43 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) 50 #define foreach_vpe_api_msg \ 51 _(IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \ 52 _(IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \ 53 _(IPSEC_SPD_ADD_DEL_ENTRY, ipsec_spd_add_del_entry) \ 54 _(IPSEC_SAD_ADD_DEL_ENTRY, ipsec_sad_add_del_entry) \ 55 _(IPSEC_SA_SET_KEY, ipsec_sa_set_key) \ 56 _(IPSEC_SA_DUMP, ipsec_sa_dump) \ 57 _(IPSEC_SPD_DUMP, ipsec_spd_dump) \ 58 _(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del) \ 59 _(IPSEC_TUNNEL_IF_SET_KEY, ipsec_tunnel_if_set_key) \ 60 _(IPSEC_TUNNEL_IF_SET_SA, ipsec_tunnel_if_set_sa) \ 61 _(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del) \ 62 _(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth) \ 63 _(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id) \ 64 _(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts) \ 65 _(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key) \ 66 _(IKEV2_SET_RESPONDER, ikev2_set_responder) \ 67 _(IKEV2_SET_IKE_TRANSFORMS, ikev2_set_ike_transforms) \ 68 _(IKEV2_SET_ESP_TRANSFORMS, ikev2_set_esp_transforms) \ 69 _(IKEV2_SET_SA_LIFETIME, ikev2_set_sa_lifetime) \ 70 _(IKEV2_INITIATE_SA_INIT, ikev2_initiate_sa_init) \ 71 _(IKEV2_INITIATE_DEL_IKE_SA, ikev2_initiate_del_ike_sa) \ 72 _(IKEV2_INITIATE_DEL_CHILD_SA, ikev2_initiate_del_child_sa) \ 73 _(IKEV2_INITIATE_REKEY_CHILD_SA, ikev2_initiate_rekey_child_sa) 83 vl_api_ipsec_spd_add_del_reply_t *rmp;
96 vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
98 u32 sw_if_index __attribute__ ((unused));
99 u32 spd_id __attribute__ ((unused));
102 spd_id = ntohl (mp->
spd_id);
109 rv = VNET_API_ERROR_UNIMPLEMENTED;
114 REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
121 vl_api_ipsec_spd_add_del_entry_reply_t *rmp;
127 memset (&p, 0,
sizeof (p));
154 if (mp->
policy == IPSEC_POLICY_ACTION_RESOLVE)
157 rv = VNET_API_ERROR_UNIMPLEMENTED;
173 rv = VNET_API_ERROR_UNIMPLEMENTED;
178 REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_ENTRY_REPLY);
185 vl_api_ipsec_sad_add_del_entry_reply_t *rmp;
191 memset (&sa, 0,
sizeof (sa));
202 rv = VNET_API_ERROR_UNIMPLEMENTED;
213 rv = VNET_API_ERROR_UNIMPLEMENTED;
240 rv = VNET_API_ERROR_UNIMPLEMENTED;
246 rv = VNET_API_ERROR_UNIMPLEMENTED;
251 REPLY_MACRO (VL_API_IPSEC_SAD_ADD_DEL_ENTRY_REPLY);
261 memset (mp, 0,
sizeof (*mp));
262 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
320 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
321 send_ipsec_spd_details (policy, reg,
334 vl_api_ipsec_sa_set_key_reply_t *rmp;
346 rv = VNET_API_ERROR_UNIMPLEMENTED;
359 u32 sw_if_index = ~0;
394 rv = VNET_API_ERROR_UNIMPLEMENTED;
406 u32 context,
u32 sw_if_index)
411 memset (mp, 0,
sizeof (*mp));
412 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS);
418 mp->
spi = htonl (sa->
spi);
449 mp->
salt = clib_host_to_net_u32 (sa->
salt);
474 u32 *sa_index_to_tun_if_index = 0;
487 vnet_hw_interface_t *hi;
488 u32 sw_if_index = ~0;
490 hi = vnet_get_hw_interface (vnm, t->hw_if_index);
491 sw_if_index = hi->sw_if_index;
492 sa_index_to_tun_if_index[t->input_sa_index] = sw_if_index;
493 sa_index_to_tun_if_index[t->output_sa_index] = sw_if_index;
498 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == sa->id)
499 send_ipsec_sa_details (sa, reg, mp->context,
500 sa_index_to_tun_if_index[sa - im->sad]);
504 vec_free (sa_index_to_tun_if_index);
515 vl_api_ipsec_tunnel_if_set_key_reply_t *rmp;
529 if (mp->
alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
532 rv = VNET_API_ERROR_UNIMPLEMENTED;
540 rv = VNET_API_ERROR_UNIMPLEMENTED;
546 rv = VNET_API_ERROR_UNIMPLEMENTED;
562 REPLY_MACRO (VL_API_IPSEC_TUNNEL_IF_SET_KEY_REPLY);
569 vl_api_ipsec_tunnel_if_set_sa_reply_t *rmp;
591 vl_api_ikev2_profile_add_del_reply_t *rmp;
601 rv = VNET_API_ERROR_UNSPECIFIED;
603 rv = VNET_API_ERROR_UNIMPLEMENTED;
613 vl_api_ikev2_profile_set_auth_reply_t *rmp;
626 rv = VNET_API_ERROR_UNSPECIFIED;
628 rv = VNET_API_ERROR_UNIMPLEMENTED;
637 vl_api_ikev2_profile_add_del_reply_t *rmp;
650 rv = VNET_API_ERROR_UNSPECIFIED;
652 rv = VNET_API_ERROR_UNIMPLEMENTED;
661 vl_api_ikev2_profile_set_ts_reply_t *rmp;
673 rv = VNET_API_ERROR_UNSPECIFIED;
675 rv = VNET_API_ERROR_UNIMPLEMENTED;
684 vl_api_ikev2_profile_set_ts_reply_t *rmp;
693 rv = VNET_API_ERROR_UNSPECIFIED;
695 rv = VNET_API_ERROR_UNIMPLEMENTED;
704 vl_api_ikev2_set_responder_reply_t *rmp;
718 rv = VNET_API_ERROR_UNSPECIFIED;
720 rv = VNET_API_ERROR_UNIMPLEMENTED;
730 vl_api_ikev2_set_ike_transforms_reply_t *rmp;
744 rv = VNET_API_ERROR_UNSPECIFIED;
746 rv = VNET_API_ERROR_UNIMPLEMENTED;
749 REPLY_MACRO (VL_API_IKEV2_SET_IKE_TRANSFORMS_REPLY);
756 vl_api_ikev2_set_esp_transforms_reply_t *rmp;
770 rv = VNET_API_ERROR_UNSPECIFIED;
772 rv = VNET_API_ERROR_UNIMPLEMENTED;
775 REPLY_MACRO (VL_API_IKEV2_SET_ESP_TRANSFORMS_REPLY);
781 vl_api_ikev2_set_sa_lifetime_reply_t *rmp;
795 rv = VNET_API_ERROR_UNSPECIFIED;
797 rv = VNET_API_ERROR_UNIMPLEMENTED;
806 vl_api_ikev2_initiate_sa_init_reply_t *rmp;
818 rv = VNET_API_ERROR_UNSPECIFIED;
820 rv = VNET_API_ERROR_UNIMPLEMENTED;
830 vl_api_ikev2_initiate_del_ike_sa_reply_t *rmp;
839 rv = VNET_API_ERROR_UNSPECIFIED;
841 rv = VNET_API_ERROR_UNIMPLEMENTED;
844 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_IKE_SA_REPLY);
851 vl_api_ikev2_initiate_del_child_sa_reply_t *rmp;
860 rv = VNET_API_ERROR_UNSPECIFIED;
862 rv = VNET_API_ERROR_UNIMPLEMENTED;
865 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_CHILD_SA_REPLY);
872 vl_api_ikev2_initiate_rekey_child_sa_reply_t *rmp;
881 rv = VNET_API_ERROR_UNSPECIFIED;
883 rv = VNET_API_ERROR_UNIMPLEMENTED;
886 REPLY_MACRO (VL_API_IKEV2_INITIATE_REKEY_CHILD_SA_REPLY);
896 #define vl_msg_name_crc_list 898 #undef vl_msg_name_crc_list 903 #define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id); 904 foreach_vl_msg_name_crc_ipsec;
914 vl_msg_api_set_handlers(VL_API_##N, #n, \ 915 vl_api_##n##_t_handler, \ 917 vl_api_##n##_t_endian, \ 918 vl_api_##n##_t_print, \ 919 sizeof(vl_api_##n##_t), 1);
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
static void vl_api_ikev2_profile_set_auth_t_handler(vl_api_ikev2_profile_set_auth_t *mp)
static void vl_api_ipsec_sa_set_key_t_handler(vl_api_ipsec_sa_set_key_t *mp)
static void vl_api_ikev2_set_local_key_t_handler(vl_api_ikev2_set_local_key_t *mp)
int ipsec_set_interface_sa(vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
u8 use_extended_sequence_number
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip4_address_t ip4)
ipsec_tunnel_if_t * tunnel_interfaces
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
ip46_address_t tunnel_src_addr
IKEv2: Set Child SA lifetime, limited by time and/or data.
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
static void vl_api_ikev2_initiate_rekey_child_sa_t_handler(vl_api_ikev2_initiate_rekey_child_sa_t *mp)
static void vl_api_ipsec_tunnel_if_set_key_t_handler(vl_api_ipsec_tunnel_if_set_key_t *mp)
u8 tunnel_dst_address[16]
IKEv2: Add/delete profile.
VLIB_API_INIT_FUNCTION(ipsec_api_hookup)
IPsec: Update Security Association keys.
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
#define REPLY_MACRO2(t, body)
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
ipsec_integ_alg_t integ_alg
IPsec: Add/delete Security Policy Database entry.
u8 remote_crypto_key[128]
static void setup_message_id_table(api_main_t *am)
static void vl_api_ipsec_sa_dump_t_handler(vl_api_ipsec_sa_dump_t *mp)
static vnet_sw_interface_t * vnet_get_sw_interface(vnet_main_t *vnm, u32 sw_if_index)
static void vl_api_ipsec_spd_add_del_entry_t_handler(vl_api_ipsec_spd_add_del_entry_t *mp)
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
void * vl_msg_api_alloc(int nbytes)
#define foreach_vpe_api_msg
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
static void vl_api_ipsec_interface_add_del_spd_t_handler(vl_api_ipsec_interface_add_del_spd_t *mp)
u8 local_address_start[16]
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
static void vl_api_ipsec_tunnel_if_add_del_t_handler(vl_api_ipsec_tunnel_if_add_del_t *mp)
static void vl_api_ikev2_set_responder_t_handler(vl_api_ikev2_set_responder_t *mp)
Set key on IPsec interface.
static void vl_api_ipsec_spd_dump_t_handler(vl_api_ipsec_spd_dump_t *mp)
static void vl_api_ikev2_profile_set_ts_t_handler(vl_api_ikev2_profile_set_ts_t *mp)
ipsec_main_callbacks_t cb
IKEv2: Initiate the delete Child SA exchange.
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
IKEv2: Set IKEv2 profile local/remote identification.
IKEv2: Set IKEv2 profile traffic selector parameters.
static void vl_api_ikev2_initiate_del_child_sa_t_handler(vl_api_ikev2_initiate_del_child_sa_t *mp)
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
ipsec_policy_t * policies
static void vl_api_ipsec_spd_add_del_t_handler(vl_api_ipsec_spd_add_del_t *mp)
u8 local_address_stop[16]
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
u8 remote_crypto_key[128]
counter_t packets
packet counter
Add/delete IPsec tunnel interface response.
IKEv2: Initiate the rekey Child SA exchange.
clib_error_t *(* check_support_cb)(ipsec_sa_t *sa)
IPsec: Add/delete Security Policy Database.
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
static void vl_api_ikev2_initiate_sa_init_t_handler(vl_api_ikev2_initiate_sa_init_t *mp)
static void vl_api_ikev2_set_sa_lifetime_t_handler(vl_api_ikev2_set_sa_lifetime_t *mp)
ip46_address_range_t laddr
static void send_ipsec_sa_details(ipsec_sa_t *sa, vl_api_registration_t *reg, u32 context, u32 sw_if_index)
static void vl_api_ikev2_set_ike_transforms_t_handler(vl_api_ikev2_set_ike_transforms_t *mp)
uword * spd_index_by_spd_id
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip4_address_t start_addr, ip4_address_t end_addr, int is_local)
static void vl_api_ipsec_tunnel_if_set_sa_t_handler(vl_api_ipsec_tunnel_if_set_sa_t *mp)
API main structure, used by both vpp and binary API clients.
ip46_address_t tunnel_dst_addr
An API client registration, only in vpp/vlib.
#define BAD_SW_IF_INDEX_LABEL
IPsec: Add/delete SPD from interface.
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
ipsec_crypto_alg_t crypto_alg
static void vl_api_ikev2_set_esp_transforms_t_handler(vl_api_ikev2_set_esp_transforms_t *mp)
u8 remote_address_stop[16]
#define vec_free(V)
Free vector's memory (no header).
IPsec: Add/delete Security Association Database entry.
#define clib_warning(format, args...)
#define clib_memcpy(a, b, c)
u8 remote_address_start[16]
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
u8 tunnel_src_address[16]
Set new SA on IPsec interface.
IKEv2: Initiate the SA_INIT exchange.
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
static void vl_api_ipsec_sad_add_del_entry_t_handler(vl_api_ipsec_sad_add_del_entry_t *mp)
ip46_address_range_t raddr
static void send_ipsec_spd_details(ipsec_policy_t *p, vl_api_registration_t *reg, u32 context)
Dump IPsec security association.
IKEv2: Set IKEv2 responder interface and IP address.
ipsec_integ_alg_t integ_alg
IKEv2: Initiate the delete IKE SA exchange.
IKEv2: Set IKEv2 profile authentication method.
Dump ipsec policy database data.
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add, u8 udp_encap)
ipsec_protocol_t protocol
static vlib_main_t * vlib_get_main(void)
IPsec policy database response.
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
counter_t bytes
byte counter
static void vl_api_ikev2_profile_set_id_t_handler(vl_api_ikev2_profile_set_id_t *mp)
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index)
IKEv2: Set IKEv2 local RSA private key.
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
static void vl_api_ikev2_profile_add_del_t_handler(vl_api_ikev2_profile_add_del_t *mp)
ipsec_crypto_alg_t crypto_alg
static void vl_api_ikev2_initiate_del_ike_sa_t_handler(vl_api_ikev2_initiate_del_ike_sa_t *mp)
static clib_error_t * ipsec_api_hookup(vlib_main_t *vm)
IPsec security association database response.
#define vec_validate_init_empty(V, I, INIT)
Make sure vector is long enough for given index and initialize empty space (no header, unspecified alignment)
Add or delete IPsec tunnel interface.
#define VALIDATE_SW_IF_INDEX(mp)
static uword pool_elts(void *v)
Number of active elements in a pool.
1.8.11 
