2 *------------------------------------------------------------------
5 * Copyright (c) 2014-2016 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
21 #include <vlibapi/api.h>
22 #include <vlibmemory/api.h>
23 #include <vppinfra/error.h>
24 #include <vnet/ipsec/ipsec_sa.h>
25 #include <plugins/ikev2/ikev2.h>
26 #include <vnet/ip/ip_types_api.h>
28 #define __plugin_msg_base ikev2_test_main.msg_id_base
29 #include <vlibapi/vat_helper_macros.h>
31 /* Declare message IDs */
32 #include <vnet/format_fns.h>
33 #include <ikev2/ikev2.api_enum.h>
34 #include <ikev2/ikev2.api_types.h>
35 #include <vlibmemory/vlib.api_types.h>
37 #define vl_endianfun /* define message structures */
38 #include <plugins/ikev2/ikev2.api.h>
43 /* API message ID base */
49 static const char *valid_chars = "a-zA-Z0-9_";
50 ikev2_test_main_t ikev2_test_main;
53 unformat_ikev2_auth_method (unformat_input_t * input, va_list * args)
55 u32 *r = va_arg (*args, u32 *);
58 #define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f;
59 foreach_ikev2_auth_method
68 unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
70 u32 *r = va_arg (*args, u32 *);
73 #define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f;
81 #define MACRO_FORMAT(lc) \
82 u8 * format_ikev2_##lc (u8 * s, va_list * args) \
84 u32 i = va_arg (*args, u32); \
89 return format (s, "unknown (%u)", i); \
91 s = format (s, "%s", t); \
95 #define _(v,f,str) case IKEV2_AUTH_METHOD_##f: t = str; break;
96 MACRO_FORMAT (auth_method)
98 #define _(v,f,str) case IKEV2_ID_TYPE_##f: t = str; break;
99 MACRO_FORMAT (id_type)
101 #define _(v,f,str) case IKEV2_TRANSFORM_TYPE_##f: t = str; break;
102 MACRO_FORMAT (transform_type)
104 #define _(v,f,str) case IKEV2_TRANSFORM_ENCR_TYPE_##f: t = str; break;
105 MACRO_FORMAT (transform_encr_type)
107 #define _(v,f,str) case IKEV2_TRANSFORM_PRF_TYPE_##f: t = str; break;
108 MACRO_FORMAT (transform_prf_type)
110 #define _(v,f,str) case IKEV2_TRANSFORM_INTEG_TYPE_##f: t = str; break;
111 MACRO_FORMAT (transform_integ_type)
113 #define _(v,f,str) case IKEV2_TRANSFORM_DH_TYPE_##f: t = str; break;
114 MACRO_FORMAT (transform_dh_type)
116 #define _(v,f,str) case IKEV2_TRANSFORM_ESN_TYPE_##f: t = str; break;
117 MACRO_FORMAT (transform_esn_type)
119 u8 *format_ikev2_id_type_and_data (u8 * s, va_list * args)
121 vl_api_ikev2_id_t *id = va_arg (*args, vl_api_ikev2_id_t *);
124 return format (s, "none");
126 s = format (s, "%U", format_ikev2_id_type, id->type);
131 return format (s, "none");
132 case IKEV2_ID_TYPE_ID_FQDN:
133 s = format (s, " %s", id->data);
135 case IKEV2_ID_TYPE_ID_RFC822_ADDR:
136 s = format (s, " %s", id->data);
138 case IKEV2_ID_TYPE_ID_IPV4_ADDR:
139 s = format (s, " %U", format_ip_address, id->data);
141 case IKEV2_ID_TYPE_ID_KEY_ID:
142 s = format (s, " 0x%U", format_hex_bytes, id->data, id->data_len);
145 s = format (s, " %s", id->data);
152 format_ikev2_sa_transform (u8 * s, va_list * args)
154 vl_api_ikev2_sa_transform_t *tr =
155 va_arg (*args, vl_api_ikev2_sa_transform_t *);
160 if (tr->transform_type >= IKEV2_TRANSFORM_NUM_TYPES)
163 s = format (s, "%U:", format_ikev2_transform_type, tr->transform_type);
165 switch (tr->transform_type)
167 case IKEV2_TRANSFORM_TYPE_ENCR:
169 format (s, "%U", format_ikev2_transform_encr_type, tr->transform_id);
171 case IKEV2_TRANSFORM_TYPE_PRF:
172 s = format (s, "%U", format_ikev2_transform_prf_type, tr->transform_id);
174 case IKEV2_TRANSFORM_TYPE_INTEG:
176 format (s, "%U", format_ikev2_transform_integ_type, tr->transform_id);
178 case IKEV2_TRANSFORM_TYPE_DH:
179 s = format (s, "%U", format_ikev2_transform_dh_type, tr->transform_id);
181 case IKEV2_TRANSFORM_TYPE_ESN:
182 s = format (s, "%U", format_ikev2_transform_esn_type, tr->transform_id);
188 if (tr->transform_type == IKEV2_TRANSFORM_TYPE_ENCR &&
189 tr->transform_id == IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC && tr->key_len)
190 s = format (s, "-%u", tr->key_len * 8);
196 api_ikev2_profile_disable_natt (vat_main_t * vam)
198 unformat_input_t *i = vam->input;
199 vl_api_ikev2_profile_disable_natt_t *mp;
203 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
205 if (unformat (i, "%U", unformat_token, valid_chars, &name))
209 errmsg ("parse error '%U'", format_unformat_error, i);
216 errmsg ("profile name must be specified");
220 if (vec_len (name) > 64)
222 errmsg ("profile name too long");
226 M (IKEV2_PROFILE_DISABLE_NATT, mp);
228 clib_memcpy (mp->name, name, vec_len (name));
237 api_ikev2_profile_dump (vat_main_t * vam)
239 ikev2_test_main_t *ik = &ikev2_test_main;
240 vl_api_ikev2_profile_dump_t *mp;
241 vl_api_control_ping_t *mp_ping;
244 /* Construct the API message */
245 M (IKEV2_PROFILE_DUMP, mp);
250 /* Use a control ping for synchronization */
252 ik->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
253 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
254 mp_ping->_vl_msg_id = htons (ik->ping_id);
255 mp_ping->client_index = vam->my_client_index;
257 vam->result_ready = 0;
260 /* Wait for a reply... */
265 static void vl_api_ikev2_profile_details_t_handler
266 (vl_api_ikev2_profile_details_t * mp)
268 vat_main_t *vam = ikev2_test_main.vat_main;
269 vl_api_ikev2_profile_t *p = &mp->profile;
271 fformat (vam->ofp, "profile %s\n", p->name);
276 fformat (vam->ofp, " auth-method %U auth data 0x%U\n",
277 format_ikev2_auth_method, p->auth.method,
278 format_hex_bytes, p->auth.data,
279 clib_net_to_host_u32 (p->auth.data_len));
281 fformat (vam->ofp, " auth-method %U auth data %v\n",
282 format_ikev2_auth_method, p->auth.method, format (0,
290 fformat (vam->ofp, " local id-type data %U\n",
291 format_ikev2_id_type_and_data, &p->loc_id);
296 fformat (vam->ofp, " remote id-type data %U\n",
297 format_ikev2_id_type_and_data, &p->rem_id);
300 fformat (vam->ofp, " local traffic-selector addr %U - %U port %u - %u"
302 format_ip_address, &p->loc_ts.start_addr,
303 format_ip_address, &p->loc_ts.end_addr,
304 clib_net_to_host_u16 (p->loc_ts.start_port),
305 clib_net_to_host_u16 (p->loc_ts.end_port), p->loc_ts.protocol_id);
307 fformat (vam->ofp, " remote traffic-selector addr %U - %U port %u - %u"
309 format_ip_address, &p->rem_ts.start_addr,
310 format_ip_address, &p->rem_ts.end_addr,
311 clib_net_to_host_u16 (p->rem_ts.start_port),
312 clib_net_to_host_u16 (p->rem_ts.end_port), p->rem_ts.protocol_id);
313 u32 tun_itf = clib_net_to_host_u32 (p->tun_itf);
315 fformat (vam->ofp, " protected tunnel idx %d\n", tun_itf);
317 u32 sw_if_index = clib_net_to_host_u32 (p->responder.sw_if_index);
318 if (~0 != sw_if_index)
319 fformat (vam->ofp, " responder idx %d %U\n",
320 sw_if_index, format_ip_address, &p->responder.addr);
323 fformat (vam->ofp, " udp-encap\n");
325 if (p->natt_disabled)
326 fformat (vam->ofp, " NAT-T disabled\n");
328 u32 ipsec_over_udp_port = clib_net_to_host_u16 (p->ipsec_over_udp_port);
329 if (ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
330 fformat (vam->ofp, " ipsec-over-udp port %d\n", ipsec_over_udp_port);
332 u32 crypto_key_size = clib_net_to_host_u32 (p->ike_ts.crypto_key_size);
333 if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_group
335 fformat (vam->ofp, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U\n",
336 format_ikev2_transform_encr_type, p->ike_ts.crypto_alg,
337 crypto_key_size, format_ikev2_transform_integ_type,
338 p->ike_ts.integ_alg, format_ikev2_transform_dh_type,
341 crypto_key_size = clib_net_to_host_u32 (p->esp_ts.crypto_key_size);
342 if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg)
343 fformat (vam->ofp, " esp-crypto-alg %U %u esp-integ-alg %U\n",
344 format_ikev2_transform_encr_type, p->esp_ts.crypto_alg,
346 format_ikev2_transform_integ_type, p->esp_ts.integ_alg);
348 fformat (vam->ofp, " lifetime %d jitter %d handover %d maxdata %d\n",
349 clib_net_to_host_u64 (p->lifetime),
350 clib_net_to_host_u32 (p->lifetime_jitter),
351 clib_net_to_host_u32 (p->handover),
352 clib_net_to_host_u64 (p->lifetime_maxdata));
354 vam->result_ready = 1;
358 api_ikev2_sa_dump (vat_main_t * vam)
360 ikev2_test_main_t *im = &ikev2_test_main;
361 vl_api_ikev2_sa_dump_t *mp;
362 vl_api_control_ping_t *mp_ping;
365 /* Construct the API message */
366 M (IKEV2_SA_DUMP, mp);
371 /* Use a control ping for synchronization */
373 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
374 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
375 mp_ping->_vl_msg_id = htons (im->ping_id);
376 mp_ping->client_index = vam->my_client_index;
377 vam->result_ready = 0;
381 /* Wait for a reply... */
387 vl_api_ikev2_sa_details_t_handler (vl_api_ikev2_sa_details_t * mp)
389 vat_main_t *vam = ikev2_test_main.vat_main;
390 vl_api_ikev2_sa_t *sa = &mp->sa;
393 vl_api_ikev2_keys_t *k = &sa->keys;
394 vl_api_ikev2_sa_t_endian (sa, 0 /* from network */);
396 ip_address_decode2 (&sa->iaddr, &iaddr);
397 ip_address_decode2 (&sa->raddr, &raddr);
399 fformat (vam->ofp, "profile index %u sa index: %d\n", mp->sa.profile_index,
401 fformat (vam->ofp, " iip %U ispi %lx rip %U rspi %lx\n", format_ip_address,
402 &iaddr, sa->ispi, format_ip_address, &raddr, sa->rspi);
403 fformat (vam->ofp, " %U ", format_ikev2_sa_transform, &sa->encryption);
404 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->prf);
405 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->integrity);
406 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &sa->dh);
408 fformat (vam->ofp, " SK_d %U\n", format_hex_bytes, k->sk_d, k->sk_d_len);
410 fformat (vam->ofp, " SK_a i:%U\n r:%U\n", format_hex_bytes,
411 k->sk_ai, k->sk_ai_len, format_hex_bytes, k->sk_ar, k->sk_ar_len);
413 fformat (vam->ofp, " SK_e i:%U\n r:%U\n", format_hex_bytes,
414 k->sk_ei, k->sk_ei_len, format_hex_bytes, k->sk_er, k->sk_er_len);
416 fformat (vam->ofp, " SK_p i:%U\n r:%U\n", format_hex_bytes,
417 k->sk_pi, k->sk_pi_len, format_hex_bytes, k->sk_pr, k->sk_pr_len);
419 fformat (vam->ofp, " identifier (i) %U\n", format_ikev2_id_type_and_data,
421 fformat (vam->ofp, " identifier (r) %U\n", format_ikev2_id_type_and_data,
424 vam->result_ready = 1;
428 api_ikev2_sa_v2_dump (vat_main_t *vam)
430 ikev2_test_main_t *im = &ikev2_test_main;
431 vl_api_ikev2_sa_v2_dump_t *mp;
432 vl_api_control_ping_t *mp_ping;
435 /* Construct the API message */
436 M (IKEV2_SA_V2_DUMP, mp);
441 /* Use a control ping for synchronization */
443 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
444 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
445 mp_ping->_vl_msg_id = htons (im->ping_id);
446 mp_ping->client_index = vam->my_client_index;
447 vam->result_ready = 0;
451 /* Wait for a reply... */
457 vl_api_ikev2_sa_v2_details_t_handler (vl_api_ikev2_sa_v2_details_t *mp)
459 vat_main_t *vam = ikev2_test_main.vat_main;
460 vl_api_ikev2_sa_v2_t *sa = &mp->sa;
463 vl_api_ikev2_keys_t *k = &sa->keys;
464 vl_api_ikev2_sa_v2_t_endian (sa, 0 /* from network */);
466 ip_address_decode2 (&sa->iaddr, &iaddr);
467 ip_address_decode2 (&sa->raddr, &raddr);
469 fformat (vam->ofp, "profile name %s sa index: %d\n", mp->sa.profile_name,
471 fformat (vam->ofp, " iip %U ispi %lx rip %U rspi %lx\n", format_ip_address,
472 &iaddr, sa->ispi, format_ip_address, &raddr, sa->rspi);
473 fformat (vam->ofp, " %U ", format_ikev2_sa_transform, &sa->encryption);
474 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->prf);
475 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->integrity);
476 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &sa->dh);
478 fformat (vam->ofp, " SK_d %U\n",
479 format_hex_bytes, k->sk_d, k->sk_d_len);
481 fformat (vam->ofp, " SK_a i:%U\n r:%U\n",
482 format_hex_bytes, k->sk_ai, k->sk_ai_len, format_hex_bytes,
483 k->sk_ar, k->sk_ar_len);
485 fformat (vam->ofp, " SK_e i:%U\n r:%U\n", format_hex_bytes,
486 k->sk_ei, k->sk_ei_len, format_hex_bytes, k->sk_er, k->sk_er_len);
488 fformat (vam->ofp, " SK_p i:%U\n r:%U\n", format_hex_bytes,
489 k->sk_pi, k->sk_pi_len, format_hex_bytes, k->sk_pr, k->sk_pr_len);
491 fformat (vam->ofp, " identifier (i) %U\n",
492 format_ikev2_id_type_and_data, &sa->i_id);
493 fformat (vam->ofp, " identifier (r) %U\n",
494 format_ikev2_id_type_and_data, &sa->r_id);
496 vam->result_ready = 1;
500 api_ikev2_sa_v3_dump (vat_main_t *vam)
502 ikev2_test_main_t *im = &ikev2_test_main;
503 vl_api_ikev2_sa_v3_dump_t *mp;
504 vl_api_control_ping_t *mp_ping;
507 /* Construct the API message */
508 M (IKEV2_SA_V3_DUMP, mp);
513 /* Use a control ping for synchronization */
515 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
516 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
517 mp_ping->_vl_msg_id = htons (im->ping_id);
518 mp_ping->client_index = vam->my_client_index;
519 vam->result_ready = 0;
523 /* Wait for a reply... */
529 vl_api_ikev2_sa_v3_details_t_handler (vl_api_ikev2_sa_v3_details_t *mp)
531 vat_main_t *vam = ikev2_test_main.vat_main;
532 vl_api_ikev2_sa_v3_t *sa = &mp->sa;
535 vl_api_ikev2_keys_t *k = &sa->keys;
536 vl_api_ikev2_sa_v3_t_endian (sa, 0 /* from network */);
538 ip_address_decode2 (&sa->iaddr, &iaddr);
539 ip_address_decode2 (&sa->raddr, &raddr);
541 fformat (vam->ofp, "profile name %s sa index: %d\n", mp->sa.profile_name,
543 fformat (vam->ofp, " iip %U ispi %lx rip %U rspi %lx\n", format_ip_address,
544 &iaddr, sa->ispi, format_ip_address, &raddr, sa->rspi);
545 fformat (vam->ofp, " %U ", format_ikev2_sa_transform, &sa->encryption);
546 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->prf);
547 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &sa->integrity);
548 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &sa->dh);
550 fformat (vam->ofp, " SK_d %U\n", format_hex_bytes, k->sk_d, k->sk_d_len);
552 fformat (vam->ofp, " SK_a i:%U\n r:%U\n", format_hex_bytes,
553 k->sk_ai, k->sk_ai_len, format_hex_bytes, k->sk_ar, k->sk_ar_len);
555 fformat (vam->ofp, " SK_e i:%U\n r:%U\n", format_hex_bytes,
556 k->sk_ei, k->sk_ei_len, format_hex_bytes, k->sk_er, k->sk_er_len);
558 fformat (vam->ofp, " SK_p i:%U\n r:%U\n", format_hex_bytes,
559 k->sk_pi, k->sk_pi_len, format_hex_bytes, k->sk_pr, k->sk_pr_len);
561 fformat (vam->ofp, " identifier (i) %U\n", format_ikev2_id_type_and_data,
563 fformat (vam->ofp, " identifier (r) %U\n", format_ikev2_id_type_and_data,
566 vam->result_ready = 1;
570 api_ikev2_child_sa_dump (vat_main_t * vam)
572 unformat_input_t *i = vam->input;
573 ikev2_test_main_t *im = &ikev2_test_main;
574 vl_api_ikev2_child_sa_dump_t *mp;
575 vl_api_control_ping_t *mp_ping;
579 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
581 if (unformat (i, "sa_index %d", &sa_index))
585 errmsg ("parse error '%U'", format_unformat_error, i);
593 /* Construct the API message */
594 M (IKEV2_CHILD_SA_DUMP, mp);
596 mp->sa_index = clib_net_to_host_u32 (sa_index);
601 /* Use a control ping for synchronization */
603 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
604 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
605 mp_ping->_vl_msg_id = htons (im->ping_id);
606 mp_ping->client_index = vam->my_client_index;
607 vam->result_ready = 0;
611 /* Wait for a reply... */
617 vl_api_ikev2_child_sa_details_t_handler (vl_api_ikev2_child_sa_details_t * mp)
619 vat_main_t *vam = ikev2_test_main.vat_main;
620 vl_api_ikev2_child_sa_t *child_sa = &mp->child_sa;
621 vl_api_ikev2_keys_t *k = &child_sa->keys;
622 vl_api_ikev2_child_sa_t_endian (child_sa, 0 /* from network */);
624 fformat (vam->ofp, " child sa %u:\n", child_sa->child_sa_index);
626 fformat (vam->ofp, " %U ", format_ikev2_sa_transform,
627 &child_sa->encryption);
628 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &child_sa->integrity);
629 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &child_sa->esn);
631 fformat (vam->ofp, " spi(i) %lx spi(r) %lx\n", child_sa->i_spi,
634 fformat (vam->ofp, " SK_e i:%U\n r:%U\n", format_hex_bytes,
635 k->sk_ei, k->sk_ei_len, format_hex_bytes, k->sk_er, k->sk_er_len);
638 fformat (vam->ofp, " SK_a i:%U\n r:%U\n", format_hex_bytes,
639 k->sk_ai, k->sk_ai_len, format_hex_bytes, k->sk_ar,
642 vam->result_ready = 1;
646 api_ikev2_child_sa_v2_dump (vat_main_t *vam)
648 unformat_input_t *i = vam->input;
649 ikev2_test_main_t *im = &ikev2_test_main;
650 vl_api_ikev2_child_sa_dump_t *mp;
651 vl_api_control_ping_t *mp_ping;
655 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
657 if (unformat (i, "sa_index %d", &sa_index))
661 errmsg ("parse error '%U'", format_unformat_error, i);
669 /* Construct the API message */
670 M (IKEV2_CHILD_SA_DUMP, mp);
672 mp->sa_index = clib_net_to_host_u32 (sa_index);
677 /* Use a control ping for synchronization */
679 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
680 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
681 mp_ping->_vl_msg_id = htons (im->ping_id);
682 mp_ping->client_index = vam->my_client_index;
683 vam->result_ready = 0;
687 /* Wait for a reply... */
693 vl_api_ikev2_child_sa_v2_details_t_handler (
694 vl_api_ikev2_child_sa_details_t *mp)
696 vat_main_t *vam = ikev2_test_main.vat_main;
697 vl_api_ikev2_child_sa_t *child_sa = &mp->child_sa;
698 vl_api_ikev2_keys_t *k = &child_sa->keys;
699 vl_api_ikev2_child_sa_t_endian (child_sa, 0 /* from network */);
701 fformat (vam->ofp, " child sa %u:\n", child_sa->child_sa_index);
703 fformat (vam->ofp, " %U ", format_ikev2_sa_transform,
704 &child_sa->encryption);
705 fformat (vam->ofp, "%U ", format_ikev2_sa_transform, &child_sa->integrity);
706 fformat (vam->ofp, "%U \n", format_ikev2_sa_transform, &child_sa->esn);
708 fformat (vam->ofp, " spi(i) %lx spi(r) %lx\n",
709 child_sa->i_spi, child_sa->r_spi);
711 fformat (vam->ofp, " SK_e i:%U\n r:%U\n",
712 format_hex_bytes, k->sk_ei, k->sk_ei_len,
713 format_hex_bytes, k->sk_er, k->sk_er_len);
716 fformat (vam->ofp, " SK_a i:%U\n r:%U\n",
717 format_hex_bytes, k->sk_ai, k->sk_ai_len,
718 format_hex_bytes, k->sk_ar, k->sk_ar_len);
720 vam->result_ready = 1;
724 api_ikev2_traffic_selector_dump (vat_main_t * vam)
726 unformat_input_t *i = vam->input;
727 ikev2_test_main_t *im = &ikev2_test_main;
728 vl_api_ikev2_traffic_selector_dump_t *mp;
729 vl_api_control_ping_t *mp_ping;
730 int is_initiator = ~0;
732 int child_sa_index = ~0;
735 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
737 if (unformat (i, "initiator"))
739 else if (unformat (i, "responder"))
741 else if (unformat (i, "sa_index %d", &sa_index))
743 else if (unformat (i, "child_sa_index %d", &child_sa_index))
747 errmsg ("parse error '%U'", format_unformat_error, i);
752 if (child_sa_index == ~0 || sa_index == ~0 || is_initiator == ~0)
755 /* Construct the API message */
756 M (IKEV2_TRAFFIC_SELECTOR_DUMP, mp);
758 mp->is_initiator = is_initiator;
759 mp->sa_index = clib_host_to_net_u32 (sa_index);
760 mp->child_sa_index = clib_host_to_net_u32 (child_sa_index);
765 /* Use a control ping for synchronization */
767 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
768 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
769 mp_ping->_vl_msg_id = htons (im->ping_id);
770 mp_ping->client_index = vam->my_client_index;
771 vam->result_ready = 0;
775 /* Wait for a reply... */
781 vl_api_ikev2_traffic_selector_details_t_handler
782 (vl_api_ikev2_traffic_selector_details_t * mp)
784 vat_main_t *vam = ikev2_test_main.vat_main;
785 vl_api_ikev2_ts_t *ts = &mp->ts;
786 ip_address_t start_addr, end_addr;
787 vl_api_ikev2_ts_t_endian (ts, 0 /* from network */);
789 ip_address_decode2 (&ts->start_addr, &start_addr);
790 ip_address_decode2 (&ts->end_addr, &end_addr);
792 fformat (vam->ofp, " %s protocol_id %u addr "
793 "%U - %U port %u - %u\n",
794 ts->is_local, ts->protocol_id,
795 format_ip_address, &start_addr,
796 format_ip_address, &end_addr, ts->start_port, ts->end_port);
797 vam->result_ready = 1;
801 api_ikev2_nonce_get (vat_main_t * vam)
803 unformat_input_t *i = vam->input;
804 ikev2_test_main_t *im = &ikev2_test_main;
805 vl_api_ikev2_nonce_get_t *mp;
806 vl_api_control_ping_t *mp_ping;
807 u32 is_initiator = ~0;
811 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
813 if (unformat (i, "initiator"))
815 else if (unformat (i, "responder"))
817 else if (unformat (i, "sa_index %d", &sa_index))
821 errmsg ("parse error '%U'", format_unformat_error, i);
826 if (sa_index == ~0 || is_initiator == ~0)
829 /* Construct the API message */
830 M (IKEV2_NONCE_GET, mp);
832 mp->is_initiator = is_initiator;
833 mp->sa_index = clib_host_to_net_u32 (sa_index);
838 /* Use a control ping for synchronization */
840 im->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
841 mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
842 mp_ping->_vl_msg_id = htons (im->ping_id);
843 mp_ping->client_index = vam->my_client_index;
844 vam->result_ready = 0;
848 /* Wait for a reply... */
854 vl_api_ikev2_nonce_get_reply_t_handler (vl_api_ikev2_nonce_get_reply_t * mp)
856 vat_main_t *vam = ikev2_test_main.vat_main;
857 mp->data_len = clib_net_to_host_u32 (mp->data_len);
859 fformat (vam->ofp, " nonce:%U\n",
860 format_hex_bytes, mp->nonce, mp->data_len);
862 vam->result_ready = 1;
866 api_ikev2_plugin_get_version (vat_main_t * vam)
868 ikev2_test_main_t *sm = &ikev2_test_main;
869 vl_api_ikev2_plugin_get_version_t *mp;
870 u32 msg_size = sizeof (*mp);
873 vam->result_ready = 0;
874 mp = vl_msg_api_alloc_as_if_client (msg_size);
875 clib_memset (mp, 0, msg_size);
876 mp->_vl_msg_id = ntohs (VL_API_IKEV2_PLUGIN_GET_VERSION + sm->msg_id_base);
877 mp->client_index = vam->my_client_index;
882 /* Wait for a reply... */
887 static void vl_api_ikev2_plugin_get_version_reply_t_handler
888 (vl_api_ikev2_plugin_get_version_reply_t * mp)
890 vat_main_t *vam = ikev2_test_main.vat_main;
891 clib_warning ("IKEv2 plugin version: %d.%d", ntohl (mp->major),
893 vam->result_ready = 1;
897 api_ikev2_profile_set_ipsec_udp_port (vat_main_t * vam)
903 api_ikev2_profile_set_liveness (vat_main_t * vam)
905 unformat_input_t *i = vam->input;
906 vl_api_ikev2_profile_set_liveness_t *mp;
907 u32 period = 0, max_retries = 0;
910 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
912 if (!unformat (i, "period %d max-retries %d", &period, &max_retries))
914 errmsg ("parse error '%U'", format_unformat_error, i);
919 M (IKEV2_PROFILE_SET_LIVENESS, mp);
921 mp->period = clib_host_to_net_u32 (period);
922 mp->max_retries = clib_host_to_net_u32 (max_retries);
931 api_ikev2_profile_add_del (vat_main_t * vam)
933 unformat_input_t *i = vam->input;
934 vl_api_ikev2_profile_add_del_t *mp;
939 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
941 if (unformat (i, "del"))
943 else if (unformat (i, "name %U", unformat_token, valid_chars, &name))
947 errmsg ("parse error '%U'", format_unformat_error, i);
954 errmsg ("profile name must be specified");
958 if (vec_len (name) > 64)
960 errmsg ("profile name too long");
964 M (IKEV2_PROFILE_ADD_DEL, mp);
966 clib_memcpy (mp->name, name, vec_len (name));
976 api_ikev2_profile_set_auth (vat_main_t * vam)
978 unformat_input_t *i = vam->input;
979 vl_api_ikev2_profile_set_auth_t *mp;
986 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
988 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
990 else if (unformat (i, "auth_method %U",
991 unformat_ikev2_auth_method, &auth_method))
993 else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data))
995 else if (unformat (i, "auth_data %v", &data))
999 errmsg ("parse error '%U'", format_unformat_error, i);
1004 if (!vec_len (name))
1006 errmsg ("profile name must be specified");
1010 if (vec_len (name) > 64)
1012 errmsg ("profile name too long");
1016 if (!vec_len (data))
1018 errmsg ("auth_data must be specified");
1024 errmsg ("auth_method must be specified");
1028 M (IKEV2_PROFILE_SET_AUTH, mp);
1030 mp->is_hex = is_hex;
1031 mp->auth_method = (u8) auth_method;
1032 mp->data_len = vec_len (data);
1033 clib_memcpy (mp->name, name, vec_len (name));
1034 clib_memcpy (mp->data, data, vec_len (data));
1044 api_ikev2_profile_set_id (vat_main_t * vam)
1046 unformat_input_t *i = vam->input;
1047 vl_api_ikev2_profile_set_id_t *mp;
1055 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1057 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
1059 else if (unformat (i, "id_type %U", unformat_ikev2_id_type, &id_type))
1061 else if (unformat (i, "id_data %U", unformat_ip_address, &ip))
1063 data = vec_new (u8, ip_address_size (&ip));
1064 clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
1066 else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data))
1068 else if (unformat (i, "id_data %v", &data))
1070 else if (unformat (i, "local"))
1072 else if (unformat (i, "remote"))
1076 errmsg ("parse error '%U'", format_unformat_error, i);
1081 if (!vec_len (name))
1083 errmsg ("profile name must be specified");
1087 if (vec_len (name) > 64)
1089 errmsg ("profile name too long");
1093 if (!vec_len (data))
1095 errmsg ("id_data must be specified");
1101 errmsg ("id_type must be specified");
1105 M (IKEV2_PROFILE_SET_ID, mp);
1107 mp->is_local = is_local;
1108 mp->id_type = (u8) id_type;
1109 mp->data_len = vec_len (data);
1110 clib_memcpy (mp->name, name, vec_len (name));
1111 clib_memcpy (mp->data, data, vec_len (data));
1121 api_ikev2_profile_set_ts (vat_main_t * vam)
1123 unformat_input_t *i = vam->input;
1124 vl_api_ikev2_profile_set_ts_t *mp;
1127 u32 proto = 0, start_port = 0, end_port = (u32) ~ 0;
1128 ip_address_t start_addr, end_addr;
1129 u8 start_addr_set = 0, end_addr_set = 0;
1132 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1134 if (unformat (i, "name %U", unformat_token, valid_chars, &name))
1136 else if (unformat (i, "protocol %d", &proto))
1138 else if (unformat (i, "start_port %d", &start_port))
1140 else if (unformat (i, "end_port %d", &end_port))
1143 if (unformat (i, "start_addr %U", unformat_ip_address, &start_addr))
1145 else if (unformat (i, "end_addr %U", unformat_ip_address, &end_addr))
1147 else if (unformat (i, "local"))
1149 else if (unformat (i, "remote"))
1153 errmsg ("parse error '%U'", format_unformat_error, i);
1158 if (!start_addr_set || !end_addr_set)
1160 errmsg ("missing start or end address");
1164 if (!vec_len (name))
1166 errmsg ("profile name must be specified");
1170 if (vec_len (name) > 64)
1172 errmsg ("profile name too long");
1176 M (IKEV2_PROFILE_SET_TS, mp);
1178 mp->ts.is_local = is_local;
1179 mp->ts.protocol_id = (u8) proto;
1180 mp->ts.start_port = clib_host_to_net_u16 ((u16) start_port);
1181 mp->ts.end_port = clib_host_to_net_u16 ((u16) end_port);
1182 ip_address_encode2 (&start_addr, &mp->ts.start_addr);
1183 ip_address_encode2 (&end_addr, &mp->ts.end_addr);
1184 clib_memcpy (mp->name, name, vec_len (name));
1193 api_ikev2_set_local_key (vat_main_t * vam)
1195 unformat_input_t *i = vam->input;
1196 vl_api_ikev2_set_local_key_t *mp;
1200 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1202 if (unformat (i, "file %v", &file))
1206 errmsg ("parse error '%U'", format_unformat_error, i);
1211 if (!vec_len (file))
1213 errmsg ("RSA key file must be specified");
1217 if (vec_len (file) > 256)
1219 errmsg ("file name too long");
1223 M (IKEV2_SET_LOCAL_KEY, mp);
1225 clib_memcpy (mp->key_file, file, vec_len (file));
1234 api_ikev2_profile_set_udp_encap (vat_main_t * vam)
1236 unformat_input_t *i = vam->input;
1237 vl_api_ikev2_profile_set_udp_encap_t *mp;
1241 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1243 if (unformat (i, "%U udp-encap", unformat_token, valid_chars, &name))
1247 errmsg ("parse error '%U'", format_unformat_error, i);
1252 if (!vec_len (name))
1254 errmsg ("profile name must be specified");
1258 if (vec_len (name) > 64)
1260 errmsg ("profile name too long");
1264 M (IKEV2_PROFILE_SET_UDP_ENCAP, mp);
1266 clib_memcpy (mp->name, name, vec_len (name));
1275 api_ikev2_set_tunnel_interface (vat_main_t * vam)
1281 api_ikev2_set_responder_hostname (vat_main_t *vam)
1283 unformat_input_t *i = vam->input;
1284 vl_api_ikev2_set_responder_hostname_t *mp;
1286 u8 *name = 0, *hn = 0;
1288 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1290 if (unformat (i, "%U hostname %v", unformat_token, valid_chars, &name,
1298 errmsg ("parse error '%U'", format_unformat_error, i);
1303 if (!vec_len (name))
1305 errmsg ("profile name must be specified");
1309 if (vec_len (name) > 64)
1311 errmsg ("profile name too long");
1315 M (IKEV2_SET_RESPONDER_HOSTNAME, mp);
1317 clib_memcpy (mp->name, name, vec_len (name));
1318 clib_memcpy (mp->hostname, hn, vec_len (hn));
1328 api_ikev2_set_responder (vat_main_t * vam)
1330 unformat_input_t *i = vam->input;
1331 vl_api_ikev2_set_responder_t *mp;
1334 u32 sw_if_index = ~0;
1335 ip_address_t address;
1337 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1340 (i, "%U interface %d address %U", unformat_token, valid_chars,
1341 &name, &sw_if_index, unformat_ip_address, &address))
1345 errmsg ("parse error '%U'", format_unformat_error, i);
1350 if (!vec_len (name))
1352 errmsg ("profile name must be specified");
1356 if (vec_len (name) > 64)
1358 errmsg ("profile name too long");
1362 M (IKEV2_SET_RESPONDER, mp);
1364 clib_memcpy (mp->name, name, vec_len (name));
1367 mp->responder.sw_if_index = clib_host_to_net_u32 (sw_if_index);
1368 ip_address_encode2 (&address, &mp->responder.addr);
1376 api_ikev2_set_ike_transforms (vat_main_t * vam)
1378 unformat_input_t *i = vam->input;
1379 vl_api_ikev2_set_ike_transforms_t *mp;
1382 u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
1384 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1386 if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
1387 &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
1391 errmsg ("parse error '%U'", format_unformat_error, i);
1396 if (!vec_len (name))
1398 errmsg ("profile name must be specified");
1402 if (vec_len (name) > 64)
1404 errmsg ("profile name too long");
1408 M (IKEV2_SET_IKE_TRANSFORMS, mp);
1410 clib_memcpy (mp->name, name, vec_len (name));
1412 mp->tr.crypto_alg = crypto_alg;
1413 mp->tr.crypto_key_size = clib_host_to_net_u32 (crypto_key_size);
1414 mp->tr.integ_alg = integ_alg;
1415 mp->tr.dh_group = dh_group;
1424 api_ikev2_set_esp_transforms (vat_main_t * vam)
1426 unformat_input_t *i = vam->input;
1427 vl_api_ikev2_set_esp_transforms_t *mp;
1430 u32 crypto_alg, crypto_key_size, integ_alg;
1432 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1434 if (unformat (i, "%U %d %d %d", unformat_token, valid_chars, &name,
1435 &crypto_alg, &crypto_key_size, &integ_alg))
1439 errmsg ("parse error '%U'", format_unformat_error, i);
1444 if (!vec_len (name))
1446 errmsg ("profile name must be specified");
1450 if (vec_len (name) > 64)
1452 errmsg ("profile name too long");
1456 M (IKEV2_SET_ESP_TRANSFORMS, mp);
1458 clib_memcpy (mp->name, name, vec_len (name));
1460 mp->tr.crypto_alg = crypto_alg;
1461 mp->tr.crypto_key_size = clib_host_to_net_u32 (crypto_key_size);
1462 mp->tr.integ_alg = integ_alg;
1470 api_ikev2_set_sa_lifetime (vat_main_t * vam)
1472 unformat_input_t *i = vam->input;
1473 vl_api_ikev2_set_sa_lifetime_t *mp;
1476 u64 lifetime, lifetime_maxdata;
1477 u32 lifetime_jitter, handover;
1479 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1481 if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name,
1482 &lifetime, &lifetime_jitter, &handover,
1487 errmsg ("parse error '%U'", format_unformat_error, i);
1492 if (!vec_len (name))
1494 errmsg ("profile name must be specified");
1498 if (vec_len (name) > 64)
1500 errmsg ("profile name too long");
1504 M (IKEV2_SET_SA_LIFETIME, mp);
1506 clib_memcpy (mp->name, name, vec_len (name));
1508 mp->lifetime = lifetime;
1509 mp->lifetime_jitter = lifetime_jitter;
1510 mp->handover = handover;
1511 mp->lifetime_maxdata = lifetime_maxdata;
1519 api_ikev2_initiate_sa_init (vat_main_t * vam)
1521 unformat_input_t *i = vam->input;
1522 vl_api_ikev2_initiate_sa_init_t *mp;
1526 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1528 if (unformat (i, "%U", unformat_token, valid_chars, &name))
1532 errmsg ("parse error '%U'", format_unformat_error, i);
1537 if (!vec_len (name))
1539 errmsg ("profile name must be specified");
1543 if (vec_len (name) > 64)
1545 errmsg ("profile name too long");
1549 M (IKEV2_INITIATE_SA_INIT, mp);
1551 clib_memcpy (mp->name, name, vec_len (name));
1560 api_ikev2_initiate_del_ike_sa (vat_main_t * vam)
1562 unformat_input_t *i = vam->input;
1563 vl_api_ikev2_initiate_del_ike_sa_t *mp;
1568 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1570 if (unformat (i, "%lx", &ispi))
1574 errmsg ("parse error '%U'", format_unformat_error, i);
1579 M (IKEV2_INITIATE_DEL_IKE_SA, mp);
1589 api_ikev2_initiate_del_child_sa (vat_main_t * vam)
1591 unformat_input_t *i = vam->input;
1592 vl_api_ikev2_initiate_del_child_sa_t *mp;
1597 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1599 if (unformat (i, "%x", &ispi))
1603 errmsg ("parse error '%U'", format_unformat_error, i);
1608 M (IKEV2_INITIATE_DEL_CHILD_SA, mp);
1618 api_ikev2_initiate_rekey_child_sa (vat_main_t * vam)
1620 unformat_input_t *i = vam->input;
1621 vl_api_ikev2_initiate_rekey_child_sa_t *mp;
1626 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
1628 if (unformat (i, "%x", &ispi))
1632 errmsg ("parse error '%U'", format_unformat_error, i);
1637 M (IKEV2_INITIATE_REKEY_CHILD_SA, mp);
1646 #include <ikev2/ikev2.api_test.c>
1649 * fd.io coding-style-patch-verification: ON
1652 * eval: (c-set-style "gnu")