2 *------------------------------------------------------------------
3 * ipsec_api.c - ipsec api
5 * Copyright (c) 2016 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
23 #include <vnet/interface.h>
24 #include <vnet/api_errno.h>
25 #include <vnet/ip/ip.h>
26 #include <vnet/ip/ip_types_api.h>
27 #include <vnet/ipsec/ipsec_types_api.h>
28 #include <vnet/tunnel/tunnel_types_api.h>
29 #include <vnet/fib/fib.h>
30 #include <vnet/ipip/ipip.h>
31 #include <vnet/tunnel/tunnel_types_api.h>
32 #include <vnet/ipsec/ipsec.h>
33 #include <vnet/ipsec/ipsec_tun.h>
34 #include <vnet/ipsec/ipsec_itf.h>
36 #include <vnet/format_fns.h>
37 #include <vnet/ipsec/ipsec.api_enum.h>
38 #include <vnet/ipsec/ipsec.api_types.h>
40 #define REPLY_MSG_ID_BASE ipsec_main.msg_id_base
41 #include <vlibapi/api_helper_macros.h>
44 vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp)
46 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
47 vl_api_ipsec_spd_add_del_reply_t *rmp;
50 rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
52 REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
55 static void vl_api_ipsec_interface_add_del_spd_t_handler
56 (vl_api_ipsec_interface_add_del_spd_t * mp)
58 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
59 vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
61 u32 sw_if_index __attribute__ ((unused));
62 u32 spd_id __attribute__ ((unused));
64 sw_if_index = ntohl (mp->sw_if_index);
65 spd_id = ntohl (mp->spd_id);
67 VALIDATE_SW_IF_INDEX (mp);
69 rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
71 BAD_SW_IF_INDEX_LABEL;
73 REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
76 static void vl_api_ipsec_tunnel_protect_update_t_handler
77 (vl_api_ipsec_tunnel_protect_update_t * mp)
79 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
80 vl_api_ipsec_tunnel_protect_update_reply_t *rmp;
81 u32 sw_if_index, ii, *sa_ins = NULL;
85 sw_if_index = ntohl (mp->tunnel.sw_if_index);
87 VALIDATE_SW_IF_INDEX (&(mp->tunnel));
89 for (ii = 0; ii < mp->tunnel.n_sa_in; ii++)
90 vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii]));
92 ip_address_decode2 (&mp->tunnel.nh, &nh);
94 rv = ipsec_tun_protect_update (sw_if_index, &nh,
95 ntohl (mp->tunnel.sa_out), sa_ins);
97 BAD_SW_IF_INDEX_LABEL;
99 REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_UPDATE_REPLY);
102 static void vl_api_ipsec_tunnel_protect_del_t_handler
103 (vl_api_ipsec_tunnel_protect_del_t * mp)
105 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
106 vl_api_ipsec_tunnel_protect_del_reply_t *rmp;
111 sw_if_index = ntohl (mp->sw_if_index);
113 VALIDATE_SW_IF_INDEX (mp);
115 ip_address_decode2 (&mp->nh, &nh);
116 rv = ipsec_tun_protect_del (sw_if_index, &nh);
118 BAD_SW_IF_INDEX_LABEL;
120 REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_DEL_REPLY);
123 typedef struct ipsec_dump_walk_ctx_t_
125 vl_api_registration_t *reg;
128 } ipsec_dump_walk_ctx_t;
131 send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
133 ipsec_dump_walk_ctx_t *ctx = arg;
134 vl_api_ipsec_tunnel_protect_details_t *mp;
135 ipsec_tun_protect_t *itp;
139 itp = ipsec_tun_protect_get (itpi);
141 mp = vl_msg_api_alloc (sizeof (*mp) + (sizeof (u32) * itp->itp_n_sa_in));
142 clib_memset (mp, 0, sizeof (*mp));
144 ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_TUNNEL_PROTECT_DETAILS);
145 mp->context = ctx->context;
147 mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
148 ip_address_encode2 (itp->itp_key, &mp->tun.nh);
150 sa = ipsec_sa_get (itp->itp_out_sa);
151 mp->tun.sa_out = htonl (sa->id);
152 mp->tun.n_sa_in = itp->itp_n_sa_in;
154 FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
156 mp->tun.sa_in[ii++] = htonl (sa->id);
160 vl_api_send_msg (ctx->reg, (u8 *) mp);
162 return (WALK_CONTINUE);
166 vl_api_ipsec_tunnel_protect_dump_t_handler (vl_api_ipsec_tunnel_protect_dump_t
169 vl_api_registration_t *reg;
172 reg = vl_api_client_index_to_registration (mp->client_index);
176 ipsec_dump_walk_ctx_t ctx = {
178 .context = mp->context,
181 sw_if_index = ntohl (mp->sw_if_index);
183 if (~0 == sw_if_index)
185 ipsec_tun_protect_walk (send_ipsec_tunnel_protect_details, &ctx);
189 ipsec_tun_protect_walk_itf (sw_if_index,
190 send_ipsec_tunnel_protect_details, &ctx);
195 ipsec_spd_action_decode (vl_api_ipsec_spd_action_t in,
196 ipsec_policy_action_t * out)
198 in = clib_net_to_host_u32 (in);
202 #define _(v,f,s) case IPSEC_API_SPD_ACTION_##f: \
203 *out = IPSEC_POLICY_ACTION_##f; \
205 foreach_ipsec_policy_action
208 return (VNET_API_ERROR_UNIMPLEMENTED);
211 static void vl_api_ipsec_spd_entry_add_del_t_handler
212 (vl_api_ipsec_spd_entry_add_del_t * mp)
214 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
215 vl_api_ipsec_spd_entry_add_del_reply_t *rmp;
224 clib_memset (&p, 0, sizeof (p));
226 p.id = ntohl (mp->entry.spd_id);
227 p.priority = ntohl (mp->entry.priority);
229 itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start);
230 ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop);
231 ip_address_decode (&mp->entry.local_address_start, &p.laddr.start);
232 ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop);
234 p.is_ipv6 = (itype == IP46_TYPE_IP6);
237 mp->entry.protocol ? mp->entry.protocol : IPSEC_POLICY_PROTOCOL_ANY;
238 p.rport.start = ntohs (mp->entry.remote_port_start);
239 p.rport.stop = ntohs (mp->entry.remote_port_stop);
240 p.lport.start = ntohs (mp->entry.local_port_start);
241 p.lport.stop = ntohs (mp->entry.local_port_stop);
243 rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
248 /* policy action resolve unsupported */
249 if (p.policy == IPSEC_POLICY_ACTION_RESOLVE)
251 clib_warning ("unsupported action: 'resolve'");
252 rv = VNET_API_ERROR_UNIMPLEMENTED;
255 p.sa_id = ntohl (mp->entry.sa_id);
257 ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy,
262 rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index);
268 REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY,
270 rmp->stat_index = ntohl(stat_index);
276 vl_api_ipsec_spd_entry_add_del_v2_t_handler (
277 vl_api_ipsec_spd_entry_add_del_v2_t *mp)
279 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
280 vl_api_ipsec_spd_entry_add_del_reply_t *rmp;
289 clib_memset (&p, 0, sizeof (p));
291 p.id = ntohl (mp->entry.spd_id);
292 p.priority = ntohl (mp->entry.priority);
294 itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start);
295 ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop);
296 ip_address_decode (&mp->entry.local_address_start, &p.laddr.start);
297 ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop);
299 p.is_ipv6 = (itype == IP46_TYPE_IP6);
301 p.protocol = mp->entry.protocol;
302 p.rport.start = ntohs (mp->entry.remote_port_start);
303 p.rport.stop = ntohs (mp->entry.remote_port_stop);
304 p.lport.start = ntohs (mp->entry.local_port_start);
305 p.lport.stop = ntohs (mp->entry.local_port_stop);
307 rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
312 /* policy action resolve unsupported */
313 if (p.policy == IPSEC_POLICY_ACTION_RESOLVE)
315 clib_warning ("unsupported action: 'resolve'");
316 rv = VNET_API_ERROR_UNIMPLEMENTED;
319 p.sa_id = ntohl (mp->entry.sa_id);
321 ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy, &p.type);
325 rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index);
330 REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_V2_REPLY,
331 ({ rmp->stat_index = ntohl (stat_index); }));
334 static void vl_api_ipsec_sad_entry_add_del_t_handler
335 (vl_api_ipsec_sad_entry_add_del_t * mp)
337 vl_api_ipsec_sad_entry_add_del_reply_t *rmp;
338 ipsec_key_t crypto_key, integ_key;
339 ipsec_crypto_alg_t crypto_alg;
340 ipsec_integ_alg_t integ_alg;
341 ipsec_protocol_t proto;
342 ipsec_sa_flags_t flags;
343 u32 id, spi, sa_index = ~0;
345 .t_flags = TUNNEL_FLAG_NONE,
346 .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
348 .t_mode = TUNNEL_MODE_P2P,
354 id = ntohl (mp->entry.sad_id);
357 rv = ipsec_sa_unlock_id (id);
360 spi = ntohl (mp->entry.spi);
362 rv = ipsec_proto_decode (mp->entry.protocol, &proto);
367 rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
372 rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
377 ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
378 ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
380 flags = ipsec_sa_flags_decode (mp->entry.flags);
382 ip_address_decode2 (&mp->entry.tunnel_src, &tun.t_src);
383 ip_address_decode2 (&mp->entry.tunnel_dst, &tun.t_dst);
385 rv = ipsec_sa_add_and_lock (
386 id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
387 mp->entry.salt, htons (mp->entry.udp_src_port),
