#include <vnet/vnet_msg_enum.h>
-#if WITH_LIBSSL > 0
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/ipsec_tun.h>
#include <vnet/ipsec/ipsec_itf.h>
-#endif /* IPSEC */
#define vl_typedefs /* define message structures */
#include <vnet/vnet_all_api_h.h>
static void
vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp)
{
-#if WITH_LIBSSL == 0
- clib_warning ("unimplemented");
-#else
-
vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
vl_api_ipsec_spd_add_del_reply_t *rmp;
int rv;
rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
-#endif
}
static void vl_api_ipsec_interface_add_del_spd_t_handler
VALIDATE_SW_IF_INDEX (mp);
-#if WITH_LIBSSL > 0
rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
BAD_SW_IF_INDEX_LABEL;
VALIDATE_SW_IF_INDEX (&(mp->tunnel));
-#if WITH_LIBSSL > 0
-
for (ii = 0; ii < mp->tunnel.n_sa_in; ii++)
vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii]));
rv = ipsec_tun_protect_update (sw_if_index, &nh,
ntohl (mp->tunnel.sa_out), sa_ins);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
BAD_SW_IF_INDEX_LABEL;
VALIDATE_SW_IF_INDEX (mp);
-#if WITH_LIBSSL > 0
ip_address_decode2 (&mp->nh, &nh);
rv = ipsec_tun_protect_del (sw_if_index, &nh);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
BAD_SW_IF_INDEX_LABEL;
vl_api_registration_t *reg;
u32 sw_if_index;
-#if WITH_LIBSSL > 0
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
ipsec_tun_protect_walk_itf (sw_if_index,
send_ipsec_tunnel_protect_details, &ctx);
}
-#else
- clib_warning ("unimplemented");
-#endif
}
static int
stat_index = ~0;
-#if WITH_LIBSSL > 0
ipsec_policy_t p;
clib_memset (&p, 0, sizeof (p));
if (rv)
goto out;
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
- goto out;
-#endif
-
out:
/* *INDENT-OFF* */
REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY,
};
int rv;
-#if WITH_LIBSSL > 0
-
id = ntohl (mp->entry.sad_id);
spi = ntohl (mp->entry.spi);
else
rv = ipsec_sa_unlock_id (id);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
out:
/* *INDENT-OFF* */
REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY,
.t_hop_limit = 255,
};
-#if WITH_LIBSSL > 0
-
id = ntohl (mp->entry.sad_id);
spi = ntohl (mp->entry.spi);
else
rv = ipsec_sa_unlock_id (id);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
out:
/* *INDENT-OFF* */
REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V2_REPLY,
tunnel_t tun;
int rv;
-#if WITH_LIBSSL > 0
-
id = ntohl (mp->entry.sad_id);
spi = ntohl (mp->entry.spi);
else
rv = ipsec_sa_unlock_id (id);
-#else
- rv = VNET_API_ERROR_UNIMPLEMENTED;
-#endif
-
out:
REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V3_REPLY,
{ rmp->stat_index = htonl (sa_index); });
vl_api_registration_t *reg;
ipsec_main_t *im = &ipsec_main;
ipsec_spd_t *spd;
-#if WITH_LIBSSL > 0
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
- /* *INDENT-OFF* */
pool_foreach (spd, im->spds) {
send_ipsec_spds_details (spd, reg, mp->context);
}
- /* *INDENT-ON* */
-#else
- clib_warning ("unimplemented");
-#endif
}
vl_api_ipsec_spd_action_t
ipsec_spd_t *spd;
uword *p;
u32 spd_index, *ii;
-#if WITH_LIBSSL > 0
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
spd_index = p[0];
spd = pool_elt_at_index (im->spds, spd_index);
- /* *INDENT-OFF* */
FOR_EACH_IPSEC_SPD_POLICY_TYPE(ptype) {
vec_foreach(ii, spd->policies[ptype])
{
send_ipsec_spd_details (policy, reg, mp->context);
}
}
- /* *INDENT-ON* */
-#else
- clib_warning ("unimplemented");
-#endif
}
static void
vl_api_registration_t *reg;
u32 k, v, spd_index;
-#if WITH_LIBSSL > 0
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
}
else
{
- /* *INDENT-OFF* */
hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
send_ipsec_spd_interface_details(reg, v, k, mp->context);
}));
- /* *INDENT-ON* */
}
-
-#else
- clib_warning ("unimplemented");
-#endif
}
static void
ctx->sw_if_index = itp->itp_sw_if_index;
return (WALK_STOP);
}
- /* *INDENT-OFF* */
+
FOR_EACH_IPSEC_PROTECT_INPUT_SAI (itp, sai,
({
if (sai == ctx->sai)
return (WALK_STOP);
}
}));
- /* *INDENT-OFF* */
return (WALK_CONTINUE);
}
{
ipsec_dump_walk_ctx_t *ctx = arg;
vl_api_ipsec_sa_details_t *mp;
- ipsec_main_t *im = &ipsec_main;
mp = vl_msg_api_alloc (sizeof (*mp));
clib_memset (mp, 0, sizeof (*mp));
if (ipsec_sa_is_set_IS_PROTECT (sa))
{
ipsec_sa_dump_match_ctx_t ctx = {
- .sai = sa - im->sad,
- .sw_if_index = ~0,
+ .sai = sa - ipsec_sa_pool,
+ .sw_if_index = ~0,
};
ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
{
vl_api_registration_t *reg;
-#if WITH_LIBSSL > 0
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
};
ipsec_sa_walk (send_ipsec_sa_details, &ctx);
-
-#else
- clib_warning ("unimplemented");
-#endif
}
static walk_rc_t
{
ipsec_dump_walk_ctx_t *ctx = arg;
vl_api_ipsec_sa_v2_details_t *mp;
- ipsec_main_t *im = &ipsec_main;
mp = vl_msg_api_alloc (sizeof (*mp));
clib_memset (mp, 0, sizeof (*mp));
if (ipsec_sa_is_set_IS_PROTECT (sa))
{
ipsec_sa_dump_match_ctx_t ctx = {
- .sai = sa - im->sad,
- .sw_if_index = ~0,
+ .sai = sa - ipsec_sa_pool,
+ .sw_if_index = ~0,
};
ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
{
vl_api_registration_t *reg;
-#if WITH_LIBSSL > 0
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
};
ipsec_sa_walk (send_ipsec_sa_v2_details, &ctx);
-
-#else
- clib_warning ("unimplemented");
-#endif
}
static walk_rc_t
{
ipsec_dump_walk_ctx_t *ctx = arg;
vl_api_ipsec_sa_v3_details_t *mp;
- ipsec_main_t *im = &ipsec_main;
mp = vl_msg_api_alloc (sizeof (*mp));
clib_memset (mp, 0, sizeof (*mp));
if (ipsec_sa_is_set_IS_PROTECT (sa))
{
ipsec_sa_dump_match_ctx_t ctx = {
- .sai = sa - im->sad,
+ .sai = sa - ipsec_sa_pool,
.sw_if_index = ~0,
};
ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
{
vl_api_registration_t *reg;
-#if WITH_LIBSSL > 0
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
};
ipsec_sa_walk (send_ipsec_sa_v3_details, &ctx);
-
-#else
- clib_warning ("unimplemented");
-#endif
}
static void
vl_api_ipsec_select_backend_reply_t *rmp;
ipsec_protocol_t protocol;
int rv = 0;
- if (pool_elts (im->sad) > 0)
+ if (pool_elts (ipsec_sa_pool) > 0)
{
rv = VNET_API_ERROR_INSTANCE_IN_USE;
goto done;
if (rv)
goto done;
-#if WITH_LIBSSL > 0
switch (protocol)
{
case IPSEC_PROTOCOL_ESP:
rv = VNET_API_ERROR_INVALID_PROTOCOL;
break;
}
-#else
- clib_warning ("unimplemented"); /* FIXME */
-#endif
done:
REPLY_MACRO (VL_API_IPSEC_SELECT_BACKEND_REPLY);
}
vl_api_ipsec_set_async_mode_reply_t *rmp;
int rv = 0;
- vnet_crypto_request_async_mode (mp->async_enable);
ipsec_set_async_mode (mp->async_enable);
REPLY_MACRO (VL_API_IPSEC_SET_ASYNC_MODE_REPLY);