1 /* SPDX-License-Identifier: Apache-2.0
2 * Copyright(c) 2021 Cisco Systems, Inc.
6 #include <vlibapi/api.h>
7 #include <vlibmemory/api.h>
8 #include <vppinfra/error.h>
9 #include <vpp/api/types.h>
11 #include <vnet/ipsec/ipsec.h>
12 #include <vnet/ip/ip_types_api.h>
14 #define __plugin_msg_base ipsec_test_main.msg_id_base
15 #include <vlibapi/vat_helper_macros.h>
17 #include <vlibmemory/vlib.api_enum.h>
18 #include <vlibmemory/vlib.api_types.h>
20 /* Declare message IDs */
21 #include <vnet/format_fns.h>
22 #include <vnet/ipsec/ipsec.api_enum.h>
23 #include <vnet/ipsec/ipsec.api_types.h>
25 #define vl_endianfun /* define message structures */
26 #include <vnet/ipsec/ipsec.api.h>
31 /* API message ID base */
37 static ipsec_test_main_t ipsec_test_main;
40 vl_api_ipsec_spds_details_t_handler (vl_api_ipsec_spds_details_t *mp)
45 vl_api_ipsec_itf_details_t_handler (vl_api_ipsec_itf_details_t *mp)
50 api_ipsec_itf_delete (vat_main_t *vat)
56 api_ipsec_itf_create (vat_main_t *vat)
62 vl_api_ipsec_itf_create_reply_t_handler (vl_api_ipsec_itf_create_reply_t *vat)
67 api_ipsec_spd_entry_add_del (vat_main_t *vam)
69 unformat_input_t *i = vam->input;
70 vl_api_ipsec_spd_entry_add_del_t *mp;
71 u8 is_add = 1, is_outbound = 0;
72 u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0;
74 u32 rport_start = 0, rport_stop = (u32) ~0;
75 u32 lport_start = 0, lport_stop = (u32) ~0;
76 vl_api_address_t laddr_start = {}, laddr_stop = {}, raddr_start = {},
80 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
82 if (unformat (i, "del"))
84 if (unformat (i, "outbound"))
86 if (unformat (i, "inbound"))
88 else if (unformat (i, "spd_id %d", &spd_id))
90 else if (unformat (i, "sa_id %d", &sa_id))
92 else if (unformat (i, "priority %d", &priority))
94 else if (unformat (i, "protocol %d", &protocol))
96 else if (unformat (i, "lport_start %d", &lport_start))
98 else if (unformat (i, "lport_stop %d", &lport_stop))
100 else if (unformat (i, "rport_start %d", &rport_start))
102 else if (unformat (i, "rport_stop %d", &rport_stop))
104 else if (unformat (i, "laddr_start %U", unformat_vl_api_address,
107 else if (unformat (i, "laddr_stop %U", unformat_vl_api_address,
110 else if (unformat (i, "raddr_start %U", unformat_vl_api_address,
113 else if (unformat (i, "raddr_stop %U", unformat_vl_api_address,
116 else if (unformat (i, "action %U", unformat_ipsec_policy_action,
119 if (policy == IPSEC_POLICY_ACTION_RESOLVE)
121 clib_warning ("unsupported action: 'resolve'");
127 clib_warning ("parse error '%U'", format_unformat_error, i);
132 M (IPSEC_SPD_ENTRY_ADD_DEL, mp);
136 mp->entry.spd_id = ntohl (spd_id);
137 mp->entry.priority = ntohl (priority);
138 mp->entry.is_outbound = is_outbound;
140 clib_memcpy (&mp->entry.remote_address_start, &raddr_start,
141 sizeof (vl_api_address_t));
142 clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop,
143 sizeof (vl_api_address_t));
144 clib_memcpy (&mp->entry.local_address_start, &laddr_start,
145 sizeof (vl_api_address_t));
146 clib_memcpy (&mp->entry.local_address_stop, &laddr_stop,
147 sizeof (vl_api_address_t));
149 mp->entry.protocol = (u8) protocol;
150 mp->entry.local_port_start = ntohs ((u16) lport_start);
151 mp->entry.local_port_stop = ntohs ((u16) lport_stop);
152 mp->entry.remote_port_start = ntohs ((u16) rport_start);
153 mp->entry.remote_port_stop = ntohs ((u16) rport_stop);
154 mp->entry.policy = (u8) policy;
155 mp->entry.sa_id = ntohl (sa_id);
163 vl_api_ipsec_spd_details_t_handler (vl_api_ipsec_spd_details_t *mp)
168 vl_api_ipsec_sad_entry_add_del_reply_t_handler (
169 vl_api_ipsec_sad_entry_add_del_reply_t *mp)
174 vl_api_ipsec_sad_entry_add_del_v3_reply_t_handler (
175 vl_api_ipsec_sad_entry_add_del_v3_reply_t *mp)
180 vl_api_ipsec_sad_entry_add_reply_t_handler (
181 vl_api_ipsec_sad_entry_add_reply_t *mp)
186 api_ipsec_sad_entry_del (vat_main_t *vat)
192 vl_api_ipsec_sad_entry_add_del_v2_reply_t_handler (
193 vl_api_ipsec_sad_entry_add_del_v2_reply_t *mp)
198 vl_api_ipsec_spd_interface_details_t_handler (
199 vl_api_ipsec_spd_interface_details_t *vat)
204 api_ipsec_sad_entry_add_del_v3 (vat_main_t *vat)
210 api_ipsec_tunnel_protect_update (vat_main_t *vat)
216 vl_api_ipsec_backend_details_t_handler (vl_api_ipsec_backend_details_t *mp)
221 api_ipsec_sa_v3_dump (vat_main_t *vat)
227 api_ipsec_tunnel_protect_dump (vat_main_t *vat)
233 api_ipsec_tunnel_protect_del (vat_main_t *vat)
239 vl_api_ipsec_tunnel_protect_details_t_handler (
240 vl_api_ipsec_tunnel_protect_details_t *mp)
245 api_ipsec_sad_entry_add (vat_main_t *vat)
251 vl_api_ipsec_spd_entry_add_del_reply_t_handler (
252 vl_api_ipsec_spd_entry_add_del_reply_t *mp)
257 api_ipsec_spds_dump (vat_main_t *vam)
263 api_ipsec_itf_dump (vat_main_t *vam)
269 vl_api_ipsec_sa_v3_details_t_handler (vl_api_ipsec_sa_v3_details_t *mp)
274 api_ipsec_spd_interface_dump (vat_main_t *vat)
280 vl_api_ipsec_sa_v2_details_t_handler (vl_api_ipsec_sa_v2_details_t *mp)
285 api_ipsec_sa_v2_dump (vat_main_t *mp)
291 api_ipsec_sa_dump (vat_main_t *vam)
293 unformat_input_t *i = vam->input;
294 vl_api_ipsec_sa_dump_t *mp;
295 vl_api_control_ping_t *mp_ping;
299 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
301 if (unformat (i, "sa_id %d", &sa_id))
305 clib_warning ("parse error '%U'", format_unformat_error, i);
310 M (IPSEC_SA_DUMP, mp);
312 mp->sa_id = ntohl (sa_id);
316 /* Use a control ping for synchronization */
317 PING (&ipsec_test_main, mp_ping);
325 vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t *mp)
327 vat_main_t *vam = &vat_main;
330 "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
331 "crypto_key %U integ_alg %u integ_key %U flags %x "
332 "tunnel_src_addr %U tunnel_dst_addr %U "
333 "salt %u seq_outbound %lu last_seq_inbound %lu "
334 "replay_window %lu stat_index %u\n",
335 ntohl (mp->entry.sad_id), ntohl (mp->sw_if_index),
336 ntohl (mp->entry.spi), ntohl (mp->entry.protocol),
337 ntohl (mp->entry.crypto_algorithm), format_hex_bytes,
338 mp->entry.crypto_key.data, mp->entry.crypto_key.length,
339 ntohl (mp->entry.integrity_algorithm), format_hex_bytes,
340 mp->entry.integrity_key.data, mp->entry.integrity_key.length,
341 ntohl (mp->entry.flags), format_vl_api_address, &mp->entry.tunnel_src,
342 format_vl_api_address, &mp->entry.tunnel_dst, ntohl (mp->salt),
343 clib_net_to_host_u64 (mp->seq_outbound),
344 clib_net_to_host_u64 (mp->last_seq_inbound),
345 clib_net_to_host_u64 (mp->replay_window), ntohl (mp->stat_index));
349 api_ipsec_spd_dump (vat_main_t *vam)
355 unformat_ipsec_api_crypto_alg (unformat_input_t *input, va_list *args)
357 u32 *r = va_arg (*args, u32 *);
361 #define _(v, f, s) else if (unformat (input, s)) *r = IPSEC_API_CRYPTO_ALG_##f;
362 foreach_ipsec_crypto_alg
369 unformat_ipsec_api_integ_alg (unformat_input_t *input, va_list *args)
371 u32 *r = va_arg (*args, u32 *);
375 #define _(v, f, s) else if (unformat (input, s)) *r = IPSEC_API_INTEG_ALG_##f;
376 foreach_ipsec_integ_alg
383 api_ipsec_sad_entry_add_del (vat_main_t *vam)
385 unformat_input_t *i = vam->input;
386 vl_api_ipsec_sad_entry_add_del_t *mp;
387 u32 sad_id = 0, spi = 0;
391 vl_api_ipsec_crypto_alg_t crypto_alg = IPSEC_API_CRYPTO_ALG_NONE;
392 vl_api_ipsec_integ_alg_t integ_alg = IPSEC_API_INTEG_ALG_NONE;
393 vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
394 vl_api_ipsec_proto_t protocol = IPSEC_API_PROTO_AH;
395 vl_api_address_t tun_src, tun_dst;
398 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
400 if (unformat (i, "del"))
402 else if (unformat (i, "sad_id %d", &sad_id))
404 else if (unformat (i, "spi %d", &spi))
406 else if (unformat (i, "esp"))
407 protocol = IPSEC_API_PROTO_ESP;
408 else if (unformat (i, "tunnel_src %U", unformat_vl_api_address,
411 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
412 if (ADDRESS_IP6 == tun_src.af)
413 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
415 else if (unformat (i, "tunnel_dst %U", unformat_vl_api_address,
418 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
419 if (ADDRESS_IP6 == tun_src.af)
420 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
422 else if (unformat (i, "crypto_alg %U", unformat_ipsec_api_crypto_alg,
425 else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
427 else if (unformat (i, "integ_alg %U", unformat_ipsec_api_integ_alg,
430 else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
434 clib_warning ("parse error '%U'", format_unformat_error, i);
439 M (IPSEC_SAD_ENTRY_ADD_DEL, mp);
442 mp->entry.sad_id = ntohl (sad_id);
443 mp->entry.protocol = protocol;
444 mp->entry.spi = ntohl (spi);
445 mp->entry.flags = flags;
447 mp->entry.crypto_algorithm = crypto_alg;
448 mp->entry.integrity_algorithm = integ_alg;
449 mp->entry.crypto_key.length = vec_len (ck);
450 mp->entry.integrity_key.length = vec_len (ik);
452 if (mp->entry.crypto_key.length > sizeof (mp->entry.crypto_key.data))
453 mp->entry.crypto_key.length = sizeof (mp->entry.crypto_key.data);
455 if (mp->entry.integrity_key.length > sizeof (mp->entry.integrity_key.data))
456 mp->entry.integrity_key.length = sizeof (mp->entry.integrity_key.data);
459 clib_memcpy (mp->entry.crypto_key.data, ck, mp->entry.crypto_key.length);
461 clib_memcpy (mp->entry.integrity_key.data, ik,
462 mp->entry.integrity_key.length);
464 if (flags & IPSEC_API_SAD_FLAG_IS_TUNNEL)
466 clib_memcpy (&mp->entry.tunnel_src, &tun_src,
467 sizeof (mp->entry.tunnel_src));
468 clib_memcpy (&mp->entry.tunnel_dst, &tun_dst,
469 sizeof (mp->entry.tunnel_dst));
478 api_ipsec_sad_entry_add_del_v2 (vat_main_t *vam)
484 api_ipsec_interface_add_del_spd (vat_main_t *vam)
486 vnet_main_t *vnm = vnet_get_main ();
487 unformat_input_t *i = vam->input;
488 vl_api_ipsec_interface_add_del_spd_t *mp;
490 u8 sw_if_index_set = 0;
491 u32 spd_id = (u32) ~0;
495 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
497 if (unformat (i, "del"))
499 else if (unformat (i, "spd_id %d", &spd_id))
501 else if (unformat (i, "%U", unformat_vnet_sw_interface, vnm,
504 else if (unformat (i, "sw_if_index %d", &sw_if_index))
508 clib_warning ("parse error '%U'", format_unformat_error, i);
513 if (spd_id == (u32) ~0)
515 errmsg ("spd_id must be set");
519 if (sw_if_index_set == 0)
521 errmsg ("missing interface name or sw_if_index");
525 M (IPSEC_INTERFACE_ADD_DEL_SPD, mp);
527 mp->spd_id = ntohl (spd_id);
528 mp->sw_if_index = ntohl (sw_if_index);
537 api_ipsec_backend_dump (vat_main_t *vam)
543 api_ipsec_select_backend (vat_main_t *vam)
549 api_ipsec_set_async_mode (vat_main_t *vam)
555 api_ipsec_spd_add_del (vat_main_t *vam)
557 unformat_input_t *i = vam->input;
558 vl_api_ipsec_spd_add_del_t *mp;
563 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
565 if (unformat (i, "spd_id %d", &spd_id))
567 else if (unformat (i, "del"))
571 clib_warning ("parse error '%U'", format_unformat_error, i);
577 errmsg ("spd_id must be set");
581 M (IPSEC_SPD_ADD_DEL, mp);
583 mp->spd_id = ntohl (spd_id);
591 #include <vnet/ipsec/ipsec.api_test.c>
595 * eval: (c-set-style "gnu")