1 /* SPDX-License-Identifier: Apache-2.0
2 * Copyright(c) 2021 Cisco Systems, Inc.
6 #include <vlibapi/api.h>
7 #include <vlibmemory/api.h>
8 #include <vppinfra/error.h>
9 #include <vpp/api/types.h>
11 #include <vnet/ipsec/ipsec.h>
12 #include <vnet/ip/ip_types_api.h>
14 #define __plugin_msg_base ipsec_test_main.msg_id_base
15 #include <vlibapi/vat_helper_macros.h>
17 #include <vlibmemory/vlib.api_enum.h>
18 #include <vlibmemory/vlib.api_types.h>
20 /* Declare message IDs */
21 #include <vnet/format_fns.h>
22 #include <vnet/ipsec/ipsec.api_enum.h>
23 #include <vnet/ipsec/ipsec.api_types.h>
25 #define vl_endianfun /* define message structures */
26 #include <vnet/ipsec/ipsec.api.h>
29 #define vl_calcsizefun
30 #include <vnet/ipsec/ipsec.api.h>
35 /* API message ID base */
41 static ipsec_test_main_t ipsec_test_main;
44 vl_api_ipsec_spds_details_t_handler (vl_api_ipsec_spds_details_t *mp)
49 vl_api_ipsec_itf_details_t_handler (vl_api_ipsec_itf_details_t *mp)
54 api_ipsec_itf_delete (vat_main_t *vat)
60 api_ipsec_itf_create (vat_main_t *vat)
66 vl_api_ipsec_itf_create_reply_t_handler (vl_api_ipsec_itf_create_reply_t *vat)
71 api_ipsec_spd_entry_add_del (vat_main_t *vam)
73 unformat_input_t *i = vam->input;
74 vl_api_ipsec_spd_entry_add_del_t *mp;
75 u8 is_add = 1, is_outbound = 0;
76 u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0;
78 u32 rport_start = 0, rport_stop = (u32) ~0;
79 u32 lport_start = 0, lport_stop = (u32) ~0;
80 vl_api_address_t laddr_start = {}, laddr_stop = {}, raddr_start = {},
84 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
86 if (unformat (i, "del"))
88 if (unformat (i, "outbound"))
90 if (unformat (i, "inbound"))
92 else if (unformat (i, "spd_id %d", &spd_id))
94 else if (unformat (i, "sa_id %d", &sa_id))
96 else if (unformat (i, "priority %d", &priority))
98 else if (unformat (i, "protocol %d", &protocol))
100 else if (unformat (i, "lport_start %d", &lport_start))
102 else if (unformat (i, "lport_stop %d", &lport_stop))
104 else if (unformat (i, "rport_start %d", &rport_start))
106 else if (unformat (i, "rport_stop %d", &rport_stop))
108 else if (unformat (i, "laddr_start %U", unformat_vl_api_address,
111 else if (unformat (i, "laddr_stop %U", unformat_vl_api_address,
114 else if (unformat (i, "raddr_start %U", unformat_vl_api_address,
117 else if (unformat (i, "raddr_stop %U", unformat_vl_api_address,
120 else if (unformat (i, "action %U", unformat_ipsec_policy_action,
123 if (policy == IPSEC_POLICY_ACTION_RESOLVE)
125 clib_warning ("unsupported action: 'resolve'");
131 clib_warning ("parse error '%U'", format_unformat_error, i);
136 M (IPSEC_SPD_ENTRY_ADD_DEL, mp);
140 mp->entry.spd_id = ntohl (spd_id);
141 mp->entry.priority = ntohl (priority);
142 mp->entry.is_outbound = is_outbound;
144 clib_memcpy (&mp->entry.remote_address_start, &raddr_start,
145 sizeof (vl_api_address_t));
146 clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop,
147 sizeof (vl_api_address_t));
148 clib_memcpy (&mp->entry.local_address_start, &laddr_start,
149 sizeof (vl_api_address_t));
150 clib_memcpy (&mp->entry.local_address_stop, &laddr_stop,
151 sizeof (vl_api_address_t));
153 mp->entry.protocol = (u8) protocol;
154 mp->entry.local_port_start = ntohs ((u16) lport_start);
155 mp->entry.local_port_stop = ntohs ((u16) lport_stop);
156 mp->entry.remote_port_start = ntohs ((u16) rport_start);
157 mp->entry.remote_port_stop = ntohs ((u16) rport_stop);
158 mp->entry.policy = (u8) policy;
159 mp->entry.sa_id = ntohl (sa_id);
167 vl_api_ipsec_spd_details_t_handler (vl_api_ipsec_spd_details_t *mp)
172 vl_api_ipsec_sad_entry_add_del_reply_t_handler (
173 vl_api_ipsec_sad_entry_add_del_reply_t *mp)
178 vl_api_ipsec_sad_entry_add_del_v3_reply_t_handler (
179 vl_api_ipsec_sad_entry_add_del_v3_reply_t *mp)
184 vl_api_ipsec_sad_entry_add_reply_t_handler (
185 vl_api_ipsec_sad_entry_add_reply_t *mp)
190 api_ipsec_sad_entry_del (vat_main_t *vat)
196 vl_api_ipsec_sad_entry_add_del_v2_reply_t_handler (
197 vl_api_ipsec_sad_entry_add_del_v2_reply_t *mp)
202 vl_api_ipsec_spd_interface_details_t_handler (
203 vl_api_ipsec_spd_interface_details_t *vat)
208 api_ipsec_sad_entry_add_del_v3 (vat_main_t *vat)
214 api_ipsec_tunnel_protect_update (vat_main_t *vat)
220 vl_api_ipsec_backend_details_t_handler (vl_api_ipsec_backend_details_t *mp)
225 api_ipsec_sa_v3_dump (vat_main_t *vat)
231 api_ipsec_tunnel_protect_dump (vat_main_t *vat)
237 api_ipsec_tunnel_protect_del (vat_main_t *vat)
243 vl_api_ipsec_tunnel_protect_details_t_handler (
244 vl_api_ipsec_tunnel_protect_details_t *mp)
249 api_ipsec_sad_entry_add (vat_main_t *vat)
255 vl_api_ipsec_spd_entry_add_del_reply_t_handler (
256 vl_api_ipsec_spd_entry_add_del_reply_t *mp)
261 api_ipsec_spds_dump (vat_main_t *vam)
267 api_ipsec_itf_dump (vat_main_t *vam)
273 vl_api_ipsec_sa_v3_details_t_handler (vl_api_ipsec_sa_v3_details_t *mp)
278 api_ipsec_spd_interface_dump (vat_main_t *vat)
284 vl_api_ipsec_sa_v2_details_t_handler (vl_api_ipsec_sa_v2_details_t *mp)
289 api_ipsec_sa_v2_dump (vat_main_t *mp)
295 api_ipsec_sa_dump (vat_main_t *vam)
297 unformat_input_t *i = vam->input;
298 vl_api_ipsec_sa_dump_t *mp;
299 vl_api_control_ping_t *mp_ping;
303 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
305 if (unformat (i, "sa_id %d", &sa_id))
309 clib_warning ("parse error '%U'", format_unformat_error, i);
314 M (IPSEC_SA_DUMP, mp);
316 mp->sa_id = ntohl (sa_id);
320 /* Use a control ping for synchronization */
321 PING (&ipsec_test_main, mp_ping);
329 vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t *mp)
331 vat_main_t *vam = &vat_main;
334 "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
335 "crypto_key %U integ_alg %u integ_key %U flags %x "
336 "tunnel_src_addr %U tunnel_dst_addr %U "
337 "salt %u seq_outbound %lu last_seq_inbound %lu "
338 "replay_window %lu stat_index %u\n",
339 ntohl (mp->entry.sad_id), ntohl (mp->sw_if_index),
340 ntohl (mp->entry.spi), ntohl (mp->entry.protocol),
341 ntohl (mp->entry.crypto_algorithm), format_hex_bytes,
342 mp->entry.crypto_key.data, mp->entry.crypto_key.length,
343 ntohl (mp->entry.integrity_algorithm), format_hex_bytes,
344 mp->entry.integrity_key.data, mp->entry.integrity_key.length,
345 ntohl (mp->entry.flags), format_vl_api_address, &mp->entry.tunnel_src,
346 format_vl_api_address, &mp->entry.tunnel_dst, ntohl (mp->salt),
347 clib_net_to_host_u64 (mp->seq_outbound),
348 clib_net_to_host_u64 (mp->last_seq_inbound),
349 clib_net_to_host_u64 (mp->replay_window), ntohl (mp->stat_index));
353 api_ipsec_spd_dump (vat_main_t *vam)
359 unformat_ipsec_api_crypto_alg (unformat_input_t *input, va_list *args)
361 u32 *r = va_arg (*args, u32 *);
365 #define _(v, f, s) else if (unformat (input, s)) *r = IPSEC_API_CRYPTO_ALG_##f;
366 foreach_ipsec_crypto_alg
373 unformat_ipsec_api_integ_alg (unformat_input_t *input, va_list *args)
375 u32 *r = va_arg (*args, u32 *);
379 #define _(v, f, s) else if (unformat (input, s)) *r = IPSEC_API_INTEG_ALG_##f;
380 foreach_ipsec_integ_alg
387 api_ipsec_sad_entry_add_del (vat_main_t *vam)
389 unformat_input_t *i = vam->input;
390 vl_api_ipsec_sad_entry_add_del_t *mp;
391 u32 sad_id = 0, spi = 0;
395 vl_api_ipsec_crypto_alg_t crypto_alg = IPSEC_API_CRYPTO_ALG_NONE;
396 vl_api_ipsec_integ_alg_t integ_alg = IPSEC_API_INTEG_ALG_NONE;
397 vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
