+ clib_memcpy (mp->tunnel_src_address, &tun_src4,
+ sizeof (ip4_address_t));
+ clib_memcpy (mp->tunnel_dst_address, &tun_dst4,
+ sizeof (ip4_address_t));
+ }
+ }
+
+ S (mp);
+ W (ret);
+ return ret;
+}
+
+static int
+api_ipsec_sa_set_key (vat_main_t * vam)
+{
+ unformat_input_t *i = vam->input;
+ vl_api_ipsec_sa_set_key_t *mp;
+ u32 sa_id;
+ u8 *ck = 0, *ik = 0;
+ int ret;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "sa_id %d", &sa_id))
+ ;
+ else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
+ ;
+ else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
+ ;
+ else
+ {
+ clib_warning ("parse error '%U'", format_unformat_error, i);
+ return -99;
+ }
+ }
+
+ M (IPSEC_SA_SET_KEY, mp);
+
+ mp->sa_id = ntohl (sa_id);
+ mp->crypto_key_length = vec_len (ck);
+ mp->integrity_key_length = vec_len (ik);
+
+ if (mp->crypto_key_length > sizeof (mp->crypto_key))
+ mp->crypto_key_length = sizeof (mp->crypto_key);
+
+ if (mp->integrity_key_length > sizeof (mp->integrity_key))
+ mp->integrity_key_length = sizeof (mp->integrity_key);
+
+ if (ck)
+ clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length);
+ if (ik)
+ clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length);
+
+ S (mp);
+ W (ret);
+ return ret;
+}
+
+static int
+api_ipsec_tunnel_if_add_del (vat_main_t * vam)
+{
+ unformat_input_t *i = vam->input;
+ vl_api_ipsec_tunnel_if_add_del_t *mp;
+ u32 local_spi = 0, remote_spi = 0;
+ u32 crypto_alg = 0, integ_alg = 0;
+ u8 *lck = NULL, *rck = NULL;
+ u8 *lik = NULL, *rik = NULL;
+ ip4_address_t local_ip = { {0} };
+ ip4_address_t remote_ip = { {0} };
+ u8 is_add = 1;
+ u8 esn = 0;
+ u8 anti_replay = 0;
+ int ret;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "del"))
+ is_add = 0;
+ else if (unformat (i, "esn"))
+ esn = 1;
+ else if (unformat (i, "anti_replay"))
+ anti_replay = 1;
+ else if (unformat (i, "local_spi %d", &local_spi))
+ ;
+ else if (unformat (i, "remote_spi %d", &remote_spi))
+ ;
+ else if (unformat (i, "local_ip %U", unformat_ip4_address, &local_ip))
+ ;
+ else if (unformat (i, "remote_ip %U", unformat_ip4_address, &remote_ip))
+ ;
+ else if (unformat (i, "local_crypto_key %U", unformat_hex_string, &lck))
+ ;
+ else
+ if (unformat (i, "remote_crypto_key %U", unformat_hex_string, &rck))
+ ;
+ else if (unformat (i, "local_integ_key %U", unformat_hex_string, &lik))
+ ;
+ else if (unformat (i, "remote_integ_key %U", unformat_hex_string, &rik))
+ ;
+ else
+ if (unformat
+ (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
+ {
+ if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+ crypto_alg >= IPSEC_CRYPTO_N_ALG)
+ {
+ errmsg ("unsupported crypto-alg: '%U'\n",
+ format_ipsec_crypto_alg, crypto_alg);
+ return -99;
+ }
+ }
+ else
+ if (unformat
+ (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
+ {
+ if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 ||
+ integ_alg >= IPSEC_INTEG_N_ALG)
+ {
+ errmsg ("unsupported integ-alg: '%U'\n",
+ format_ipsec_integ_alg, integ_alg);
+ return -99;
+ }
+ }
+ else
+ {
+ errmsg ("parse error '%U'\n", format_unformat_error, i);
+ return -99;