388 htons (mp->entry.udp_dst_port), 0, &tun, &sa_index);
392 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY,
394 rmp->stat_index = htonl (sa_index);
399 static void vl_api_ipsec_sad_entry_add_del_v2_t_handler
400 (vl_api_ipsec_sad_entry_add_del_v2_t * mp)
402 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
403 vl_api_ipsec_sad_entry_add_del_v2_reply_t *rmp;
404 ipsec_key_t crypto_key, integ_key;
405 ipsec_crypto_alg_t crypto_alg;
406 ipsec_integ_alg_t integ_alg;
407 ipsec_protocol_t proto;
408 ipsec_sa_flags_t flags;
409 u32 id, spi, sa_index = ~0;
412 .t_flags = TUNNEL_FLAG_NONE,
413 .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
415 .t_mode = TUNNEL_MODE_P2P,
416 .t_table_id = htonl (mp->entry.tx_table_id),
420 id = ntohl (mp->entry.sad_id);
423 rv = ipsec_sa_unlock_id (id);
427 spi = ntohl (mp->entry.spi);
429 rv = ipsec_proto_decode (mp->entry.protocol, &proto);
434 rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
439 rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
444 rv = tunnel_encap_decap_flags_decode (mp->entry.tunnel_flags,
445 &tun.t_encap_decap_flags);
450 ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
451 ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
453 flags = ipsec_sa_flags_decode (mp->entry.flags);
454 tun.t_dscp = ip_dscp_decode (mp->entry.dscp);
456 ip_address_decode2 (&mp->entry.tunnel_src, &tun.t_src);
457 ip_address_decode2 (&mp->entry.tunnel_dst, &tun.t_dst);
459 rv = ipsec_sa_add_and_lock (
460 id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
461 mp->entry.salt, htons (mp->entry.udp_src_port),
462 htons (mp->entry.udp_dst_port), 0, &tun, &sa_index);
466 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V2_REPLY,
468 rmp->stat_index = htonl (sa_index);
474 ipsec_sad_entry_add_v3 (const vl_api_ipsec_sad_entry_v3_t *entry,
477 ipsec_key_t crypto_key, integ_key;
478 ipsec_crypto_alg_t crypto_alg;
479 ipsec_integ_alg_t integ_alg;
480 ipsec_protocol_t proto;
481 ipsec_sa_flags_t flags;
483 tunnel_t tun = { 0 };
486 id = ntohl (entry->sad_id);
487 spi = ntohl (entry->spi);
489 rv = ipsec_proto_decode (entry->protocol, &proto);
494 rv = ipsec_crypto_algo_decode (entry->crypto_algorithm, &crypto_alg);
499 rv = ipsec_integ_algo_decode (entry->integrity_algorithm, &integ_alg);
504 flags = ipsec_sa_flags_decode (entry->flags);
506 if (flags & IPSEC_SA_FLAG_IS_TUNNEL)
508 rv = tunnel_decode (&entry->tunnel, &tun);
514 ipsec_key_decode (&entry->crypto_key, &crypto_key);
515 ipsec_key_decode (&entry->integrity_key, &integ_key);
517 return ipsec_sa_add_and_lock (
518 id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
519 entry->salt, htons (entry->udp_src_port), htons (entry->udp_dst_port), 0,
524 vl_api_ipsec_sad_entry_add_del_v3_t_handler (
525 vl_api_ipsec_sad_entry_add_del_v3_t *mp)
527 vl_api_ipsec_sad_entry_add_del_v3_reply_t *rmp;
528 u32 id, sa_index = ~0;
531 id = ntohl (mp->entry.sad_id);
535 rv = ipsec_sa_unlock_id (id);
539 rv = ipsec_sad_entry_add_v3 (&mp->entry, &sa_index);
542 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V3_REPLY,
543 { rmp->stat_index = htonl (sa_index); });
547 ipsec_sad_entry_add_v4 (const vl_api_ipsec_sad_entry_v4_t *entry,
550 ipsec_key_t crypto_key, integ_key;
551 ipsec_crypto_alg_t crypto_alg;
552 ipsec_integ_alg_t integ_alg;
553 ipsec_protocol_t proto;
554 ipsec_sa_flags_t flags;
556 tunnel_t tun = { 0 };
559 id = ntohl (entry->sad_id);
560 spi = ntohl (entry->spi);
562 rv = ipsec_proto_decode (entry->protocol, &proto);
567 rv = ipsec_crypto_algo_decode (entry->crypto_algorithm, &crypto_alg);
572 rv = ipsec_integ_algo_decode (entry->integrity_algorithm, &integ_alg);
577 flags = ipsec_sa_flags_decode (entry->flags);
579 if (flags & IPSEC_SA_FLAG_IS_TUNNEL)
581 rv = tunnel_decode (&entry->tunnel, &tun);
587 ipsec_key_decode (&entry->crypto_key, &crypto_key);
588 ipsec_key_decode (&entry->integrity_key, &integ_key);
590 return ipsec_sa_add_and_lock (
591 id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
592 entry->salt, htons (entry->udp_src_port), htons (entry->udp_dst_port),
593 ntohl (entry->anti_replay_window_size), &tun, sa_index);
597 vl_api_ipsec_sad_entry_del_t_handler (vl_api_ipsec_sad_entry_del_t *mp)
599 vl_api_ipsec_sad_entry_del_reply_t *rmp;
602 rv = ipsec_sa_unlock_id (ntohl (mp->id));
