+
+static void
+vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp)
+{
+ vl_api_registration_t *reg;
+ ipsec_main_t *im = &ipsec_main;
+ vnet_main_t *vnm = im->vnet_main;
+ ipsec_sa_t *sa;
+ ipsec_tunnel_if_t *t;
+ u32 *sa_index_to_tun_if_index = 0;
+
+#if WITH_LIBSSL > 0
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg || pool_elts (im->sad) == 0)
+ return;
+
+ vec_validate_init_empty (sa_index_to_tun_if_index, vec_len (im->sad) - 1,
+ ~0);
+
+ /* *INDENT-OFF* */
+ pool_foreach (t, im->tunnel_interfaces,
+ ({
+ vnet_hw_interface_t *hi;
+ u32 sw_if_index = ~0;
+
+ hi = vnet_get_hw_interface (vnm, t->hw_if_index);
+ sw_if_index = hi->sw_if_index;
+ sa_index_to_tun_if_index[t->input_sa_index] = sw_if_index;
+ sa_index_to_tun_if_index[t->output_sa_index] = sw_if_index;
+ }));
+
+ pool_foreach (sa, im->sad,
+ ({
+ if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == sa->id)
+ send_ipsec_sa_details (sa, reg, mp->context,
+ sa_index_to_tun_if_index[sa - im->sad]);
+ }));
+ /* *INDENT-ON* */
+
+ vec_free (sa_index_to_tun_if_index);
+#else
+ clib_warning ("unimplemented");
+#endif
+}
+
+
+static void
+vl_api_ipsec_tunnel_if_set_key_t_handler (vl_api_ipsec_tunnel_if_set_key_t *
+ mp)
+{
+ vl_api_ipsec_tunnel_if_set_key_reply_t *rmp;
+ ipsec_main_t *im = &ipsec_main;
+ vnet_main_t *vnm = im->vnet_main;
+ vnet_sw_interface_t *sw;
+ u8 *key = 0;
+ int rv;
+
+#if WITH_LIBSSL > 0
+ sw = vnet_get_sw_interface (vnm, ntohl (mp->sw_if_index));
+
+ switch (mp->key_type)
+ {
+ case IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO:
+ case IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO:
+ if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
+ mp->alg >= IPSEC_CRYPTO_N_ALG)
+ {
+ rv = VNET_API_ERROR_UNIMPLEMENTED;
+ goto out;
+ }
+ break;
+ case IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG:
+ case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG:
+ if (mp->alg >= IPSEC_INTEG_N_ALG)
+ {
+ rv = VNET_API_ERROR_UNIMPLEMENTED;
+ goto out;
+ }
+ break;
+ case IPSEC_IF_SET_KEY_TYPE_NONE:
+ default:
+ rv = VNET_API_ERROR_UNIMPLEMENTED;
+ goto out;
+ break;
+ }
+
+ key = vec_new (u8, mp->key_len);
+ clib_memcpy (key, mp->key, mp->key_len);
+
+ rv = ipsec_set_interface_key (vnm, sw->hw_if_index, mp->key_type, mp->alg,
+ key);
+ vec_free (key);
+#else
+ clib_warning ("unimplemented");
+#endif
+
+out:
+ REPLY_MACRO (VL_API_IPSEC_TUNNEL_IF_SET_KEY_REPLY);
+}
+
+
+static void
+vl_api_ipsec_tunnel_if_set_sa_t_handler (vl_api_ipsec_tunnel_if_set_sa_t * mp)
+{
+ vl_api_ipsec_tunnel_if_set_sa_reply_t *rmp;
+ ipsec_main_t *im = &ipsec_main;
+ vnet_main_t *vnm = im->vnet_main;
+ vnet_sw_interface_t *sw;
+ int rv;
+
+#if WITH_LIBSSL > 0
+ sw = vnet_get_sw_interface (vnm, ntohl (mp->sw_if_index));
+
+ rv = ipsec_set_interface_sa (vnm, sw->hw_if_index, ntohl (mp->sa_id),
+ mp->is_outbound);
+#else
+ clib_warning ("unimplemented");
+#endif
+
+ REPLY_MACRO (VL_API_IPSEC_TUNNEL_IF_SET_SA_REPLY);
+}
+
+