#include <vnet/classify/flow_classify.h>
#include <vnet/mpls/mpls.h>
#include <vnet/ipsec/ipsec.h>
-#include <vnet/ipsec/ikev2.h>
#include <inttypes.h>
#include <vnet/cop/cop.h>
#include <vnet/ip/ip6_hop_by_hop.h>
return 1;
}
-uword
-unformat_ipsec_crypto_alg (unformat_input_t * input, va_list * args)
-{
- u32 *r = va_arg (*args, u32 *);
-
- if (0);
-#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_CRYPTO_ALG_##f;
- foreach_ipsec_crypto_alg
-#undef _
- else
- return 0;
- return 1;
-}
-
u8 *
format_ipsec_crypto_alg (u8 * s, va_list * args)
{
return format (s, "%s", t);
}
-uword
-unformat_ipsec_integ_alg (unformat_input_t * input, va_list * args)
-{
- u32 *r = va_arg (*args, u32 *);
-
- if (0);
-#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_INTEG_ALG_##f;
- foreach_ipsec_integ_alg
-#undef _
- else
- return 0;
- return 1;
-}
-
u8 *
format_ipsec_integ_alg (u8 * s, va_list * args)
{
return format (s, "%s", t);
}
-uword
-unformat_ikev2_auth_method (unformat_input_t * input, va_list * args)
-{
- u32 *r = va_arg (*args, u32 *);
-
- if (0);
-#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f;
- foreach_ikev2_auth_method
-#undef _
- else
- return 0;
- return 1;
-}
-
-uword
-unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
-{
- u32 *r = va_arg (*args, u32 *);
-
- if (0);
-#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f;
- foreach_ikev2_id_type
-#undef _
- else
- return 0;
- return 1;
-}
#else /* VPP_API_TEST_BUILTIN == 1 */
static uword
api_unformat_sw_if_index (unformat_input_t * input, va_list * args)
#endif /* VPP_API_TEST_BUILTIN */
+uword
+unformat_ipsec_api_crypto_alg (unformat_input_t * input, va_list * args)
+{
+ u32 *r = va_arg (*args, u32 *);
+
+ if (0);
+#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_API_CRYPTO_ALG_##f;
+ foreach_ipsec_crypto_alg
+#undef _
+ else
+ return 0;
+ return 1;
+}
+
+uword
+unformat_ipsec_api_integ_alg (unformat_input_t * input, va_list * args)
+{
+ u32 *r = va_arg (*args, u32 *);
+
+ if (0);
+#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_API_INTEG_ALG_##f;
+ foreach_ipsec_integ_alg
+#undef _
+ else
+ return 0;
+ return 1;
+}
+
static uword
unformat_policer_rate_type (unformat_input_t * input, va_list * args)
{
a->as_u32 = ntohl (v);
}
+static void
+increment_vl_v4_address (vl_api_ip4_address_t * a)
+{
+ u32 v;
+
+ v = *(u32 *) a;
+ v = ntohl (v);
+ v++;
+ v = ntohl (v);
+ clib_memcpy (a, &v, sizeof (v));
+}
+
+static void
+increment_vl_address (vl_api_address_t * a)
+{
+ if (ADDRESS_IP4 == a->af)
+ increment_vl_v4_address (&a->un.ip4);
+}
+
static void
increment_v6_address (ip6_address_t * a)
{
vam->result_ready = 1;
}
-static void vl_api_gre_add_del_tunnel_reply_t_handler
- (vl_api_gre_add_del_tunnel_reply_t * mp)
+static void vl_api_gre_tunnel_add_del_reply_t_handler
+ (vl_api_gre_tunnel_add_del_reply_t * mp)
{
vat_main_t *vam = &vat_main;
i32 retval = ntohl (mp->retval);
}
}
-static void vl_api_gre_add_del_tunnel_reply_t_handler_json
- (vl_api_gre_add_del_tunnel_reply_t * mp)
+static void vl_api_gre_tunnel_add_del_reply_t_handler_json
+ (vl_api_gre_tunnel_add_del_reply_t * mp)
{
vat_main_t *vam = &vat_main;
vat_json_node_t node;
static void
vl_api_dhcp_compl_event_t_handler (vl_api_dhcp_compl_event_t * mp)
{
- errmsg ("DHCP compl event: pid %d %s hostname %s host_addr %U "
- "router_addr %U host_mac %U",
- ntohl (mp->pid), mp->lease.is_ipv6 ? "ipv6" : "ipv4",
- mp->lease.hostname,
- format_ip4_address, &mp->lease.host_address,
- format_ip4_address, &mp->lease.router_address,
- format_ethernet_address, mp->lease.host_mac);
+ u8 *s, i;
+
+ s = format (s, "DHCP compl event: pid %d %s hostname %s host_addr %U "
+ "host_mac %U router_addr %U",
+ ntohl (mp->pid), mp->lease.is_ipv6 ? "ipv6" : "ipv4",
+ mp->lease.hostname,
+ format_ip4_address, mp->lease.host_address,
+ format_ethernet_address, mp->lease.host_mac,
+ format_ip4_address, mp->lease.router_address);
+
+ for (i = 0; i < mp->lease.count; i++)
+ s =
+ format (s, " domain_server_addr %U", format_ip4_address,
+ mp->lease.domain_server[i].address);
+
+ errmsg ((char *) s);
}
static void vl_api_dhcp_compl_event_t_handler_json
vat_json_object_add_uint (node, "table_index", ntohl (mp->table_index));
}
-static void vl_api_ipsec_gre_add_del_tunnel_reply_t_handler
- (vl_api_ipsec_gre_add_del_tunnel_reply_t * mp)
+static void vl_api_ipsec_gre_tunnel_add_del_reply_t_handler
+ (vl_api_ipsec_gre_tunnel_add_del_reply_t * mp)
{
vat_main_t *vam = &vat_main;
i32 retval = ntohl (mp->retval);
vam->regenerate_interface_table = 1;
}
-static void vl_api_ipsec_gre_add_del_tunnel_reply_t_handler_json
- (vl_api_ipsec_gre_add_del_tunnel_reply_t * mp)
+static void vl_api_ipsec_gre_tunnel_add_del_reply_t_handler_json
+ (vl_api_ipsec_gre_tunnel_add_del_reply_t * mp)
{
vat_main_t *vam = &vat_main;
vat_json_node_t node;
_(input_acl_set_interface_reply) \
_(ipsec_spd_add_del_reply) \
_(ipsec_interface_add_del_spd_reply) \
-_(ipsec_spd_add_del_entry_reply) \
-_(ipsec_sad_add_del_entry_reply) \
+_(ipsec_spd_entry_add_del_reply) \
+_(ipsec_sad_entry_add_del_reply) \
_(ipsec_sa_set_key_reply) \
_(ipsec_tunnel_if_add_del_reply) \
_(ipsec_tunnel_if_set_key_reply) \
_(ipsec_tunnel_if_set_sa_reply) \
-_(ikev2_profile_add_del_reply) \
-_(ikev2_profile_set_auth_reply) \
-_(ikev2_profile_set_id_reply) \
-_(ikev2_profile_set_ts_reply) \
-_(ikev2_set_local_key_reply) \
-_(ikev2_set_responder_reply) \
-_(ikev2_set_ike_transforms_reply) \
-_(ikev2_set_esp_transforms_reply) \
-_(ikev2_set_sa_lifetime_reply) \
-_(ikev2_initiate_sa_init_reply) \
-_(ikev2_initiate_del_ike_sa_reply) \
-_(ikev2_initiate_del_child_sa_reply) \
-_(ikev2_initiate_rekey_child_sa_reply) \
_(delete_loopback_reply) \
_(bd_ip_mac_add_del_reply) \
_(bd_ip_mac_flush_reply) \
_(GENEVE_ADD_DEL_TUNNEL_REPLY, geneve_add_del_tunnel_reply) \
_(VXLAN_TUNNEL_DETAILS, vxlan_tunnel_details) \
_(GENEVE_TUNNEL_DETAILS, geneve_tunnel_details) \
-_(GRE_ADD_DEL_TUNNEL_REPLY, gre_add_del_tunnel_reply) \
+_(GRE_TUNNEL_ADD_DEL_REPLY, gre_tunnel_add_del_reply) \
_(GRE_TUNNEL_DETAILS, gre_tunnel_details) \
_(L2_FIB_CLEAR_TABLE_REPLY, l2_fib_clear_table_reply) \
_(L2_INTERFACE_EFP_FILTER_REPLY, l2_interface_efp_filter_reply) \
_(IP_DETAILS, ip_details) \
_(IPSEC_SPD_ADD_DEL_REPLY, ipsec_spd_add_del_reply) \
_(IPSEC_INTERFACE_ADD_DEL_SPD_REPLY, ipsec_interface_add_del_spd_reply) \
-_(IPSEC_SPD_ADD_DEL_ENTRY_REPLY, ipsec_spd_add_del_entry_reply) \
-_(IPSEC_SAD_ADD_DEL_ENTRY_REPLY, ipsec_sad_add_del_entry_reply) \
+_(IPSEC_SPD_ENTRY_ADD_DEL_REPLY, ipsec_spd_entry_add_del_reply) \
+_(IPSEC_SAD_ENTRY_ADD_DEL_REPLY, ipsec_sad_entry_add_del_reply) \
_(IPSEC_SA_DETAILS, ipsec_sa_details) \
_(IPSEC_SA_SET_KEY_REPLY, ipsec_sa_set_key_reply) \
_(IPSEC_TUNNEL_IF_ADD_DEL_REPLY, ipsec_tunnel_if_add_del_reply) \
_(IPSEC_TUNNEL_IF_SET_KEY_REPLY, ipsec_tunnel_if_set_key_reply) \
_(IPSEC_TUNNEL_IF_SET_SA_REPLY, ipsec_tunnel_if_set_sa_reply) \
-_(IKEV2_PROFILE_ADD_DEL_REPLY, ikev2_profile_add_del_reply) \
-_(IKEV2_PROFILE_SET_AUTH_REPLY, ikev2_profile_set_auth_reply) \
-_(IKEV2_PROFILE_SET_ID_REPLY, ikev2_profile_set_id_reply) \
-_(IKEV2_PROFILE_SET_TS_REPLY, ikev2_profile_set_ts_reply) \
-_(IKEV2_SET_LOCAL_KEY_REPLY, ikev2_set_local_key_reply) \
-_(IKEV2_SET_RESPONDER_REPLY, ikev2_set_responder_reply) \
-_(IKEV2_SET_IKE_TRANSFORMS_REPLY, ikev2_set_ike_transforms_reply) \
-_(IKEV2_SET_ESP_TRANSFORMS_REPLY, ikev2_set_esp_transforms_reply) \
