2 *------------------------------------------------------------------
3 * ipsec_api.c - ipsec api
5 * Copyright (c) 2016 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
22 #include <vnet/api_errno.h>
23 #include <vpp/app/version.h>
25 #include <ikev2/ikev2.h>
26 #include <ikev2/ikev2_priv.h>
28 /* define message IDs */
29 #include <plugins/ikev2/ikev2_msg_enum.h>
31 #define vl_typedefs /* define message structures */
32 #include <ikev2/ikev2_all_api.h>
35 #define vl_endianfun /* define message structures */
36 #include <ikev2/ikev2_all_api.h>
39 /* instantiate all the print functions we know about */
40 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
42 #include <ikev2/ikev2_all_api.h>
45 /* Get the API version number */
46 #define vl_api_version(n,v) static u32 api_version=(v);
47 #include <ikev2/ikev2_all_api.h>
50 extern ikev2_main_t ikev2_main;
52 #define IKEV2_PLUGIN_VERSION_MAJOR 1
53 #define IKEV2_PLUGIN_VERSION_MINOR 0
54 #define REPLY_MSG_ID_BASE ikev2_main.msg_id_base
55 #include <vlibapi/api_helper_macros.h>
57 #define foreach_ikev2_api_msg \
58 _(IKEV2_PLUGIN_GET_VERSION, ikev2_plugin_get_version) \
59 _(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del) \
60 _(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth) \
61 _(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id) \
62 _(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts) \
63 _(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key) \
64 _(IKEV2_SET_RESPONDER, ikev2_set_responder) \
65 _(IKEV2_SET_IKE_TRANSFORMS, ikev2_set_ike_transforms) \
66 _(IKEV2_SET_ESP_TRANSFORMS, ikev2_set_esp_transforms) \
67 _(IKEV2_SET_SA_LIFETIME, ikev2_set_sa_lifetime) \
68 _(IKEV2_INITIATE_SA_INIT, ikev2_initiate_sa_init) \
69 _(IKEV2_INITIATE_DEL_IKE_SA, ikev2_initiate_del_ike_sa) \
70 _(IKEV2_INITIATE_DEL_CHILD_SA, ikev2_initiate_del_child_sa) \
71 _(IKEV2_INITIATE_REKEY_CHILD_SA, ikev2_initiate_rekey_child_sa)
74 vl_api_ikev2_plugin_get_version_t_handler (vl_api_ikev2_plugin_get_version_t *
77 ikev2_main_t *im = &ikev2_main;
78 vl_api_ikev2_plugin_get_version_reply_t *rmp;
79 int msg_size = sizeof (*rmp);
80 vl_api_registration_t *reg;
82 reg = vl_api_client_index_to_registration (mp->client_index);
86 rmp = vl_msg_api_alloc (msg_size);
87 clib_memset (rmp, 0, msg_size);
89 ntohs (VL_API_IKEV2_PLUGIN_GET_VERSION_REPLY + im->msg_id_base);
90 rmp->context = mp->context;
91 rmp->major = htonl (IKEV2_PLUGIN_VERSION_MAJOR);
92 rmp->minor = htonl (IKEV2_PLUGIN_VERSION_MINOR);
94 vl_api_send_msg (reg, (u8 *) rmp);
98 vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp)
100 vl_api_ikev2_profile_add_del_reply_t *rmp;
104 vlib_main_t *vm = vlib_get_main ();
106 u8 *tmp = format (0, "%s", mp->name);
107 error = ikev2_add_del_profile (vm, tmp, mp->is_add);
110 rv = VNET_API_ERROR_UNSPECIFIED;
112 rv = VNET_API_ERROR_UNIMPLEMENTED;
115 REPLY_MACRO (VL_API_IKEV2_PROFILE_ADD_DEL_REPLY);
119 vl_api_ikev2_profile_set_auth_t_handler
120 (vl_api_ikev2_profile_set_auth_t * mp)
122 vl_api_ikev2_profile_set_auth_reply_t *rmp;
126 vlib_main_t *vm = vlib_get_main ();
128 int data_len = ntohl (mp->data_len);
129 u8 *tmp = format (0, "%s", mp->name);
130 u8 *data = vec_new (u8, data_len);
