#include <vnet/api_errno.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/ip_types_api.h>
+#include <vnet/ipsec/ipsec_types_api.h>
#include <vnet/fib/fib.h>
#include <vnet/ipip/ipip.h>
vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
vl_api_ipsec_tunnel_protect_update_reply_t *rmp;
u32 sw_if_index, ii, *sa_ins = NULL;
+ ip_address_t nh;
int rv;
sw_if_index = ntohl (mp->tunnel.sw_if_index);
for (ii = 0; ii < mp->tunnel.n_sa_in; ii++)
vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii]));
- rv = ipsec_tun_protect_update (sw_if_index,
+ ip_address_decode2 (&mp->tunnel.nh, &nh);
+
+ rv = ipsec_tun_protect_update (sw_if_index, &nh,
ntohl (mp->tunnel.sa_out), sa_ins);
#else
rv = VNET_API_ERROR_UNIMPLEMENTED;
{
vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
vl_api_ipsec_tunnel_protect_del_reply_t *rmp;
- int rv;
+ ip_address_t nh;
u32 sw_if_index;
+ int rv;
sw_if_index = ntohl (mp->sw_if_index);
VALIDATE_SW_IF_INDEX (mp);
#if WITH_LIBSSL > 0
- rv = ipsec_tun_protect_del (sw_if_index);
+ ip_address_decode2 (&mp->nh, &nh);
+ rv = ipsec_tun_protect_del (sw_if_index, &nh);
#else
rv = VNET_API_ERROR_UNIMPLEMENTED;
#endif
itp = ipsec_tun_protect_get (itpi);
-
mp = vl_msg_api_alloc (sizeof (*mp) + (sizeof (u32) * itp->itp_n_sa_in));
clib_memset (mp, 0, sizeof (*mp));
mp->_vl_msg_id = ntohs (VL_API_IPSEC_TUNNEL_PROTECT_DETAILS);
mp->context = ctx->context;
mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
+ ip_address_encode2 (itp->itp_key, &mp->tun.nh);
mp->tun.sa_out = htonl (itp->itp_out_sa);
mp->tun.n_sa_in = itp->itp_n_sa_in;
}
else
{
- index_t itpi;
-
- itpi = ipsec_tun_protect_find (sw_if_index);
-
- if (INDEX_INVALID != itpi)
- send_ipsec_tunnel_protect_details (itpi, &ctx);
+ ipsec_tun_protect_walk_itf (sw_if_index,
+ send_ipsec_tunnel_protect_details, &ctx);
}
#else
clib_warning ("unimplemented");
/* *INDENT-ON* */
}
-static int
-ipsec_proto_decode (vl_api_ipsec_proto_t in, ipsec_protocol_t * out)
-{
- in = clib_net_to_host_u32 (in);
-
- switch (in)
- {
- case IPSEC_API_PROTO_ESP:
- *out = IPSEC_PROTOCOL_ESP;
- return (0);
- case IPSEC_API_PROTO_AH:
- *out = IPSEC_PROTOCOL_AH;
- return (0);
- }
- return (VNET_API_ERROR_INVALID_PROTOCOL);
-}
-
-static vl_api_ipsec_proto_t
-ipsec_proto_encode (ipsec_protocol_t p)
-{
- switch (p)
- {
- case IPSEC_PROTOCOL_ESP:
- return clib_host_to_net_u32 (IPSEC_API_PROTO_ESP);
- case IPSEC_PROTOCOL_AH:
- return clib_host_to_net_u32 (IPSEC_API_PROTO_AH);
- }
- return (VNET_API_ERROR_UNIMPLEMENTED);
-}
-
-static int
-ipsec_crypto_algo_decode (vl_api_ipsec_crypto_alg_t in,
- ipsec_crypto_alg_t * out)
-{
- in = clib_net_to_host_u32 (in);
-
- switch (in)
- {
-#define _(v,f,s) case IPSEC_API_CRYPTO_ALG_##f: \
- *out = IPSEC_CRYPTO_ALG_##f; \
- return (0);
- foreach_ipsec_crypto_alg
-#undef _
- }
- return (VNET_API_ERROR_INVALID_ALGORITHM);
-}
-
-static vl_api_ipsec_crypto_alg_t
-ipsec_crypto_algo_encode (ipsec_crypto_alg_t c)
-{
- switch (c)
- {
-#define _(v,f,s) case IPSEC_CRYPTO_ALG_##f: \
- return clib_host_to_net_u32(IPSEC_API_CRYPTO_ALG_##f);
- foreach_ipsec_crypto_alg
-#undef _
- case IPSEC_CRYPTO_N_ALG:
- break;
- }
- ASSERT (0);
- return (VNET_API_ERROR_UNIMPLEMENTED);
-}
-
-static int
-ipsec_integ_algo_decode (vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t * out)
-{
- in = clib_net_to_host_u32 (in);
-
- switch (in)
- {
-#define _(v,f,s) case IPSEC_API_INTEG_ALG_##f: \
- *out = IPSEC_INTEG_ALG_##f; \
- return (0);
- foreach_ipsec_integ_alg
-#undef _
- }
- return (VNET_API_ERROR_INVALID_ALGORITHM);
-}
-
-static vl_api_ipsec_integ_alg_t
-ipsec_integ_algo_encode (ipsec_integ_alg_t i)
-{
- switch (i)
- {
-#define _(v,f,s) case IPSEC_INTEG_ALG_##f: \
- return (clib_host_to_net_u32(IPSEC_API_INTEG_ALG_##f));
- foreach_ipsec_integ_alg
-#undef _
- case IPSEC_INTEG_N_ALG:
- break;
- }
- ASSERT (0);
- return (VNET_API_ERROR_UNIMPLEMENTED);
-}
-
-static void
-ipsec_key_decode (const vl_api_key_t * key, ipsec_key_t * out)
-{
- ipsec_mk_key (out, key->data, key->length);
-}
-
-static void
-ipsec_key_encode (const ipsec_key_t * in, vl_api_key_t * out)
-{
- out->length = in->len;
- clib_memcpy (out->data, in->data, out->length);
-}
-
-static ipsec_sa_flags_t
-ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in)
-{
- ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE;
- in = clib_net_to_host_u32 (in);
-
- if (in & IPSEC_API_SAD_FLAG_USE_ESN)
- flags |= IPSEC_SA_FLAG_USE_ESN;
- if (in & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
- flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
- if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL)
- flags |= IPSEC_SA_FLAG_IS_TUNNEL;
- if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6)
- flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6;
- if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP)
- flags |= IPSEC_SA_FLAG_UDP_ENCAP;
-
- return (flags);
-}
-
-static vl_api_ipsec_sad_flags_t
-ipsec_sad_flags_encode (const ipsec_sa_t * sa)
-{
- vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
-
- if (ipsec_sa_is_set_USE_ESN (sa))
- flags |= IPSEC_API_SAD_FLAG_USE_ESN;
- if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
- flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
- if (ipsec_sa_is_set_IS_TUNNEL (sa))
- flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
- if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
- flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
- if (ipsec_sa_is_set_UDP_ENCAP (sa))
- flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP;
-
- return clib_host_to_net_u32 (flags);
-}
-
static void vl_api_ipsec_sad_entry_add_del_t_handler
(vl_api_ipsec_sad_entry_add_del_t * mp)
{
rv = ipip_add_tunnel (transport,
(mp->renumber ? ntohl (mp->show_instance) : ~0),
&local_ip,
- &remote_ip, fib_index, 0, &sw_if_index);
+ &remote_ip, fib_index,
+ TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
+ TUNNEL_MODE_P2P, &sw_if_index);
if (rv)
goto done;
if (rv)
goto done;
- rv = ipsec_tun_protect_update_one (sw_if_index,
+ rv = ipsec_tun_protect_update_one (sw_if_index, NULL,
ipsec_tun_mk_output_sa_id
(sw_if_index),
ipsec_tun_mk_input_sa_id
if (NULL != t)
{
- rv = ipsec_tun_protect_del (t->sw_if_index);
+ rv = ipsec_tun_protect_del (t->sw_if_index, NULL);
ipip_del_tunnel (t->sw_if_index);
}
else
VALIDATE_SW_IF_INDEX(mp);
if (mp->is_outbound)
- rv = ipsec_tun_protect_update_out (ntohl (mp->sw_if_index),
+ rv = ipsec_tun_protect_update_out (ntohl (mp->sw_if_index), NULL,
ntohl (mp->sa_id));
else
- rv = ipsec_tun_protect_update_in (ntohl (mp->sw_if_index),
+ rv = ipsec_tun_protect_update_in (ntohl (mp->sw_if_index), NULL,
ntohl (mp->sa_id));
#else
static clib_error_t *
ipsec_api_hookup (vlib_main_t * vm)
{
- api_main_t *am = &api_main;
+ api_main_t *am = vlibapi_get_main ();
#define _(N,n) \
vl_msg_api_set_handlers(VL_API_##N, #n, \