VPP-1450: binary api call for dumping SPD to interface registration

Change-Id: Idd4a5f8bab5d39e5f33f5c130601175af70a20d4
Signed-off-by: Filip Varga <filip.varga@pantheon.tech>

diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api
index d6a2801..793422d 100644 (file)
--- a/src/vnet/ipsec/ipsec.api
+++ b/src/vnet/ipsec/ipsec.api
@@ -455,7 +455,7 @@ define ipsec_spds_dump {
     @param spd_id - SPD instance id (control plane allocated)
     @param npolicies - number of policies in SPD
 */
- define ipsec_spds_details {
+define ipsec_spds_details {
   u32 context;
   u32 spd_id;
   u32 npolicies;
@@ -515,6 +515,31 @@ define ipsec_spd_details {
     u64 packets;
 };
 
+/** \brief IPsec: Get SPD interfaces
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param spd_index - SPD index
+    @param spd_index_valid - if 1 spd_index is used to filter
+      spd_index's, if 0 no filtering is done
+*/
+define ipsec_spd_interface_dump {
+    u32 client_index;
+    u32 context;
+    u32 spd_index;
+    u8 spd_index_valid;
+};
+
+/** \brief IPsec: SPD interface response
+    @param context - sender context which was passed in the request
+    @param spd_index - SPD index
+    @param sw_if_index - index of the interface
+*/
+define ipsec_spd_interface_details {
+    u32 context;
+    u32 spd_index;
+    u32 sw_if_index;
+};
+
 /** \brief Add or delete IPsec tunnel interface
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request

diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index f80c340..ced2c9c 100644 (file)
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -56,6 +56,7 @@ _(IPSEC_SA_SET_KEY, ipsec_sa_set_key)                                   \
 _(IPSEC_SA_DUMP, ipsec_sa_dump)                                         \
 _(IPSEC_SPDS_DUMP, ipsec_spds_dump)                                     \
 _(IPSEC_SPD_DUMP, ipsec_spd_dump)                                       \
+_(IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump)                  \
 _(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del)                     \
 _(IPSEC_TUNNEL_IF_SET_KEY, ipsec_tunnel_if_set_key)                     \
 _(IPSEC_TUNNEL_IF_SET_SA, ipsec_tunnel_if_set_sa)                       \
@@ -366,6 +367,60 @@ vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp)
 #endif
 }
 
+static void
+send_ipsec_spd_interface_details (vl_api_registration_t * reg, u32 spd_index,
+                                 u32 sw_if_index, u32 context)
+{
+  vl_api_ipsec_spd_interface_details_t *mp;
+
+  mp = vl_msg_api_alloc (sizeof (*mp));
+  clib_memset (mp, 0, sizeof (*mp));
+  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_INTERFACE_DETAILS);
+  mp->context = context;
+
+  mp->spd_index = htonl (spd_index);
+  mp->sw_if_index = htonl (sw_if_index);
+
+  vl_api_send_msg (reg, (u8 *) mp);
+}
+
+static void
+vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t *
+                                          mp)
+{
+  ipsec_main_t *im = &ipsec_main;
+  vl_api_registration_t *reg;
+  u32 k, v, spd_index;
+
+#if WITH_LIBSSL > 0
+  reg = vl_api_client_index_to_registration (mp->client_index);
+  if (!reg)
+    return;
+
+  if (mp->spd_index_valid)
+    {
+      spd_index = ntohl (mp->spd_index);
+      /* *INDENT-OFF* */
+      hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
+        if (v == spd_index)
+          send_ipsec_spd_interface_details(reg, v, k, mp->context);
+      }));
+      /* *INDENT-ON* */
+    }
+  else
+    {
+      /* *INDENT-OFF* */
+      hash_foreach(k, v, im->spd_index_by_sw_if_index, ({
+        send_ipsec_spd_interface_details(reg, v, k, mp->context);
+      }));
+      /* *INDENT-ON* */
+    }
+
+#else
+  clib_warning ("unimplemented");
+#endif
+}
+
 static void
 vl_api_ipsec_sa_set_key_t_handler (vl_api_ipsec_sa_set_key_t * mp)
 {