X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=vpp%2Fvpp-api%2Fapi.c;h=4ac0afd30269306fffe4fe6dccd48b52ca8ce293;hb=56f32cc3a77d2c7d82e3ee57779abb30e1dd7586;hp=37079ce32c0d6c691c20f217a8d07346c388b25e;hpb=20d1232532e6f6c94c77a125b6c17680e14785b5;p=vpp.git diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c index 37079ce32c0..4ac0afd3026 100644 --- a/vpp/vpp-api/api.c +++ b/vpp/vpp-api/api.c @@ -82,7 +82,6 @@ #include #include #include -#include #include #include #include @@ -95,23 +94,15 @@ #include #endif -#if IPSEC > 0 -#include -#include -#endif /* IPSEC */ - #include #include - #include #include #include - #include #include #include #include - #include #include #include @@ -120,23 +111,18 @@ #include #include #include - #define vl_typedefs /* define message structures */ #include #undef vl_typedefs - #define vl_endianfun /* define message structures */ #include #undef vl_endianfun - /* instantiate all the print functions we know about */ #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) #define vl_printfun #include #undef vl_printfun - #include - #define foreach_vpe_api_msg \ _(WANT_OAM_EVENTS, want_oam_events) \ _(OAM_ADD_DEL, oam_add_del) \ @@ -195,16 +181,6 @@ _(INTERFACE_NAME_RENUMBER, interface_name_renumber) \ _(WANT_IP4_ARP_EVENTS, want_ip4_arp_events) \ _(WANT_IP6_ND_EVENTS, want_ip6_nd_events) \ _(INPUT_ACL_SET_INTERFACE, input_acl_set_interface) \ -_(IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \ -_(IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \ -_(IPSEC_SPD_ADD_DEL_ENTRY, ipsec_spd_add_del_entry) \ -_(IPSEC_SAD_ADD_DEL_ENTRY, ipsec_sad_add_del_entry) \ -_(IPSEC_SA_SET_KEY, ipsec_sa_set_key) \ -_(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del) \ -_(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth) \ -_(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id) \ -_(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts) \ -_(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key) \ _(DELETE_LOOPBACK, delete_loopback) \ _(BD_IP_MAC_ADD_DEL, bd_ip_mac_add_del) \ _(COP_INTERFACE_ENABLE_DISABLE, cop_interface_enable_disable) \ @@ -273,19 +249,15 @@ _(IP_SOURCE_AND_PORT_RANGE_CHECK_ADD_DEL, \ ip_source_and_port_range_check_add_del) \ _(IP_SOURCE_AND_PORT_RANGE_CHECK_INTERFACE_ADD_DEL, \ ip_source_and_port_range_check_interface_add_del) \ -_(IPSEC_GRE_ADD_DEL_TUNNEL, ipsec_gre_add_del_tunnel) \ -_(IPSEC_GRE_TUNNEL_DUMP, ipsec_gre_tunnel_dump) \ _(DELETE_SUBIF, delete_subif) \ _(L2_INTERFACE_PBB_TAG_REWRITE, l2_interface_pbb_tag_rewrite) \ _(PUNT, punt) \ _(FLOW_CLASSIFY_SET_INTERFACE, flow_classify_set_interface) \ _(FLOW_CLASSIFY_DUMP, flow_classify_dump) \ -_(IPSEC_SPD_DUMP, ipsec_spd_dump) \ _(FEATURE_ENABLE_DISABLE, feature_enable_disable) #define QUOTE_(x) #x #define QUOTE(x) QUOTE_(x) - typedef enum { RESOLVE_IP4_ADD_DEL_ROUTE = 1, @@ -4545,354 +4517,6 @@ static void vl_api_input_acl_set_interface_t_handler REPLY_MACRO (VL_API_INPUT_ACL_SET_INTERFACE_REPLY); } -static void vl_api_ipsec_spd_add_del_t_handler - (vl_api_ipsec_spd_add_del_t * mp) -{ -#if IPSEC == 0 - clib_warning ("unimplemented"); -#else - - vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); - vl_api_ipsec_spd_add_del_reply_t *rmp; - int rv; - -#if DPDK > 0 - rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add); -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif - - REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY); -#endif -} - -static void vl_api_ipsec_interface_add_del_spd_t_handler - (vl_api_ipsec_interface_add_del_spd_t * mp) -{ - vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); - vl_api_ipsec_interface_add_del_spd_reply_t *rmp; - int rv; - u32 sw_if_index __attribute__ ((unused)); - u32 spd_id __attribute__ ((unused)); - - sw_if_index = ntohl (mp->sw_if_index); - spd_id = ntohl (mp->spd_id); - - VALIDATE_SW_IF_INDEX (mp); - -#if IPSEC > 0 - rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add); -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif - - BAD_SW_IF_INDEX_LABEL; - - REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY); -} - -static void vl_api_ipsec_spd_add_del_entry_t_handler - (vl_api_ipsec_spd_add_del_entry_t * mp) -{ - vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); - vl_api_ipsec_spd_add_del_entry_reply_t *rmp; - int rv; - -#if IPSEC > 0 - ipsec_policy_t p; - - memset (&p, 0, sizeof (p)); - - p.id = ntohl (mp->spd_id); - p.priority = ntohl (mp->priority); - p.is_outbound = mp->is_outbound; - p.is_ipv6 = mp->is_ipv6; - - if (mp->is_ipv6 || mp->is_ip_any) - { - clib_memcpy (&p.raddr.start, mp->remote_address_start, 16); - clib_memcpy (&p.raddr.stop, mp->remote_address_stop, 16); - clib_memcpy (&p.laddr.start, mp->local_address_start, 16); - clib_memcpy (&p.laddr.stop, mp->local_address_stop, 16); - } - else - { - clib_memcpy (&p.raddr.start.ip4.data, mp->remote_address_start, 4); - clib_memcpy (&p.raddr.stop.ip4.data, mp->remote_address_stop, 4); - clib_memcpy (&p.laddr.start.ip4.data, mp->local_address_start, 4); - clib_memcpy (&p.laddr.stop.ip4.data, mp->local_address_stop, 4); - } - p.protocol = mp->protocol; - p.rport.start = ntohs (mp->remote_port_start); - p.rport.stop = ntohs (mp->remote_port_stop); - p.lport.start = ntohs (mp->local_port_start); - p.lport.stop = ntohs (mp->local_port_stop); - /* policy action resolve unsupported */ - if (mp->policy == IPSEC_POLICY_ACTION_RESOLVE) - { - clib_warning ("unsupported action: 'resolve'"); - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; - } - p.policy = mp->policy; - p.sa_id = ntohl (mp->sa_id); - - rv = ipsec_add_del_policy (vm, &p, mp->is_add); - if (rv) - goto out; - - if (mp->is_ip_any) - { - p.is_ipv6 = 1; - rv = ipsec_add_del_policy (vm, &p, mp->is_add); - } -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; -#endif - -out: - REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_ENTRY_REPLY); -} - -static void vl_api_ipsec_sad_add_del_entry_t_handler - (vl_api_ipsec_sad_add_del_entry_t * mp) -{ - vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); - vl_api_ipsec_sad_add_del_entry_reply_t *rmp; - int rv; -#if IPSEC > 0 - ipsec_sa_t sa; - - memset (&sa, 0, sizeof (sa)); - - sa.id = ntohl (mp->sad_id); - sa.spi = ntohl (mp->spi); - /* security protocol AH unsupported */ - if (mp->protocol == IPSEC_PROTOCOL_AH) - { - clib_warning ("unsupported security protocol 'AH'"); - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; - } - sa.protocol = mp->protocol; - /* check for unsupported crypto-alg */ - if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 || - mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG) - { - clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg, - mp->crypto_algorithm); - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; - } - sa.crypto_alg = mp->crypto_algorithm; - sa.crypto_key_len = mp->crypto_key_length; - clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key)); - /* check for unsupported integ-alg */ -#if DPDK_CRYPTO==1 - if (mp->integrity_algorithm < IPSEC_INTEG_ALG_NONE || -#else - if (mp->integrity_algorithm < IPSEC_INTEG_ALG_SHA1_96 || -#endif - mp->integrity_algorithm >= IPSEC_INTEG_N_ALG) - { - clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg, - mp->integrity_algorithm); - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; - } - -#if DPDK_CRYPTO==1 - /*Special cases, aes-gcm-128 encryption */ - if (mp->crypto_algorithm == IPSEC_CRYPTO_ALG_AES_GCM_128) - { - if (mp->integrity_algorithm != IPSEC_INTEG_ALG_NONE - && mp->integrity_algorithm != IPSEC_INTEG_ALG_AES_GCM_128) - { - clib_warning - ("unsupported: aes-gcm-128 crypto-alg needs none as integ-alg"); - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; - } - else /*set integ-alg internally to aes-gcm-128 */ - mp->integrity_algorithm = IPSEC_INTEG_ALG_AES_GCM_128; - } - else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_AES_GCM_128) - { - clib_warning ("unsupported integ-alg: aes-gcm-128"); - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; - } - else if (mp->integrity_algorithm == IPSEC_INTEG_ALG_NONE) - { - clib_warning ("unsupported integ-alg: none"); - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; - } -#endif - - sa.integ_alg = mp->integrity_algorithm; - sa.integ_key_len = mp->integrity_key_length; - clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key)); - sa.use_esn = mp->use_extended_sequence_number; - sa.is_tunnel = mp->is_tunnel; - sa.is_tunnel_ip6 = mp->is_tunnel_ipv6; - if (sa.is_tunnel_ip6) - { - clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16); - clib_memcpy (&sa.tunnel_dst_addr, mp->tunnel_dst_address, 16); - } - else - { - clib_memcpy (&sa.tunnel_src_addr.ip4.data, mp->tunnel_src_address, 4); - clib_memcpy (&sa.tunnel_dst_addr.ip4.data, mp->tunnel_dst_address, 4); - } - - rv = ipsec_add_del_sa (vm, &sa, mp->is_add); -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; - goto out; -#endif - -out: - REPLY_MACRO (VL_API_IPSEC_SAD_ADD_DEL_ENTRY_REPLY); -} - -static void -vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp) -{ - vl_api_ikev2_profile_add_del_reply_t *rmp; - int rv = 0; - -#if IPSEC > 0 - vlib_main_t *vm = vlib_get_main (); - clib_error_t *error; - u8 *tmp = format (0, "%s", mp->name); - error = ikev2_add_del_profile (vm, tmp, mp->is_add); - vec_free (tmp); - if (error) - rv = VNET_API_ERROR_UNSPECIFIED; -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif - - REPLY_MACRO (VL_API_IKEV2_PROFILE_ADD_DEL_REPLY); -} - -static void - vl_api_ikev2_profile_set_auth_t_handler - (vl_api_ikev2_profile_set_auth_t * mp) -{ - vl_api_ikev2_profile_set_auth_reply_t *rmp; - int rv = 0; - -#if IPSEC > 0 - vlib_main_t *vm = vlib_get_main (); - clib_error_t *error; - u8 *tmp = format (0, "%s", mp->name); - u8 *data = vec_new (u8, mp->data_len); - clib_memcpy (data, mp->data, mp->data_len); - error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex); - vec_free (tmp); - vec_free (data); - if (error) - rv = VNET_API_ERROR_UNSPECIFIED; -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif - - REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_AUTH_REPLY); -} - -static void -vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp) -{ - vl_api_ikev2_profile_add_del_reply_t *rmp; - int rv = 0; - -#if IPSEC > 0 - vlib_main_t *vm = vlib_get_main (); - clib_error_t *error; - u8 *tmp = format (0, "%s", mp->name); - u8 *data = vec_new (u8, mp->data_len); - clib_memcpy (data, mp->data, mp->data_len); - error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local); - vec_free (tmp); - vec_free (data); - if (error) - rv = VNET_API_ERROR_UNSPECIFIED; -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif - - REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY); -} - -static void -vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp) -{ - vl_api_ikev2_profile_set_ts_reply_t *rmp; - int rv = 0; - -#if IPSEC > 0 - vlib_main_t *vm = vlib_get_main (); - clib_error_t *error; - u8 *tmp = format (0, "%s", mp->name); - error = ikev2_set_profile_ts (vm, tmp, mp->proto, mp->start_port, - mp->end_port, (ip4_address_t) mp->start_addr, - (ip4_address_t) mp->end_addr, mp->is_local); - vec_free (tmp); - if (error) - rv = VNET_API_ERROR_UNSPECIFIED; -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif - - REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_TS_REPLY); -} - -static void -vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp) -{ - vl_api_ikev2_profile_set_ts_reply_t *rmp; - int rv = 0; - -#if IPSEC > 0 - vlib_main_t *vm = vlib_get_main (); - clib_error_t *error; - - error = ikev2_set_local_key (vm, mp->key_file); - if (error) - rv = VNET_API_ERROR_UNSPECIFIED; -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif - - REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY); -} - -static void -vl_api_ipsec_sa_set_key_t_handler (vl_api_ipsec_sa_set_key_t * mp) -{ - vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); - vl_api_ipsec_sa_set_key_reply_t *rmp; - int rv; -#if IPSEC > 0 - ipsec_sa_t sa; - sa.id = ntohl (mp->sa_id); - sa.crypto_key_len = mp->crypto_key_length; - clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key)); - sa.integ_key_len = mp->integrity_key_length; - clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key)); - - rv = ipsec_set_sa_key (vm, &sa); -#else - rv = VNET_API_ERROR_UNIMPLEMENTED; -#endif - - REPLY_MACRO (VL_API_IPSEC_SA_SET_KEY_REPLY); -} - static void vl_api_cop_interface_enable_disable_t_handler (vl_api_cop_interface_enable_disable_t * mp) { @@ -6107,97 +5731,6 @@ reply: REPLY_MACRO (VL_API_IP_SOURCE_AND_PORT_RANGE_CHECK_INTERFACE_ADD_DEL_REPLY); } -static void -vl_api_ipsec_gre_add_del_tunnel_t_handler (vl_api_ipsec_gre_add_del_tunnel_t * - mp) -{ - vl_api_ipsec_gre_add_del_tunnel_reply_t *rmp; - int rv = 0; - vnet_ipsec_gre_add_del_tunnel_args_t _a, *a = &_a; - u32 sw_if_index = ~0; - - /* Check src & dst are different */ - if (memcmp (mp->src_address, mp->dst_address, 4) == 0) - { - rv = VNET_API_ERROR_SAME_SRC_DST; - goto out; - } - - memset (a, 0, sizeof (*a)); - - /* ip addresses sent in network byte order */ - clib_memcpy (&(a->src), mp->src_address, 4); - clib_memcpy (&(a->dst), mp->dst_address, 4); - a->is_add = mp->is_add; - a->lsa = ntohl (mp->local_sa_id); - a->rsa = ntohl (mp->remote_sa_id); - - rv = vnet_ipsec_gre_add_del_tunnel (a, &sw_if_index); - -out: - /* *INDENT-OFF* */ - REPLY_MACRO2(VL_API_GRE_ADD_DEL_TUNNEL_REPLY, - ({ - rmp->sw_if_index = ntohl (sw_if_index); - })); - /* *INDENT-ON* */ -} - -static void send_ipsec_gre_tunnel_details - (ipsec_gre_tunnel_t * t, unix_shared_memory_queue_t * q, u32 context) -{ - vl_api_ipsec_gre_tunnel_details_t *rmp; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = ntohs (VL_API_IPSEC_GRE_TUNNEL_DETAILS); - clib_memcpy (rmp->src_address, &(t->tunnel_src), 4); - clib_memcpy (rmp->dst_address, &(t->tunnel_dst), 4); - rmp->sw_if_index = htonl (t->sw_if_index); - rmp->local_sa_id = htonl (t->local_sa_id); - rmp->remote_sa_id = htonl (t->remote_sa_id); - rmp->context = context; - - vl_msg_api_send_shmem (q, (u8 *) & rmp); -} - -static void vl_api_ipsec_gre_tunnel_dump_t_handler - (vl_api_ipsec_gre_tunnel_dump_t * mp) -{ - unix_shared_memory_queue_t *q; - ipsec_gre_main_t *igm = &ipsec_gre_main; - ipsec_gre_tunnel_t *t; - u32 sw_if_index; - - q = vl_api_client_index_to_input_queue (mp->client_index); - if (q == 0) - { - return; - } - - sw_if_index = ntohl (mp->sw_if_index); - - if (~0 == sw_if_index) - { - /* *INDENT-OFF* */ - pool_foreach (t, igm->tunnels, - ({ - send_ipsec_gre_tunnel_details(t, q, mp->context); - })); - /* *INDENT-ON* */ - } - else - { - if ((sw_if_index >= vec_len (igm->tunnel_index_by_sw_if_index)) || - (~0 == igm->tunnel_index_by_sw_if_index[sw_if_index])) - { - return; - } - t = &igm->tunnels[igm->tunnel_index_by_sw_if_index[sw_if_index]]; - send_ipsec_gre_tunnel_details (t, q, mp->context); - } -} - static void vl_api_delete_subif_t_handler (vl_api_delete_subif_t * mp) { @@ -6332,82 +5865,6 @@ vl_api_flow_classify_dump_t_handler (vl_api_flow_classify_dump_t * mp) } } -static void -send_ipsec_spd_details (ipsec_policy_t * p, unix_shared_memory_queue_t * q, - u32 context) -{ - vl_api_ipsec_spd_details_t *mp; - - mp = vl_msg_api_alloc (sizeof (*mp)); - memset (mp, 0, sizeof (*mp)); - mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS); - mp->context = context; - - mp->spd_id = htonl (p->id); - mp->priority = htonl (p->priority); - mp->is_outbound = p->is_outbound; - mp->is_ipv6 = p->is_ipv6; - if (p->is_ipv6) - { - memcpy (mp->local_start_addr, &p->laddr.start.ip6, 16); - memcpy (mp->local_stop_addr, &p->laddr.stop.ip6, 16); - memcpy (mp->remote_start_addr, &p->raddr.start.ip6, 16); - memcpy (mp->remote_stop_addr, &p->raddr.stop.ip6, 16); - } - else - { - memcpy (mp->local_start_addr, &p->laddr.start.ip4, 4); - memcpy (mp->local_stop_addr, &p->laddr.stop.ip4, 4); - memcpy (mp->remote_start_addr, &p->raddr.start.ip4, 4); - memcpy (mp->remote_stop_addr, &p->raddr.stop.ip4, 4); - } - mp->local_start_port = htons (p->lport.start); - mp->local_stop_port = htons (p->lport.stop); - mp->remote_start_port = htons (p->rport.start); - mp->remote_stop_port = htons (p->rport.stop); - mp->protocol = p->protocol; - mp->policy = p->policy; - mp->sa_id = htonl (p->sa_id); - mp->bytes = clib_host_to_net_u64 (p->counter.bytes); - mp->packets = clib_host_to_net_u64 (p->counter.packets); - - vl_msg_api_send_shmem (q, (u8 *) & mp); -} - -static void -vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp) -{ - unix_shared_memory_queue_t *q; - ipsec_main_t *im = &ipsec_main; - ipsec_policy_t *policy; - ipsec_spd_t *spd; - uword *p; - u32 spd_index; -#if IPSEC > 0 - q = vl_api_client_index_to_input_queue (mp->client_index); - if (q == 0) - return; - - p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id)); - if (!p) - return; - - spd_index = p[0]; - spd = pool_elt_at_index (im->spds, spd_index); - - /* *INDENT-OFF* */ - pool_foreach (policy, spd->policies, - ({ - if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id) - send_ipsec_spd_details (policy, q, - mp->context);} - )); - /* *INDENT-ON* */ -#else - clib_warning ("unimplemented"); -#endif -} - static void vl_api_feature_enable_disable_t_handler (vl_api_feature_enable_disable_t * mp) {