- errmsg ("both IPv4 and IPv6 addresses specified");
- return -99;
- }
-
- if (vni_set == 0)
- {
- errmsg ("vni not specified");
- return -99;
- }
-
- M (VXLAN_GPE_ADD_DEL_TUNNEL, mp);
-
-
- if (ipv6_set)
- {
- clib_memcpy (&mp->local, &local6, sizeof (local6));
- clib_memcpy (&mp->remote, &remote6, sizeof (remote6));
- }
- else
- {
- clib_memcpy (&mp->local, &local4, sizeof (local4));
- clib_memcpy (&mp->remote, &remote4, sizeof (remote4));
- }
-
- mp->mcast_sw_if_index = ntohl (mcast_sw_if_index);
- mp->encap_vrf_id = ntohl (encap_vrf_id);
- mp->decap_vrf_id = ntohl (decap_vrf_id);
- mp->protocol = protocol;
- mp->vni = ntohl (vni);
- mp->is_add = is_add;
- mp->is_ipv6 = ipv6_set;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static void vl_api_vxlan_gpe_tunnel_details_t_handler
- (vl_api_vxlan_gpe_tunnel_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
- ip46_address_t local = to_ip46 (mp->is_ipv6, mp->local);
- ip46_address_t remote = to_ip46 (mp->is_ipv6, mp->remote);
-
- print (vam->ofp, "%11d%24U%24U%13d%12d%19d%14d%14d",
- ntohl (mp->sw_if_index),
- format_ip46_address, &local, IP46_TYPE_ANY,
- format_ip46_address, &remote, IP46_TYPE_ANY,
- ntohl (mp->vni), mp->protocol,
- ntohl (mp->mcast_sw_if_index),
- ntohl (mp->encap_vrf_id), ntohl (mp->decap_vrf_id));
-}
-
-
-static void vl_api_vxlan_gpe_tunnel_details_t_handler_json
- (vl_api_vxlan_gpe_tunnel_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
- vat_json_node_t *node = NULL;
- struct in_addr ip4;
- struct in6_addr ip6;
-
- if (VAT_JSON_ARRAY != vam->json_tree.type)
- {
- ASSERT (VAT_JSON_NONE == vam->json_tree.type);
- vat_json_init_array (&vam->json_tree);
- }
- node = vat_json_array_add (&vam->json_tree);
-
- vat_json_init_object (node);
- vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
- if (mp->is_ipv6)
- {
- clib_memcpy (&ip6, &(mp->local[0]), sizeof (ip6));
- vat_json_object_add_ip6 (node, "local", ip6);
- clib_memcpy (&ip6, &(mp->remote[0]), sizeof (ip6));
- vat_json_object_add_ip6 (node, "remote", ip6);
- }
- else
- {
- clib_memcpy (&ip4, &(mp->local[0]), sizeof (ip4));
- vat_json_object_add_ip4 (node, "local", ip4);
- clib_memcpy (&ip4, &(mp->remote[0]), sizeof (ip4));
- vat_json_object_add_ip4 (node, "remote", ip4);
- }
- vat_json_object_add_uint (node, "vni", ntohl (mp->vni));
- vat_json_object_add_uint (node, "protocol", ntohl (mp->protocol));
- vat_json_object_add_uint (node, "mcast_sw_if_index",
- ntohl (mp->mcast_sw_if_index));
- vat_json_object_add_uint (node, "encap_vrf_id", ntohl (mp->encap_vrf_id));
- vat_json_object_add_uint (node, "decap_vrf_id", ntohl (mp->decap_vrf_id));
- vat_json_object_add_uint (node, "is_ipv6", mp->is_ipv6 ? 1 : 0);
-}
-
-static int
-api_vxlan_gpe_tunnel_dump (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_vxlan_gpe_tunnel_dump_t *mp;
- vl_api_control_ping_t *mp_ping;
- u32 sw_if_index;
- u8 sw_if_index_set = 0;
- int ret;
-
- /* Parse args required to build the message */
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "sw_if_index %d", &sw_if_index))
- sw_if_index_set = 1;
- else
- break;
- }
-
- if (sw_if_index_set == 0)
- {
- sw_if_index = ~0;
- }
-
- if (!vam->json_output)
- {
- print (vam->ofp, "%11s%24s%24s%13s%15s%19s%14s%14s",
- "sw_if_index", "local", "remote", "vni",
- "protocol", "mcast_sw_if_index", "encap_vrf_id", "decap_vrf_id");
- }
-
- /* Get list of vxlan-tunnel interfaces */
- M (VXLAN_GPE_TUNNEL_DUMP, mp);
-
- mp->sw_if_index = htonl (sw_if_index);
-
- S (mp);
-
- /* Use a control ping for synchronization */
- MPING (CONTROL_PING, mp_ping);
- S (mp_ping);
-
- W (ret);
- return ret;
-}
-
-static void vl_api_l2_fib_table_details_t_handler
- (vl_api_l2_fib_table_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
-
- print (vam->ofp, "%3" PRIu32 " %U %3" PRIu32
- " %d %d %d",
- ntohl (mp->bd_id), format_ethernet_address, mp->mac,
- ntohl (mp->sw_if_index), mp->static_mac, mp->filter_mac,
- mp->bvi_mac);
-}
-
-static void vl_api_l2_fib_table_details_t_handler_json
- (vl_api_l2_fib_table_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
- vat_json_node_t *node = NULL;
-
- if (VAT_JSON_ARRAY != vam->json_tree.type)
- {
- ASSERT (VAT_JSON_NONE == vam->json_tree.type);
- vat_json_init_array (&vam->json_tree);
- }
- node = vat_json_array_add (&vam->json_tree);
-
- vat_json_init_object (node);
- vat_json_object_add_uint (node, "bd_id", ntohl (mp->bd_id));
- vat_json_object_add_bytes (node, "mac", mp->mac, 6);
- vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
- vat_json_object_add_uint (node, "static_mac", mp->static_mac);
- vat_json_object_add_uint (node, "filter_mac", mp->filter_mac);
- vat_json_object_add_uint (node, "bvi_mac", mp->bvi_mac);
-}
-
-static int
-api_l2_fib_table_dump (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_l2_fib_table_dump_t *mp;
- vl_api_control_ping_t *mp_ping;
- u32 bd_id;
- u8 bd_id_set = 0;
- int ret;
-
- /* Parse args required to build the message */
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "bd_id %d", &bd_id))
- bd_id_set = 1;
- else
- break;
- }
-
- if (bd_id_set == 0)
- {
- errmsg ("missing bridge domain");
- return -99;
- }
-
- print (vam->ofp, "BD-ID Mac Address sw-ndx Static Filter BVI");
-
- /* Get list of l2 fib entries */
- M (L2_FIB_TABLE_DUMP, mp);
-
- mp->bd_id = ntohl (bd_id);
- S (mp);
-
- /* Use a control ping for synchronization */
- MPING (CONTROL_PING, mp_ping);
- S (mp_ping);
-
- W (ret);
- return ret;
-}
-
-
-static int
-api_interface_name_renumber (vat_main_t * vam)
-{
- unformat_input_t *line_input = vam->input;
- vl_api_interface_name_renumber_t *mp;
- u32 sw_if_index = ~0;
- u32 new_show_dev_instance = ~0;
- int ret;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "%U", api_unformat_sw_if_index, vam,
- &sw_if_index))
- ;
- else if (unformat (line_input, "sw_if_index %d", &sw_if_index))
- ;
- else if (unformat (line_input, "new_show_dev_instance %d",
- &new_show_dev_instance))
- ;
- else
- break;
- }
-
- if (sw_if_index == ~0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- if (new_show_dev_instance == ~0)
- {
- errmsg ("missing new_show_dev_instance");
- return -99;
- }
-
- M (INTERFACE_NAME_RENUMBER, mp);
-
- mp->sw_if_index = ntohl (sw_if_index);
- mp->new_show_dev_instance = ntohl (new_show_dev_instance);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ip_probe_neighbor (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ip_probe_neighbor_t *mp;
- u8 int_set = 0;
- u8 adr_set = 0;
- u8 is_ipv6 = 0;
- u8 dst_adr[16];
- u32 sw_if_index;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- int_set = 1;
- else if (unformat (i, "sw_if_index %d", &sw_if_index))
- int_set = 1;
- else if (unformat (i, "address %U", unformat_ip4_address, dst_adr))
- adr_set = 1;
- else if (unformat (i, "address %U", unformat_ip6_address, dst_adr))
- {
- adr_set = 1;
- is_ipv6 = 1;
- }
- else
- break;
- }
-
- if (int_set == 0)
- {
- errmsg ("missing interface");
- return -99;
- }
-
- if (adr_set == 0)
- {
- errmsg ("missing addresses");
- return -99;
- }
-
- M (IP_PROBE_NEIGHBOR, mp);
-
- mp->sw_if_index = ntohl (sw_if_index);
- mp->is_ipv6 = is_ipv6;
- clib_memcpy (mp->dst_address, dst_adr, sizeof (dst_adr));
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ip_scan_neighbor_enable_disable (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ip_scan_neighbor_enable_disable_t *mp;
- u8 mode = IP_SCAN_V46_NEIGHBORS;
- u32 interval = 0, time = 0, update = 0, delay = 0, stale = 0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "ip4"))
- mode = IP_SCAN_V4_NEIGHBORS;
- else if (unformat (i, "ip6"))
- mode = IP_SCAN_V6_NEIGHBORS;
- if (unformat (i, "both"))
- mode = IP_SCAN_V46_NEIGHBORS;
- else if (unformat (i, "disable"))
- mode = IP_SCAN_DISABLED;
- else if (unformat (i, "interval %d", &interval))
- ;
- else if (unformat (i, "max-time %d", &time))
- ;
- else if (unformat (i, "max-update %d", &update))
- ;
- else if (unformat (i, "delay %d", &delay))
- ;
- else if (unformat (i, "stale %d", &stale))
- ;
- else
- break;
- }
-
- if (interval > 255)
- {
- errmsg ("interval cannot exceed 255 minutes.");
- return -99;
- }
- if (time > 255)
- {
- errmsg ("max-time cannot exceed 255 usec.");
- return -99;
- }
- if (update > 255)
- {
- errmsg ("max-update cannot exceed 255.");
- return -99;
- }
- if (delay > 255)
- {
- errmsg ("delay cannot exceed 255 msec.");
- return -99;
- }
- if (stale > 255)
- {
- errmsg ("stale cannot exceed 255 minutes.");
- return -99;
- }
-
- M (IP_SCAN_NEIGHBOR_ENABLE_DISABLE, mp);
- mp->mode = mode;
- mp->scan_interval = interval;
- mp->max_proc_time = time;
- mp->max_update = update;
- mp->scan_int_delay = delay;
- mp->stale_threshold = stale;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_want_ip4_arp_events (vat_main_t * vam)
-{
- unformat_input_t *line_input = vam->input;
- vl_api_want_ip4_arp_events_t *mp;
- ip4_address_t address;
- int address_set = 0;
- u32 enable_disable = 1;
- int ret;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "address %U", unformat_ip4_address, &address))
- address_set = 1;
- else if (unformat (line_input, "del"))
- enable_disable = 0;
- else
- break;
- }
-
- if (address_set == 0)
- {
- errmsg ("missing addresses");
- return -99;
- }
-
- M (WANT_IP4_ARP_EVENTS, mp);
- mp->enable_disable = enable_disable;
- mp->pid = htonl (getpid ());
- mp->address = address.as_u32;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_want_ip6_nd_events (vat_main_t * vam)
-{
- unformat_input_t *line_input = vam->input;
- vl_api_want_ip6_nd_events_t *mp;
- ip6_address_t address;
- int address_set = 0;
- u32 enable_disable = 1;
- int ret;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "address %U", unformat_ip6_address, &address))
- address_set = 1;
- else if (unformat (line_input, "del"))
- enable_disable = 0;
- else
- break;
- }
-
- if (address_set == 0)
- {
- errmsg ("missing addresses");
- return -99;
- }
-
- M (WANT_IP6_ND_EVENTS, mp);
- mp->enable_disable = enable_disable;
