X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_api.c;h=767dc82dca7060d20d7eec761adf4ee9c7c53182;hb=4b4aded6afc8abce602cd826c52ec28beb3b7ec0;hp=5ce64d9a7d6932ae57b61ad790b640152d089f7b;hpb=f16e9a5507c33642ac04d4b1a8712f8fac238828;p=vpp.git diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 5ce64d9a7d6..767dc82dca7 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -29,61 +29,20 @@ #include #include #include - -#include - -#if WITH_LIBSSL > 0 #include #include #include -#endif /* IPSEC */ - -#define vl_typedefs /* define message structures */ -#include -#undef vl_typedefs -#define vl_endianfun /* define message structures */ -#include -#undef vl_endianfun - -/* instantiate all the print functions we know about */ -#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) -#define vl_printfun -#include -#undef vl_printfun +#include +#include +#include +#define REPLY_MSG_ID_BASE ipsec_main.msg_id_base #include -#define foreach_vpe_api_msg \ - _ (IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \ - _ (IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \ - _ (IPSEC_SPD_ENTRY_ADD_DEL, ipsec_spd_entry_add_del) \ - _ (IPSEC_SAD_ENTRY_ADD_DEL, ipsec_sad_entry_add_del) \ - _ (IPSEC_SAD_ENTRY_ADD_DEL_V2, ipsec_sad_entry_add_del_v2) \ - _ (IPSEC_SAD_ENTRY_ADD_DEL_V3, ipsec_sad_entry_add_del_v3) \ - _ (IPSEC_SA_DUMP, ipsec_sa_dump) \ - _ (IPSEC_SA_V2_DUMP, ipsec_sa_v2_dump) \ - _ (IPSEC_SA_V3_DUMP, ipsec_sa_v3_dump) \ - _ (IPSEC_SPDS_DUMP, ipsec_spds_dump) \ - _ (IPSEC_SPD_DUMP, ipsec_spd_dump) \ - _ (IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump) \ - _ (IPSEC_ITF_CREATE, ipsec_itf_create) \ - _ (IPSEC_ITF_DELETE, ipsec_itf_delete) \ - _ (IPSEC_ITF_DUMP, ipsec_itf_dump) \ - _ (IPSEC_SELECT_BACKEND, ipsec_select_backend) \ - _ (IPSEC_BACKEND_DUMP, ipsec_backend_dump) \ - _ (IPSEC_TUNNEL_PROTECT_UPDATE, ipsec_tunnel_protect_update) \ - _ (IPSEC_TUNNEL_PROTECT_DEL, ipsec_tunnel_protect_del) \ - _ (IPSEC_TUNNEL_PROTECT_DUMP, ipsec_tunnel_protect_dump) \ - _ (IPSEC_SET_ASYNC_MODE, ipsec_set_async_mode) - static void vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp) { -#if WITH_LIBSSL == 0 - clib_warning ("unimplemented"); -#else - vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); vl_api_ipsec_spd_add_del_reply_t *rmp; int rv; @@ -91,7 +50,6 @@ vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp) rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add); REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY); -#endif } static void vl_api_ipsec_interface_add_del_spd_t_handler @@ -108,11 +66,7 @@ static void vl_api_ipsec_interface_add_del_spd_t_handler VALIDATE_SW_IF_INDEX (mp); -#if WITH_LIBSSL > 0 rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add); -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif BAD_SW_IF_INDEX_LABEL; @@ -132,8 +86,6 @@ static void vl_api_ipsec_tunnel_protect_update_t_handler VALIDATE_SW_IF_INDEX (&(mp->tunnel)); -#if WITH_LIBSSL > 0 - for (ii = 0; ii < mp->tunnel.n_sa_in; ii++) vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii])); @@ -141,9 +93,6 @@ static void vl_api_ipsec_tunnel_protect_update_t_handler rv = ipsec_tun_protect_update (sw_if_index, &nh, ntohl (mp->tunnel.sa_out), sa_ins); -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif BAD_SW_IF_INDEX_LABEL; @@ -163,12 +112,8 @@ static void vl_api_ipsec_tunnel_protect_del_t_handler VALIDATE_SW_IF_INDEX (mp); -#if WITH_LIBSSL > 0 ip_address_decode2 (&mp->nh, &nh); rv = ipsec_tun_protect_del (sw_if_index, &nh); -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif BAD_SW_IF_INDEX_LABEL; @@ -179,6 +124,7 @@ typedef struct ipsec_dump_walk_ctx_t_ { vl_api_registration_t *reg; u32 context; + u32 sw_if_index; } ipsec_dump_walk_ctx_t; static walk_rc_t @@ -194,7 +140,8 @@ send_ipsec_tunnel_protect_details (index_t itpi, void *arg) mp = vl_msg_api_alloc (sizeof (*mp) + (sizeof (u32) * itp->itp_n_sa_in)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_TUNNEL_PROTECT_DETAILS); + mp->_vl_msg_id = + ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_TUNNEL_PROTECT_DETAILS); mp->context = ctx->context; mp->tun.sw_if_index = htonl (itp->itp_sw_if_index); @@ -222,7 +169,6 @@ vl_api_ipsec_tunnel_protect_dump_t_handler (vl_api_ipsec_tunnel_protect_dump_t vl_api_registration_t *reg; u32 sw_if_index; -#if WITH_LIBSSL > 0 reg = vl_api_client_index_to_registration (mp->client_index); if (!reg) return; @@ -243,9 +189,6 @@ vl_api_ipsec_tunnel_protect_dump_t_handler (vl_api_ipsec_tunnel_protect_dump_t ipsec_tun_protect_walk_itf (sw_if_index, send_ipsec_tunnel_protect_details, &ctx); } -#else - clib_warning ("unimplemented"); -#endif } static int @@ -276,7 +219,6 @@ static void vl_api_ipsec_spd_entry_add_del_t_handler stat_index = ~0; -#if WITH_LIBSSL > 0 ipsec_policy_t p; clib_memset (&p, 0, sizeof (p)); @@ -291,7 +233,8 @@ static void vl_api_ipsec_spd_entry_add_del_t_handler p.is_ipv6 = (itype == IP46_TYPE_IP6); - p.protocol = mp->entry.protocol; + p.protocol = + mp->entry.protocol ? mp->entry.protocol : IPSEC_POLICY_PROTOCOL_ANY; p.rport.start = ntohs (mp->entry.remote_port_start); p.rport.stop = ntohs (mp->entry.remote_port_stop); p.lport.start = ntohs (mp->entry.local_port_start); @@ -320,11 +263,6 @@ static void vl_api_ipsec_spd_entry_add_del_t_handler if (rv) goto out; -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; -#endif - out: /* *INDENT-OFF* */ REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY, @@ -334,6 +272,65 @@ out: /* *INDENT-ON* */ } +static void +vl_api_ipsec_spd_entry_add_del_v2_t_handler ( + vl_api_ipsec_spd_entry_add_del_v2_t *mp) +{ + vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); + vl_api_ipsec_spd_entry_add_del_reply_t *rmp; + ip46_type_t itype; + u32 stat_index; + int rv; + + stat_index = ~0; + + ipsec_policy_t p; + + clib_memset (&p, 0, sizeof (p)); + + p.id = ntohl (mp->entry.spd_id); + p.priority = ntohl (mp->entry.priority); + + itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start); + ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop); + ip_address_decode (&mp->entry.local_address_start, &p.laddr.start); + ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop); + + p.is_ipv6 = (itype == IP46_TYPE_IP6); + + p.protocol = mp->entry.protocol; + p.rport.start = ntohs (mp->entry.remote_port_start); + p.rport.stop = ntohs (mp->entry.remote_port_stop); + p.lport.start = ntohs (mp->entry.local_port_start); + p.lport.stop = ntohs (mp->entry.local_port_stop); + + rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy); + + if (rv) + goto out; + + /* policy action resolve unsupported */ + if (p.policy == IPSEC_POLICY_ACTION_RESOLVE) + { + clib_warning ("unsupported action: 'resolve'"); + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto out; + } + p.sa_id = ntohl (mp->entry.sa_id); + rv = + ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy, &p.type); + if (rv) + goto out; + + rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index); + if (rv) + goto out; + +out: + REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY, + ({ rmp->stat_index = ntohl (stat_index); })); +} + static void vl_api_ipsec_sad_entry_add_del_t_handler (vl_api_ipsec_sad_entry_add_del_t * mp) { @@ -354,9 +351,12 @@ static void vl_api_ipsec_sad_entry_add_del_t_handler }; int rv; -#if WITH_LIBSSL > 0 - id = ntohl (mp->entry.sad_id); + if (!mp->is_add) + { + rv = ipsec_sa_unlock_id (id); + goto out; + } spi = ntohl (mp->entry.spi); rv = ipsec_proto_decode (mp->entry.protocol, &proto); @@ -382,17 +382,10 @@ static void vl_api_ipsec_sad_entry_add_del_t_handler ip_address_decode2 (&mp->entry.tunnel_src, &tun.t_src); ip_address_decode2 (&mp->entry.tunnel_dst, &tun.t_dst); - if (mp->is_add) - rv = ipsec_sa_add_and_lock ( - id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags, - mp->entry.salt, htons (mp->entry.udp_src_port), - htons (mp->entry.udp_dst_port), &tun, &sa_index); - else - rv = ipsec_sa_unlock_id (id); - -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif + rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg, &crypto_key, + integ_alg, &integ_key, flags, mp->entry.salt, + htons (mp->entry.udp_src_port), + htons (mp->entry.udp_dst_port), &tun, &sa_index); out: /* *INDENT-OFF* */ @@ -424,9 +417,13 @@ static void vl_api_ipsec_sad_entry_add_del_v2_t_handler .t_hop_limit = 255, }; -#if WITH_LIBSSL > 0 - id = ntohl (mp->entry.sad_id); + if (!mp->is_add) + { + rv = ipsec_sa_unlock_id (id); + goto out; + } + spi = ntohl (mp->entry.spi); rv = ipsec_proto_decode (mp->entry.protocol, &proto); @@ -459,17 +456,10 @@ static void vl_api_ipsec_sad_entry_add_del_v2_t_handler ip_address_decode2 (&mp->entry.tunnel_src, &tun.t_src); ip_address_decode2 (&mp->entry.tunnel_dst, &tun.t_dst); - if (mp->is_add) rv = ipsec_sa_add_and_lock ( id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags, mp->entry.salt, htons (mp->entry.udp_src_port), htons (mp->entry.udp_dst_port), &tun, &sa_index); - else - rv = ipsec_sa_unlock_id (id); - -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif out: /* *INDENT-OFF* */ @@ -480,70 +470,103 @@ out: /* *INDENT-ON* */ } -static void -vl_api_ipsec_sad_entry_add_del_v3_t_handler ( - vl_api_ipsec_sad_entry_add_del_v3_t *mp) +static int +ipsec_sad_entry_add_v3 (const vl_api_ipsec_sad_entry_v3_t *entry, + u32 *sa_index) { - vl_api_ipsec_sad_entry_add_del_v3_reply_t *rmp; ipsec_key_t crypto_key, integ_key; ipsec_crypto_alg_t crypto_alg; ipsec_integ_alg_t integ_alg; ipsec_protocol_t proto; ipsec_sa_flags_t flags; - u32 id, spi, sa_index = ~0; - tunnel_t tun; + u32 id, spi; + tunnel_t tun = { 0 }; int rv; -#if WITH_LIBSSL > 0 + id = ntohl (entry->sad_id); + spi = ntohl (entry->spi); - id = ntohl (mp->entry.sad_id); - spi = ntohl (mp->entry.spi); - - rv = ipsec_proto_decode (mp->entry.protocol, &proto); + rv = ipsec_proto_decode (entry->protocol, &proto); if (rv) - goto out; + return (rv); - rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg); + rv = ipsec_crypto_algo_decode (entry->crypto_algorithm, &crypto_alg); if (rv) - goto out; + return (rv); - rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg); + rv = ipsec_integ_algo_decode (entry->integrity_algorithm, &integ_alg); if (rv) - goto out; + return (rv); - flags = ipsec_sa_flags_decode (mp->entry.flags); + flags = ipsec_sa_flags_decode (entry->flags); if (flags & IPSEC_SA_FLAG_IS_TUNNEL) { - rv = tunnel_decode (&mp->entry.tunnel, &tun); + rv = tunnel_decode (&entry->tunnel, &tun); if (rv) - goto out; + return (rv); } - ipsec_key_decode (&mp->entry.crypto_key, &crypto_key); - ipsec_key_decode (&mp->entry.integrity_key, &integ_key); + ipsec_key_decode (&entry->crypto_key, &crypto_key); + ipsec_key_decode (&entry->integrity_key, &integ_key); - if (mp->is_add) - rv = ipsec_sa_add_and_lock ( - id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags, - mp->entry.salt, htons (mp->entry.udp_src_port), - htons (mp->entry.udp_dst_port), &tun, &sa_index); - else - rv = ipsec_sa_unlock_id (id); + return ipsec_sa_add_and_lock (id, spi, proto, crypto_alg, &crypto_key, + integ_alg, &integ_key, flags, entry->salt, + htons (entry->udp_src_port), + htons (entry->udp_dst_port), &tun, sa_index); +} + +static void +vl_api_ipsec_sad_entry_add_del_v3_t_handler ( + vl_api_ipsec_sad_entry_add_del_v3_t *mp) +{ + vl_api_ipsec_sad_entry_add_del_v3_reply_t *rmp; + u32 id, sa_index = ~0; + int rv; -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif + id = ntohl (mp->entry.sad_id); + + if (!mp->is_add) + { + rv = ipsec_sa_unlock_id (id); + } + else + { + rv = ipsec_sad_entry_add_v3 (&mp->entry, &sa_index); + } -out: REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V3_REPLY, { rmp->stat_index = htonl (sa_index); }); } +static void +vl_api_ipsec_sad_entry_del_t_handler (vl_api_ipsec_sad_entry_del_t *mp) +{ + vl_api_ipsec_sad_entry_del_reply_t *rmp; + int rv; + + rv = ipsec_sa_unlock_id (ntohl (mp->id)); + + REPLY_MACRO (VL_API_IPSEC_SAD_ENTRY_DEL_REPLY); +} + +static void +vl_api_ipsec_sad_entry_add_t_handler (vl_api_ipsec_sad_entry_add_t *mp) +{ + vl_api_ipsec_sad_entry_add_reply_t *rmp; + u32 sa_index = ~0; + int rv; + + rv = ipsec_sad_entry_add_v3 (&mp->entry, &sa_index); + + REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_REPLY, + { rmp->stat_index = htonl (sa_index); }); +} + static void send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg, u32 context) @@ -553,7 +576,7 @@ send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg, mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPDS_DETAILS); + mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPDS_DETAILS); mp->context = context; mp->spd_id = htonl (spd->id); @@ -571,19 +594,14 @@ vl_api_ipsec_spds_dump_t_handler (vl_api_ipsec_spds_dump_t * mp) vl_api_registration_t *reg; ipsec_main_t *im = &ipsec_main; ipsec_spd_t *spd; -#if WITH_LIBSSL > 0 + reg = vl_api_client_index_to_registration (mp->client_index); if (!reg) return; - /* *INDENT-OFF* */ pool_foreach (spd, im->spds) { send_ipsec_spds_details (spd, reg, mp->context); } - /* *INDENT-ON* */ -#else - clib_warning ("unimplemented"); -#endif } vl_api_ipsec_spd_action_t @@ -610,7 +628,7 @@ send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg, mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS); + mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPD_DETAILS); mp->context = context; mp->entry.spd_id = htonl (p->id); @@ -647,7 +665,7 @@ vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp) ipsec_spd_t *spd; uword *p; u32 spd_index, *ii; -#if WITH_LIBSSL > 0 + reg = vl_api_client_index_to_registration (mp->client_index); if (!reg) return; @@ -659,7 +677,6 @@ vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp) spd_index = p[0]; spd = pool_elt_at_index (im->spds, spd_index); - /* *INDENT-OFF* */ FOR_EACH_IPSEC_SPD_POLICY_TYPE(ptype) { vec_foreach(ii, spd->policies[ptype]) { @@ -669,10 +686,6 @@ vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp) send_ipsec_spd_details (policy, reg, mp->context); } } - /* *INDENT-ON* */ -#else - clib_warning ("unimplemented"); -#endif } static void @@ -683,7 +696,8 @@ send_ipsec_spd_interface_details (vl_api_registration_t * reg, u32 spd_index, mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_INTERFACE_DETAILS); + mp->_vl_msg_id = + ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPD_INTERFACE_DETAILS); mp->context = context; mp->spd_index = htonl (spd_index); @@ -700,7 +714,6 @@ vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t * vl_api_registration_t *reg; u32 k, v, spd_index; -#if WITH_LIBSSL > 0 reg = vl_api_client_index_to_registration (mp->client_index); if (!reg) return; @@ -717,16 +730,10 @@ vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t * } else { - /* *INDENT-OFF* */ hash_foreach(k, v, im->spd_index_by_sw_if_index, ({ send_ipsec_spd_interface_details(reg, v, k, mp->context); })); - /* *INDENT-ON* */ } - -#else - clib_warning ("unimplemented"); -#endif } static void @@ -761,9 +768,44 @@ vl_api_ipsec_itf_delete_t_handler (vl_api_ipsec_itf_delete_t * mp) REPLY_MACRO (VL_API_IPSEC_ITF_DELETE_REPLY); } +static walk_rc_t +send_ipsec_itf_details (ipsec_itf_t *itf, void *arg) +{ + ipsec_dump_walk_ctx_t *ctx = arg; + vl_api_ipsec_itf_details_t *mp; + + if (~0 != ctx->sw_if_index && ctx->sw_if_index != itf->ii_sw_if_index) + return (WALK_CONTINUE); + + mp = vl_msg_api_alloc (sizeof (*mp)); + clib_memset (mp, 0, sizeof (*mp)); + mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_ITF_DETAILS); + mp->context = ctx->context; + + mp->itf.mode = tunnel_mode_encode (itf->ii_mode); + mp->itf.user_instance = htonl (itf->ii_user_instance); + mp->itf.sw_if_index = htonl (itf->ii_sw_if_index); + vl_api_send_msg (ctx->reg, (u8 *) mp); + + return (WALK_CONTINUE); +} + static void vl_api_ipsec_itf_dump_t_handler (vl_api_ipsec_itf_dump_t * mp) { + vl_api_registration_t *reg; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + ipsec_dump_walk_ctx_t ctx = { + .reg = reg, + .context = mp->context, + .sw_if_index = ntohl (mp->sw_if_index), + }; + + ipsec_itf_walk (send_ipsec_itf_details, &ctx); } typedef struct ipsec_sa_dump_match_ctx_t_ @@ -786,7 +828,7 @@ ipsec_sa_dump_match_sa (index_t itpi, void *arg) ctx->sw_if_index = itp->itp_sw_if_index; return (WALK_STOP); } - /* *INDENT-OFF* */ + FOR_EACH_IPSEC_PROTECT_INPUT_SAI (itp, sai, ({ if (sai == ctx->sai) @@ -795,7 +837,6 @@ ipsec_sa_dump_match_sa (index_t itpi, void *arg) return (WALK_STOP); } })); - /* *INDENT-OFF* */ return (WALK_CONTINUE); } @@ -808,7 +849,7 @@ send_ipsec_sa_details (ipsec_sa_t * sa, void *arg) mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS); + mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_DETAILS); mp->context = ctx->context; mp->entry.sad_id = htonl (sa->id); @@ -850,11 +891,11 @@ send_ipsec_sa_details (ipsec_sa_t * sa, void *arg) } mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq)); - mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq)); + mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq)); if (ipsec_sa_is_set_USE_ESN (sa)) { mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi)); - mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi)); + mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi)); } if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) mp->replay_window = clib_host_to_net_u64 (sa->replay_window); @@ -871,7 +912,6 @@ vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp) { vl_api_registration_t *reg; -#if WITH_LIBSSL > 0 reg = vl_api_client_index_to_registration (mp->client_index); if (!reg) return; @@ -882,10 +922,6 @@ vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp) }; ipsec_sa_walk (send_ipsec_sa_details, &ctx); - -#else - clib_warning ("unimplemented"); -#endif } static walk_rc_t @@ -896,7 +932,7 @@ send_ipsec_sa_v2_details (ipsec_sa_t * sa, void *arg) mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_V2_DETAILS); + mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V2_DETAILS); mp->context = ctx->context; mp->entry.sad_id = htonl (sa->id); @@ -942,11 +978,11 @@ send_ipsec_sa_v2_details (ipsec_sa_t * sa, void *arg) mp->entry.dscp = ip_dscp_encode (sa->tunnel.t_dscp); mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq)); - mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq)); + mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq)); if (ipsec_sa_is_set_USE_ESN (sa)) { mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi)); - mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi)); + mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi)); } if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) mp->replay_window = clib_host_to_net_u64 (sa->replay_window); @@ -963,7 +999,6 @@ vl_api_ipsec_sa_v2_dump_t_handler (vl_api_ipsec_sa_v2_dump_t *mp) { vl_api_registration_t *reg; -#if WITH_LIBSSL > 0 reg = vl_api_client_index_to_registration (mp->client_index); if (!reg) return; @@ -974,10 +1009,6 @@ vl_api_ipsec_sa_v2_dump_t_handler (vl_api_ipsec_sa_v2_dump_t *mp) }; ipsec_sa_walk (send_ipsec_sa_v2_details, &ctx); - -#else - clib_warning ("unimplemented"); -#endif } static walk_rc_t @@ -988,7 +1019,7 @@ send_ipsec_sa_v3_details (ipsec_sa_t *sa, void *arg) mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_V3_DETAILS); + mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V3_DETAILS); mp->context = ctx->context; mp->entry.sad_id = htonl (sa->id); @@ -1027,11 +1058,11 @@ send_ipsec_sa_v3_details (ipsec_sa_t *sa, void *arg) } mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq)); - mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq)); + mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq)); if (ipsec_sa_is_set_USE_ESN (sa)) { mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi)); - mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi)); + mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi)); } if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) mp->replay_window = clib_host_to_net_u64 (sa->replay_window); @@ -1048,7 +1079,6 @@ vl_api_ipsec_sa_v3_dump_t_handler (vl_api_ipsec_sa_v3_dump_t *mp) { vl_api_registration_t *reg; -#if WITH_LIBSSL > 0 reg = vl_api_client_index_to_registration (mp->client_index); if (!reg) return; @@ -1059,10 +1089,6 @@ vl_api_ipsec_sa_v3_dump_t_handler (vl_api_ipsec_sa_v3_dump_t *mp) }; ipsec_sa_walk (send_ipsec_sa_v3_details, &ctx); - -#else - clib_warning ("unimplemented"); -#endif } static void @@ -1086,7 +1112,7 @@ vl_api_ipsec_backend_dump_t_handler (vl_api_ipsec_backend_dump_t * mp) pool_foreach (ab, im->ah_backends) { vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS); + mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_BACKEND_DETAILS); mp->context = context; snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (ab->name), ab->name); @@ -1098,7 +1124,7 @@ vl_api_ipsec_backend_dump_t_handler (vl_api_ipsec_backend_dump_t * mp) pool_foreach (eb, im->esp_backends) { vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS); + mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_BACKEND_DETAILS); mp->context = context; snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (eb->name), eb->name); @@ -1128,7 +1154,6 @@ vl_api_ipsec_select_backend_t_handler (vl_api_ipsec_select_backend_t * mp) if (rv) goto done; -#if WITH_LIBSSL > 0 switch (protocol) { case IPSEC_PROTOCOL_ESP: @@ -1141,9 +1166,6 @@ vl_api_ipsec_select_backend_t_handler (vl_api_ipsec_select_backend_t * mp) rv = VNET_API_ERROR_INVALID_PROTOCOL; break; } -#else - clib_warning ("unimplemented"); /* FIXME */ -#endif done: REPLY_MACRO (VL_API_IPSEC_SELECT_BACKEND_REPLY); } @@ -1159,44 +1181,14 @@ vl_api_ipsec_set_async_mode_t_handler (vl_api_ipsec_set_async_mode_t * mp) REPLY_MACRO (VL_API_IPSEC_SET_ASYNC_MODE_REPLY); } -/* - * ipsec_api_hookup - * Add vpe's API message handlers to the table. - * vlib has already mapped shared memory and - * added the client registration handlers. - * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process() - */ -#define vl_msg_name_crc_list -#include -#undef vl_msg_name_crc_list - -static void -setup_message_id_table (api_main_t * am) -{ -#define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id); - foreach_vl_msg_name_crc_ipsec; -#undef _ -} - +#include static clib_error_t * ipsec_api_hookup (vlib_main_t * vm) { - api_main_t *am = vlibapi_get_main (); - -#define _(N,n) \ - vl_msg_api_set_handlers(VL_API_##N, #n, \ - vl_api_##n##_t_handler, \ - vl_noop_handler, \ - vl_api_##n##_t_endian, \ - vl_api_##n##_t_print, \ - sizeof(vl_api_##n##_t), 1); - foreach_vpe_api_msg; -#undef _ - /* * Set up the (msg_name, crc, message-id) table */ - setup_message_id_table (am); + REPLY_MSG_ID_BASE = setup_message_id_table (); return 0; }