- rv = vnet_add_del_ip4_arp_change_event
- (vnm, arp_change_data_callback,
- mp->pid, &mp->address /* addr, in net byte order */ ,
- vpe_resolver_process_node.index,
- IP4_ARP_EVENT, event - am->arp_events, 1 /* is_add */ );
- }
- else
- {
- rv = vnet_add_del_ip4_arp_change_event
- (vnm, arp_change_delete_callback,
- mp->pid, &mp->address /* addr, in net byte order */ ,
- vpe_resolver_process_node.index,
- IP4_ARP_EVENT, ~0 /* pool index */ , 0 /* is_add */ );
- }
- REPLY_MACRO (VL_API_WANT_IP4_ARP_EVENTS_REPLY);
-}
-
-static void
-vl_api_want_ip6_nd_events_t_handler (vl_api_want_ip6_nd_events_t * mp)
-{
- vpe_api_main_t *am = &vpe_api_main;
- vnet_main_t *vnm = vnet_get_main ();
- vl_api_want_ip6_nd_events_reply_t *rmp;
- vl_api_ip6_nd_event_t *event;
- int rv;
-
- if (mp->enable_disable)
- {
- pool_get (am->nd_events, event);
- memset (event, 0, sizeof (*event));
-
- event->_vl_msg_id = ntohs (VL_API_IP6_ND_EVENT);
- event->client_index = mp->client_index;
- event->context = mp->context;
- clib_memcpy (event->address, mp->address, 16);
- event->pid = mp->pid;
- if (ip6_address_is_zero ((ip6_address_t *) mp->address))
- event->mac_ip = 1;
-
- rv = vnet_add_del_ip6_nd_change_event
- (vnm, nd_change_data_callback,
- mp->pid, mp->address /* addr, in net byte order */ ,
- vpe_resolver_process_node.index,
- IP6_ND_EVENT, event - am->nd_events, 1 /* is_add */ );
- }
- else
- {
- rv = vnet_add_del_ip6_nd_change_event
- (vnm, nd_change_delete_callback,
- mp->pid, mp->address /* addr, in net byte order */ ,
- vpe_resolver_process_node.index,
- IP6_ND_EVENT, ~0 /* pool index */ , 0 /* is_add */ );
- }
- REPLY_MACRO (VL_API_WANT_IP6_ND_EVENTS_REPLY);
-}
-
-static void vl_api_input_acl_set_interface_t_handler
- (vl_api_input_acl_set_interface_t * mp)
-{
- vlib_main_t *vm = vlib_get_main ();
- vl_api_input_acl_set_interface_reply_t *rmp;
- int rv;
- u32 sw_if_index, ip4_table_index, ip6_table_index, l2_table_index;
-
- ip4_table_index = ntohl (mp->ip4_table_index);
- ip6_table_index = ntohl (mp->ip6_table_index);
- l2_table_index = ntohl (mp->l2_table_index);
- sw_if_index = ntohl (mp->sw_if_index);
-
- VALIDATE_SW_IF_INDEX (mp);
-
- rv = vnet_set_input_acl_intfc (vm, sw_if_index, ip4_table_index,
- ip6_table_index, l2_table_index, mp->is_add);
-
- BAD_SW_IF_INDEX_LABEL;
-
- REPLY_MACRO (VL_API_INPUT_ACL_SET_INTERFACE_REPLY);
-}
-
-static void vl_api_ipsec_spd_add_del_t_handler
- (vl_api_ipsec_spd_add_del_t * mp)
-{
-#if IPSEC == 0
- clib_warning ("unimplemented");
-#else
-
- vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
- vl_api_ipsec_spd_add_del_reply_t *rmp;
- int rv;
-
-#if DPDK > 0
- rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
-#endif
-}
-
-static void vl_api_ipsec_interface_add_del_spd_t_handler
- (vl_api_ipsec_interface_add_del_spd_t * mp)
-{
- vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
- vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
- int rv;
- u32 sw_if_index __attribute__ ((unused));
- u32 spd_id __attribute__ ((unused));
-
- sw_if_index = ntohl (mp->sw_if_index);
- spd_id = ntohl (mp->spd_id);
-
- VALIDATE_SW_IF_INDEX (mp);
-
-#if IPSEC > 0
- rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- BAD_SW_IF_INDEX_LABEL;
-
- REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
-}
-
-static void vl_api_ipsec_spd_add_del_entry_t_handler
- (vl_api_ipsec_spd_add_del_entry_t * mp)
-{
- vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
- vl_api_ipsec_spd_add_del_entry_reply_t *rmp;
- int rv;
-
-#if IPSEC > 0
- ipsec_policy_t p;
-