398 vl_api_ipsec_proto_t protocol = IPSEC_API_PROTO_AH;
399 vl_api_address_t tun_src, tun_dst;
402 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
404 if (unformat (i, "del"))
406 else if (unformat (i, "sad_id %d", &sad_id))
408 else if (unformat (i, "spi %d", &spi))
410 else if (unformat (i, "esp"))
411 protocol = IPSEC_API_PROTO_ESP;
412 else if (unformat (i, "tunnel_src %U", unformat_vl_api_address,
415 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
416 if (ADDRESS_IP6 == tun_src.af)
417 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
419 else if (unformat (i, "tunnel_dst %U", unformat_vl_api_address,
422 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
423 if (ADDRESS_IP6 == tun_src.af)
424 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
426 else if (unformat (i, "crypto_alg %U", unformat_ipsec_api_crypto_alg,
429 else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
431 else if (unformat (i, "integ_alg %U", unformat_ipsec_api_integ_alg,
434 else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
438 clib_warning ("parse error '%U'", format_unformat_error, i);
443 M (IPSEC_SAD_ENTRY_ADD_DEL, mp);
446 mp->entry.sad_id = ntohl (sad_id);
447 mp->entry.protocol = protocol;
448 mp->entry.spi = ntohl (spi);
449 mp->entry.flags = flags;
451 mp->entry.crypto_algorithm = crypto_alg;
452 mp->entry.integrity_algorithm = integ_alg;
453 mp->entry.crypto_key.length = vec_len (ck);
454 mp->entry.integrity_key.length = vec_len (ik);
456 if (mp->entry.crypto_key.length > sizeof (mp->entry.crypto_key.data))
457 mp->entry.crypto_key.length = sizeof (mp->entry.crypto_key.data);
459 if (mp->entry.integrity_key.length > sizeof (mp->entry.integrity_key.data))
460 mp->entry.integrity_key.length = sizeof (mp->entry.integrity_key.data);
463 clib_memcpy (mp->entry.crypto_key.data, ck, mp->entry.crypto_key.length);
465 clib_memcpy (mp->entry.integrity_key.data, ik,
466 mp->entry.integrity_key.length);
468 if (flags & IPSEC_API_SAD_FLAG_IS_TUNNEL)
470 clib_memcpy (&mp->entry.tunnel_src, &tun_src,
471 sizeof (mp->entry.tunnel_src));
472 clib_memcpy (&mp->entry.tunnel_dst, &tun_dst,
473 sizeof (mp->entry.tunnel_dst));
482 api_ipsec_sad_entry_add_del_v2 (vat_main_t *vam)
488 api_ipsec_interface_add_del_spd (vat_main_t *vam)
490 vnet_main_t *vnm = vnet_get_main ();
491 unformat_input_t *i = vam->input;
492 vl_api_ipsec_interface_add_del_spd_t *mp;
494 u8 sw_if_index_set = 0;
495 u32 spd_id = (u32) ~0;
499 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
501 if (unformat (i, "del"))
503 else if (unformat (i, "spd_id %d", &spd_id))
505 else if (unformat (i, "%U", unformat_vnet_sw_interface, vnm,
508 else if (unformat (i, "sw_if_index %d", &sw_if_index))
512 clib_warning ("parse error '%U'", format_unformat_error, i);
517 if (spd_id == (u32) ~0)
519 errmsg ("spd_id must be set");
523 if (sw_if_index_set == 0)
525 errmsg ("missing interface name or sw_if_index");
529 M (IPSEC_INTERFACE_ADD_DEL_SPD, mp);
531 mp->spd_id = ntohl (spd_id);
532 mp->sw_if_index = ntohl (sw_if_index);
541 api_ipsec_backend_dump (vat_main_t *vam)
547 api_ipsec_select_backend (vat_main_t *vam)
553 api_ipsec_set_async_mode (vat_main_t *vam)
559 api_ipsec_spd_add_del (vat_main_t *vam)
561 unformat_input_t *i = vam->input;
562 vl_api_ipsec_spd_add_del_t *mp;
567 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
569 if (unformat (i, "spd_id %d", &spd_id))
571 else if (unformat (i, "del"))
575 clib_warning ("parse error '%U'", format_unformat_error, i);
581 errmsg ("spd_id must be set");
585 M (IPSEC_SPD_ADD_DEL, mp);
587 mp->spd_id = ntohl (spd_id);
595 #include <vnet/ipsec/ipsec.api_test.c>
599 * eval: (c-set-style "gnu")