- mp->pid = htonl (getpid ());
- clib_memcpy (mp->address, &address, sizeof (ip6_address_t));
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_want_l2_macs_events (vat_main_t * vam)
-{
- unformat_input_t *line_input = vam->input;
- vl_api_want_l2_macs_events_t *mp;
- u8 enable_disable = 1;
- u32 scan_delay = 0;
- u32 max_macs_in_event = 0;
- u32 learn_limit = 0;
- int ret;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "learn-limit %d", &learn_limit))
- ;
- else if (unformat (line_input, "scan-delay %d", &scan_delay))
- ;
- else if (unformat (line_input, "max-entries %d", &max_macs_in_event))
- ;
- else if (unformat (line_input, "disable"))
- enable_disable = 0;
- else
- break;
- }
-
- M (WANT_L2_MACS_EVENTS, mp);
- mp->enable_disable = enable_disable;
- mp->pid = htonl (getpid ());
- mp->learn_limit = htonl (learn_limit);
- mp->scan_delay = (u8) scan_delay;
- mp->max_macs_in_event = (u8) (max_macs_in_event / 10);
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_input_acl_set_interface (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_input_acl_set_interface_t *mp;
- u32 sw_if_index;
- int sw_if_index_set;
- u32 ip4_table_index = ~0;
- u32 ip6_table_index = ~0;
- u32 l2_table_index = ~0;
- u8 is_add = 1;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- sw_if_index_set = 1;
- else if (unformat (i, "sw_if_index %d", &sw_if_index))
- sw_if_index_set = 1;
- else if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "ip4-table %d", &ip4_table_index))
- ;
- else if (unformat (i, "ip6-table %d", &ip6_table_index))
- ;
- else if (unformat (i, "l2-table %d", &l2_table_index))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (sw_if_index_set == 0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- M (INPUT_ACL_SET_INTERFACE, mp);
-
- mp->sw_if_index = ntohl (sw_if_index);
- mp->ip4_table_index = ntohl (ip4_table_index);
- mp->ip6_table_index = ntohl (ip6_table_index);
- mp->l2_table_index = ntohl (l2_table_index);
- mp->is_add = is_add;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_output_acl_set_interface (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_output_acl_set_interface_t *mp;
- u32 sw_if_index;
- int sw_if_index_set;
- u32 ip4_table_index = ~0;
- u32 ip6_table_index = ~0;
- u32 l2_table_index = ~0;
- u8 is_add = 1;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- sw_if_index_set = 1;
- else if (unformat (i, "sw_if_index %d", &sw_if_index))
- sw_if_index_set = 1;
- else if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "ip4-table %d", &ip4_table_index))
- ;
- else if (unformat (i, "ip6-table %d", &ip6_table_index))
- ;
- else if (unformat (i, "l2-table %d", &l2_table_index))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (sw_if_index_set == 0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- M (OUTPUT_ACL_SET_INTERFACE, mp);
-
- mp->sw_if_index = ntohl (sw_if_index);
- mp->ip4_table_index = ntohl (ip4_table_index);
- mp->ip6_table_index = ntohl (ip6_table_index);
- mp->l2_table_index = ntohl (l2_table_index);
- mp->is_add = is_add;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ip_address_dump (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ip_address_dump_t *mp;
- vl_api_control_ping_t *mp_ping;
- u32 sw_if_index = ~0;
- u8 sw_if_index_set = 0;
- u8 ipv4_set = 0;
