FD.io VPP  v17.07.01-10-g3be13f0
Vector Packet Processing
ipsec_api.c
Go to the documentation of this file.
1 /*
2  *------------------------------------------------------------------
3  * ipsec_api.c - ipsec api
4  *
5  * Copyright (c) 2016 Cisco and/or its affiliates.
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at:
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  *------------------------------------------------------------------
18  */
19 
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
22 
23 #include <vnet/interface.h>
24 #include <vnet/api_errno.h>
25 #include <vnet/ip/ip.h>
26 
27 #include <vnet/vnet_msg_enum.h>
28 
29 #if WITH_LIBSSL > 0
30 #include <vnet/ipsec/ipsec.h>
31 #include <vnet/ipsec/ikev2.h>
32 #endif /* IPSEC */
33 
34 #define vl_typedefs /* define message structures */
35 #include <vnet/vnet_all_api_h.h>
36 #undef vl_typedefs
37 
38 #define vl_endianfun /* define message structures */
39 #include <vnet/vnet_all_api_h.h>
40 #undef vl_endianfun
41 
42 /* instantiate all the print functions we know about */
43 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
44 #define vl_printfun
45 #include <vnet/vnet_all_api_h.h>
46 #undef vl_printfun
47 
48 #include <vlibapi/api_helper_macros.h>
49 
50 #define foreach_vpe_api_msg \
51 _(IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \
52 _(IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \
53 _(IPSEC_SPD_ADD_DEL_ENTRY, ipsec_spd_add_del_entry) \
54 _(IPSEC_SAD_ADD_DEL_ENTRY, ipsec_sad_add_del_entry) \
55 _(IPSEC_SA_SET_KEY, ipsec_sa_set_key) \
56 _(IPSEC_SPD_DUMP, ipsec_spd_dump) \
57 _(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del) \
58 _(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del) \
59 _(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth) \
60 _(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id) \
61 _(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts) \
62 _(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key) \
63 _(IKEV2_SET_RESPONDER, ikev2_set_responder) \
64 _(IKEV2_SET_IKE_TRANSFORMS, ikev2_set_ike_transforms) \
65 _(IKEV2_SET_ESP_TRANSFORMS, ikev2_set_esp_transforms) \
66 _(IKEV2_SET_SA_LIFETIME, ikev2_set_sa_lifetime) \
67 _(IKEV2_INITIATE_SA_INIT, ikev2_initiate_sa_init) \
68 _(IKEV2_INITIATE_DEL_IKE_SA, ikev2_initiate_del_ike_sa) \
69 _(IKEV2_INITIATE_DEL_CHILD_SA, ikev2_initiate_del_child_sa) \
70 _(IKEV2_INITIATE_REKEY_CHILD_SA, ikev2_initiate_rekey_child_sa)
71 
72 static void vl_api_ipsec_spd_add_del_t_handler
73  (vl_api_ipsec_spd_add_del_t * mp)
74 {
75 #if WITH_LIBSSL == 0
76  clib_warning ("unimplemented");
77 #else
78 
79  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
80  vl_api_ipsec_spd_add_del_reply_t *rmp;
81  int rv;
82 
83  rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
84 
85  REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
86 #endif
87 }
88 
89 static void vl_api_ipsec_interface_add_del_spd_t_handler
90  (vl_api_ipsec_interface_add_del_spd_t * mp)
91 {
92  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
93  vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
94  int rv;
95  u32 sw_if_index __attribute__ ((unused));
96  u32 spd_id __attribute__ ((unused));
97 
98  sw_if_index = ntohl (mp->sw_if_index);
99  spd_id = ntohl (mp->spd_id);
100 
101  VALIDATE_SW_IF_INDEX (mp);
102 
103 #if WITH_LIBSSL > 0
104  rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
105 #else
106  rv = VNET_API_ERROR_UNIMPLEMENTED;
107 #endif
108 
