X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_api.c;h=767dc82dca7060d20d7eec761adf4ee9c7c53182;hb=d7c030d6065962b433416c679f3b568b096b49e2;hp=11bfa41b4f14c5fa8cd8ee420c75a31af1d4781f;hpb=5b8911020ee5512d76c8daccaa199878ed7cbc01;p=vpp.git diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 11bfa41b4f1..767dc82dca7 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -124,6 +124,7 @@ typedef struct ipsec_dump_walk_ctx_t_ { vl_api_registration_t *reg; u32 context; + u32 sw_if_index; } ipsec_dump_walk_ctx_t; static walk_rc_t @@ -232,7 +233,8 @@ static void vl_api_ipsec_spd_entry_add_del_t_handler p.is_ipv6 = (itype == IP46_TYPE_IP6); - p.protocol = mp->entry.protocol; + p.protocol = + mp->entry.protocol ? mp->entry.protocol : IPSEC_POLICY_PROTOCOL_ANY; p.rport.start = ntohs (mp->entry.remote_port_start); p.rport.stop = ntohs (mp->entry.remote_port_stop); p.lport.start = ntohs (mp->entry.local_port_start); @@ -270,6 +272,65 @@ out: /* *INDENT-ON* */ } +static void +vl_api_ipsec_spd_entry_add_del_v2_t_handler ( + vl_api_ipsec_spd_entry_add_del_v2_t *mp) +{ + vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); + vl_api_ipsec_spd_entry_add_del_reply_t *rmp; + ip46_type_t itype; + u32 stat_index; + int rv; + + stat_index = ~0; + + ipsec_policy_t p; + + clib_memset (&p, 0, sizeof (p)); + + p.id = ntohl (mp->entry.spd_id); + p.priority = ntohl (mp->entry.priority); + + itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start); + ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop); + ip_address_decode (&mp->entry.local_address_start, &p.laddr.start); + ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop); + + p.is_ipv6 = (itype == IP46_TYPE_IP6); + + p.protocol = mp->entry.protocol; + p.rport.start = ntohs (mp->entry.remote_port_start); + p.rport.stop = ntohs (mp->entry.remote_port_stop); + p.lport.start = ntohs (mp->entry.local_port_start); + p.lport.stop = ntohs (mp->entry.local_port_stop); + + rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy); + + if (rv) + goto out; + + /* policy action resolve unsupported */ + if (p.policy == IPSEC_POLICY_ACTION_RESOLVE) + { + clib_warning ("unsupported action: 'resolve'"); + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto out; + } + p.sa_id = ntohl (mp->entry.sa_id); + rv = + ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy, &p.type); + if (rv) + goto out; + + rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index); + if (rv) + goto out; + +out: + REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY, + ({ rmp->stat_index = ntohl (stat_index); })); +} + static void vl_api_ipsec_sad_entry_add_del_t_handler (vl_api_ipsec_sad_entry_add_del_t * mp) { @@ -419,7 +480,7 @@ ipsec_sad_entry_add_v3 (const vl_api_ipsec_sad_entry_v3_t *entry, ipsec_protocol_t proto; ipsec_sa_flags_t flags; u32 id, spi; - tunnel_t tun; + tunnel_t tun = { 0 }; int rv; id = ntohl (entry->sad_id); @@ -713,6 +774,9 @@ send_ipsec_itf_details (ipsec_itf_t *itf, void *arg) ipsec_dump_walk_ctx_t *ctx = arg; vl_api_ipsec_itf_details_t *mp; + if (~0 != ctx->sw_if_index && ctx->sw_if_index != itf->ii_sw_if_index) + return (WALK_CONTINUE); + mp = vl_msg_api_alloc (sizeof (*mp)); clib_memset (mp, 0, sizeof (*mp)); mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_ITF_DETAILS); @@ -738,6 +802,7 @@ vl_api_ipsec_itf_dump_t_handler (vl_api_ipsec_itf_dump_t * mp) ipsec_dump_walk_ctx_t ctx = { .reg = reg, .context = mp->context, + .sw_if_index = ntohl (mp->sw_if_index), }; ipsec_itf_walk (send_ipsec_itf_details, &ctx);