1 /* SPDX-License-Identifier: Apache-2.0
2 * Copyright(c) 2021 Cisco Systems, Inc.
6 #include <vlibapi/api.h>
7 #include <vlibmemory/api.h>
8 #include <vppinfra/error.h>
9 #include <vpp/api/types.h>
11 #include <vnet/ipsec/ipsec.h>
12 #include <vnet/ip/ip_types_api.h>
14 #define __plugin_msg_base ipsec_test_main.msg_id_base
15 #include <vlibapi/vat_helper_macros.h>
17 #include <vlibmemory/vlib.api_enum.h>
18 #include <vlibmemory/vlib.api_types.h>
20 /* Declare message IDs */
21 #include <vnet/format_fns.h>
22 #include <vnet/ipsec/ipsec.api_enum.h>
23 #include <vnet/ipsec/ipsec.api_types.h>
25 #define vl_endianfun /* define message structures */
26 #include <vnet/ipsec/ipsec.api.h>
29 #define vl_calcsizefun
30 #include <vnet/ipsec/ipsec.api.h>
35 /* API message ID base */
41 static ipsec_test_main_t ipsec_test_main;
44 vl_api_ipsec_spds_details_t_handler (vl_api_ipsec_spds_details_t *mp)
49 vl_api_ipsec_itf_details_t_handler (vl_api_ipsec_itf_details_t *mp)
54 api_ipsec_itf_delete (vat_main_t *vat)
60 api_ipsec_itf_create (vat_main_t *vat)
66 vl_api_ipsec_itf_create_reply_t_handler (vl_api_ipsec_itf_create_reply_t *vat)
71 api_ipsec_spd_entry_add_del (vat_main_t *vam)
73 unformat_input_t *i = vam->input;
74 vl_api_ipsec_spd_entry_add_del_t *mp;
75 u8 is_add = 1, is_outbound = 0;
76 u32 spd_id = 0, sa_id = 0, protocol = IPSEC_POLICY_PROTOCOL_ANY, policy = 0;
78 u32 rport_start = 0, rport_stop = (u32) ~0;
79 u32 lport_start = 0, lport_stop = (u32) ~0;
80 vl_api_address_t laddr_start = {}, laddr_stop = {}, raddr_start = {},
84 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
86 if (unformat (i, "del"))
88 if (unformat (i, "outbound"))
90 if (unformat (i, "inbound"))
92 else if (unformat (i, "spd_id %d", &spd_id))
94 else if (unformat (i, "sa_id %d", &sa_id))
96 else if (unformat (i, "priority %d", &priority))
98 else if (unformat (i, "protocol %d", &protocol))
100 else if (unformat (i, "lport_start %d", &lport_start))
102 else if (unformat (i, "lport_stop %d", &lport_stop))
104 else if (unformat (i, "rport_start %d", &rport_start))
106 else if (unformat (i, "rport_stop %d", &rport_stop))
108 else if (unformat (i, "laddr_start %U", unformat_vl_api_address,
111 else if (unformat (i, "laddr_stop %U", unformat_vl_api_address,
114 else if (unformat (i, "raddr_start %U", unformat_vl_api_address,
117 else if (unformat (i, "raddr_stop %U", unformat_vl_api_address,
120 else if (unformat (i, "action %U", unformat_ipsec_policy_action,
123 if (policy == IPSEC_POLICY_ACTION_RESOLVE)
125 clib_warning ("unsupported action: 'resolve'");
131 clib_warning ("parse error '%U'", format_unformat_error, i);
136 M (IPSEC_SPD_ENTRY_ADD_DEL, mp);
140 mp->entry.spd_id = ntohl (spd_id);
141 mp->entry.priority = ntohl (priority);
142 mp->entry.is_outbound = is_outbound;
144 clib_memcpy (&mp->entry.remote_address_start, &raddr_start,
145 sizeof (vl_api_address_t));
146 clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop,
147 sizeof (vl_api_address_t));
148 clib_memcpy (&mp->entry.local_address_start, &laddr_start,
149 sizeof (vl_api_address_t));
150 clib_memcpy (&mp->entry.local_address_stop, &laddr_stop,
151 sizeof (vl_api_address_t));
153 mp->entry.protocol = protocol ? (u8) protocol : IPSEC_POLICY_PROTOCOL_ANY;
154 mp->entry.local_port_start = ntohs ((u16) lport_start);
155 mp->entry.local_port_stop = ntohs ((u16) lport_stop);
156 mp->entry.remote_port_start = ntohs ((u16) rport_start);
157 mp->entry.remote_port_stop = ntohs ((u16) rport_stop);
158 mp->entry.policy = (u8) policy;
159 mp->entry.sa_id = ntohl (sa_id);
167 api_ipsec_spd_entry_add_del_v2 (vat_main_t *vam)
169 unformat_input_t *i = vam->input;
170 vl_api_ipsec_spd_entry_add_del_t *mp;
171 u8 is_add = 1, is_outbound = 0;
172 u32 spd_id = 0, sa_id = 0, protocol = IPSEC_POLICY_PROTOCOL_ANY, policy = 0;
174 u32 rport_start = 0, rport_stop = (u32) ~0;
175 u32 lport_start = 0, lport_stop = (u32) ~0;
176 vl_api_address_t laddr_start = {}, laddr_stop = {}, raddr_start = {},
180 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
182 if (unformat (i, "del"))
184 if (unformat (i, "outbound"))
186 if (unformat (i, "inbound"))
188 else if (unformat (i, "spd_id %d", &spd_id))
190 else if (unformat (i, "sa_id %d", &sa_id))
192 else if (unformat (i, "priority %d", &priority))
194 else if (unformat (i, "protocol %d", &protocol))
196 else if (unformat (i, "lport_start %d", &lport_start))
198 else if (unformat (i, "lport_stop %d", &lport_stop))
200 else if (unformat (i, "rport_start %d", &rport_start))
202 else if (unformat (i, "rport_stop %d", &rport_stop))
204 else if (unformat (i, "laddr_start %U", unformat_vl_api_address,
207 else if (unformat (i, "laddr_stop %U", unformat_vl_api_address,
210 else if (unformat (i, "raddr_start %U", unformat_vl_api_address,
213 else if (unformat (i, "raddr_stop %U", unformat_vl_api_address,
216 else if (unformat (i, "action %U", unformat_ipsec_policy_action,
219 if (policy == IPSEC_POLICY_ACTION_RESOLVE)
221 clib_warning ("unsupported action: 'resolve'");
227 clib_warning ("parse error '%U'", format_unformat_error, i);
232 M (IPSEC_SPD_ENTRY_ADD_DEL, mp);
236 mp->entry.spd_id = ntohl (spd_id);
237 mp->entry.priority = ntohl (priority);
238 mp->entry.is_outbound = is_outbound;
240 clib_memcpy (&mp->entry.remote_address_start, &raddr_start,
241 sizeof (vl_api_address_t));
242 clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop,
243 sizeof (vl_api_address_t));
244 clib_memcpy (&mp->entry.local_address_start, &laddr_start,
245 sizeof (vl_api_address_t));
246 clib_memcpy (&mp->entry.local_address_stop, &laddr_stop,
247 sizeof (vl_api_address_t));
249 mp->entry.protocol = (u8) protocol;
250 mp->entry.local_port_start = ntohs ((u16) lport_start);
251 mp->entry.local_port_stop = ntohs ((u16) lport_stop);
252 mp->entry.remote_port_start = ntohs ((u16) rport_start);
253 mp->entry.remote_port_stop = ntohs ((u16) rport_stop);
254 mp->entry.policy = (u8) policy;
255 mp->entry.sa_id = ntohl (sa_id);
263 vl_api_ipsec_spd_details_t_handler (vl_api_ipsec_spd_details_t *mp)
268 vl_api_ipsec_sad_entry_add_del_reply_t_handler (
269 vl_api_ipsec_sad_entry_add_del_reply_t *mp)
274 vl_api_ipsec_sad_entry_add_del_v3_reply_t_handler (
275 vl_api_ipsec_sad_entry_add_del_v3_reply_t *mp)
280 vl_api_ipsec_sad_entry_add_reply_t_handler (
281 vl_api_ipsec_sad_entry_add_reply_t *mp)
286 vl_api_ipsec_sad_entry_add_v2_reply_t_handler (
287 vl_api_ipsec_sad_entry_add_reply_t *mp)
292 api_ipsec_sad_entry_del (vat_main_t *vat)
298 api_ipsec_sad_bind (vat_main_t *vat)
304 api_ipsec_sad_unbind (vat_main_t *vat)
310 vl_api_ipsec_sad_entry_add_del_v2_reply_t_handler (
311 vl_api_ipsec_sad_entry_add_del_v2_reply_t *mp)
316 vl_api_ipsec_spd_interface_details_t_handler (
317 vl_api_ipsec_spd_interface_details_t *vat)
322 api_ipsec_sad_entry_add_del_v3 (vat_main_t *vat)
328 api_ipsec_sad_entry_update (vat_main_t *vat)
334 api_ipsec_tunnel_protect_update (vat_main_t *vat)
340 vl_api_ipsec_backend_details_t_handler (vl_api_ipsec_backend_details_t *mp)
345 api_ipsec_sa_v3_dump (vat_main_t *vat)
351 api_ipsec_sa_v4_dump (vat_main_t *vat)
357 api_ipsec_sa_v5_dump (vat_main_t *vat)
363 api_ipsec_tunnel_protect_dump (vat_main_t *vat)
369 api_ipsec_tunnel_protect_del (vat_main_t *vat)
375 vl_api_ipsec_tunnel_protect_details_t_handler (
376 vl_api_ipsec_tunnel_protect_details_t *mp)
381 api_ipsec_sad_entry_add (vat_main_t *vat)
387 api_ipsec_sad_entry_add_v2 (vat_main_t *vat)
393 vl_api_ipsec_spd_entry_add_del_reply_t_handler (
394 vl_api_ipsec_spd_entry_add_del_reply_t *mp)
399 vl_api_ipsec_spd_entry_add_del_v2_reply_t_handler (
400 vl_api_ipsec_spd_entry_add_del_v2_reply_t *mp)
405 api_ipsec_spds_dump (vat_main_t *vam)
411 api_ipsec_itf_dump (vat_main_t *vam)
417 vl_api_ipsec_sa_v3_details_t_handler (vl_api_ipsec_sa_v3_details_t *mp)
422 vl_api_ipsec_sa_v4_details_t_handler (vl_api_ipsec_sa_v4_details_t *mp)
427 vl_api_ipsec_sa_v5_details_t_handler (vl_api_ipsec_sa_v5_details_t *mp)
432 api_ipsec_spd_interface_dump (vat_main_t *vat)
438 vl_api_ipsec_sa_v2_details_t_handler (vl_api_ipsec_sa_v2_details_t *mp)
443 api_ipsec_sa_v2_dump (vat_main_t *mp)
449 api_ipsec_sa_dump (vat_main_t *vam)
451 unformat_input_t *i = vam->input;
452 vl_api_ipsec_sa_dump_t *mp;
453 vl_api_control_ping_t *mp_ping;
457 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
459 if (unformat (i, "sa_id %d", &sa_id))
463 clib_warning ("parse error '%U'", format_unformat_error, i);
468 M (IPSEC_SA_DUMP, mp);
470 mp->sa_id = ntohl (sa_id);
474 /* Use a control ping for synchronization */
475 PING (&ipsec_test_main, mp_ping);
483 vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t *mp)
485 vat_main_t *vam = &vat_main;
488 "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
489 "crypto_key %U integ_alg %u integ_key %U flags %x "
490 "tunnel_src_addr %U tunnel_dst_addr %U "
491 "salt %u seq_outbound %lu last_seq_inbound %lu "
492 "replay_window %lu stat_index %u\n",
493 ntohl (mp->entry.sad_id), ntohl (mp->sw_if_index),
494 ntohl (mp->entry.spi), ntohl (mp->entry.protocol),
495 ntohl (mp->entry.crypto_algorithm), format_hex_bytes,
496 mp->entry.crypto_key.data, mp->entry.crypto_key.length,
497 ntohl (mp->entry.integrity_algorithm), format_hex_bytes,
498 mp->entry.integrity_key.data, mp->entry.integrity_key.length,
499 ntohl (mp->entry.flags), format_vl_api_address, &mp->entry.tunnel_src,
500 format_vl_api_address, &mp->entry.tunnel_dst, ntohl (mp->salt),
501 clib_net_to_host_u64 (mp->seq_outbound),
502 clib_net_to_host_u64 (mp->last_seq_inbound),
503 clib_net_to_host_u64 (mp->replay_window), ntohl (mp->stat_index));
507 api_ipsec_spd_dump (vat_main_t *vam)
513 unformat_ipsec_api_crypto_alg (unformat_input_t *input, va_list *args)
515 u32 *r = va_arg (*args, u32 *);
519 #define _(v, f, s) else if (unformat (input, s)) *r = IPSEC_API_CRYPTO_ALG_##f;
520 foreach_ipsec_crypto_alg
527 unformat_ipsec_api_integ_alg (unformat_input_t *input, va_list *args)
529 u32 *r = va_arg (*args, u32 *);
533 #define _(v, f, s) else if (unformat (input, s)) *r = IPSEC_API_INTEG_ALG_##f;
534 foreach_ipsec_integ_alg
541 api_ipsec_sad_entry_add_del (vat_main_t *vam)
543 unformat_input_t *i = vam->input;
544 vl_api_ipsec_sad_entry_add_del_t *mp;
545 u32 sad_id = 0, spi = 0;
549 vl_api_ipsec_crypto_alg_t crypto_alg = IPSEC_API_CRYPTO_ALG_NONE;
550 vl_api_ipsec_integ_alg_t integ_alg = IPSEC_API_INTEG_ALG_NONE;
551 vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
552 vl_api_ipsec_proto_t protocol = IPSEC_API_PROTO_AH;
553 vl_api_address_t tun_src, tun_dst;
556 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
558 if (unformat (i, "del"))
560 else if (unformat (i, "sad_id %d", &sad_id))
562 else if (unformat (i, "spi %d", &spi))
564 else if (unformat (i, "esp"))
565 protocol = IPSEC_API_PROTO_ESP;
566 else if (unformat (i, "tunnel_src %U", unformat_vl_api_address,
569 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
570 if (ADDRESS_IP6 == tun_src.af)
571 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
573 else if (unformat (i, "tunnel_dst %U", unformat_vl_api_address,
576 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
577 if (ADDRESS_IP6 == tun_src.af)
578 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
580 else if (unformat (i, "crypto_alg %U", unformat_ipsec_api_crypto_alg,
583 else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
585 else if (unformat (i, "integ_alg %U", unformat_ipsec_api_integ_alg,
588 else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
592 clib_warning ("parse error '%U'", format_unformat_error, i);
597 M (IPSEC_SAD_ENTRY_ADD_DEL, mp);
600 mp->entry.sad_id = ntohl (sad_id);
601 mp->entry.protocol = protocol;
602 mp->entry.spi = ntohl (spi);
603 mp->entry.flags = flags;
605 mp->entry.crypto_algorithm = crypto_alg;
606 mp->entry.integrity_algorithm = integ_alg;
607 mp->entry.crypto_key.length = vec_len (ck);
608 mp->entry.integrity_key.length = vec_len (ik);
610 if (mp->entry.crypto_key.length > sizeof (mp->entry.crypto_key.data))
611 mp->entry.crypto_key.length = sizeof (mp->entry.crypto_key.data);
613 if (mp->entry.integrity_key.length > sizeof (mp->entry.integrity_key.data))
614 mp->entry.integrity_key.length = sizeof (mp->entry.integrity_key.data);
617 clib_memcpy (mp->entry.crypto_key.data, ck, mp->entry.crypto_key.length);
619 clib_memcpy (mp->entry.integrity_key.data, ik,
620 mp->entry.integrity_key.length);
622 if (flags & IPSEC_API_SAD_FLAG_IS_TUNNEL)
624 clib_memcpy (&mp->entry.tunnel_src, &tun_src,
625 sizeof (mp->entry.tunnel_src));
626 clib_memcpy (&mp->entry.tunnel_dst, &tun_dst,
627 sizeof (mp->entry.tunnel_dst));
636 api_ipsec_sad_entry_add_del_v2 (vat_main_t *vam)
642 api_ipsec_interface_add_del_spd (vat_main_t *vam)
644 vnet_main_t *vnm = vnet_get_main ();
645 unformat_input_t *i = vam->input;
646 vl_api_ipsec_interface_add_del_spd_t *mp;
648 u8 sw_if_index_set = 0;
649 u32 spd_id = (u32) ~0;
653 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
655 if (unformat (i, "del"))
657 else if (unformat (i, "spd_id %d", &spd_id))
659 else if (unformat (i, "%U", unformat_vnet_sw_interface, vnm,
662 else if (unformat (i, "sw_if_index %d", &sw_if_index))
666 clib_warning ("parse error '%U'", format_unformat_error, i);
671 if (spd_id == (u32) ~0)
673 errmsg ("spd_id must be set");
677 if (sw_if_index_set == 0)
679 errmsg ("missing interface name or sw_if_index");
683 M (IPSEC_INTERFACE_ADD_DEL_SPD, mp);
685 mp->spd_id = ntohl (spd_id);
686 mp->sw_if_index = ntohl (sw_if_index);
695 api_ipsec_backend_dump (vat_main_t *vam)
701 api_ipsec_select_backend (vat_main_t *vam)
707 api_ipsec_set_async_mode (vat_main_t *vam)
713 api_ipsec_spd_add_del (vat_main_t *vam)
715 unformat_input_t *i = vam->input;
716 vl_api_ipsec_spd_add_del_t *mp;
721 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
723 if (unformat (i, "spd_id %d", &spd_id))
725 else if (unformat (i, "del"))
729 clib_warning ("parse error '%U'", format_unformat_error, i);
735 errmsg ("spd_id must be set");
739 M (IPSEC_SPD_ADD_DEL, mp);
741 mp->spd_id = ntohl (spd_id);
749 #include <vnet/ipsec/ipsec.api_test.c>
753 * eval: (c-set-style "gnu")