109  BAD_SW_IF_INDEX_LABEL;
110 
111  REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
112 }
113 
114 static void vl_api_ipsec_spd_add_del_entry_t_handler
115  (vl_api_ipsec_spd_add_del_entry_t * mp)
116 {
117  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
118  vl_api_ipsec_spd_add_del_entry_reply_t *rmp;
119  int rv;
120 
121 #if WITH_LIBSSL > 0
122  ipsec_policy_t p;
123 
124  memset (&p, 0, sizeof (p));
125 
126  p.id = ntohl (mp->spd_id);
127  p.priority = ntohl (mp->priority);
128  p.is_outbound = mp->is_outbound;
129  p.is_ipv6 = mp->is_ipv6;
130 
131  if (mp->is_ipv6 || mp->is_ip_any)
132  {
133  clib_memcpy (&p.raddr.start, mp->remote_address_start, 16);
134  clib_memcpy (&p.raddr.stop, mp->remote_address_stop, 16);
135  clib_memcpy (&p.laddr.start, mp->local_address_start, 16);
136  clib_memcpy (&p.laddr.stop, mp->local_address_stop, 16);
137  }
138  else
139  {
140  clib_memcpy (&p.raddr.start.ip4.data, mp->remote_address_start, 4);
141  clib_memcpy (&p.raddr.stop.ip4.data, mp->remote_address_stop, 4);
142  clib_memcpy (&p.laddr.start.ip4.data, mp->local_address_start, 4);
143  clib_memcpy (&p.laddr.stop.ip4.data, mp->local_address_stop, 4);
144  }
145  p.protocol = mp->protocol;
146  p.rport.start = ntohs (mp->remote_port_start);
147  p.rport.stop = ntohs (mp->remote_port_stop);
148  p.lport.start = ntohs (mp->local_port_start);
149  p.lport.stop = ntohs (mp->local_port_stop);
150  /* policy action resolve unsupported */
151  if (mp->policy == IPSEC_POLICY_ACTION_RESOLVE)
152  {
153  clib_warning ("unsupported action: 'resolve'");
154  rv = VNET_API_ERROR_UNIMPLEMENTED;
155  goto out;
156  }
157  p.policy = mp->policy;
158  p.sa_id = ntohl (mp->sa_id);
159 
160  rv = ipsec_add_del_policy (vm, &p, mp->is_add);
161  if (rv)
162  goto out;
163 
164  if (mp->is_ip_any)
165  {
166  p.is_ipv6 = 1;
167  rv = ipsec_add_del_policy (vm, &p, mp->is_add);
168  }
169 #else
170  rv = VNET_API_ERROR_UNIMPLEMENTED;
171  goto out;
172 #endif
173 
174 out:
175  REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_ENTRY_REPLY);
176 }
177 
178 static void vl_api_ipsec_sad_add_del_entry_t_handler
179  (vl_api_ipsec_sad_add_del_entry_t * mp)
180 {
181  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
182  vl_api_ipsec_sad_add_del_entry_reply_t *rmp;
183  int rv;
184 #if WITH_LIBSSL > 0
185  ipsec_main_t *im = &ipsec_main;
186  ipsec_sa_t sa;
187 
188  memset (&sa, 0, sizeof (sa));
189 
190  sa.id = ntohl (mp->sad_id);
191  sa.spi = ntohl (mp->spi);
192  /* security protocol AH unsupported */
193  if (mp->protocol == IPSEC_PROTOCOL_AH)
194  {
195  clib_warning ("unsupported security protocol 'AH'");
196  rv = VNET_API_ERROR_UNIMPLEMENTED;
197  goto out;
198  }
199  sa.protocol = mp->protocol;
200  /* check for unsupported crypto-alg */
201  if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
202  mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
203  {
204  clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
205  mp->crypto_algorithm);
206  rv = VNET_API_ERROR_UNIMPLEMENTED;
207  goto out;
208  }
209  sa.crypto_alg = mp->crypto_algorithm;
210  sa.crypto_key_len = mp->crypto_key_length;
211  clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
212  /* check for unsupported integ-alg */
213  if (mp->integrity_algorithm >= IPSEC_INTEG_N_ALG)
214  {
215  clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg,
216  mp->integrity_algorithm);
217  rv = VNET_API_ERROR_UNIMPLEMENTED;
218  goto out;
