2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #include <vlib/vlib.h>
16 #include <vnet/vnet.h>
17 #include <vppinfra/error.h>
18 #include <vnet/ipsec/ipsec_sa.h>
19 #include <plugins/ikev2/ikev2.h>
20 #include <plugins/ikev2/ikev2_priv.h>
23 format_ikev2_id_type_and_data (u8 * s, va_list * args)
25 ikev2_id_t *id = va_arg (*args, ikev2_id_t *);
27 if (id->type == 0 || vec_len (id->data) == 0)
28 return format (s, "none");
30 s = format (s, "id-type %U data ", format_ikev2_id_type, id->type);
34 case IKEV2_ID_TYPE_ID_IPV4_ADDR:
35 s = format (s, "%U", format_ip4_address, id->data);
37 case IKEV2_ID_TYPE_ID_IPV6_ADDR:
38 s = format (s, "%U", format_ip6_address, id->data);
40 case IKEV2_ID_TYPE_ID_FQDN: /* fallthrough */
41 case IKEV2_ID_TYPE_ID_RFC822_ADDR:
42 s = format (s, "%v", id->data);
45 s = format (s, "0x%U", format_hex_bytes, &id->data,
46 (uword) (vec_len (id->data)));
54 format_ikev2_traffic_selector (u8 * s, va_list * va)
56 ikev2_ts_t *ts = va_arg (*va, ikev2_ts_t *);
57 u32 index = va_arg (*va, u32);
59 s = format (s, "%u type %u protocol_id %u addr "
60 "%U - %U port %u - %u\n",
61 index, ts->ts_type, ts->protocol_id,
62 format_ip_address, &ts->start_addr,
63 format_ip_address, &ts->end_addr,
64 clib_net_to_host_u16 (ts->start_port),
65 clib_net_to_host_u16 (ts->end_port));
70 format_ikev2_child_sa (u8 * s, va_list * va)
72 ikev2_child_sa_t *child = va_arg (*va, ikev2_child_sa_t *);
73 u32 index = va_arg (*va, u32);
75 ikev2_sa_transform_t *tr;
77 vlib_main_t *vm = vlib_get_main ();
79 u32 indent = format_get_indent (s);
82 s = format (s, "child sa %u:", index);
84 s = format (s, "\n uptime: %f (s)\n ",
85 vlib_time_now (vm) - child->timestamp);
87 tr = ikev2_sa_get_td_for_type (child->r_proposals,
88 IKEV2_TRANSFORM_TYPE_ENCR);
89 c = format (c, "%U ", format_ikev2_sa_transform, tr);
91 tr = ikev2_sa_get_td_for_type (child->r_proposals,
92 IKEV2_TRANSFORM_TYPE_INTEG);
93 c = format (c, "%U ", format_ikev2_sa_transform, tr);
95 tr = ikev2_sa_get_td_for_type (child->r_proposals,
96 IKEV2_TRANSFORM_TYPE_ESN);
97 c = format (c, "%U ", format_ikev2_sa_transform, tr);
99 s = format (s, "%v\n", c);
102 s = format (s, "%Uspi(i) %lx spi(r) %lx\n", format_white_space, indent,
103 child->i_proposals ? child->i_proposals[0].spi : 0,
104 child->r_proposals ? child->r_proposals[0].spi : 0);
106 s = format (s, "%USK_e i:%U\n%Ur:%U\n",
107 format_white_space, indent,
108 format_hex_bytes, child->sk_ei, vec_len (child->sk_ei),
109 format_white_space, indent + 6,
110 format_hex_bytes, child->sk_er, vec_len (child->sk_er));
113 s = format (s, "%USK_a i:%U\n%Ur:%U\n",
114 format_white_space, indent,
115 format_hex_bytes, child->sk_ai, vec_len (child->sk_ai),
116 format_white_space, indent + 6,
117 format_hex_bytes, child->sk_ar, vec_len (child->sk_ar));
119 s = format (s, "%Utraffic selectors (i):", format_white_space, indent);
120 vec_foreach (ts, child->tsi)
121 s = format (s, "%U", format_ikev2_traffic_selector, ts, ts - child->tsi);
122 s = format (s, "%Utraffic selectors (r):", format_white_space, indent);
123 vec_foreach (ts, child->tsr)
124 s = format (s, "%U", format_ikev2_traffic_selector, ts, ts - child->tsr);
128 static char *stateNames[] = {
129 #define _(v, f, s) s,
135 format_ikev2_sa (u8 * s, va_list * va)
137 ikev2_sa_t *sa = va_arg (*va, ikev2_sa_t *);
138 int details = va_arg (*va, int);
139 ikev2_sa_transform_t *tr;
140 ikev2_child_sa_t *child;
142 vlib_main_t *vm = vlib_get_main ();
144 ikev2_main_t *km = &ikev2_main;
147 p = pool_elt_at_index (km->profiles, sa->profile_index);
149 s = format (s, "iip %U ispi %lx rip %U rspi %lx",
150 format_ip_address, &sa->iaddr, sa->ispi,
151 format_ip_address, &sa->raddr, sa->rspi);
155 s = format (s, "\n%U", format_white_space, indent);
157 tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
158 s = format (s, "%U ", format_ikev2_sa_transform, tr);
160 tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
161 s = format (s, "%U ", format_ikev2_sa_transform, tr);
163 tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
164 s = format (s, "%U ", format_ikev2_sa_transform, tr);
166 tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_DH);
167 s = format (s, "%U", format_ikev2_sa_transform, tr);
169 s = format (s, "\n profile: %v", p->name);
171 if (sa->state <= IKEV2_STATE_NO_PROPOSAL_CHOSEN)
173 s = format (s, "\n state: %s", stateNames[sa->state]);
177 format (s, "\n uptime: %f (s)\n", vlib_time_now (vm) - sa->auth_timestamp);
179 s = format (s, "\n%U", format_white_space, indent);
181 s = format (s, "nonce i:%U\n%Ur:%U\n",
182 format_hex_bytes, sa->i_nonce, vec_len (sa->i_nonce),
183 format_white_space, indent + 6,
184 format_hex_bytes, sa->r_nonce, vec_len (sa->r_nonce));
186 s = format (s, "%USK_d %U\n", format_white_space, indent,
187 format_hex_bytes, sa->sk_d, vec_len (sa->sk_d));
190 s = format (s, "%USK_a i:%U\n%Ur:%U\n",
191 format_white_space, indent,
192 format_hex_bytes, sa->sk_ai, vec_len (sa->sk_ai),
193 format_white_space, indent + 6,
194 format_hex_bytes, sa->sk_ar, vec_len (sa->sk_ar));
196 s = format (s, "%USK_e i:%U\n%Ur:%U\n",
197 format_white_space, indent,
198 format_hex_bytes, sa->sk_ei, vec_len (sa->sk_ei),
199 format_white_space, indent + 6,
200 format_hex_bytes, sa->sk_er, vec_len (sa->sk_er));
201 s = format (s, "%USK_p i:%U\n%Ur:%U\n",
202 format_white_space, indent,
203 format_hex_bytes, sa->sk_pi, vec_len (sa->sk_pi),
204 format_white_space, indent + 6,
205 format_hex_bytes, sa->sk_pr, vec_len (sa->sk_pr));
207 s = format (s, "%Uidentifier (i) %U\n",
208 format_white_space, indent,
209 format_ikev2_id_type_and_data, &sa->i_id);
210 s = format (s, "%Uidentifier (r) %U\n",
211 format_white_space, indent,
212 format_ikev2_id_type_and_data, &sa->r_id);
214 vec_foreach (child, sa->childs)
216 s = format (s, "%U%U", format_white_space, indent + 2,
217 format_ikev2_child_sa, child, child - sa->childs);
220 s = format (s, "Stats:\n");
221 s = format (s, " keepalives :%u\n", sa->stats.n_keepalives);
222 s = format (s, " rekey :%u\n", sa->stats.n_rekey_req);
223 s = format (s, " SA init :%u (retransmit: %u)\n", sa->stats.n_sa_init_req,
224 sa->stats.n_init_retransmit);
225 s = format (s, " retransmit: %u\n", sa->stats.n_retransmit);
226 s = format (s, " SA auth :%u\n", sa->stats.n_sa_auth_req);
231 static clib_error_t *
232 show_ikev2_sa_command_fn (vlib_main_t * vm,
233 unformat_input_t * input, vlib_cli_command_t * cmd)
235 unformat_input_t _line_input, *line_input = &_line_input;
236 ikev2_main_t *km = &ikev2_main;
237 ikev2_main_per_thread_data_t *tkm;
241 int details = 0, show_one = 0;
243 if (unformat_user (input, unformat_line_input, line_input))
245 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
247 if (unformat (line_input, "rspi %lx", &rspi))
251 else if (unformat (line_input, "details"))
256 unformat_free (line_input);
259 vec_foreach (tkm, km->per_thread_data)
261 pool_foreach (sa, tkm->sas) {
264 if (sa->rspi == rspi)
266 s = format (s, "%U\n", format_ikev2_sa, sa, 1);
271 s = format (s, "%U\n", format_ikev2_sa, sa, details);
275 vlib_cli_output (vm, "%v", s);
280 VLIB_CLI_COMMAND (show_ikev2_sa_command, static) = {
281 .path = "show ikev2 sa",
282 .short_help = "show ikev2 sa [rspi <rspi>] [details]",
283 .function = show_ikev2_sa_command_fn,
286 static clib_error_t *
287 ikev2_disable_dpd_command_fn (vlib_main_t * vm,
288 unformat_input_t * input,
289 vlib_cli_command_t * cmd)
291 ikev2_disable_dpd ();
295 VLIB_CLI_COMMAND (ikev2_cli_disable_dpd_command, static) = {
296 .path = "ikev2 dpd disable",
297 .short_help = "ikev2 dpd disable",
298 .function = ikev2_disable_dpd_command_fn,
302 unformat_ikev2_token (unformat_input_t * input, va_list * va)
304 u8 **string_return = va_arg (*va, u8 **);
305 const char *token_chars = "a-zA-Z0-9_";
308 /* if string_return was already allocated (eg. because of a previous
309 * partial match with a successful unformat_token()), we must free it
310 * before reusing the pointer, otherwise we'll be leaking memory
312 vec_free (*string_return);
315 return unformat_user (input, unformat_token, token_chars, string_return);
318 static clib_error_t *
319 ikev2_profile_add_del_command_fn (vlib_main_t * vm,
320 unformat_input_t * input,
321 vlib_cli_command_t * cmd)
323 vnet_main_t *vnm = vnet_get_main ();
324 unformat_input_t _line_input, *line_input = &_line_input;
329 u32 tmp1, tmp2, tmp3;
331 ip_address_t ip, end_addr;
332 u32 responder_sw_if_index = (u32) ~ 0;
333 u32 tun_sw_if_index = (u32) ~ 0;
334 ikev2_transform_encr_type_t crypto_alg;
335 ikev2_transform_integ_type_t integ_alg;
336 ikev2_transform_dh_type_t dh_type;
338 if (!unformat_user (input, unformat_line_input, line_input))
341 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
343 if (unformat (line_input, "add %U", unformat_ikev2_token, &name))
345 r = ikev2_add_del_profile (vm, name, 1);
348 else if (unformat (line_input, "del %U", unformat_ikev2_token, &name))
350 r = ikev2_add_del_profile (vm, name, 0);
353 else if (unformat (line_input, "set %U auth shared-key-mic string %v",
354 unformat_ikev2_token, &name, &data))
357 ikev2_set_profile_auth (vm, name,
358 IKEV2_AUTH_METHOD_SHARED_KEY_MIC, data,
362 else if (unformat (line_input, "set %U auth shared-key-mic hex %U",
363 unformat_ikev2_token, &name,
364 unformat_hex_string, &data))
367 ikev2_set_profile_auth (vm, name,
368 IKEV2_AUTH_METHOD_SHARED_KEY_MIC, data,
372 else if (unformat (line_input, "set %U auth rsa-sig cert-file %v",
373 unformat_ikev2_token, &name, &data))
376 ikev2_set_profile_auth (vm, name, IKEV2_AUTH_METHOD_RSA_SIG, data,
380 else if (unformat (line_input, "set %U id local %U %U",
381 unformat_ikev2_token, &name,
382 unformat_ikev2_id_type, &id_type,
383 unformat_ip_address, &ip))
385 data = vec_new (u8, ip_address_size (&ip));
386 clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
388 ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
391 else if (unformat (line_input, "set %U id local %U 0x%U",
392 unformat_ikev2_token, &name,
393 unformat_ikev2_id_type, &id_type,
394 unformat_hex_string, &data))
397 ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
400 else if (unformat (line_input, "set %U id local %U %v",
401 unformat_ikev2_token, &name,
402 unformat_ikev2_id_type, &id_type, &data))
405 ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
408 else if (unformat (line_input, "set %U id remote %U %U",
409 unformat_ikev2_token, &name,
410 unformat_ikev2_id_type, &id_type,
411 unformat_ip_address, &ip))
413 data = vec_new (u8, ip_address_size (&ip));
414 clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
415 r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
419 else if (unformat (line_input, "set %U id remote %U 0x%U",
420 unformat_ikev2_token, &name,
421 unformat_ikev2_id_type, &id_type,
422 unformat_hex_string, &data))
424 r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
428 else if (unformat (line_input, "set %U id remote %U %v",
429 unformat_ikev2_token, &name,
430 unformat_ikev2_id_type, &id_type, &data))
432 r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
436 else if (unformat (line_input, "set %U traffic-selector local "
437 "ip-range %U - %U port-range %u - %u protocol %u",
438 unformat_ikev2_token, &name,
439 unformat_ip_address, &ip,
440 unformat_ip_address, &end_addr, &tmp1, &tmp2, &tmp3))
443 ikev2_set_profile_ts (vm, name, (u8) tmp3, (u16) tmp1, (u16) tmp2,
444 ip, end_addr, /*local */ 1);
447 else if (unformat (line_input, "set %U traffic-selector remote "
448 "ip-range %U - %U port-range %u - %u protocol %u",
449 unformat_ikev2_token, &name,
450 unformat_ip_address, &ip,
451 unformat_ip_address, &end_addr, &tmp1, &tmp2, &tmp3))
454 ikev2_set_profile_ts (vm, name, (u8) tmp3, (u16) tmp1, (u16) tmp2,
455 ip, end_addr, /*remote */ 0);
458 else if (unformat (line_input, "set %U responder %U %U",
459 unformat_ikev2_token, &name,
460 unformat_vnet_sw_interface, vnm,
461 &responder_sw_if_index, unformat_ip_address, &ip))
464 ikev2_set_profile_responder (vm, name, responder_sw_if_index, ip);
467 else if (unformat (line_input, "set %U responder %U %v",
468 unformat_ikev2_token, &name,
469 unformat_vnet_sw_interface, vnm,
470 &responder_sw_if_index, &data))
472 r = ikev2_set_profile_responder_hostname (vm, name, data,
473 responder_sw_if_index);
476 else if (unformat (line_input, "set %U tunnel %U",
477 unformat_ikev2_token, &name,
478 unformat_vnet_sw_interface, vnm, &tun_sw_if_index))
480 r = ikev2_set_profile_tunnel_interface (vm, name, tun_sw_if_index);
486 "set %U ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U",
487 unformat_ikev2_token, &name,
488 unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
489 unformat_ikev2_transform_integ_type, &integ_alg,
490 unformat_ikev2_transform_dh_type, &dh_type))
493 ikev2_set_profile_ike_transforms (vm, name, crypto_alg, integ_alg,
500 "set %U ike-crypto-alg %U %u ike-dh %U",
501 unformat_ikev2_token, &name,
502 unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
503 unformat_ikev2_transform_dh_type, &dh_type))
506 ikev2_set_profile_ike_transforms (vm, name, crypto_alg,
507 IKEV2_TRANSFORM_INTEG_TYPE_NONE,
514 "set %U esp-crypto-alg %U %u esp-integ-alg %U",
515 unformat_ikev2_token, &name,
516 unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
517 unformat_ikev2_transform_integ_type, &integ_alg))
520 ikev2_set_profile_esp_transforms (vm, name, crypto_alg, integ_alg,
526 "set %U esp-crypto-alg %U %u",
527 unformat_ikev2_token, &name,
528 unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1))
531 ikev2_set_profile_esp_transforms (vm, name, crypto_alg, 0, tmp1);
534 else if (unformat (line_input, "set %U sa-lifetime %lu %u %u %lu",
535 unformat_ikev2_token, &name,
536 &tmp4, &tmp1, &tmp2, &tmp5))
539 ikev2_set_profile_sa_lifetime (vm, name, tmp4, tmp1, tmp2, tmp5);
542 else if (unformat (line_input, "set %U udp-encap",
543 unformat_ikev2_token, &name))
545 r = ikev2_set_profile_udp_encap (vm, name);
548 else if (unformat (line_input, "set %U ipsec-over-udp port %u",
549 unformat_ikev2_token, &name, &tmp1))
551 int rv = ikev2_set_profile_ipsec_udp_port (vm, name, tmp1, 1);
553 r = clib_error_return (0, "Error: %U", format_vnet_api_errno, rv);
556 else if (unformat (line_input, "set %U disable natt",
557 unformat_ikev2_token, &name))
559 r = ikev2_profile_natt_disable (name);
566 r = clib_error_return (0, "parse error: '%U'",
567 format_unformat_error, line_input);
572 unformat_free (line_input);
576 VLIB_CLI_COMMAND (ikev2_profile_add_del_command, static) = {
577 .path = "ikev2 profile",
579 "ikev2 profile [add|del] <id>\n"
580 "ikev2 profile set <id> auth [rsa-sig|shared-key-mic] [cert-file|string|hex]"
582 "ikev2 profile set <id> id <local|remote> <type> <data>\n"
583 "ikev2 profile set <id> tunnel <interface>\n"
584 "ikev2 profile set <id> udp-encap\n"
585 "ikev2 profile set <id> traffic-selector <local|remote> ip-range "
586 "<start-addr> - <end-addr> port-range <start-port> - <end-port> "
587 "protocol <protocol-number>\n"
588 "ikev2 profile set <id> responder <interface> <addr>\n"
589 "ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>\n"
590 "ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> "
591 "[esp-integ-alg <integ alg>]\n"
592 "ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>"
593 "ikev2 profile set <id> disable natt\n",
594 .function = ikev2_profile_add_del_command_fn,
597 static clib_error_t *
598 show_ikev2_profile_command_fn (vlib_main_t * vm,
599 unformat_input_t * input,
600 vlib_cli_command_t * cmd)
602 ikev2_main_t *km = &ikev2_main;
605 pool_foreach (p, km->profiles) {
606 vlib_cli_output(vm, "profile %v", p->name);
611 vlib_cli_output(vm, " auth-method %U auth data 0x%U",
612 format_ikev2_auth_method, p->auth.method,
613 format_hex_bytes, p->auth.data, vec_len(p->auth.data));
615 vlib_cli_output(vm, " auth-method %U auth data %v",
616 format_ikev2_auth_method, p->auth.method, p->auth.data);
620 vlib_cli_output(vm, " local %U", format_ikev2_id_type_and_data, &p->loc_id);
623 vlib_cli_output(vm, " remote %U", format_ikev2_id_type_and_data, &p->rem_id);
625 if (!ip_address_is_zero (&p->loc_ts.start_addr))
626 vlib_cli_output(vm, " local traffic-selector addr %U - %U port %u - %u"
628 format_ip_address, &p->loc_ts.start_addr,
629 format_ip_address, &p->loc_ts.end_addr,
630 p->loc_ts.start_port, p->loc_ts.end_port,
631 p->loc_ts.protocol_id);
633 if (!ip_address_is_zero (&p->rem_ts.start_addr))
634 vlib_cli_output(vm, " remote traffic-selector addr %U - %U port %u - %u"
636 format_ip_address, &p->rem_ts.start_addr,
637 format_ip_address, &p->rem_ts.end_addr,
638 p->rem_ts.start_port, p->rem_ts.end_port,
639 p->rem_ts.protocol_id);
640 if (~0 != p->tun_itf)
641 vlib_cli_output(vm, " protected tunnel %U",
642 format_vnet_sw_if_index_name, vnet_get_main(), p->tun_itf);
643 if (~0 != p->responder.sw_if_index)
644 vlib_cli_output (vm, " responder %U %U %v",
645 format_vnet_sw_if_index_name, vnet_get_main (),
646 p->responder.sw_if_index, format_ip_address,
647 &p->responder.addr, p->responder.hostname);
649 vlib_cli_output(vm, " udp-encap");
651 if (p->natt_disabled)
652 vlib_cli_output(vm, " NAT-T disabled");
654 if (p->ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
655 vlib_cli_output(vm, " ipsec-over-udp port %d", p->ipsec_over_udp_port);
657 if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_type || p->ike_ts.crypto_key_size)
658 vlib_cli_output(vm, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U",
659 format_ikev2_transform_encr_type, p->ike_ts.crypto_alg, p->ike_ts.crypto_key_size,
660 format_ikev2_transform_integ_type, p->ike_ts.integ_alg,
661 format_ikev2_transform_dh_type, p->ike_ts.dh_type);
663 if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg || p->esp_ts.dh_type)
664 vlib_cli_output(vm, " esp-crypto-alg %U %u esp-integ-alg %U",
665 format_ikev2_transform_encr_type, p->esp_ts.crypto_alg, p->esp_ts.crypto_key_size,
666 format_ikev2_transform_integ_type, p->esp_ts.integ_alg);
668 vlib_cli_output(vm, " lifetime %d jitter %d handover %d maxdata %d",
669 p->lifetime, p->lifetime_jitter, p->handover, p->lifetime_maxdata);
675 VLIB_CLI_COMMAND (show_ikev2_profile_command, static) = {
676 .path = "show ikev2 profile",
677 .short_help = "show ikev2 profile",
678 .function = show_ikev2_profile_command_fn,
681 static clib_error_t *
682 set_ikev2_liveness_period_fn (vlib_main_t * vm,
683 unformat_input_t * input,
684 vlib_cli_command_t * cmd)
686 unformat_input_t _line_input, *line_input = &_line_input;
688 u32 period = 0, max_retries = 0;
690 if (!unformat_user (input, unformat_line_input, line_input))
693 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
695 if (unformat (line_input, "%d %d", &period, &max_retries))
697 r = ikev2_set_liveness_params (period, max_retries);
704 r = clib_error_return (0, "parse error: '%U'",
705 format_unformat_error, line_input);
708 unformat_free (line_input);
712 VLIB_CLI_COMMAND (set_ikev2_liveness_command, static) = {
713 .path = "ikev2 set liveness",
714 .short_help = "ikev2 set liveness <period> <max-retires>",
715 .function = set_ikev2_liveness_period_fn,
718 static clib_error_t *
719 set_ikev2_local_key_command_fn (vlib_main_t * vm,
720 unformat_input_t * input,
721 vlib_cli_command_t * cmd)
723 unformat_input_t _line_input, *line_input = &_line_input;
727 if (!unformat_user (input, unformat_line_input, line_input))
730 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
732 if (unformat (line_input, "%s", &data))
734 r = ikev2_set_local_key (vm, data);
741 r = clib_error_return (0, "parse error: '%U'",
742 format_unformat_error, line_input);
746 unformat_free (line_input);
750 VLIB_CLI_COMMAND (set_ikev2_local_key_command, static) = {
751 .path = "set ikev2 local key",
753 "set ikev2 local key <file>",
754 .function = set_ikev2_local_key_command_fn,
758 static clib_error_t *
759 ikev2_initiate_command_fn (vlib_main_t * vm,
760 unformat_input_t * input, vlib_cli_command_t * cmd)
762 unformat_input_t _line_input, *line_input = &_line_input;
768 if (!unformat_user (input, unformat_line_input, line_input))
771 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
773 if (unformat (line_input, "sa-init %U", unformat_ikev2_token, &name))
775 r = ikev2_initiate_sa_init (vm, name);
778 else if (unformat (line_input, "del-child-sa %x", &tmp1))
780 r = ikev2_initiate_delete_child_sa (vm, tmp1);
783 else if (unformat (line_input, "del-sa %lx", &tmp2))
785 r = ikev2_initiate_delete_ike_sa (vm, tmp2);
788 else if (unformat (line_input, "rekey-child-sa %x", &tmp1))
790 r = ikev2_initiate_rekey_child_sa (vm, tmp1);
797 r = clib_error_return (0, "parse error: '%U'",
798 format_unformat_error, line_input);
802 unformat_free (line_input);
806 VLIB_CLI_COMMAND (ikev2_initiate_command, static) = {
807 .path = "ikev2 initiate",
809 "ikev2 initiate sa-init <profile id>\n"
810 "ikev2 initiate del-child-sa <child sa ispi>\n"
811 "ikev2 initiate del-sa <sa ispi>\n"
812 "ikev2 initiate rekey-child-sa <child sa ispi>\n",
813 .function = ikev2_initiate_command_fn,
816 static clib_error_t *
817 ikev2_set_log_level_command_fn (vlib_main_t * vm,
818 unformat_input_t * input,
819 vlib_cli_command_t * cmd)
821 unformat_input_t _line_input, *line_input = &_line_input;
822 u32 log_level = IKEV2_LOG_NONE;
823 clib_error_t *error = 0;
825 /* Get a line of input. */
826 if (!unformat_user (input, unformat_line_input, line_input))
829 if (!unformat (line_input, "%d", &log_level))
831 error = clib_error_return (0, "unknown input '%U'",
832 format_unformat_error, line_input);
835 int rc = ikev2_set_log_level (log_level);
837 error = clib_error_return (0, "setting log level failed!");
840 unformat_free (line_input);
844 VLIB_CLI_COMMAND (ikev2_set_log_level_command, static) = {
845 .path = "ikev2 set logging level",
846 .function = ikev2_set_log_level_command_fn,
847 .short_help = "ikev2 set logging level <0-5>",
851 * fd.io coding-style-patch-verification: ON
854 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob