#include <vnet/classify/flow_classify.h>
#include <vnet/mpls/mpls.h>
#include <vnet/ipsec/ipsec.h>
-#include <vnet/ipsec/ikev2.h>
#include <inttypes.h>
#include <vnet/cop/cop.h>
#include <vnet/ip/ip6_hop_by_hop.h>
return format (s, "%s", t);
}
-uword
-unformat_ikev2_auth_method (unformat_input_t * input, va_list * args)
-{
- u32 *r = va_arg (*args, u32 *);
-
- if (0);
-#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f;
- foreach_ikev2_auth_method
-#undef _
- else
- return 0;
- return 1;
-}
-
-uword
-unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
-{
- u32 *r = va_arg (*args, u32 *);
-
- if (0);
-#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f;
- foreach_ikev2_id_type
-#undef _
- else
- return 0;
- return 1;
-}
#else /* VPP_API_TEST_BUILTIN == 1 */
static uword
api_unformat_sw_if_index (unformat_input_t * input, va_list * args)
sub->sw_if_index = ntohl (mp->sw_if_index);
sub->sub_id = ntohl (mp->sub_id);
- sub->sub_dot1ad = mp->sub_dot1ad;
+ sub->raw_flags = ntohl (mp->sub_if_flags & SUB_IF_API_FLAG_MASK_VNET);
+
sub->sub_number_of_tags = mp->sub_number_of_tags;
sub->sub_outer_vlan_id = ntohs (mp->sub_outer_vlan_id);
sub->sub_inner_vlan_id = ntohs (mp->sub_inner_vlan_id);
- sub->sub_exact_match = mp->sub_exact_match;
- sub->sub_default = mp->sub_default;
- sub->sub_outer_vlan_id_any = mp->sub_outer_vlan_id_any;
- sub->sub_inner_vlan_id_any = mp->sub_inner_vlan_id_any;
/* vlan tag rewrite */
sub->vtr_op = ntohl (mp->vtr_op);
vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
vat_json_object_add_uint (node, "sup_sw_if_index",
ntohl (mp->sup_sw_if_index));
- vat_json_object_add_uint (node, "l2_address_length",
- ntohl (mp->l2_address_length));
vat_json_object_add_bytes (node, "l2_address", mp->l2_address,
sizeof (mp->l2_address));
vat_json_object_add_string_copy (node, "interface_name",
- mp->interface_name);
- vat_json_object_add_uint (node, "admin_up_down", mp->admin_up_down);
- vat_json_object_add_uint (node, "link_up_down", mp->link_up_down);
+ mp->interface_name.buf);
+ vat_json_object_add_uint (node, "flags", mp->flags);
vat_json_object_add_uint (node, "link_duplex", mp->link_duplex);
vat_json_object_add_uint (node, "link_speed", mp->link_speed);
vat_json_object_add_uint (node, "mtu", ntohs (mp->link_mtu));
vat_json_object_add_uint (node, "sub_id", ntohl (mp->sub_id));
- vat_json_object_add_uint (node, "sub_dot1ad", mp->sub_dot1ad);
vat_json_object_add_uint (node, "sub_number_of_tags",
mp->sub_number_of_tags);
vat_json_object_add_uint (node, "sub_outer_vlan_id",
ntohs (mp->sub_outer_vlan_id));
vat_json_object_add_uint (node, "sub_inner_vlan_id",
ntohs (mp->sub_inner_vlan_id));
- vat_json_object_add_uint (node, "sub_exact_match", mp->sub_exact_match);
- vat_json_object_add_uint (node, "sub_default", mp->sub_default);
- vat_json_object_add_uint (node, "sub_outer_vlan_id_any",
- mp->sub_outer_vlan_id_any);
- vat_json_object_add_uint (node, "sub_inner_vlan_id_any",
- mp->sub_inner_vlan_id_any);
+ vat_json_object_add_uint (node, "sub_if_flags", ntohl (mp->sub_if_flags));
vat_json_object_add_uint (node, "vtr_op", ntohl (mp->vtr_op));
vat_json_object_add_uint (node, "vtr_push_dot1q",
ntohl (mp->vtr_push_dot1q));
vat_json_object_add_uint (node, "vtr_tag1", ntohl (mp->vtr_tag1));
vat_json_object_add_uint (node, "vtr_tag2", ntohl (mp->vtr_tag2));
- if (mp->sub_dot1ah)
+ if (ntohl (mp->sub_if_flags) & SUB_IF_API_FLAG_DOT1AH)
{
vat_json_object_add_string_copy (node, "pbb_vtr_dmac",
format (0, "%U",
if (vam->interface_event_display)
errmsg ("interface flags: sw_if_index %d %s %s",
ntohl (mp->sw_if_index),
- mp->admin_up_down ? "admin-up" : "admin-down",
- mp->link_up_down ? "link-up" : "link-down");
+ ((ntohl (mp->flags)) & IF_STATUS_API_FLAG_ADMIN_UP) ?