219  }
220 
221  sa.integ_alg = mp->integrity_algorithm;
222  sa.integ_key_len = mp->integrity_key_length;
223  clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
224  sa.use_esn = mp->use_extended_sequence_number;
225  sa.is_tunnel = mp->is_tunnel;
226  sa.is_tunnel_ip6 = mp->is_tunnel_ipv6;
227  if (sa.is_tunnel_ip6)
228  {
229  clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16);
230  clib_memcpy (&sa.tunnel_dst_addr, mp->tunnel_dst_address, 16);
231  }
232  else
233  {
234  clib_memcpy (&sa.tunnel_src_addr.ip4.data, mp->tunnel_src_address, 4);
235  clib_memcpy (&sa.tunnel_dst_addr.ip4.data, mp->tunnel_dst_address, 4);
236  }
237 
238  ASSERT (im->cb.check_support_cb);
239  clib_error_t *err = im->cb.check_support_cb (&sa);
240  if (err)
241  {
242  clib_warning ("%s", err->what);
243  rv = VNET_API_ERROR_UNIMPLEMENTED;
244  goto out;
245  }
246 
247  rv = ipsec_add_del_sa (vm, &sa, mp->is_add);
248 #else
249  rv = VNET_API_ERROR_UNIMPLEMENTED;
250  goto out;
251 #endif
252 
253 out:
254  REPLY_MACRO (VL_API_IPSEC_SAD_ADD_DEL_ENTRY_REPLY);
255 }
256 
257 static void
258 send_ipsec_spd_details (ipsec_policy_t * p, unix_shared_memory_queue_t * q,
259  u32 context)
260 {
261  vl_api_ipsec_spd_details_t *mp;
262 
263  mp = vl_msg_api_alloc (sizeof (*mp));
264  memset (mp, 0, sizeof (*mp));
265  mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
266  mp->context = context;
267 
268  mp->spd_id = htonl (p->id);
269  mp->priority = htonl (p->priority);
270  mp->is_outbound = p->is_outbound;
271  mp->is_ipv6 = p->is_ipv6;
272  if (p->is_ipv6)
273  {
274  memcpy (mp->local_start_addr, &p->laddr.start.ip6, 16);
275  memcpy (mp->local_stop_addr, &p->laddr.stop.ip6, 16);
276  memcpy (mp->remote_start_addr, &p->raddr.start.ip6, 16);
277  memcpy (mp->remote_stop_addr, &p->raddr.stop.ip6, 16);
278  }
279  else
280  {
281  memcpy (mp->local_start_addr, &p->laddr.start.ip4, 4);
282  memcpy (mp->local_stop_addr, &p->laddr.stop.ip4, 4);
283  memcpy (mp->remote_start_addr, &p->raddr.start.ip4, 4);
284  memcpy (mp->remote_stop_addr, &p->raddr.stop.ip4, 4);
285  }
286  mp->local_start_port = htons (p->lport.start);
287  mp->local_stop_port = htons (p->lport.stop);
288  mp->remote_start_port = htons (p->rport.start);
289  mp->remote_stop_port = htons (p->rport.stop);
290  mp->protocol = p->protocol;
291  mp->policy = p->policy;
292  mp->sa_id = htonl (p->sa_id);
293  mp->bytes = clib_host_to_net_u64 (p->counter.bytes);
294  mp->packets = clib_host_to_net_u64 (p->counter.packets);
295 
296  vl_msg_api_send_shmem (q, (u8 *) & mp);
297 }
298 
299 static void
300 vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp)
301 {
302  unix_shared_memory_queue_t *q;
303  ipsec_main_t *im = &ipsec_main;
304  ipsec_policy_t *policy;
305  ipsec_spd_t *spd;
306  uword *p;
307  u32 spd_index;
308 #if WITH_LIBSSL > 0
309  q = vl_api_client_index_to_input_queue (mp->client_index);
310  if (q == 0)
311  return;
312 
313  p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id));
314  if (!p)
315  return;
316 
317  spd_index = p[0];
318  spd = pool_elt_at_index (im->spds, spd_index);
319 
320  /* *INDENT-OFF* */
321  pool_foreach (policy, spd->policies,
322  ({
323  if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
324  send_ipsec_spd_details (policy, q,
325  mp->context);}
326  ));
327  /* *INDENT-ON* */
328 #else
329  clib_warning ("unimplemented");
330 #endif
331 }
332 
333 static void
334 vl_api_ipsec_sa_set_key_t_handler (vl_api_ipsec_sa_set_key_t * mp)
