96     IntegAlg = 2
	IntegAlg_SHA_256_96  IntegAlg = 3
	IntegAlg_SHA_256_128 IntegAlg = 4
	IntegAlg_SHA_384_192 IntegAlg = 5
	IntegAlg_SHA_512_256 IntegAlg = 6
)

func (IntegAlg) EnumDescriptor

func (IntegAlg) EnumDescriptor() ([]byte, []int)

func (IntegAlg) String

func (x IntegAlg) String() string

type SecurityAssociation

type SecurityAssociation struct {
	Index                uint32                            `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
	Spi                  uint32                            `protobuf:"varint,2,opt,name=spi,proto3" json:"spi,omitempty"`
	Protocol             SecurityAssociation_IPSecProtocol `` /* 126-byte string literal not displayed */
	CryptoAlg            CryptoAlg                         `protobuf:"varint,4,opt,name=crypto_alg,json=cryptoAlg,proto3,enum=ligato.vpp.ipsec.CryptoAlg" json:"crypto_alg,omitempty"`
	CryptoKey            string                            `protobuf:"bytes,5,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`
	IntegAlg             IntegAlg                          `protobuf:"varint,6,opt,name=integ_alg,json=integAlg,proto3,enum=ligato.vpp.ipsec.IntegAlg" json:"integ_alg,omitempty"`
	IntegKey             string                            `protobuf:"bytes,7,opt,name=integ_key,json=integKey,proto3" json:"integ_key,omitempty"`
	UseEsn               bool                              `protobuf:"varint,8,opt,name=use_esn,json=useEsn,proto3" json:"use_esn,omitempty"`
	UseAntiReplay        bool                              `protobuf:"varint,9,opt,name=use_anti_replay,json=useAntiReplay,proto3" json:"use_anti_replay,omitempty"`
	TunnelSrcAddr        string                            `protobuf:"bytes,10,opt,name=tunnel_src_addr,json=tunnelSrcAddr,proto3" json:"tunnel_src_addr,omitempty"`
	TunnelDstAddr        string                            `protobuf:"bytes,11,opt,name=tunnel_dst_addr,json=tunnelDstAddr,proto3" json:"tunnel_dst_addr,omitempty"`
	EnableUdpEncap       bool                              `protobuf:"varint,12,opt,name=enable_udp_encap,json=enableUdpEncap,proto3" json:"enable_udp_encap,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

Security Association (SA)

func (*SecurityAssociation) Descriptor

func (*SecurityAssociation) Descriptor() ([]byte, []int)

func (*SecurityAssociation) GetCryptoAlg

func (m *SecurityAssociation) GetCryptoAlg() CryptoAlg

func (*SecurityAssociation) GetCryptoKey

func (m *SecurityAssociation) GetCryptoKey() string

func (*SecurityAssociation) GetEnableUdpEncap

func (m *SecurityAssociation) GetEnableUdpEncap() bool

func (*SecurityAssociation) GetIndex

func (m *SecurityAssociation) GetIndex() uint32

func (*SecurityAssociation) GetIntegAlg

func (m *SecurityAssociation) GetIntegAlg() IntegAlg

func (*SecurityAssociation) GetIntegKey

func (m *SecurityAssociation) GetIntegKey() string

func (*SecurityAssociation) GetProtocol

func (*SecurityAssociation) GetSpi

func (m *SecurityAssociation) GetSpi() uint32

func (*SecurityAssociation) GetTunnelDstAddr

func (m *SecurityAssociation) GetTunnelDstAddr() string

func (*SecurityAssociation) GetTunnelSrcAddr

func (m *SecurityAssociation) GetTunnelSrcAddr() string

func (*SecurityAssociation) GetUseAntiReplay

func (m *SecurityAssociation) GetUseAntiReplay() bool

func (*SecurityAssociation) GetUseEsn

func (m *SecurityAssociation) GetUseEsn() bool

func (*SecurityAssociation) ProtoMessage

func (*SecurityAssociation) ProtoMessage()

func (*SecurityAssociation) Reset

func (m *SecurityAssociation) Reset()

func (*SecurityAssociation) String

func (m *SecurityAssociation) String() string

func (*SecurityAssociation) XXX_DiscardUnknown

func (m *SecurityAssociation) XXX_DiscardUnknown()

func (*SecurityAssociation) XXX_Marshal

func (m *SecurityAssociation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecurityAssociation) XXX_Merge

func (m *SecurityAssociation) XXX_Merge(src proto.Message)

func (*SecurityAssociation) XXX_Size

func (m *SecurityAssociation) XXX_Size() int

func (*SecurityAssociation) XXX_Unmarshal

func (m *SecurityAssociation) XXX_Unmarshal(b []byte) error

type SecurityAssociation_IPSecProtocol

type SecurityAssociation_IPSecProtocol int32
const (
	SecurityAssociation_AH  SecurityAssociation_IPSecProtocol = 0
	SecurityAssociation_ESP SecurityAssociation_IPSecProtocol = 1
)

func (SecurityAssociation_IPSecProtocol) EnumDescriptor

func (SecurityAssociation_IPSecProtocol) EnumDescriptor() ([]byte, []int)

func (SecurityAssociation_IPSecProtocol) String

type SecurityPolicyDatabase

type SecurityPolicyDatabase struct {
	Index                uint32                                `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
	Interfaces           []*SecurityPolicyDatabase_Interface   `protobuf:"bytes,2,rep,name=interfaces,proto3" json:"interfaces,omitempty"`
	PolicyEntries        []*SecurityPolicyDatabase_PolicyEntry `protobuf:"bytes,3,rep,name=policy_entries,json=policyEntries,proto3" json:"policy_entries,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                              `json:"-"`
	XXX_unrecognized     []byte                                `json:"-"`
	XXX_sizecache        int32                                 `json:"-"`
}

Security Policy Database (SPD)

func (*SecurityPolicyDatabase) Descriptor

func (*SecurityPolicyDatabase) Descriptor() ([]byte, []int)

func (*SecurityPolicyDatabase) GetIndex

func (m *SecurityPolicyDatabase) GetIndex() uint32

func (*SecurityPolicyDatabase) GetInterfaces

func (*SecurityPolicyDatabase) GetPolicyEntries

func (*SecurityPolicyDatabase) ProtoMessage

func (*SecurityPolicyDatabase) ProtoMessage()

func (*SecurityPolicyDatabase) Reset

func (m *SecurityPolicyDatabase) Reset()

func (*SecurityPolicyDatabase) String

func (m *SecurityPolicyDatabase) String() string

func (*SecurityPolicyDatabase) XXX_DiscardUnknown

func (m *SecurityPolicyDatabase) XXX_DiscardUnknown()

func (*SecurityPolicyDatabase) XXX_Marshal

func (m *SecurityPolicyDatabase) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecurityPolicyDatabase) XXX_Merge

func (m *SecurityPolicyDatabase) XXX_Merge(src proto.Message)

func (*SecurityPolicyDatabase) XXX_Size

func (m *SecurityPolicyDatabase) XXX_Size() int

func (*SecurityPolicyDatabase) XXX_Unmarshal

func (m *SecurityPolicyDatabase) XXX_Unmarshal(b []byte) error

type SecurityPolicyDatabase_Interface

type SecurityPolicyDatabase_Interface struct {
	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*SecurityPolicyDatabase_Interface) Descriptor

func (*SecurityPolicyDatabase_Interface) Descriptor() ([]byte, []int)

func (*SecurityPolicyDatabase_Interface) GetName

func (*SecurityPolicyDatabase_Interface) ProtoMessage

func (*SecurityPolicyDatabase_Interface) ProtoMessage()

func (*SecurityPolicyDatabase_Interface) Reset

func (*SecurityPolicyDatabase_Interface) String

func (*SecurityPolicyDatabase_Interface) XXX_DiscardUnknown

func (m *SecurityPolicyDatabase_Interface) XXX_DiscardUnknown()

func (*SecurityPolicyDatabase_Interface) XXX_Marshal

func (m *SecurityPolicyDatabase_Interface) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecurityPolicyDatabase_Interface) XXX_Merge

func (*SecurityPolicyDatabase_Interface) XXX_Size

func (m *SecurityPolicyDatabase_Interface) XXX_Size() int

func (*SecurityPolicyDatabase_Interface) XXX_Unmarshal

func (m *SecurityPolicyDatabase_Interface) XXX_Unmarshal(b []byte) error

type SecurityPolicyDatabase_PolicyEntry

type SecurityPolicyDatabase_PolicyEntry struct {
	SaIndex              uint32                                    `protobuf:"varint,1,opt,name=sa_index,json=saIndex,proto3" json:"sa_index,omitempty"`
	Priority             int32                                     `protobuf:"varint,2,opt,name=priority,proto3" json:"priority,omitempty"`
	IsOutbound           bool                                      `protobuf:"varint,3,opt,name=is_outbound,json=isOutbound,proto3" json:"is_outbound,omitempty"`
	RemoteAddrStart      string                                    `protobuf:"bytes,4,opt,name=remote_addr_start,json=remoteAddrStart,proto3" json:"remote_addr_start,omitempty"`
	RemoteAddrStop       string                                    `protobuf:"bytes,5,opt,name=remote_addr_stop,json=remoteAddrStop,proto3" json:"remote_addr_stop,omitempty"`
	LocalAddrStart       string                                    `protobuf:"bytes,6,opt,name=local_addr_start,json=localAddrStart,proto3" json:"local_addr_start,omitempty"`
	LocalAddrStop        string                                    `protobuf:"bytes,7,opt,name=local_addr_stop,json=localAddrStop,proto3" json:"local_addr_stop,omitempty"`
	Protocol             uint32                                    `protobuf:"varint,8,opt,name=protocol,proto3" json:"protocol,omitempty"`
	RemotePortStart      uint32                                    `protobuf:"varint,9,opt,name=remote_port_start,json=remotePortStart,proto3" json:"remote_port_start,omitempty"`
	RemotePortStop       uint32                                    `protobuf:"varint,10,opt,name=remote_port_stop,json=remotePortStop,proto3" json:"remote_port_stop,omitempty"`
	LocalPortStart       uint32                                    `protobuf:"varint,11,opt,name=local_port_start,json=localPortStart,proto3" json:"local_port_start,omitempty"`
	LocalPortStop        uint32                                    `protobuf:"varint,12,opt,name=local_port_stop,json=localPortStop,proto3" json:"local_port_stop,omitempty"`
	Action               SecurityPolicyDatabase_PolicyEntry_Action `` /* 131-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}                                  `json:"-"`
	XXX_unrecognized     []byte                                    `json:"-"`
	XXX_sizecache        int32                                     `json:"-"`
}

func (*SecurityPolicyDatabase_PolicyEntry) Descriptor

func (*SecurityPolicyDatabase_PolicyEntry) Descriptor() ([]byte, []int)

func (*SecurityPolicyDatabase_PolicyEntry) GetAction

func (*SecurityPolicyDatabase_PolicyEntry) GetIsOutbound

func (m *SecurityPolicyDatabase_PolicyEntry) GetIsOutbound() bool

func (*SecurityPolicyDatabase_PolicyEntry) GetLocalAddrStart

func (m *SecurityPolicyDatabase_PolicyEntry) GetLocalAddrStart() string

func (*SecurityPolicyDatabase_PolicyEntry) GetLocalAddrStop

func (m *SecurityPolicyDatabase_PolicyEntry) GetLocalAddrStop() string

func (*SecurityPolicyDatabase_PolicyEntry) GetLocalPortStart

func (m *SecurityPolicyDatabase_PolicyEntry) GetLocalPortStart() uint32

func (*SecurityPolicyDatabase_PolicyEntry) GetLocalPortStop

func (m *SecurityPolicyDatabase_PolicyEntry) GetLocalPortStop() uint32

func (*SecurityPolicyDatabase_PolicyEntry) GetPriority

func (m *SecurityPolicyDatabase_PolicyEntry) GetPriority() int32

func (*SecurityPolicyDatabase_PolicyEntry) GetProtocol

func (m *SecurityPolicyDatabase_PolicyEntry) GetProtocol() uint32

func (*SecurityPolicyDatabase_PolicyEntry) GetRemoteAddrStart

func (m *SecurityPolicyDatabase_PolicyEntry) GetRemoteAddrStart() string

func (*SecurityPolicyDatabase_PolicyEntry) GetRemoteAddrStop

func (m *SecurityPolicyDatabase_PolicyEntry) GetRemoteAddrStop() string

func (*SecurityPolicyDatabase_PolicyEntry) GetRemotePortStart

func (m *SecurityPolicyDatabase_PolicyEntry) GetRemotePortStart() uint32

func (*SecurityPolicyDatabase_PolicyEntry) GetRemotePortStop

func (m *SecurityPolicyDatabase_PolicyEntry) GetRemotePortStop() uint32

func (*SecurityPolicyDatabase_PolicyEntry) GetSaIndex

func (*SecurityPolicyDatabase_PolicyEntry) ProtoMessage

func (*SecurityPolicyDatabase_PolicyEntry) ProtoMessage()

func (*SecurityPolicyDatabase_PolicyEntry) Reset

func (*SecurityPolicyDatabase_PolicyEntry) String

func (*SecurityPolicyDatabase_PolicyEntry) XXX_DiscardUnknown

func (m *SecurityPolicyDatabase_PolicyEntry) XXX_DiscardUnknown()

func (*SecurityPolicyDatabase_PolicyEntry) XXX_Marshal

func (m *SecurityPolicyDatabase_PolicyEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecurityPolicyDatabase_PolicyEntry) XXX_Merge

func (*SecurityPolicyDatabase_PolicyEntry) XXX_Size

func (*SecurityPolicyDatabase_PolicyEntry) XXX_Unmarshal

func (m *SecurityPolicyDatabase_PolicyEntry) XXX_Unmarshal(b []byte) error

type SecurityPolicyDatabase_PolicyEntry_Action

type SecurityPolicyDatabase_PolicyEntry_Action int32
const (
	SecurityPolicyDatabase_PolicyEntry_BYPASS  SecurityPolicyDatabase_PolicyEntry_Action = 0
	SecurityPolicyDatabase_PolicyEntry_DISCARD SecurityPolicyDatabase_PolicyEntry_Action = 1
	SecurityPolicyDatabase_PolicyEntry_RESOLVE SecurityPolicyDatabase_PolicyEntry_Action = 2
	SecurityPolicyDatabase_PolicyEntry_PROTECT SecurityPolicyDatabase_PolicyEntry_Action = 3
)

func (SecurityPolicyDatabase_PolicyEntry_Action) EnumDescriptor

func (SecurityPolicyDatabase_PolicyEntry_Action) EnumDescriptor() ([]byte, []int)

func (SecurityPolicyDatabase_PolicyEntry_Action) String

type TunnelProtection added in v3.1.0

type TunnelProtection struct {
	// Name of the interface to be protected with IPSec.
	Interface string `protobuf:"bytes,1,opt,name=interface,proto3" json:"interface,omitempty"`
	// Outbound security associations identified by SA index.
	SaOut []uint32 `protobuf:"varint,2,rep,packed,name=sa_out,json=saOut,proto3" json:"sa_out,omitempty"`
	// Inbound security associations identified by SA index.
	SaIn                 []uint32 `protobuf:"varint,3,rep,packed,name=sa_in,json=saIn,proto3" json:"sa_in,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

TunnelProtection allows enabling IPSec tunnel protection on an existing interface (only IPIP tunnel interfaces are currently supported)

func (*TunnelProtection) Descriptor added in v3.1.0

func (*TunnelProtection) Descriptor() ([]byte, []int)

func (*TunnelProtection) GetInterface added in v3.1.0

func (m *TunnelProtection) GetInterface() string

func (*TunnelProtection) GetSaIn added in v3.1.0

func (m *TunnelProtection) GetSaIn() []uint32

func (*TunnelProtection) GetSaOut added in v3.1.0

func (m *TunnelProtection) GetSaOut() []uint32

func (*TunnelProtection) ProtoMessage added in v3.1.0

func (*TunnelProtection) ProtoMessage()

func (*TunnelProtection) Reset added in v3.1.0

func (m *TunnelProtection) Reset()

func (*TunnelProtection) String added in v3.1.0

func (m *TunnelProtection) String() string

func (*TunnelProtection) XXX_DiscardUnknown added in v3.1.0

func (m *TunnelProtection) XXX_DiscardUnknown()

func (*TunnelProtection) XXX_Marshal added in v3.1.0

func (m *TunnelProtection) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TunnelProtection) XXX_Merge added in v3.1.0

func (m *TunnelProtection) XXX_Merge(src proto.Message)

func (*TunnelProtection) XXX_Size added in v3.1.0

func (m *TunnelProtection) XXX_Size() int

func (*TunnelProtection) XXX_Unmarshal added in v3.1.0

func (m *TunnelProtection) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL