2 *------------------------------------------------------------------
5 * Copyright (c) 2014-2016 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
21 #include <vlibapi/api.h>
22 #include <vlibmemory/api.h>
23 #include <vppinfra/error.h>
24 #include <vnet/ipsec/ipsec_sa.h>
25 #include <plugins/ikev2/ikev2.h>
26 #include <vnet/ip/ip_types_api.h>
28 #define __plugin_msg_base ikev2_test_main.msg_id_base
29 #include <vlibapi/vat_helper_macros.h>
31 /* Declare message IDs */
32 #include <vnet/format_fns.h>
33 #include <ikev2/ikev2.api_enum.h>
34 #include <ikev2/ikev2.api_types.h>
35 #include <vlibmemory/vlib.api_types.h>
37 #define vl_endianfun /* define message structures */
38 #include <plugins/ikev2/ikev2.api.h>
43 /* API message ID base */
49 static const char *valid_chars = "a-zA-Z0-9_";
50 ikev2_test_main_t ikev2_test_main;
53 unformat_ikev2_auth_method (unformat_input_t * input, va_list * args)
55 u32 *r = va_arg (*args, u32 *);
58 #define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f;
59 foreach_ikev2_auth_method
68 unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
70 u32 *r = va_arg (*args, u32 *);
73 #define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f;
81 #define MACRO_FORMAT(lc) \
82 u8 * format_ikev2_##lc (u8 * s, va_list * args) \
84 u32 i = va_arg (*args, u32); \
89 return format (s, "unknown (%u)", i); \
91 s = format (s, "%s", t); \
95 #define _(v,f,str) case IKEV2_AUTH_METHOD_##f: t = str; break;
96 MACRO_FORMAT (auth_method)
98 #define _(v,f,str) case IKEV2_ID_TYPE_##f: t = str; break;
99 MACRO_FORMAT (id_type)
101 #define _(v,f,str) case IKEV2_TRANSFORM_TYPE_##f: t = str; break;
102 MACRO_FORMAT (transform_type)
104 #define _(v,f,str) case IKEV2_TRANSFORM_ENCR_TYPE_##f: t = str; break;
105 MACRO_FORMAT (transform_encr_type)
107 #define _(v,f,str) case IKEV2_TRANSFORM_PRF_TYPE_##f: t = str; break;
108 MACRO_FORMAT (transform_prf_type)
110 #define _(v,f,str) case IKEV2_TRANSFORM_INTEG_TYPE_##f: t = str; break;
111 MACRO_FORMAT (transform_integ_type)
113 #define _(v,f,str) case IKEV2_TRANSFORM_DH_TYPE_##f: t = str; break;
114 MACRO_FORMAT (transform_dh_type)
116 #define _(v,f,str) case IKEV2_TRANSFORM_ESN_TYPE_##f: t = str; break;
117 MACRO_FORMAT (transform_esn_type)
119 u8 *format_ikev2_id_type_and_data (u8 * s, va_list * args)
121 vl_api_ikev2_id_t *id = va_arg (*args, vl_api_ikev2_id_t *);
124 return format (s, "none");
126 s = format (s, "%U", format_ikev2_id_type, id->type);
131 return format (s, "none");
132 case IKEV2_ID_TYPE_ID_FQDN:
133 s = format (s, " %s", id->data);
135 case IKEV2_ID_TYPE_ID_RFC822_ADDR:
136 s = format (s, " %s", id->data);
138 case IKEV2_ID_TYPE_ID_IPV4_ADDR:
139 s = format (s, " %U", format_ip_address, id->data);
141 case IKEV2_ID_TYPE_ID_KEY_ID:
142 s = format (s, " 0x%U", format_hex_bytes, id->data, id->data_len);
145 s = format (s, " %s", id->data);
152 format_ikev2_sa_transform (u8 * s, va_list * args)
154 vl_api_ikev2_sa_transform_t *tr =
155 va_arg (*args, vl_api_ikev2_sa_transform_t *);
160 if (tr->transform_type >= IKEV2_TRANSFORM_NUM_TYPES)
163 s = format (s, "%U:", format_ikev2_transform_type, tr->transform_type);
165 switch (tr->transform_type)
167 case IKEV2_TRANSFORM_TYPE_ENCR:
169 format (s, "%U", format_ikev2_transform_encr_type, tr->transform_id);
171 case IKEV2_TRANSFORM_TYPE_PRF:
172 s = format (s, "%U", format_ikev2_transform_prf_type, tr->transform_id);
174 case IKEV2_TRANSFORM_TYPE_INTEG:
176 format (s, "%U", format_ikev2_transform_integ_type, tr->transform_id);
178 case IKEV2_TRANSFORM_TYPE_DH:
179 s = format (s, "%U", format_ikev2_transform_dh_type, tr->transform_id);
181 case IKEV2_TRANSFORM_TYPE_ESN:
182 s = format (s, "%U", format_ikev2_transform_esn_type, tr->transform_id);
188 if (tr->transform_type == IKEV2_TRANSFORM_TYPE_ENCR &&
189 tr->transform_id == IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC && tr->key_len)
190 s = format (s, "-%u", tr->key_len * 8);
196 api_ikev2_profile_disable_natt (vat_main_t * vam)
198 unformat_input_t *i = vam->input;
199 vl_api_ikev2_profile_disable_natt_t *mp;
203 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
205 if (unformat (i, "%U", unformat_token, valid_chars, &name))
209 errmsg ("parse error '%U'", format_unformat_error, i);
216 errmsg ("profile name must be specified");
220 if (vec_len (name) > 64)
222 errmsg ("profile name too long");
226 M (IKEV2_PROFILE_DISABLE_NATT, mp);
228 clib_memcpy (mp->name, name, vec_len (name));
237 api_ikev2_profile_dump (vat_main_t * vam)
239 ikev2_test_main_t *ik = &ikev2_test_main;
240 vl_api_ikev2_profile_dump_t *mp;
241 vl_api_control_ping_t *mp_ping;
244 /* Construct the API message */
245 M (IKEV2_PROFILE_DUMP, mp);
250 /* Use a control ping for synchronization */
252 ik->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
253 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
254 mp_ping->_vl_msg_id = htons (ik->ping_id);
255 mp_ping->client_index = vam->my_client_index;
257 vam->result_ready = 0;
260 /* Wait for a reply... */
265 static void vl_api_ikev2_profile_details_t_handler
266 (vl_api_ikev2_profile_details_t * mp)
268 vat_main_t *vam = ikev2_test_main.vat_main;
269 vl_api_ikev2_profile_t *p = &mp->profile;
271 fformat (vam->ofp, "profile %s\n", p->name);
276 fformat (vam->ofp, " auth-method %U auth data 0x%U\n",
277 format_ikev2_auth_method, p->auth.method,
278 format_hex_bytes, p->auth.data,
279 clib_net_to_host_u32 (p->auth.data_len));
281 fformat (vam->ofp, " auth-method %U auth data %v\n",
282 format_ikev2_auth_method, p->auth.method, format (0,
290 fformat (vam->ofp, " local id-type data %U\n",
291 format_ikev2_id_type_and_data, &p->loc_id);
296 fformat (vam->ofp, " remote id-type data %U\n",
297 format_ikev2_id_type_and_data, &p->rem_id);
300 fformat (vam->ofp, " local traffic-selector addr %U - %U port %u - %u"
302 format_ip_address, &p->loc_ts.start_addr,
303 format_ip_address, &p->loc_ts.end_addr,
304 clib_net_to_host_u16 (p->loc_ts.start_port),
305 clib_net_to_host_u16 (p->loc_ts.end_port), p->loc_ts.protocol_id);
307 fformat (vam->ofp, " remote traffic-selector addr %U - %U port %u - %u"
309 format_ip_address, &p->rem_ts.start_addr,
310 format_ip_address, &p->rem_ts.end_addr,
311 clib_net_to_host_u16 (p->rem_ts.start_port),
312 clib_net_to_host_u16 (p->rem_ts.end_port), p->rem_ts.protocol_id);
313 u32 tun_itf = clib_net_to_host_u32 (p->tun_itf);
315 fformat (vam->ofp, " protected tunnel idx %d\n", tun_itf);
317 u32 sw_if_index = clib_net_to_host_u32 (p->responder.sw_if_index);
318 if (~0 != sw_if_index)
319 fformat (vam->ofp, " responder idx %d %U\n",
320 sw_if_index, format_ip_address, &p->responder.addr);
323 fformat (vam->ofp, " udp-encap\n");
325 if (p->natt_disabled)
326 fformat (vam->ofp, " NAT-T disabled\n");
328 u32 ipsec_over_udp_port = clib_net_to_host_u16 (p->ipsec_over_udp_port);
329 if (ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
330 fformat (vam->ofp, " ipsec-over-udp port %d\n", ipsec_over_udp_port);
332 u32 crypto_key_size = clib_net_to_host_u32 (p->ike_ts.crypto_key_size);
333 if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_group
335 fformat (vam->ofp, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U\n",
336 format_ikev2_transform_encr_type, p->ike_ts.crypto_alg,
337 crypto_key_size, format_ikev2_transform_integ_type,
338 p->ike_ts.integ_alg, format_ikev2_transform_dh_type,
341 crypto_key_size = clib_net_to_host_u32 (p->esp_ts.crypto_key_size);
342 if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg)
343 fformat (vam->ofp, " esp-crypto-alg %U %u esp-integ-alg %U\n",
344 format_ikev2_transform_encr_type, p->esp_ts.crypto_alg,
346 format_ikev2_transform_integ_type, p->esp_ts.integ_alg);
348 fformat (vam->ofp, " lifetime %d jitter %d handover %d maxdata %d\n",
349 clib_net_to_host_u64 (p->lifetime),
350 clib_net_to_host_u32 (p->lifetime_jitter),
351 clib_net_to_host_u32 (p->handover),
352 clib_net_to_host_u64 (p->lifetime_maxdata));
354 vam->result_ready = 1;
358 api_ikev2_sa_dump (vat_main_t * vam)
360 ikev2_test_main_t *im = &ikev2_test_main;
361 vl_api_ikev2_sa_dump_t *mp;
362 vl_api_control_ping_t *mp_ping;
365 /* Construct the API message */
366 M (IKEV2_SA_DUMP, mp);
371 /* Use a control ping for synchronization */
373 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
374 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
375 mp_ping->_vl_msg_id = htons (im->ping_id);
376 mp_ping->client_index = vam->my_client_index;
377 vam->result_ready = 0;
381 /* Wait for a reply... */
387 vl_api_ikev2_sa_details_t_handler (vl_api_ikev2_sa_details_t * mp)
389 vat_main_t *vam = ikev2_test_main.vat_main;
390 vl_api_ikev2_sa_t *sa = &mp->sa;
393 vl_api_ikev2_keys_t *k = &sa->keys;
394 vl_api_ikev2_sa_t_endian (sa);
396 ip_address_decode2 (&sa->iaddr, &iaddr);
397 ip_address_decode2 (&sa->raddr, &raddr);
399 fformat (vam->ofp, "profile index %u sa index: %d\n", mp->sa.profile_index,
401 fformat (vam->ofp, " iip %U ispi %lx rip %U rspi %lx\n", format_ip_address,
402 &iaddr, sa->ispi, format_ip_address, &raddr, sa->rspi);
403 fformat (vam->ofp, " %U ", format_ikev2_sa_transform, &sa->encryption);
404 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->prf);
405 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->integrity);
406 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &sa->dh);
408 fformat (vam->ofp, " SK_d %U\n", format_hex_bytes, k->sk_d, k->sk_d_len);
410 fformat (vam->ofp, " SK_a i:%U\n r:%U\n", format_hex_bytes,
411 k->sk_ai, k->sk_ai_len, format_hex_bytes, k->sk_ar, k->sk_ar_len);
413 fformat (vam->ofp, " SK_e i:%U\n r:%U\n", format_hex_bytes,
414 k->sk_ei, k->sk_ei_len, format_hex_bytes, k->sk_er, k->sk_er_len);
416 fformat (vam->ofp, " SK_p i:%U\n r:%U\n", format_hex_bytes,
417 k->sk_pi, k->sk_pi_len, format_hex_bytes, k->sk_pr, k->sk_pr_len);
419 fformat (vam->ofp, " identifier (i) %U\n", format_ikev2_id_type_and_data,
421 fformat (vam->ofp, " identifier (r) %U\n", format_ikev2_id_type_and_data,
424 vam->result_ready = 1;
428 api_ikev2_sa_v2_dump (vat_main_t *vam)
430 ikev2_test_main_t *im = &ikev2_test_main;
431 vl_api_ikev2_sa_v2_dump_t *mp;
432 vl_api_control_ping_t *mp_ping;
435 /* Construct the API message */
436 M (IKEV2_SA_V2_DUMP, mp);
441 /* Use a control ping for synchronization */
443 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
444 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
445 mp_ping->_vl_msg_id = htons (im->ping_id);
446 mp_ping->client_index = vam->my_client_index;
447 vam->result_ready = 0;
451 /* Wait for a reply... */
457 vl_api_ikev2_sa_v2_details_t_handler (vl_api_ikev2_sa_v2_details_t *mp)
459 vat_main_t *vam = ikev2_test_main.vat_main;
460 vl_api_ikev2_sa_v2_t *sa = &mp->sa;
463 vl_api_ikev2_keys_t *k = &sa->keys;
464 vl_api_ikev2_sa_v2_t_endian (sa);
466 ip_address_decode2 (&sa->iaddr, &iaddr);
467 ip_address_decode2 (&sa->raddr, &raddr);
469 fformat (vam->ofp, "profile name %s sa index: %d\n", mp->sa.profile_name,
471 fformat (vam->ofp, " iip %U ispi %lx rip %U rspi %lx\n", format_ip_address,
472 &iaddr, sa->ispi, format_ip_address, &raddr, sa->rspi);
473 fformat (vam->ofp, " %U ", format_ikev2_sa_transform, &sa->encryption);
474 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->prf);
475 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->integrity);
476 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &sa->dh);
478 fformat (vam->ofp, " SK_d %U\n",
479 format_hex_bytes, k->sk_d, k->sk_d_len);
481 fformat (vam->ofp, " SK_a i:%U\n r:%U\n",
482 format_hex_bytes, k->sk_ai, k->sk_ai_len, format_hex_bytes,
483 k->sk_ar, k->sk_ar_len);
485 fformat (vam->ofp, " SK_e i:%U\n r:%U\n", format_hex_bytes,
486 k->sk_ei, k->sk_ei_len, format_hex_bytes, k->sk_er, k->sk_er_len);
488 fformat (vam->ofp, " SK_p i:%U\n r:%U\n", format_hex_bytes,
489 k->sk_pi, k->sk_pi_len, format_hex_bytes, k->sk_pr, k->sk_pr_len);
491 fformat (vam->ofp, " identifier (i) %U\n",
492 format_ikev2_id_type_and_data, &sa->i_id);
493 fformat (vam->ofp, " identifier (r) %U\n",
494 format_ikev2_id_type_and_data, &sa->r_id);
496 vam->result_ready = 1;
500 api_ikev2_child_sa_dump (vat_main_t * vam)
502 unformat_input_t *i = vam->input;
503 ikev2_test_main_t *im = &ikev2_test_main;
504 vl_api_ikev2_child_sa_dump_t *mp;
505 vl_api_control_ping_t *mp_ping;
509 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
511 if (unformat (i, "sa_index %d", &sa_index))
515 errmsg ("parse error '%U'", format_unformat_error, i);
523 /* Construct the API message */
524 M (IKEV2_CHILD_SA_DUMP, mp);
526 mp->sa_index = clib_net_to_host_u32 (sa_index);
531 /* Use a control ping for synchronization */
533 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
534 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
535 mp_ping->_vl_msg_id = htons (im->ping_id);
536 mp_ping->client_index = vam->my_client_index;
537 vam->result_ready = 0;
541 /* Wait for a reply... */
547 vl_api_ikev2_child_sa_details_t_handler (vl_api_ikev2_child_sa_details_t * mp)
549 vat_main_t *vam = ikev2_test_main.vat_main;
550 vl_api_ikev2_child_sa_t *child_sa = &mp->child_sa;
551 vl_api_ikev2_keys_t *k = &child_sa->keys;
552 vl_api_ikev2_child_sa_t_endian (child_sa);
554 fformat (vam->ofp, " child sa %u:\n", child_sa->child_sa_index);
556 fformat (vam->ofp, " %U ", format_ikev2_sa_transform,
557 &child_sa->encryption);
558 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &child_sa->integrity);
559 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &child_sa->esn);
561 fformat (vam->ofp, " spi(i) %lx spi(r) %lx\n",
562 child_sa->i_spi, child_sa->r_spi);
564 fformat (vam->ofp, " SK_e i:%U\n r:%U\n",
565 format_hex_bytes, k->sk_ei, k->sk_ei_len,
566 format_hex_bytes, k->sk_er, k->sk_er_len);
569 fformat (vam->ofp, " SK_a i:%U\n r:%U\n",
570 format_hex_bytes, k->sk_ai, k->sk_ai_len,
571 format_hex_bytes, k->sk_ar, k->sk_ar_len);
573 vam->result_ready = 1;
577 api_ikev2_traffic_selector_dump (vat_main_t * vam)
579 unformat_input_t *i = vam->input;
580 ikev2_test_main_t *im = &ikev2_test_main;
581 vl_api_ikev2_traffic_selector_dump_t *mp;
582 vl_api_control_ping_t *mp_ping;
583 int is_initiator = ~0;
585 int child_sa_index = ~0;
588 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
590 if (unformat (i, "initiator"))
592 else if (unformat (i, "responder"))
594 else if (unformat (i, "sa_index %d", &sa_index))
596 else if (unformat (i, "child_sa_index %d", &child_sa_index))
600 errmsg ("parse error '%U'", format_unformat_error, i);
605 if (child_sa_index == ~0 || sa_index == ~0 || is_initiator == ~0)
608 /* Construct the API message */
609 M (IKEV2_TRAFFIC_SELECTOR_DUMP, mp);
611 mp->is_initiator = is_initiator;
612 mp->sa_index = clib_host_to_net_u32 (sa_index);
613 mp->child_sa_index = clib_host_to_net_u32 (child_sa_index);
618 /* Use a control ping for synchronization */
620 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
621 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
622 mp_ping->_vl_msg_id = htons (im->ping_id);
623 mp_ping->client_index = vam->my_client_index;
624 vam->result_ready = 0;
628 /* Wait for a reply... */
634 vl_api_ikev2_traffic_selector_details_t_handler
635 (vl_api_ikev2_traffic_selector_details_t * mp)
637 vat_main_t *vam = ikev2_test_main.vat_main;
638 vl_api_ikev2_ts_t *ts = &mp->ts;
639 ip_address_t start_addr, end_addr;
640 vl_api_ikev2_ts_t_endian (ts);
642 ip_address_decode2 (&ts->start_addr, &start_addr);
643 ip_address_decode2 (&ts->end_addr, &end_addr);
645 fformat (vam->ofp, " %s protocol_id %u addr "
646 "%U - %U port %u - %u\n",
647 ts->is_local, ts->protocol_id,
648 format_ip_address, &start_addr,
649 format_ip_address, &end_addr, ts->start_port, ts->end_port);
650 vam->result_ready = 1;
654 api_ikev2_nonce_get (vat_main_t * vam)
656 unformat_input_t *i = vam->input;
657 ikev2_test_main_t *im = &ikev2_test_main;
658 vl_api_ikev2_nonce_get_t *mp;
659 vl_api_control_ping_t *mp_ping;
660 u32 is_initiator = ~0;
664 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
666 if (unformat (i, "initiator"))
668 else if (unformat (i, "responder"))
670 else if (unformat (i, "sa_index %d", &sa_index))
674 errmsg ("parse error '%U'", format_unformat_error, i);
679 if (sa_index == ~0 || is_initiator == ~0)
682 /* Construct the API message */
683 M (IKEV2_NONCE_GET, mp);
685 mp->is_initiator = is_initiator;
686 mp->sa_index = clib_host_to_net_u32 (sa_index);
691 /* Use a control ping for synchronization */
693 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
694 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
695 mp_ping->_vl_msg_id = htons (im->ping_id);
696 mp_ping->client_index = vam->my_client_index;
697 vam->result_ready = 0;
701 /* Wait for a reply... */
707 vl_api_ikev2_nonce_get_reply_t_handler (vl_api_ikev2_nonce_get_reply_t * mp)
709 vat_main_t *vam = ikev2_test_main.vat_main;
710 mp->data_len = clib_net_to_host_u32 (mp->data_len);
712 fformat (vam->ofp, " nonce:%U\n",
713 format_hex_bytes, mp->nonce, mp->data_len);
715 vam->result_ready = 1;
719 api_ikev2_plugin_get_version (vat_main_t * vam)
721 ikev2_test_main_t *sm = &ikev2_test_main;
722 vl_api_ikev2_plugin_get_version_t *mp;
723 u32 msg_size = sizeof (*mp);
726 vam->result_ready = 0;
727 mp = vl_msg_api_alloc_as_if_client (msg_size);
728 clib_memset (mp, 0, msg_size);
729 mp->_vl_msg_id = ntohs (VL_API_IKEV2_PLUGIN_GET_VERSION + sm->msg_id_base);
730 mp->client_index = vam->my_client_index;
735 /* Wait for a reply... */
740 static void vl_api_ikev2_plugin_get_version_reply_t_handler
741 (vl_api_ikev2_plugin_get_version_reply_t * mp)
743 vat_main_t *vam = ikev2_test_main.vat_main;
744 clib_warning ("IKEv2 plugin version: %d.%d", ntohl (mp->major),
746 vam->result_ready = 1;
750 api_ikev2_profile_set_ipsec_udp_port (vat_main_t * vam)
756 api_ikev2_profile_set_liveness (vat_main_t * vam)
758 unformat_input_t *i = vam->input;
759 vl_api_ikev2_profile_set_liveness_t *mp;
760 u32 period = 0, max_retries = 0;
763 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
765 if (!unformat (i, "period %d max-retries %d", &period, &max_retries))
767 errmsg ("parse error '%U'", format_unformat_error, i);
772 M (IKEV2_PROFILE_SET_LIVENESS, mp);
774 mp->period = clib_host_to_net_u32 (period);
775 mp->max_retries = clib_host_to_net_u32 (max_retries);
784 api_ikev2_profile_add_del (vat_main_t * vam)
786 unformat_input_t *i = vam->input;
787 vl_api_ikev2_profile_add_del_t *mp;
792 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
794 if (unformat (i, "del"))
796 else if (unformat (i, "name %U", unformat_token, valid_chars, &name))
800 errmsg ("parse error '%U'", format_unformat_error, i);
807 errmsg ("profile name must be specified");
811 if (vec_len (name) > 64)
813 errmsg ("profile name too long");
817 M (IKEV2_PROFILE_ADD_DEL, mp);
819 clib_memcpy (mp->name, name, vec_len (name));
829 api_ikev2_profile_set_auth (vat_main_t * vam)
831 unformat_input_t *i = vam->input;
832 vl_api_ikev2_profile_set_auth_t *mp;
839 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
841 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
843 else if (unformat (i, "auth_method %U",
844 unformat_ikev2_auth_method, &auth_method))
846 else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data))
848 else if (unformat (i, "auth_data %v", &data))
852 errmsg ("parse error '%U'", format_unformat_error, i);
859 errmsg ("profile name must be specified");
863 if (vec_len (name) > 64)
865 errmsg ("profile name too long");
871 errmsg ("auth_data must be specified");
877 errmsg ("auth_method must be specified");
881 M (IKEV2_PROFILE_SET_AUTH, mp);
884 mp->auth_method = (u8) auth_method;
885 mp->data_len = vec_len (data);
886 clib_memcpy (mp->name, name, vec_len (name));
887 clib_memcpy (mp->data, data, vec_len (data));
897 api_ikev2_profile_set_id (vat_main_t * vam)
899 unformat_input_t *i = vam->input;
900 vl_api_ikev2_profile_set_id_t *mp;
908 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
910 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
912 else if (unformat (i, "id_type %U", unformat_ikev2_id_type, &id_type))
914 else if (unformat (i, "id_data %U", unformat_ip_address, &ip))
916 data = vec_new (u8, ip_address_size (&ip));
917 clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
919 else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data))
921 else if (unformat (i, "id_data %v", &data))
923 else if (unformat (i, "local"))
925 else if (unformat (i, "remote"))
929 errmsg ("parse error '%U'", format_unformat_error, i);
936 errmsg ("profile name must be specified");
940 if (vec_len (name) > 64)
942 errmsg ("profile name too long");
948 errmsg ("id_data must be specified");
954 errmsg ("id_type must be specified");
958 M (IKEV2_PROFILE_SET_ID, mp);
960 mp->is_local = is_local;
961 mp->id_type = (u8) id_type;
962 mp->data_len = vec_len (data);
963 clib_memcpy (mp->name, name, vec_len (name));
964 clib_memcpy (mp->data, data, vec_len (data));
974 api_ikev2_profile_set_ts (vat_main_t * vam)
976 unformat_input_t *i = vam->input;
977 vl_api_ikev2_profile_set_ts_t *mp;
980 u32 proto = 0, start_port = 0, end_port = (u32) ~ 0;
981 ip_address_t start_addr, end_addr;
982 u8 start_addr_set = 0, end_addr_set = 0;
985 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
987 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
989 else if (unformat (i, "protocol %d", &proto))
991 else if (unformat (i, "start_port %d", &start_port))
993 else if (unformat (i, "end_port %d", &end_port))
996 if (unformat (i, "start_addr %U", unformat_ip_address, &start_addr))
998 else if (unformat (i, "end_addr %U", unformat_ip_address, &end_addr))
1000 else if (unformat (i, "local"))
1002 else if (unformat (i, "remote"))
1006 errmsg ("parse error '%U'", format_unformat_error, i);
1011 if (!start_addr_set || !end_addr_set)
1013 errmsg ("missing start or end address");
1017 if (!vec_len (name))
1019 errmsg ("profile name must be specified");
1023 if (vec_len (name) > 64)
1025 errmsg ("profile name too long");
1029 M (IKEV2_PROFILE_SET_TS, mp);
1031 mp->ts.is_local = is_local;
1032 mp->ts.protocol_id = (u8) proto;
1033 mp->ts.start_port = clib_host_to_net_u16 ((u16) start_port);
1034 mp->ts.end_port = clib_host_to_net_u16 ((u16) end_port);
1035 ip_address_encode2 (&start_addr, &mp->ts.start_addr);
1036 ip_address_encode2 (&end_addr, &mp->ts.end_addr);
1037 clib_memcpy (mp->name, name, vec_len (name));
1046 api_ikev2_set_local_key (vat_main_t * vam)
1048 unformat_input_t *i = vam->input;
1049 vl_api_ikev2_set_local_key_t *mp;
1053 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1055 if (unformat (i, "file %v", &file))
1059 errmsg ("parse error '%U'", format_unformat_error, i);
1064 if (!vec_len (file))
1066 errmsg ("RSA key file must be specified");
1070 if (vec_len (file) > 256)
1072 errmsg ("file name too long");
1076 M (IKEV2_SET_LOCAL_KEY, mp);
1078 clib_memcpy (mp->key_file, file, vec_len (file));
1087 api_ikev2_profile_set_udp_encap (vat_main_t * vam)
1089 unformat_input_t *i = vam->input;
1090 vl_api_ikev2_profile_set_udp_encap_t *mp;
1094 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1096 if (unformat (i, "%U udp-encap", unformat_token, valid_chars, &name))
1100 errmsg ("parse error '%U'", format_unformat_error, i);
1105 if (!vec_len (name))
1107 errmsg ("profile name must be specified");
1111 if (vec_len (name) > 64)
1113 errmsg ("profile name too long");
1117 M (IKEV2_PROFILE_SET_UDP_ENCAP, mp);
1119 clib_memcpy (mp->name, name, vec_len (name));
1128 api_ikev2_set_tunnel_interface (vat_main_t * vam)
1134 api_ikev2_set_responder_hostname (vat_main_t *vam)
1136 unformat_input_t *i = vam->input;
1137 vl_api_ikev2_set_responder_hostname_t *mp;
1139 u8 *name = 0, *hn = 0;
1141 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1143 if (unformat (i, "%U hostname %v", unformat_token, valid_chars, &name,
1151 errmsg ("parse error '%U'", format_unformat_error, i);
1156 if (!vec_len (name))
1158 errmsg ("profile name must be specified");
1162 if (vec_len (name) > 64)
1164 errmsg ("profile name too long");
1168 M (IKEV2_SET_RESPONDER_HOSTNAME, mp);
1170 clib_memcpy (mp->name, name, vec_len (name));
1171 clib_memcpy (mp->hostname, hn, vec_len (hn));
1181 api_ikev2_set_responder (vat_main_t * vam)
1183 unformat_input_t *i = vam->input;
1184 vl_api_ikev2_set_responder_t *mp;
1187 u32 sw_if_index = ~0;
1188 ip_address_t address;
1190 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1193 (i, "%U interface %d address %U", unformat_token, valid_chars,
1194 &name, &sw_if_index, unformat_ip_address, &address))
1198 errmsg ("parse error '%U'", format_unformat_error, i);
1203 if (!vec_len (name))
1205 errmsg ("profile name must be specified");
1209 if (vec_len (name) > 64)
1211 errmsg ("profile name too long");
1215 M (IKEV2_SET_RESPONDER, mp);
1217 clib_memcpy (mp->name, name, vec_len (name));
1220 mp->responder.sw_if_index = clib_host_to_net_u32 (sw_if_index);
1221 ip_address_encode2 (&address, &mp->responder.addr);
1229 api_ikev2_set_ike_transforms (vat_main_t * vam)
1231 unformat_input_t *i = vam->input;
1232 vl_api_ikev2_set_ike_transforms_t *mp;
1235 u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
1237 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1239 if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
1240 &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
1244 errmsg ("parse error '%U'", format_unformat_error, i);
1249 if (!vec_len (name))
1251 errmsg ("profile name must be specified");
1255 if (vec_len (name) > 64)
1257 errmsg ("profile name too long");
1261 M (IKEV2_SET_IKE_TRANSFORMS, mp);
1263 clib_memcpy (mp->name, name, vec_len (name));
1265 mp->tr.crypto_alg = crypto_alg;
1266 mp->tr.crypto_key_size = clib_host_to_net_u32 (crypto_key_size);
1267 mp->tr.integ_alg = integ_alg;
1268 mp->tr.dh_group = dh_group;
1277 api_ikev2_set_esp_transforms (vat_main_t * vam)
1279 unformat_input_t *i = vam->input;
1280 vl_api_ikev2_set_esp_transforms_t *mp;
1283 u32 crypto_alg, crypto_key_size, integ_alg;
1285 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1287 if (unformat (i, "%U %d %d %d", unformat_token, valid_chars, &name,
1288 &crypto_alg, &crypto_key_size, &integ_alg))
1292 errmsg ("parse error '%U'", format_unformat_error, i);
1297 if (!vec_len (name))
1299 errmsg ("profile name must be specified");
1303 if (vec_len (name) > 64)
1305 errmsg ("profile name too long");
1309 M (IKEV2_SET_ESP_TRANSFORMS, mp);
1311 clib_memcpy (mp->name, name, vec_len (name));
1313 mp->tr.crypto_alg = crypto_alg;
1314 mp->tr.crypto_key_size = clib_host_to_net_u32 (crypto_key_size);
1315 mp->tr.integ_alg = integ_alg;
1323 api_ikev2_set_sa_lifetime (vat_main_t * vam)
1325 unformat_input_t *i = vam->input;
1326 vl_api_ikev2_set_sa_lifetime_t *mp;
1329 u64 lifetime, lifetime_maxdata;
1330 u32 lifetime_jitter, handover;
1332 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1334 if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name,
1335 &lifetime, &lifetime_jitter, &handover,
1340 errmsg ("parse error '%U'", format_unformat_error, i);
1345 if (!vec_len (name))
1347 errmsg ("profile name must be specified");
1351 if (vec_len (name) > 64)
1353 errmsg ("profile name too long");
1357 M (IKEV2_SET_SA_LIFETIME, mp);
1359 clib_memcpy (mp->name, name, vec_len (name));
1361 mp->lifetime = lifetime;
1362 mp->lifetime_jitter = lifetime_jitter;
1363 mp->handover = handover;
1364 mp->lifetime_maxdata = lifetime_maxdata;
1372 api_ikev2_initiate_sa_init (vat_main_t * vam)
1374 unformat_input_t *i = vam->input;
1375 vl_api_ikev2_initiate_sa_init_t *mp;
1379 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1381 if (unformat (i, "%U", unformat_token, valid_chars, &name))
1385 errmsg ("parse error '%U'", format_unformat_error, i);
1390 if (!vec_len (name))
1392 errmsg ("profile name must be specified");
1396 if (vec_len (name) > 64)
1398 errmsg ("profile name too long");
1402 M (IKEV2_INITIATE_SA_INIT, mp);
1404 clib_memcpy (mp->name, name, vec_len (name));
1413 api_ikev2_initiate_del_ike_sa (vat_main_t * vam)
1415 unformat_input_t *i = vam->input;
1416 vl_api_ikev2_initiate_del_ike_sa_t *mp;
1421 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1423 if (unformat (i, "%lx", &ispi))
1427 errmsg ("parse error '%U'", format_unformat_error, i);
1432 M (IKEV2_INITIATE_DEL_IKE_SA, mp);
1442 api_ikev2_initiate_del_child_sa (vat_main_t * vam)
1444 unformat_input_t *i = vam->input;
1445 vl_api_ikev2_initiate_del_child_sa_t *mp;
1450 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1452 if (unformat (i, "%x", &ispi))
1456 errmsg ("parse error '%U'", format_unformat_error, i);
1461 M (IKEV2_INITIATE_DEL_CHILD_SA, mp);
1471 api_ikev2_initiate_rekey_child_sa (vat_main_t * vam)
1473 unformat_input_t *i = vam->input;
1474 vl_api_ikev2_initiate_rekey_child_sa_t *mp;
1479 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1481 if (unformat (i, "%x", &ispi))
1485 errmsg ("parse error '%U'", format_unformat_error, i);
1490 M (IKEV2_INITIATE_REKEY_CHILD_SA, mp);
1499 #include <ikev2/ikev2.api_test.c>
1502 * fd.io coding-style-patch-verification: ON
1505 * eval: (c-set-style "gnu")