335 {
336  vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
337  vl_api_ipsec_sa_set_key_reply_t *rmp;
338  int rv;
339 #if WITH_LIBSSL > 0
340  ipsec_sa_t sa;
341  sa.id = ntohl (mp->sa_id);
342  sa.crypto_key_len = mp->crypto_key_length;
343  clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
344  sa.integ_key_len = mp->integrity_key_length;
345  clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
346 
347  rv = ipsec_set_sa_key (vm, &sa);
348 #else
349  rv = VNET_API_ERROR_UNIMPLEMENTED;
350 #endif
351 
352  REPLY_MACRO (VL_API_IPSEC_SA_SET_KEY_REPLY);
353 }
354 
355 static void
356 vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
357  mp)
358 {
359  vl_api_ipsec_tunnel_if_add_del_reply_t *rmp;
360  ipsec_main_t *im = &ipsec_main;
361  vnet_main_t *vnm = im->vnet_main;
362  u32 sw_if_index = ~0;
363  int rv;
364 
365 #if WITH_LIBSSL > 0
366  ipsec_add_del_tunnel_args_t tun;
367 
368  memset (&tun, 0, sizeof (ipsec_add_del_tunnel_args_t));
369 
370  tun.is_add = mp->is_add;
371  tun.esn = mp->esn;
372  tun.anti_replay = mp->anti_replay;
373  tun.local_spi = ntohl (mp->local_spi);
374  tun.remote_spi = ntohl (mp->remote_spi);
375  tun.crypto_alg = mp->crypto_alg;
376  tun.local_crypto_key_len = mp->local_crypto_key_len;
377  tun.remote_crypto_key_len = mp->remote_crypto_key_len;
378  tun.integ_alg = mp->integ_alg;
379  tun.local_integ_key_len = mp->local_integ_key_len;
380  tun.remote_integ_key_len = mp->remote_integ_key_len;
381  memcpy (&tun.local_ip, mp->local_ip, 4);
382  memcpy (&tun.remote_ip, mp->remote_ip, 4);
383  memcpy (&tun.local_crypto_key, &mp->local_crypto_key,
384  mp->local_crypto_key_len);
385  memcpy (&tun.remote_crypto_key, &mp->remote_crypto_key,
386  mp->remote_crypto_key_len);
387  memcpy (&tun.local_integ_key, &mp->local_integ_key,
388  mp->local_integ_key_len);
389  memcpy (&tun.remote_integ_key, &mp->remote_integ_key,
390  mp->remote_integ_key_len);
391 
392  rv = ipsec_add_del_tunnel_if_internal (vnm, &tun, &sw_if_index);
393 
394 #else
395  rv = VNET_API_ERROR_UNIMPLEMENTED;
396 #endif
397 
398  REPLY_MACRO2 (VL_API_IPSEC_TUNNEL_IF_ADD_DEL_REPLY, (
399  {
400  rmp->sw_if_index =
401  htonl (sw_if_index);
402  }));
403 }
404 
405 
406 static void
407 vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp)
408 {
409  vl_api_ikev2_profile_add_del_reply_t *rmp;
410  int rv = 0;
411 
412 #if WITH_LIBSSL > 0
413  vlib_main_t *vm = vlib_get_main ();
414  clib_error_t *error;
415  u8 *tmp = format (0, "%s", mp->name);
416  error = ikev2_add_del_profile (vm, tmp, mp->is_add);
417  vec_free (tmp);
418  if (error)
419  rv = VNET_API_ERROR_UNSPECIFIED;
420 #else
421  rv = VNET_API_ERROR_UNIMPLEMENTED;
422 #endif
423 
424  REPLY_MACRO (VL_API_IKEV2_PROFILE_ADD_DEL_REPLY);
425 }
426 
427 static void
428  vl_api_ikev2_profile_set_auth_t_handler
429  (vl_api_ikev2_profile_set_auth_t * mp)
430 {
431  vl_api_ikev2_profile_set_auth_reply_t *rmp;
432  int rv = 0;
433 
434 #if WITH_LIBSSL > 0
435  vlib_main_t *vm = vlib_get_main ();
436  clib_error_t *error;
437  u8 *tmp = format (0, "%s", mp->name);
438  u8 *data = vec_new (u8, mp->data_len);
439  clib_memcpy (data, mp->data, mp->data_len);
440  error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
441  vec_free (tmp);
442  vec_free (data);
443  if (error)
444  rv = VNET_API_ERROR_UNSPECIFIED;
445 #else
446  rv = VNET_API_ERROR_UNIMPLEMENTED;
447 #endif
448 
449  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_AUTH_REPLY);
450 }
451 
452 static void
453 vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp)
454 {
455  vl_api_ikev2_profile_add_del_reply_t *rmp;
456  int rv = 0;
457 
458 #if WITH_LIBSSL > 0
459  vlib_main_t *vm = vlib_get_main ();
460  clib_error_t *error;
461  u8 *tmp = format (0, "%s", mp->name);
462  u8 *data = vec_new (u8, mp->data_len);
463  clib_memcpy (data, mp->data, mp->data_len);
464  error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
465  vec_free (tmp);
466  vec_free (data);
467  if (error)
468  rv = VNET_API_ERROR_UNSPECIFIED;
469 #else
470  rv = VNET_API_ERROR_UNIMPLEMENTED;
471 #endif
472 
473  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY);
474 }
475 
476 static void
477 vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp)
478 {
479  vl_api_ikev2_profile_set_ts_reply_t *rmp;
480  int rv = 0;
481 
482 #if WITH_LIBSSL > 0
483  vlib_main_t *vm = vlib_get_main ();
484  clib_error_t *error;
485  u8 *tmp = format (0, "%s", mp->name);
486  error = ikev2_set_profile_ts (vm, tmp, mp->proto, mp->start_port,
487  mp->end_port, (ip4_address_t) mp->start_addr,
488  (ip4_address_t) mp->end_addr, mp->is_local);
489  vec_free (tmp);
490  if (error)
491  rv = VNET_API_ERROR_UNSPECIFIED;
492 #else
493  rv = VNET_API_ERROR_UNIMPLEMENTED;
494 #endif
495 
496  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_TS_REPLY);
497 }
498 
499 static void
500 vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp)
501 {
502  vl_api_ikev2_profile_set_ts_reply_t *rmp;
503  int rv = 0;
504 
505 #if WITH_LIBSSL > 0
506  vlib_main_t *vm = vlib_get_main ();
507  clib_error_t *error;
508 
509  error = ikev2_set_local_key (vm, mp->key_file);
510  if (error)
511  rv = VNET_API_ERROR_UNSPECIFIED;
512 #else
513  rv = VNET_API_ERROR_UNIMPLEMENTED;
514 #endif
515 
516  REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
517 }
518 
519 static void
520 vl_api_ikev2_set_responder_t_handler (vl_api_ikev2_set_responder_t * mp)
521 {
522  vl_api_ikev2_set_responder_reply_t *rmp;
523  int rv = 0;
524 
525 #if WITH_LIBSSL > 0
526  vlib_main_t *vm = vlib_get_main ();
527  clib_error_t *error;
528 
529  u8 *tmp = format (0, "%s", mp->name);
530  ip4_address_t ip4;
531  clib_memcpy (&ip4, mp->address, sizeof (ip4));
532 
533  error = ikev2_set_profile_responder (vm, tmp, mp->sw_if_index, ip4);
534  vec_free (tmp);
535  if (error)
536  rv = VNET_API_ERROR_UNSPECIFIED;
537 #else
538  rv = VNET_API_ERROR_UNIMPLEMENTED;
539 #endif
540 
541  REPLY_MACRO (VL_API_IKEV2_SET_RESPONDER_REPLY);
542 }
543 
544 static void
545 vl_api_ikev2_set_ike_transforms_t_handler (vl_api_ikev2_set_ike_transforms_t *
546  mp)
547 {
548  vl_api_ikev2_set_ike_transforms_reply_t *rmp;
549  int rv = 0;
550 
551 #if WITH_LIBSSL > 0
552  vlib_main_t *vm = vlib_get_main ();
553  clib_error_t *error;
554 
555  u8 *tmp = format (0, "%s", mp->name);
556 
557  error =
558  ikev2_set_profile_ike_transforms (vm, tmp, mp->crypto_alg, mp->integ_alg,
559  mp->dh_group, mp->crypto_key_size);
560  vec_free (tmp);
561  if (error)
562  rv = VNET_API_ERROR_UNSPECIFIED;
563 #else
564  rv = VNET_API_ERROR_UNIMPLEMENTED;
565 #endif
566 
567  REPLY_MACRO (VL_API_IKEV2_SET_IKE_TRANSFORMS_REPLY);
568 }
569 
570 static void
571 vl_api_ikev2_set_esp_transforms_t_handler (vl_api_ikev2_set_esp_transforms_t *
572  mp)
573 {
574  vl_api_ikev2_set_esp_transforms_reply_t *rmp;
575  int rv = 0;
576 
577 #if WITH_LIBSSL > 0
578  vlib_main_t *vm = vlib_get_main ();
579  clib_error_t *error;
580 
581  u8 *tmp = format (0, "%s", mp->name);
582 
583  error =
584  ikev2_set_profile_esp_transforms (vm, tmp, mp->crypto_alg, mp->integ_alg,
585  mp->dh_group, mp->crypto_key_size);
586  vec_free (tmp);
587  if (error)
588  rv = VNET_API_ERROR_UNSPECIFIED;
589 #else
590  rv = VNET_API_ERROR_UNIMPLEMENTED;
591 #endif
592 
593  REPLY_MACRO (VL_API_IKEV2_SET_ESP_TRANSFORMS_REPLY);
594 }
595 
596 static void
597 vl_api_ikev2_set_sa_lifetime_t_handler (vl_api_ikev2_set_sa_lifetime_t * mp)
598 {
599  vl_api_ikev2_set_sa_lifetime_reply_t *rmp;
600  int rv = 0;
601 
602 #if WITH_LIBSSL > 0
603  vlib_main_t *vm = vlib_get_main ();
604  clib_error_t *error;
605 
606  u8 *tmp = format (0, "%s", mp->name);
607 
608  error =
609  ikev2_set_profile_sa_lifetime (vm, tmp, mp->lifetime, mp->lifetime_jitter,
610  mp->handover, mp->lifetime_maxdata);
611  vec_free (tmp);
612  if (error)
613  rv = VNET_API_ERROR_UNSPECIFIED;
614 #else
615  rv = VNET_API_ERROR_UNIMPLEMENTED;
616 #endif
617 
618  REPLY_MACRO (VL_API_IKEV2_SET_SA_LIFETIME_REPLY);
619 }
620 
621 static void
622 vl_api_ikev2_initiate_sa_init_t_handler (vl_api_ikev2_initiate_sa_init_t * mp)
623 {
624  vl_api_ikev2_initiate_sa_init_reply_t *rmp;
625  int rv = 0;
626 
627 #if WITH_LIBSSL > 0
628  vlib_main_t *vm = vlib_get_main ();
629  clib_error_t *error;
630 
631  u8 *tmp = format (0, "%s", mp->name);
632 
633  error = ikev2_initiate_sa_init (vm, tmp);
634  vec_free (tmp);
635  if (error)
636  rv = VNET_API_ERROR_UNSPECIFIED;
637 #else
638  rv = VNET_API_ERROR_UNIMPLEMENTED;
639 #endif
640 
641  REPLY_MACRO (VL_API_IKEV2_INITIATE_SA_INIT_REPLY);
642 }
643 
644 static void
645 vl_api_ikev2_initiate_del_ike_sa_t_handler (vl_api_ikev2_initiate_del_ike_sa_t
646  * mp)
647 {
648  vl_api_ikev2_initiate_del_ike_sa_reply_t *rmp;
649  int rv = 0;
650 
651 #if WITH_LIBSSL > 0
652  vlib_main_t *vm = vlib_get_main ();
653  clib_error_t *error;
654 
655  error = ikev2_initiate_delete_ike_sa (vm, mp->ispi);
656  if (error)
657  rv = VNET_API_ERROR_UNSPECIFIED;
658 #else
659  rv = VNET_API_ERROR_UNIMPLEMENTED;
660 #endif
661 
662  REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_IKE_SA_REPLY);
663 }
664 
665 static void
666  vl_api_ikev2_initiate_del_child_sa_t_handler
667  (vl_api_ikev2_initiate_del_child_sa_t * mp)
668 {
669  vl_api_ikev2_initiate_del_child_sa_reply_t *rmp;
670  int rv = 0;
671 
672 #if WITH_LIBSSL > 0
673  vlib_main_t *vm = vlib_get_main ();
674  clib_error_t *error;
675 
676  error = ikev2_initiate_delete_child_sa (vm, mp->ispi);
677  if (error)
678  rv = VNET_API_ERROR_UNSPECIFIED;
679 #else
680  rv = VNET_API_ERROR_UNIMPLEMENTED;
681 #endif
682 
683  REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_CHILD_SA_REPLY);
684 }
685 
686 static void
687  vl_api_ikev2_initiate_rekey_child_sa_t_handler
688  (vl_api_ikev2_initiate_rekey_child_sa_t * mp)
689 {
690  vl_api_ikev2_initiate_rekey_child_sa_reply_t *rmp;
691  int rv = 0;
692 
693 #if WITH_LIBSSL > 0
694  vlib_main_t *vm = vlib_get_main ();
695  clib_error_t *error;
696 
697  error = ikev2_initiate_rekey_child_sa (vm, mp->ispi);
698  if (error)
699  rv = VNET_API_ERROR_UNSPECIFIED;
700 #else
701  rv = VNET_API_ERROR_UNIMPLEMENTED;
702 #endif
703 
704  REPLY_MACRO (VL_API_IKEV2_INITIATE_REKEY_CHILD_SA_REPLY);
705 }
706 
707 /*
708  * ipsec_api_hookup
709  * Add vpe's API message handlers to the table.
710  * vlib has alread mapped shared memory and
711  * added the client registration handlers.