-_(IKEV2_SET_SA_LIFETIME_REPLY, ikev2_set_sa_lifetime_reply) \
-_(IKEV2_INITIATE_SA_INIT_REPLY, ikev2_initiate_sa_init_reply) \
-_(IKEV2_INITIATE_DEL_IKE_SA_REPLY, ikev2_initiate_del_ike_sa_reply) \
-_(IKEV2_INITIATE_DEL_CHILD_SA_REPLY, ikev2_initiate_del_child_sa_reply) \
-_(IKEV2_INITIATE_REKEY_CHILD_SA_REPLY, ikev2_initiate_rekey_child_sa_reply) \
_(DELETE_LOOPBACK_REPLY, delete_loopback_reply) \
_(BD_IP_MAC_ADD_DEL_REPLY, bd_ip_mac_add_del_reply) \
_(BD_IP_MAC_FLUSH_REPLY, bd_ip_mac_flush_reply) \
ip_source_and_port_range_check_add_del_reply) \
_(IP_SOURCE_AND_PORT_RANGE_CHECK_INTERFACE_ADD_DEL_REPLY, \
ip_source_and_port_range_check_interface_add_del_reply) \
-_(IPSEC_GRE_ADD_DEL_TUNNEL_REPLY, ipsec_gre_add_del_tunnel_reply) \
+_(IPSEC_GRE_TUNNEL_ADD_DEL_REPLY, ipsec_gre_tunnel_add_del_reply) \
_(IPSEC_GRE_TUNNEL_DETAILS, ipsec_gre_tunnel_details) \
_(DELETE_SUBIF_REPLY, delete_subif_reply) \
_(L2_INTERFACE_PBB_TAG_REWRITE_REPLY, l2_interface_pbb_tag_rewrite_reply) \
mp->pci_addr = htonl (pci_addr);
mp->features = clib_host_to_net_u64 (features);
- mp->rx_ring_sz = htons (rx_ring_sz);
- mp->tx_ring_sz = htons (tx_ring_sz);
if (random_mac == 0)
clib_memcpy (mp->mac_address, mac_address, 6);
}
static int
-api_gre_add_del_tunnel (vat_main_t * vam)
+api_gre_tunnel_add_del (vat_main_t * vam)
{
unformat_input_t *line_input = vam->input;
- vl_api_gre_add_del_tunnel_t *mp;
- ip4_address_t src4, dst4;
- ip6_address_t src6, dst6;
+ vl_api_address_t src = { }, dst =
+ {
+ };
+ vl_api_gre_tunnel_add_del_t *mp;
+ vl_api_gre_tunnel_type_t t_type;
u8 is_add = 1;
u8 ipv4_set = 0;
u8 ipv6_set = 0;
- u8 t_type = GRE_TUNNEL_TYPE_L3;
u8 src_set = 0;
u8 dst_set = 0;
u32 outer_fib_id = 0;
u32 instance = ~0;
int ret;
- clib_memset (&src4, 0, sizeof src4);
- clib_memset (&dst4, 0, sizeof dst4);
- clib_memset (&src6, 0, sizeof src6);
- clib_memset (&dst6, 0, sizeof dst6);
+ t_type = GRE_API_TUNNEL_TYPE_L3;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
is_add = 0;
else if (unformat (line_input, "instance %d", &instance))
;
- else if (unformat (line_input, "src %U", unformat_ip4_address, &src4))
- {
- src_set = 1;
- ipv4_set = 1;
- }
- else if (unformat (line_input, "dst %U", unformat_ip4_address, &dst4))
- {
- dst_set = 1;
- ipv4_set = 1;
- }
- else if (unformat (line_input, "src %U", unformat_ip6_address, &src6))
+ else if (unformat (line_input, "src %U", unformat_vl_api_address, &src))
{
src_set = 1;
- ipv6_set = 1;
}
- else if (unformat (line_input, "dst %U", unformat_ip6_address, &dst6))
+ else if (unformat (line_input, "dst %U", unformat_vl_api_address, &dst))
{
dst_set = 1;
- ipv6_set = 1;
}
else if (unformat (line_input, "outer-fib-id %d", &outer_fib_id))
;
else if (unformat (line_input, "teb"))
- t_type = GRE_TUNNEL_TYPE_TEB;
+ t_type = GRE_API_TUNNEL_TYPE_TEB;
else if (unformat (line_input, "erspan %d", &session_id))
- t_type = GRE_TUNNEL_TYPE_ERSPAN;
+ t_type = GRE_API_TUNNEL_TYPE_ERSPAN;
else
{
errmsg ("parse error '%U'", format_unformat_error, line_input);
errmsg ("tunnel dst address not specified");
return -99;
}
- if (ipv4_set && ipv6_set)
- {
- errmsg ("both IPv4 and IPv6 addresses specified");
- return -99;
- }
+ M (GRE_TUNNEL_ADD_DEL, mp);
- M (GRE_ADD_DEL_TUNNEL, mp);
+ clib_memcpy (&mp->tunnel.src, &src, sizeof (mp->tunnel.src));
+ clib_memcpy (&mp->tunnel.dst, &dst, sizeof (mp->tunnel.dst));
- if (ipv4_set)
- {
- clib_memcpy (&mp->src_address, &src4, 4);
- clib_memcpy (&mp->dst_address, &dst4, 4);
- }
- else
- {
- clib_memcpy (&mp->src_address, &src6, 16);
- clib_memcpy (&mp->dst_address, &dst6, 16);
- }
- mp->instance = htonl (instance);
- mp->outer_fib_id = htonl (outer_fib_id);
+ mp->tunnel.instance = htonl (instance);
+ mp->tunnel.outer_fib_id = htonl (outer_fib_id);
mp->is_add = is_add;
- mp->session_id = htons ((u16) session_id);
- mp->tunnel_type = t_type;
- mp->is_ipv6 = ipv6_set;
+ mp->tunnel.session_id = htons ((u16) session_id);
+ mp->tunnel.type = htonl (t_type);
S (mp);
W (ret);
(vl_api_gre_tunnel_details_t * mp)
{
vat_main_t *vam = &vat_main;
- ip46_address_t src = to_ip46 (mp->is_ipv6, mp->src_address);
- ip46_address_t dst = to_ip46 (mp->is_ipv6, mp->dst_address);
print (vam->ofp, "%11d%11d%24U%24U%13d%14d%12d",
- ntohl (mp->sw_if_index),
- ntohl (mp->instance),
- format_ip46_address, &src, IP46_TYPE_ANY,
- format_ip46_address, &dst, IP46_TYPE_ANY,
- mp->tunnel_type, ntohl (mp->outer_fib_id), ntohl (mp->session_id));
+ ntohl (mp->tunnel.sw_if_index),
+ ntohl (mp->tunnel.instance),
+ format_vl_api_address, &mp->tunnel.src,
+ format_vl_api_address, &mp->tunnel.dst,
+ mp->tunnel.type, ntohl (mp->tunnel.outer_fib_id),
+ ntohl (mp->tunnel.session_id));
+}
+
+static void
+vat_json_object_add_address (vat_json_node_t * node,
+ const char *str, const vl_api_address_t * addr)
+{
+ if (ADDRESS_IP6 == addr->af)
+ {
+ struct in6_addr ip6;
+
+ clib_memcpy (&ip6, &addr->un.ip6, sizeof (ip6));
+ vat_json_object_add_ip6 (node, str, ip6);
+ }
+ else
+ {
+ struct in_addr ip4;
+
+ clib_memcpy (&ip4, &addr->un.ip4, sizeof (ip4));
+ vat_json_object_add_ip4 (node, str, ip4);
+ }
}
static void vl_api_gre_tunnel_details_t_handler_json
node = vat_json_array_add (&vam->json_tree);
vat_json_init_object (node);
- vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
- vat_json_object_add_uint (node, "instance", ntohl (mp->instance));
- if (!mp->is_ipv6)
- {
- clib_memcpy (&ip4, &mp->src_address, sizeof (ip4));
- vat_json_object_add_ip4 (node, "src_address", ip4);
- clib_memcpy (&ip4, &mp->dst_address, sizeof (ip4));
- vat_json_object_add_ip4 (node, "dst_address", ip4);
- }
- else
- {
- clib_memcpy (&ip6, &mp->src_address, sizeof (ip6));
- vat_json_object_add_ip6 (node, "src_address", ip6);
- clib_memcpy (&ip6, &mp->dst_address, sizeof (ip6));
- vat_json_object_add_ip6 (node, "dst_address", ip6);
- }
- vat_json_object_add_uint (node, "tunnel_type", mp->tunnel_type);
- vat_json_object_add_uint (node, "outer_fib_id", ntohl (mp->outer_fib_id));
- vat_json_object_add_uint (node, "is_ipv6", mp->is_ipv6);
- vat_json_object_add_uint (node, "session_id", mp->session_id);
+ vat_json_object_add_uint (node, "sw_if_index",
+ ntohl (mp->tunnel.sw_if_index));
+ vat_json_object_add_uint (node, "instance", ntohl (mp->tunnel.instance));
+
+ vat_json_object_add_address (node, "src", &mp->tunnel.src);
+ vat_json_object_add_address (node, "dst", &mp->tunnel.dst);
+ vat_json_object_add_uint (node, "tunnel_type", mp->tunnel.type);
+ vat_json_object_add_uint (node, "outer_fib_id",
+ ntohl (mp->tunnel.outer_fib_id));
+ vat_json_object_add_uint (node, "session_id", mp->tunnel.session_id);
}
static int
}
static int
-api_ipsec_spd_add_del_entry (vat_main_t * vam)
+api_ipsec_spd_entry_add_del (vat_main_t * vam)
{
unformat_input_t *i = vam->input;
- vl_api_ipsec_spd_add_del_entry_t *mp;
+ vl_api_ipsec_spd_entry_add_del_t *mp;
u8 is_add = 1, is_outbound = 0, is_ipv6 = 0, is_ip_any = 1;
u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0;
i32 priority = 0;
u32 rport_start = 0, rport_stop = (u32) ~ 0;
u32 lport_start = 0, lport_stop = (u32) ~ 0;
- ip4_address_t laddr4_start, laddr4_stop, raddr4_start, raddr4_stop;
- ip6_address_t laddr6_start, laddr6_stop, raddr6_start, raddr6_stop;
+ vl_api_address_t laddr_start = { }, laddr_stop =
+ {
+ }, raddr_start =
+ {
+ }, raddr_stop =
+ {
+ };
int ret;
- laddr4_start.as_u32 = raddr4_start.as_u32 = 0;
