#endif /* VPP_API_TEST_BUILTIN */
-uword
-unformat_ipsec_api_crypto_alg (unformat_input_t * input, va_list * args)
-{
- u32 *r = va_arg (*args, u32 *);
-
- if (0);
-#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_API_CRYPTO_ALG_##f;
- foreach_ipsec_crypto_alg
-#undef _
- else
- return 0;
- return 1;
-}
-
-uword
-unformat_ipsec_api_integ_alg (unformat_input_t * input, va_list * args)
-{
- u32 *r = va_arg (*args, u32 *);
-
- if (0);
-#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_API_INTEG_ALG_##f;
- foreach_ipsec_integ_alg
-#undef _
- else
- return 0;
- return 1;
-}
-
#if (VPP_API_TEST_BUILTIN==0)
static const char *mfib_flag_names[] = MFIB_ENTRY_NAMES_SHORT;
_(modify_vhost_user_if_v2_reply) \
_(delete_vhost_user_if_reply) \
_(want_l2_macs_events_reply) \
-_(ipsec_spd_add_del_reply) \
-_(ipsec_interface_add_del_spd_reply) \
-_(ipsec_spd_entry_add_del_reply) \
-_(ipsec_sad_entry_add_del_reply) \
_(delete_loopback_reply) \
_(bd_ip_mac_add_del_reply) \
_(bd_ip_mac_flush_reply) \
_(L2_MACS_EVENT, l2_macs_event) \
_(IP_ADDRESS_DETAILS, ip_address_details) \
_(IP_DETAILS, ip_details) \
-_(IPSEC_SPD_ADD_DEL_REPLY, ipsec_spd_add_del_reply) \
-_(IPSEC_INTERFACE_ADD_DEL_SPD_REPLY, ipsec_interface_add_del_spd_reply) \
-_(IPSEC_SPD_ENTRY_ADD_DEL_REPLY, ipsec_spd_entry_add_del_reply) \
-_(IPSEC_SAD_ENTRY_ADD_DEL_REPLY, ipsec_sad_entry_add_del_reply) \
-_(IPSEC_SA_DETAILS, ipsec_sa_details) \
_(DELETE_LOOPBACK_REPLY, delete_loopback_reply) \
_(BD_IP_MAC_ADD_DEL_REPLY, bd_ip_mac_add_del_reply) \
_(BD_IP_MAC_FLUSH_REPLY, bd_ip_mac_flush_reply) \
return ret;
}
-static int
-api_ipsec_spd_add_del (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_spd_add_del_t *mp;
- u32 spd_id = ~0;
- u8 is_add = 1;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "spd_id %d", &spd_id))
- ;
- else if (unformat (i, "del"))
- is_add = 0;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
- if (spd_id == ~0)
- {
- errmsg ("spd_id must be set");
- return -99;
- }
-
- M (IPSEC_SPD_ADD_DEL, mp);
-
- mp->spd_id = ntohl (spd_id);
- mp->is_add = is_add;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_interface_add_del_spd (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_interface_add_del_spd_t *mp;
- u32 sw_if_index;
- u8 sw_if_index_set = 0;
- u32 spd_id = (u32) ~ 0;
- u8 is_add = 1;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "spd_id %d", &spd_id))
- ;
- else
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- sw_if_index_set = 1;
- else if (unformat (i, "sw_if_index %d", &sw_if_index))
- sw_if_index_set = 1;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- if (spd_id == (u32) ~ 0)
- {
- errmsg ("spd_id must be set");
- return -99;
- }
-
- if (sw_if_index_set == 0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- M (IPSEC_INTERFACE_ADD_DEL_SPD, mp);
-
- mp->spd_id = ntohl (spd_id);
- mp->sw_if_index = ntohl (sw_if_index);
- mp->is_add = is_add;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_spd_entry_add_del (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_spd_entry_add_del_t *mp;
- u8 is_add = 1, is_outbound = 0;
- u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0;
- i32 priority = 0;
- u32 rport_start = 0, rport_stop = (u32) ~ 0;
- u32 lport_start = 0, lport_stop = (u32) ~ 0;
- vl_api_address_t laddr_start = { }, laddr_stop =
- {
- }, raddr_start =
- {
- }, raddr_stop =
- {
- };
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- if (unformat (i, "outbound"))
- is_outbound = 1;
- if (unformat (i, "inbound"))
- is_outbound = 0;
- else if (unformat (i, "spd_id %d", &spd_id))
- ;
- else if (unformat (i, "sa_id %d", &sa_id))
- ;
- else if (unformat (i, "priority %d", &priority))
- ;
- else if (unformat (i, "protocol %d", &protocol))
- ;
- else if (unformat (i, "lport_start %d", &lport_start))
- ;
- else if (unformat (i, "lport_stop %d", &lport_stop))
- ;
- else if (unformat (i, "rport_start %d", &rport_start))
- ;
- else if (unformat (i, "rport_stop %d", &rport_stop))
- ;
- else if (unformat (i, "laddr_start %U",
- unformat_vl_api_address, &laddr_start))
- ;
- else if (unformat (i, "laddr_stop %U", unformat_vl_api_address,
- &laddr_stop))
- ;
- else if (unformat (i, "raddr_start %U", unformat_vl_api_address,
- &raddr_start))
- ;
- else if (unformat (i, "raddr_stop %U", unformat_vl_api_address,
- &raddr_stop))
- ;
- else
- if (unformat (i, "action %U", unformat_ipsec_policy_action, &policy))
- {
- if (policy == IPSEC_POLICY_ACTION_RESOLVE)
- {
- clib_warning ("unsupported action: 'resolve'");
- return -99;
- }
- }
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- M (IPSEC_SPD_ENTRY_ADD_DEL, mp);
-
- mp->is_add = is_add;
-
- mp->entry.spd_id = ntohl (spd_id);
- mp->entry.priority = ntohl (priority);
- mp->entry.is_outbound = is_outbound;
-
- clib_memcpy (&mp->entry.remote_address_start, &raddr_start,
- sizeof (vl_api_address_t));
- clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop,
- sizeof (vl_api_address_t));
- clib_memcpy (&mp->entry.local_address_start, &laddr_start,
- sizeof (vl_api_address_t));
- clib_memcpy (&mp->entry.local_address_stop, &laddr_stop,
- sizeof (vl_api_address_t));
-
- mp->entry.protocol = (u8) protocol;
- mp->entry.local_port_start = ntohs ((u16) lport_start);
- mp->entry.local_port_stop = ntohs ((u16) lport_stop);
- mp->entry.remote_port_start = ntohs ((u16) rport_start);
- mp->entry.remote_port_stop = ntohs ((u16) rport_stop);
- mp->entry.policy = (u8) policy;
- mp->entry.sa_id = ntohl (sa_id);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_sad_entry_add_del (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_sad_entry_add_del_t *mp;
- u32 sad_id = 0, spi = 0;
- u8 *ck = 0, *ik = 0;
- u8 is_add = 1;
-
- vl_api_ipsec_crypto_alg_t crypto_alg = IPSEC_API_CRYPTO_ALG_NONE;
- vl_api_ipsec_integ_alg_t integ_alg = IPSEC_API_INTEG_ALG_NONE;
- vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
- vl_api_ipsec_proto_t protocol = IPSEC_API_PROTO_AH;
- vl_api_address_t tun_src, tun_dst;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "sad_id %d", &sad_id))
- ;
- else if (unformat (i, "spi %d", &spi))
- ;
- else if (unformat (i, "esp"))
- protocol = IPSEC_API_PROTO_ESP;
- else
- if (unformat (i, "tunnel_src %U", unformat_vl_api_address, &tun_src))
- {
- flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
- if (ADDRESS_IP6 == tun_src.af)
- flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
- }
- else
- if (unformat (i, "tunnel_dst %U", unformat_vl_api_address, &tun_dst))
- {
- flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
- if (ADDRESS_IP6 == tun_src.af)
- flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
- }
- else
- if (unformat (i, "crypto_alg %U",
- unformat_ipsec_api_crypto_alg, &crypto_alg))
- ;
- else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
- ;
- else if (unformat (i, "integ_alg %U",
- unformat_ipsec_api_integ_alg, &integ_alg))
- ;
- else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
-
- }
-
- M (IPSEC_SAD_ENTRY_ADD_DEL, mp);
-
- mp->is_add = is_add;
- mp->entry.sad_id = ntohl (sad_id);
- mp->entry.protocol = protocol;
- mp->entry.spi = ntohl (spi);
- mp->entry.flags = flags;
-
- mp->entry.crypto_algorithm = crypto_alg;
- mp->entry.integrity_algorithm = integ_alg;
- mp->entry.crypto_key.length = vec_len (ck);
- mp->entry.integrity_key.length = vec_len (ik);
-
- if (mp->entry.crypto_key.length > sizeof (mp->entry.crypto_key.data))
- mp->entry.crypto_key.length = sizeof (mp->entry.crypto_key.data);
-
- if (mp->entry.integrity_key.length > sizeof (mp->entry.integrity_key.data))
- mp->entry.integrity_key.length = sizeof (mp->entry.integrity_key.data);
-
- if (ck)
- clib_memcpy (mp->entry.crypto_key.data, ck, mp->entry.crypto_key.length);
- if (ik)
- clib_memcpy (mp->entry.integrity_key.data, ik,
- mp->entry.integrity_key.length);
-
- if (flags & IPSEC_API_SAD_FLAG_IS_TUNNEL)
- {
- clib_memcpy (&mp->entry.tunnel_src, &tun_src,
- sizeof (mp->entry.tunnel_src));
- clib_memcpy (&mp->entry.tunnel_dst, &tun_dst,
- sizeof (mp->entry.tunnel_dst));
- }
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static void
-vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
-
- print (vam->ofp, "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
- "crypto_key %U integ_alg %u integ_key %U flags %x "
- "tunnel_src_addr %U tunnel_dst_addr %U "
- "salt %u seq_outbound %lu last_seq_inbound %lu "
- "replay_window %lu stat_index %u\n",
- ntohl (mp->entry.sad_id),
- ntohl (mp->sw_if_index),
- ntohl (mp->entry.spi),
- ntohl (mp->entry.protocol),
- ntohl (mp->entry.crypto_algorithm),
- format_hex_bytes, mp->entry.crypto_key.data,
- mp->entry.crypto_key.length, ntohl (mp->entry.integrity_algorithm),
- format_hex_bytes, mp->entry.integrity_key.data,
- mp->entry.integrity_key.length, ntohl (mp->entry.flags),
- format_vl_api_address, &mp->entry.tunnel_src, format_vl_api_address,
- &mp->entry.tunnel_dst, ntohl (mp->salt),
- clib_net_to_host_u64 (mp->seq_outbound),
- clib_net_to_host_u64 (mp->last_seq_inbound),
- clib_net_to_host_u64 (mp->replay_window), ntohl (mp->stat_index));
-}
-
-#define vl_api_ipsec_sa_details_t_endian vl_noop_handler
-#define vl_api_ipsec_sa_details_t_print vl_noop_handler
-
-static void vl_api_ipsec_sa_details_t_handler_json
- (vl_api_ipsec_sa_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
- vat_json_node_t *node = NULL;
- vl_api_ipsec_sad_flags_t flags;
-
- if (VAT_JSON_ARRAY != vam->json_tree.type)
- {
- ASSERT (VAT_JSON_NONE == vam->json_tree.type);
- vat_json_init_array (&vam->json_tree);
- }
- node = vat_json_array_add (&vam->json_tree);
-
- vat_json_init_object (node);
- vat_json_object_add_uint (node, "sa_id", ntohl (mp->entry.sad_id));
- vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
- vat_json_object_add_uint (node, "spi", ntohl (mp->entry.spi));
- vat_json_object_add_uint (node, "proto", ntohl (mp->entry.protocol));
- vat_json_object_add_uint (node, "crypto_alg",
- ntohl (mp->entry.crypto_algorithm));
- vat_json_object_add_uint (node, "integ_alg",
- ntohl (mp->entry.integrity_algorithm));
- flags = ntohl (mp->entry.flags);
- vat_json_object_add_uint (node, "use_esn",
- ! !(flags & IPSEC_API_SAD_FLAG_USE_ESN));
- vat_json_object_add_uint (node, "use_anti_replay",
- ! !(flags & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY));
- vat_json_object_add_uint (node, "is_tunnel",
- ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL));
- vat_json_object_add_uint (node, "is_tunnel_ip6",
- ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6));
- vat_json_object_add_uint (node, "udp_encap",
- ! !(flags & IPSEC_API_SAD_FLAG_UDP_ENCAP));
- vat_json_object_add_bytes (node, "crypto_key", mp->entry.crypto_key.data,
- mp->entry.crypto_key.length);
- vat_json_object_add_bytes (node, "integ_key", mp->entry.integrity_key.data,
- mp->entry.integrity_key.length);
- vat_json_object_add_address (node, "src", &mp->entry.tunnel_src);
- vat_json_object_add_address (node, "dst", &mp->entry.tunnel_dst);
- vat_json_object_add_uint (node, "replay_window",
- clib_net_to_host_u64 (mp->replay_window));
- vat_json_object_add_uint (node, "stat_index", ntohl (mp->stat_index));
-}
-
-static int
-api_ipsec_sa_dump (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_sa_dump_t *mp;
- vl_api_control_ping_t *mp_ping;
- u32 sa_id = ~0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "sa_id %d", &sa_id))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IPSEC_SA_DUMP, mp);
-
- mp->sa_id = ntohl (sa_id);
-
- S (mp);
-
- /* Use a control ping for synchronization */
- M (CONTROL_PING, mp_ping);
- S (mp_ping);
-
- W (ret);
- return ret;
-}
-
static int
api_get_first_msg_id (vat_main_t * vam)
{
_(want_l2_macs_events, "[disable] [learn-limit <n>] [scan-delay <n>] [max-entries <n>]") \
_(ip_address_dump, "(ipv4 | ipv6) (<intfc> | sw_if_index <id>)") \
_(ip_dump, "ipv4 | ipv6") \
-_(ipsec_spd_add_del, "spd_id <n> [del]") \
-_(ipsec_interface_add_del_spd, "(<intfc> | sw_if_index <id>)\n" \
- " spid_id <n> ") \
-_(ipsec_sad_entry_add_del, "sad_id <n> spi <n> crypto_alg <alg>\n" \
- " crypto_key <hex> tunnel_src <ip4|ip6> tunnel_dst <ip4|ip6>\n" \
- " integ_alg <alg> integ_key <hex>") \
-_(ipsec_spd_entry_add_del, "spd_id <n> priority <n> action <action>\n" \
- " (inbound|outbound) [sa_id <n>] laddr_start <ip4|ip6>\n" \
- " laddr_stop <ip4|ip6> raddr_start <ip4|ip6> raddr_stop <ip4|ip6>\n" \
- " [lport_start <n> lport_stop <n>] [rport_start <n> rport_stop <n>]" ) \
-_(ipsec_sa_dump, "[sa_id <n>]") \
_(delete_loopback,"sw_if_index <nn>") \
_(bd_ip_mac_add_del, "bd_id <bridge-domain-id> <ip4/6-addr> <mac-addr> [del]") \
_(bd_ip_mac_flush, "bd_id <bridge-domain-id>") \
Code Review / vpp.git / blobdiff