- u8 ipv6_set = 0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "sw_if_index %d", &sw_if_index))
- sw_if_index_set = 1;
- else
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- sw_if_index_set = 1;
- else if (unformat (i, "ipv4"))
- ipv4_set = 1;
- else if (unformat (i, "ipv6"))
- ipv6_set = 1;
- else
- break;
- }
-
- if (ipv4_set && ipv6_set)
- {
- errmsg ("ipv4 and ipv6 flags cannot be both set");
- return -99;
- }
-
- if ((!ipv4_set) && (!ipv6_set))
- {
- errmsg ("no ipv4 nor ipv6 flag set");
- return -99;
- }
-
- if (sw_if_index_set == 0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- vam->current_sw_if_index = sw_if_index;
- vam->is_ipv6 = ipv6_set;
-
- M (IP_ADDRESS_DUMP, mp);
- mp->sw_if_index = ntohl (sw_if_index);
- mp->is_ipv6 = ipv6_set;
- S (mp);
-
- /* Use a control ping for synchronization */
- MPING (CONTROL_PING, mp_ping);
- S (mp_ping);
-
- W (ret);
- return ret;
-}
-
-static int
-api_ip_dump (vat_main_t * vam)
-{
- vl_api_ip_dump_t *mp;
- vl_api_control_ping_t *mp_ping;
- unformat_input_t *in = vam->input;
- int ipv4_set = 0;
- int ipv6_set = 0;
- int is_ipv6;
- int i;
- int ret;
-
- while (unformat_check_input (in) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (in, "ipv4"))
- ipv4_set = 1;
- else if (unformat (in, "ipv6"))
- ipv6_set = 1;
- else
- break;
- }
-
- if (ipv4_set && ipv6_set)
- {
- errmsg ("ipv4 and ipv6 flags cannot be both set");
- return -99;
- }
-
- if ((!ipv4_set) && (!ipv6_set))
- {
- errmsg ("no ipv4 nor ipv6 flag set");
- return -99;
- }
-
- is_ipv6 = ipv6_set;
- vam->is_ipv6 = is_ipv6;
-
- /* free old data */
- for (i = 0; i < vec_len (vam->ip_details_by_sw_if_index[is_ipv6]); i++)
- {
- vec_free (vam->ip_details_by_sw_if_index[is_ipv6][i].addr);
- }
- vec_free (vam->ip_details_by_sw_if_index[is_ipv6]);
-
- M (IP_DUMP, mp);
- mp->is_ipv6 = ipv6_set;
- S (mp);
-
- /* Use a control ping for synchronization */
- MPING (CONTROL_PING, mp_ping);
- S (mp_ping);
-
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_spd_add_del (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_spd_add_del_t *mp;
- u32 spd_id = ~0;
- u8 is_add = 1;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "spd_id %d", &spd_id))
- ;
- else if (unformat (i, "del"))
- is_add = 0;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
- if (spd_id == ~0)
- {
- errmsg ("spd_id must be set");
- return -99;
- }
-
- M (IPSEC_SPD_ADD_DEL, mp);
-
- mp->spd_id = ntohl (spd_id);
- mp->is_add = is_add;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_interface_add_del_spd (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_interface_add_del_spd_t *mp;
- u32 sw_if_index;
- u8 sw_if_index_set = 0;
- u32 spd_id = (u32) ~ 0;
- u8 is_add = 1;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "spd_id %d", &spd_id))
- ;
- else
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- sw_if_index_set = 1;
- else if (unformat (i, "sw_if_index %d", &sw_if_index))
- sw_if_index_set = 1;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- if (spd_id == (u32) ~ 0)
- {
- errmsg ("spd_id must be set");
- return -99;
- }
-
- if (sw_if_index_set == 0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- M (IPSEC_INTERFACE_ADD_DEL_SPD, mp);
-
- mp->spd_id = ntohl (spd_id);
- mp->sw_if_index = ntohl (sw_if_index);
