X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fikev2%2Fikev2_api.c;h=d104e54579aa27292cb2d202cdc90f47f5305fbb;hb=af2cc6425;hp=dd4c094c50e4c78911151f19f716b035a0326f1e;hpb=e1ab06c14deaff5cc0870f7ec76f36613ffcc2d3;p=vpp.git

diff --git a/src/plugins/ikev2/ikev2_api.c b/src/plugins/ikev2/ikev2_api.c
index dd4c094c50e..d104e54579a 100644
--- a/src/plugins/ikev2/ikev2_api.c
+++ b/src/plugins/ikev2/ikev2_api.c
@@ -43,6 +43,8 @@ extern ikev2_main_t ikev2_main;
 #define REPLY_MSG_ID_BASE ikev2_main.msg_id_base
 #include <vlibapi/api_helper_macros.h>
 
+#define IKEV2_MAX_DATA_LEN (1 << 10)
+
 static u32
 ikev2_encode_sa_index (u32 sai, u32 ti)
 {
@@ -187,13 +189,24 @@ vl_api_ikev2_profile_dump_t_handler (vl_api_ikev2_profile_dump_t * mp)
     return;
 
   /* *INDENT-OFF* */
-  pool_foreach (profile, im->profiles,
-  ({
+  pool_foreach (profile, im->profiles)
+   {
     send_profile (profile, reg, mp->context);
-  }));
+  }
   /* *INDENT-ON* */
 }
 
+static void
+ikev2_copy_stats (vl_api_ikev2_sa_stats_t *dst, const ikev2_stats_t *src)
+{
+  dst->n_rekey_req = src->n_rekey_req;
+  dst->n_keepalives = src->n_keepalives;
+  dst->n_retransmit = src->n_retransmit;
+  dst->n_init_sa_retransmit = src->n_init_retransmit;
+  dst->n_sa_init_req = src->n_sa_init_req;
+  dst->n_sa_auth_req = src->n_sa_auth_req;
+}
+
 static void
 send_sa (ikev2_sa_t * sa, vl_api_ikev2_sa_dump_t * mp, u32 api_sa_index)
 {
@@ -253,6 +266,8 @@ send_sa (ikev2_sa_t * sa, vl_api_ikev2_sa_dump_t * mp, u32 api_sa_index)
     k->sk_pr_len = vec_len (sa->sk_pr);
     clib_memcpy (&k->sk_pr, sa->sk_pr, k->sk_pr_len);
 
+    ikev2_copy_stats (&rsa->stats, &sa->stats);
+
     vl_api_ikev2_sa_t_endian(rsa);
   });
   /* *INDENT-ON* */
@@ -268,12 +283,12 @@ vl_api_ikev2_sa_dump_t_handler (vl_api_ikev2_sa_dump_t * mp)
   vec_foreach (tkm, km->per_thread_data)
   {
     /* *INDENT-OFF* */
-    pool_foreach (sa, tkm->sas,
-    ({
+    pool_foreach (sa, tkm->sas)
+     {
       u32 api_sa_index = ikev2_encode_sa_index (sa - tkm->sas,
                                               tkm - km->per_thread_data);
       send_sa (sa, mp, api_sa_index);
-    }));
+    }
     /* *INDENT-ON* */
   }
 }
@@ -529,18 +544,24 @@ static void
   vlib_main_t *vm = vlib_get_main ();
   clib_error_t *error;
   int data_len = ntohl (mp->data_len);
-  u8 *tmp = format (0, "%s", mp->name);
-  u8 *data = vec_new (u8, data_len);
-  clib_memcpy (data, mp->data, data_len);
-  error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
-  vec_free (tmp);
-  vec_free (data);
-  if (error)
+  if (data_len > 0 && data_len <= IKEV2_MAX_DATA_LEN)
     {
-      ikev2_log_error ("%U", format_clib_error, error);
-      clib_error_free (error);
-      rv = VNET_API_ERROR_UNSPECIFIED;
+      u8 *tmp = format (0, "%s", mp->name);
+      u8 *data = vec_new (u8, data_len);
+      clib_memcpy (data, mp->data, data_len);
+      error =
+	ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
+      vec_free (tmp);
+      vec_free (data);
+      if (error)
+	{
+	  ikev2_log_error ("%U", format_clib_error, error);
+	  clib_error_free (error);
+	  rv = VNET_API_ERROR_UNSPECIFIED;
+	}
     }
+  else
+    rv = VNET_API_ERROR_INVALID_VALUE;
 #else
   rv = VNET_API_ERROR_UNIMPLEMENTED;
 #endif
@@ -559,17 +580,22 @@ vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp)
   clib_error_t *error;
   u8 *tmp = format (0, "%s", mp->name);
   int data_len = ntohl (mp->data_len);
-  u8 *data = vec_new (u8, data_len);
-  clib_memcpy (data, mp->data, data_len);
-  error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
-  vec_free (tmp);
-  vec_free (data);
-  if (error)
+  if (data_len > 0 && data_len <= IKEV2_MAX_DATA_LEN)
     {
-      ikev2_log_error ("%U", format_clib_error, error);
-      clib_error_free (error);
-      rv = VNET_API_ERROR_UNSPECIFIED;
+      u8 *data = vec_new (u8, data_len);
+      clib_memcpy (data, mp->data, data_len);
+      error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
+      vec_free (tmp);
+      vec_free (data);
+      if (error)
+	{
+	  ikev2_log_error ("%U", format_clib_error, error);
+	  clib_error_free (error);
+	  rv = VNET_API_ERROR_UNSPECIFIED;
+	}
     }
+  else
+    rv = VNET_API_ERROR_INVALID_VALUE;
 #else
   rv = VNET_API_ERROR_UNIMPLEMENTED;
 #endif
@@ -659,6 +685,38 @@ vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp)
   REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
 }
 
+static void
+vl_api_ikev2_set_responder_hostname_t_handler (
+  vl_api_ikev2_set_responder_hostname_t *mp)
+{
+  vl_api_ikev2_set_responder_hostname_reply_t *rmp;
+  int rv = 0;
+
+#if WITH_LIBSSL > 0
+  vlib_main_t *vm = vlib_get_main ();
+  clib_error_t *error;
+
+  u8 *tmp = format (0, "%s", mp->name);
+  u8 *hn = format (0, "%s", mp->hostname);
+  u32 sw_if_index = clib_net_to_host_u32 (mp->sw_if_index);
+
+  error = ikev2_set_profile_responder_hostname (vm, tmp, hn, sw_if_index);
+  vec_free (tmp);
+  vec_free (hn);
+
+  if (error)
+    {
+      ikev2_log_error ("%U", format_clib_error, error);
+      clib_error_free (error);
+      rv = VNET_API_ERROR_UNSPECIFIED;
+    }
+#else
+  rv = VNET_API_ERROR_UNIMPLEMENTED;
+#endif
+
+  REPLY_MACRO (VL_API_IKEV2_SET_RESPONDER_HOSTNAME_REPLY);
+}
+
 static void
 vl_api_ikev2_set_responder_t_handler (vl_api_ikev2_set_responder_t * mp)
 {