- memset (&p, 0, sizeof (p));
-
- p.id = ntohl (mp->spd_id);
- p.priority = ntohl (mp->priority);
- p.is_outbound = mp->is_outbound;
- p.is_ipv6 = mp->is_ipv6;
-
- if (mp->is_ipv6 || mp->is_ip_any)
- {
- clib_memcpy (&p.raddr.start, mp->remote_address_start, 16);
- clib_memcpy (&p.raddr.stop, mp->remote_address_stop, 16);
- clib_memcpy (&p.laddr.start, mp->local_address_start, 16);
- clib_memcpy (&p.laddr.stop, mp->local_address_stop, 16);
- }
- else
- {
- clib_memcpy (&p.raddr.start.ip4.data, mp->remote_address_start, 4);
- clib_memcpy (&p.raddr.stop.ip4.data, mp->remote_address_stop, 4);
- clib_memcpy (&p.laddr.start.ip4.data, mp->local_address_start, 4);
- clib_memcpy (&p.laddr.stop.ip4.data, mp->local_address_stop, 4);
- }
- p.protocol = mp->protocol;
- p.rport.start = ntohs (mp->remote_port_start);
- p.rport.stop = ntohs (mp->remote_port_stop);
- p.lport.start = ntohs (mp->local_port_start);
- p.lport.stop = ntohs (mp->local_port_stop);
- /* policy action resolve unsupported */
- if (mp->policy == IPSEC_POLICY_ACTION_RESOLVE)
- {
- clib_warning ("unsupported action: 'resolve'");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- p.policy = mp->policy;
- p.sa_id = ntohl (mp->sa_id);
-
- rv = ipsec_add_del_policy (vm, &p, mp->is_add);
- if (rv)
- goto out;
-
- if (mp->is_ip_any)
- {
- p.is_ipv6 = 1;
- rv = ipsec_add_del_policy (vm, &p, mp->is_add);
- }
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
-#endif
-
-out:
- REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_ENTRY_REPLY);
-}
-
-static void vl_api_ipsec_sad_add_del_entry_t_handler
- (vl_api_ipsec_sad_add_del_entry_t * mp)
-{
- vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
- vl_api_ipsec_sad_add_del_entry_reply_t *rmp;
- int rv;
-#if IPSEC > 0
- ipsec_sa_t sa;
-
- memset (&sa, 0, sizeof (sa));
-
- sa.id = ntohl (mp->sad_id);
- sa.spi = ntohl (mp->spi);
- /* security protocol AH unsupported */
- if (mp->protocol == IPSEC_PROTOCOL_AH)
- {
- clib_warning ("unsupported security protocol 'AH'");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- sa.protocol = mp->protocol;
- /* check for unsupported crypto-alg */
- if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- mp->crypto_algorithm > IPSEC_CRYPTO_ALG_AES_CBC_256)
- {
- clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
- mp->crypto_algorithm);
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- sa.crypto_alg = mp->crypto_algorithm;
- sa.crypto_key_len = mp->crypto_key_length;
- clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
- /* check for unsupported integ-alg */
- if (mp->integrity_algorithm < IPSEC_INTEG_ALG_SHA1_96 ||
- mp->integrity_algorithm > IPSEC_INTEG_ALG_SHA_512_256)
- {
- clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg,
- mp->integrity_algorithm);
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- sa.integ_alg = mp->integrity_algorithm;
- sa.integ_key_len = mp->integrity_key_length;
- clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
- sa.use_esn = mp->use_extended_sequence_number;
- sa.is_tunnel = mp->is_tunnel;
- sa.is_tunnel_ip6 = mp->is_tunnel_ipv6;
- if (sa.is_tunnel_ip6)
- {
- clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16);
- clib_memcpy (&sa.tunnel_dst_addr, mp->tunnel_dst_address, 16);
- }
- else
- {
- clib_memcpy (&sa.tunnel_src_addr.ip4.data, mp->tunnel_src_address, 4);
- clib_memcpy (&sa.tunnel_dst_addr.ip4.data, mp->tunnel_dst_address, 4);
- }
-
- rv = ipsec_add_del_sa (vm, &sa, mp->is_add);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
-#endif
-
-out:
- REPLY_MACRO (VL_API_IPSEC_SAD_ADD_DEL_ENTRY_REPLY);
-}
-
-static void
-vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp)
-{
- vl_api_ikev2_profile_add_del_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
- u8 *tmp = format (0, "%s", mp->name);
- error = ikev2_add_del_profile (vm, tmp, mp->is_add);
- vec_free (tmp);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_PROFILE_ADD_DEL_REPLY);
-}
-
-static void
- vl_api_ikev2_profile_set_auth_t_handler
- (vl_api_ikev2_profile_set_auth_t * mp)
-{
- vl_api_ikev2_profile_set_auth_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
- u8 *tmp = format (0, "%s", mp->name);
- u8 *data = vec_new (u8, mp->data_len);
- clib_memcpy (data, mp->data, mp->data_len);
- error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
- vec_free (tmp);
- vec_free (data);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_AUTH_REPLY);
-}
-
-static void
-vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp)
-{
- vl_api_ikev2_profile_add_del_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
- u8 *tmp = format (0, "%s", mp->name);
- u8 *data = vec_new (u8, mp->data_len);
- clib_memcpy (data, mp->data, mp->data_len);
- error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
- vec_free (tmp);
- vec_free (data);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY);
-}
-
-static void
-vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp)
-{
- vl_api_ikev2_profile_set_ts_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
- u8 *tmp = format (0, "%s", mp->name);
- error = ikev2_set_profile_ts (vm, tmp, mp->proto, mp->start_port,
- mp->end_port, (ip4_address_t) mp->start_addr,
- (ip4_address_t) mp->end_addr, mp->is_local);
- vec_free (tmp);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_TS_REPLY);
-}
-
-static void
-vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp)
-{
- vl_api_ikev2_profile_set_ts_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
-
- error = ikev2_set_local_key (vm, mp->key_file);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
-}
-
-static void
-vl_api_map_add_domain_t_handler (vl_api_map_add_domain_t * mp)
-{
- vl_api_map_add_domain_reply_t *rmp;
- int rv = 0;
- u32 index;
- u8 flags = mp->is_translation ? MAP_DOMAIN_TRANSLATION : 0;
- rv =
- map_create_domain ((ip4_address_t *) & mp->ip4_prefix, mp->ip4_prefix_len,
- (ip6_address_t *) & mp->ip6_prefix, mp->ip6_prefix_len,
- (ip6_address_t *) & mp->ip6_src,
- mp->ip6_src_prefix_len, mp->ea_bits_len,
- mp->psid_offset, mp->psid_length, &index,
- ntohs (mp->mtu), flags);
-
- /* *INDENT-OFF* */
- REPLY_MACRO2(VL_API_MAP_ADD_DOMAIN_REPLY,
- ({
- rmp->index = ntohl(index);
- }));
- /* *INDENT-ON* */
-}
-
-static void
-vl_api_map_del_domain_t_handler (vl_api_map_del_domain_t * mp)
-{
- vl_api_map_del_domain_reply_t *rmp;
- int rv = 0;
-
- rv = map_delete_domain (ntohl (mp->index));
-
- REPLY_MACRO (VL_API_MAP_DEL_DOMAIN_REPLY);
-}
-
-static void
-vl_api_map_add_del_rule_t_handler (vl_api_map_add_del_rule_t * mp)
-{
- vl_api_map_del_domain_reply_t *rmp;
- int rv = 0;
-
- rv =
- map_add_del_psid (ntohl (mp->index), ntohs (mp->psid),
- (ip6_address_t *) mp->ip6_dst, mp->is_add);
-
- REPLY_MACRO (VL_API_MAP_ADD_DEL_RULE_REPLY);
-}
-
-static void
-vl_api_map_domain_dump_t_handler (vl_api_map_domain_dump_t * mp)
-{
- vl_api_map_domain_details_t *rmp;
- map_main_t *mm = &map_main;
- map_domain_t *d;
- unix_shared_memory_queue_t *q;
-
- if (pool_elts (mm->domains) == 0)
- return;
-
- q = vl_api_client_index_to_input_queue (mp->client_index);
- if (q == 0)