- mp->is_add = is_add;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_spd_add_del_entry (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_spd_add_del_entry_t *mp;
- u8 is_add = 1, is_outbound = 0, is_ipv6 = 0, is_ip_any = 1;
- u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0;
- i32 priority = 0;
- u32 rport_start = 0, rport_stop = (u32) ~ 0;
- u32 lport_start = 0, lport_stop = (u32) ~ 0;
- ip4_address_t laddr4_start, laddr4_stop, raddr4_start, raddr4_stop;
- ip6_address_t laddr6_start, laddr6_stop, raddr6_start, raddr6_stop;
- int ret;
-
- laddr4_start.as_u32 = raddr4_start.as_u32 = 0;
- laddr4_stop.as_u32 = raddr4_stop.as_u32 = (u32) ~ 0;
- laddr6_start.as_u64[0] = raddr6_start.as_u64[0] = 0;
- laddr6_start.as_u64[1] = raddr6_start.as_u64[1] = 0;
- laddr6_stop.as_u64[0] = raddr6_stop.as_u64[0] = (u64) ~ 0;
- laddr6_stop.as_u64[1] = raddr6_stop.as_u64[1] = (u64) ~ 0;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- if (unformat (i, "outbound"))
- is_outbound = 1;
- if (unformat (i, "inbound"))
- is_outbound = 0;
- else if (unformat (i, "spd_id %d", &spd_id))
- ;
- else if (unformat (i, "sa_id %d", &sa_id))
- ;
- else if (unformat (i, "priority %d", &priority))
- ;
- else if (unformat (i, "protocol %d", &protocol))
- ;
- else if (unformat (i, "lport_start %d", &lport_start))
- ;
- else if (unformat (i, "lport_stop %d", &lport_stop))
- ;
- else if (unformat (i, "rport_start %d", &rport_start))
- ;
- else if (unformat (i, "rport_stop %d", &rport_stop))
- ;
- else
- if (unformat
- (i, "laddr_start %U", unformat_ip4_address, &laddr4_start))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "laddr_stop %U", unformat_ip4_address, &laddr4_stop))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "raddr_start %U", unformat_ip4_address, &raddr4_start))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "raddr_stop %U", unformat_ip4_address, &raddr4_stop))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "laddr_start %U", unformat_ip6_address, &laddr6_start))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "laddr_stop %U", unformat_ip6_address, &laddr6_stop))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "raddr_start %U", unformat_ip6_address, &raddr6_start))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "raddr_stop %U", unformat_ip6_address, &raddr6_stop))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "action %U", unformat_ipsec_policy_action, &policy))
- {
- if (policy == IPSEC_POLICY_ACTION_RESOLVE)
- {
- clib_warning ("unsupported action: 'resolve'");
- return -99;
- }
- }
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- M (IPSEC_SPD_ADD_DEL_ENTRY, mp);
-
- mp->spd_id = ntohl (spd_id);
- mp->priority = ntohl (priority);
- mp->is_outbound = is_outbound;
-
- mp->is_ipv6 = is_ipv6;
- if (is_ipv6 || is_ip_any)
- {
- clib_memcpy (mp->remote_address_start, &raddr6_start,
- sizeof (ip6_address_t));
- clib_memcpy (mp->remote_address_stop, &raddr6_stop,
- sizeof (ip6_address_t));
- clib_memcpy (mp->local_address_start, &laddr6_start,
- sizeof (ip6_address_t));
- clib_memcpy (mp->local_address_stop, &laddr6_stop,
- sizeof (ip6_address_t));
- }
- else
- {
- clib_memcpy (mp->remote_address_start, &raddr4_start,
- sizeof (ip4_address_t));
- clib_memcpy (mp->remote_address_stop, &raddr4_stop,
- sizeof (ip4_address_t));
- clib_memcpy (mp->local_address_start, &laddr4_start,
- sizeof (ip4_address_t));
- clib_memcpy (mp->local_address_stop, &laddr4_stop,
- sizeof (ip4_address_t));
- }
- mp->protocol = (u8) protocol;
- mp->local_port_start = ntohs ((u16) lport_start);
- mp->local_port_stop = ntohs ((u16) lport_stop);
- mp->remote_port_start = ntohs ((u16) rport_start);
- mp->remote_port_stop = ntohs ((u16) rport_stop);
- mp->policy = (u8) policy;
- mp->sa_id = ntohl (sa_id);
- mp->is_add = is_add;
- mp->is_ip_any = is_ip_any;
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_sad_add_del_entry (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_sad_add_del_entry_t *mp;
- u32 sad_id = 0, spi = 0;
- u8 *ck = 0, *ik = 0;
- u8 is_add = 1;
-
- u8 protocol = IPSEC_PROTOCOL_AH;
- u8 is_tunnel = 0, is_tunnel_ipv6 = 0;
- u32 crypto_alg = 0, integ_alg = 0;
- ip4_address_t tun_src4;
- ip4_address_t tun_dst4;
- ip6_address_t tun_src6;
- ip6_address_t tun_dst6;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "sad_id %d", &sad_id))
- ;
- else if (unformat (i, "spi %d", &spi))
- ;
- else if (unformat (i, "esp"))
- protocol = IPSEC_PROTOCOL_ESP;
- else if (unformat (i, "tunnel_src %U", unformat_ip4_address, &tun_src4))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 0;
- }
- else if (unformat (i, "tunnel_dst %U", unformat_ip4_address, &tun_dst4))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 0;
- }
- else if (unformat (i, "tunnel_src %U", unformat_ip6_address, &tun_src6))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 1;
- }
- else if (unformat (i, "tunnel_dst %U", unformat_ip6_address, &tun_dst6))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 1;
- }
- else
- if (unformat
- (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
- {
- if (crypto_alg >= IPSEC_CRYPTO_N_ALG)
- {
- clib_warning ("unsupported crypto-alg: '%U'",
- format_ipsec_crypto_alg, crypto_alg);
- return -99;
- }
- }
- else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
- ;
- else
- if (unformat
- (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
- {
- if (integ_alg >= IPSEC_INTEG_N_ALG)
- {
- clib_warning ("unsupported integ-alg: '%U'",
- format_ipsec_integ_alg, integ_alg);
- return -99;
- }
- }
- else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- M (IPSEC_SAD_ADD_DEL_ENTRY, mp);
-
- mp->sad_id = ntohl (sad_id);
- mp->is_add = is_add;
- mp->protocol = protocol;
- mp->spi = ntohl (spi);
- mp->is_tunnel = is_tunnel;
- mp->is_tunnel_ipv6 = is_tunnel_ipv6;
- mp->crypto_algorithm = crypto_alg;
- mp->integrity_algorithm = integ_alg;
- mp->crypto_key_length = vec_len (ck);
- mp->integrity_key_length = vec_len (ik);
-
- if (mp->crypto_key_length > sizeof (mp->crypto_key))
- mp->crypto_key_length = sizeof (mp->crypto_key);
-
- if (mp->integrity_key_length > sizeof (mp->integrity_key))
- mp->integrity_key_length = sizeof (mp->integrity_key);
-
- if (ck)
- clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length);
- if (ik)
- clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length);
-
- if (is_tunnel)
- {
- if (is_tunnel_ipv6)
- {
- clib_memcpy (mp->tunnel_src_address, &tun_src6,
- sizeof (ip6_address_t));
- clib_memcpy (mp->tunnel_dst_address, &tun_dst6,
- sizeof (ip6_address_t));
- }
- else
- {
- clib_memcpy (mp->tunnel_src_address, &tun_src4,
- sizeof (ip4_address_t));
- clib_memcpy (mp->tunnel_dst_address, &tun_dst4,
- sizeof (ip4_address_t));
- }
- }
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_sa_set_key (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_sa_set_key_t *mp;
- u32 sa_id;
- u8 *ck = 0, *ik = 0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "sa_id %d", &sa_id))
- ;
- else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
- ;
- else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IPSEC_SA_SET_KEY, mp);
-
- mp->sa_id = ntohl (sa_id);
- mp->crypto_key_length = vec_len (ck);
- mp->integrity_key_length = vec_len (ik);
-
- if (mp->crypto_key_length > sizeof (mp->crypto_key))
- mp->crypto_key_length = sizeof (mp->crypto_key);
-
- if (mp->integrity_key_length > sizeof (mp->integrity_key))
- mp->integrity_key_length = sizeof (mp->integrity_key);
-
- if (ck)
- clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length);
- if (ik)
- clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_tunnel_if_add_del (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_tunnel_if_add_del_t *mp;
- u32 local_spi = 0, remote_spi = 0;
- u32 crypto_alg = 0, integ_alg = 0;
- u8 *lck = NULL, *rck = NULL;
- u8 *lik = NULL, *rik = NULL;
- ip4_address_t local_ip = { {0} };
- ip4_address_t remote_ip = { {0} };
- u8 is_add = 1;
- u8 esn = 0;
- u8 anti_replay = 0;
- u8 renumber = 0;
- u32 instance = ~0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "esn"))
- esn = 1;
- else if (unformat (i, "anti_replay"))
- anti_replay = 1;
- else if (unformat (i, "local_spi %d", &local_spi))
- ;
- else if (unformat (i, "remote_spi %d", &remote_spi))
- ;
- else if (unformat (i, "local_ip %U", unformat_ip4_address, &local_ip))
- ;
- else if (unformat (i, "remote_ip %U", unformat_ip4_address, &remote_ip))
- ;
- else if (unformat (i, "local_crypto_key %U", unformat_hex_string, &lck))
- ;
- else
- if (unformat (i, "remote_crypto_key %U", unformat_hex_string, &rck))
- ;
- else if (unformat (i, "local_integ_key %U", unformat_hex_string, &lik))
- ;
- else if (unformat (i, "remote_integ_key %U", unformat_hex_string, &rik))
- ;
- else
- if (unformat
- (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
- {
- if (crypto_alg >= IPSEC_CRYPTO_N_ALG)
- {
- errmsg ("unsupported crypto-alg: '%U'\n",
- format_ipsec_crypto_alg, crypto_alg);
- return -99;
- }
- }
- else
- if (unformat
- (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
- {
- if (integ_alg >= IPSEC_INTEG_N_ALG)
- {
- errmsg ("unsupported integ-alg: '%U'\n",
- format_ipsec_integ_alg, integ_alg);
- return -99;
- }
- }
- else if (unformat (i, "instance %u", &instance))
- renumber = 1;
- else
- {
- errmsg ("parse error '%U'\n", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IPSEC_TUNNEL_IF_ADD_DEL, mp);
-
- mp->is_add = is_add;
- mp->esn = esn;
- mp->anti_replay = anti_replay;
-
- clib_memcpy (mp->local_ip, &local_ip, sizeof (ip4_address_t));
- clib_memcpy (mp->remote_ip, &remote_ip, sizeof (ip4_address_t));
-
- mp->local_spi = htonl (local_spi);
- mp->remote_spi = htonl (remote_spi);
- mp->crypto_alg = (u8) crypto_alg;
-
- mp->local_crypto_key_len = 0;
- if (lck)
- {
- mp->local_crypto_key_len = vec_len (lck);
- if (mp->local_crypto_key_len > sizeof (mp->local_crypto_key))
- mp->local_crypto_key_len = sizeof (mp->local_crypto_key);
- clib_memcpy (mp->local_crypto_key, lck, mp->local_crypto_key_len);