- laddr4_stop.as_u32 = raddr4_stop.as_u32 = (u32) ~ 0;
- laddr6_start.as_u64[0] = raddr6_start.as_u64[0] = 0;
- laddr6_start.as_u64[1] = raddr6_start.as_u64[1] = 0;
- laddr6_stop.as_u64[0] = raddr6_stop.as_u64[0] = (u64) ~ 0;
- laddr6_stop.as_u64[1] = raddr6_stop.as_u64[1] = (u64) ~ 0;
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "del"))
;
else if (unformat (i, "rport_stop %d", &rport_stop))
;
- else
- if (unformat
- (i, "laddr_start %U", unformat_ip4_address, &laddr4_start))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "laddr_stop %U", unformat_ip4_address, &laddr4_stop))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "raddr_start %U", unformat_ip4_address, &raddr4_start))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "raddr_stop %U", unformat_ip4_address, &raddr4_stop))
- {
- is_ipv6 = 0;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "laddr_start %U", unformat_ip6_address, &laddr6_start))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "laddr_stop %U", unformat_ip6_address, &laddr6_stop))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat
- (i, "raddr_start %U", unformat_ip6_address, &raddr6_start))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
- else
- if (unformat (i, "raddr_stop %U", unformat_ip6_address, &raddr6_stop))
- {
- is_ipv6 = 1;
- is_ip_any = 0;
- }
+ else if (unformat (i, "laddr_start %U",
+ unformat_vl_api_address, &laddr_start))
+ is_ip_any = 0;
+ else if (unformat (i, "laddr_stop %U", unformat_vl_api_address,
+ &laddr_stop))
+ is_ip_any = 0;
+ else if (unformat (i, "raddr_start %U", unformat_vl_api_address,
+ &raddr_start))
+ is_ip_any = 0;
+ else if (unformat (i, "raddr_stop %U", unformat_vl_api_address,
+ &raddr_stop))
+ is_ip_any = 0;
else
if (unformat (i, "action %U", unformat_ipsec_policy_action, &policy))
{
}
- M (IPSEC_SPD_ADD_DEL_ENTRY, mp);
-
- mp->spd_id = ntohl (spd_id);
- mp->priority = ntohl (priority);
- mp->is_outbound = is_outbound;
+ M (IPSEC_SPD_ENTRY_ADD_DEL, mp);
- mp->is_ipv6 = is_ipv6;
- if (is_ipv6 || is_ip_any)
- {
- clib_memcpy (mp->remote_address_start, &raddr6_start,
- sizeof (ip6_address_t));
- clib_memcpy (mp->remote_address_stop, &raddr6_stop,
- sizeof (ip6_address_t));
- clib_memcpy (mp->local_address_start, &laddr6_start,
- sizeof (ip6_address_t));
- clib_memcpy (mp->local_address_stop, &laddr6_stop,
- sizeof (ip6_address_t));
- }
- else
- {
- clib_memcpy (mp->remote_address_start, &raddr4_start,
- sizeof (ip4_address_t));
- clib_memcpy (mp->remote_address_stop, &raddr4_stop,
- sizeof (ip4_address_t));
- clib_memcpy (mp->local_address_start, &laddr4_start,
- sizeof (ip4_address_t));
- clib_memcpy (mp->local_address_stop, &laddr4_stop,
- sizeof (ip4_address_t));
- }
- mp->protocol = (u8) protocol;
- mp->local_port_start = ntohs ((u16) lport_start);
- mp->local_port_stop = ntohs ((u16) lport_stop);
- mp->remote_port_start = ntohs ((u16) rport_start);
- mp->remote_port_stop = ntohs ((u16) rport_stop);
- mp->policy = (u8) policy;
- mp->sa_id = ntohl (sa_id);
mp->is_add = is_add;
- mp->is_ip_any = is_ip_any;
+
+ mp->entry.spd_id = ntohl (spd_id);
+ mp->entry.priority = ntohl (priority);
+ mp->entry.is_outbound = is_outbound;
+
+ clib_memcpy (&mp->entry.remote_address_start, &raddr_start,
+ sizeof (vl_api_address_t));
+ clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop,
+ sizeof (vl_api_address_t));
+ clib_memcpy (&mp->entry.local_address_start, &laddr_start,
+ sizeof (vl_api_address_t));
+ clib_memcpy (&mp->entry.local_address_stop, &laddr_stop,
+ sizeof (vl_api_address_t));
+
+ mp->entry.protocol = (u8) protocol;
+ mp->entry.local_port_start = ntohs ((u16) lport_start);
+ mp->entry.local_port_stop = ntohs ((u16) lport_stop);
+ mp->entry.remote_port_start = ntohs ((u16) rport_start);
+ mp->entry.remote_port_stop = ntohs ((u16) rport_stop);
+ mp->entry.policy = (u8) policy;
+ mp->entry.sa_id = ntohl (sa_id);
+
S (mp);
W (ret);
return ret;
}
static int
-api_ipsec_sad_add_del_entry (vat_main_t * vam)
+api_ipsec_sad_entry_add_del (vat_main_t * vam)
{
unformat_input_t *i = vam->input;
- vl_api_ipsec_sad_add_del_entry_t *mp;
+ vl_api_ipsec_sad_entry_add_del_t *mp;
u32 sad_id = 0, spi = 0;
u8 *ck = 0, *ik = 0;
u8 is_add = 1;
- u8 protocol = IPSEC_PROTOCOL_AH;
- u8 is_tunnel = 0, is_tunnel_ipv6 = 0;
- u32 crypto_alg = 0, integ_alg = 0;
- ip4_address_t tun_src4;
- ip4_address_t tun_dst4;
- ip6_address_t tun_src6;
- ip6_address_t tun_dst6;
+ vl_api_ipsec_crypto_alg_t crypto_alg = IPSEC_API_CRYPTO_ALG_NONE;
+ vl_api_ipsec_integ_alg_t integ_alg = IPSEC_API_INTEG_ALG_NONE;
+ vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
+ vl_api_ipsec_proto_t protocol = IPSEC_API_PROTO_AH;
+ vl_api_address_t tun_src, tun_dst;
int ret;
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
else if (unformat (i, "spi %d", &spi))
;
else if (unformat (i, "esp"))
- protocol = IPSEC_PROTOCOL_ESP;
- else if (unformat (i, "tunnel_src %U", unformat_ip4_address, &tun_src4))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 0;
- }
- else if (unformat (i, "tunnel_dst %U", unformat_ip4_address, &tun_dst4))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 0;
- }
- else if (unformat (i, "tunnel_src %U", unformat_ip6_address, &tun_src6))
- {
- is_tunnel = 1;
- is_tunnel_ipv6 = 1;
- }
- else if (unformat (i, "tunnel_dst %U", unformat_ip6_address, &tun_dst6))
+ protocol = IPSEC_API_PROTO_ESP;
+ else
+ if (unformat (i, "tunnel_src %U", unformat_vl_api_address, &tun_src))
{
- is_tunnel = 1;
- is_tunnel_ipv6 = 1;
+ flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
+ if (ADDRESS_IP6 == tun_src.af)
+ flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
}
else
- if (unformat
- (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
+ if (unformat (i, "tunnel_dst %U", unformat_vl_api_address, &tun_dst))
{
- if (crypto_alg >= IPSEC_CRYPTO_N_ALG)
- {
- clib_warning ("unsupported crypto-alg: '%U'",
- format_ipsec_crypto_alg, crypto_alg);
- return -99;
- }
+ flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
+ if (ADDRESS_IP6 == tun_src.af)
+ flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
}
+ else
+ if (unformat (i, "crypto_alg %U",
+ unformat_ipsec_api_crypto_alg, &crypto_alg))
+ ;
else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
;
- else
- if (unformat
- (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
- {
- if (integ_alg >= IPSEC_INTEG_N_ALG)
- {
- clib_warning ("unsupported integ-alg: '%U'",
- format_ipsec_integ_alg, integ_alg);
- return -99;
- }
- }
+ else if (unformat (i, "integ_alg %U",
+ unformat_ipsec_api_integ_alg, &integ_alg))
+ ;
else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
;
else
}
- M (IPSEC_SAD_ADD_DEL_ENTRY, mp);
+ M (IPSEC_SAD_ENTRY_ADD_DEL, mp);
- mp->sad_id = ntohl (sad_id);
mp->is_add = is_add;
- mp->protocol = protocol;
- mp->spi = ntohl (spi);
- mp->is_tunnel = is_tunnel;
- mp->is_tunnel_ipv6 = is_tunnel_ipv6;
- mp->crypto_algorithm = crypto_alg;
- mp->integrity_algorithm = integ_alg;
- mp->crypto_key_length = vec_len (ck);
- mp->integrity_key_length = vec_len (ik);
+ mp->entry.sad_id = ntohl (sad_id);
+ mp->entry.protocol = protocol;
+ mp->entry.spi = ntohl (spi);
+ mp->entry.flags = flags;
- if (mp->crypto_key_length > sizeof (mp->crypto_key))
- mp->crypto_key_length = sizeof (mp->crypto_key);
+ mp->entry.crypto_algorithm = crypto_alg;
+ mp->entry.integrity_algorithm = integ_alg;
+ mp->entry.crypto_key.length = vec_len (ck);
+ mp->entry.integrity_key.length = vec_len (ik);
- if (mp->integrity_key_length > sizeof (mp->integrity_key))
- mp->integrity_key_length = sizeof (mp->integrity_key);
+ if (mp->entry.crypto_key.length > sizeof (mp->entry.crypto_key.data))
+ mp->entry.crypto_key.length = sizeof (mp->entry.crypto_key.data);
+
+ if (mp->entry.integrity_key.length > sizeof (mp->entry.integrity_key.data))
+ mp->entry.integrity_key.length = sizeof (mp->entry.integrity_key.data);
if (ck)
- clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length);
+ clib_memcpy (mp->entry.crypto_key.data, ck, mp->entry.crypto_key.length);
if (ik)
- clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length);
+ clib_memcpy (mp->entry.integrity_key.data, ik,
+ mp->entry.integrity_key.length);
- if (is_tunnel)
+ if (flags & IPSEC_API_SAD_FLAG_IS_TUNNEL)
{
- if (is_tunnel_ipv6)
- {
- clib_memcpy (mp->tunnel_src_address, &tun_src6,
- sizeof (ip6_address_t));
- clib_memcpy (mp->tunnel_dst_address, &tun_dst6,
- sizeof (ip6_address_t));
- }
- else
- {
- clib_memcpy (mp->tunnel_src_address, &tun_src4,
- sizeof (ip4_address_t));
- clib_memcpy (mp->tunnel_dst_address, &tun_dst4,
- sizeof (ip4_address_t));
- }
+ clib_memcpy (&mp->entry.tunnel_src, &tun_src,
+ sizeof (mp->entry.tunnel_src));
+ clib_memcpy (&mp->entry.tunnel_dst, &tun_dst,
+ sizeof (mp->entry.tunnel_dst));
}
S (mp);
M (IPSEC_SA_SET_KEY, mp);
mp->sa_id = ntohl (sa_id);
- mp->crypto_key_length = vec_len (ck);
- mp->integrity_key_length = vec_len (ik);
+ mp->crypto_key.length = vec_len (ck);
+ mp->integrity_key.length = vec_len (ik);
- if (mp->crypto_key_length > sizeof (mp->crypto_key))
- mp->crypto_key_length = sizeof (mp->crypto_key);
+ if (mp->crypto_key.length > sizeof (mp->crypto_key.data))
+ mp->crypto_key.length = sizeof (mp->crypto_key.data);
- if (mp->integrity_key_length > sizeof (mp->integrity_key))
- mp->integrity_key_length = sizeof (mp->integrity_key);
+ if (mp->integrity_key.length > sizeof (mp->integrity_key.data))
+ mp->integrity_key.length = sizeof (mp->integrity_key.data);
if (ck)
- clib_memcpy (mp->crypto_key, ck, mp->crypto_key_length);
+ clib_memcpy (mp->crypto_key.data, ck, mp->crypto_key.length);
if (ik)
- clib_memcpy (mp->integrity_key, ik, mp->integrity_key_length);
+ clib_memcpy (mp->integrity_key.data, ik, mp->integrity_key.length);
S (mp);
W (ret);
u32 crypto_alg = 0, integ_alg = 0;
u8 *lck = NULL, *rck = NULL;
u8 *lik = NULL, *rik = NULL;
- ip4_address_t local_ip = { {0} };
- ip4_address_t remote_ip = { {0} };
+ vl_api_address_t local_ip = { 0 };
+ vl_api_address_t remote_ip = { 0 };
+ f64 before = 0;
u8 is_add = 1;
u8 esn = 0;
u8 anti_replay = 0;
u8 renumber = 0;
u32 instance = ~0;
+ u32 count = 1, jj;
int ret;
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
is_add = 0;
else if (unformat (i, "esn"))
esn = 1;
- else if (unformat (i, "anti_replay"))
+ else if (unformat (i, "anti-replay"))
anti_replay = 1;
+ else if (unformat (i, "count %d", &count))
+ ;
else if (unformat (i, "local_spi %d", &local_spi))
;
else if (unformat (i, "remote_spi %d", &remote_spi))
;
- else if (unformat (i, "local_ip %U", unformat_ip4_address, &local_ip))
+ else
+ if (unformat (i, "local_ip %U", unformat_vl_api_address, &local_ip))
;
- else if (unformat (i, "remote_ip %U", unformat_ip4_address, &remote_ip))
+ else
+ if (unformat (i, "remote_ip %U", unformat_vl_api_address, &remote_ip))
;
else if (unformat (i, "local_crypto_key %U", unformat_hex_string, &lck))
;
;
else
if (unformat
- (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg))
+ (i, "crypto_alg %U", unformat_ipsec_api_crypto_alg, &crypto_alg))
{
if (crypto_alg >= IPSEC_CRYPTO_N_ALG)
{
}
else
if (unformat
- (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg))
+ (i, "integ_alg %U", unformat_ipsec_api_integ_alg, &integ_alg))
{
if (integ_alg >= IPSEC_INTEG_N_ALG)
{
}
}
- M (IPSEC_TUNNEL_IF_ADD_DEL, mp);
-
- mp->is_add = is_add;
- mp->esn = esn;
- mp->anti_replay = anti_replay;
-
- clib_memcpy (mp->local_ip, &local_ip, sizeof (ip4_address_t));
- clib_memcpy (mp->remote_ip, &remote_ip, sizeof (ip4_address_t));
-
- mp->local_spi = htonl (local_spi);
- mp->remote_spi = htonl (remote_spi);
- mp->crypto_alg = (u8) crypto_alg;
-
- mp->local_crypto_key_len = 0;
- if (lck)
+ if (count > 1)
{
- mp->local_crypto_key_len = vec_len (lck);
- if (mp->local_crypto_key_len > sizeof (mp->local_crypto_key))
- mp->local_crypto_key_len = sizeof (mp->local_crypto_key);
- clib_memcpy (mp->local_crypto_key, lck, mp->local_crypto_key_len);
+ /* Turn on async mode */
+ vam->async_mode = 1;
+ vam->async_errors = 0;
+ before = vat_time_now (vam);
}
- mp->remote_crypto_key_len = 0;
- if (rck)
+ for (jj = 0; jj < count; jj++)
{
- mp->remote_crypto_key_len = vec_len (rck);
- if (mp->remote_crypto_key_len > sizeof (mp->remote_crypto_key))
- mp->remote_crypto_key_len = sizeof (mp->remote_crypto_key);
- clib_memcpy (mp->remote_crypto_key, rck, mp->remote_crypto_key_len);
- }
+ M (IPSEC_TUNNEL_IF_ADD_DEL, mp);
- mp->integ_alg = (u8) integ_alg;
+ mp->is_add = is_add;
+ mp->esn = esn;
+ mp->anti_replay = anti_replay;
- mp->local_integ_key_len = 0;
- if (lik)
- {
- mp->local_integ_key_len = vec_len (lik);
- if (mp->local_integ_key_len > sizeof (mp->local_integ_key))
- mp->local_integ_key_len = sizeof (mp->local_integ_key);
- clib_memcpy (mp->local_integ_key, lik, mp->local_integ_key_len);
- }
+ if (jj > 0)
+ increment_vl_address (&remote_ip);
- mp->remote_integ_key_len = 0;
- if (rik)
- {
- mp->remote_integ_key_len = vec_len (rik);
- if (mp->remote_integ_key_len > sizeof (mp->remote_integ_key))
- mp->remote_integ_key_len = sizeof (mp->remote_integ_key);
- clib_memcpy (mp->remote_integ_key, rik, mp->remote_integ_key_len);
- }
+ clib_memcpy (&mp->local_ip, &local_ip, sizeof (local_ip));
+ clib_memcpy (&mp->remote_ip, &remote_ip, sizeof (remote_ip));
- if (renumber)
- {
- mp->renumber = renumber;
- mp->show_instance = ntohl (instance);
- }
+ mp->local_spi = htonl (local_spi + jj);
+ mp->remote_spi = htonl (remote_spi + jj);
+ mp->crypto_alg = (u8) crypto_alg;
- S (mp);
- W (ret);
- return ret;
-}
+ mp->local_crypto_key_len = 0;
+ if (lck)
+ {
+ mp->local_crypto_key_len = vec_len (lck);
+ if (mp->local_crypto_key_len > sizeof (mp->local_crypto_key))
+ mp->local_crypto_key_len = sizeof (mp->local_crypto_key);
+ clib_memcpy (mp->local_crypto_key, lck, mp->local_crypto_key_len);
+ }
-static void
-vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
-
- print (vam->ofp, "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
- "crypto_key %U integ_alg %u integ_key %U use_esn %u "
- "use_anti_replay %u is_tunnel %u is_tunnel_ip6 %u "
- "tunnel_src_addr %U tunnel_dst_addr %U "
- "salt %u seq_outbound %lu last_seq_inbound %lu "
- "replay_window %lu total_data_size %lu\n",
- ntohl (mp->sa_id), ntohl (mp->sw_if_index), ntohl (mp->spi),
- mp->protocol,
- mp->crypto_alg, format_hex_bytes, mp->crypto_key, mp->crypto_key_len,
- mp->integ_alg, format_hex_bytes, mp->integ_key, mp->integ_key_len,
- mp->use_esn, mp->use_anti_replay, mp->is_tunnel, mp->is_tunnel_ip6,
- (mp->is_tunnel_ip6) ? format_ip6_address : format_ip4_address,
- mp->tunnel_src_addr,
- (mp->is_tunnel_ip6) ? format_ip6_address : format_ip4_address,
- mp->tunnel_dst_addr,
- ntohl (mp->salt),
- clib_net_to_host_u64 (mp->seq_outbound),
- clib_net_to_host_u64 (mp->last_seq_inbound),
- clib_net_to_host_u64 (mp->replay_window),
- clib_net_to_host_u64 (mp->total_data_size));
-}
-
-#define vl_api_ipsec_sa_details_t_endian vl_noop_handler
-#define vl_api_ipsec_sa_details_t_print vl_noop_handler
-
-static void vl_api_ipsec_sa_details_t_handler_json
- (vl_api_ipsec_sa_details_t * mp)
-{
- vat_main_t *vam = &vat_main;
- vat_json_node_t *node = NULL;
- struct in_addr src_ip4, dst_ip4;
- struct in6_addr src_ip6, dst_ip6;
-
- if (VAT_JSON_ARRAY != vam->json_tree.type)
- {
- ASSERT (VAT_JSON_NONE == vam->json_tree.type);
- vat_json_init_array (&vam->json_tree);
- }
- node = vat_json_array_add (&vam->json_tree);
-
- vat_json_init_object (node);
- vat_json_object_add_uint (node, "sa_id", ntohl (mp->sa_id));
- vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
- vat_json_object_add_uint (node, "spi", ntohl (mp->spi));
- vat_json_object_add_uint (node, "proto", mp->protocol);
- vat_json_object_add_uint (node, "crypto_alg", mp->crypto_alg);
- vat_json_object_add_uint (node, "integ_alg", mp->integ_alg);
- vat_json_object_add_uint (node, "use_esn", mp->use_esn);
- vat_json_object_add_uint (node, "use_anti_replay", mp->use_anti_replay);
- vat_json_object_add_uint (node, "is_tunnel", mp->is_tunnel);
- vat_json_object_add_uint (node, "is_tunnel_ip6", mp->is_tunnel_ip6);
- vat_json_object_add_bytes (node, "crypto_key", mp->crypto_key,
- mp->crypto_key_len);
- vat_json_object_add_bytes (node, "integ_key", mp->integ_key,
- mp->integ_key_len);
- if (mp->is_tunnel_ip6)
- {
- clib_memcpy (&src_ip6, mp->tunnel_src_addr, sizeof (src_ip6));
- vat_json_object_add_ip6 (node, "tunnel_src_addr", src_ip6);
- clib_memcpy (&dst_ip6, mp->tunnel_dst_addr, sizeof (dst_ip6));
- vat_json_object_add_ip6 (node, "tunnel_dst_addr", dst_ip6);
- }
- else
- {
- clib_memcpy (&src_ip4, mp->tunnel_src_addr, sizeof (src_ip4));
- vat_json_object_add_ip4 (node, "tunnel_src_addr", src_ip4);
- clib_memcpy (&dst_ip4, mp->tunnel_dst_addr, sizeof (dst_ip4));
- vat_json_object_add_ip4 (node, "tunnel_dst_addr", dst_ip4);
- }
- vat_json_object_add_uint (node, "replay_window",
- clib_net_to_host_u64 (mp->replay_window));
- vat_json_object_add_uint (node, "total_data_size",
- clib_net_to_host_u64 (mp->total_data_size));
-
-}
-
-static int
-api_ipsec_sa_dump (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_sa_dump_t *mp;
- vl_api_control_ping_t *mp_ping;
- u32 sa_id = ~0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "sa_id %d", &sa_id))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- M (IPSEC_SA_DUMP, mp);
-
- mp->sa_id = ntohl (sa_id);
-
- S (mp);
-
- /* Use a control ping for synchronization */
- M (CONTROL_PING, mp_ping);
- S (mp_ping);
-
- W (ret);
- return ret;
-}
-
-static int
-api_ipsec_tunnel_if_set_key (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_tunnel_if_set_key_t *mp;
- u32 sw_if_index = ~0;
- u8 key_type = IPSEC_IF_SET_KEY_TYPE_NONE;
- u8 *key = 0;
- u32 alg = ~0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- ;
- else
- if (unformat (i, "local crypto %U", unformat_ipsec_crypto_alg, &alg))
- key_type = IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO;
- else
- if (unformat (i, "remote crypto %U", unformat_ipsec_crypto_alg, &alg))
- key_type = IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO;
- else if (unformat (i, "local integ %U", unformat_ipsec_integ_alg, &alg))
- key_type = IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG;
- else
- if (unformat (i, "remote integ %U", unformat_ipsec_integ_alg, &alg))
- key_type = IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG;
- else if (unformat (i, "%U", unformat_hex_string, &key))
- ;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (sw_if_index == ~0)
- {
- errmsg ("interface must be specified");
- return -99;
- }
-
- if (key_type == IPSEC_IF_SET_KEY_TYPE_NONE)
- {
- errmsg ("key type must be specified");
- return -99;
- }
-
- if (alg == ~0)
- {
- errmsg ("algorithm must be specified");
- return -99;
- }
-
- if (vec_len (key) == 0)
- {
- errmsg ("key must be specified");
- return -99;
- }
-
- M (IPSEC_TUNNEL_IF_SET_KEY, mp);
-
- mp->sw_if_index = htonl (sw_if_index);
- mp->alg = alg;
- mp->key_type = key_type;
- mp->key_len = vec_len (key);
- clib_memcpy (mp->key, key, vec_len (key));
-
- S (mp);
- W (ret);
-
- return ret;
-}
-
-static int
-api_ipsec_tunnel_if_set_sa (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ipsec_tunnel_if_set_sa_t *mp;
- u32 sw_if_index = ~0;
- u32 sa_id = ~0;
- u8 is_outbound = (u8) ~ 0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
- ;
- else if (unformat (i, "sa_id %d", &sa_id))
- ;
- else if (unformat (i, "outbound"))
- is_outbound = 1;
- else if (unformat (i, "inbound"))
- is_outbound = 0;
- else
- {
- clib_warning ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (sw_if_index == ~0)
- {
- errmsg ("interface must be specified");
- return -99;
- }
-
- if (sa_id == ~0)
- {
- errmsg ("SA ID must be specified");
- return -99;
- }
-
- M (IPSEC_TUNNEL_IF_SET_SA, mp);
-
- mp->sw_if_index = htonl (sw_if_index);
- mp->sa_id = htonl (sa_id);
- mp->is_outbound = is_outbound;
-
- S (mp);
- W (ret);
-
- return ret;
-}
-
-static int
-api_ikev2_profile_add_del (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_profile_add_del_t *mp;
- u8 is_add = 1;
- u8 *name = 0;
- int ret;
-
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "del"))
- is_add = 0;
- else if (unformat (i, "name %U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- M (IKEV2_PROFILE_ADD_DEL, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- mp->is_add = is_add;
- vec_free (name);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_profile_set_auth (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_profile_set_auth_t *mp;
- u8 *name = 0;
- u8 *data = 0;
- u32 auth_method = 0;
- u8 is_hex = 0;
- int ret;
-
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "name %U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else if (unformat (i, "auth_method %U",
- unformat_ikev2_auth_method, &auth_method))
- ;
- else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data))
- is_hex = 1;
- else if (unformat (i, "auth_data %v", &data))
- ;
- else
+ mp->remote_crypto_key_len = 0;
+ if (rck)
{
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
+ mp->remote_crypto_key_len = vec_len (rck);
+ if (mp->remote_crypto_key_len > sizeof (mp->remote_crypto_key))
+ mp->remote_crypto_key_len = sizeof (mp->remote_crypto_key);
+ clib_memcpy (mp->remote_crypto_key, rck, mp->remote_crypto_key_len);
}
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- if (!vec_len (data))
- {
- errmsg ("auth_data must be specified");
- return -99;
- }
-
- if (!auth_method)
- {
- errmsg ("auth_method must be specified");
- return -99;
- }
-
- M (IKEV2_PROFILE_SET_AUTH, mp);
-
- mp->is_hex = is_hex;
- mp->auth_method = (u8) auth_method;
- mp->data_len = vec_len (data);
- clib_memcpy (mp->name, name, vec_len (name));
- clib_memcpy (mp->data, data, vec_len (data));
- vec_free (name);
- vec_free (data);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_profile_set_id (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_profile_set_id_t *mp;
- u8 *name = 0;
- u8 *data = 0;
- u8 is_local = 0;
- u32 id_type = 0;
- ip4_address_t ip4;
- int ret;
- const char *valid_chars = "a-zA-Z0-9_";
+ mp->integ_alg = (u8) integ_alg;
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "name %U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else if (unformat (i, "id_type %U", unformat_ikev2_id_type, &id_type))
- ;
- else if (unformat (i, "id_data %U", unformat_ip4_address, &ip4))
+ mp->local_integ_key_len = 0;
+ if (lik)
{
- data = vec_new (u8, 4);
- clib_memcpy (data, ip4.as_u8, 4);
+ mp->local_integ_key_len = vec_len (lik);
+ if (mp->local_integ_key_len > sizeof (mp->local_integ_key))
+ mp->local_integ_key_len = sizeof (mp->local_integ_key);
+ clib_memcpy (mp->local_integ_key, lik, mp->local_integ_key_len);
}
- else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data))
- ;
- else if (unformat (i, "id_data %v", &data))
- ;
- else if (unformat (i, "local"))
- is_local = 1;
- else if (unformat (i, "remote"))
- is_local = 0;
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
- if (!vec_len (data))
- {
- errmsg ("id_data must be specified");
- return -99;
- }
-
- if (!id_type)
- {
- errmsg ("id_type must be specified");
- return -99;
- }
-
- M (IKEV2_PROFILE_SET_ID, mp);
-
- mp->is_local = is_local;
- mp->id_type = (u8) id_type;
- mp->data_len = vec_len (data);
- clib_memcpy (mp->name, name, vec_len (name));
- clib_memcpy (mp->data, data, vec_len (data));
- vec_free (name);
- vec_free (data);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_profile_set_ts (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_profile_set_ts_t *mp;
- u8 *name = 0;
- u8 is_local = 0;
- u32 proto = 0, start_port = 0, end_port = (u32) ~ 0;
- ip4_address_t start_addr, end_addr;
-
- const char *valid_chars = "a-zA-Z0-9_";
- int ret;
-
- start_addr.as_u32 = 0;
- end_addr.as_u32 = (u32) ~ 0;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "name %U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else if (unformat (i, "protocol %d", &proto))
- ;
- else if (unformat (i, "start_port %d", &start_port))
- ;
- else if (unformat (i, "end_port %d", &end_port))
- ;
- else
- if (unformat (i, "start_addr %U", unformat_ip4_address, &start_addr))
- ;
- else if (unformat (i, "end_addr %U", unformat_ip4_address, &end_addr))
- ;
- else if (unformat (i, "local"))
- is_local = 1;
- else if (unformat (i, "remote"))
- is_local = 0;
- else
+ mp->remote_integ_key_len = 0;
+ if (rik)
{
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
+ mp->remote_integ_key_len = vec_len (rik);
+ if (mp->remote_integ_key_len > sizeof (mp->remote_integ_key))
+ mp->remote_integ_key_len = sizeof (mp->remote_integ_key);
+ clib_memcpy (mp->remote_integ_key, rik, mp->remote_integ_key_len);
}
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
-
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
-
- M (IKEV2_PROFILE_SET_TS, mp);
- mp->is_local = is_local;
- mp->proto = (u8) proto;
- mp->start_port = (u16) start_port;
- mp->end_port = (u16) end_port;
- mp->start_addr = start_addr.as_u32;
- mp->end_addr = end_addr.as_u32;
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_set_local_key (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_set_local_key_t *mp;
- u8 *file = 0;
- int ret;
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "file %v", &file))
- vec_add1 (file, 0);
- else
+ if (renumber)
{
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
+ mp->renumber = renumber;
+ mp->show_instance = ntohl (instance);
}
+ S (mp);
}
- if (!vec_len (file))
- {
- errmsg ("RSA key file must be specified");
- return -99;
- }
-
- if (vec_len (file) > 256)
+ /* When testing multiple add/del ops, use a control-ping to sync */
+ if (count > 1)
{
- errmsg ("file name too long");
- return -99;
- }
-
- M (IKEV2_SET_LOCAL_KEY, mp);
+ vl_api_control_ping_t *mp_ping;
+ f64 after;
+ f64 timeout;
- clib_memcpy (mp->key_file, file, vec_len (file));
- vec_free (file);
+ /* Shut off async mode */
+ vam->async_mode = 0;
- S (mp);
- W (ret);
- return ret;
-}
+ MPING (CONTROL_PING, mp_ping);
+ S (mp_ping);
-static int
-api_ikev2_set_responder (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_set_responder_t *mp;
- int ret;
- u8 *name = 0;
- u32 sw_if_index = ~0;
- ip4_address_t address;
+ timeout = vat_time_now (vam) + 1.0;
+ while (vat_time_now (vam) < timeout)
+ if (vam->result_ready == 1)
+ goto out;
+ vam->retval = -99;
- const char *valid_chars = "a-zA-Z0-9_";
+ out:
+ if (vam->retval == -99)
+ errmsg ("timeout");
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat
- (i, "%U interface %d address %U", unformat_token, valid_chars,
- &name, &sw_if_index, unformat_ip4_address, &address))
- vec_add1 (name, 0);
- else
+ if (vam->async_errors > 0)
{
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
+ errmsg ("%d asynchronous errors", vam->async_errors);
+ vam->retval = -98;
}
- }
-
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
+ vam->async_errors = 0;
+ after = vat_time_now (vam);
- if (vec_len (name) > 64)
+ /* slim chance, but we might have eaten SIGTERM on the first iteration */
+ if (jj > 0)
+ count = jj;
+
+ print (vam->ofp, "%d tunnels in %.6f secs, %.2f tunnels/sec",
+ count, after - before, count / (after - before));
+ }
+ else
{
- errmsg ("profile name too long");
- return -99;
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
}
- M (IKEV2_SET_RESPONDER, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
-
- mp->sw_if_index = sw_if_index;
- clib_memcpy (mp->address, &address, sizeof (address));
-
- S (mp);
- W (ret);
return ret;
}
-static int
-api_ikev2_set_ike_transforms (vat_main_t * vam)
+static void
+vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t * mp)
{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_set_ike_transforms_t *mp;
- int ret;
- u8 *name = 0;
- u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
+ vat_main_t *vam = &vat_main;
- const char *valid_chars = "a-zA-Z0-9_";
+ print (vam->ofp, "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
+ "crypto_key %U integ_alg %u integ_key %U flags %x "
+ "tunnel_src_addr %U tunnel_dst_addr %U "
+ "salt %u seq_outbound %lu last_seq_inbound %lu "
+ "replay_window %lu\n",
+ ntohl (mp->entry.sad_id),
+ ntohl (mp->sw_if_index),
+ ntohl (mp->entry.spi),
+ ntohl (mp->entry.protocol),
+ ntohl (mp->entry.crypto_algorithm),
+ format_hex_bytes, mp->entry.crypto_key.data,
+ mp->entry.crypto_key.length, ntohl (mp->entry.integrity_algorithm),
+ format_hex_bytes, mp->entry.integrity_key.data,
+ mp->entry.integrity_key.length, ntohl (mp->entry.flags),
+ format_vl_api_address, &mp->entry.tunnel_src, format_vl_api_address,
+ &mp->entry.tunnel_dst, ntohl (mp->salt),
+ clib_net_to_host_u64 (mp->seq_outbound),
+ clib_net_to_host_u64 (mp->last_seq_inbound),
+ clib_net_to_host_u64 (mp->replay_window));
+}
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
- &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
- vec_add1 (name, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
+#define vl_api_ipsec_sa_details_t_endian vl_noop_handler
+#define vl_api_ipsec_sa_details_t_print vl_noop_handler
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
+static void vl_api_ipsec_sa_details_t_handler_json
+ (vl_api_ipsec_sa_details_t * mp)
+{
+ vat_main_t *vam = &vat_main;
+ vat_json_node_t *node = NULL;
+ vl_api_ipsec_sad_flags_t flags;
- if (vec_len (name) > 64)
+ if (VAT_JSON_ARRAY != vam->json_tree.type)
{
- errmsg ("profile name too long");
- return -99;
+ ASSERT (VAT_JSON_NONE == vam->json_tree.type);
+ vat_json_init_array (&vam->json_tree);
}
+ node = vat_json_array_add (&vam->json_tree);
- M (IKEV2_SET_IKE_TRANSFORMS, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
- mp->crypto_alg = crypto_alg;
- mp->crypto_key_size = crypto_key_size;
- mp->integ_alg = integ_alg;
- mp->dh_group = dh_group;
-
- S (mp);
- W (ret);
- return ret;
+ vat_json_init_object (node);
+ vat_json_object_add_uint (node, "sa_id", ntohl (mp->entry.sad_id));
+ vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
+ vat_json_object_add_uint (node, "spi", ntohl (mp->entry.spi));
+ vat_json_object_add_uint (node, "proto", ntohl (mp->entry.protocol));
+ vat_json_object_add_uint (node, "crypto_alg",
+ ntohl (mp->entry.crypto_algorithm));
+ vat_json_object_add_uint (node, "integ_alg",
+ ntohl (mp->entry.integrity_algorithm));
+ flags = ntohl (mp->entry.flags);
+ vat_json_object_add_uint (node, "use_esn",
+ ! !(flags & IPSEC_API_SAD_FLAG_USE_ESN));
+ vat_json_object_add_uint (node, "use_anti_replay",
+ ! !(flags & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY));
+ vat_json_object_add_uint (node, "is_tunnel",
+ ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL));
+ vat_json_object_add_uint (node, "is_tunnel_ip6",
+ ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6));
+ vat_json_object_add_uint (node, "udp_encap",
+ ! !(flags & IPSEC_API_SAD_FLAG_UDP_ENCAP));
+ vat_json_object_add_bytes (node, "crypto_key", mp->entry.crypto_key.data,
+ mp->entry.crypto_key.length);
+ vat_json_object_add_bytes (node, "integ_key", mp->entry.integrity_key.data,
+ mp->entry.integrity_key.length);
+ vat_json_object_add_address (node, "src", &mp->entry.tunnel_src);
+ vat_json_object_add_address (node, "dst", &mp->entry.tunnel_dst);
+ vat_json_object_add_uint (node, "replay_window",
+ clib_net_to_host_u64 (mp->replay_window));
}
-
static int
-api_ikev2_set_esp_transforms (vat_main_t * vam)
+api_ipsec_sa_dump (vat_main_t * vam)
{
unformat_input_t *i = vam->input;
- vl_api_ikev2_set_esp_transforms_t *mp;
+ vl_api_ipsec_sa_dump_t *mp;
+ vl_api_control_ping_t *mp_ping;
+ u32 sa_id = ~0;
int ret;
- u8 *name = 0;
- u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
-
- const char *valid_chars = "a-zA-Z0-9_";
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
- &crypto_alg, &crypto_key_size, &integ_alg, &dh_group))
- vec_add1 (name, 0);
+ if (unformat (i, "sa_id %d", &sa_id))
+ ;
else
{
- errmsg ("parse error '%U'", format_unformat_error, i);
+ clib_warning ("parse error '%U'", format_unformat_error, i);
return -99;
}
}
- if (!vec_len (name))
- {
- errmsg ("profile name must be specified");
- return -99;
- }
+ M (IPSEC_SA_DUMP, mp);
- if (vec_len (name) > 64)
- {
- errmsg ("profile name too long");
- return -99;
- }
+ mp->sa_id = ntohl (sa_id);
- M (IKEV2_SET_ESP_TRANSFORMS, mp);
+ S (mp);
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
- mp->crypto_alg = crypto_alg;
- mp->crypto_key_size = crypto_key_size;
- mp->integ_alg = integ_alg;
- mp->dh_group = dh_group;
+ /* Use a control ping for synchronization */
+ M (CONTROL_PING, mp_ping);
+ S (mp_ping);
- S (mp);
W (ret);
return ret;
}
static int
-api_ikev2_set_sa_lifetime (vat_main_t * vam)
+api_ipsec_tunnel_if_set_key (vat_main_t * vam)
{
unformat_input_t *i = vam->input;
- vl_api_ikev2_set_sa_lifetime_t *mp;
+ vl_api_ipsec_tunnel_if_set_key_t *mp;
+ u32 sw_if_index = ~0;
+ u8 key_type = IPSEC_IF_SET_KEY_TYPE_NONE;
+ u8 *key = 0;
+ u32 alg = ~0;
int ret;
- u8 *name = 0;
- u64 lifetime, lifetime_maxdata;
- u32 lifetime_jitter, handover;
-
- const char *valid_chars = "a-zA-Z0-9_";
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name,
- &lifetime, &lifetime_jitter, &handover,
- &lifetime_maxdata))
- vec_add1 (name, 0);
+ if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
+ ;
+ else
+ if (unformat
+ (i, "local crypto %U", unformat_ipsec_api_crypto_alg, &alg))
+ key_type = IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO;
+ else
+ if (unformat
+ (i, "remote crypto %U", unformat_ipsec_api_crypto_alg, &alg))
+ key_type = IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO;
+ else
+ if (unformat
+ (i, "local integ %U", unformat_ipsec_api_integ_alg, &alg))
+ key_type = IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG;
+ else
+ if (unformat
+ (i, "remote integ %U", unformat_ipsec_api_integ_alg, &alg))
+ key_type = IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG;
+ else if (unformat (i, "%U", unformat_hex_string, &key))
+ ;
else
{
- errmsg ("parse error '%U'", format_unformat_error, i);
+ clib_warning ("parse error '%U'", format_unformat_error, i);
return -99;
}
}
- if (!vec_len (name))
+ if (sw_if_index == ~0)
{
- errmsg ("profile name must be specified");
+ errmsg ("interface must be specified");
return -99;
}
- if (vec_len (name) > 64)
+ if (key_type == IPSEC_IF_SET_KEY_TYPE_NONE)
{
- errmsg ("profile name too long");
+ errmsg ("key type must be specified");
return -99;
}
- M (IKEV2_SET_SA_LIFETIME, mp);
-
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
- mp->lifetime = lifetime;
- mp->lifetime_jitter = lifetime_jitter;
- mp->handover = handover;
- mp->lifetime_maxdata = lifetime_maxdata;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_initiate_sa_init (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_initiate_sa_init_t *mp;
- int ret;
- u8 *name = 0;
-
- const char *valid_chars = "a-zA-Z0-9_";
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (i, "%U", unformat_token, valid_chars, &name))
- vec_add1 (name, 0);
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
- }
-
- if (!vec_len (name))
+ if (alg == ~0)
{
- errmsg ("profile name must be specified");
+ errmsg ("algorithm must be specified");
return -99;
}
- if (vec_len (name) > 64)
+ if (vec_len (key) == 0)
{
- errmsg ("profile name too long");
+ errmsg ("key must be specified");
return -99;
}
- M (IKEV2_INITIATE_SA_INIT, mp);
+ M (IPSEC_TUNNEL_IF_SET_KEY, mp);
- clib_memcpy (mp->name, name, vec_len (name));
- vec_free (name);
+ mp->sw_if_index = htonl (sw_if_index);
+ mp->alg = alg;
+ mp->key_type = key_type;
+ mp->key_len = vec_len (key);
+ clib_memcpy (mp->key, key, vec_len (key));
S (mp);
W (ret);
+
return ret;
}
static int
-api_ikev2_initiate_del_ike_sa (vat_main_t * vam)
+api_ipsec_tunnel_if_set_sa (vat_main_t * vam)
{
unformat_input_t *i = vam->input;
- vl_api_ikev2_initiate_del_ike_sa_t *mp;
+ vl_api_ipsec_tunnel_if_set_sa_t *mp;
+ u32 sw_if_index = ~0;
+ u32 sa_id = ~0;
+ u8 is_outbound = (u8) ~ 0;
int ret;
- u64 ispi;
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (i, "%lx", &ispi))
+ if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index))
+ ;
+ else if (unformat (i, "sa_id %d", &sa_id))
;
+ else if (unformat (i, "outbound"))
+ is_outbound = 1;
+ else if (unformat (i, "inbound"))
+ is_outbound = 0;
else
{
- errmsg ("parse error '%U'", format_unformat_error, i);
+ clib_warning ("parse error '%U'", format_unformat_error, i);
return -99;
}
}
- M (IKEV2_INITIATE_DEL_IKE_SA, mp);
-
- mp->ispi = ispi;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_initiate_del_child_sa (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_initiate_del_child_sa_t *mp;
- int ret;
- u32 ispi;
-
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ if (sw_if_index == ~0)
{
- if (unformat (i, "%x", &ispi))
- ;
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
+ errmsg ("interface must be specified");
+ return -99;
}
- M (IKEV2_INITIATE_DEL_CHILD_SA, mp);
-
- mp->ispi = ispi;
-
- S (mp);
- W (ret);
- return ret;
-}
-
-static int
-api_ikev2_initiate_rekey_child_sa (vat_main_t * vam)
-{
- unformat_input_t *i = vam->input;
- vl_api_ikev2_initiate_rekey_child_sa_t *mp;
- int ret;
- u32 ispi;
-
-
- while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ if (sa_id == ~0)
{
- if (unformat (i, "%x", &ispi))
- ;
- else
- {
- errmsg ("parse error '%U'", format_unformat_error, i);
- return -99;
- }
+ errmsg ("SA ID must be specified");
+ return -99;
}
- M (IKEV2_INITIATE_REKEY_CHILD_SA, mp);
+ M (IPSEC_TUNNEL_IF_SET_SA, mp);
- mp->ispi = ispi;
+ mp->sw_if_index = htonl (sw_if_index);
+ mp->sa_id = htonl (sa_id);
+ mp->is_outbound = is_outbound;
S (mp);
W (ret);
+
return ret;
}
vat_main_t *vam = &vat_main;
vat_json_node_t *node;
- struct in_addr ip4;
- struct in6_addr ip6;
if (VAT_JSON_ARRAY != vam->json_tree.type)
{
vat_json_object_add_string_copy (node, "link_layer",
format (0, "%U", format_vl_api_mac_address,
&mp->neighbor.mac_address));
-
- if (ADDRESS_IP6 == mp->neighbor.ip_address.af)
- {
- clib_memcpy (&ip6, &mp->neighbor.ip_address.un.ip6, sizeof (ip6));
- vat_json_object_add_ip6 (node, "ip_address", ip6);
- }
- else
- {
- clib_memcpy (&ip4, &mp->neighbor.ip_address.un.ip4, sizeof (ip4));
- vat_json_object_add_ip4 (node, "ip_address", ip4);
- }
+ vat_json_object_add_address (node, "ip", &mp->neighbor.ip_address);
}
static int
}
static int
-api_ipsec_gre_add_del_tunnel (vat_main_t * vam)
+api_ipsec_gre_tunnel_add_del (vat_main_t * vam)
{
unformat_input_t *i = vam->input;
- vl_api_ipsec_gre_add_del_tunnel_t *mp;
+ vl_api_ipsec_gre_tunnel_add_del_t *mp;
u32 local_sa_id = 0;
u32 remote_sa_id = 0;
- ip4_address_t src_address;
- ip4_address_t dst_address;
+ vl_api_ip4_address_t src_address;
+ vl_api_ip4_address_t dst_address;
u8 is_add = 1;
int ret;
;
else if (unformat (i, "remote_sa %d", &remote_sa_id))
;
- else if (unformat (i, "src %U", unformat_ip4_address, &src_address))
+ else
+ if (unformat (i, "src %U", unformat_vl_api_ip4_address, &src_address))
;
- else if (unformat (i, "dst %U", unformat_ip4_address, &dst_address))
+ else
+ if (unformat (i, "dst %U", unformat_vl_api_ip4_address, &dst_address))
;
else if (unformat (i, "del"))
is_add = 0;
}
}
- M (IPSEC_GRE_ADD_DEL_TUNNEL, mp);
+ M (IPSEC_GRE_TUNNEL_ADD_DEL, mp);
- mp->local_sa_id = ntohl (local_sa_id);
- mp->remote_sa_id = ntohl (remote_sa_id);
- clib_memcpy (mp->src_address, &src_address, sizeof (src_address));
- clib_memcpy (mp->dst_address, &dst_address, sizeof (dst_address));
+ mp->tunnel.local_sa_id = ntohl (local_sa_id);
+ mp->tunnel.remote_sa_id = ntohl (remote_sa_id);
+ clib_memcpy (mp->tunnel.src, &src_address, sizeof (src_address));
+ clib_memcpy (mp->tunnel.dst, &dst_address, sizeof (dst_address));
mp->is_add = is_add;
S (mp);
vat_main_t *vam = &vat_main;
print (vam->ofp, "%11d%15U%15U%14d%14d",
- ntohl (mp->sw_if_index),
- format_ip4_address, &mp->src_address,
- format_ip4_address, &mp->dst_address,
- ntohl (mp->local_sa_id), ntohl (mp->remote_sa_id));
+ ntohl (mp->tunnel.sw_if_index),
+ format_vl_api_ip4_address, mp->tunnel.src,
+ format_vl_api_ip4_address, mp->tunnel.dst,
+ ntohl (mp->tunnel.local_sa_id), ntohl (mp->tunnel.remote_sa_id));
+}
+
+static void
+vat_json_object_add_vl_api_ip4 (vat_json_node_t * node,
+ const char *name,
+ const vl_api_ip4_address_t addr)
+{
+ struct in_addr ip4;
+
+ clib_memcpy (&ip4, addr, sizeof (ip4));
+ vat_json_object_add_ip4 (node, name, ip4);
}
static void vl_api_ipsec_gre_tunnel_details_t_handler_json
node = vat_json_array_add (&vam->json_tree);
vat_json_init_object (node);
- vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index));
- clib_memcpy (&ip4, &mp->src_address, sizeof (ip4));
- vat_json_object_add_ip4 (node, "src_address", ip4);
- clib_memcpy (&ip4, &mp->dst_address, sizeof (ip4));
- vat_json_object_add_ip4 (node, "dst_address", ip4);
- vat_json_object_add_uint (node, "local_sa_id", ntohl (mp->local_sa_id));
- vat_json_object_add_uint (node, "remote_sa_id", ntohl (mp->remote_sa_id));
+ vat_json_object_add_uint (node, "sw_if_index",
+ ntohl (mp->tunnel.sw_if_index));
+ vat_json_object_add_vl_api_ip4 (node, "src", mp->tunnel.src);
+ vat_json_object_add_vl_api_ip4 (node, "src", mp->tunnel.dst);
+ vat_json_object_add_uint (node, "local_sa_id",
+ ntohl (mp->tunnel.local_sa_id));
+ vat_json_object_add_uint (node, "remote_sa_id",
+ ntohl (mp->tunnel.remote_sa_id));
}
static int
config[6].count = 128;
config[6].size = sizeof (uword);
- rv = vl_socket_client_init_shm (config);
+ rv = vl_socket_client_init_shm (config, 1 /* want_pthread */ );
if (!rv)
vam->client_index_invalid = 1;
return rv;
"vni <vni> [encap-vrf-id <nn>] [decap-next <l2|nn>] [del]") \
_(vxlan_tunnel_dump, "[<intfc> | sw_if_index <nn>]") \
_(geneve_tunnel_dump, "[<intfc> | sw_if_index <nn>]") \
-_(gre_add_del_tunnel, \
+_(gre_tunnel_add_del, \
"src <ip-addr> dst <ip-addr> [outer-fib-id <nn>] [instance <n>]\n" \
"[teb | erspan <session-id>] [del]") \
_(gre_tunnel_dump, "[<intfc> | sw_if_index <nn>]") \
_(ipsec_spd_add_del, "spd_id <n> [del]") \
_(ipsec_interface_add_del_spd, "(<intfc> | sw_if_index <id>)\n" \
" spid_id <n> ") \
-_(ipsec_sad_
add_del_entry, "sad_id <n> spi <n> crypto_alg <alg>\n" \
+_(ipsec_sad_
entry_add_del, "sad_id <n> spi <n> crypto_alg <alg>\n" \
" crypto_key <hex> tunnel_src <ip4|ip6> tunnel_dst <ip4|ip6>\n" \
" integ_alg <alg> integ_key <hex>") \
-_(ipsec_spd_
add_del_entry, "spd_id <n> priority <n> action <action>\n" \
+_(ipsec_spd_
entry_add_del, "spd_id <n> priority <n> action <action>\n" \
" (inbound|outbound) [sa_id <n>] laddr_start <ip4|ip6>\n" \
" laddr_stop <ip4|ip6> raddr_start <ip4|ip6> raddr_stop <ip4|ip6>\n" \
" [lport_start <n> lport_stop <n>] [rport_start <n> rport_stop <n>]" ) \
_(ipsec_tunnel_if_set_key, "<intfc> <local|remote> <crypto|integ>\n" \
" <alg> <hex>\n") \
_(ipsec_tunnel_if_set_sa, "<intfc> sa_id <n> <inbound|outbound>\n") \
-_(ikev2_profile_add_del, "name <profile_name> [del]") \
-_(ikev2_profile_set_auth, "name <profile_name> auth_method <method>\n" \
- "(auth_data 0x<data> | auth_data <data>)") \
-_(ikev2_profile_set_id, "name <profile_name> id_type <type>\n" \
- "(id_data 0x<data> | id_data <data>) (local|remote)") \
-_(ikev2_profile_set_ts, "name <profile_name> protocol <proto>\n" \
- "start_port <port> end_port <port> start_addr <ip4> end_addr <ip4>\n" \
- "(local|remote)") \
-_(ikev2_set_local_key, "file <absolute_file_path>") \
-_(ikev2_set_responder, "<profile_name> interface <interface> address <addr>") \
-_(ikev2_set_ike_transforms, "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>") \
-_(ikev2_set_esp_transforms, "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>") \
-_(ikev2_set_sa_lifetime, "<profile_name> <seconds> <jitter> <handover> <max bytes>") \
-_(ikev2_initiate_sa_init, "<profile_name>") \
-_(ikev2_initiate_del_ike_sa, "<ispi>") \
-_(ikev2_initiate_del_child_sa, "<ispi>") \
-_(ikev2_initiate_rekey_child_sa, "<ispi>") \
_(delete_loopback,"sw_if_index <nn>") \
_(bd_ip_mac_add_del, "bd_id <bridge-domain-id> <ip4/6-addr> <mac-addr> [del]") \
_(bd_ip_mac_flush, "bd_id <bridge-domain-id>") \
_(ip_source_and_port_range_check_interface_add_del, \
"<intf> | sw_if_index <nn> [tcp-out-vrf <id>] [tcp-in-vrf <id>]" \
"[udp-in-vrf <id>] [udp-out-vrf <id>]") \
-_(ipsec_gre_add_del_tunnel, \
+_(ipsec_gre_tunnel_add_del, \
"src <addr> dst <addr> local_sa <sa-id> remote_sa <sa-id> [del]") \
_(ipsec_gre_tunnel_dump, "[sw_if_index <nn>]") \
_(delete_subif,"<intfc> | sw_if_index <nn>") \
Code Review / vpp.git / blobdiff