X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvat%2Fapi_format.c;h=cef60e05725968c698f55293f955062f5589cbf9;hb=7c44d78ef2e7bf0c8714be4184511ed8f23ff239;hp=85bf9d0731a864d86e0a12325d26e15c3c0b0dfd;hpb=37029305c671f4e2d091d6f6c22142634e409043;p=vpp.git diff --git a/src/vat/api_format.c b/src/vat/api_format.c index 85bf9d0731a..cef60e05725 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include @@ -361,20 +360,6 @@ unformat_ipsec_policy_action (unformat_input_t * input, va_list * args) return 1; } -uword -unformat_ipsec_crypto_alg (unformat_input_t * input, va_list * args) -{ - u32 *r = va_arg (*args, u32 *); - - if (0); -#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_CRYPTO_ALG_##f; - foreach_ipsec_crypto_alg -#undef _ - else - return 0; - return 1; -} - u8 * format_ipsec_crypto_alg (u8 * s, va_list * args) { @@ -392,20 +377,6 @@ format_ipsec_crypto_alg (u8 * s, va_list * args) return format (s, "%s", t); } -uword -unformat_ipsec_integ_alg (unformat_input_t * input, va_list * args) -{ - u32 *r = va_arg (*args, u32 *); - - if (0); -#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_INTEG_ALG_##f; - foreach_ipsec_integ_alg -#undef _ - else - return 0; - return 1; -} - u8 * format_ipsec_integ_alg (u8 * s, va_list * args) { @@ -423,33 +394,6 @@ format_ipsec_integ_alg (u8 * s, va_list * args) return format (s, "%s", t); } -uword -unformat_ikev2_auth_method (unformat_input_t * input, va_list * args) -{ - u32 *r = va_arg (*args, u32 *); - - if (0); -#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f; - foreach_ikev2_auth_method -#undef _ - else - return 0; - return 1; -} - -uword -unformat_ikev2_id_type (unformat_input_t * input, va_list * args) -{ - u32 *r = va_arg (*args, u32 *); - - if (0); -#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f; - foreach_ikev2_id_type -#undef _ - else - return 0; - return 1; -} #else /* VPP_API_TEST_BUILTIN == 1 */ static uword api_unformat_sw_if_index (unformat_input_t * input, va_list * args) @@ -473,6 +417,34 @@ api_unformat_hw_if_index (unformat_input_t * input, va_list * args) #endif /* VPP_API_TEST_BUILTIN */ +uword +unformat_ipsec_api_crypto_alg (unformat_input_t * input, va_list * args) +{ + u32 *r = va_arg (*args, u32 *); + + if (0); +#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_API_CRYPTO_ALG_##f; + foreach_ipsec_crypto_alg +#undef _ + else + return 0; + return 1; +} + +uword +unformat_ipsec_api_integ_alg (unformat_input_t * input, va_list * args) +{ + u32 *r = va_arg (*args, u32 *); + + if (0); +#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_API_INTEG_ALG_##f; + foreach_ipsec_integ_alg +#undef _ + else + return 0; + return 1; +} + static uword unformat_policer_rate_type (unformat_input_t * input, va_list * args) { @@ -5208,25 +5180,12 @@ _(want_l2_macs_events_reply) \ _(input_acl_set_interface_reply) \ _(ipsec_spd_add_del_reply) \ _(ipsec_interface_add_del_spd_reply) \ -_(ipsec_spd_add_del_entry_reply) \ -_(ipsec_sad_add_del_entry_reply) \ +_(ipsec_spd_entry_add_del_reply) \ +_(ipsec_sad_entry_add_del_reply) \ _(ipsec_sa_set_key_reply) \ _(ipsec_tunnel_if_add_del_reply) \ _(ipsec_tunnel_if_set_key_reply) \ _(ipsec_tunnel_if_set_sa_reply) \ -_(ikev2_profile_add_del_reply) \ -_(ikev2_profile_set_auth_reply) \ -_(ikev2_profile_set_id_reply) \ -_(ikev2_profile_set_ts_reply) \ -_(ikev2_set_local_key_reply) \ -_(ikev2_set_responder_reply) \ -_(ikev2_set_ike_transforms_reply) \ -_(ikev2_set_esp_transforms_reply) \ -_(ikev2_set_sa_lifetime_reply) \ -_(ikev2_initiate_sa_init_reply) \ -_(ikev2_initiate_del_ike_sa_reply) \ -_(ikev2_initiate_del_child_sa_reply) \ -_(ikev2_initiate_rekey_child_sa_reply) \ _(delete_loopback_reply) \ _(bd_ip_mac_add_del_reply) \ _(bd_ip_mac_flush_reply) \ @@ -5463,26 +5422,13 @@ _(IP_ADDRESS_DETAILS, ip_address_details) \ _(IP_DETAILS, ip_details) \ _(IPSEC_SPD_ADD_DEL_REPLY, ipsec_spd_add_del_reply) \ _(IPSEC_INTERFACE_ADD_DEL_SPD_REPLY, ipsec_interface_add_del_spd_reply) \ -_(IPSEC_SPD_ADD_DEL_ENTRY_REPLY, ipsec_spd_add_del_entry_reply) \ -_(IPSEC_SAD_ADD_DEL_ENTRY_REPLY, ipsec_sad_add_del_entry_reply) \ +_(IPSEC_SPD_ENTRY_ADD_DEL_REPLY, ipsec_spd_entry_add_del_reply) \ +_(IPSEC_SAD_ENTRY_ADD_DEL_REPLY, ipsec_sad_entry_add_del_reply) \ _(IPSEC_SA_DETAILS, ipsec_sa_details) \ _(IPSEC_SA_SET_KEY_REPLY, ipsec_sa_set_key_reply) \ _(IPSEC_TUNNEL_IF_ADD_DEL_REPLY, ipsec_tunnel_if_add_del_reply) \ _(IPSEC_TUNNEL_IF_SET_KEY_REPLY, ipsec_tunnel_if_set_key_reply) \ _(IPSEC_TUNNEL_IF_SET_SA_REPLY, ipsec_tunnel_if_set_sa_reply) \ -_(IKEV2_PROFILE_ADD_DEL_REPLY, ikev2_profile_add_del_reply) \ -_(IKEV2_PROFILE_SET_AUTH_REPLY, ikev2_profile_set_auth_reply) \ -_(IKEV2_PROFILE_SET_ID_REPLY, ikev2_profile_set_id_reply) \ -_(IKEV2_PROFILE_SET_TS_REPLY, ikev2_profile_set_ts_reply) \ -_(IKEV2_SET_LOCAL_KEY_REPLY, ikev2_set_local_key_reply) \ -_(IKEV2_SET_RESPONDER_REPLY, ikev2_set_responder_reply) \ -_(IKEV2_SET_IKE_TRANSFORMS_REPLY, ikev2_set_ike_transforms_reply) \ -_(IKEV2_SET_ESP_TRANSFORMS_REPLY, ikev2_set_esp_transforms_reply) \ -_(IKEV2_SET_SA_LIFETIME_REPLY, ikev2_set_sa_lifetime_reply) \ -_(IKEV2_INITIATE_SA_INIT_REPLY, ikev2_initiate_sa_init_reply) \ -_(IKEV2_INITIATE_DEL_IKE_SA_REPLY, ikev2_initiate_del_ike_sa_reply) \ -_(IKEV2_INITIATE_DEL_CHILD_SA_REPLY, ikev2_initiate_del_child_sa_reply) \ -_(IKEV2_INITIATE_REKEY_CHILD_SA_REPLY, ikev2_initiate_rekey_child_sa_reply) \ _(DELETE_LOOPBACK_REPLY, delete_loopback_reply) \ _(BD_IP_MAC_ADD_DEL_REPLY, bd_ip_mac_add_del_reply) \ _(BD_IP_MAC_FLUSH_REPLY, bd_ip_mac_flush_reply) \ @@ -14829,26 +14775,24 @@ api_ipsec_interface_add_del_spd (vat_main_t * vam) } static int -api_ipsec_spd_add_del_entry (vat_main_t * vam) +api_ipsec_spd_entry_add_del (vat_main_t * vam) { unformat_input_t *i = vam->input; - vl_api_ipsec_spd_add_del_entry_t *mp; + vl_api_ipsec_spd_entry_add_del_t *mp; u8 is_add = 1, is_outbound = 0, is_ipv6 = 0, is_ip_any = 1; u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0; i32 priority = 0; u32 rport_start = 0, rport_stop = (u32) ~ 0; u32 lport_start = 0, lport_stop = (u32) ~ 0; - ip4_address_t laddr4_start, laddr4_stop, raddr4_start, raddr4_stop; - ip6_address_t laddr6_start, laddr6_stop, raddr6_start, raddr6_stop; + vl_api_address_t laddr_start = { }, laddr_stop = + { + }, raddr_start = + { + }, raddr_stop = + { + }; int ret; - laddr4_start.as_u32 = raddr4_start.as_u32 = 0; - laddr4_stop.as_u32 = raddr4_stop.as_u32 = (u32) ~ 0; - laddr6_start.as_u64[0] = raddr6_start.as_u64[0] = 0; - laddr6_start.as_u64[1] = raddr6_start.as_u64[1] = 0; - laddr6_stop.as_u64[0] = raddr6_stop.as_u64[0] = (u64) ~ 0; - laddr6_stop.as_u64[1] = raddr6_stop.as_u64[1] = (u64) ~ 0; - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) { if (unformat (i, "del")) @@ -14873,58 +14817,18 @@ api_ipsec_spd_add_del_entry (vat_main_t * vam) ; else if (unformat (i, "rport_stop %d", &rport_stop)) ; - else - if (unformat - (i, "laddr_start %U", unformat_ip4_address, &laddr4_start)) - { - is_ipv6 = 0; - is_ip_any = 0; - } - else - if (unformat (i, "laddr_stop %U", unformat_ip4_address, &laddr4_stop)) - { - is_ipv6 = 0; - is_ip_any = 0; - } - else - if (unformat - (i, "raddr_start %U", unformat_ip4_address, &raddr4_start)) - { - is_ipv6 = 0; - is_ip_any = 0; - } - else - if (unformat (i, "raddr_stop %U", unformat_ip4_address, &raddr4_stop)) - { - is_ipv6 = 0; - is_ip_any = 0; - } - else - if (unformat - (i, "laddr_start %U", unformat_ip6_address, &laddr6_start)) - { - is_ipv6 = 1; - is_ip_any = 0; - } - else - if (unformat (i, "laddr_stop %U", unformat_ip6_address, &laddr6_stop)) - { - is_ipv6 = 1; - is_ip_any = 0; - } - else - if (unformat - (i, "raddr_start %U", unformat_ip6_address, &raddr6_start)) - { - is_ipv6 = 1; - is_ip_any = 0; - } - else - if (unformat (i, "raddr_stop %U", unformat_ip6_address, &raddr6_stop)) - { - is_ipv6 = 1; - is_ip_any = 0; - } + else if (unformat (i, "laddr_start %U", + unformat_vl_api_address, &laddr_start)) + is_ip_any = 0; + else if (unformat (i, "laddr_stop %U", unformat_vl_api_address, + &laddr_stop)) + is_ip_any = 0; + else if (unformat (i, "raddr_start %U", unformat_vl_api_address, + &raddr_start)) + is_ip_any = 0; + else if (unformat (i, "raddr_stop %U", unformat_vl_api_address, + &raddr_stop)) + is_ip_any = 0; else if (unformat (i, "action %U", unformat_ipsec_policy_action, &policy)) { @@ -14942,65 +14846,50 @@ api_ipsec_spd_add_del_entry (vat_main_t * vam) } - M (IPSEC_SPD_ADD_DEL_ENTRY, mp); - - mp->spd_id = ntohl (spd_id); - mp->priority = ntohl (priority); - mp->is_outbound = is_outbound; + M (IPSEC_SPD_ENTRY_ADD_DEL, mp); - mp->is_ipv6 = is_ipv6; - if (is_ipv6 || is_ip_any) - { - clib_memcpy (mp->remote_address_start, &raddr6_start, - sizeof (ip6_address_t)); - clib_memcpy (mp->remote_address_stop, &raddr6_stop, - sizeof (ip6_address_t)); - clib_memcpy (mp->local_address_start, &laddr6_start, - sizeof (ip6_address_t)); - clib_memcpy (mp->local_address_stop, &laddr6_stop, - sizeof (ip6_address_t)); - } - else - { - clib_memcpy (mp->remote_address_start, &raddr4_start, - sizeof (ip4_address_t)); - clib_memcpy (mp->remote_address_stop, &raddr4_stop, - sizeof (ip4_address_t)); - clib_memcpy (mp->local_address_start, &laddr4_start, - sizeof (ip4_address_t)); - clib_memcpy (mp->local_address_stop, &laddr4_stop, - sizeof (ip4_address_t)); - } - mp->protocol = (u8) protocol; - mp->local_port_start = ntohs ((u16) lport_start); - mp->local_port_stop = ntohs ((u16) lport_stop); - mp->remote_port_start = ntohs ((u16) rport_start); - mp->remote_port_stop = ntohs ((u16) rport_stop); - mp->policy = (u8) policy; - mp->sa_id = ntohl (sa_id); mp->is_add = is_add; - mp->is_ip_any = is_ip_any; + + mp->entry.spd_id = ntohl (spd_id); + mp->entry.priority = ntohl (priority); + mp->entry.is_outbound = is_outbound; + + clib_memcpy (&mp->entry.remote_address_start, &raddr_start, + sizeof (vl_api_address_t)); + clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop, + sizeof (vl_api_address_t)); + clib_memcpy (&mp->entry.local_address_start, &laddr_start, + sizeof (vl_api_address_t)); + clib_memcpy (&mp->entry.local_address_stop, &laddr_stop, + sizeof (vl_api_address_t)); + + mp->entry.protocol = (u8) protocol; + mp->entry.local_port_start = ntohs ((u16) lport_start); + mp->entry.local_port_stop = ntohs ((u16) lport_stop); + mp->entry.remote_port_start = ntohs ((u16) rport_start); + mp->entry.remote_port_stop = ntohs ((u16) rport_stop); + mp->entry.policy = (u8) policy; + mp->entry.sa_id = ntohl (sa_id); + S (mp); W (ret); return ret; } static int -api_ipsec_sad_add_del_entry (vat_main_t * vam) +api_ipsec_sad_entry_add_del (vat_main_t * vam) { unformat_input_t *i = vam->input; - vl_api_ipsec_sad_add_del_entry_t *mp; + vl_api_ipsec_sad_entry_add_del_t *mp; u32 sad_id = 0, spi = 0; u8 *ck = 0, *ik = 0; u8 is_add = 1; - u8 protocol = IPSEC_PROTOCOL_AH; - u8 is_tunnel = 0, is_tunnel_ipv6 = 0; - u32 crypto_alg = 0, integ_alg = 0; - ip4_address_t tun_src4; - ip4_address_t tun_dst4; - ip6_address_t tun_src6; - ip6_address_t tun_dst6; + vl_api_ipsec_crypto_alg_t crypto_alg = IPSEC_API_CRYPTO_ALG_NONE; + vl_api_ipsec_integ_alg_t integ_alg = IPSEC_API_INTEG_ALG_NONE; + vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE; + vl_api_ipsec_proto_t protocol = IPSEC_API_PROTO_AH; + vl_api_address_t tun_src, tun_dst; int ret; while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) @@ -15012,51 +14901,30 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam) else if (unformat (i, "spi %d", &spi)) ; else if (unformat (i, "esp")) - protocol = IPSEC_PROTOCOL_ESP; - else if (unformat (i, "tunnel_src %U", unformat_ip4_address, &tun_src4)) - { - is_tunnel = 1; - is_tunnel_ipv6 = 0; - } - else if (unformat (i, "tunnel_dst %U", unformat_ip4_address, &tun_dst4)) - { - is_tunnel = 1; - is_tunnel_ipv6 = 0; - } - else if (unformat (i, "tunnel_src %U", unformat_ip6_address, &tun_src6)) - { - is_tunnel = 1; - is_tunnel_ipv6 = 1; - } - else if (unformat (i, "tunnel_dst %U", unformat_ip6_address, &tun_dst6)) + protocol = IPSEC_API_PROTO_ESP; + else + if (unformat (i, "tunnel_src %U", unformat_vl_api_address, &tun_src)) { - is_tunnel = 1; - is_tunnel_ipv6 = 1; + flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL; + if (ADDRESS_IP6 == tun_src.af) + flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6; } else - if (unformat - (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg)) + if (unformat (i, "tunnel_dst %U", unformat_vl_api_address, &tun_dst)) { - if (crypto_alg >= IPSEC_CRYPTO_N_ALG) - { - clib_warning ("unsupported crypto-alg: '%U'", - format_ipsec_crypto_alg, crypto_alg); - return -99; - } + flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL; + if (ADDRESS_IP6 == tun_src.af) + flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6; } + else + if (unformat (i, "crypto_alg %U", + unformat_ipsec_api_crypto_alg, &crypto_alg)) + ; else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck)) ; - else - if (unformat - (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg)) - { - if (integ_alg >= IPSEC_INTEG_N_ALG) - { - clib_warning ("unsupported integ-alg: '%U'", - format_ipsec_integ_alg, integ_alg); - return -99; - } - } + else if (unformat (i, "integ_alg %U", + unformat_ipsec_api_integ_alg, &integ_alg)) + ; else if (unformat (i, "integ_key %U", unformat_hex_string, &ik)) ; else @@ -15067,46 +14935,37 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam) } - M (IPSEC_SAD_ADD_DEL_ENTRY, mp); + M (IPSEC_SAD_ENTRY_ADD_DEL, mp); - mp->sad_id = ntohl (sad_id); mp->is_add = is_add; - mp->protocol = protocol; - mp->spi = ntohl (spi); - mp->is_tunnel = is_tunnel; - mp->is_tunnel_ipv6 = is_tunnel_ipv6; - mp->crypto_algorithm = crypto_alg; - mp->integrity_algorithm = integ_alg; - mp->crypto_key_length = vec_len (ck); - mp->integrity_key_length = vec_len (ik); + mp->entry.sad_id = ntohl (sad_id); + mp->entry.protocol = protocol; + mp->entry.spi = ntohl (spi); + mp->entry.flags = flags; - if (mp->crypto_key_length > sizeof (mp->crypto_key)) - mp->crypto_key_length = sizeof (mp->crypto_key); + mp->entry.crypto_algorithm = crypto_alg; + mp->entry.integrity_algorithm = integ_alg; + mp->entry.crypto_key.length = vec_len (ck); + mp->entry.integrity_key.length = vec_len (ik); - if (mp->integrity_key_length > sizeof (mp->integrity_key)) - mp->integrity_key_length = sizeof (mp->integrity_key); + if (mp->entry.crypto_key.length > sizeof (mp->entry.crypto_key.data)) + mp->entry.crypto_key.length = sizeof (mp->entry.crypto_key.data); + + if (mp->entry.integrity_key.length > sizeof (mp->entry.integrity_key.data)) + mp->entry.integrity_key.length = sizeof (mp->entry.integrity_key.data); if (ck) - clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length); + clib_memcpy (mp->entry.crypto_key.data, ck, mp->entry.crypto_key.length); if (ik) - clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length); + clib_memcpy (mp->entry.integrity_key.data, ik, + mp->entry.integrity_key.length); - if (is_tunnel) + if (flags & IPSEC_API_SAD_FLAG_IS_TUNNEL) { - if (is_tunnel_ipv6) - { - clib_memcpy (mp->tunnel_src_address, &tun_src6, - sizeof (ip6_address_t)); - clib_memcpy (mp->tunnel_dst_address, &tun_dst6, - sizeof (ip6_address_t)); - } - else - { - clib_memcpy (mp->tunnel_src_address, &tun_src4, - sizeof (ip4_address_t)); - clib_memcpy (mp->tunnel_dst_address, &tun_dst4, - sizeof (ip4_address_t)); - } + clib_memcpy (&mp->entry.tunnel_src, &tun_src, + sizeof (mp->entry.tunnel_src)); + clib_memcpy (&mp->entry.tunnel_dst, &tun_dst, + sizeof (mp->entry.tunnel_dst)); } S (mp); @@ -15141,19 +15000,19 @@ api_ipsec_sa_set_key (vat_main_t * vam) M (IPSEC_SA_SET_KEY, mp); mp->sa_id = ntohl (sa_id); - mp->crypto_key_length = vec_len (ck); - mp->integrity_key_length = vec_len (ik); + mp->crypto_key.length = vec_len (ck); + mp->integrity_key.length = vec_len (ik); - if (mp->crypto_key_length > sizeof (mp->crypto_key)) - mp->crypto_key_length = sizeof (mp->crypto_key); + if (mp->crypto_key.length > sizeof (mp->crypto_key.data)) + mp->crypto_key.length = sizeof (mp->crypto_key.data); - if (mp->integrity_key_length > sizeof (mp->integrity_key)) - mp->integrity_key_length = sizeof (mp->integrity_key); + if (mp->integrity_key.length > sizeof (mp->integrity_key.data)) + mp->integrity_key.length = sizeof (mp->integrity_key.data); if (ck) - clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length); + clib_memcpy (mp->crypto_key.data, ck, mp->crypto_key.length); if (ik) - clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length); + clib_memcpy (mp->integrity_key.data, ik, mp->integrity_key.length); S (mp); W (ret); @@ -15205,7 +15064,7 @@ api_ipsec_tunnel_if_add_del (vat_main_t * vam) ; else if (unformat - (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg)) + (i, "crypto_alg %U", unformat_ipsec_api_crypto_alg, &crypto_alg)) { if (crypto_alg >= IPSEC_CRYPTO_N_ALG) { @@ -15216,7 +15075,7 @@ api_ipsec_tunnel_if_add_del (vat_main_t * vam) } else if (unformat - (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg)) + (i, "integ_alg %U", unformat_ipsec_api_integ_alg, &integ_alg)) { if (integ_alg >= IPSEC_INTEG_N_ALG) { @@ -15302,37 +15161,55 @@ vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t * mp) vat_main_t *vam = &vat_main; print (vam->ofp, "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u " - "crypto_key %U integ_alg %u integ_key %U use_esn %u " - "use_anti_replay %u is_tunnel %u is_tunnel_ip6 %u " + "crypto_key %U integ_alg %u integ_key %U flags %x " "tunnel_src_addr %U tunnel_dst_addr %U " "salt %u seq_outbound %lu last_seq_inbound %lu " - "replay_window %lu total_data_size %lu\n", - ntohl (mp->sa_id), ntohl (mp->sw_if_index), ntohl (mp->spi), - mp->protocol, - mp->crypto_alg, format_hex_bytes, mp->crypto_key, mp->crypto_key_len, - mp->integ_alg, format_hex_bytes, mp->integ_key, mp->integ_key_len, - mp->use_esn, mp->use_anti_replay, mp->is_tunnel, mp->is_tunnel_ip6, - (mp->is_tunnel_ip6) ? format_ip6_address : format_ip4_address, - mp->tunnel_src_addr, - (mp->is_tunnel_ip6) ? format_ip6_address : format_ip4_address, - mp->tunnel_dst_addr, - ntohl (mp->salt), + "replay_window %lu\n", + ntohl (mp->entry.sad_id), + ntohl (mp->sw_if_index), + ntohl (mp->entry.spi), + ntohl (mp->entry.protocol), + ntohl (mp->entry.crypto_algorithm), + format_hex_bytes, mp->entry.crypto_key.data, + mp->entry.crypto_key.length, ntohl (mp->entry.integrity_algorithm), + format_hex_bytes, mp->entry.integrity_key.data, + mp->entry.integrity_key.length, ntohl (mp->entry.flags), + format_vl_api_address, &mp->entry.tunnel_src, format_vl_api_address, + &mp->entry.tunnel_dst, ntohl (mp->salt), clib_net_to_host_u64 (mp->seq_outbound), clib_net_to_host_u64 (mp->last_seq_inbound), - clib_net_to_host_u64 (mp->replay_window), - clib_net_to_host_u64 (mp->total_data_size)); + clib_net_to_host_u64 (mp->replay_window)); } #define vl_api_ipsec_sa_details_t_endian vl_noop_handler #define vl_api_ipsec_sa_details_t_print vl_noop_handler +static void +vat_json_object_add_address (vat_json_node_t * node, + const vl_api_address_t * addr) +{ + if (ADDRESS_IP6 == addr->af) + { + struct in6_addr ip6; + + clib_memcpy (&ip6, &addr->un.ip6, sizeof (ip6)); + vat_json_object_add_ip6 (node, "ip_address", ip6); + } + else + { + struct in_addr ip4; + + clib_memcpy (&ip4, &addr->un.ip4, sizeof (ip4)); + vat_json_object_add_ip4 (node, "ip_address", ip4); + } +} + static void vl_api_ipsec_sa_details_t_handler_json (vl_api_ipsec_sa_details_t * mp) { vat_main_t *vam = &vat_main; vat_json_node_t *node = NULL; - struct in_addr src_ip4, dst_ip4; - struct in6_addr src_ip6, dst_ip6; + vl_api_ipsec_sad_flags_t flags; if (VAT_JSON_ARRAY != vam->json_tree.type) { @@ -15342,39 +15219,34 @@ static void vl_api_ipsec_sa_details_t_handler_json node = vat_json_array_add (&vam->json_tree); vat_json_init_object (node); - vat_json_object_add_uint (node, "sa_id", ntohl (mp->sa_id)); + vat_json_object_add_uint (node, "sa_id", ntohl (mp->entry.sad_id)); vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index)); - vat_json_object_add_uint (node, "spi", ntohl (mp->spi)); - vat_json_object_add_uint (node, "proto", mp->protocol); - vat_json_object_add_uint (node, "crypto_alg", mp->crypto_alg); - vat_json_object_add_uint (node, "integ_alg", mp->integ_alg); - vat_json_object_add_uint (node, "use_esn", mp->use_esn); - vat_json_object_add_uint (node, "use_anti_replay", mp->use_anti_replay); - vat_json_object_add_uint (node, "is_tunnel", mp->is_tunnel); - vat_json_object_add_uint (node, "is_tunnel_ip6", mp->is_tunnel_ip6); - vat_json_object_add_bytes (node, "crypto_key", mp->crypto_key, - mp->crypto_key_len); - vat_json_object_add_bytes (node, "integ_key", mp->integ_key, - mp->integ_key_len); - if (mp->is_tunnel_ip6) - { - clib_memcpy (&src_ip6, mp->tunnel_src_addr, sizeof (src_ip6)); - vat_json_object_add_ip6 (node, "tunnel_src_addr", src_ip6); - clib_memcpy (&dst_ip6, mp->tunnel_dst_addr, sizeof (dst_ip6)); - vat_json_object_add_ip6 (node, "tunnel_dst_addr", dst_ip6); - } - else - { - clib_memcpy (&src_ip4, mp->tunnel_src_addr, sizeof (src_ip4)); - vat_json_object_add_ip4 (node, "tunnel_src_addr", src_ip4); - clib_memcpy (&dst_ip4, mp->tunnel_dst_addr, sizeof (dst_ip4)); - vat_json_object_add_ip4 (node, "tunnel_dst_addr", dst_ip4); - } + vat_json_object_add_uint (node, "spi", ntohl (mp->entry.spi)); + vat_json_object_add_uint (node, "proto", ntohl (mp->entry.protocol)); + vat_json_object_add_uint (node, "crypto_alg", + ntohl (mp->entry.crypto_algorithm)); + vat_json_object_add_uint (node, "integ_alg", + ntohl (mp->entry.integrity_algorithm)); + flags = ntohl (mp->entry.flags); + vat_json_object_add_uint (node, "use_esn", + ! !(flags & + IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM)); + vat_json_object_add_uint (node, "use_anti_replay", + ! !(flags & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)); + vat_json_object_add_uint (node, "is_tunnel", + ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL)); + vat_json_object_add_uint (node, "is_tunnel_ip6", + ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6)); + vat_json_object_add_uint (node, "udp_encap", + ! !(flags & IPSEC_API_SAD_FLAG_UDP_ENCAP)); + vat_json_object_add_bytes (node, "crypto_key", mp->entry.crypto_key.data, + mp->entry.crypto_key.length); + vat_json_object_add_bytes (node, "integ_key", mp->entry.integrity_key.data, + mp->entry.integrity_key.length); + vat_json_object_add_address (node, &mp->entry.tunnel_src); + vat_json_object_add_address (node, &mp->entry.tunnel_dst); vat_json_object_add_uint (node, "replay_window", clib_net_to_host_u64 (mp->replay_window)); - vat_json_object_add_uint (node, "total_data_size", - clib_net_to_host_u64 (mp->total_data_size)); - } static int @@ -15427,15 +15299,20 @@ api_ipsec_tunnel_if_set_key (vat_main_t * vam) if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index)) ; else - if (unformat (i, "local crypto %U", unformat_ipsec_crypto_alg, &alg)) + if (unformat + (i, "local crypto %U", unformat_ipsec_api_crypto_alg, &alg)) key_type = IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO; else - if (unformat (i, "remote crypto %U", unformat_ipsec_crypto_alg, &alg)) + if (unformat + (i, "remote crypto %U", unformat_ipsec_api_crypto_alg, &alg)) key_type = IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO; - else if (unformat (i, "local integ %U", unformat_ipsec_integ_alg, &alg)) + else + if (unformat + (i, "local integ %U", unformat_ipsec_api_integ_alg, &alg)) key_type = IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG; else - if (unformat (i, "remote integ %U", unformat_ipsec_integ_alg, &alg)) + if (unformat + (i, "remote integ %U", unformat_ipsec_api_integ_alg, &alg)) key_type = IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG; else if (unformat (i, "%U", unformat_hex_string, &key)) ; @@ -15536,720 +15413,83 @@ api_ipsec_tunnel_if_set_sa (vat_main_t * vam) } static int -api_ikev2_profile_add_del (vat_main_t * vam) +api_get_first_msg_id (vat_main_t * vam) { + vl_api_get_first_msg_id_t *mp; unformat_input_t *i = vam->input; - vl_api_ikev2_profile_add_del_t *mp; - u8 is_add = 1; - u8 *name = 0; + u8 *name; + u8 name_set = 0; int ret; - const char *valid_chars = "a-zA-Z0-9_"; - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) { - if (unformat (i, "del")) - is_add = 0; - else if (unformat (i, "name %U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); + if (unformat (i, "client %s", &name)) + name_set = 1; else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } + break; } - if (!vec_len (name)) + if (name_set == 0) { - errmsg ("profile name must be specified"); + errmsg ("missing client name"); return -99; } + vec_add1 (name, 0); - if (vec_len (name) > 64) + if (vec_len (name) > 63) { - errmsg ("profile name too long"); + errmsg ("client name too long"); return -99; } - M (IKEV2_PROFILE_ADD_DEL, mp); - + M (GET_FIRST_MSG_ID, mp); clib_memcpy (mp->name, name, vec_len (name)); - mp->is_add = is_add; - vec_free (name); - S (mp); W (ret); return ret; } static int -api_ikev2_profile_set_auth (vat_main_t * vam) +api_cop_interface_enable_disable (vat_main_t * vam) { - unformat_input_t *i = vam->input; - vl_api_ikev2_profile_set_auth_t *mp; - u8 *name = 0; - u8 *data = 0; - u32 auth_method = 0; - u8 is_hex = 0; + unformat_input_t *line_input = vam->input; + vl_api_cop_interface_enable_disable_t *mp; + u32 sw_if_index = ~0; + u8 enable_disable = 1; int ret; - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { - if (unformat (i, "name %U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else if (unformat (i, "auth_method %U", - unformat_ikev2_auth_method, &auth_method)) + if (unformat (line_input, "disable")) + enable_disable = 0; + if (unformat (line_input, "enable")) + enable_disable = 1; + else if (unformat (line_input, "%U", api_unformat_sw_if_index, + vam, &sw_if_index)) ; - else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data)) - is_hex = 1; - else if (unformat (i, "auth_data %v", &data)) + else if (unformat (line_input, "sw_if_index %d", &sw_if_index)) ; else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } + break; } - if (!vec_len (name)) + if (sw_if_index == ~0) { - errmsg ("profile name must be specified"); + errmsg ("missing interface name or sw_if_index"); return -99; } - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } + /* Construct the API message */ + M (COP_INTERFACE_ENABLE_DISABLE, mp); + mp->sw_if_index = ntohl (sw_if_index); + mp->enable_disable = enable_disable; - if (!vec_len (data)) - { - errmsg ("auth_data must be specified"); - return -99; - } - - if (!auth_method) - { - errmsg ("auth_method must be specified"); - return -99; - } - - M (IKEV2_PROFILE_SET_AUTH, mp); - - mp->is_hex = is_hex; - mp->auth_method = (u8) auth_method; - mp->data_len = vec_len (data); - clib_memcpy (mp->name, name, vec_len (name)); - clib_memcpy (mp->data, data, vec_len (data)); - vec_free (name); - vec_free (data); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_profile_set_id (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_profile_set_id_t *mp; - u8 *name = 0; - u8 *data = 0; - u8 is_local = 0; - u32 id_type = 0; - ip4_address_t ip4; - int ret; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "name %U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else if (unformat (i, "id_type %U", unformat_ikev2_id_type, &id_type)) - ; - else if (unformat (i, "id_data %U", unformat_ip4_address, &ip4)) - { - data = vec_new (u8, 4); - clib_memcpy (data, ip4.as_u8, 4); - } - else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data)) - ; - else if (unformat (i, "id_data %v", &data)) - ; - else if (unformat (i, "local")) - is_local = 1; - else if (unformat (i, "remote")) - is_local = 0; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - if (!vec_len (data)) - { - errmsg ("id_data must be specified"); - return -99; - } - - if (!id_type) - { - errmsg ("id_type must be specified"); - return -99; - } - - M (IKEV2_PROFILE_SET_ID, mp); - - mp->is_local = is_local; - mp->id_type = (u8) id_type; - mp->data_len = vec_len (data); - clib_memcpy (mp->name, name, vec_len (name)); - clib_memcpy (mp->data, data, vec_len (data)); - vec_free (name); - vec_free (data); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_profile_set_ts (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_profile_set_ts_t *mp; - u8 *name = 0; - u8 is_local = 0; - u32 proto = 0, start_port = 0, end_port = (u32) ~ 0; - ip4_address_t start_addr, end_addr; - - const char *valid_chars = "a-zA-Z0-9_"; - int ret; - - start_addr.as_u32 = 0; - end_addr.as_u32 = (u32) ~ 0; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "name %U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else if (unformat (i, "protocol %d", &proto)) - ; - else if (unformat (i, "start_port %d", &start_port)) - ; - else if (unformat (i, "end_port %d", &end_port)) - ; - else - if (unformat (i, "start_addr %U", unformat_ip4_address, &start_addr)) - ; - else if (unformat (i, "end_addr %U", unformat_ip4_address, &end_addr)) - ; - else if (unformat (i, "local")) - is_local = 1; - else if (unformat (i, "remote")) - is_local = 0; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_PROFILE_SET_TS, mp); - - mp->is_local = is_local; - mp->proto = (u8) proto; - mp->start_port = (u16) start_port; - mp->end_port = (u16) end_port; - mp->start_addr = start_addr.as_u32; - mp->end_addr = end_addr.as_u32; - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_set_local_key (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_local_key_t *mp; - u8 *file = 0; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "file %v", &file)) - vec_add1 (file, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (file)) - { - errmsg ("RSA key file must be specified"); - return -99; - } - - if (vec_len (file) > 256) - { - errmsg ("file name too long"); - return -99; - } - - M (IKEV2_SET_LOCAL_KEY, mp); - - clib_memcpy (mp->key_file, file, vec_len (file)); - vec_free (file); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_set_responder (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_responder_t *mp; - int ret; - u8 *name = 0; - u32 sw_if_index = ~0; - ip4_address_t address; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat - (i, "%U interface %d address %U", unformat_token, valid_chars, - &name, &sw_if_index, unformat_ip4_address, &address)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_SET_RESPONDER, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - - mp->sw_if_index = sw_if_index; - clib_memcpy (mp->address, &address, sizeof (address)); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_set_ike_transforms (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_ike_transforms_t *mp; - int ret; - u8 *name = 0; - u32 crypto_alg, crypto_key_size, integ_alg, dh_group; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name, - &crypto_alg, &crypto_key_size, &integ_alg, &dh_group)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_SET_IKE_TRANSFORMS, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - mp->crypto_alg = crypto_alg; - mp->crypto_key_size = crypto_key_size; - mp->integ_alg = integ_alg; - mp->dh_group = dh_group; - - S (mp); - W (ret); - return ret; -} - - -static int -api_ikev2_set_esp_transforms (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_esp_transforms_t *mp; - int ret; - u8 *name = 0; - u32 crypto_alg, crypto_key_size, integ_alg, dh_group; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name, - &crypto_alg, &crypto_key_size, &integ_alg, &dh_group)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_SET_ESP_TRANSFORMS, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - mp->crypto_alg = crypto_alg; - mp->crypto_key_size = crypto_key_size; - mp->integ_alg = integ_alg; - mp->dh_group = dh_group; - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_set_sa_lifetime (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_sa_lifetime_t *mp; - int ret; - u8 *name = 0; - u64 lifetime, lifetime_maxdata; - u32 lifetime_jitter, handover; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name, - &lifetime, &lifetime_jitter, &handover, - &lifetime_maxdata)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_SET_SA_LIFETIME, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - mp->lifetime = lifetime; - mp->lifetime_jitter = lifetime_jitter; - mp->handover = handover; - mp->lifetime_maxdata = lifetime_maxdata; - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_initiate_sa_init (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_initiate_sa_init_t *mp; - int ret; - u8 *name = 0; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_INITIATE_SA_INIT, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_initiate_del_ike_sa (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_initiate_del_ike_sa_t *mp; - int ret; - u64 ispi; - - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%lx", &ispi)) - ; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - M (IKEV2_INITIATE_DEL_IKE_SA, mp); - - mp->ispi = ispi; - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_initiate_del_child_sa (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_initiate_del_child_sa_t *mp; - int ret; - u32 ispi; - - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%x", &ispi)) - ; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - M (IKEV2_INITIATE_DEL_CHILD_SA, mp); - - mp->ispi = ispi; - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_initiate_rekey_child_sa (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_initiate_rekey_child_sa_t *mp; - int ret; - u32 ispi; - - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%x", &ispi)) - ; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - M (IKEV2_INITIATE_REKEY_CHILD_SA, mp); - - mp->ispi = ispi; - - S (mp); - W (ret); - return ret; -} - -static int -api_get_first_msg_id (vat_main_t * vam) -{ - vl_api_get_first_msg_id_t *mp; - unformat_input_t *i = vam->input; - u8 *name; - u8 name_set = 0; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "client %s", &name)) - name_set = 1; - else - break; - } - - if (name_set == 0) - { - errmsg ("missing client name"); - return -99; - } - vec_add1 (name, 0); - - if (vec_len (name) > 63) - { - errmsg ("client name too long"); - return -99; - } - - M (GET_FIRST_MSG_ID, mp); - clib_memcpy (mp->name, name, vec_len (name)); - S (mp); - W (ret); - return ret; -} - -static int -api_cop_interface_enable_disable (vat_main_t * vam) -{ - unformat_input_t *line_input = vam->input; - vl_api_cop_interface_enable_disable_t *mp; - u32 sw_if_index = ~0; - u8 enable_disable = 1; - int ret; - - while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) - { - if (unformat (line_input, "disable")) - enable_disable = 0; - if (unformat (line_input, "enable")) - enable_disable = 1; - else if (unformat (line_input, "%U", api_unformat_sw_if_index, - vam, &sw_if_index)) - ; - else if (unformat (line_input, "sw_if_index %d", &sw_if_index)) - ; - else - break; - } - - if (sw_if_index == ~0) - { - errmsg ("missing interface name or sw_if_index"); - return -99; - } - - /* Construct the API message */ - M (COP_INTERFACE_ENABLE_DISABLE, mp); - mp->sw_if_index = ntohl (sw_if_index); - mp->enable_disable = enable_disable; - - /* send it... */ - S (mp); - /* Wait for the reply */ - W (ret); - return ret; -} + /* send it... */ + S (mp); + /* Wait for the reply */ + W (ret); + return ret; +} static int api_cop_whitelist_enable_disable (vat_main_t * vam) @@ -20167,8 +19407,6 @@ static void vl_api_ip_neighbor_details_t_handler_json vat_main_t *vam = &vat_main; vat_json_node_t *node; - struct in_addr ip4; - struct in6_addr ip6; if (VAT_JSON_ARRAY != vam->json_tree.type) { @@ -20186,17 +19424,7 @@ static void vl_api_ip_neighbor_details_t_handler_json vat_json_object_add_string_copy (node, "link_layer", format (0, "%U", format_vl_api_mac_address, &mp->neighbor.mac_address)); - - if (ADDRESS_IP6 == mp->neighbor.ip_address.af) - { - clib_memcpy (&ip6, &mp->neighbor.ip_address.un.ip6, sizeof (ip6)); - vat_json_object_add_ip6 (node, "ip_address", ip6); - } - else - { - clib_memcpy (&ip4, &mp->neighbor.ip_address.un.ip4, sizeof (ip4)); - vat_json_object_add_ip4 (node, "ip_address", ip4); - } + vat_json_object_add_address (node, &mp->neighbor.ip_address); } static int @@ -22107,7 +21335,7 @@ api_sock_init_shm (vat_main_t * vam) config[6].count = 128; config[6].size = sizeof (uword); - rv = vl_socket_client_init_shm (config); + rv = vl_socket_client_init_shm (config, 1 /* want_pthread */ ); if (!rv) vam->client_index_invalid = 1; return rv; @@ -23239,10 +22467,10 @@ _(ip_dump, "ipv4 | ipv6") \ _(ipsec_spd_add_del, "spd_id [del]") \ _(ipsec_interface_add_del_spd, "( | sw_if_index )\n" \ " spid_id ") \ -_(ipsec_sad_add_del_entry, "sad_id spi crypto_alg \n" \ +_(ipsec_sad_entry_add_del, "sad_id spi crypto_alg \n" \ " crypto_key tunnel_src tunnel_dst \n" \ " integ_alg integ_key ") \ -_(ipsec_spd_add_del_entry, "spd_id priority action \n" \ +_(ipsec_spd_entry_add_del, "spd_id priority action \n" \ " (inbound|outbound) [sa_id ] laddr_start \n" \ " laddr_stop raddr_start raddr_stop \n" \ " [lport_start lport_stop ] [rport_start rport_stop ]" ) \ @@ -23256,23 +22484,6 @@ _(ipsec_sa_dump, "[sa_id ]") \ _(ipsec_tunnel_if_set_key, " \n" \ " \n") \ _(ipsec_tunnel_if_set_sa, " sa_id \n") \ -_(ikev2_profile_add_del, "name [del]") \ -_(ikev2_profile_set_auth, "name auth_method \n" \ - "(auth_data 0x | auth_data )") \ -_(ikev2_profile_set_id, "name id_type \n" \ - "(id_data 0x | id_data ) (local|remote)") \ -_(ikev2_profile_set_ts, "name protocol \n" \ - "start_port end_port start_addr end_addr \n" \ - "(local|remote)") \ -_(ikev2_set_local_key, "file ") \ -_(ikev2_set_responder, " interface address ") \ -_(ikev2_set_ike_transforms, " ") \ -_(ikev2_set_esp_transforms, " ") \ -_(ikev2_set_sa_lifetime, " ") \ -_(ikev2_initiate_sa_init, "") \ -_(ikev2_initiate_del_ike_sa, "") \ -_(ikev2_initiate_del_child_sa, "") \ -_(ikev2_initiate_rekey_child_sa, "") \ _(delete_loopback,"sw_if_index ") \ _(bd_ip_mac_add_del, "bd_id [del]") \ _(bd_ip_mac_flush, "bd_id ") \