+ "admin-up" : "admin-down",
+ ((ntohl (mp->flags)) & IF_STATUS_API_FLAG_LINK_UP) ?
+ "link-up" : "link-down");
}
#endif
_(ipsec_tunnel_if_add_del_reply) \
_(ipsec_tunnel_if_set_key_reply) \
_(ipsec_tunnel_if_set_sa_reply) \
-_(ikev2_profile_add_del_reply) \
-_(ikev2_profile_set_auth_reply) \
-_(ikev2_profile_set_id_reply) \
-_(ikev2_profile_set_ts_reply) \
-_(ikev2_set_local_key_reply) \
-_(ikev2_set_responder_reply) \
-_(ikev2_set_ike_transforms_reply) \
-_(ikev2_set_esp_transforms_reply) \
-_(ikev2_set_sa_lifetime_reply) \
-_(ikev2_initiate_sa_init_reply) \
-_(ikev2_initiate_del_ike_sa_reply) \
-_(ikev2_initiate_del_child_sa_reply) \
-_(ikev2_initiate_rekey_child_sa_reply) \
_(delete_loopback_reply) \
_(bd_ip_mac_add_del_reply) \
_(bd_ip_mac_flush_reply) \
_(IPSEC_TUNNEL_IF_ADD_DEL_REPLY, ipsec_tunnel_if_add_del_reply) \
_(IPSEC_TUNNEL_IF_SET_KEY_REPLY, ipsec_tunnel_if_set_key_reply) \
_(IPSEC_TUNNEL_IF_SET_SA_REPLY, ipsec_tunnel_if_set_sa_reply) \
-_(IKEV2_PROFILE_ADD_DEL_REPLY, ikev2_profile_add_del_reply) \
-_(IKEV2_PROFILE_SET_AUTH_REPLY, ikev2_profile_set_auth_reply) \
-_(IKEV2_PROFILE_SET_ID_REPLY, ikev2_profile_set_id_reply) \
-_(IKEV2_PROFILE_SET_TS_REPLY, ikev2_profile_set_ts_reply) \
-_(IKEV2_SET_LOCAL_KEY_REPLY, ikev2_set_local_key_reply) \
-_(IKEV2_SET_RESPONDER_REPLY, ikev2_set_responder_reply) \
-_(IKEV2_SET_IKE_TRANSFORMS_REPLY, ikev2_set_ike_transforms_reply) \
-_(IKEV2_SET_ESP_TRANSFORMS_REPLY, ikev2_set_esp_transforms_reply) \
-_(IKEV2_SET_SA_LIFETIME_REPLY, ikev2_set_sa_lifetime_reply) \
-_(IKEV2_INITIATE_SA_INIT_REPLY, ikev2_initiate_sa_init_reply) \
-_(IKEV2_INITIATE_DEL_IKE_SA_REPLY, ikev2_initiate_del_ike_sa_reply) \
-_(IKEV2_INITIATE_DEL_CHILD_SA_REPLY, ikev2_initiate_del_child_sa_reply) \
-_(IKEV2_INITIATE_REKEY_CHILD_SA_REPLY, ikev2_initiate_rekey_child_sa_reply) \
_(DELETE_LOOPBACK_REPLY, delete_loopback_reply) \
_(BD_IP_MAC_ADD_DEL_REPLY, bd_ip_mac_add_del_reply) \
_(BD_IP_MAC_FLUSH_REPLY, bd_ip_mac_flush_reply) \
/* Construct the API message */
M (SW_INTERFACE_SET_FLAGS, mp);
mp->sw_if_index = ntohl (sw_if_index);
- mp->admin_up_down = admin_up;
+ mp->flags = ntohl ((admin_up) ? IF_STATUS_API_FLAG_ADMIN_UP : 0);
/* send it... */
S (mp);
mp->del_all = del_all;
if (v6_address_set)
{
- mp->is_ipv6 = 1;
- clib_memcpy (mp->address, &v6address, sizeof (v6address));
+ mp->prefix.address.af = ADDRESS_IP6;
+ clib_memcpy (mp->prefix.address.un.ip6, &v6address, sizeof (v6address));
}
else
{
- clib_memcpy (mp->address, &v4address, sizeof (v4address));
+ mp->prefix.address.af = ADDRESS_IP4;
+ clib_memcpy (mp->prefix.address.un.ip4, &v4address, sizeof (v4address));
}
- mp->address_length = address_length;
+ mp->prefix.address_length = address_length;
/* send it... */
S (mp);
_(outer_vlan_id_any) \
_(inner_vlan_id_any)
+#define foreach_create_subif_flag \
+_(0, "no_tags") \
+_(1, "one_tag") \
+_(2, "two_tags") \
+_(3, "dot1ad") \
+_(4, "exact_match") \
+_(5, "default_sub") \
+_(6, "outer_vlan_id_any") \
+_(7, "inner_vlan_id_any")
+
static int
api_create_subif (vat_main_t * vam)
{
mp->sw_if_index = ntohl (sw_if_index);
mp->sub_id = ntohl (sub_id);
-#define _(a) mp->a = a;
- foreach_create_subif_bit;
+#define _(a,b) mp->sub_if_flags |= (1 << a);
+ foreach_create_subif_flag;
#undef _
mp->outer_vlan_id = ntohs (outer_vlan_id);
vat_main_t *vam = &vat_main;
print (vam->ofp, "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
- "crypto_key %U integ_alg %u integ_key %U use_esn %u "
- "use_anti_replay %u is_tunnel %u is_tunnel_ip6 %u "
+ "crypto_key %U integ_alg %u integ_key %U flags %x "
"tunnel_src_addr %U tunnel_dst_addr %U "
"salt %u seq_outbound %lu last_seq_inbound %lu "
- "replay_window %lu total_data_size %lu\n",
- ntohl (mp->sa_id), ntohl (mp->sw_if_index), ntohl (mp->spi),
- mp->protocol,
- mp->crypto_alg, format_hex_bytes, mp->crypto_key, mp->crypto_key_len,
- mp->integ_alg, format_hex_bytes, mp->integ_key, mp->integ_key_len,
- mp->use_esn, mp->use_anti_replay, mp->is_tunnel, mp->is_tunnel_ip6,
- (mp->is_tunnel_ip6) ? format_ip6_address : format_ip4_address,
- mp->tunnel_src_addr,
- (mp->is_tunnel_ip6) ? format_ip6_address : format_ip4_address,
- mp->tunnel_dst_addr,
- ntohl (mp->salt),
+ "replay_window %lu\n",
+ ntohl (mp->entry.sad_id),
+ ntohl (mp->sw_if_index),
+ ntohl (mp->entry.spi),
+ ntohl (mp->entry.protocol),
+ ntohl (mp->entry.crypto_algorithm),
+ format_hex_bytes, mp->entry.crypto_key.data,
+ mp->entry.crypto_key.length, ntohl (mp->entry.integrity_algorithm),
+ format_hex_bytes, mp->entry.integrity_key.data,
+ mp->entry.integrity_key.length, ntohl (mp->entry.flags),
+ format_vl_api_address, &mp->entry.tunnel_src, format_vl_api_address,
+ &mp->entry.tunnel_dst, ntohl (mp->salt),
clib_net_to_host_u64 (mp->seq_outbound),
clib_net_to_host_u64 (mp->last_seq_inbound),
- clib_net_to_host_u64 (mp->replay_window),
- clib_net_to_host_u64 (mp->total_data_size));
+ clib_net_to_host_u64 (mp->replay_window));
}
#define vl_api_ipsec_sa_details_t_endian vl_noop_handler
#define vl_api_ipsec_sa_details_t_print vl_noop_handler
+static void
+vat_json_object_add_address (vat_json_node_t * node,
+ const vl_api_address_t * addr)
+{
+ if (ADDRESS_IP6 == addr->af)
+ {
+ struct in6_addr ip6;
+
+ clib_memcpy (&ip6, &addr->un.ip6, sizeof (ip6));
+ vat_json_object_add_ip6 (node, "ip_address", ip6);
+ }
+ else
+ {
+ struct in_addr ip4;
+
+ clib_memcpy (&ip4, &addr->un.ip4, sizeof (ip4));
+ vat_json_object_add_ip4 (node, "ip_address", ip4);
+ }
+}
+
static void vl_api_ipsec_sa_details_t_handler_json
(vl_api_ipsec_sa_details_t * mp)
{
vat_main_t *vam = &vat_main;
vat_json_node_t *node = NULL;
- struct in_addr src_ip4, dst_ip4;
- struct in6_addr src_ip6, dst_ip6;
+ vl_api_ipsec_sad_flags_t flags;
if (VAT_JSON_ARRAY != vam->json_tree.type)
{
node = vat_json_array_add (&vam->json_tree);
vat_json_init_object (node);
- vat_json_object_add_uint (node, "sa_id", ntohl (mp->sa_id));
+ vat_json_object_add_uint (node, "sa_id", ntohl (mp->entry.sad_id));
vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
- vat_json_object_add_uint (node, "spi", ntohl (mp->spi));
- vat_json_object_add_uint (node, "proto", mp->protocol);
- vat_json_object_add_uint (node, "crypto_alg", mp->crypto_alg);
- vat_json_object_add_uint (node, "integ_alg", mp->integ_alg);
- vat_json_object_add_uint (node, "use_esn", mp->use_esn);
- vat_json_object_add_uint (node, "use_anti_replay", mp->use_anti_replay);
- vat_json_object_add_uint (node, "is_tunnel", mp->is_tunnel);
- vat_json_object_add_uint (node, "is_tunnel_ip6", mp->is_tunnel_ip6);
- vat_json_object_add_bytes (node, "crypto_key", mp->crypto_key,
- mp->crypto_key_len);
- vat_json_object_add_bytes (node, "integ_key", mp->integ_key,
- mp->integ_key_len);
- if (mp->is_tunnel_ip6)
- {
- clib_memcpy (&src_ip6, mp->tunnel_src_addr, sizeof (src_ip6));
- vat_json_object_add_ip6 (node, "tunnel_src_addr", src_ip6);
- clib_memcpy (&dst_ip6, mp->tunnel_dst_addr, sizeof (dst_ip6));
- vat_json_object_add_ip6 (node, "tunnel_dst_addr", dst_ip6);
- }
- else
- {
- clib_memcpy (&src_ip4, mp->tunnel_src_addr, sizeof (src_ip4));
- vat_json_object_add_ip4 (node, "tunnel_src_addr", src_ip4);
- clib_memcpy (&dst_ip4, mp->tunnel_dst_addr, sizeof (dst_ip4));
- vat_json_object_add_ip4 (node, "tunnel_dst_addr", dst_ip4);
- }
+ vat_json_object_add_uint (node, "spi", ntohl (mp->entry.spi));
+ vat_json_object_add_uint (node, "proto", ntohl (mp->entry.protocol));
+ vat_json_object_add_uint (node, "crypto_alg",
+ ntohl (mp->entry.crypto_algorithm));
+ vat_json_object_add_uint (node, "integ_alg",
+ ntohl (mp->entry.integrity_algorithm));
+ flags = ntohl (mp->entry.flags);
+ vat_json_object_add_uint (node, "use_esn",
+ ! !(flags &
+ IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM));
+ vat_json_object_add_uint (node, "use_anti_replay",
+ ! !(flags & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY));
+ vat_json_object_add_uint (node, "is_tunnel",
+ ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL));
+ vat_json_object_add_uint (node, "is_tunnel_ip6",
+ ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6));
+ vat_json_object_add_uint (node, "udp_encap",
+ ! !(flags & IPSEC_API_SAD_FLAG_UDP_ENCAP));
+ vat_json_object_add_bytes (node, "crypto_key", mp->entry.crypto_key.data,
+ mp->entry.crypto_key.length);
+ vat_json_object_add_bytes (node, "integ_key", mp->entry.integrity_key.data,
+ mp->entry.integrity_key.length);
+ vat_json_object_add_address (node, &mp->entry.tunnel_src);
+ vat_json_object_add_address (node, &mp->entry.tunnel_dst);
vat_json_object_add_uint (node, "replay_window",
clib_net_to_host_u64 (mp->replay_window));
- vat_json_object_add_uint (node, "total_data_size",
- clib_net_to_host_u64 (mp->total_data_size));
-
}
static int
}
static int
-api_ikev2_profile_add_del (vat_main_t * vam)
+api_get_first_msg_id (vat_main_t * vam)
{
+ vl_api_get_first_msg_id_t *mp;
unformat_input_t *i = vam->input;
- vl_api_ikev2_profile_add_del_t *mp;
- u8 is_add = 1;
- u8 *name = 0;
+ u8 *name;
+ u8 name_set = 0;
int ret;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "name %U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
+ if (unformat (i, "client %s", &name))
+ name_set = 1;
else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
+ break;
}
- if (!vec_len (name))
+ if (name_set == 0)
{
- errmsg ("profile name must be specified");
+ errmsg ("missing client name");
return -99;
}
+ vec_add1 (name, 0);
- if (vec_len (name) > 64)
+ if (vec_len (name) > 63)
{
- errmsg ("profile name too long");
+ errmsg ("client name too long");
return -99;
}
- M (IKEV2_PROFILE_ADD_DEL, mp);
-
+ M (GET_FIRST_MSG_ID, mp);
clib_memcpy (mp->name, name, vec_len (name));
- mp->is_add = is_add;
- vec_free (name);
-
S (mp);
W (ret);
return ret;
}
static int
-api_ikev2_profile_set_auth (vat_main_t * vam)
+api_cop_interface_enable_disable (vat_main_t * vam)
{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_profile_set_auth_t *mp;
- u8 *name = 0;
- u8 *data = 0;
- u32 auth_method = 0;
- u8 is_hex = 0;
+ unformat_input_t *line_input = vam->input;
+ vl_api_cop_interface_enable_disable_t *mp;
+ u32 sw_if_index = ~0;
+ u8 enable_disable = 1;
int ret;
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "name %U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else if (unformat (i, "auth_method %U",
- unformat_ikev2_auth_method, &auth_method))
+ if (unformat (line_input, "disable"))
+ enable_disable = 0;
+ if (unformat (line_input, "enable"))
+ enable_disable = 1;
+ else if (unformat (line_input, "%U", api_unformat_sw_if_index,
+ vam, &sw_if_index))
;
- else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data))
- is_hex = 1;
- else if (unformat (i, "auth_data %v", &data))
+ else if (unformat (line_input, "sw_if_index %d", &sw_if_index))
;
else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- if (!vec_len (data))
- {
- errmsg ("auth_data must be specified");
- return -99;
+ break;
}
- if (!auth_method)
+ if (sw_if_index == ~0)
{
- errmsg ("auth_method must be specified");
+ errmsg ("missing interface name or sw_if_index");
return -99;
}
- M (IKEV2_PROFILE_SET_AUTH, mp);
-
- mp->is_hex = is_hex;
- mp->auth_method = (u8) auth_method;
- mp->data_len = vec_len (data);
- clib_memcpy (mp->name, name, vec_len (name));
- clib_memcpy (mp->data, data, vec_len (data));
- vec_free (name);
- vec_free (data);
+ /* Construct the API message */
+ M (COP_INTERFACE_ENABLE_DISABLE, mp);
+ mp->sw_if_index = ntohl (sw_if_index);
+ mp->enable_disable = enable_disable;
+ /* send it... */
S (mp);
+ /* Wait for the reply */
W (ret);
return ret;
}
static int
-api_ikev2_profile_set_id (vat_main_t * vam)
+api_cop_whitelist_enable_disable (vat_main_t * vam)
{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_profile_set_id_t *mp;
- u8 *name = 0;
- u8 *data = 0;
- u8 is_local = 0;
- u32 id_type = 0;
- ip4_address_t ip4;
+ unformat_input_t *line_input = vam->input;
+ vl_api_cop_whitelist_enable_disable_t *mp;
+ u32 sw_if_index = ~0;
+ u8 ip4 = 0, ip6 = 0, default_cop = 0;
+ u32 fib_id = 0;
int ret;
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "name %U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else if (unformat (i, "id_type %U", unformat_ikev2_id_type, &id_type))
+ if (unformat (line_input, "ip4"))
+ ip4 = 1;
+ else if (unformat (line_input, "ip6"))
+ ip6 = 1;
+ else if (unformat (line_input, "default"))
+ default_cop = 1;
+ else if (unformat (line_input, "%U", api_unformat_sw_if_index,
+ vam, &sw_if_index))
;
- else if (unformat (i, "id_data %U", unformat_ip4_address, &ip4))
- {
- data = vec_new (u8, 4);
- clib_memcpy (data, ip4.as_u8, 4);
- }
- else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data))
+ else if (unformat (line_input, "sw_if_index %d", &sw_if_index))
;
- else if (unformat (i, "id_data %v", &data))
+ else if (unformat (line_input, "fib-id %d", &fib_id))
;
- else if (unformat (i, "local"))
- is_local = 1;
- else if (unformat (i, "remote"))
- is_local = 0;
else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- if (!vec_len (data))
- {
- errmsg ("id_data must be specified");
- return -99;
+ break;
}
- if (!id_type)
+ if (sw_if_index == ~0)
{
- errmsg ("id_type must be specified");
+ errmsg ("missing interface name or sw_if_index");
return -99;
}
- M (IKEV2_PROFILE_SET_ID, mp);
-
- mp->is_local = is_local;
- mp->id_type = (u8) id_type;
- mp->data_len = vec_len (data);
- clib_memcpy (mp->name, name, vec_len (name));
- clib_memcpy (mp->data, data, vec_len (data));
- vec_free (name);
- vec_free (data);
+ /* Construct the API message */
+ M (COP_WHITELIST_ENABLE_DISABLE, mp);
+ mp->sw_if_index = ntohl (sw_if_index);
+ mp->fib_id = ntohl (fib_id);
+ mp->ip4 = ip4;
+ mp->ip6 = ip6;
+ mp->default_cop = default_cop;
+ /* send it... */
S (mp);
+ /* Wait for the reply */
W (ret);
return ret;
}
static int
-api_ikev2_profile_set_ts (vat_main_t * vam)
+api_get_node_graph (vat_main_t * vam)
{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_profile_set_ts_t *mp;
- u8 *name = 0;
- u8 is_local = 0;
- u32 proto = 0, start_port = 0, end_port = (u32) ~ 0;
- ip4_address_t start_addr, end_addr;
-
- const char *valid_chars = "a-zA-Z0-9_";
+ vl_api_get_node_graph_t *mp;
int ret;
- start_addr.as_u32 = 0;
- end_addr.as_u32 = (u32) ~ 0;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "name %U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else if (unformat (i, "protocol %d", &proto))
- ;
- else if (unformat (i, "start_port %d", &start_port))
- ;
- else if (unformat (i, "end_port %d", &end_port))
- ;
- else
- if (unformat (i, "start_addr %U", unformat_ip4_address, &start_addr))
- ;
- else if (unformat (i, "end_addr %U", unformat_ip4_address, &end_addr))
- ;
- else if (unformat (i, "local"))
- is_local = 1;
- else if (unformat (i, "remote"))
- is_local = 0;
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- M (IKEV2_PROFILE_SET_TS, mp);
-
- mp->is_local = is_local;
- mp->proto = (u8) proto;
- mp->start_port = (u16) start_port;
- mp->end_port = (u16) end_port;
- mp->start_addr = start_addr.as_u32;
- mp->end_addr = end_addr.as_u32;
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
+ M (GET_NODE_GRAPH, mp);
+ /* send it... */
S (mp);
+ /* Wait for the reply */
W (ret);
return ret;
}
-static int
-api_ikev2_set_local_key (vat_main_t * vam)
+/* *INDENT-OFF* */
+/** Used for parsing LISP eids */
+typedef CLIB_PACKED(struct{
+ u8 addr[16]; /**< eid address */
+ u32 len; /**< prefix length if IP */
+ u8 type; /**< type of eid */
+}) lisp_eid_vat_t;
+/* *INDENT-ON* */
+
+static uword
+unformat_lisp_eid_vat (unformat_input_t * input, va_list * args)
{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_set_local_key_t *mp;
- u8 *file = 0;
- int ret;
+ lisp_eid_vat_t *a = va_arg (*args, lisp_eid_vat_t *);
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "file %v", &file))
- vec_add1 (file, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
+ clib_memset (a, 0, sizeof (a[0]));
- if (!vec_len (file))
+ if (unformat (input, "%U/%d", unformat_ip4_address, a->addr, &a->len))
{
- errmsg ("RSA key file must be specified");
- return -99;
+ a->type = 0; /* ipv4 type */
}
-
- if (vec_len (file) > 256)
- {
- errmsg ("file name too long");
- return -99;
- }
-
- M (IKEV2_SET_LOCAL_KEY, mp);
-
- clib_memcpy (mp->key_file, file, vec_len (file));
- vec_free (file);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_set_responder (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_set_responder_t *mp;
- int ret;
- u8 *name = 0;
- u32 sw_if_index = ~0;
- ip4_address_t address;
-
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat
- (i, "%U interface %d address %U", unformat_token, valid_chars,
- &name, &sw_if_index, unformat_ip4_address, &address))
- vec_add1 (name, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- M (IKEV2_SET_RESPONDER, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
-
- mp->sw_if_index = sw_if_index;
- clib_memcpy (mp->address, &address, sizeof (address));
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_set_ike_transforms (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_set_ike_transforms_t *mp;
- int ret;
- u8 *name = 0;
- u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
-
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
- &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
- vec_add1 (name, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- M (IKEV2_SET_IKE_TRANSFORMS, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
- mp->crypto_alg = crypto_alg;
- mp->crypto_key_size = crypto_key_size;
- mp->integ_alg = integ_alg;
- mp->dh_group = dh_group;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-
-static int
-api_ikev2_set_esp_transforms (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_set_esp_transforms_t *mp;
- int ret;
- u8 *name = 0;
- u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
-
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
- &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
- vec_add1 (name, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- M (IKEV2_SET_ESP_TRANSFORMS, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
- mp->crypto_alg = crypto_alg;
- mp->crypto_key_size = crypto_key_size;
- mp->integ_alg = integ_alg;
- mp->dh_group = dh_group;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_set_sa_lifetime (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_set_sa_lifetime_t *mp;
- int ret;
- u8 *name = 0;
- u64 lifetime, lifetime_maxdata;
- u32 lifetime_jitter, handover;
-
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name,
- &lifetime, &lifetime_jitter, &handover,
- &lifetime_maxdata))
- vec_add1 (name, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- M (IKEV2_SET_SA_LIFETIME, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
- mp->lifetime = lifetime;
- mp->lifetime_jitter = lifetime_jitter;
- mp->handover = handover;
- mp->lifetime_maxdata = lifetime_maxdata;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_initiate_sa_init (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_initiate_sa_init_t *mp;
- int ret;
- u8 *name = 0;
-
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- M (IKEV2_INITIATE_SA_INIT, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_initiate_del_ike_sa (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_initiate_del_ike_sa_t *mp;
- int ret;
- u64 ispi;
-
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%lx", &ispi))
- ;
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IKEV2_INITIATE_DEL_IKE_SA, mp);
-
- mp->ispi = ispi;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_initiate_del_child_sa (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_initiate_del_child_sa_t *mp;
- int ret;
- u32 ispi;
-
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%x", &ispi))
- ;
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IKEV2_INITIATE_DEL_CHILD_SA, mp);
-
- mp->ispi = ispi;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_initiate_rekey_child_sa (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_initiate_rekey_child_sa_t *mp;
- int ret;
- u32 ispi;
-
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%x", &ispi))
- ;
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IKEV2_INITIATE_REKEY_CHILD_SA, mp);
-
- mp->ispi = ispi;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_get_first_msg_id (vat_main_t * vam)
-{
- vl_api_get_first_msg_id_t *mp;
- unformat_input_t *i = vam->input;
- u8 *name;
- u8 name_set = 0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "client %s", &name))
- name_set = 1;
- else
- break;
- }
-
- if (name_set == 0)
- {
- errmsg ("missing client name");
- return -99;
- }
- vec_add1 (name, 0);
-
- if (vec_len (name) > 63)
- {
- errmsg ("client name too long");
- return -99;
- }
-
- M (GET_FIRST_MSG_ID, mp);
- clib_memcpy (mp->name, name, vec_len (name));
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_cop_interface_enable_disable (vat_main_t * vam)
-{
- unformat_input_t *line_input = vam->input;
- vl_api_cop_interface_enable_disable_t *mp;
- u32 sw_if_index = ~0;
- u8 enable_disable = 1;
- int ret;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "disable"))
- enable_disable = 0;
- if (unformat (line_input, "enable"))
- enable_disable = 1;
- else if (unformat (line_input, "%U", api_unformat_sw_if_index,
- vam, &sw_if_index))
- ;
- else if (unformat (line_input, "sw_if_index %d", &sw_if_index))
- ;
- else
- break;
- }
-
- if (sw_if_index == ~0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- /* Construct the API message */
- M (COP_INTERFACE_ENABLE_DISABLE, mp);
- mp->sw_if_index = ntohl (sw_if_index);
- mp->enable_disable = enable_disable;
-
- /* send it... */
- S (mp);
- /* Wait for the reply */
- W (ret);
- return ret;
-}
-
-static int
-api_cop_whitelist_enable_disable (vat_main_t * vam)
-{
- unformat_input_t *line_input = vam->input;
- vl_api_cop_whitelist_enable_disable_t *mp;
- u32 sw_if_index = ~0;
- u8 ip4 = 0, ip6 = 0, default_cop = 0;
- u32 fib_id = 0;
- int ret;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "ip4"))
- ip4 = 1;
- else if (unformat (line_input, "ip6"))
- ip6 = 1;
- else if (unformat (line_input, "default"))
- default_cop = 1;
- else if (unformat (line_input, "%U", api_unformat_sw_if_index,
- vam, &sw_if_index))
- ;
- else if (unformat (line_input, "sw_if_index %d", &sw_if_index))
- ;
- else if (unformat (line_input, "fib-id %d", &fib_id))
- ;
- else
- break;
- }
-
- if (sw_if_index == ~0)
- {
- errmsg ("missing interface name or sw_if_index");
- return -99;
- }
-
- /* Construct the API message */
- M (COP_WHITELIST_ENABLE_DISABLE, mp);
- mp->sw_if_index = ntohl (sw_if_index);
- mp->fib_id = ntohl (fib_id);
- mp->ip4 = ip4;
- mp->ip6 = ip6;
- mp->default_cop = default_cop;
-
- /* send it... */
- S (mp);
- /* Wait for the reply */
- W (ret);
- return ret;
-}
-
-static int
-api_get_node_graph (vat_main_t * vam)
-{
- vl_api_get_node_graph_t *mp;
- int ret;
-
- M (GET_NODE_GRAPH, mp);
-
- /* send it... */
- S (mp);
- /* Wait for the reply */
- W (ret);
- return ret;
-}
-
-/* *INDENT-OFF* */
-/** Used for parsing LISP eids */
-typedef CLIB_PACKED(struct{
- u8 addr[16]; /**< eid address */
- u32 len; /**< prefix length if IP */
- u8 type; /**< type of eid */
-}) lisp_eid_vat_t;
-/* *INDENT-ON* */
-
-static uword
-unformat_lisp_eid_vat (unformat_input_t * input, va_list * args)
-{
- lisp_eid_vat_t *a = va_arg (*args, lisp_eid_vat_t *);
-
- clib_memset (a, 0, sizeof (a[0]));
-
- if (unformat (input, "%U/%d", unformat_ip4_address, a->addr, &a->len))
- {
- a->type = 0; /* ipv4 type */
- }
- else if (unformat (input, "%U/%d", unformat_ip6_address, a->addr, &a->len))
+ else if (unformat (input, "%U/%d", unformat_ip6_address, a->addr, &a->len))
{
a->type = 1; /* ipv6 type */
}
vat_main_t *vam = &vat_main;
vat_json_node_t *node;
- struct in_addr ip4;
- struct in6_addr ip6;
if (VAT_JSON_ARRAY != vam->json_tree.type)
{
vat_json_object_add_string_copy (node, "link_layer",
format (0, "%U", format_vl_api_mac_address,
&mp->neighbor.mac_address));
-
- if (ADDRESS_IP6 == mp->neighbor.ip_address.af)
- {
- clib_memcpy (&ip6, &mp->neighbor.ip_address.un.ip6, sizeof (ip6));
- vat_json_object_add_ip6 (node, "ip_address", ip6);
- }
- else
- {
- clib_memcpy (&ip4, &mp->neighbor.ip_address.un.ip4, sizeof (ip4));
- vat_json_object_add_ip4 (node, "ip_address", ip4);
- }
+ vat_json_object_add_address (node, &mp->neighbor.ip_address);
}
static int
mp->sw_if_index = ntohl (sw_if_index);
mp->is_add = enable;
if (enable)
- strncpy ((char *) mp->tag, (char *) tag, ARRAY_LEN (mp->tag) - 1);
+ vl_api_to_api_string (strlen ((char *) tag), tag, &mp->tag);
vec_free (tag);
S (mp);
config[6].count = 128;
config[6].size = sizeof (uword);
- rv = vl_socket_client_init_shm (config);
+ rv = vl_socket_client_init_shm (config, 1 /* want_pthread */ );
if (!rv)
vam->client_index_invalid = 1;
return rv;
_(ipsec_tunnel_if_set_key, "<intfc> <local|remote> <crypto|integ>\n" \
" <alg> <hex>\n") \
_(ipsec_tunnel_if_set_sa, "<intfc> sa_id <n> <inbound|outbound>\n") \
-_(ikev2_profile_add_del, "name <profile_name> [del]") \
-_(ikev2_profile_set_auth, "name <profile_name> auth_method <method>\n" \
- "(auth_data 0x<data> | auth_data <data>)") \
-_(ikev2_profile_set_id, "name <profile_name> id_type <type>\n" \
- "(id_data 0x<data> | id_data <data>) (local|remote)") \
-_(ikev2_profile_set_ts, "name <profile_name> protocol <proto>\n" \
- "start_port <port> end_port <port> start_addr <ip4> end_addr <ip4>\n" \
- "(local|remote)") \
-_(ikev2_set_local_key, "file <absolute_file_path>") \
-_(ikev2_set_responder, "<profile_name> interface <interface> address <addr>") \
-_(ikev2_set_ike_transforms, "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>") \
-_(ikev2_set_esp_transforms, "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>") \
-_(ikev2_set_sa_lifetime, "<profile_name> <seconds> <jitter> <handover> <max bytes>") \
-_(ikev2_initiate_sa_init, "<profile_name>") \
-_(ikev2_initiate_del_ike_sa, "<ispi>") \
-_(ikev2_initiate_del_child_sa, "<ispi>") \
-_(ikev2_initiate_rekey_child_sa, "<ispi>") \
_(delete_loopback,"sw_if_index <nn>") \
_(bd_ip_mac_add_del, "bd_id <bridge-domain-id> <ip4/6-addr> <mac-addr> [del]") \
_(bd_ip_mac_flush, "bd_id <bridge-domain-id>") \