2 *------------------------------------------------------------------
5 * Copyright (c) 2014-2016 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
21 #include <vlibapi/api.h>
22 #include <vlibmemory/api.h>
23 #include <vppinfra/error.h>
24 #include <vnet/ipsec/ipsec_sa.h>
25 #include <plugins/ikev2/ikev2.h>
27 #define __plugin_msg_base ikev2_test_main.msg_id_base
28 #include <vlibapi/vat_helper_macros.h>
30 /* Declare message IDs */
31 #include <vnet/format_fns.h>
32 #include <ikev2/ikev2.api_enum.h>
33 #include <ikev2/ikev2.api_types.h>
34 #include <vpp/api/vpe.api_types.h>
38 /* API message ID base */
44 ikev2_test_main_t ikev2_test_main;
47 unformat_ikev2_auth_method (unformat_input_t * input, va_list * args)
49 u32 *r = va_arg (*args, u32 *);
52 #define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f;
53 foreach_ikev2_auth_method
62 unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
64 u32 *r = va_arg (*args, u32 *);
67 #define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f;
75 #define MACRO_FORMAT(lc) \
76 u8 * format_ikev2_##lc (u8 * s, va_list * args) \
78 u32 i = va_arg (*args, u32); \
83 return format (s, "unknown (%u)", i); \
85 s = format (s, "%s", t); \
89 #define _(v,f,str) case IKEV2_AUTH_METHOD_##f: t = str; break;
90 MACRO_FORMAT (auth_method)
92 #define _(v,f,str) case IKEV2_ID_TYPE_##f: t = str; break;
93 MACRO_FORMAT (id_type)
95 #define _(v,f,str) case IKEV2_TRANSFORM_ENCR_TYPE_##f: t = str; break;
96 MACRO_FORMAT (transform_encr_type)
98 #define _(v,f,str) case IKEV2_TRANSFORM_INTEG_TYPE_##f: t = str; break;
99 MACRO_FORMAT (transform_integ_type)
101 #define _(v,f,str) case IKEV2_TRANSFORM_DH_TYPE_##f: t = str; break;
102 MACRO_FORMAT (transform_dh_type)
104 u8 *format_ikev2_id_type_and_data (u8 * s, va_list * args)
106 vl_api_ikev2_id_t *id = va_arg (*args, vl_api_ikev2_id_t *);
109 return format (s, "none");
111 s = format (s, "%U", format_ikev2_id_type, id->type);
116 return format (s, "none");
117 case IKEV2_ID_TYPE_ID_FQDN:
118 s = format (s, " %s", id->data);
120 case IKEV2_ID_TYPE_ID_RFC822_ADDR:
121 s = format (s, " %s", id->data);
123 case IKEV2_ID_TYPE_ID_IPV4_ADDR:
124 s = format (s, " %U", format_ip4_address, id->data);
126 case IKEV2_ID_TYPE_ID_KEY_ID:
127 s = format (s, " 0x%U", format_hex_bytes, id->data, id->data_len);
130 s = format (s, " %s", id->data);
137 api_ikev2_profile_dump (vat_main_t * vam)
139 ikev2_test_main_t *ik = &ikev2_test_main;
140 vl_api_ikev2_profile_dump_t *mp;
141 vl_api_control_ping_t *mp_ping;
144 /* Construct the API message */
145 M (IKEV2_PROFILE_DUMP, mp);
150 /* Use a control ping for synchronization */
152 ik->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
153 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
154 mp_ping->_vl_msg_id = htons (ik->ping_id);
155 mp_ping->client_index = vam->my_client_index;
157 fformat (vam->ofp, "Sending ping id=%d\n", ik->ping_id);
159 vam->result_ready = 0;
162 /* Wait for a reply... */
167 static void vl_api_ikev2_profile_details_t_handler
168 (vl_api_ikev2_profile_details_t * mp)
170 vat_main_t *vam = ikev2_test_main.vat_main;
171 vl_api_ikev2_profile_t *p = &mp->profile;
173 fformat (vam->ofp, "profile %s\n", p->name);
178 fformat (vam->ofp, " auth-method %U auth data 0x%U\n",
179 format_ikev2_auth_method, p->auth.method,
180 format_hex_bytes, p->auth.data,
181 clib_net_to_host_u32 (p->auth.data_len));
183 fformat (vam->ofp, " auth-method %U auth data %v\n",
184 format_ikev2_auth_method, p->auth.method, format (0,
192 fformat (vam->ofp, " local id-type data %U\n",
193 format_ikev2_id_type_and_data, &p->loc_id);
198 fformat (vam->ofp, " remote id-type data %U\n",
199 format_ikev2_id_type_and_data, &p->rem_id);
202 if (*((u32 *) & p->loc_ts.end_addr))
203 fformat (vam->ofp, " local traffic-selector addr %U - %U port %u - %u"
205 format_ip4_address, &p->loc_ts.start_addr,
206 format_ip4_address, &p->loc_ts.end_addr,
207 clib_net_to_host_u16 (p->loc_ts.start_port),
208 clib_net_to_host_u16 (p->loc_ts.end_port),
209 p->loc_ts.protocol_id);
211 if (*((u32 *) & p->rem_ts.end_addr))
212 fformat (vam->ofp, " remote traffic-selector addr %U - %U port %u - %u"
214 format_ip4_address, &p->rem_ts.start_addr,
215 format_ip4_address, &p->rem_ts.end_addr,
216 clib_net_to_host_u16 (p->rem_ts.start_port),
217 clib_net_to_host_u16 (p->rem_ts.end_port),
218 p->rem_ts.protocol_id);
219 u32 tun_itf = clib_net_to_host_u32 (p->tun_itf);
221 fformat (vam->ofp, " protected tunnel idx %d\n", tun_itf);
223 u32 sw_if_index = clib_net_to_host_u32 (p->responder.sw_if_index);
224 if (~0 != sw_if_index)
225 fformat (vam->ofp, " responder idx %d %U\n",
226 sw_if_index, format_ip4_address, &p->responder.ip4);
229 fformat (vam->ofp, " udp-encap\n");
231 u32 ipsec_over_udp_port = clib_net_to_host_u16 (p->ipsec_over_udp_port);
232 if (ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
233 fformat (vam->ofp, " ipsec-over-udp port %d\n", ipsec_over_udp_port);
235 u32 crypto_key_size = clib_net_to_host_u32 (p->ike_ts.crypto_key_size);
236 if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_type
238 fformat (vam->ofp, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U\n",
239 format_ikev2_transform_encr_type, p->ike_ts.crypto_alg,
240 crypto_key_size, format_ikev2_transform_integ_type,
241 p->ike_ts.integ_alg, format_ikev2_transform_dh_type,
244 crypto_key_size = clib_net_to_host_u32 (p->esp_ts.crypto_key_size);
245 if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg || p->esp_ts.dh_type)
246 fformat (vam->ofp, " esp-crypto-alg %U %u esp-integ-alg %U\n",
247 format_ikev2_transform_encr_type, p->esp_ts.crypto_alg,
249 format_ikev2_transform_integ_type, p->esp_ts.integ_alg);
251 fformat (vam->ofp, " lifetime %d jitter %d handover %d maxdata %d\n",
252 clib_net_to_host_u64 (p->lifetime),
253 clib_net_to_host_u32 (p->lifetime_jitter),
254 clib_net_to_host_u32 (p->handover),
255 clib_net_to_host_u64 (p->lifetime_maxdata));
257 vam->result_ready = 1;
261 api_ikev2_plugin_get_version (vat_main_t * vam)
263 ikev2_test_main_t *sm = &ikev2_test_main;
264 vl_api_ikev2_plugin_get_version_t *mp;
265 u32 msg_size = sizeof (*mp);
268 vam->result_ready = 0;
269 mp = vl_msg_api_alloc_as_if_client (msg_size);
270 clib_memset (mp, 0, msg_size);
271 mp->_vl_msg_id = ntohs (VL_API_IKEV2_PLUGIN_GET_VERSION + sm->msg_id_base);
272 mp->client_index = vam->my_client_index;
277 /* Wait for a reply... */
282 static void vl_api_ikev2_plugin_get_version_reply_t_handler
283 (vl_api_ikev2_plugin_get_version_reply_t * mp)
285 vat_main_t *vam = ikev2_test_main.vat_main;
286 clib_warning ("IKEv2 plugin version: %d.%d", ntohl (mp->major),
288 vam->result_ready = 1;
292 api_ikev2_profile_set_ipsec_udp_port (vat_main_t * vam)
298 api_ikev2_profile_set_liveness (vat_main_t * vam)
300 unformat_input_t *i = vam->input;
301 vl_api_ikev2_profile_set_liveness_t *mp;
302 u32 period = 0, max_retries = 0;
305 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
307 if (!unformat (i, "period %d max-retries %d", &period, &max_retries))
309 errmsg ("parse error '%U'", format_unformat_error, i);
314 M (IKEV2_PROFILE_SET_LIVENESS, mp);
316 mp->period = clib_host_to_net_u32 (period);
317 mp->max_retries = clib_host_to_net_u32 (max_retries);
326 api_ikev2_profile_add_del (vat_main_t * vam)
328 unformat_input_t *i = vam->input;
329 vl_api_ikev2_profile_add_del_t *mp;
334 const char *valid_chars = "a-zA-Z0-9_";
336 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
338 if (unformat (i, "del"))
340 else if (unformat (i, "name %U", unformat_token, valid_chars, &name))
344 errmsg ("parse error '%U'", format_unformat_error, i);
351 errmsg ("profile name must be specified");
355 if (vec_len (name) > 64)
357 errmsg ("profile name too long");
361 M (IKEV2_PROFILE_ADD_DEL, mp);
363 clib_memcpy (mp->name, name, vec_len (name));
373 api_ikev2_profile_set_auth (vat_main_t * vam)
375 unformat_input_t *i = vam->input;
376 vl_api_ikev2_profile_set_auth_t *mp;
383 const char *valid_chars = "a-zA-Z0-9_";
385 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
387 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
389 else if (unformat (i, "auth_method %U",
390 unformat_ikev2_auth_method, &auth_method))
392 else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data))
394 else if (unformat (i, "auth_data %v", &data))
398 errmsg ("parse error '%U'", format_unformat_error, i);
405 errmsg ("profile name must be specified");
409 if (vec_len (name) > 64)
411 errmsg ("profile name too long");
417 errmsg ("auth_data must be specified");
423 errmsg ("auth_method must be specified");
427 M (IKEV2_PROFILE_SET_AUTH, mp);
430 mp->auth_method = (u8) auth_method;
431 mp->data_len = vec_len (data);
432 clib_memcpy (mp->name, name, vec_len (name));
433 clib_memcpy (mp->data, data, vec_len (data));
443 api_ikev2_profile_set_id (vat_main_t * vam)
445 unformat_input_t *i = vam->input;
446 vl_api_ikev2_profile_set_id_t *mp;
454 const char *valid_chars = "a-zA-Z0-9_";
456 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
458 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
460 else if (unformat (i, "id_type %U", unformat_ikev2_id_type, &id_type))
462 else if (unformat (i, "id_data %U", unformat_ip4_address, &ip4))
464 data = vec_new (u8, 4);
465 clib_memcpy (data, ip4.as_u8, 4);
467 else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data))
469 else if (unformat (i, "id_data %v", &data))
471 else if (unformat (i, "local"))
473 else if (unformat (i, "remote"))
477 errmsg ("parse error '%U'", format_unformat_error, i);
484 errmsg ("profile name must be specified");
488 if (vec_len (name) > 64)
490 errmsg ("profile name too long");
496 errmsg ("id_data must be specified");
502 errmsg ("id_type must be specified");
506 M (IKEV2_PROFILE_SET_ID, mp);
508 mp->is_local = is_local;
509 mp->id_type = (u8) id_type;
510 mp->data_len = vec_len (data);
511 clib_memcpy (mp->name, name, vec_len (name));
512 clib_memcpy (mp->data, data, vec_len (data));
522 api_ikev2_profile_set_ts (vat_main_t * vam)
524 unformat_input_t *i = vam->input;
525 vl_api_ikev2_profile_set_ts_t *mp;
528 u32 proto = 0, start_port = 0, end_port = (u32) ~ 0;
529 ip4_address_t start_addr, end_addr;
531 const char *valid_chars = "a-zA-Z0-9_";
534 start_addr.as_u32 = 0;
535 end_addr.as_u32 = (u32) ~ 0;
537 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
539 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
541 else if (unformat (i, "protocol %d", &proto))
543 else if (unformat (i, "start_port %d", &start_port))
545 else if (unformat (i, "end_port %d", &end_port))
548 if (unformat (i, "start_addr %U", unformat_ip4_address, &start_addr))
550 else if (unformat (i, "end_addr %U", unformat_ip4_address, &end_addr))
552 else if (unformat (i, "local"))
554 else if (unformat (i, "remote"))
558 errmsg ("parse error '%U'", format_unformat_error, i);
565 errmsg ("profile name must be specified");
569 if (vec_len (name) > 64)
571 errmsg ("profile name too long");
575 M (IKEV2_PROFILE_SET_TS, mp);
577 mp->is_local = is_local;
578 mp->proto = (u8) proto;
579 mp->start_port = (u16) start_port;
580 mp->end_port = (u16) end_port;
581 mp->start_addr = start_addr.as_u32;
582 mp->end_addr = end_addr.as_u32;
583 clib_memcpy (mp->name, name, vec_len (name));
592 api_ikev2_set_local_key (vat_main_t * vam)
594 unformat_input_t *i = vam->input;
595 vl_api_ikev2_set_local_key_t *mp;
599 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
601 if (unformat (i, "file %v", &file))
605 errmsg ("parse error '%U'", format_unformat_error, i);
612 errmsg ("RSA key file must be specified");
616 if (vec_len (file) > 256)
618 errmsg ("file name too long");
622 M (IKEV2_SET_LOCAL_KEY, mp);
624 clib_memcpy (mp->key_file, file, vec_len (file));
633 api_ikev2_profile_set_udp_encap (vat_main_t * vam)
635 unformat_input_t *i = vam->input;
636 vl_api_ikev2_set_responder_t *mp;
640 const char *valid_chars = "a-zA-Z0-9_";
642 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
644 if (unformat (i, "%U udp-encap", unformat_token, valid_chars, &name))
648 errmsg ("parse error '%U'", format_unformat_error, i);
655 errmsg ("profile name must be specified");
659 if (vec_len (name) > 64)
661 errmsg ("profile name too long");
665 M (IKEV2_PROFILE_SET_UDP_ENCAP, mp);
667 clib_memcpy (mp->name, name, vec_len (name));
676 api_ikev2_set_tunnel_interface (vat_main_t * vam)
682 api_ikev2_set_responder (vat_main_t * vam)
684 unformat_input_t *i = vam->input;
685 vl_api_ikev2_set_responder_t *mp;
688 u32 sw_if_index = ~0;
689 ip4_address_t address;
691 const char *valid_chars = "a-zA-Z0-9_";
693 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
696 (i, "%U interface %d address %U", unformat_token, valid_chars,
697 &name, &sw_if_index, unformat_ip4_address, &address))
701 errmsg ("parse error '%U'", format_unformat_error, i);
708 errmsg ("profile name must be specified");
712 if (vec_len (name) > 64)
714 errmsg ("profile name too long");
718 M (IKEV2_SET_RESPONDER, mp);
720 clib_memcpy (mp->name, name, vec_len (name));
723 mp->sw_if_index = sw_if_index;
724 clib_memcpy (mp->address, &address, sizeof (address));
732 api_ikev2_set_ike_transforms (vat_main_t * vam)
734 unformat_input_t *i = vam->input;
735 vl_api_ikev2_set_ike_transforms_t *mp;
738 u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
740 const char *valid_chars = "a-zA-Z0-9_";
742 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
744 if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
745 &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
749 errmsg ("parse error '%U'", format_unformat_error, i);
756 errmsg ("profile name must be specified");
760 if (vec_len (name) > 64)
762 errmsg ("profile name too long");
766 M (IKEV2_SET_IKE_TRANSFORMS, mp);
768 clib_memcpy (mp->name, name, vec_len (name));
770 mp->crypto_alg = crypto_alg;
771 mp->crypto_key_size = crypto_key_size;
772 mp->integ_alg = integ_alg;
773 mp->dh_group = dh_group;
782 api_ikev2_set_esp_transforms (vat_main_t * vam)
784 unformat_input_t *i = vam->input;
785 vl_api_ikev2_set_esp_transforms_t *mp;
788 u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
790 const char *valid_chars = "a-zA-Z0-9_";
792 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
794 if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
795 &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
799 errmsg ("parse error '%U'", format_unformat_error, i);
806 errmsg ("profile name must be specified");
810 if (vec_len (name) > 64)
812 errmsg ("profile name too long");
816 M (IKEV2_SET_ESP_TRANSFORMS, mp);
818 clib_memcpy (mp->name, name, vec_len (name));
820 mp->crypto_alg = crypto_alg;
821 mp->crypto_key_size = crypto_key_size;
822 mp->integ_alg = integ_alg;
823 mp->dh_group = dh_group;
831 api_ikev2_set_sa_lifetime (vat_main_t * vam)
833 unformat_input_t *i = vam->input;
834 vl_api_ikev2_set_sa_lifetime_t *mp;
837 u64 lifetime, lifetime_maxdata;
838 u32 lifetime_jitter, handover;
840 const char *valid_chars = "a-zA-Z0-9_";
842 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
844 if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name,
845 &lifetime, &lifetime_jitter, &handover,
850 errmsg ("parse error '%U'", format_unformat_error, i);
857 errmsg ("profile name must be specified");
861 if (vec_len (name) > 64)
863 errmsg ("profile name too long");
867 M (IKEV2_SET_SA_LIFETIME, mp);
869 clib_memcpy (mp->name, name, vec_len (name));
871 mp->lifetime = lifetime;
872 mp->lifetime_jitter = lifetime_jitter;
873 mp->handover = handover;
874 mp->lifetime_maxdata = lifetime_maxdata;
882 api_ikev2_initiate_sa_init (vat_main_t * vam)
884 unformat_input_t *i = vam->input;
885 vl_api_ikev2_initiate_sa_init_t *mp;
889 const char *valid_chars = "a-zA-Z0-9_";
891 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
893 if (unformat (i, "%U", unformat_token, valid_chars, &name))
897 errmsg ("parse error '%U'", format_unformat_error, i);
904 errmsg ("profile name must be specified");
908 if (vec_len (name) > 64)
910 errmsg ("profile name too long");
914 M (IKEV2_INITIATE_SA_INIT, mp);
916 clib_memcpy (mp->name, name, vec_len (name));
925 api_ikev2_initiate_del_ike_sa (vat_main_t * vam)
927 unformat_input_t *i = vam->input;
928 vl_api_ikev2_initiate_del_ike_sa_t *mp;
933 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
935 if (unformat (i, "%lx", &ispi))
939 errmsg ("parse error '%U'", format_unformat_error, i);
944 M (IKEV2_INITIATE_DEL_IKE_SA, mp);
954 api_ikev2_initiate_del_child_sa (vat_main_t * vam)
956 unformat_input_t *i = vam->input;
957 vl_api_ikev2_initiate_del_child_sa_t *mp;
962 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
964 if (unformat (i, "%x", &ispi))
968 errmsg ("parse error '%U'", format_unformat_error, i);
973 M (IKEV2_INITIATE_DEL_CHILD_SA, mp);
983 api_ikev2_initiate_rekey_child_sa (vat_main_t * vam)
985 unformat_input_t *i = vam->input;
986 vl_api_ikev2_initiate_rekey_child_sa_t *mp;
991 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
993 if (unformat (i, "%x", &ispi))
997 errmsg ("parse error '%U'", format_unformat_error, i);
1002 M (IKEV2_INITIATE_REKEY_CHILD_SA, mp);
1011 #include <ikev2/ikev2.api_test.c>
1014 * fd.io coding-style-patch-verification: ON
1017 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob