2 *------------------------------------------------------------------
3 * ipsec_api.c - ipsec api
5 * Copyright (c) 2016 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
23 #include <vnet/interface.h>
24 #include <vnet/api_errno.h>
25 #include <vnet/ip/ip.h>
26 #include <vnet/ip/ip_types_api.h>
27 #include <vnet/ipsec/ipsec_types_api.h>
28 #include <vnet/tunnel/tunnel_types_api.h>
29 #include <vnet/fib/fib.h>
30 #include <vnet/ipip/ipip.h>
31 #include <vnet/tunnel/tunnel_types_api.h>
32 #include <vnet/ipsec/ipsec.h>
33 #include <vnet/ipsec/ipsec_tun.h>
34 #include <vnet/ipsec/ipsec_itf.h>
36 #include <vnet/format_fns.h>
37 #include <vnet/ipsec/ipsec.api_enum.h>
38 #include <vnet/ipsec/ipsec.api_types.h>
40 #define REPLY_MSG_ID_BASE ipsec_main.msg_id_base
41 #include <vlibapi/api_helper_macros.h>
44 vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp)
46 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
47 vl_api_ipsec_spd_add_del_reply_t *rmp;
50 rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
52 REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
55 static void vl_api_ipsec_interface_add_del_spd_t_handler
56 (vl_api_ipsec_interface_add_del_spd_t * mp)
58 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
59 vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
61 u32 sw_if_index __attribute__ ((unused));
62 u32 spd_id __attribute__ ((unused));
64 sw_if_index = ntohl (mp->sw_if_index);
65 spd_id = ntohl (mp->spd_id);
67 VALIDATE_SW_IF_INDEX (mp);
69 rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
71 BAD_SW_IF_INDEX_LABEL;
73 REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
76 static void vl_api_ipsec_tunnel_protect_update_t_handler
77 (vl_api_ipsec_tunnel_protect_update_t * mp)
79 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
80 vl_api_ipsec_tunnel_protect_update_reply_t *rmp;
81 u32 sw_if_index, ii, *sa_ins = NULL;
85 sw_if_index = ntohl (mp->tunnel.sw_if_index);
87 VALIDATE_SW_IF_INDEX (&(mp->tunnel));
89 for (ii = 0; ii < mp->tunnel.n_sa_in; ii++)
90 vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii]));
92 ip_address_decode2 (&mp->tunnel.nh, &nh);
94 rv = ipsec_tun_protect_update (sw_if_index, &nh,
95 ntohl (mp->tunnel.sa_out), sa_ins);
97 BAD_SW_IF_INDEX_LABEL;
99 REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_UPDATE_REPLY);
102 static void vl_api_ipsec_tunnel_protect_del_t_handler
103 (vl_api_ipsec_tunnel_protect_del_t * mp)
105 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
106 vl_api_ipsec_tunnel_protect_del_reply_t *rmp;
111 sw_if_index = ntohl (mp->sw_if_index);
113 VALIDATE_SW_IF_INDEX (mp);
115 ip_address_decode2 (&mp->nh, &nh);
116 rv = ipsec_tun_protect_del (sw_if_index, &nh);
118 BAD_SW_IF_INDEX_LABEL;
120 REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_DEL_REPLY);
123 typedef struct ipsec_dump_walk_ctx_t_
125 vl_api_registration_t *reg;
128 } ipsec_dump_walk_ctx_t;
131 send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
133 ipsec_dump_walk_ctx_t *ctx = arg;
134 vl_api_ipsec_tunnel_protect_details_t *mp;
135 ipsec_tun_protect_t *itp;
139 itp = ipsec_tun_protect_get (itpi);
141 mp = vl_msg_api_alloc (sizeof (*mp) + (sizeof (u32) * itp->itp_n_sa_in));
142 clib_memset (mp, 0, sizeof (*mp));
144 ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_TUNNEL_PROTECT_DETAILS);
145 mp->context = ctx->context;
147 mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
148 ip_address_encode2 (itp->itp_key, &mp->tun.nh);
150 sa = ipsec_sa_get (itp->itp_out_sa);
151 mp->tun.sa_out = htonl (sa->id);
152 mp->tun.n_sa_in = itp->itp_n_sa_in;
153 FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
155 mp->tun.sa_in[ii++] = htonl (sa->id);
158 vl_api_send_msg (ctx->reg, (u8 *) mp);
160 return (WALK_CONTINUE);
164 vl_api_ipsec_tunnel_protect_dump_t_handler (vl_api_ipsec_tunnel_protect_dump_t
167 vl_api_registration_t *reg;
170 reg = vl_api_client_index_to_registration (mp->client_index);
174 ipsec_dump_walk_ctx_t ctx = {
176 .context = mp->context,
179 sw_if_index = ntohl (mp->sw_if_index);
181 if (~0 == sw_if_index)
183 ipsec_tun_protect_walk (send_ipsec_tunnel_protect_details, &ctx);
187 ipsec_tun_protect_walk_itf (sw_if_index,
188 send_ipsec_tunnel_protect_details, &ctx);
193 ipsec_spd_action_decode (vl_api_ipsec_spd_action_t in,
194 ipsec_policy_action_t * out)
196 in = clib_net_to_host_u32 (in);
200 #define _(v,f,s) case IPSEC_API_SPD_ACTION_##f: \
201 *out = IPSEC_POLICY_ACTION_##f; \
203 foreach_ipsec_policy_action
206 return (VNET_API_ERROR_UNIMPLEMENTED);
209 static void vl_api_ipsec_spd_entry_add_del_t_handler
210 (vl_api_ipsec_spd_entry_add_del_t * mp)
212 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
213 vl_api_ipsec_spd_entry_add_del_reply_t *rmp;
222 clib_memset (&p, 0, sizeof (p));
224 p.id = ntohl (mp->entry.spd_id);
225 p.priority = ntohl (mp->entry.priority);
227 itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start);
228 ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop);
229 ip_address_decode (&mp->entry.local_address_start, &p.laddr.start);
230 ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop);
232 p.is_ipv6 = (itype == IP46_TYPE_IP6);
235 mp->entry.protocol ? mp->entry.protocol : IPSEC_POLICY_PROTOCOL_ANY;
236 p.rport.start = ntohs (mp->entry.remote_port_start);
237 p.rport.stop = ntohs (mp->entry.remote_port_stop);
238 p.lport.start = ntohs (mp->entry.local_port_start);
239 p.lport.stop = ntohs (mp->entry.local_port_stop);
241 rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
246 /* policy action resolve unsupported */
247 if (p.policy == IPSEC_POLICY_ACTION_RESOLVE)
249 clib_warning ("unsupported action: 'resolve'");
250 rv = VNET_API_ERROR_UNIMPLEMENTED;
253 p.sa_id = ntohl (mp->entry.sa_id);
255 ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy,
260 rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index);
265 REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_REPLY,
267 rmp->stat_index = ntohl(stat_index);
272 vl_api_ipsec_spd_entry_add_del_v2_t_handler (
273 vl_api_ipsec_spd_entry_add_del_v2_t *mp)
275 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
276 vl_api_ipsec_spd_entry_add_del_reply_t *rmp;
285 clib_memset (&p, 0, sizeof (p));
287 p.id = ntohl (mp->entry.spd_id);
288 p.priority = ntohl (mp->entry.priority);
290 itype = ip_address_decode (&mp->entry.remote_address_start, &p.raddr.start);
291 ip_address_decode (&mp->entry.remote_address_stop, &p.raddr.stop);
292 ip_address_decode (&mp->entry.local_address_start, &p.laddr.start);
293 ip_address_decode (&mp->entry.local_address_stop, &p.laddr.stop);
295 p.is_ipv6 = (itype == IP46_TYPE_IP6);
297 p.protocol = mp->entry.protocol;
298 p.rport.start = ntohs (mp->entry.remote_port_start);
299 p.rport.stop = ntohs (mp->entry.remote_port_stop);
300 p.lport.start = ntohs (mp->entry.local_port_start);
301 p.lport.stop = ntohs (mp->entry.local_port_stop);
303 rv = ipsec_spd_action_decode (mp->entry.policy, &p.policy);
308 /* policy action resolve unsupported */
309 if (p.policy == IPSEC_POLICY_ACTION_RESOLVE)
311 clib_warning ("unsupported action: 'resolve'");
312 rv = VNET_API_ERROR_UNIMPLEMENTED;
315 p.sa_id = ntohl (mp->entry.sa_id);
317 ipsec_policy_mk_type (mp->entry.is_outbound, p.is_ipv6, p.policy, &p.type);
321 rv = ipsec_add_del_policy (vm, &p, mp->is_add, &stat_index);
326 REPLY_MACRO2 (VL_API_IPSEC_SPD_ENTRY_ADD_DEL_V2_REPLY,
327 ({ rmp->stat_index = ntohl (stat_index); }));
330 static void vl_api_ipsec_sad_entry_add_del_t_handler
331 (vl_api_ipsec_sad_entry_add_del_t * mp)
333 vl_api_ipsec_sad_entry_add_del_reply_t *rmp;
334 ipsec_key_t crypto_key, integ_key;
335 ipsec_crypto_alg_t crypto_alg;
336 ipsec_integ_alg_t integ_alg;
337 ipsec_protocol_t proto;
338 ipsec_sa_flags_t flags;
339 u32 id, spi, sa_index = ~0;
341 .t_flags = TUNNEL_FLAG_NONE,
342 .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
344 .t_mode = TUNNEL_MODE_P2P,
350 id = ntohl (mp->entry.sad_id);
353 rv = ipsec_sa_unlock_id (id);
356 spi = ntohl (mp->entry.spi);
358 rv = ipsec_proto_decode (mp->entry.protocol, &proto);
363 rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
368 rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
373 ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
374 ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
376 flags = ipsec_sa_flags_decode (mp->entry.flags);
378 ip_address_decode2 (&mp->entry.tunnel_src, &tun.t_src);
379 ip_address_decode2 (&mp->entry.tunnel_dst, &tun.t_dst);
381 rv = ipsec_sa_add_and_lock (
382 id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
383 mp->entry.salt, htons (mp->entry.udp_src_port),
384 htons (mp->entry.udp_dst_port), 0, &tun, &sa_index);
387 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY,
389 rmp->stat_index = htonl (sa_index);
393 static void vl_api_ipsec_sad_entry_add_del_v2_t_handler
394 (vl_api_ipsec_sad_entry_add_del_v2_t * mp)
396 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
397 vl_api_ipsec_sad_entry_add_del_v2_reply_t *rmp;
398 ipsec_key_t crypto_key, integ_key;
399 ipsec_crypto_alg_t crypto_alg;
400 ipsec_integ_alg_t integ_alg;
401 ipsec_protocol_t proto;
402 ipsec_sa_flags_t flags;
403 u32 id, spi, sa_index = ~0;
406 .t_flags = TUNNEL_FLAG_NONE,
407 .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
409 .t_mode = TUNNEL_MODE_P2P,
410 .t_table_id = htonl (mp->entry.tx_table_id),
414 id = ntohl (mp->entry.sad_id);
417 rv = ipsec_sa_unlock_id (id);
421 spi = ntohl (mp->entry.spi);
423 rv = ipsec_proto_decode (mp->entry.protocol, &proto);
428 rv = ipsec_crypto_algo_decode (mp->entry.crypto_algorithm, &crypto_alg);
433 rv = ipsec_integ_algo_decode (mp->entry.integrity_algorithm, &integ_alg);
438 rv = tunnel_encap_decap_flags_decode (mp->entry.tunnel_flags,
439 &tun.t_encap_decap_flags);
444 ipsec_key_decode (&mp->entry.crypto_key, &crypto_key);
445 ipsec_key_decode (&mp->entry.integrity_key, &integ_key);
447 flags = ipsec_sa_flags_decode (mp->entry.flags);
448 tun.t_dscp = ip_dscp_decode (mp->entry.dscp);
450 ip_address_decode2 (&mp->entry.tunnel_src, &tun.t_src);
451 ip_address_decode2 (&mp->entry.tunnel_dst, &tun.t_dst);
453 rv = ipsec_sa_add_and_lock (
454 id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
455 mp->entry.salt, htons (mp->entry.udp_src_port),
456 htons (mp->entry.udp_dst_port), 0, &tun, &sa_index);
459 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V2_REPLY,
461 rmp->stat_index = htonl (sa_index);
466 ipsec_sad_entry_add_v3 (const vl_api_ipsec_sad_entry_v3_t *entry,
469 ipsec_key_t crypto_key, integ_key;
470 ipsec_crypto_alg_t crypto_alg;
471 ipsec_integ_alg_t integ_alg;
472 ipsec_protocol_t proto;
473 ipsec_sa_flags_t flags;
475 tunnel_t tun = { 0 };
478 id = ntohl (entry->sad_id);
479 spi = ntohl (entry->spi);
481 rv = ipsec_proto_decode (entry->protocol, &proto);
486 rv = ipsec_crypto_algo_decode (entry->crypto_algorithm, &crypto_alg);
491 rv = ipsec_integ_algo_decode (entry->integrity_algorithm, &integ_alg);
496 flags = ipsec_sa_flags_decode (entry->flags);
498 if (flags & IPSEC_SA_FLAG_IS_TUNNEL)
500 rv = tunnel_decode (&entry->tunnel, &tun);
506 ipsec_key_decode (&entry->crypto_key, &crypto_key);
507 ipsec_key_decode (&entry->integrity_key, &integ_key);
509 return ipsec_sa_add_and_lock (
510 id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
511 entry->salt, htons (entry->udp_src_port), htons (entry->udp_dst_port), 0,
516 vl_api_ipsec_sad_entry_add_del_v3_t_handler (
517 vl_api_ipsec_sad_entry_add_del_v3_t *mp)
519 vl_api_ipsec_sad_entry_add_del_v3_reply_t *rmp;
520 u32 id, sa_index = ~0;
523 id = ntohl (mp->entry.sad_id);
527 rv = ipsec_sa_unlock_id (id);
531 rv = ipsec_sad_entry_add_v3 (&mp->entry, &sa_index);
534 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_DEL_V3_REPLY,
535 { rmp->stat_index = htonl (sa_index); });
539 ipsec_sad_entry_add_v4 (const vl_api_ipsec_sad_entry_v4_t *entry,
542 ipsec_key_t crypto_key, integ_key;
543 ipsec_crypto_alg_t crypto_alg;
544 ipsec_integ_alg_t integ_alg;
545 ipsec_protocol_t proto;
546 ipsec_sa_flags_t flags;
548 tunnel_t tun = { 0 };
551 id = ntohl (entry->sad_id);
552 spi = ntohl (entry->spi);
554 rv = ipsec_proto_decode (entry->protocol, &proto);
559 rv = ipsec_crypto_algo_decode (entry->crypto_algorithm, &crypto_alg);
564 rv = ipsec_integ_algo_decode (entry->integrity_algorithm, &integ_alg);
569 flags = ipsec_sa_flags_decode (entry->flags);
571 if (flags & IPSEC_SA_FLAG_IS_TUNNEL)
573 rv = tunnel_decode (&entry->tunnel, &tun);
579 ipsec_key_decode (&entry->crypto_key, &crypto_key);
580 ipsec_key_decode (&entry->integrity_key, &integ_key);
582 return ipsec_sa_add_and_lock (
583 id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
584 entry->salt, htons (entry->udp_src_port), htons (entry->udp_dst_port),
585 ntohl (entry->anti_replay_window_size), &tun, sa_index);
589 vl_api_ipsec_sad_entry_del_t_handler (vl_api_ipsec_sad_entry_del_t *mp)
591 vl_api_ipsec_sad_entry_del_reply_t *rmp;
594 rv = ipsec_sa_unlock_id (ntohl (mp->id));
596 REPLY_MACRO (VL_API_IPSEC_SAD_ENTRY_DEL_REPLY);
600 vl_api_ipsec_sad_entry_add_t_handler (vl_api_ipsec_sad_entry_add_t *mp)
602 vl_api_ipsec_sad_entry_add_reply_t *rmp;
606 rv = ipsec_sad_entry_add_v3 (&mp->entry, &sa_index);
608 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_REPLY,
609 { rmp->stat_index = htonl (sa_index); });
613 vl_api_ipsec_sad_entry_add_v2_t_handler (vl_api_ipsec_sad_entry_add_v2_t *mp)
615 vl_api_ipsec_sad_entry_add_reply_t *rmp;
619 rv = ipsec_sad_entry_add_v4 (&mp->entry, &sa_index);
621 REPLY_MACRO2 (VL_API_IPSEC_SAD_ENTRY_ADD_V2_REPLY,
622 { rmp->stat_index = htonl (sa_index); });
626 vl_api_ipsec_sad_entry_update_t_handler (vl_api_ipsec_sad_entry_update_t *mp)
628 vl_api_ipsec_sad_entry_update_reply_t *rmp;
630 tunnel_t tun = { 0 };
633 id = ntohl (mp->sad_id);
637 rv = tunnel_decode (&mp->tunnel, &tun);
643 rv = ipsec_sa_update (id, htons (mp->udp_src_port), htons (mp->udp_dst_port),
647 REPLY_MACRO (VL_API_IPSEC_SAD_ENTRY_UPDATE_REPLY);
651 vl_api_ipsec_sad_bind_t_handler (vl_api_ipsec_sad_bind_t *mp)
653 vl_api_ipsec_sad_bind_reply_t *rmp;
658 sa_id = ntohl (mp->sa_id);
659 worker = ntohl (mp->worker);
661 rv = ipsec_sa_bind (sa_id, worker, true /* bind */);
663 REPLY_MACRO (VL_API_IPSEC_SAD_BIND_REPLY);
667 vl_api_ipsec_sad_unbind_t_handler (vl_api_ipsec_sad_unbind_t *mp)
669 vl_api_ipsec_sad_unbind_reply_t *rmp;
673 sa_id = ntohl (mp->sa_id);
675 rv = ipsec_sa_bind (sa_id, ~0, false /* bind */);
677 REPLY_MACRO (VL_API_IPSEC_SAD_UNBIND_REPLY);
681 send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg,
684 vl_api_ipsec_spds_details_t *mp;
687 mp = vl_msg_api_alloc (sizeof (*mp));
688 clib_memset (mp, 0, sizeof (*mp));
689 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPDS_DETAILS);
690 mp->context = context;
692 mp->spd_id = htonl (spd->id);
693 #define _(s, n) n_policies += vec_len (spd->policies[IPSEC_SPD_POLICY_##s]);
694 foreach_ipsec_spd_policy_type
696 mp->npolicies = htonl (n_policies);
698 vl_api_send_msg (reg, (u8 *) mp);
702 vl_api_ipsec_spds_dump_t_handler (vl_api_ipsec_spds_dump_t * mp)
704 vl_api_registration_t *reg;
705 ipsec_main_t *im = &ipsec_main;
708 reg = vl_api_client_index_to_registration (mp->client_index);
712 pool_foreach (spd, im->spds) {
713 send_ipsec_spds_details (spd, reg, mp->context);
717 vl_api_ipsec_spd_action_t
718 ipsec_spd_action_encode (ipsec_policy_action_t in)
720 vl_api_ipsec_spd_action_t out = IPSEC_API_SPD_ACTION_BYPASS;
724 #define _(v,f,s) case IPSEC_POLICY_ACTION_##f: \
725 out = IPSEC_API_SPD_ACTION_##f; \
727 foreach_ipsec_policy_action
730 return (clib_host_to_net_u32 (out));
734 send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg,
737 vl_api_ipsec_spd_details_t *mp;
739 mp = vl_msg_api_alloc (sizeof (*mp));
740 clib_memset (mp, 0, sizeof (*mp));
741 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPD_DETAILS);
742 mp->context = context;
744 mp->entry.spd_id = htonl (p->id);
745 mp->entry.priority = htonl (p->priority);
746 mp->entry.is_outbound = ((p->type == IPSEC_SPD_POLICY_IP6_OUTBOUND) ||
747 (p->type == IPSEC_SPD_POLICY_IP4_OUTBOUND));
749 ip_address_encode (&p->laddr.start, IP46_TYPE_ANY,
750 &mp->entry.local_address_start);
751 ip_address_encode (&p->laddr.stop, IP46_TYPE_ANY,
752 &mp->entry.local_address_stop);
753 ip_address_encode (&p->raddr.start, IP46_TYPE_ANY,
754 &mp->entry.remote_address_start);
755 ip_address_encode (&p->raddr.stop, IP46_TYPE_ANY,
756 &mp->entry.remote_address_stop);
757 mp->entry.local_port_start = htons (p->lport.start);
758 mp->entry.local_port_stop = htons (p->lport.stop);
759 mp->entry.remote_port_start = htons (p->rport.start);
760 mp->entry.remote_port_stop = htons (p->rport.stop);
761 mp->entry.protocol = p->protocol;
762 mp->entry.policy = ipsec_spd_action_encode (p->policy);
763 mp->entry.sa_id = htonl (p->sa_id);
765 vl_api_send_msg (reg, (u8 *) mp);
769 vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp)
771 vl_api_registration_t *reg;
772 ipsec_main_t *im = &ipsec_main;
773 ipsec_spd_policy_type_t ptype;
774 ipsec_policy_t *policy;
779 reg = vl_api_client_index_to_registration (mp->client_index);
783 p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id));
788 spd = pool_elt_at_index (im->spds, spd_index);
790 FOR_EACH_IPSEC_SPD_POLICY_TYPE(ptype) {
791 vec_foreach(ii, spd->policies[ptype])
793 policy = pool_elt_at_index(im->policies, *ii);
795 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
796 send_ipsec_spd_details (policy, reg, mp->context);
802 send_ipsec_spd_interface_details (vl_api_registration_t * reg, u32 spd_index,
803 u32 sw_if_index, u32 context)
805 vl_api_ipsec_spd_interface_details_t *mp;
807 mp = vl_msg_api_alloc (sizeof (*mp));
808 clib_memset (mp, 0, sizeof (*mp));
810 ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SPD_INTERFACE_DETAILS);
811 mp->context = context;
813 mp->spd_index = htonl (spd_index);
814 mp->sw_if_index = htonl (sw_if_index);
816 vl_api_send_msg (reg, (u8 *) mp);
820 vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t *
823 ipsec_main_t *im = &ipsec_main;
824 vl_api_registration_t *reg;
827 reg = vl_api_client_index_to_registration (mp->client_index);
831 if (mp->spd_index_valid)
833 spd_index = ntohl (mp->spd_index);
834 hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
836 send_ipsec_spd_interface_details(reg, v, k, mp->context);
841 hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
842 send_ipsec_spd_interface_details(reg, v, k, mp->context);
848 vl_api_ipsec_itf_create_t_handler (vl_api_ipsec_itf_create_t * mp)
850 vl_api_ipsec_itf_create_reply_t *rmp;
852 u32 sw_if_index = ~0;
855 rv = tunnel_mode_decode (mp->itf.mode, &mode);
858 rv = ipsec_itf_create (ntohl (mp->itf.user_instance), mode, &sw_if_index);
860 REPLY_MACRO2 (VL_API_IPSEC_ITF_CREATE_REPLY,
862 rmp->sw_if_index = htonl (sw_if_index);
867 vl_api_ipsec_itf_delete_t_handler (vl_api_ipsec_itf_delete_t * mp)
869 vl_api_ipsec_itf_delete_reply_t *rmp;
872 rv = ipsec_itf_delete (ntohl (mp->sw_if_index));
874 REPLY_MACRO (VL_API_IPSEC_ITF_DELETE_REPLY);
878 send_ipsec_itf_details (ipsec_itf_t *itf, void *arg)
880 ipsec_dump_walk_ctx_t *ctx = arg;
881 vl_api_ipsec_itf_details_t *mp;
883 if (~0 != ctx->sw_if_index && ctx->sw_if_index != itf->ii_sw_if_index)
884 return (WALK_CONTINUE);
886 mp = vl_msg_api_alloc (sizeof (*mp));
887 clib_memset (mp, 0, sizeof (*mp));
888 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_ITF_DETAILS);
889 mp->context = ctx->context;
891 mp->itf.mode = tunnel_mode_encode (itf->ii_mode);
892 mp->itf.user_instance = htonl (itf->ii_user_instance);
893 mp->itf.sw_if_index = htonl (itf->ii_sw_if_index);
894 vl_api_send_msg (ctx->reg, (u8 *) mp);
896 return (WALK_CONTINUE);
900 vl_api_ipsec_itf_dump_t_handler (vl_api_ipsec_itf_dump_t * mp)
902 vl_api_registration_t *reg;
904 reg = vl_api_client_index_to_registration (mp->client_index);
908 ipsec_dump_walk_ctx_t ctx = {
910 .context = mp->context,
911 .sw_if_index = ntohl (mp->sw_if_index),
914 ipsec_itf_walk (send_ipsec_itf_details, &ctx);
917 typedef struct ipsec_sa_dump_match_ctx_t_
921 } ipsec_sa_dump_match_ctx_t;
924 ipsec_sa_dump_match_sa (index_t itpi, void *arg)
926 ipsec_sa_dump_match_ctx_t *ctx = arg;
927 ipsec_tun_protect_t *itp;
930 itp = ipsec_tun_protect_get (itpi);
932 if (itp->itp_out_sa == ctx->sai)
934 ctx->sw_if_index = itp->itp_sw_if_index;
938 FOR_EACH_IPSEC_PROTECT_INPUT_SAI (itp, sai,
942 ctx->sw_if_index = itp->itp_sw_if_index;
947 return (WALK_CONTINUE);
951 send_ipsec_sa_details (ipsec_sa_t * sa, void *arg)
953 ipsec_dump_walk_ctx_t *ctx = arg;
954 vl_api_ipsec_sa_details_t *mp;
956 mp = vl_msg_api_alloc (sizeof (*mp));
957 clib_memset (mp, 0, sizeof (*mp));
958 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_DETAILS);
959 mp->context = ctx->context;
961 mp->entry.sad_id = htonl (sa->id);
962 mp->entry.spi = htonl (sa->spi);
963 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
964 mp->entry.tx_table_id = htonl (sa->tunnel.t_table_id);
966 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
967 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
969 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
970 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
972 mp->entry.flags = ipsec_sad_flags_encode (sa);
973 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
975 if (ipsec_sa_is_set_IS_PROTECT (sa))
977 ipsec_sa_dump_match_ctx_t ctx = {
978 .sai = sa - ipsec_sa_pool,
981 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
983 mp->sw_if_index = htonl (ctx.sw_if_index);
986 mp->sw_if_index = ~0;
988 if (ipsec_sa_is_set_IS_TUNNEL (sa))
990 ip_address_encode2 (&sa->tunnel.t_src, &mp->entry.tunnel_src);
991 ip_address_encode2 (&sa->tunnel.t_dst, &mp->entry.tunnel_dst);
993 if (ipsec_sa_is_set_UDP_ENCAP (sa))
995 mp->entry.udp_src_port = sa->udp_hdr.src_port;
996 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
999 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1000 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1001 if (ipsec_sa_is_set_USE_ESN (sa))
1003 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1004 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1006 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1009 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1012 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1014 vl_api_send_msg (ctx->reg, (u8 *) mp);
1016 return (WALK_CONTINUE);
1020 vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp)
1022 vl_api_registration_t *reg;
1024 reg = vl_api_client_index_to_registration (mp->client_index);
1028 ipsec_dump_walk_ctx_t ctx = {
1030 .context = mp->context,
1033 ipsec_sa_walk (send_ipsec_sa_details, &ctx);
1037 send_ipsec_sa_v2_details (ipsec_sa_t * sa, void *arg)
1039 ipsec_dump_walk_ctx_t *ctx = arg;
1040 vl_api_ipsec_sa_v2_details_t *mp;
1042 mp = vl_msg_api_alloc (sizeof (*mp));
1043 clib_memset (mp, 0, sizeof (*mp));
1044 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V2_DETAILS);
1045 mp->context = ctx->context;
1047 mp->entry.sad_id = htonl (sa->id);
1048 mp->entry.spi = htonl (sa->spi);
1049 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
1050 mp->entry.tx_table_id = htonl (sa->tunnel.t_table_id);
1052 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
1053 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
1055 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
1056 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
1058 mp->entry.flags = ipsec_sad_flags_encode (sa);
1059 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
1061 if (ipsec_sa_is_set_IS_PROTECT (sa))
1063 ipsec_sa_dump_match_ctx_t ctx = {
1064 .sai = sa - ipsec_sa_pool,
1067 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
1069 mp->sw_if_index = htonl (ctx.sw_if_index);
1072 mp->sw_if_index = ~0;
1074 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1076 ip_address_encode2 (&sa->tunnel.t_src, &mp->entry.tunnel_src);
1077 ip_address_encode2 (&sa->tunnel.t_dst, &mp->entry.tunnel_dst);
1079 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1081 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1082 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1085 mp->entry.tunnel_flags =
1086 tunnel_encap_decap_flags_encode (sa->tunnel.t_encap_decap_flags);
1087 mp->entry.dscp = ip_dscp_encode (sa->tunnel.t_dscp);
1089 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1090 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1091 if (ipsec_sa_is_set_USE_ESN (sa))
1093 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1094 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1096 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1099 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1102 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1104 vl_api_send_msg (ctx->reg, (u8 *) mp);
1106 return (WALK_CONTINUE);
1110 vl_api_ipsec_sa_v2_dump_t_handler (vl_api_ipsec_sa_v2_dump_t *mp)
1112 vl_api_registration_t *reg;
1114 reg = vl_api_client_index_to_registration (mp->client_index);
1118 ipsec_dump_walk_ctx_t ctx = {
1120 .context = mp->context,
1123 ipsec_sa_walk (send_ipsec_sa_v2_details, &ctx);
1127 send_ipsec_sa_v3_details (ipsec_sa_t *sa, void *arg)
1129 ipsec_dump_walk_ctx_t *ctx = arg;
1130 vl_api_ipsec_sa_v3_details_t *mp;
1132 mp = vl_msg_api_alloc (sizeof (*mp));
1133 clib_memset (mp, 0, sizeof (*mp));
1134 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V3_DETAILS);
1135 mp->context = ctx->context;
1137 mp->entry.sad_id = htonl (sa->id);
1138 mp->entry.spi = htonl (sa->spi);
1139 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
1141 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
1142 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
1144 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
1145 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
1147 mp->entry.flags = ipsec_sad_flags_encode (sa);
1148 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
1150 if (ipsec_sa_is_set_IS_PROTECT (sa))
1152 ipsec_sa_dump_match_ctx_t ctx = {
1153 .sai = sa - ipsec_sa_pool,
1156 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
1158 mp->sw_if_index = htonl (ctx.sw_if_index);
1161 mp->sw_if_index = ~0;
1163 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1164 tunnel_encode (&sa->tunnel, &mp->entry.tunnel);
1166 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1168 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1169 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1172 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1173 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1174 if (ipsec_sa_is_set_USE_ESN (sa))
1176 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1177 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1179 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1182 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1185 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1187 vl_api_send_msg (ctx->reg, (u8 *) mp);
1189 return (WALK_CONTINUE);
1193 vl_api_ipsec_sa_v3_dump_t_handler (vl_api_ipsec_sa_v3_dump_t *mp)
1195 vl_api_registration_t *reg;
1197 reg = vl_api_client_index_to_registration (mp->client_index);
1201 ipsec_dump_walk_ctx_t ctx = {
1203 .context = mp->context,
1206 ipsec_sa_walk (send_ipsec_sa_v3_details, &ctx);
1210 send_ipsec_sa_v4_details (ipsec_sa_t *sa, void *arg)
1212 ipsec_dump_walk_ctx_t *ctx = arg;
1213 vl_api_ipsec_sa_v4_details_t *mp;
1215 mp = vl_msg_api_alloc (sizeof (*mp));
1216 clib_memset (mp, 0, sizeof (*mp));
1217 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V4_DETAILS);
1218 mp->context = ctx->context;
1220 mp->entry.sad_id = htonl (sa->id);
1221 mp->entry.spi = htonl (sa->spi);
1222 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
1224 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
1225 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
1227 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
1228 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
1230 mp->entry.flags = ipsec_sad_flags_encode (sa);
1231 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
1233 if (ipsec_sa_is_set_IS_PROTECT (sa))
1235 ipsec_sa_dump_match_ctx_t ctx = {
1236 .sai = sa - ipsec_sa_pool,
1239 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
1241 mp->sw_if_index = htonl (ctx.sw_if_index);
1244 mp->sw_if_index = ~0;
1246 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1247 tunnel_encode (&sa->tunnel, &mp->entry.tunnel);
1249 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1251 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1252 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1255 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1256 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1257 if (ipsec_sa_is_set_USE_ESN (sa))
1259 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1260 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1262 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1265 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1268 mp->thread_index = clib_host_to_net_u32 (sa->thread_index);
1269 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1271 vl_api_send_msg (ctx->reg, (u8 *) mp);
1273 return (WALK_CONTINUE);
1277 vl_api_ipsec_sa_v4_dump_t_handler (vl_api_ipsec_sa_v4_dump_t *mp)
1279 vl_api_registration_t *reg;
1281 reg = vl_api_client_index_to_registration (mp->client_index);
1285 ipsec_dump_walk_ctx_t ctx = {
1287 .context = mp->context,
1290 ipsec_sa_walk (send_ipsec_sa_v4_details, &ctx);
1294 send_ipsec_sa_v5_details (ipsec_sa_t *sa, void *arg)
1296 ipsec_dump_walk_ctx_t *ctx = arg;
1297 vl_api_ipsec_sa_v5_details_t *mp;
1299 mp = vl_msg_api_alloc (sizeof (*mp));
1300 clib_memset (mp, 0, sizeof (*mp));
1301 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_SA_V5_DETAILS);
1302 mp->context = ctx->context;
1304 mp->entry.sad_id = htonl (sa->id);
1305 mp->entry.spi = htonl (sa->spi);
1306 mp->entry.protocol = ipsec_proto_encode (sa->protocol);
1308 mp->entry.crypto_algorithm = ipsec_crypto_algo_encode (sa->crypto_alg);
1309 ipsec_key_encode (&sa->crypto_key, &mp->entry.crypto_key);
1311 mp->entry.integrity_algorithm = ipsec_integ_algo_encode (sa->integ_alg);
1312 ipsec_key_encode (&sa->integ_key, &mp->entry.integrity_key);
1314 mp->entry.flags = ipsec_sad_flags_encode (sa);
1315 mp->entry.salt = clib_host_to_net_u32 (sa->salt);
1317 if (ipsec_sa_is_set_IS_PROTECT (sa))
1319 ipsec_sa_dump_match_ctx_t ctx = {
1320 .sai = sa - ipsec_sa_pool,
1323 ipsec_tun_protect_walk (ipsec_sa_dump_match_sa, &ctx);
1325 mp->sw_if_index = htonl (ctx.sw_if_index);
1328 mp->sw_if_index = ~0;
1330 if (ipsec_sa_is_set_IS_TUNNEL (sa))
1331 tunnel_encode (&sa->tunnel, &mp->entry.tunnel);
1333 if (ipsec_sa_is_set_UDP_ENCAP (sa))
1335 mp->entry.udp_src_port = sa->udp_hdr.src_port;
1336 mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
1339 mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
1340 mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->seq));
1341 if (ipsec_sa_is_set_USE_ESN (sa))
1343 mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1344 mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
1346 if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
1349 clib_host_to_net_u64 (ipsec_sa_anti_replay_get_64b_window (sa));
1351 mp->entry.anti_replay_window_size =
1352 clib_host_to_net_u32 (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (sa));
1355 mp->thread_index = clib_host_to_net_u32 (sa->thread_index);
1356 mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
1358 vl_api_send_msg (ctx->reg, (u8 *) mp);
1360 return (WALK_CONTINUE);
1364 vl_api_ipsec_sa_v5_dump_t_handler (vl_api_ipsec_sa_v5_dump_t *mp)
1366 vl_api_registration_t *reg;
1368 reg = vl_api_client_index_to_registration (mp->client_index);
1372 ipsec_dump_walk_ctx_t ctx = {
1374 .context = mp->context,
1377 ipsec_sa_walk (send_ipsec_sa_v5_details, &ctx);
1381 vl_api_ipsec_backend_dump_t_handler (vl_api_ipsec_backend_dump_t *mp)
1383 vl_api_registration_t *rp;
1384 ipsec_main_t *im = &ipsec_main;
1385 u32 context = mp->context;
1387 rp = vl_api_client_index_to_registration (mp->client_index);
1391 clib_warning ("Client %d AWOL", mp->client_index);
1395 ipsec_ah_backend_t *ab;
1396 ipsec_esp_backend_t *eb;
1397 pool_foreach (ab, im->ah_backends) {
1398 vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
1399 clib_memset (mp, 0, sizeof (*mp));
1400 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_BACKEND_DETAILS);
1401 mp->context = context;
1402 snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (ab->name),
1404 mp->protocol = ntohl (IPSEC_API_PROTO_AH);
1405 mp->index = ab - im->ah_backends;
1406 mp->active = mp->index == im->ah_current_backend ? 1 : 0;
1407 vl_api_send_msg (rp, (u8 *)mp);
1409 pool_foreach (eb, im->esp_backends) {
1410 vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
1411 clib_memset (mp, 0, sizeof (*mp));
1412 mp->_vl_msg_id = ntohs (REPLY_MSG_ID_BASE + VL_API_IPSEC_BACKEND_DETAILS);
1413 mp->context = context;
1414 snprintf ((char *)mp->name, sizeof (mp->name), "%.*s", vec_len (eb->name),
1416 mp->protocol = ntohl (IPSEC_API_PROTO_ESP);
1417 mp->index = eb - im->esp_backends;
1418 mp->active = mp->index == im->esp_current_backend ? 1 : 0;
1419 vl_api_send_msg (rp, (u8 *)mp);
1424 vl_api_ipsec_select_backend_t_handler (vl_api_ipsec_select_backend_t * mp)
1426 ipsec_main_t *im = &ipsec_main;
1427 vl_api_ipsec_select_backend_reply_t *rmp;
1428 ipsec_protocol_t protocol;
1430 if (pool_elts (ipsec_sa_pool) > 0)
1432 rv = VNET_API_ERROR_INSTANCE_IN_USE;
1436 rv = ipsec_proto_decode (mp->protocol, &protocol);
1443 case IPSEC_PROTOCOL_ESP:
1444 rv = ipsec_select_esp_backend (im, mp->index);
1446 case IPSEC_PROTOCOL_AH:
1447 rv = ipsec_select_ah_backend (im, mp->index);
1450 rv = VNET_API_ERROR_INVALID_PROTOCOL;
1454 REPLY_MACRO (VL_API_IPSEC_SELECT_BACKEND_REPLY);
1458 vl_api_ipsec_set_async_mode_t_handler (vl_api_ipsec_set_async_mode_t * mp)
1460 vl_api_ipsec_set_async_mode_reply_t *rmp;
1463 ipsec_set_async_mode (mp->async_enable);
1465 REPLY_MACRO (VL_API_IPSEC_SET_ASYNC_MODE_REPLY);
1468 #include <vnet/ipsec/ipsec.api.c>
1469 static clib_error_t *
1470 ipsec_api_hookup (vlib_main_t * vm)
1473 * Set up the (msg_name, crc, message-id) table
1475 REPLY_MSG_ID_BASE = setup_message_id_table ();
1480 VLIB_API_INIT_FUNCTION (ipsec_api_hookup);
1483 * fd.io coding-style-patch-verification: ON
1486 * eval: (c-set-style "gnu")