X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fikev2%2Fikev2_api.c;h=7bac98f9b4f83e2994d5747f079b6ac78babb0e2;hb=6a9bd8188;hp=d85b2f5f99963c8147117e9de5cea1b01cfc4ca2;hpb=fc7b77db7e651505aa8c3a9c5cff7191334f91bd;p=vpp.git diff --git a/src/plugins/ikev2/ikev2_api.c b/src/plugins/ikev2/ikev2_api.c index d85b2f5f999..7bac98f9b4f 100644 --- a/src/plugins/ikev2/ikev2_api.c +++ b/src/plugins/ikev2/ikev2_api.c @@ -26,9 +26,15 @@ #include /* define message IDs */ +#include #include #include + +#define vl_endianfun /* define message structures */ +#include +#undef vl_endianfun + extern ikev2_main_t ikev2_main; #define IKEV2_PLUGIN_VERSION_MAJOR 1 @@ -36,6 +42,126 @@ extern ikev2_main_t ikev2_main; #define REPLY_MSG_ID_BASE ikev2_main.msg_id_base #include +static void +cp_transforms (vl_api_ikev2_transforms_set_t * vl_api_ts, + ikev2_transforms_set * ts) +{ + vl_api_ts->crypto_alg = ts->crypto_alg; + vl_api_ts->integ_alg = ts->integ_alg; + vl_api_ts->dh_type = ts->dh_type; + vl_api_ts->crypto_key_size = ts->crypto_key_size; +} + +static void +cp_id (vl_api_ikev2_id_t * vl_api_id, ikev2_id_t * id) +{ + if (!id->data) + return; + + int size_data = 0; + vl_api_id->type = id->type; + size_data = sizeof (vl_api_id->data) - 1; // size without zero ending character + if (vec_len (id->data) < size_data) + size_data = vec_len (id->data); + + vl_api_id->data_len = size_data; + clib_memcpy (vl_api_id->data, id->data, size_data); +} + +static void +cp_ts (vl_api_ikev2_ts_t * vl_api_ts, ikev2_ts_t * ts) +{ + vl_api_ts->ts_type = ts->ts_type; + vl_api_ts->protocol_id = ts->protocol_id; + vl_api_ts->selector_len = ts->selector_len; + vl_api_ts->start_port = ts->start_port; + vl_api_ts->end_port = ts->end_port; + clib_memcpy (&vl_api_ts->start_addr, &ts->start_addr, + sizeof (ip4_address_t)); + clib_memcpy (&vl_api_ts->end_addr, &ts->end_addr, sizeof (ip4_address_t)); +} + +static void +cp_auth (vl_api_ikev2_auth_t * vl_api_auth, ikev2_auth_t * auth) +{ + vl_api_auth->method = auth->method; + vl_api_auth->data_len = vec_len (auth->data); + vl_api_auth->hex = auth->hex; + clib_memcpy (&vl_api_auth->data, auth->data, vec_len (auth->data)); +} + +static void +cp_responder (vl_api_ikev2_responder_t * vl_api_responder, + ikev2_responder_t * responder) +{ + vl_api_responder->sw_if_index = responder->sw_if_index; + clib_memcpy (&vl_api_responder->ip4, &responder->ip4, + sizeof (ip4_address_t)); +} + +static void +send_profile (ikev2_profile_t * profile, vl_api_registration_t * reg, + u32 context) +{ + vl_api_ikev2_profile_details_t *rmp = 0; + + rmp = vl_msg_api_alloc (sizeof (*rmp) + vec_len (profile->auth.data)); + clib_memset (rmp, 0, sizeof (*rmp) + vec_len (profile->auth.data)); + ikev2_main_t *im = &ikev2_main; + rmp->_vl_msg_id = ntohs (VL_API_IKEV2_PROFILE_DETAILS + im->msg_id_base); + rmp->context = context; + + int size_data = sizeof (rmp->profile.name) - 1; + if (vec_len (profile->name) < size_data) + size_data = vec_len (profile->name); + clib_memcpy (rmp->profile.name, profile->name, size_data); + + cp_transforms (&rmp->profile.ike_ts, &profile->ike_ts); + cp_transforms (&rmp->profile.esp_ts, &profile->esp_ts); + + cp_id (&rmp->profile.loc_id, &profile->loc_id); + cp_id (&rmp->profile.rem_id, &profile->rem_id); + + cp_ts (&rmp->profile.rem_ts, &profile->rem_ts); + cp_ts (&rmp->profile.loc_ts, &profile->loc_ts); + + cp_auth (&rmp->profile.auth, &profile->auth); + + cp_responder (&rmp->profile.responder, &profile->responder); + + rmp->profile.udp_encap = profile->udp_encap; + rmp->profile.tun_itf = profile->tun_itf; + + rmp->profile.ipsec_over_udp_port = profile->ipsec_over_udp_port; + + rmp->profile.lifetime = profile->lifetime; + rmp->profile.lifetime_maxdata = profile->lifetime_maxdata; + rmp->profile.lifetime_jitter = profile->lifetime_jitter; + rmp->profile.handover = profile->handover; + + vl_api_ikev2_profile_t_endian (&rmp->profile); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_ikev2_profile_dump_t_handler (vl_api_ikev2_profile_dump_t * mp) +{ + ikev2_main_t *im = &ikev2_main; + ikev2_profile_t *profile; + vl_api_registration_t *reg; + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + pool_foreach (profile, im->profiles, + ({ + send_profile (profile, reg, mp->context); + })); + /* *INDENT-ON* */ +} + static void vl_api_ikev2_plugin_get_version_t_handler (vl_api_ikev2_plugin_get_version_t * mp) @@ -60,6 +186,26 @@ vl_api_ikev2_plugin_get_version_t_handler (vl_api_ikev2_plugin_get_version_t * vl_api_send_msg (reg, (u8 *) rmp); } +static void + vl_api_ikev2_profile_set_liveness_t_handler + (vl_api_ikev2_profile_set_liveness_t * mp) +{ + vl_api_ikev2_profile_set_liveness_reply_t *rmp; + int rv = 0; + +#if WITH_LIBSSL > 0 + clib_error_t *error; + error = ikev2_set_liveness_params (clib_net_to_host_u32 (mp->period), + clib_net_to_host_u32 (mp->max_retries)); + if (error) + rv = VNET_API_ERROR_UNSPECIFIED; +#else + rv = VNET_API_ERROR_UNIMPLEMENTED; +#endif + + REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_LIVENESS_REPLY); +} + static void vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp) { @@ -110,7 +256,7 @@ static void static void vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp) { - vl_api_ikev2_profile_add_del_reply_t *rmp; + vl_api_ikev2_profile_set_id_reply_t *rmp; int rv = 0; #if WITH_LIBSSL > 0 @@ -132,6 +278,28 @@ vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp) REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY); } +static void + vl_api_ikev2_profile_set_udp_encap_t_handler + (vl_api_ikev2_profile_set_udp_encap_t * mp) +{ + vl_api_ikev2_profile_set_udp_encap_reply_t *rmp; + int rv = 0; + +#if WITH_LIBSSL > 0 + vlib_main_t *vm = vlib_get_main (); + clib_error_t *error; + u8 *tmp = format (0, "%s", mp->name); + error = ikev2_set_profile_udp_encap (vm, tmp); + vec_free (tmp); + if (error) + rv = VNET_API_ERROR_UNSPECIFIED; +#else + rv = VNET_API_ERROR_UNIMPLEMENTED; +#endif + + REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_UDP_ENCAP); +} + static void vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp) { @@ -142,9 +310,12 @@ vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp) vlib_main_t *vm = vlib_get_main (); clib_error_t *error; u8 *tmp = format (0, "%s", mp->name); - error = ikev2_set_profile_ts (vm, tmp, mp->proto, mp->start_port, - mp->end_port, (ip4_address_t) mp->start_addr, - (ip4_address_t) mp->end_addr, mp->is_local); + error = + ikev2_set_profile_ts (vm, tmp, mp->proto, + clib_net_to_host_u16 (mp->start_port), + clib_net_to_host_u16 (mp->end_port), + (ip4_address_t) mp->start_addr, + (ip4_address_t) mp->end_addr, mp->is_local); vec_free (tmp); if (error) rv = VNET_API_ERROR_UNSPECIFIED; @@ -158,7 +329,7 @@ vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp) static void vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp) { - vl_api_ikev2_profile_set_ts_reply_t *rmp; + vl_api_ikev2_set_local_key_reply_t *rmp; int rv = 0; #if WITH_LIBSSL > 0 @@ -189,7 +360,7 @@ vl_api_ikev2_set_responder_t_handler (vl_api_ikev2_set_responder_t * mp) ip4_address_t ip4; clib_memcpy (&ip4, mp->address, sizeof (ip4)); - error = ikev2_set_profile_responder (vm, tmp, mp->sw_if_index, ip4); + error = ikev2_set_profile_responder (vm, tmp, ntohl (mp->sw_if_index), ip4); vec_free (tmp); if (error) rv = VNET_API_ERROR_UNSPECIFIED; @@ -214,8 +385,10 @@ vl_api_ikev2_set_ike_transforms_t_handler (vl_api_ikev2_set_ike_transforms_t * u8 *tmp = format (0, "%s", mp->name); error = - ikev2_set_profile_ike_transforms (vm, tmp, mp->crypto_alg, mp->integ_alg, - mp->dh_group, mp->crypto_key_size); + ikev2_set_profile_ike_transforms (vm, tmp, ntohl (mp->crypto_alg), + ntohl (mp->integ_alg), + ntohl (mp->dh_group), + ntohl (mp->crypto_key_size)); vec_free (tmp); if (error) rv = VNET_API_ERROR_UNSPECIFIED; @@ -240,8 +413,10 @@ vl_api_ikev2_set_esp_transforms_t_handler (vl_api_ikev2_set_esp_transforms_t * u8 *tmp = format (0, "%s", mp->name); error = - ikev2_set_profile_esp_transforms (vm, tmp, mp->crypto_alg, mp->integ_alg, - mp->dh_group, mp->crypto_key_size); + ikev2_set_profile_esp_transforms (vm, tmp, ntohl (mp->crypto_alg), + ntohl (mp->integ_alg), + ntohl (mp->dh_group), + ntohl (mp->crypto_key_size)); vec_free (tmp); if (error) rv = VNET_API_ERROR_UNSPECIFIED; @@ -265,8 +440,12 @@ vl_api_ikev2_set_sa_lifetime_t_handler (vl_api_ikev2_set_sa_lifetime_t * mp) u8 *tmp = format (0, "%s", mp->name); error = - ikev2_set_profile_sa_lifetime (vm, tmp, mp->lifetime, mp->lifetime_jitter, - mp->handover, mp->lifetime_maxdata); + ikev2_set_profile_sa_lifetime (vm, tmp, + clib_net_to_host_u64 (mp->lifetime), + ntohl (mp->lifetime_jitter), + ntohl (mp->handover), + clib_net_to_host_u64 + (mp->lifetime_maxdata)); vec_free (tmp); if (error) rv = VNET_API_ERROR_UNSPECIFIED; @@ -277,6 +456,57 @@ vl_api_ikev2_set_sa_lifetime_t_handler (vl_api_ikev2_set_sa_lifetime_t * mp) REPLY_MACRO (VL_API_IKEV2_SET_SA_LIFETIME_REPLY); } +static void + vl_api_ikev2_profile_set_ipsec_udp_port_t_handler + (vl_api_ikev2_profile_set_ipsec_udp_port_t * mp) +{ + vl_api_ikev2_profile_set_ipsec_udp_port_reply_t *rmp; + int rv = 0; + +#if WITH_LIBSSL > 0 + vlib_main_t *vm = vlib_get_main (); + + u8 *tmp = format (0, "%s", mp->name); + + rv = + ikev2_set_profile_ipsec_udp_port (vm, tmp, + clib_net_to_host_u16 (mp->port), + mp->is_set); + vec_free (tmp); +#else + rv = VNET_API_ERROR_UNIMPLEMENTED; +#endif + + REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_IPSEC_UDP_PORT_REPLY); +} + +static void + vl_api_ikev2_set_tunnel_interface_t_handler + (vl_api_ikev2_set_tunnel_interface_t * mp) +{ + vl_api_ikev2_set_tunnel_interface_reply_t *rmp; + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + +#if WITH_LIBSSL > 0 + u8 *tmp = format (0, "%s", mp->name); + clib_error_t *error; + + error = ikev2_set_profile_tunnel_interface (vlib_get_main (), tmp, + ntohl (mp->sw_if_index)); + + if (error) + rv = VNET_API_ERROR_UNSPECIFIED; + vec_free (tmp); +#else + rv = VNET_API_ERROR_UNIMPLEMENTED; +#endif + + BAD_SW_IF_INDEX_LABEL; + REPLY_MACRO (VL_API_IKEV2_SET_TUNNEL_INTERFACE_REPLY); +} + static void vl_api_ikev2_initiate_sa_init_t_handler (vl_api_ikev2_initiate_sa_init_t * mp) {