X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fikev2%2Fikev2_api.c;h=d104e54579aa27292cb2d202cdc90f47f5305fbb;hb=af2cc6425;hp=00d71143a5d2967ae0d358b55a8062526fcede1c;hpb=b2c31b685fd2cf28436ca32bc93e23eb24c74878;p=vpp.git

diff --git a/src/plugins/ikev2/ikev2_api.c b/src/plugins/ikev2/ikev2_api.c
index 00d71143a5d..d104e54579a 100644
--- a/src/plugins/ikev2/ikev2_api.c
+++ b/src/plugins/ikev2/ikev2_api.c
@@ -43,6 +43,8 @@ extern ikev2_main_t ikev2_main;
 #define REPLY_MSG_ID_BASE ikev2_main.msg_id_base
 #include <vlibapi/api_helper_macros.h>
 
+#define IKEV2_MAX_DATA_LEN (1 << 10)
+
 static u32
 ikev2_encode_sa_index (u32 sai, u32 ti)
 {
@@ -194,6 +196,17 @@ vl_api_ikev2_profile_dump_t_handler (vl_api_ikev2_profile_dump_t * mp)
   /* *INDENT-ON* */
 }
 
+static void
+ikev2_copy_stats (vl_api_ikev2_sa_stats_t *dst, const ikev2_stats_t *src)
+{
+  dst->n_rekey_req = src->n_rekey_req;
+  dst->n_keepalives = src->n_keepalives;
+  dst->n_retransmit = src->n_retransmit;
+  dst->n_init_sa_retransmit = src->n_init_retransmit;
+  dst->n_sa_init_req = src->n_sa_init_req;
+  dst->n_sa_auth_req = src->n_sa_auth_req;
+}
+
 static void
 send_sa (ikev2_sa_t * sa, vl_api_ikev2_sa_dump_t * mp, u32 api_sa_index)
 {
@@ -253,6 +266,8 @@ send_sa (ikev2_sa_t * sa, vl_api_ikev2_sa_dump_t * mp, u32 api_sa_index)
     k->sk_pr_len = vec_len (sa->sk_pr);
     clib_memcpy (&k->sk_pr, sa->sk_pr, k->sk_pr_len);
 
+    ikev2_copy_stats (&rsa->stats, &sa->stats);
+
     vl_api_ikev2_sa_t_endian(rsa);
   });
   /* *INDENT-ON* */
@@ -529,18 +544,24 @@ static void
   vlib_main_t *vm = vlib_get_main ();
   clib_error_t *error;
   int data_len = ntohl (mp->data_len);
-  u8 *tmp = format (0, "%s", mp->name);
-  u8 *data = vec_new (u8, data_len);
-  clib_memcpy (data, mp->data, data_len);
-  error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
-  vec_free (tmp);
-  vec_free (data);
-  if (error)
+  if (data_len > 0 && data_len <= IKEV2_MAX_DATA_LEN)
     {
-      ikev2_log_error ("%U", format_clib_error, error);
-      clib_error_free (error);
-      rv = VNET_API_ERROR_UNSPECIFIED;
+      u8 *tmp = format (0, "%s", mp->name);
+      u8 *data = vec_new (u8, data_len);
+      clib_memcpy (data, mp->data, data_len);
+      error =
+	ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
+      vec_free (tmp);
+      vec_free (data);
+      if (error)
+	{
+	  ikev2_log_error ("%U", format_clib_error, error);
+	  clib_error_free (error);
+	  rv = VNET_API_ERROR_UNSPECIFIED;
+	}
     }
+  else
+    rv = VNET_API_ERROR_INVALID_VALUE;
 #else
   rv = VNET_API_ERROR_UNIMPLEMENTED;
 #endif
@@ -559,17 +580,22 @@ vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp)
   clib_error_t *error;
   u8 *tmp = format (0, "%s", mp->name);
   int data_len = ntohl (mp->data_len);
-  u8 *data = vec_new (u8, data_len);
-  clib_memcpy (data, mp->data, data_len);
-  error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
-  vec_free (tmp);
-  vec_free (data);
-  if (error)
+  if (data_len > 0 && data_len <= IKEV2_MAX_DATA_LEN)
     {
-      ikev2_log_error ("%U", format_clib_error, error);
-      clib_error_free (error);
-      rv = VNET_API_ERROR_UNSPECIFIED;
+      u8 *data = vec_new (u8, data_len);
+      clib_memcpy (data, mp->data, data_len);
+      error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
+      vec_free (tmp);
+      vec_free (data);
+      if (error)
+	{
+	  ikev2_log_error ("%U", format_clib_error, error);
+	  clib_error_free (error);
+	  rv = VNET_API_ERROR_UNSPECIFIED;
+	}
     }
+  else
+    rv = VNET_API_ERROR_INVALID_VALUE;
 #else
   rv = VNET_API_ERROR_UNIMPLEMENTED;
 #endif
@@ -659,6 +685,38 @@ vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp)
   REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
 }
 
+static void
+vl_api_ikev2_set_responder_hostname_t_handler (
+  vl_api_ikev2_set_responder_hostname_t *mp)
+{
+  vl_api_ikev2_set_responder_hostname_reply_t *rmp;
+  int rv = 0;
+
+#if WITH_LIBSSL > 0
+  vlib_main_t *vm = vlib_get_main ();
+  clib_error_t *error;
+
+  u8 *tmp = format (0, "%s", mp->name);
+  u8 *hn = format (0, "%s", mp->hostname);
+  u32 sw_if_index = clib_net_to_host_u32 (mp->sw_if_index);
+
+  error = ikev2_set_profile_responder_hostname (vm, tmp, hn, sw_if_index);
+  vec_free (tmp);
+  vec_free (hn);
+
+  if (error)
+    {
+      ikev2_log_error ("%U", format_clib_error, error);
+      clib_error_free (error);
+      rv = VNET_API_ERROR_UNSPECIFIED;
+    }
+#else
+  rv = VNET_API_ERROR_UNIMPLEMENTED;
+#endif
+
+  REPLY_MACRO (VL_API_IKEV2_SET_RESPONDER_HOSTNAME_REPLY);
+}
+
 static void
 vl_api_ikev2_set_responder_t_handler (vl_api_ikev2_set_responder_t * mp)
 {