};
/* *INDENT-ON* */
-static clib_error_t *
-set_ipsec_sa_key_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- unformat_input_t _line_input, *line_input = &_line_input;
- ipsec_key_t ck = { }, ik =
- {
- };
- clib_error_t *error = NULL;
- u32 id;
-
- if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "%u", &id))
- ;
- else
- if (unformat (line_input, "crypto-key %U", unformat_ipsec_key, &ck))
- ;
- else if (unformat (line_input, "integ-key %U", unformat_ipsec_key, &ik))
- ;
- else
- {
- error = clib_error_return (0, "parse error: '%U'",
- format_unformat_error, line_input);
- goto done;
- }
- }
-
- ipsec_set_sa_key (id, &ck, &ik);
-
-done:
- unformat_free (line_input);
-
- return error;
-}
-
-/* *INDENT-OFF* */
-VLIB_CLI_COMMAND (set_ipsec_sa_key_command, static) = {
- .path = "set ipsec sa",
- .short_help = "set ipsec sa <id> crypto-key <key> integ-key <key>",
- .function = set_ipsec_sa_key_command_fn,
-};
-/* *INDENT-ON* */
-
static void
ipsec_sa_show_all (vlib_main_t * vm, ipsec_main_t * im)
{
};
/* *INDENT-ON* */
-static clib_error_t *
-set_interface_key_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- unformat_input_t _line_input, *line_input = &_line_input;
- ipsec_main_t *im = &ipsec_main;
- ipsec_if_set_key_type_t type = IPSEC_IF_SET_KEY_TYPE_NONE;
- u32 hw_if_index = (u32) ~ 0;
- u32 alg;
- u8 *key = 0;
- clib_error_t *error = NULL;
-
- if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "%U",
- unformat_vnet_hw_interface, im->vnet_main, &hw_if_index))
- ;
- else
- if (unformat
- (line_input, "local crypto %U", unformat_ipsec_crypto_alg, &alg))
- type = IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO;
- else
- if (unformat
- (line_input, "remote crypto %U", unformat_ipsec_crypto_alg, &alg))
- type = IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO;
- else
- if (unformat
- (line_input, "local integ %U", unformat_ipsec_integ_alg, &alg))
- type = IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG;
- else
- if (unformat
- (line_input, "remote integ %U", unformat_ipsec_integ_alg, &alg))
- type = IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG;
- else if (unformat (line_input, "%U", unformat_hex_string, &key))
- ;
- else
- {
- error = clib_error_return (0, "parse error: '%U'",
- format_unformat_error, line_input);
- goto done;
- }
- }
-
- if (type == IPSEC_IF_SET_KEY_TYPE_NONE)
- {
- error = clib_error_return (0, "unknown key type");
- goto done;
- }
-
- if (alg > 0 && vec_len (key) == 0)
- {
- error = clib_error_return (0, "key is not specified");
- goto done;
- }
-
- if (hw_if_index == (u32) ~ 0)
- {
- error = clib_error_return (0, "interface not specified");
- goto done;
- }
-
- ipsec_set_interface_key (im->vnet_main, hw_if_index, type, alg, key);
-
-done:
- vec_free (key);
- unformat_free (line_input);
-
- return error;
-}
-
-/* *INDENT-OFF* */
-VLIB_CLI_COMMAND (set_interface_key_command, static) = {
- .path = "set interface ipsec key",
- .short_help =
- "set interface ipsec key <int> <local|remote> <crypto|integ> <key type> <key>",
- .function = set_interface_key_command_fn,
-};
-/* *INDENT-ON* */
-
clib_error_t *
ipsec_cli_init (vlib_main_t * vm)
{
Code Review / vpp.git / blobdiff