604 REPLY_MACRO (VL_API_IPSEC_SAD_ENTRY_DEL_REPLY);
608 vl_api_ipsec_sad_entry_add_t_handler (vl_api_ipsec_sad_entry_add_t *mp)
610 vl_api_ipsec_sad_entry_add_reply_t *rmp;
614 rv = ipsec_sad_entry_add_v3 (&mp->entry, &sa_index);
616 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_REPLY,
617 { rmp->stat_index = htonl (sa_index); });
621 vl_api_ipsec_sad_entry_add_v2_t_handler (vl_api_ipsec_sad_entry_add_v2_t *mp)
623 vl_api_ipsec_sad_entry_add_reply_t *rmp;
627 rv = ipsec_sad_entry_add_v4 (&mp->entry, &sa_index);
629 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_V2_REPLY,
630 { rmp->stat_index = htonl (sa_index); });
634 vl_api_ipsec_sad_entry_update_t_handler (vl_api_ipsec_sad_entry_update_t *mp)
636 vl_api_ipsec_sad_entry_update_reply_t *rmp;
638 tunnel_t tun = { 0 };
641 id = ntohl (mp->sad_id);
645 rv = tunnel_decode (&mp->tunnel, &tun);
651 rv = ipsec_sa_update (id, htons (mp->udp_src_port), htons (mp->udp_dst_port),
655 REPLY_MACRO (VL_API_IPSEC_SAD_ENTRY_UPDATE_REPLY);
659 vl_api_ipsec_sad_bind_t_handler (vl_api_ipsec_sad_bind_t *mp)
661 vl_api_ipsec_sad_bind_reply_t *rmp;
666 sa_id = ntohl (mp->sa_id);
667 worker = ntohl (mp->worker);
669 rv = ipsec_sa_bind (sa_id, worker, true /* bind */);
671 REPLY_MACRO (VL_API_IPSEC_SAD_BIND_REPLY);
675 vl_api_ipsec_sad_unbind_t_handler (vl_api_ipsec_sad_unbind_t *mp)
677 vl_api_ipsec_sad_unbind_reply_t *rmp;
681 sa_id = ntohl (mp->sa_id);
683 rv = ipsec_sa_bind (sa_id, ~0, false /* bind */);
685 REPLY_MACRO (VL_API_IPSEC_SAD_UNBIND_REPLY);
689 send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg,
692 vl_api_ipsec_spds_details_t *mp;
695 mp = vl_msg_api_alloc (sizeof (*mp));
696 clib_memset (mp, 0, sizeof (*mp));
697 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPDS_DETAILS);
698 mp->context = context;
700 mp->spd_id = htonl (spd->id);
701 #define _(s, n) n_policies += vec_len (spd->policies[IPSEC_SPD_POLICY_##s]);
702 foreach_ipsec_spd_policy_type
704 mp->npolicies = htonl (n_policies);
706 vl_api_send_msg (reg, (u8 *) mp);
710 vl_api_ipsec_spds_dump_t_handler (vl_api_ipsec_spds_dump_t * mp)
712 vl_api_registration_t *reg;
713 ipsec_main_t *im = &ipsec_main;
716 reg = vl_api_client_index_to_registration (mp->client_index);
720 pool_foreach (spd, im->spds) {
721 send_ipsec_spds_details (spd, reg, mp->context);
725 vl_api_ipsec_spd_action_t
726 ipsec_spd_action_encode (ipsec_policy_action_t in)
728 vl_api_ipsec_spd_action_t out = IPSEC_API_SPD_ACTION_BYPASS;
732 #define _(v,f,s) case IPSEC_POLICY_ACTION_##f: \
733 out = IPSEC_API_SPD_ACTION_##f; \
735 foreach_ipsec_policy_action
738 return (clib_host_to_net_u32 (out));
742 send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg,
745 vl_api_ipsec_spd_details_t *mp;
747 mp = vl_msg_api_alloc (sizeof (*mp));
748 clib_memset (mp, 0, sizeof (*mp));
749 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPD_DETAILS);
750 mp->context = context;
752 mp->entry.spd_id = htonl (p->id);
753 mp->entry.priority = htonl (p->priority);
754 mp->entry.is_outbound = ((p->type == IPSEC_SPD_POLICY_IP6_OUTBOUND) ||
755 (p->type == IPSEC_SPD_POLICY_IP4_OUTBOUND));
757 ip_address_encode (&p->laddr.start, IP46_TYPE_ANY,
758 &mp->entry.local_address_start);
759 ip_address_encode (&p->laddr.stop, IP46_TYPE_ANY,
760 &mp->entry.local_address_stop);
761 ip_address_encode (&p->raddr.start, IP46_TYPE_ANY,
762 &mp->entry.remote_address_start);
763 ip_address_encode (&p->raddr.stop, IP46_TYPE_ANY,
764 &mp->entry.remote_address_stop);
765 mp->entry.local_port_start = htons (p->lport.start);
766 mp->entry.local_port_stop = htons (p->lport.stop);
767 mp->entry.remote_port_start = htons (p->rport.start);
768 mp->entry.remote_port_stop = htons (p->rport.stop);
769 mp->entry.protocol = p->protocol;
770 mp->entry.policy = ipsec_spd_action_encode (p->policy);
771 mp->entry.sa_id = htonl (p->sa_id);
773 vl_api_send_msg (reg, (u8 *) mp);
777 vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp)
779 vl_api_registration_t *reg;
780 ipsec_main_t *im = &ipsec_main;
781 ipsec_spd_policy_type_t ptype;
782 ipsec_policy_t *policy;
787 reg = vl_api_client_index_to_registration (mp->client_index);
791 p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id));
796 spd = pool_elt_at_index (im->spds, spd_index);
798 FOR_EACH_IPSEC_SPD_POLICY_TYPE(ptype) {
799 vec_foreach(ii, spd->policies[ptype])
801 policy = pool_elt_at_index(im->policies, *ii);
803 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
804 send_ipsec_spd_details (policy, reg, mp->context);
810 send_ipsec_spd_interface_details (vl_api_registration_t * reg, u32 spd_index,
811 u32 sw_if_index, u32 context)
813 vl_api_ipsec_spd_interface_details_t *mp;
815 mp = vl_msg_api_alloc (sizeof (*mp));
816 clib_memset (mp, 0, sizeof (*mp));
818 ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPD_INTERFACE_DETAILS);
819 mp->context = context;
821 mp->spd_index = htonl (spd_index);
822 mp->sw_if_index = htonl (sw_if_index);
824 vl_api_send_msg (reg, (u8 *) mp);
828 vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t *
831 ipsec_main_t *im = &ipsec_main;
832 vl_api_registration_t *reg;
835 reg = vl_api_client_index_to_registration (mp->client_index);
839 if (mp->spd_index_valid)
841 spd_index = ntohl (mp->spd_index);
843 hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
845 send_ipsec_spd_interface_details(reg, v, k, mp->context);
851 hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
852 send_ipsec_spd_interface_details(reg, v, k, mp->context);
858 vl_api_ipsec_itf_create_t_handler (vl_api_ipsec_itf_create_t * mp)
860 vl_api_ipsec_itf_create_reply_t *rmp;
862 u32 sw_if_index = ~0;
865 rv = tunnel_mode_decode (mp->itf.mode, &mode);
868 rv = ipsec_itf_create (ntohl (mp->itf.user_instance), mode, &sw_if_index);
871 REPLY_MACRO2 (VL_API_IPSEC_ITF_CREATE_REPLY,
873 rmp->sw_if_index = htonl (sw_if_index);
879 vl_api_ipsec_itf_delete_t_handler (vl_api_ipsec_itf_delete_t * mp)
881 vl_api_ipsec_itf_delete_reply_t *rmp;
884 rv = ipsec_itf_delete (ntohl (mp->sw_if_index));
886 REPLY_MACRO (VL_API_IPSEC_ITF_DELETE_REPLY);
890 send_ipsec_itf_details (ipsec_itf_t *itf, void *arg)
892 ipsec_dump_walk_ctx_t *ctx = arg;
893 vl_api_ipsec_itf_details_t *mp;
895 if (~0 != ctx->sw_if_index && ctx->sw_if_index != itf->ii_sw_if_index)
896 return (WALK_CONTINUE);
898 mp = vl_msg_api_alloc (sizeof (*mp));
899 clib_memset (mp, 0, sizeof (*mp));
900 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_ITF_DETAILS);
901 mp->context = ctx->context;
903 mp->itf.mode = tunnel_mode_encode (itf->ii_mode);
904 mp->itf.user_instance = htonl (itf->ii_user_instance);
905 mp->itf.sw_if_index = htonl (itf->ii_sw_if_index);
906 vl_api_send_msg (ctx->reg, (u8 *) mp);
908 return (WALK_CONTINUE);
912 vl_api_ipsec_itf_dump_t_handler (vl_api_ipsec_itf_dump_t * mp)
914 vl_api_registration_t *reg;
916 reg = vl_api_client_index_to_registration (mp->client_index);
920 ipsec_dump_walk_ctx_t ctx = {
922 .context = mp->context,
923 .sw_if_index = ntohl (mp->sw_if_index),
926 ipsec_itf_walk (send_ipsec_itf_details, &ctx);
929 typedef struct ipsec_sa_dump_match_ctx_t_
933 } ipsec_sa_dump_match_ctx_t;
936 ipsec_sa_dump_match_sa (index_t itpi, void *arg)
938 ipsec_sa_dump_match_ctx_t *ctx = arg;
939 ipsec_tun_protect_t *itp;
942 itp = ipsec_tun_protect_get (itpi);
944 if (itp->itp_out_sa == ctx->sai)
946 ctx->sw_if_index = itp->itp_sw_if_index;
950 FOR_EACH_IPSEC_PROTECT_INPUT_SAI (itp, sai,
954 ctx->sw_if_index = itp->itp_sw_if_index;
959 return (WALK_CONTINUE);
963 send_ipsec_sa_details (ipsec_sa_t * sa, void *arg)
965 ipsec_dump_walk_ctx_t *ctx = arg;
966 vl_api_ipsec_sa_details_t *mp;
968 mp = vl_msg_api_alloc (sizeof (*mp));
969 clib_memset (mp, 0, sizeof (*mp));
970 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_DETAILS);
971 mp->context = ctx->context;
973 mp->entry.sad_id = htonl (sa->id);
974 mp->entry.spi = htonl (sa->spi);
975 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
976 mp->entry.tx_table_id = htonl (sa->tunnel.t_table_id);
978 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
979 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
981 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
982 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
984 mp->entry.flags = ipsec_sad_flags_encode (sa);
985 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
987 if (ipsec_sa_is_set_IS_PROTECT (sa))
989 ipsec_sa_dump_match_ctx_t ctx = {
990 .sai = sa - ipsec_sa_pool,
993 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
995 mp->sw_if_index = htonl (ctx.sw_if_index);
998 mp->sw_if_index = ~0;
1000 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1002 ip_address_encode2 (&sa->tunnel.t_src, &mp->entry.tunnel_src);
1003 ip_address_encode2 (&sa->tunnel.t_dst, &mp->entry.tunnel_dst);
1005 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1007 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1008 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1011 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1012 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1013 if (ipsec_sa_is_set_USE_ESN (sa))
1015 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1016 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1018 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1021 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1024 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1026 vl_api_send_msg (ctx->reg, (u8 *) mp);
1028 return (WALK_CONTINUE);
1032 vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp)
1034 vl_api_registration_t *reg;
1036 reg = vl_api_client_index_to_registration (mp->client_index);
1040 ipsec_dump_walk_ctx_t ctx = {
1042 .context = mp->context,
1045 ipsec_sa_walk (send_ipsec_sa_details, &ctx);
1049 send_ipsec_sa_v2_details (ipsec_sa_t * sa, void *arg)
1051 ipsec_dump_walk_ctx_t *ctx = arg;
1052 vl_api_ipsec_sa_v2_details_t *mp;
1054 mp = vl_msg_api_alloc (sizeof (*mp));
1055 clib_memset (mp, 0, sizeof (*mp));
1056 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V2_DETAILS);
1057 mp->context = ctx->context;
1059 mp->entry.sad_id = htonl (sa->id);
1060 mp->entry.spi = htonl (sa->spi);
1061 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
1062 mp->entry.tx_table_id = htonl (sa->tunnel.t_table_id);
1064 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
1065 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
1067 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
1068 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
1070 mp->entry.flags = ipsec_sad_flags_encode (sa);
1071 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
1073 if (ipsec_sa_is_set_IS_PROTECT (sa))
1075 ipsec_sa_dump_match_ctx_t ctx = {
1076 .sai = sa - ipsec_sa_pool,
1079 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
1081 mp->sw_if_index = htonl (ctx.sw_if_index);
1084 mp->sw_if_index = ~0;
1086 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1088 ip_address_encode2 (&sa->tunnel.t_src, &mp->entry.tunnel_src);
1089 ip_address_encode2 (&sa->tunnel.t_dst, &mp->entry.tunnel_dst);
1091 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1093 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1094 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1097 mp->entry.tunnel_flags =
1098 tunnel_encap_decap_flags_encode (sa->tunnel.t_encap_decap_flags);
1099 mp->entry.dscp = ip_dscp_encode (sa->tunnel.t_dscp);
1101 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1102 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1103 if (ipsec_sa_is_set_USE_ESN (sa))
1105 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1106 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1108 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1111 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1114 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1116 vl_api_send_msg (ctx->reg, (u8 *) mp);
1118 return (WALK_CONTINUE);
1122 vl_api_ipsec_sa_v2_dump_t_handler (vl_api_ipsec_sa_v2_dump_t *mp)
1124 vl_api_registration_t *reg;
1126 reg = vl_api_client_index_to_registration (mp->client_index);
1130 ipsec_dump_walk_ctx_t ctx = {
1132 .context = mp->context,
1135 ipsec_sa_walk (send_ipsec_sa_v2_details, &ctx);
1139 send_ipsec_sa_v3_details (ipsec_sa_t *sa, void *arg)
1141 ipsec_dump_walk_ctx_t *ctx = arg;
1142 vl_api_ipsec_sa_v3_details_t *mp;
1144 mp = vl_msg_api_alloc (sizeof (*mp));
1145 clib_memset (mp, 0, sizeof (*mp));
1146 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V3_DETAILS);
1147 mp->context = ctx->context;
1149 mp->entry.sad_id = htonl (sa->id);
1150 mp->entry.spi = htonl (sa->spi);
1151 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
1153 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
1154 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
1156 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
1157 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
1159 mp->entry.flags = ipsec_sad_flags_encode (sa);
1160 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
1162 if (ipsec_sa_is_set_IS_PROTECT (sa))
1164 ipsec_sa_dump_match_ctx_t ctx = {
1165 .sai = sa - ipsec_sa_pool,
1168 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
1170 mp->sw_if_index = htonl (ctx.sw_if_index);
1173 mp->sw_if_index = ~0;
1175 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1176 tunnel_encode (&sa->tunnel, &mp->entry.tunnel);
1178 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1180 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1181 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1184 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1185 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1186 if (ipsec_sa_is_set_USE_ESN (sa))
1188 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1189 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1191 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1194 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1197 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1199 vl_api_send_msg (ctx->reg, (u8 *) mp);
1201 return (WALK_CONTINUE);
1205 vl_api_ipsec_sa_v3_dump_t_handler (vl_api_ipsec_sa_v3_dump_t *mp)
1207 vl_api_registration_t *reg;
1209 reg = vl_api_client_index_to_registration (mp->client_index);
1213 ipsec_dump_walk_ctx_t ctx = {
1215 .context = mp->context,
1218 ipsec_sa_walk (send_ipsec_sa_v3_details, &ctx);
1222 send_ipsec_sa_v4_details (ipsec_sa_t *sa, void *arg)
1224 ipsec_dump_walk_ctx_t *ctx = arg;
1225 vl_api_ipsec_sa_v4_details_t *mp;
1227 mp = vl_msg_api_alloc (sizeof (*mp));
1228 clib_memset (mp, 0, sizeof (*mp));
1229 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V4_DETAILS);
1230 mp->context = ctx->context;
1232 mp->entry.sad_id = htonl (sa->id);
1233 mp->entry.spi = htonl (sa->spi);
1234 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
1236 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
1237 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
1239 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
1240 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
1242 mp->entry.flags = ipsec_sad_flags_encode (sa);
1243 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
1245 if (ipsec_sa_is_set_IS_PROTECT (sa))
1247 ipsec_sa_dump_match_ctx_t ctx = {
1248 .sai = sa - ipsec_sa_pool,
1251 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
1253 mp->sw_if_index = htonl (ctx.sw_if_index);
1256 mp->sw_if_index = ~0;
1258 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1259 tunnel_encode (&sa->tunnel, &mp->entry.tunnel);
1261 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1263 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1264 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1267 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1268 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1269 if (ipsec_sa_is_set_USE_ESN (sa))
1271 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1272 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1274 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1277 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1280 mp->thread_index = clib_host_to_net_u32 (sa->thread_index);
1281 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1283 vl_api_send_msg (ctx->reg, (u8 *) mp);
1285 return (WALK_CONTINUE);
1289 vl_api_ipsec_sa_v4_dump_t_handler (vl_api_ipsec_sa_v4_dump_t *mp)
1291 vl_api_registration_t *reg;
1293 reg = vl_api_client_index_to_registration (mp->client_index);
1297 ipsec_dump_walk_ctx_t ctx = {
1299 .context = mp->context,
1302 ipsec_sa_walk (send_ipsec_sa_v4_details, &ctx);
1306 send_ipsec_sa_v5_details (ipsec_sa_t *sa, void *arg)
1308 ipsec_dump_walk_ctx_t *ctx = arg;
1309 vl_api_ipsec_sa_v5_details_t *mp;
1311 mp = vl_msg_api_alloc (sizeof (*mp));
1312 clib_memset (mp, 0, sizeof (*mp));
1313 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V5_DETAILS);
1314 mp->context = ctx->context;
1316 mp->entry.sad_id = htonl (sa->id);
1317 mp->entry.spi = htonl (sa->spi);
1318 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
1320 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
1321 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
1323 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
1324 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
1326 mp->entry.flags = ipsec_sad_flags_encode (sa);
1327 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
1329 if (ipsec_sa_is_set_IS_PROTECT (sa))
1331 ipsec_sa_dump_match_ctx_t ctx = {
1332 .sai = sa - ipsec_sa_pool,
1335 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
1337 mp->sw_if_index = htonl (ctx.sw_if_index);
1340 mp->sw_if_index = ~0;
1342 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1343 tunnel_encode (&sa->tunnel, &mp->entry.tunnel);
1345 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1347 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1348 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1351 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1352 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1353 if (ipsec_sa_is_set_USE_ESN (sa))
1355 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1356 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1358 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1361 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1363 mp->entry.anti_replay_window_size =
1364 clib_host_to_net_u32 (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (sa));
1367 mp->thread_index = clib_host_to_net_u32 (sa->thread_index);
1368 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1370 vl_api_send_msg (ctx->reg, (u8 *) mp);
1372 return (WALK_CONTINUE);
1376 vl_api_ipsec_sa_v5_dump_t_handler (vl_api_ipsec_sa_v5_dump_t *mp)
1378 vl_api_registration_t *reg;
1380 reg = vl_api_client_index_to_registration (mp->client_index);
1384 ipsec_dump_walk_ctx_t ctx = {
1386 .context = mp->context,
1389 ipsec_sa_walk (send_ipsec_sa_v5_details, &ctx);
1393 vl_api_ipsec_backend_dump_t_handler (vl_api_ipsec_backend_dump_t *mp)
1395 vl_api_registration_t *rp;
1396 ipsec_main_t *im = &ipsec_main;
1397 u32 context = mp->context;
1399 rp = vl_api_client_index_to_registration (mp->client_index);
1403 clib_warning ("Client %d AWOL", mp->client_index);
1407 ipsec_ah_backend_t *ab;
1408 ipsec_esp_backend_t *eb;
1410 pool_foreach (ab, im->ah_backends) {
1411 vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
1412 clib_memset (mp, 0, sizeof (*mp));
1413 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_BACKEND_DETAILS);
1414 mp->context = context;
1415 snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (ab->name),
1417 mp->protocol = ntohl (IPSEC_API_PROTO_AH);
1418 mp->index = ab - im->ah_backends;
1419 mp->active = mp->index == im->ah_current_backend ? 1 : 0;
1420 vl_api_send_msg (rp, (u8 *)mp);
1422 pool_foreach (eb, im->esp_backends) {
1423 vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
1424 clib_memset (mp, 0, sizeof (*mp));
1425 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_BACKEND_DETAILS);
1426 mp->context = context;
1427 snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (eb->name),
1429 mp->protocol = ntohl (IPSEC_API_PROTO_ESP);
1430 mp->index = eb - im->esp_backends;
1431 mp->active = mp->index == im->esp_current_backend ? 1 : 0;
1432 vl_api_send_msg (rp, (u8 *)mp);
1438 vl_api_ipsec_select_backend_t_handler (vl_api_ipsec_select_backend_t * mp)
1440 ipsec_main_t *im = &ipsec_main;
1441 vl_api_ipsec_select_backend_reply_t *rmp;
1442 ipsec_protocol_t protocol;
1444 if (pool_elts (ipsec_sa_pool) > 0)
1446 rv = VNET_API_ERROR_INSTANCE_IN_USE;
1450 rv = ipsec_proto_decode (mp->protocol, &protocol);
1457 case IPSEC_PROTOCOL_ESP:
1458 rv = ipsec_select_esp_backend (im, mp->index);
1460 case IPSEC_PROTOCOL_AH:
1461 rv = ipsec_select_ah_backend (im, mp->index);
1464 rv = VNET_API_ERROR_INVALID_PROTOCOL;
1468 REPLY_MACRO (VL_API_IPSEC_SELECT_BACKEND_REPLY);
1472 vl_api_ipsec_set_async_mode_t_handler (vl_api_ipsec_set_async_mode_t * mp)
1474 vl_api_ipsec_set_async_mode_reply_t *rmp;
1477 ipsec_set_async_mode (mp->async_enable);
1479 REPLY_MACRO (VL_API_IPSEC_SET_ASYNC_MODE_REPLY);
1482 #include <vnet/ipsec/ipsec.api.c>
1483 static clib_error_t *
1484 ipsec_api_hookup (vlib_main_t * vm)
1487 * Set up the (msg_name, crc, message-id) table
1489 REPLY_MSG_ID_BASE = setup_message_id_table ();
1494 VLIB_API_INIT_FUNCTION (ipsec_api_hookup);
1497 * fd.io coding-style-patch-verification: ON
1500 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob