Line data Source code
1 : /*
2 : * Copyright (c) 2015 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : #ifndef __included_ikev2_priv_h__
16 : #define __included_ikev2_priv_h__
17 :
18 : #include <vnet/vnet.h>
19 : #include <vnet/ip/ip.h>
20 : #include <vnet/ethernet/ethernet.h>
21 :
22 : #include <plugins/ikev2/ikev2.h>
23 :
24 : #include <vppinfra/hash.h>
25 : #include <vppinfra/elog.h>
26 : #include <vppinfra/error.h>
27 :
28 : #include <openssl/rand.h>
29 : #include <openssl/dh.h>
30 : #include <openssl/hmac.h>
31 : #include <openssl/evp.h>
32 :
33 : #define foreach_ikev2_log_level \
34 : _(0x00, LOG_NONE) \
35 : _(0x01, LOG_ERROR) \
36 : _(0x02, LOG_WARNING) \
37 : _(0x03, LOG_INFO) \
38 : _(0x04, LOG_DEBUG) \
39 : _(0x05, LOG_DETAIL) \
40 :
41 :
42 : typedef enum ikev2_log_level_t_
43 : {
44 : #define _(n,f) IKEV2_##f = n,
45 : foreach_ikev2_log_level
46 : #undef _
47 : IKEV2_LOG_MAX
48 : } ikev2_log_level_t;
49 :
50 : /* dataplane logging */
51 : #define _ikev2_elog(_level, _msg) \
52 : do { \
53 : ikev2_main_t *km = &ikev2_main; \
54 : if (PREDICT_FALSE (km->log_level >= _level)) \
55 : { \
56 : ELOG_TYPE_DECLARE (e) = \
57 : { \
58 : .format = "ikev2 " _msg, \
59 : .format_args = "", \
60 : }; \
61 : ELOG_DATA (&vlib_global_main.elog_main, e); \
62 : } \
63 : } while (0)
64 :
65 : #define ikev2_elog_sa_state(_format, _ispi) \
66 : do { \
67 : ikev2_main_t *km = &ikev2_main; \
68 : if (PREDICT_FALSE (km->log_level >= IKEV2_LOG_DEBUG)) \
69 : { \
70 : ELOG_TYPE_DECLARE (e) = \
71 : { \
72 : .format = "ikev2: " _format, \
73 : .format_args = "i8", \
74 : }; \
75 : CLIB_PACKED(struct \
76 : { \
77 : u64 ispi; \
78 : }) *ed; \
79 : ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
80 : ed->ispi = _ispi; \
81 : } \
82 : } while (0) \
83 :
84 : #define ikev2_elog_exchange_internal(_format, _ispi, _rspi, _addr) \
85 : do { \
86 : ikev2_main_t *km = &ikev2_main; \
87 : if (PREDICT_FALSE (km->log_level >= IKEV2_LOG_DEBUG)) \
88 : { \
89 : ELOG_TYPE_DECLARE (e) = \
90 : { \
91 : .format = "ikev2: " _format, \
92 : .format_args = "i8i8i1i1i1i1", \
93 : }; \
94 : CLIB_PACKED(struct \
95 : { \
96 : u64 ispi; \
97 : u64 rspi; \
98 : u8 oct1; \
99 : u8 oct2; \
100 : u8 oct3; \
101 : u8 oct4; \
102 : }) *ed; \
103 : ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
104 : ed->ispi = _ispi; \
105 : ed->rspi = _rspi; \
106 : ed->oct4 = (_addr) >> 24; \
107 : ed->oct3 = (_addr) >> 16; \
108 : ed->oct2 = (_addr) >> 8; \
109 : ed->oct1 = (_addr); \
110 : } \
111 : } while (0) \
112 :
113 : #define IKE_ELOG_IP4_FMT "%d.%d.%d.%d"
114 : #define IKE_ELOG_IP6_FMT "[v6]:%x%x:%x%x"
115 :
116 : #define ikev2_elog_exchange(_fmt, _ispi, _rspi, _addr, _v4) \
117 : do { \
118 : if (_v4) \
119 : ikev2_elog_exchange_internal (_fmt IKE_ELOG_IP4_FMT, _ispi, _rspi, _addr);\
120 : else \
121 : ikev2_elog_exchange_internal (_fmt IKE_ELOG_IP6_FMT, _ispi, _rspi, _addr);\
122 : } while (0)
123 :
124 : #define ikev2_elog_uint(_level, _format, _val) \
125 : do { \
126 : ikev2_main_t *km = &ikev2_main; \
127 : if (PREDICT_FALSE (km->log_level >= _level)) \
128 : { \
129 : ELOG_TYPE_DECLARE (e) = \
130 : { \
131 : .format = "ikev2: " _format, \
132 : .format_args = "i8", \
133 : }; \
134 : CLIB_PACKED(struct \
135 : { \
136 : u64 val; \
137 : }) *ed; \
138 : ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
139 : ed->val = _val; \
140 : } \
141 : } while (0)
142 :
143 : #define ikev2_elog_uint_peers(_level, _format, _val, _ip1, _ip2) \
144 : do { \
145 : ikev2_main_t *km = &ikev2_main; \
146 : if (PREDICT_FALSE (km->log_level >= _level)) \
147 : { \
148 : ELOG_TYPE_DECLARE (e) = \
149 : { \
150 : .format = "ikev2: " _format, \
151 : .format_args = "i8i1i1i1i1i1i1i1i1", \
152 : }; \
153 : CLIB_PACKED(struct { \
154 : u64 val; \
155 : u8 i11; u8 i12; u8 i13; u8 i14; \
156 : u8 i21; u8 i22; u8 i23; u8 i24; }) *ed; \
157 : ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
158 : ed->val = _val; \
159 : ed->i14 = (_ip1) >> 24; \
160 : ed->i13 = (_ip1) >> 16; \
161 : ed->i12 = (_ip1) >> 8; \
162 : ed->i11 = (_ip1); \
163 : ed->i24 = (_ip2) >> 24; \
164 : ed->i23 = (_ip2) >> 16; \
165 : ed->i22 = (_ip2) >> 8; \
166 : ed->i21 = (_ip2); \
167 : } \
168 : } while (0)
169 :
170 : #define ikev2_elog_error(_msg) \
171 : _ikev2_elog(IKEV2_LOG_ERROR, "[error] " _msg)
172 : #define ikev2_elog_warning(_msg) \
173 : _ikev2_elog(IKEV2_LOG_WARNING, "[warning] " _msg)
174 : #define ikev2_elog_debug(_msg) \
175 : _ikev2_elog(IKEV2_LOG_DEBUG, "[debug] " _msg)
176 : #define ikev2_elog_detail(_msg) \
177 : _ikev2_elog(IKEV2_LOG_DETAIL, "[detail] " _msg)
178 :
179 : /* logging for main thread */
180 : #define ikev2_log_error(...) \
181 : vlib_log(VLIB_LOG_LEVEL_ERR, ikev2_main.log_class, __VA_ARGS__)
182 : #define ikev2_log_warning(...) \
183 : vlib_log(VLIB_LOG_LEVEL_WARNING, ikev2_main.log_class, __VA_ARGS__)
184 : #define ikev2_log_debug(...) \
185 : vlib_log(VLIB_LOG_LEVEL_DEBUG, ikev2_main.log_class, __VA_ARGS__)
186 :
187 : typedef enum
188 : {
189 : IKEV2_STATE_UNKNOWN,
190 : IKEV2_STATE_SA_INIT,
191 : IKEV2_STATE_DELETED,
192 : IKEV2_STATE_AUTH_FAILED,
193 : IKEV2_STATE_AUTHENTICATED,
194 : IKEV2_STATE_NOTIFY_AND_DELETE,
195 : IKEV2_STATE_TS_UNACCEPTABLE,
196 : IKEV2_STATE_NO_PROPOSAL_CHOSEN,
197 : } ikev2_state_t;
198 :
199 : typedef struct
200 : {
201 : ikev2_auth_method_t method:8;
202 : u8 *data;
203 : u8 hex; /* hex encoding of the shared secret */
204 : EVP_PKEY *key;
205 : } ikev2_auth_t;
206 :
207 : typedef enum
208 : {
209 : IKEV2_DH_GROUP_MODP = 0,
210 : IKEV2_DH_GROUP_ECP = 1,
211 : } ikev2_dh_group_t;
212 :
213 : typedef struct
214 : {
215 : ikev2_transform_type_t type;
216 : union
217 : {
218 : u16 transform_id;
219 : ikev2_transform_encr_type_t encr_type:16;
220 : ikev2_transform_prf_type_t prf_type:16;
221 : ikev2_transform_integ_type_t integ_type:16;
222 : ikev2_transform_dh_type_t dh_type:16;
223 : ikev2_transform_esn_type_t esn_type:16;
224 : };
225 : u8 *attrs;
226 : u16 key_len;
227 : u16 key_trunc;
228 : u16 block_size;
229 : u8 dh_group;
230 : int nid;
231 : const char *dh_p;
232 : const char *dh_g;
233 : const void *md;
234 : const void *cipher;
235 : } ikev2_sa_transform_t;
236 :
237 : typedef struct
238 : {
239 : u8 proposal_num;
240 : ikev2_protocol_id_t protocol_id:8;
241 : u32 spi;
242 : ikev2_sa_transform_t *transforms;
243 : } ikev2_sa_proposal_t;
244 :
245 : typedef struct
246 : {
247 : ikev2_traffic_selector_type_t ts_type;
248 : u8 protocol_id;
249 : u16 selector_len;
250 : u16 start_port;
251 : u16 end_port;
252 : ip_address_t start_addr;
253 : ip_address_t end_addr;
254 : } ikev2_ts_t;
255 :
256 : typedef struct
257 : {
258 : u32 sw_if_index;
259 : ip_address_t addr;
260 : u8 *hostname;
261 : u8 is_resolved;
262 : } ikev2_responder_t;
263 :
264 : typedef struct
265 : {
266 : ikev2_transform_encr_type_t crypto_alg;
267 : ikev2_transform_integ_type_t integ_alg;
268 : ikev2_transform_dh_type_t dh_type;
269 : u32 crypto_key_size;
270 : } ikev2_transforms_set;
271 :
272 :
273 : typedef struct
274 : {
275 : ikev2_id_type_t type:8;
276 : u8 *data;
277 : } ikev2_id_t;
278 :
279 : typedef struct
280 : {
281 : /* sa proposals vectors */
282 : ikev2_sa_proposal_t *i_proposals;
283 : ikev2_sa_proposal_t *r_proposals;
284 :
285 : /* Traffic Selectors */
286 : ikev2_ts_t *tsi;
287 : ikev2_ts_t *tsr;
288 :
289 : /* keys */
290 : u8 *sk_ai;
291 : u8 *sk_ar;
292 : u8 *sk_ei;
293 : u8 *sk_er;
294 : u32 salt_ei;
295 : u32 salt_er;
296 :
297 : /* installed data */
298 : u32 local_sa_id;
299 : u32 remote_sa_id;
300 :
301 : /* lifetime data */
302 : f64 time_to_expiration;
303 : u8 is_expired;
304 : i8 rekey_retries;
305 : } ikev2_child_sa_t;
306 :
307 : typedef struct
308 : {
309 : u8 protocol_id;
310 : u32 spi; /*for ESP and AH SPI size is 4, for IKE size is 0 */
311 : } ikev2_delete_t;
312 :
313 : typedef struct
314 : {
315 : u16 notify_type;
316 : u8 kex;
317 : u8 protocol_id;
318 : u32 spi;
319 : u32 ispi;
320 : ikev2_sa_proposal_t *i_proposal;
321 : ikev2_sa_proposal_t *r_proposal;
322 : ikev2_ts_t *tsi;
323 : ikev2_ts_t *tsr;
324 : } ikev2_rekey_t;
325 :
326 : typedef struct
327 : {
328 : u16 msg_type;
329 : u8 protocol_id;
330 : u32 spi;
331 : u8 *data;
332 : } ikev2_notify_t;
333 :
334 : typedef struct
335 : {
336 : u8 *name;
337 :
338 : ikev2_auth_t auth;
339 : ikev2_id_t loc_id;
340 : ikev2_id_t rem_id;
341 : ikev2_ts_t loc_ts;
342 : ikev2_ts_t rem_ts;
343 : ikev2_responder_t responder;
344 : ikev2_transforms_set ike_ts;
345 : ikev2_transforms_set esp_ts;
346 : u64 lifetime;
347 : u64 lifetime_maxdata;
348 : u32 lifetime_jitter;
349 : u32 handover;
350 : u16 ipsec_over_udp_port;
351 :
352 : u32 tun_itf;
353 : u8 udp_encap;
354 : u8 natt_disabled;
355 : } ikev2_profile_t;
356 :
357 : typedef enum
358 : {
359 : /* SA will switch to port 4500 when NAT is detected.
360 : * This is the default. */
361 : IKEV2_NATT_ENABLED,
362 :
363 : /* Do nothing when NAT is detected */
364 : IKEV2_NATT_DISABLED,
365 :
366 : /* NAT was detected and port switched to 4500 */
367 : IKEV2_NATT_ACTIVE,
368 : } ikev2_natt_state_t;
369 :
370 : #define ikev2_natt_active(_sa) ((_sa)->natt_state == IKEV2_NATT_ACTIVE)
371 :
372 : typedef struct
373 : {
374 : u16 n_keepalives;
375 : u16 n_rekey_req;
376 : u16 n_sa_auth_req;
377 : u16 n_sa_init_req;
378 : u16 n_init_retransmit;
379 : u16 n_retransmit;
380 : } ikev2_stats_t;
381 :
382 : typedef struct
383 : {
384 : ikev2_state_t state;
385 : u8 unsupported_cp;
386 : u8 initial_contact;
387 : ip_address_t iaddr;
388 : ip_address_t raddr;
389 : u64 ispi;
390 : u64 rspi;
391 : u8 *i_nonce;
392 : u8 *r_nonce;
393 :
394 : /* DH data */
395 : u16 dh_group;
396 : u8 *dh_shared_key;
397 : u8 *dh_private_key;
398 : u8 *i_dh_data;
399 : u8 *r_dh_data;
400 :
401 : /* sa proposals vectors */
402 : ikev2_sa_proposal_t *i_proposals;
403 : ikev2_sa_proposal_t *r_proposals;
404 :
405 : /* keys */
406 : u8 *sk_d;
407 : u8 *sk_ai;
408 : u8 *sk_ar;
409 : u8 *sk_ei;
410 : u8 *sk_er;
411 : u8 *sk_pi;
412 : u8 *sk_pr;
413 :
414 : /* auth */
415 : ikev2_auth_t i_auth;
416 : ikev2_auth_t r_auth;
417 :
418 : /* ID */
419 : ikev2_id_t i_id;
420 : ikev2_id_t r_id;
421 :
422 : /* pending deletes */
423 : ikev2_delete_t *del;
424 :
425 : /* pending rekeyings */
426 : ikev2_rekey_t *rekey;
427 :
428 : ikev2_rekey_t *new_child;
429 :
430 : /* packet data */
431 : u8 *last_sa_init_req_packet_data;
432 : u8 *last_sa_init_res_packet_data;
433 :
434 : /* retransmit */
435 : /* message id expected in the request from the other peer */
436 : u32 last_msg_id;
437 : u8 *last_res_packet_data;
438 :
439 : u8 is_initiator;
440 : /* last message id that was used for an initiated request */
441 : u32 last_init_msg_id;
442 : u32 profile_index;
443 : u8 is_tun_itf_set;
444 : u32 tun_itf;
445 : u8 udp_encap;
446 : u16 ipsec_over_udp_port;
447 :
448 : f64 old_id_expiration;
449 : u32 current_remote_id_mask;
450 : u32 old_remote_id;
451 : u8 old_remote_id_present;
452 : u8 init_response_received;
453 :
454 : ikev2_child_sa_t *childs;
455 :
456 : u8 liveness_retries;
457 : f64 liveness_period_check;
458 :
459 : u16 dst_port;
460 : u32 sw_if_index;
461 :
462 : /* is NAT traversal mode */
463 : ikev2_natt_state_t natt_state;
464 : u8 keys_generated;
465 :
466 : ikev2_stats_t stats;
467 : } ikev2_sa_t;
468 :
469 :
470 : typedef struct
471 : {
472 : CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
473 :
474 : /* pool of IKEv2 Security Associations */
475 : ikev2_sa_t *sas;
476 :
477 : /* hash */
478 : uword *sa_by_rspi;
479 :
480 : EVP_CIPHER_CTX *evp_ctx;
481 : HMAC_CTX *hmac_ctx;
482 : #if OPENSSL_VERSION_NUMBER < 0x10100000L
483 : HMAC_CTX _hmac_ctx;
484 : EVP_CIPHER_CTX _evp_ctx;
485 : #endif
486 : } ikev2_main_per_thread_data_t;
487 :
488 : typedef struct
489 : {
490 : /* pool of IKEv2 profiles */
491 : ikev2_profile_t *profiles;
492 :
493 : /* vector of supported transform types */
494 : ikev2_sa_transform_t *supported_transforms;
495 :
496 : /* hash */
497 : mhash_t profile_index_by_name;
498 :
499 : /* local private key */
500 : EVP_PKEY *pkey;
501 :
502 : /* convenience */
503 : vlib_main_t *vlib_main;
504 : vnet_main_t *vnet_main;
505 :
506 : /* pool of IKEv2 Security Associations created in initiator mode */
507 : ikev2_sa_t *sais;
508 : /* hash */
509 : uword *sa_by_ispi;
510 :
511 : ikev2_main_per_thread_data_t *per_thread_data;
512 :
513 : /* interface indices managed by IKE */
514 : uword *sw_if_indices;
515 :
516 : /* API message ID base */
517 : u16 msg_id_base;
518 :
519 : /* log class used for main thread */
520 : vlib_log_class_t log_class;
521 :
522 : /* logging level */
523 : ikev2_log_level_t log_level;
524 :
525 : /* how often a liveness check will be performed */
526 : u32 liveness_period;
527 :
528 : /* max number of retries before considering peer dead */
529 : u32 liveness_max_retries;
530 :
531 : /* dead peer detection */
532 : u8 dpd_disabled;
533 :
534 : /* pointer to name resolver function in dns plugin */
535 : void *dns_resolve_name_ptr;
536 :
537 : /* flag indicating whether lazy init is done or not */
538 : int lazy_init_done;
539 :
540 : /* refcount for IKEv2 udp ports and IPsec NATT punt registration */
541 : int bind_refcount;
542 :
543 : /* punt handle for IPsec NATT IPSEC_PUNT_IP4_SPI_UDP_0 reason */
544 : vlib_punt_hdl_t punt_hdl;
545 :
546 : } ikev2_main_t;
547 :
548 : extern ikev2_main_t ikev2_main;
549 :
550 : void ikev2_sa_free_proposal_vector (ikev2_sa_proposal_t ** v);
551 : ikev2_sa_transform_t *ikev2_sa_get_td_for_type (ikev2_sa_proposal_t * p,
552 : ikev2_transform_type_t type);
553 :
554 : /* ikev2_crypto.c */
555 : v8 *ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data);
556 : u8 *ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed,
557 : int len);
558 : v8 *ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data,
559 : int len);
560 : int ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
561 : ikev2_sa_transform_t * tr_encr, u8 * data, int len,
562 : u32 * out_len);
563 : int ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
564 : ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst);
565 : int ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd,
566 : ikev2_sa_t * sa, ikev2_sa_transform_t * tr_encr,
567 : v8 * src, u8 * dst, u8 * aad,
568 : u32 aad_len, u8 * tag);
569 : int ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd,
570 : ikev2_sa_t * sa, ikev2_sa_transform_t * tr_encr,
571 : u8 * data, int data_len, u8 * aad, u32 aad_len,
572 : u8 * tag, u32 * out_len);
573 : void ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t);
574 : void ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t);
575 : int ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data);
576 : u8 *ikev2_calc_sign (EVP_PKEY * pkey, u8 * data);
577 : EVP_PKEY *ikev2_load_cert_file (u8 * file);
578 : EVP_PKEY *ikev2_load_key_file (u8 * file);
579 : void ikev2_crypto_init (ikev2_main_t * km);
580 :
581 : /* ikev2_payload.c */
582 : typedef struct
583 : {
584 : u8 first_payload_type;
585 : u16 last_hdr_off;
586 : u8 *data;
587 : } ikev2_payload_chain_t;
588 :
589 : #define ikev2_payload_new_chain(V) vec_validate (V, 0)
590 : #define ikev2_payload_destroy_chain(V) do { \
591 : vec_free((V)->data); \
592 : vec_free(V); \
593 : } while (0)
594 :
595 : void ikev2_payload_add_notify (ikev2_payload_chain_t * c, u16 msg_type,
596 : u8 * data);
597 : void ikev2_payload_add_notify_2 (ikev2_payload_chain_t * c, u16 msg_type,
598 : u8 * data, ikev2_notify_t * notify);
599 : void ikev2_payload_add_sa (ikev2_payload_chain_t * c,
600 : ikev2_sa_proposal_t * proposals);
601 : void ikev2_payload_add_ke (ikev2_payload_chain_t * c, u16 dh_group,
602 : u8 * dh_data);
603 : void ikev2_payload_add_nonce (ikev2_payload_chain_t * c, u8 * nonce);
604 : void ikev2_payload_add_id (ikev2_payload_chain_t * c, ikev2_id_t * id,
605 : u8 type);
606 : void ikev2_payload_add_auth (ikev2_payload_chain_t * c, ikev2_auth_t * auth);
607 : void ikev2_payload_add_ts (ikev2_payload_chain_t * c, ikev2_ts_t * ts,
608 : u8 type);
609 : void ikev2_payload_add_delete (ikev2_payload_chain_t * c, ikev2_delete_t * d);
610 : void ikev2_payload_chain_add_padding (ikev2_payload_chain_t * c, int bs);
611 : void ikev2_parse_vendor_payload (ike_payload_header_t * ikep);
612 : ikev2_sa_proposal_t *ikev2_parse_sa_payload (ike_payload_header_t * ikep,
613 : u32 rlen);
614 : ikev2_ts_t *ikev2_parse_ts_payload (ike_payload_header_t * ikep, u32 rlen);
615 : ikev2_delete_t *ikev2_parse_delete_payload (ike_payload_header_t * ikep,
616 : u32 rlen);
617 : ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep,
618 : u32 rlen);
619 : int ikev2_set_log_level (ikev2_log_level_t log_level);
620 : u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type);
621 : void ikev2_disable_dpd (void);
622 : clib_error_t *ikev2_profile_natt_disable (u8 * name);
623 :
624 : static_always_inline ikev2_main_per_thread_data_t *
625 893 : ikev2_get_per_thread_data ()
626 : {
627 893 : u32 thread_index = vlib_get_thread_index ();
628 893 : return vec_elt_at_index (ikev2_main.per_thread_data, thread_index);
629 : }
630 : #endif /* __included_ikev2_priv_h__ */
631 :
632 :
633 : /*
634 : * fd.io coding-style-patch-verification: ON
635 : *
636 : * Local Variables:
637 : * eval: (c-set-style "gnu")
638 : * End:
639 : */
|
