2 *------------------------------------------------------------------
5 * Copyright (c) 2014-2016 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
21 #include <vlibapi/api.h>
22 #include <vlibmemory/api.h>
23 #include <vppinfra/error.h>
24 #include <vnet/ipsec/ipsec_sa.h>
25 #include <plugins/ikev2/ikev2.h>
26 #include <vnet/ip/ip_types_api.h>
28 #define __plugin_msg_base ikev2_test_main.msg_id_base
29 #include <vlibapi/vat_helper_macros.h>
31 /* Declare message IDs */
32 #include <vnet/format_fns.h>
33 #include <ikev2/ikev2.api_enum.h>
34 #include <ikev2/ikev2.api_types.h>
35 #include <vpp/api/vpe.api_types.h>
37 #define vl_endianfun /* define message structures */
38 #include <plugins/ikev2/ikev2.api.h>
43 /* API message ID base */
49 static const char *valid_chars = "a-zA-Z0-9_";
50 ikev2_test_main_t ikev2_test_main;
53 unformat_ikev2_auth_method (unformat_input_t * input, va_list * args)
55 u32 *r = va_arg (*args, u32 *);
58 #define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f;
59 foreach_ikev2_auth_method
68 unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
70 u32 *r = va_arg (*args, u32 *);
73 #define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f;
81 #define MACRO_FORMAT(lc) \
82 u8 * format_ikev2_##lc (u8 * s, va_list * args) \
84 u32 i = va_arg (*args, u32); \
89 return format (s, "unknown (%u)", i); \
91 s = format (s, "%s", t); \
95 #define _(v,f,str) case IKEV2_AUTH_METHOD_##f: t = str; break;
96 MACRO_FORMAT (auth_method)
98 #define _(v,f,str) case IKEV2_ID_TYPE_##f: t = str; break;
99 MACRO_FORMAT (id_type)
101 #define _(v,f,str) case IKEV2_TRANSFORM_TYPE_##f: t = str; break;
102 MACRO_FORMAT (transform_type)
104 #define _(v,f,str) case IKEV2_TRANSFORM_ENCR_TYPE_##f: t = str; break;
105 MACRO_FORMAT (transform_encr_type)
107 #define _(v,f,str) case IKEV2_TRANSFORM_PRF_TYPE_##f: t = str; break;
108 MACRO_FORMAT (transform_prf_type)
110 #define _(v,f,str) case IKEV2_TRANSFORM_INTEG_TYPE_##f: t = str; break;
111 MACRO_FORMAT (transform_integ_type)
113 #define _(v,f,str) case IKEV2_TRANSFORM_DH_TYPE_##f: t = str; break;
114 MACRO_FORMAT (transform_dh_type)
116 #define _(v,f,str) case IKEV2_TRANSFORM_ESN_TYPE_##f: t = str; break;
117 MACRO_FORMAT (transform_esn_type)
119 u8 *format_ikev2_id_type_and_data (u8 * s, va_list * args)
121 vl_api_ikev2_id_t *id = va_arg (*args, vl_api_ikev2_id_t *);
124 return format (s, "none");
126 s = format (s, "%U", format_ikev2_id_type, id->type);
131 return format (s, "none");
132 case IKEV2_ID_TYPE_ID_FQDN:
133 s = format (s, " %s", id->data);
135 case IKEV2_ID_TYPE_ID_RFC822_ADDR:
136 s = format (s, " %s", id->data);
138 case IKEV2_ID_TYPE_ID_IPV4_ADDR:
139 s = format (s, " %U", format_ip_address, id->data);
141 case IKEV2_ID_TYPE_ID_KEY_ID:
142 s = format (s, " 0x%U", format_hex_bytes, id->data, id->data_len);
145 s = format (s, " %s", id->data);
152 format_ikev2_sa_transform (u8 * s, va_list * args)
154 vl_api_ikev2_sa_transform_t *tr =
155 va_arg (*args, vl_api_ikev2_sa_transform_t *);
160 if (tr->transform_type >= IKEV2_TRANSFORM_NUM_TYPES)
163 s = format (s, "%U:", format_ikev2_transform_type, tr->transform_type);
165 switch (tr->transform_type)
167 case IKEV2_TRANSFORM_TYPE_ENCR:
169 format (s, "%U", format_ikev2_transform_encr_type, tr->transform_id);
171 case IKEV2_TRANSFORM_TYPE_PRF:
172 s = format (s, "%U", format_ikev2_transform_prf_type, tr->transform_id);
174 case IKEV2_TRANSFORM_TYPE_INTEG:
176 format (s, "%U", format_ikev2_transform_integ_type, tr->transform_id);
178 case IKEV2_TRANSFORM_TYPE_DH:
179 s = format (s, "%U", format_ikev2_transform_dh_type, tr->transform_id);
181 case IKEV2_TRANSFORM_TYPE_ESN:
182 s = format (s, "%U", format_ikev2_transform_esn_type, tr->transform_id);
188 if (tr->transform_type == IKEV2_TRANSFORM_TYPE_ENCR &&
189 tr->transform_id == IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC && tr->key_len)
190 s = format (s, "-%u", tr->key_len * 8);
196 api_ikev2_profile_disable_natt (vat_main_t * vam)
198 unformat_input_t *i = vam->input;
199 vl_api_ikev2_profile_disable_natt_t *mp;
203 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
205 if (unformat (i, "%U", unformat_token, valid_chars, &name))
209 errmsg ("parse error '%U'", format_unformat_error, i);
216 errmsg ("profile name must be specified");
220 if (vec_len (name) > 64)
222 errmsg ("profile name too long");
226 M (IKEV2_PROFILE_DISABLE_NATT, mp);
228 clib_memcpy (mp->name, name, vec_len (name));
237 api_ikev2_profile_dump (vat_main_t * vam)
239 ikev2_test_main_t *ik = &ikev2_test_main;
240 vl_api_ikev2_profile_dump_t *mp;
241 vl_api_control_ping_t *mp_ping;
244 /* Construct the API message */
245 M (IKEV2_PROFILE_DUMP, mp);
250 /* Use a control ping for synchronization */
252 ik->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
253 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
254 mp_ping->_vl_msg_id = htons (ik->ping_id);
255 mp_ping->client_index = vam->my_client_index;
257 vam->result_ready = 0;
260 /* Wait for a reply... */
265 static void vl_api_ikev2_profile_details_t_handler
266 (vl_api_ikev2_profile_details_t * mp)
268 vat_main_t *vam = ikev2_test_main.vat_main;
269 vl_api_ikev2_profile_t *p = &mp->profile;
271 fformat (vam->ofp, "profile %s\n", p->name);
276 fformat (vam->ofp, " auth-method %U auth data 0x%U\n",
277 format_ikev2_auth_method, p->auth.method,
278 format_hex_bytes, p->auth.data,
279 clib_net_to_host_u32 (p->auth.data_len));
281 fformat (vam->ofp, " auth-method %U auth data %v\n",
282 format_ikev2_auth_method, p->auth.method, format (0,
290 fformat (vam->ofp, " local id-type data %U\n",
291 format_ikev2_id_type_and_data, &p->loc_id);
296 fformat (vam->ofp, " remote id-type data %U\n",
297 format_ikev2_id_type_and_data, &p->rem_id);
300 fformat (vam->ofp, " local traffic-selector addr %U - %U port %u - %u"
302 format_ip_address, &p->loc_ts.start_addr,
303 format_ip_address, &p->loc_ts.end_addr,
304 clib_net_to_host_u16 (p->loc_ts.start_port),
305 clib_net_to_host_u16 (p->loc_ts.end_port), p->loc_ts.protocol_id);
307 fformat (vam->ofp, " remote traffic-selector addr %U - %U port %u - %u"
309 format_ip_address, &p->rem_ts.start_addr,
310 format_ip_address, &p->rem_ts.end_addr,
311 clib_net_to_host_u16 (p->rem_ts.start_port),
312 clib_net_to_host_u16 (p->rem_ts.end_port), p->rem_ts.protocol_id);
313 u32 tun_itf = clib_net_to_host_u32 (p->tun_itf);
315 fformat (vam->ofp, " protected tunnel idx %d\n", tun_itf);
317 u32 sw_if_index = clib_net_to_host_u32 (p->responder.sw_if_index);
318 if (~0 != sw_if_index)
319 fformat (vam->ofp, " responder idx %d %U\n",
320 sw_if_index, format_ip_address, &p->responder.addr);
323 fformat (vam->ofp, " udp-encap\n");
325 if (p->natt_disabled)
326 fformat (vam->ofp, " NAT-T disabled\n");
328 u32 ipsec_over_udp_port = clib_net_to_host_u16 (p->ipsec_over_udp_port);
329 if (ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
330 fformat (vam->ofp, " ipsec-over-udp port %d\n", ipsec_over_udp_port);
332 u32 crypto_key_size = clib_net_to_host_u32 (p->ike_ts.crypto_key_size);
333 if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_group
335 fformat (vam->ofp, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U\n",
336 format_ikev2_transform_encr_type, p->ike_ts.crypto_alg,
337 crypto_key_size, format_ikev2_transform_integ_type,
338 p->ike_ts.integ_alg, format_ikev2_transform_dh_type,
341 crypto_key_size = clib_net_to_host_u32 (p->esp_ts.crypto_key_size);
342 if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg)
343 fformat (vam->ofp, " esp-crypto-alg %U %u esp-integ-alg %U\n",
344 format_ikev2_transform_encr_type, p->esp_ts.crypto_alg,
346 format_ikev2_transform_integ_type, p->esp_ts.integ_alg);
348 fformat (vam->ofp, " lifetime %d jitter %d handover %d maxdata %d\n",
349 clib_net_to_host_u64 (p->lifetime),
350 clib_net_to_host_u32 (p->lifetime_jitter),
351 clib_net_to_host_u32 (p->handover),
352 clib_net_to_host_u64 (p->lifetime_maxdata));
354 vam->result_ready = 1;
358 api_ikev2_sa_dump (vat_main_t * vam)
360 ikev2_test_main_t *im = &ikev2_test_main;
361 vl_api_ikev2_sa_dump_t *mp;
362 vl_api_control_ping_t *mp_ping;
365 /* Construct the API message */
366 M (IKEV2_SA_DUMP, mp);
371 /* Use a control ping for synchronization */
373 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
374 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
375 mp_ping->_vl_msg_id = htons (im->ping_id);
376 mp_ping->client_index = vam->my_client_index;
377 vam->result_ready = 0;
381 /* Wait for a reply... */
387 vl_api_ikev2_sa_details_t_handler (vl_api_ikev2_sa_details_t * mp)
389 vat_main_t *vam = ikev2_test_main.vat_main;
390 vl_api_ikev2_sa_t *sa = &mp->sa;
393 vl_api_ikev2_keys_t *k = &sa->keys;
394 vl_api_ikev2_sa_t_endian (sa);
396 ip_address_decode2 (&sa->iaddr, &iaddr);
397 ip_address_decode2 (&sa->raddr, &raddr);
399 fformat (vam->ofp, "profile index %d sa index: %d\n",
400 mp->sa.profile_index, mp->sa.sa_index);
401 fformat (vam->ofp, " iip %U ispi %lx rip %U rspi %lx\n", format_ip_address,
402 &iaddr, sa->ispi, format_ip_address, &raddr, sa->rspi);
403 fformat (vam->ofp, " %U ", format_ikev2_sa_transform, &sa->encryption);
404 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->prf);
405 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->integrity);
406 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &sa->dh);
408 fformat (vam->ofp, " SK_d %U\n",
409 format_hex_bytes, k->sk_d, k->sk_d_len);
411 fformat (vam->ofp, " SK_a i:%U\n r:%U\n",
412 format_hex_bytes, k->sk_ai, k->sk_ai_len, format_hex_bytes,
413 k->sk_ar, k->sk_ar_len);
415 fformat (vam->ofp, " SK_e i:%U\n r:%U\n", format_hex_bytes,
416 k->sk_ei, k->sk_ei_len, format_hex_bytes, k->sk_er, k->sk_er_len);
418 fformat (vam->ofp, " SK_p i:%U\n r:%U\n", format_hex_bytes,
419 k->sk_pi, k->sk_pi_len, format_hex_bytes, k->sk_pr, k->sk_pr_len);
421 fformat (vam->ofp, " identifier (i) %U\n",
422 format_ikev2_id_type_and_data, &sa->i_id);
423 fformat (vam->ofp, " identifier (r) %U\n",
424 format_ikev2_id_type_and_data, &sa->r_id);
426 vam->result_ready = 1;
430 api_ikev2_child_sa_dump (vat_main_t * vam)
432 unformat_input_t *i = vam->input;
433 ikev2_test_main_t *im = &ikev2_test_main;
434 vl_api_ikev2_child_sa_dump_t *mp;
435 vl_api_control_ping_t *mp_ping;
439 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
441 if (unformat (i, "sa_index %d", &sa_index))
445 errmsg ("parse error '%U'", format_unformat_error, i);
453 /* Construct the API message */
454 M (IKEV2_CHILD_SA_DUMP, mp);
456 mp->sa_index = clib_net_to_host_u32 (sa_index);
461 /* Use a control ping for synchronization */
463 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
464 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
465 mp_ping->_vl_msg_id = htons (im->ping_id);
466 mp_ping->client_index = vam->my_client_index;
467 vam->result_ready = 0;
471 /* Wait for a reply... */
477 vl_api_ikev2_child_sa_details_t_handler (vl_api_ikev2_child_sa_details_t * mp)
479 vat_main_t *vam = ikev2_test_main.vat_main;
480 vl_api_ikev2_child_sa_t *child_sa = &mp->child_sa;
481 vl_api_ikev2_keys_t *k = &child_sa->keys;
482 vl_api_ikev2_child_sa_t_endian (child_sa);
484 fformat (vam->ofp, " child sa %u:\n", child_sa->child_sa_index);
486 fformat (vam->ofp, " %U ", format_ikev2_sa_transform,
487 &child_sa->encryption);
488 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &child_sa->integrity);
489 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &child_sa->esn);
491 fformat (vam->ofp, " spi(i) %lx spi(r) %lx\n",
492 child_sa->i_spi, child_sa->r_spi);
494 fformat (vam->ofp, " SK_e i:%U\n r:%U\n",
495 format_hex_bytes, k->sk_ei, k->sk_ei_len,
496 format_hex_bytes, k->sk_er, k->sk_er_len);
499 fformat (vam->ofp, " SK_a i:%U\n r:%U\n",
500 format_hex_bytes, k->sk_ai, k->sk_ai_len,
501 format_hex_bytes, k->sk_ar, k->sk_ar_len);
503 vam->result_ready = 1;
507 api_ikev2_traffic_selector_dump (vat_main_t * vam)
509 unformat_input_t *i = vam->input;
510 ikev2_test_main_t *im = &ikev2_test_main;
511 vl_api_ikev2_traffic_selector_dump_t *mp;
512 vl_api_control_ping_t *mp_ping;
513 int is_initiator = ~0;
515 int child_sa_index = ~0;
518 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
520 if (unformat (i, "initiator"))
522 else if (unformat (i, "responder"))
524 else if (unformat (i, "sa_index %d", &sa_index))
526 else if (unformat (i, "child_sa_index %d", &child_sa_index))
530 errmsg ("parse error '%U'", format_unformat_error, i);
535 if (child_sa_index == ~0 || sa_index == ~0 || is_initiator == ~0)
538 /* Construct the API message */
539 M (IKEV2_TRAFFIC_SELECTOR_DUMP, mp);
541 mp->is_initiator = is_initiator;
542 mp->sa_index = clib_host_to_net_u32 (sa_index);
543 mp->child_sa_index = clib_host_to_net_u32 (child_sa_index);
548 /* Use a control ping for synchronization */
550 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
551 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
552 mp_ping->_vl_msg_id = htons (im->ping_id);
553 mp_ping->client_index = vam->my_client_index;
554 vam->result_ready = 0;
558 /* Wait for a reply... */
564 vl_api_ikev2_traffic_selector_details_t_handler
565 (vl_api_ikev2_traffic_selector_details_t * mp)
567 vat_main_t *vam = ikev2_test_main.vat_main;
568 vl_api_ikev2_ts_t *ts = &mp->ts;
569 ip_address_t start_addr, end_addr;
570 vl_api_ikev2_ts_t_endian (ts);
572 ip_address_decode2 (&ts->start_addr, &start_addr);
573 ip_address_decode2 (&ts->end_addr, &end_addr);
575 fformat (vam->ofp, " %s protocol_id %u addr "
576 "%U - %U port %u - %u\n",
577 ts->is_local, ts->protocol_id,
578 format_ip_address, &start_addr,
579 format_ip_address, &end_addr, ts->start_port, ts->end_port);
580 vam->result_ready = 1;
584 api_ikev2_nonce_get (vat_main_t * vam)
586 unformat_input_t *i = vam->input;
587 ikev2_test_main_t *im = &ikev2_test_main;
588 vl_api_ikev2_nonce_get_t *mp;
589 vl_api_control_ping_t *mp_ping;
590 u32 is_initiator = ~0;
594 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
596 if (unformat (i, "initiator"))
598 else if (unformat (i, "responder"))
600 else if (unformat (i, "sa_index %d", &sa_index))
604 errmsg ("parse error '%U'", format_unformat_error, i);
609 if (sa_index == ~0 || is_initiator == ~0)
612 /* Construct the API message */
613 M (IKEV2_NONCE_GET, mp);
615 mp->is_initiator = is_initiator;
616 mp->sa_index = clib_host_to_net_u32 (sa_index);
621 /* Use a control ping for synchronization */
623 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
624 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
625 mp_ping->_vl_msg_id = htons (im->ping_id);
626 mp_ping->client_index = vam->my_client_index;
627 vam->result_ready = 0;
631 /* Wait for a reply... */
637 vl_api_ikev2_nonce_get_reply_t_handler (vl_api_ikev2_nonce_get_reply_t * mp)
639 vat_main_t *vam = ikev2_test_main.vat_main;
640 mp->data_len = clib_net_to_host_u32 (mp->data_len);
642 fformat (vam->ofp, " nonce:%U\n",
643 format_hex_bytes, mp->nonce, mp->data_len);
645 vam->result_ready = 1;
649 api_ikev2_plugin_get_version (vat_main_t * vam)
651 ikev2_test_main_t *sm = &ikev2_test_main;
652 vl_api_ikev2_plugin_get_version_t *mp;
653 u32 msg_size = sizeof (*mp);
656 vam->result_ready = 0;
657 mp = vl_msg_api_alloc_as_if_client (msg_size);
658 clib_memset (mp, 0, msg_size);
659 mp->_vl_msg_id = ntohs (VL_API_IKEV2_PLUGIN_GET_VERSION + sm->msg_id_base);
660 mp->client_index = vam->my_client_index;
665 /* Wait for a reply... */
670 static void vl_api_ikev2_plugin_get_version_reply_t_handler
671 (vl_api_ikev2_plugin_get_version_reply_t * mp)
673 vat_main_t *vam = ikev2_test_main.vat_main;
674 clib_warning ("IKEv2 plugin version: %d.%d", ntohl (mp->major),
676 vam->result_ready = 1;
680 api_ikev2_profile_set_ipsec_udp_port (vat_main_t * vam)
686 api_ikev2_profile_set_liveness (vat_main_t * vam)
688 unformat_input_t *i = vam->input;
689 vl_api_ikev2_profile_set_liveness_t *mp;
690 u32 period = 0, max_retries = 0;
693 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
695 if (!unformat (i, "period %d max-retries %d", &period, &max_retries))
697 errmsg ("parse error '%U'", format_unformat_error, i);
702 M (IKEV2_PROFILE_SET_LIVENESS, mp);
704 mp->period = clib_host_to_net_u32 (period);
705 mp->max_retries = clib_host_to_net_u32 (max_retries);
714 api_ikev2_profile_add_del (vat_main_t * vam)
716 unformat_input_t *i = vam->input;
717 vl_api_ikev2_profile_add_del_t *mp;
722 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
724 if (unformat (i, "del"))
726 else if (unformat (i, "name %U", unformat_token, valid_chars, &name))
730 errmsg ("parse error '%U'", format_unformat_error, i);
737 errmsg ("profile name must be specified");
741 if (vec_len (name) > 64)
743 errmsg ("profile name too long");
747 M (IKEV2_PROFILE_ADD_DEL, mp);
749 clib_memcpy (mp->name, name, vec_len (name));
759 api_ikev2_profile_set_auth (vat_main_t * vam)
761 unformat_input_t *i = vam->input;
762 vl_api_ikev2_profile_set_auth_t *mp;
769 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
771 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
773 else if (unformat (i, "auth_method %U",
774 unformat_ikev2_auth_method, &auth_method))
776 else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data))
778 else if (unformat (i, "auth_data %v", &data))
782 errmsg ("parse error '%U'", format_unformat_error, i);
789 errmsg ("profile name must be specified");
793 if (vec_len (name) > 64)
795 errmsg ("profile name too long");
801 errmsg ("auth_data must be specified");
807 errmsg ("auth_method must be specified");
811 M (IKEV2_PROFILE_SET_AUTH, mp);
814 mp->auth_method = (u8) auth_method;
815 mp->data_len = vec_len (data);
816 clib_memcpy (mp->name, name, vec_len (name));
817 clib_memcpy (mp->data, data, vec_len (data));
827 api_ikev2_profile_set_id (vat_main_t * vam)
829 unformat_input_t *i = vam->input;
830 vl_api_ikev2_profile_set_id_t *mp;
838 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
840 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
842 else if (unformat (i, "id_type %U", unformat_ikev2_id_type, &id_type))
844 else if (unformat (i, "id_data %U", unformat_ip_address, &ip))
846 data = vec_new (u8, ip_address_size (&ip));
847 clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
849 else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data))
851 else if (unformat (i, "id_data %v", &data))
853 else if (unformat (i, "local"))
855 else if (unformat (i, "remote"))
859 errmsg ("parse error '%U'", format_unformat_error, i);
866 errmsg ("profile name must be specified");
870 if (vec_len (name) > 64)
872 errmsg ("profile name too long");
878 errmsg ("id_data must be specified");
884 errmsg ("id_type must be specified");
888 M (IKEV2_PROFILE_SET_ID, mp);
890 mp->is_local = is_local;
891 mp->id_type = (u8) id_type;
892 mp->data_len = vec_len (data);
893 clib_memcpy (mp->name, name, vec_len (name));
894 clib_memcpy (mp->data, data, vec_len (data));
904 api_ikev2_profile_set_ts (vat_main_t * vam)
906 unformat_input_t *i = vam->input;
907 vl_api_ikev2_profile_set_ts_t *mp;
910 u32 proto = 0, start_port = 0, end_port = (u32) ~ 0;
911 ip_address_t start_addr, end_addr;
912 u8 start_addr_set = 0, end_addr_set = 0;
915 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
917 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
919 else if (unformat (i, "protocol %d", &proto))
921 else if (unformat (i, "start_port %d", &start_port))
923 else if (unformat (i, "end_port %d", &end_port))
926 if (unformat (i, "start_addr %U", unformat_ip_address, &start_addr))
928 else if (unformat (i, "end_addr %U", unformat_ip_address, &end_addr))
930 else if (unformat (i, "local"))
932 else if (unformat (i, "remote"))
936 errmsg ("parse error '%U'", format_unformat_error, i);
941 if (!start_addr_set || !end_addr_set)
943 errmsg ("missing start or end address");
949 errmsg ("profile name must be specified");
953 if (vec_len (name) > 64)
955 errmsg ("profile name too long");
959 M (IKEV2_PROFILE_SET_TS, mp);
961 mp->ts.is_local = is_local;
962 mp->ts.protocol_id = (u8) proto;
963 mp->ts.start_port = clib_host_to_net_u16 ((u16) start_port);
964 mp->ts.end_port = clib_host_to_net_u16 ((u16) end_port);
965 ip_address_encode2 (&start_addr, &mp->ts.start_addr);
966 ip_address_encode2 (&end_addr, &mp->ts.end_addr);
967 clib_memcpy (mp->name, name, vec_len (name));
976 api_ikev2_set_local_key (vat_main_t * vam)
978 unformat_input_t *i = vam->input;
979 vl_api_ikev2_set_local_key_t *mp;
983 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
985 if (unformat (i, "file %v", &file))
989 errmsg ("parse error '%U'", format_unformat_error, i);
996 errmsg ("RSA key file must be specified");
1000 if (vec_len (file) > 256)
1002 errmsg ("file name too long");
1006 M (IKEV2_SET_LOCAL_KEY, mp);
1008 clib_memcpy (mp->key_file, file, vec_len (file));
1017 api_ikev2_profile_set_udp_encap (vat_main_t * vam)
1019 unformat_input_t *i = vam->input;
1020 vl_api_ikev2_profile_set_udp_encap_t *mp;
1024 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1026 if (unformat (i, "%U udp-encap", unformat_token, valid_chars, &name))
1030 errmsg ("parse error '%U'", format_unformat_error, i);
1035 if (!vec_len (name))
1037 errmsg ("profile name must be specified");
1041 if (vec_len (name) > 64)
1043 errmsg ("profile name too long");
1047 M (IKEV2_PROFILE_SET_UDP_ENCAP, mp);
1049 clib_memcpy (mp->name, name, vec_len (name));
1058 api_ikev2_set_tunnel_interface (vat_main_t * vam)
1064 api_ikev2_set_responder_hostname (vat_main_t *vam)
1066 unformat_input_t *i = vam->input;
1067 vl_api_ikev2_set_responder_hostname_t *mp;
1069 u8 *name = 0, *hn = 0;
1071 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1073 if (unformat (i, "%U hostname %v", unformat_token, valid_chars, &name,
1081 errmsg ("parse error '%U'", format_unformat_error, i);
1086 if (!vec_len (name))
1088 errmsg ("profile name must be specified");
1092 if (vec_len (name) > 64)
1094 errmsg ("profile name too long");
1098 M (IKEV2_SET_RESPONDER_HOSTNAME, mp);
1100 clib_memcpy (mp->name, name, vec_len (name));
1101 clib_memcpy (mp->hostname, hn, vec_len (hn));
1111 api_ikev2_set_responder (vat_main_t * vam)
1113 unformat_input_t *i = vam->input;
1114 vl_api_ikev2_set_responder_t *mp;
1117 u32 sw_if_index = ~0;
1118 ip_address_t address;
1120 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1123 (i, "%U interface %d address %U", unformat_token, valid_chars,
1124 &name, &sw_if_index, unformat_ip_address, &address))
1128 errmsg ("parse error '%U'", format_unformat_error, i);
1133 if (!vec_len (name))
1135 errmsg ("profile name must be specified");
1139 if (vec_len (name) > 64)
1141 errmsg ("profile name too long");
1145 M (IKEV2_SET_RESPONDER, mp);
1147 clib_memcpy (mp->name, name, vec_len (name));
1150 mp->responder.sw_if_index = clib_host_to_net_u32 (sw_if_index);
1151 ip_address_encode2 (&address, &mp->responder.addr);
1159 api_ikev2_set_ike_transforms (vat_main_t * vam)
1161 unformat_input_t *i = vam->input;
1162 vl_api_ikev2_set_ike_transforms_t *mp;
1165 u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
1167 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1169 if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
1170 &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
1174 errmsg ("parse error '%U'", format_unformat_error, i);
1179 if (!vec_len (name))
1181 errmsg ("profile name must be specified");
1185 if (vec_len (name) > 64)
1187 errmsg ("profile name too long");
1191 M (IKEV2_SET_IKE_TRANSFORMS, mp);
1193 clib_memcpy (mp->name, name, vec_len (name));
1195 mp->tr.crypto_alg = crypto_alg;
1196 mp->tr.crypto_key_size = clib_host_to_net_u32 (crypto_key_size);
1197 mp->tr.integ_alg = integ_alg;
1198 mp->tr.dh_group = dh_group;
1207 api_ikev2_set_esp_transforms (vat_main_t * vam)
1209 unformat_input_t *i = vam->input;
1210 vl_api_ikev2_set_esp_transforms_t *mp;
1213 u32 crypto_alg, crypto_key_size, integ_alg;
1215 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1217 if (unformat (i, "%U %d %d %d", unformat_token, valid_chars, &name,
1218 &crypto_alg, &crypto_key_size, &integ_alg))
1222 errmsg ("parse error '%U'", format_unformat_error, i);
1227 if (!vec_len (name))
1229 errmsg ("profile name must be specified");
1233 if (vec_len (name) > 64)
1235 errmsg ("profile name too long");
1239 M (IKEV2_SET_ESP_TRANSFORMS, mp);
1241 clib_memcpy (mp->name, name, vec_len (name));
1243 mp->tr.crypto_alg = crypto_alg;
1244 mp->tr.crypto_key_size = clib_host_to_net_u32 (crypto_key_size);
1245 mp->tr.integ_alg = integ_alg;
1253 api_ikev2_set_sa_lifetime (vat_main_t * vam)
1255 unformat_input_t *i = vam->input;
1256 vl_api_ikev2_set_sa_lifetime_t *mp;
1259 u64 lifetime, lifetime_maxdata;
1260 u32 lifetime_jitter, handover;
1262 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1264 if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name,
1265 &lifetime, &lifetime_jitter, &handover,
1270 errmsg ("parse error '%U'", format_unformat_error, i);
1275 if (!vec_len (name))
1277 errmsg ("profile name must be specified");
1281 if (vec_len (name) > 64)
1283 errmsg ("profile name too long");
1287 M (IKEV2_SET_SA_LIFETIME, mp);
1289 clib_memcpy (mp->name, name, vec_len (name));
1291 mp->lifetime = lifetime;
1292 mp->lifetime_jitter = lifetime_jitter;
1293 mp->handover = handover;
1294 mp->lifetime_maxdata = lifetime_maxdata;
1302 api_ikev2_initiate_sa_init (vat_main_t * vam)
1304 unformat_input_t *i = vam->input;
1305 vl_api_ikev2_initiate_sa_init_t *mp;
1309 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1311 if (unformat (i, "%U", unformat_token, valid_chars, &name))
1315 errmsg ("parse error '%U'", format_unformat_error, i);
1320 if (!vec_len (name))
1322 errmsg ("profile name must be specified");
1326 if (vec_len (name) > 64)
1328 errmsg ("profile name too long");
1332 M (IKEV2_INITIATE_SA_INIT, mp);
1334 clib_memcpy (mp->name, name, vec_len (name));
1343 api_ikev2_initiate_del_ike_sa (vat_main_t * vam)
1345 unformat_input_t *i = vam->input;
1346 vl_api_ikev2_initiate_del_ike_sa_t *mp;
1351 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1353 if (unformat (i, "%lx", &ispi))
1357 errmsg ("parse error '%U'", format_unformat_error, i);
1362 M (IKEV2_INITIATE_DEL_IKE_SA, mp);
1372 api_ikev2_initiate_del_child_sa (vat_main_t * vam)
1374 unformat_input_t *i = vam->input;
1375 vl_api_ikev2_initiate_del_child_sa_t *mp;
1380 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1382 if (unformat (i, "%x", &ispi))
1386 errmsg ("parse error '%U'", format_unformat_error, i);
1391 M (IKEV2_INITIATE_DEL_CHILD_SA, mp);
1401 api_ikev2_initiate_rekey_child_sa (vat_main_t * vam)
1403 unformat_input_t *i = vam->input;
1404 vl_api_ikev2_initiate_rekey_child_sa_t *mp;
1409 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1411 if (unformat (i, "%x", &ispi))
1415 errmsg ("parse error '%U'", format_unformat_error, i);
1420 M (IKEV2_INITIATE_REKEY_CHILD_SA, mp);
1429 #include <ikev2/ikev2.api_test.c>
1432 * fd.io coding-style-patch-verification: ON
1435 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob