#include <vnet/api_errno.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/ip_types_api.h>
+#include <vnet/ipsec/ipsec_types_api.h>
#include <vnet/fib/fib.h>
#include <vnet/ipip/ipip.h>
/* *INDENT-ON* */
}
-static int
-ipsec_proto_decode (vl_api_ipsec_proto_t in, ipsec_protocol_t * out)
-{
- in = clib_net_to_host_u32 (in);
-
- switch (in)
- {
- case IPSEC_API_PROTO_ESP:
- *out = IPSEC_PROTOCOL_ESP;
- return (0);
- case IPSEC_API_PROTO_AH:
- *out = IPSEC_PROTOCOL_AH;
- return (0);
- }
- return (VNET_API_ERROR_INVALID_PROTOCOL);
-}
-
-static vl_api_ipsec_proto_t
-ipsec_proto_encode (ipsec_protocol_t p)
-{
- switch (p)
- {
- case IPSEC_PROTOCOL_ESP:
- return clib_host_to_net_u32 (IPSEC_API_PROTO_ESP);
- case IPSEC_PROTOCOL_AH:
- return clib_host_to_net_u32 (IPSEC_API_PROTO_AH);
- }
- return (VNET_API_ERROR_UNIMPLEMENTED);
-}
-
-static int
-ipsec_crypto_algo_decode (vl_api_ipsec_crypto_alg_t in,
- ipsec_crypto_alg_t * out)
-{
- in = clib_net_to_host_u32 (in);
-
- switch (in)
- {
-#define _(v,f,s) case IPSEC_API_CRYPTO_ALG_##f: \
- *out = IPSEC_CRYPTO_ALG_##f; \
- return (0);
- foreach_ipsec_crypto_alg
-#undef _
- }
- return (VNET_API_ERROR_INVALID_ALGORITHM);
-}
-
-static vl_api_ipsec_crypto_alg_t
-ipsec_crypto_algo_encode (ipsec_crypto_alg_t c)
-{
- switch (c)
- {
-#define _(v,f,s) case IPSEC_CRYPTO_ALG_##f: \
- return clib_host_to_net_u32(IPSEC_API_CRYPTO_ALG_##f);
- foreach_ipsec_crypto_alg
-#undef _
- case IPSEC_CRYPTO_N_ALG:
- break;
- }
- ASSERT (0);
- return (VNET_API_ERROR_UNIMPLEMENTED);
-}
-
-static int
-ipsec_integ_algo_decode (vl_api_ipsec_integ_alg_t in, ipsec_integ_alg_t * out)
-{
- in = clib_net_to_host_u32 (in);
-
- switch (in)
- {
-#define _(v,f,s) case IPSEC_API_INTEG_ALG_##f: \
- *out = IPSEC_INTEG_ALG_##f; \
- return (0);
- foreach_ipsec_integ_alg
-#undef _
- }
- return (VNET_API_ERROR_INVALID_ALGORITHM);
-}
-
-static vl_api_ipsec_integ_alg_t
-ipsec_integ_algo_encode (ipsec_integ_alg_t i)
-{
- switch (i)
- {
-#define _(v,f,s) case IPSEC_INTEG_ALG_##f: \
- return (clib_host_to_net_u32(IPSEC_API_INTEG_ALG_##f));
- foreach_ipsec_integ_alg
-#undef _
- case IPSEC_INTEG_N_ALG:
- break;
- }
- ASSERT (0);
- return (VNET_API_ERROR_UNIMPLEMENTED);
-}
-
-static void
-ipsec_key_decode (const vl_api_key_t * key, ipsec_key_t * out)
-{
- ipsec_mk_key (out, key->data, key->length);
-}
-
-static void
-ipsec_key_encode (const ipsec_key_t * in, vl_api_key_t * out)
-{
- out->length = in->len;
- clib_memcpy (out->data, in->data, out->length);
-}
-
-static ipsec_sa_flags_t
-ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in)
-{
- ipsec_sa_flags_t flags = IPSEC_SA_FLAG_NONE;
- in = clib_net_to_host_u32 (in);
-
- if (in & IPSEC_API_SAD_FLAG_USE_ESN)
- flags |= IPSEC_SA_FLAG_USE_ESN;
- if (in & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)
- flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
- if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL)
- flags |= IPSEC_SA_FLAG_IS_TUNNEL;
- if (in & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6)
- flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6;
- if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP)
- flags |= IPSEC_SA_FLAG_UDP_ENCAP;
-
- return (flags);
-}
-
-static vl_api_ipsec_sad_flags_t
-ipsec_sad_flags_encode (const ipsec_sa_t * sa)
-{
- vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
-
- if (ipsec_sa_is_set_USE_ESN (sa))
- flags |= IPSEC_API_SAD_FLAG_USE_ESN;
- if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
- flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
- if (ipsec_sa_is_set_IS_TUNNEL (sa))
- flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
- if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
- flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
- if (ipsec_sa_is_set_UDP_ENCAP (sa))
- flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP;
-
- return clib_host_to_net_u32 (flags);
-}
-
static void vl_api_ipsec_sad_entry_add_del_t_handler
(vl_api_ipsec_sad_entry_add_del_t * mp)
{
// remote = input, local = output
/* create an ip-ip tunnel, then the two SA, then bind them */
rv = ipip_add_tunnel (transport,
- ntohl (mp->show_instance),
+ (mp->renumber ? ntohl (mp->show_instance) : ~0),
&local_ip,
- &remote_ip, fib_index, 0, &sw_if_index);
+ &remote_ip, fib_index,
+ IPIP_TUNNEL_FLAG_NONE, IP_DSCP_CS0, &sw_if_index);
if (rv)
goto done;
}
else
{
-
+ /* *INDENT-OFF* */
ipip_tunnel_key_t key = {
.transport = transport,
.fib_index = fib_index,
.src = local_ip,
.dst = remote_ip
};
+ /* *INDENT-ON* */
+
ipip_tunnel_t *t = ipip_tunnel_db_find (&key);
- rv = ipsec_tun_protect_del (t->sw_if_index);
- ipip_del_tunnel (t->sw_if_index);
+ if (NULL != t)
+ {
+ rv = ipsec_tun_protect_del (t->sw_if_index);
+ ipip_del_tunnel (t->sw_if_index);
+ }
+ else
+ rv = VNET_API_ERROR_NO_SUCH_ENTRY;
}
#else
Code Review / vpp.git / blobdiff