-out:
- REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_ENTRY_REPLY);
-}
-
-static void vl_api_ipsec_sad_add_del_entry_t_handler
- (vl_api_ipsec_sad_add_del_entry_t * mp)
-{
- vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
- vl_api_ipsec_sad_add_del_entry_reply_t *rmp;
- int rv;
-#if IPSEC > 0
- ipsec_sa_t sa;
-
- memset (&sa, 0, sizeof (sa));
-
- sa.id = ntohl (mp->sad_id);
- sa.spi = ntohl (mp->spi);
- /* security protocol AH unsupported */
- if (mp->protocol == IPSEC_PROTOCOL_AH)
- {
- clib_warning ("unsupported security protocol 'AH'");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- sa.protocol = mp->protocol;
- /* check for unsupported crypto-alg */
- if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
- {
- clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
- mp->crypto_algorithm);
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- sa.crypto_alg = mp->crypto_algorithm;
- sa.crypto_key_len = mp->crypto_key_length;
- clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
- /* check for unsupported integ-alg */
-#if DPDK_CRYPTO==1
- if (mp->integrity_algorithm < IPSEC_INTEG_ALG_NONE ||
-#else
- if (mp->integrity_algorithm < IPSEC_INTEG_ALG_SHA1_96 ||
-#endif
- mp->integrity_algorithm >= IPSEC_INTEG_N_ALG)
- {
- clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg,
- mp->integrity_algorithm);
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
-
-#if DPDK_CRYPTO==1
- /*Special cases, aes-gcm-128 encryption */
- if (mp->crypto_algorithm == IPSEC_CRYPTO_ALG_AES_GCM_128)
- {
- if (mp->integrity_algorithm != IPSEC_INTEG_ALG_NONE
- && mp->integrity_algorithm != IPSEC_INTEG_ALG_AES_GCM_128)
- {
- clib_warning
- ("unsupported: aes-gcm-128 crypto-alg needs none as integ-alg");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- else /*set integ-alg internally to aes-gcm-128 */
- mp->integrity_algorithm = IPSEC_INTEG_ALG_AES_GCM_128;
- }
- else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_AES_GCM_128)
- {
- clib_warning ("unsupported integ-alg: aes-gcm-128");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
- else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_NONE)
- {
- clib_warning ("unsupported integ-alg: none");
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
- }
-#endif
-
- sa.integ_alg = mp->integrity_algorithm;
- sa.integ_key_len = mp->integrity_key_length;
- clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
- sa.use_esn = mp->use_extended_sequence_number;
- sa.is_tunnel = mp->is_tunnel;
- sa.is_tunnel_ip6 = mp->is_tunnel_ipv6;
- if (sa.is_tunnel_ip6)
- {
- clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16);
- clib_memcpy (&sa.tunnel_dst_addr, mp->tunnel_dst_address, 16);
- }
- else
- {
- clib_memcpy (&sa.tunnel_src_addr.ip4.data, mp->tunnel_src_address, 4);
- clib_memcpy (&sa.tunnel_dst_addr.ip4.data, mp->tunnel_dst_address, 4);
- }
-
- rv = ipsec_add_del_sa (vm, &sa, mp->is_add);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
-#endif
-
-out:
- REPLY_MACRO (VL_API_IPSEC_SAD_ADD_DEL_ENTRY_REPLY);
-}
-
-static void
-vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp)
-{
- vl_api_ikev2_profile_add_del_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
- u8 *tmp = format (0, "%s", mp->name);
- error = ikev2_add_del_profile (vm, tmp, mp->is_add);
- vec_free (tmp);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_PROFILE_ADD_DEL_REPLY);
-}
-
-static void
- vl_api_ikev2_profile_set_auth_t_handler
- (vl_api_ikev2_profile_set_auth_t * mp)
-{
- vl_api_ikev2_profile_set_auth_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
- u8 *tmp = format (0, "%s", mp->name);
- u8 *data = vec_new (u8, mp->data_len);
- clib_memcpy (data, mp->data, mp->data_len);
- error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
- vec_free (tmp);
- vec_free (data);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_AUTH_REPLY);
-}
-
-static void
-vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp)
-{
- vl_api_ikev2_profile_add_del_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
- u8 *tmp = format (0, "%s", mp->name);
- u8 *data = vec_new (u8, mp->data_len);
- clib_memcpy (data, mp->data, mp->data_len);
- error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
- vec_free (tmp);
- vec_free (data);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY);
-}
-
-static void
-vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp)
-{
- vl_api_ikev2_profile_set_ts_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
- u8 *tmp = format (0, "%s", mp->name);
- error = ikev2_set_profile_ts (vm, tmp, mp->proto, mp->start_port,
- mp->end_port, (ip4_address_t) mp->start_addr,
- (ip4_address_t) mp->end_addr, mp->is_local);
- vec_free (tmp);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_TS_REPLY);
-}
-
-static void
-vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp)
-{
- vl_api_ikev2_profile_set_ts_reply_t *rmp;
- int rv = 0;
-
-#if IPSEC > 0
- vlib_main_t *vm = vlib_get_main ();
- clib_error_t *error;
-
- error = ikev2_set_local_key (vm, mp->key_file);
- if (error)
- rv = VNET_API_ERROR_UNSPECIFIED;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
-}
-
-static void
-vl_api_ipsec_sa_set_key_t_handler (vl_api_ipsec_sa_set_key_t * mp)
-{
- vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
- vl_api_ipsec_sa_set_key_reply_t *rmp;
- int rv;
-#if IPSEC > 0
- ipsec_sa_t sa;
- sa.id = ntohl (mp->sa_id);
- sa.crypto_key_len = mp->crypto_key_length;
- clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
- sa.integ_key_len = mp->integrity_key_length;
- clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
-
- rv = ipsec_set_sa_key (vm, &sa);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
- REPLY_MACRO (VL_API_IPSEC_SA_SET_KEY_REPLY);
-}
-
-static void vl_api_cop_interface_enable_disable_t_handler
- (vl_api_cop_interface_enable_disable_t * mp)
-{
- vl_api_cop_interface_enable_disable_reply_t *rmp;
- int rv;
- u32 sw_if_index = ntohl (mp->sw_if_index);
- int enable_disable;
-
- VALIDATE_SW_IF_INDEX (mp);
-
- enable_disable = (int) mp->enable_disable;
-
- rv = cop_interface_enable_disable (sw_if_index, enable_disable);
-
- BAD_SW_IF_INDEX_LABEL;
-
- REPLY_MACRO (VL_API_COP_INTERFACE_ENABLE_DISABLE_REPLY);
-}
-
-static void vl_api_cop_whitelist_enable_disable_t_handler
- (vl_api_cop_whitelist_enable_disable_t * mp)
-{
- vl_api_cop_whitelist_enable_disable_reply_t *rmp;
- cop_whitelist_enable_disable_args_t _a, *a = &_a;
- u32 sw_if_index = ntohl (mp->sw_if_index);
- int rv;
-
- VALIDATE_SW_IF_INDEX (mp);
-
- a->sw_if_index = sw_if_index;
- a->ip4 = mp->ip4;
- a->ip6 = mp->ip6;
- a->default_cop = mp->default_cop;
- a->fib_id = ntohl (mp->fib_id);
-
- rv = cop_whitelist_enable_disable (a);
-
- BAD_SW_IF_INDEX_LABEL;
-
- REPLY_MACRO (VL_API_COP_WHITELIST_ENABLE_DISABLE_REPLY);
-}
-
-static void
-vl_api_get_node_graph_t_handler (vl_api_get_node_graph_t * mp)
-{
- int rv = 0;
- u8 *vector = 0;
- api_main_t *am = &api_main;
- vlib_main_t *vm = vlib_get_main ();
- void *oldheap;
- vl_api_get_node_graph_reply_t *rmp;
-
- pthread_mutex_lock (&am->vlib_rp->mutex);
- oldheap = svm_push_data_heap (am->vlib_rp);
-
- /*
- * Keep the number of memcpy ops to a minimum (e.g. 1).
- */
- vec_validate (vector, 16384);
- vec_reset_length (vector);
-
- /* $$$$ FIXME */
- vector = vlib_node_serialize (&vm->node_main, vector,
- (u32) ~ 0 /* all threads */ ,
- 1 /* include nexts */ ,
- 1 /* include stats */ );
-
- svm_pop_heap (oldheap);
- pthread_mutex_unlock (&am->vlib_rp->mutex);
-
- /* *INDENT-OFF* */
- REPLY_MACRO2(VL_API_GET_NODE_GRAPH_REPLY,
- ({
- rmp->reply_in_shmem = (uword) vector;
- }));
- /* *INDENT-ON* */