131 clib_memcpy (data, mp->data, data_len);
132 error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
136 rv = VNET_API_ERROR_UNSPECIFIED;
138 rv = VNET_API_ERROR_UNIMPLEMENTED;
141 REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_AUTH_REPLY);
145 vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp)
147 vl_api_ikev2_profile_add_del_reply_t *rmp;
151 vlib_main_t *vm = vlib_get_main ();
153 u8 *tmp = format (0, "%s", mp->name);
154 int data_len = ntohl (mp->data_len);
155 u8 *data = vec_new (u8, data_len);
156 clib_memcpy (data, mp->data, data_len);
157 error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
161 rv = VNET_API_ERROR_UNSPECIFIED;
163 rv = VNET_API_ERROR_UNIMPLEMENTED;
166 REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY);
170 vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp)
172 vl_api_ikev2_profile_set_ts_reply_t *rmp;
176 vlib_main_t *vm = vlib_get_main ();
178 u8 *tmp = format (0, "%s", mp->name);
179 error = ikev2_set_profile_ts (vm, tmp, mp->proto, mp->start_port,
180 mp->end_port, (ip4_address_t) mp->start_addr,
181 (ip4_address_t) mp->end_addr, mp->is_local);
184 rv = VNET_API_ERROR_UNSPECIFIED;
186 rv = VNET_API_ERROR_UNIMPLEMENTED;
189 REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_TS_REPLY);
193 vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp)
195 vl_api_ikev2_profile_set_ts_reply_t *rmp;
199 vlib_main_t *vm = vlib_get_main ();
202 error = ikev2_set_local_key (vm, mp->key_file);
204 rv = VNET_API_ERROR_UNSPECIFIED;
206 rv = VNET_API_ERROR_UNIMPLEMENTED;
209 REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
213 vl_api_ikev2_set_responder_t_handler (vl_api_ikev2_set_responder_t * mp)
215 vl_api_ikev2_set_responder_reply_t *rmp;
219 vlib_main_t *vm = vlib_get_main ();
222 u8 *tmp = format (0, "%s", mp->name);
224 clib_memcpy (&ip4, mp->address, sizeof (ip4));
226 error = ikev2_set_profile_responder (vm, tmp, mp->sw_if_index, ip4);
229 rv = VNET_API_ERROR_UNSPECIFIED;
231 rv = VNET_API_ERROR_UNIMPLEMENTED;
234 REPLY_MACRO (VL_API_IKEV2_SET_RESPONDER_REPLY);
238 vl_api_ikev2_set_ike_transforms_t_handler (vl_api_ikev2_set_ike_transforms_t *
241 vl_api_ikev2_set_ike_transforms_reply_t *rmp;
245 vlib_main_t *vm = vlib_get_main ();
248 u8 *tmp = format (0, "%s", mp->name);
251 ikev2_set_profile_ike_transforms (vm, tmp, mp->crypto_alg, mp->integ_alg,
252 mp->dh_group, mp->crypto_key_size);
255 rv = VNET_API_ERROR_UNSPECIFIED;
257 rv = VNET_API_ERROR_UNIMPLEMENTED;
260 REPLY_MACRO (VL_API_IKEV2_SET_IKE_TRANSFORMS_REPLY);
264 vl_api_ikev2_set_esp_transforms_t_handler (vl_api_ikev2_set_esp_transforms_t *
267 vl_api_ikev2_set_esp_transforms_reply_t *rmp;
271 vlib_main_t *vm = vlib_get_main ();
274 u8 *tmp = format (0, "%s", mp->name);
277 ikev2_set_profile_esp_transforms (vm, tmp, mp->crypto_alg, mp->integ_alg,
278 mp->dh_group, mp->crypto_key_size);
281 rv = VNET_API_ERROR_UNSPECIFIED;
283 rv = VNET_API_ERROR_UNIMPLEMENTED;
286 REPLY_MACRO (VL_API_IKEV2_SET_ESP_TRANSFORMS_REPLY);
290 vl_api_ikev2_set_sa_lifetime_t_handler (vl_api_ikev2_set_sa_lifetime_t * mp)
292 vl_api_ikev2_set_sa_lifetime_reply_t *rmp;
296 vlib_main_t *vm = vlib_get_main ();
299 u8 *tmp = format (0, "%s", mp->name);
302 ikev2_set_profile_sa_lifetime (vm, tmp, mp->lifetime, mp->lifetime_jitter,
303 mp->handover, mp->lifetime_maxdata);
306 rv = VNET_API_ERROR_UNSPECIFIED;
308 rv = VNET_API_ERROR_UNIMPLEMENTED;
311 REPLY_MACRO (VL_API_IKEV2_SET_SA_LIFETIME_REPLY);
315 vl_api_ikev2_initiate_sa_init_t_handler (vl_api_ikev2_initiate_sa_init_t * mp)
317 vl_api_ikev2_initiate_sa_init_reply_t *rmp;
321 vlib_main_t *vm = vlib_get_main ();
324 u8 *tmp = format (0, "%s", mp->name);
326 error = ikev2_initiate_sa_init (vm, tmp);
329 rv = VNET_API_ERROR_UNSPECIFIED;
331 rv = VNET_API_ERROR_UNIMPLEMENTED;
334 REPLY_MACRO (VL_API_IKEV2_INITIATE_SA_INIT_REPLY);
338 vl_api_ikev2_initiate_del_ike_sa_t_handler (vl_api_ikev2_initiate_del_ike_sa_t
341 vl_api_ikev2_initiate_del_ike_sa_reply_t *rmp;
345 vlib_main_t *vm = vlib_get_main ();
348 error = ikev2_initiate_delete_ike_sa (vm, mp->ispi);
350 rv = VNET_API_ERROR_UNSPECIFIED;
352 rv = VNET_API_ERROR_UNIMPLEMENTED;
355 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_IKE_SA_REPLY);
359 vl_api_ikev2_initiate_del_child_sa_t_handler
360 (vl_api_ikev2_initiate_del_child_sa_t * mp)
362 vl_api_ikev2_initiate_del_child_sa_reply_t *rmp;
366 vlib_main_t *vm = vlib_get_main ();
369 error = ikev2_initiate_delete_child_sa (vm, mp->ispi);
371 rv = VNET_API_ERROR_UNSPECIFIED;
373 rv = VNET_API_ERROR_UNIMPLEMENTED;
376 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_CHILD_SA_REPLY);
380 vl_api_ikev2_initiate_rekey_child_sa_t_handler
381 (vl_api_ikev2_initiate_rekey_child_sa_t * mp)
383 vl_api_ikev2_initiate_rekey_child_sa_reply_t *rmp;
387 vlib_main_t *vm = vlib_get_main ();
390 error = ikev2_initiate_rekey_child_sa (vm, mp->ispi);
392 rv = VNET_API_ERROR_UNSPECIFIED;
394 rv = VNET_API_ERROR_UNIMPLEMENTED;
397 REPLY_MACRO (VL_API_IKEV2_INITIATE_REKEY_CHILD_SA_REPLY);
402 * Add vpe's API message handlers to the table.
403 * vlib has already mapped shared memory and
404 * added the client registration handlers.
405 * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process()
407 #define vl_msg_name_crc_list
408 #include <ikev2/ikev2_all_api.h>
409 #undef vl_msg_name_crc_list
412 setup_message_id_table (ikev2_main_t * im, api_main_t * am)
414 #define _(id,n,crc) \
415 vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + im->msg_id_base);
416 foreach_vl_msg_name_crc_ikev2;
420 static clib_error_t *
421 ikev2_plugin_api_hookup (vlib_main_t * vm)
423 ikev2_main_t *im = &ikev2_main;
425 vl_msg_api_set_handlers(VL_API_##N + im->msg_id_base, #n, \
426 vl_api_##n##_t_handler, \
428 vl_api_##n##_t_endian, \
429 vl_api_##n##_t_print, \
430 sizeof(vl_api_##n##_t), 1);
431 foreach_ikev2_api_msg;
437 static clib_error_t *
438 ikev2_api_init (vlib_main_t * vm)
440 ikev2_main_t *im = &ikev2_main;
441 clib_error_t *error = 0;
444 name = format (0, "ikev2_%08x%c", api_version, 0);
446 /* Ask for a correctly-sized block of API message decode slots */
447 im->msg_id_base = vl_msg_api_get_msg_ids ((char *) name,
448 VL_MSG_FIRST_AVAILABLE);
450 error = ikev2_plugin_api_hookup (vm);
452 /* Add our API messages to the global name_crc hash table */
453 setup_message_id_table (im, &api_main);
460 VLIB_INIT_FUNCTION (ikev2_api_init);
463 * fd.io coding-style-patch-verification: ON
466 * eval: (c-set-style "gnu")