712  * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process()
713  */
714 #define vl_msg_name_crc_list
715 #include <vnet/vnet_all_api_h.h>
716 #undef vl_msg_name_crc_list
717 
718 static void
719 setup_message_id_table (api_main_t * am)
720 {
721 #define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id);
722  foreach_vl_msg_name_crc_ipsec;
723 #undef _
724 }
725 
726 static clib_error_t *
727 ipsec_api_hookup (vlib_main_t * vm)
728 {
729  api_main_t *am = &api_main;
730 
731 #define _(N,n) \
732  vl_msg_api_set_handlers(VL_API_##N, #n, \
733  vl_api_##n##_t_handler, \
734  vl_noop_handler, \
735  vl_api_##n##_t_endian, \
736  vl_api_##n##_t_print, \
737  sizeof(vl_api_##n##_t), 1);
738  foreach_vpe_api_msg;
739 #undef _
740 
741  /*
742  * Set up the (msg_name, crc, message-id) table
743  */
744  setup_message_id_table (am);
745 
746  return 0;
747 }
748 
749 VLIB_API_INIT_FUNCTION (ipsec_api_hookup);
750 
751 /*
752  * fd.io coding-style-patch-verification: ON
753  *
754  * Local Variables:
755  * eval: (c-set-style "gnu")
756  * End:
757  */
ip46_address_range_t::stop
ip46_address_t stop
Definition: ipsec.h:137
vl_api_ipsec_tunnel_if_add_del_t::local_ip
u8 local_ip[4]
Definition: ipsec.api:520
vl_api_ikev2_profile_set_auth_t_handler
static void vl_api_ikev2_profile_set_auth_t_handler(vl_api_ikev2_profile_set_auth_t *mp)
Definition: ipsec_api.c:429
vl_api_ipsec_sa_set_key_t_handler
static void vl_api_ipsec_sa_set_key_t_handler(vl_api_ipsec_sa_set_key_t *mp)
Definition: ipsec_api.c:334
vl_api_ikev2_set_local_key_t_handler
static void vl_api_ikev2_set_local_key_t_handler(vl_api_ikev2_set_local_key_t *mp)
Definition: ipsec_api.c:500
ipsec_main_t::spds
ipsec_spd_t * spds
Definition: ipsec.h:246
vl_api_ipsec_sad_add_del_entry_t::crypto_algorithm
u8 crypto_algorithm
Definition: ipsec.api:149
vl_api_ipsec_sad_add_del_entry_t::use_extended_sequence_number
u8 use_extended_sequence_number
Definition: ipsec.api:157
vl_api_ipsec_spd_add_del_entry_t::sa_id
u32 sa_id
Definition: ipsec.api:103
vl_api_ipsec_sad_add_del_entry_t::integrity_key_length
u8 integrity_key_length
Definition: ipsec.api:154
ikev2_set_profile_responder
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip4_address_t ip4)
Definition: ikev2.c:2796
vl_api_ikev2_initiate_del_ike_sa_t::ispi
u64 ispi
Definition: ipsec.api:406
port_range_t::stop
u16 stop
Definition: ipsec.h:142
ipsec_add_del_policy
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
Definition: ipsec.c:152
vl_api_ipsec_spd_details_t::remote_start_addr
u8 remote_start_addr[16]
Definition: ipsec.api:482
ipsec_sa_t::tunnel_src_addr
ip46_address_t tunnel_src_addr
Definition: ipsec.h:119
vl_api_ikev2_set_esp_transforms_t::crypto_alg
u32 crypto_alg
Definition: ipsec.api:350
vl_api_ikev2_profile_set_id_t::data
u8 data[0]
Definition: ipsec.api:249
vl_api_ikev2_profile_set_auth_t::data_len
u32 data_len
Definition: ipsec.api:226
vl_api_ikev2_set_sa_lifetime_t
IKEv2: Set Child SA lifetime, limited by time and/or data.
Definition: ipsec.api:367
vl_api_ipsec_tunnel_if_add_del_t::crypto_alg
u8 crypto_alg
Definition: ipsec.api:524
vl_api_ikev2_set_ike_transforms_t::integ_alg
u32 integ_alg
Definition: ipsec.api:329
ipsec_sa_t::id
u32 id
Definition: ipsec.h:102
ikev2_add_del_profile
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
Definition: ikev2.c:2655
vl_api_ikev2_initiate_rekey_child_sa_t_handler
static void vl_api_ikev2_initiate_rekey_child_sa_t_handler(vl_api_ikev2_initiate_rekey_child_sa_t *mp)
Definition: ipsec_api.c:688
vl_api_ikev2_profile_add_del_t::name
u8 name[64]
Definition: ipsec.api:204
vl_api_ikev2_profile_set_ts_t::end_addr
u32 end_addr
Definition: ipsec.api:275
vl_api_ipsec_sad_add_del_entry_t::tunnel_dst_address
u8 tunnel_dst_address[16]
Definition: ipsec.api:162
vl_api_ikev2_set_responder_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:306
vl_api_ipsec_tunnel_if_add_del_t::anti_replay
u8 anti_replay
Definition: ipsec.api:519
vl_api_ikev2_profile_add_del_t
IKEv2: Add/delete profile.
Definition: ipsec.api:199
vl_api_ikev2_profile_set_auth_t::name
u8 name[64]
Definition: ipsec.api:223
vl_api_ipsec_spd_add_del_entry_t::local_port_start
u16 local_port_start
Definition: ipsec.api:98
VLIB_API_INIT_FUNCTION
VLIB_API_INIT_FUNCTION(ipsec_api_hookup)
ipsec_policy_t::priority
i32 priority
Definition: ipsec.h:186
vl_api_ipsec_sa_set_key_t
IPsec: Update Security Association keys.
Definition: ipsec.api:178
ipsec_set_interface_spd
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
Definition: ipsec.c:39
ikev2_initiate_delete_ike_sa
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
Definition: ikev2.c:3110
vl_api_ipsec_spd_add_del_entry_t::is_add
u8 is_add
Definition: ipsec.api:80
REPLY_MACRO2
#define REPLY_MACRO2(t, body)
Definition: api_helper_macros.h:46
vl_api_ipsec_spd_details_t::is_outbound
u8 is_outbound
Definition: ipsec.api:476
ipsec_sa_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:110
vl_api_ikev2_profile_set_auth_t::is_hex
u8 is_hex
Definition: ipsec.api:225
vl_api_ipsec_spd_add_del_entry_t
IPsec: Add/delete Security Policy Database entry.
Definition: ipsec.api:76
vl_api_ipsec_spd_details_t::local_stop_addr
u8 local_stop_addr[16]
Definition: ipsec.api:479
vl_api_ipsec_tunnel_if_add_del_t::integ_alg
u8 integ_alg
Definition: ipsec.api:529
ipsec_add_del_tunnel_args_t::remote_integ_key
u8 remote_integ_key[128]
Definition: ipsec.h:162
vl_api_ipsec_spd_details_t::local_stop_port
u16 local_stop_port
Definition: ipsec.api:481
ipsec_add_del_tunnel_args_t::remote_crypto_key
u8 remote_crypto_key[128]
Definition: ipsec.h:157
vl_api_ipsec_tunnel_if_add_del_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec.api:527
setup_message_id_table
static void setup_message_id_table(api_main_t *am)
Definition: ipsec_api.c:719
ipsec_sa_t::is_tunnel
u8 is_tunnel
Definition: ipsec.h:117
vl_api_ipsec_spd_dump_t::spd_id
u32 spd_id
Definition: ipsec.api:448
vl_api_ipsec_spd_add_del_t::is_add
u8 is_add
Definition: ipsec.api:27
vl_api_ipsec_spd_add_del_entry_t_handler
static void vl_api_ipsec_spd_add_del_entry_t_handler(vl_api_ipsec_spd_add_del_entry_t *mp)
Definition: ipsec_api.c:115
ikev2_set_profile_sa_lifetime
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
Definition: ikev2.c:2867
format
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:419
vl_api_ikev2_profile_add_del_t::is_add
u8 is_add
Definition: ipsec.api:205
vl_api_ipsec_sa_set_key_t::crypto_key_length
u8 crypto_key_length
Definition: ipsec.api:185
ipsec_spd_t
Definition: ipsec.h:206
vl_api_ipsec_spd_add_del_entry_t::policy
u8 policy
Definition: ipsec.api:102
vnet_msg_enum.h
vl_api_ikev2_set_local_key_t::key_file
u8 key_file[256]
Definition: ipsec.api:289
vl_api_ipsec_spd_add_del_entry_t::remote_port_stop
u16 remote_port_stop
Definition: ipsec.api:97
vl_api_ipsec_sad_add_del_entry_t::crypto_key
u8 crypto_key[128]
Definition: ipsec.api:151
vl_api_ipsec_tunnel_if_add_del_t::remote_spi
u32 remote_spi
Definition: ipsec.api:523
vl_api_ipsec_tunnel_if_add_del_reply_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:544
vl_api_ikev2_set_esp_transforms_t::crypto_key_size
u32 crypto_key_size
Definition: ipsec.api:351
foreach_vpe_api_msg
#define foreach_vpe_api_msg
Definition: ipsec_api.c:50
ipsec_sa_t::crypto_key
u8 crypto_key[128]
Definition: ipsec.h:108
ipsec_add_del_spd
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
Definition: ipsec.c:86
clib_error_t::what
u8 * what
Definition: clib_error.h:24
vl_api_ipsec_spd_add_del_entry_t::protocol
u8 protocol
Definition: ipsec.api:94
ipsec_sa_t::spi
u32 spi
Definition: ipsec.h:103
ipsec_policy_t::lport
port_range_t lport
Definition: ipsec.h:194
ipsec_policy_t::sa_id
u32 sa_id
Definition: ipsec.h:199
vl_api_ipsec_interface_add_del_spd_t_handler
static void vl_api_ipsec_interface_add_del_spd_t_handler(vl_api_ipsec_interface_add_del_spd_t *mp)
Definition: ipsec_api.c:90
vl_api_ikev2_initiate_del_child_sa_t::ispi
u32 ispi
Definition: ipsec.api:421
vl_api_ikev2_set_ike_transforms_t
IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
Definition: ipsec.api:321
vl_api_ipsec_spd_add_del_entry_t::spd_id
u32 spd_id
Definition: ipsec.api:82
vl_api_ipsec_spd_add_del_entry_t::local_address_start
u8 local_address_start[16]
Definition: ipsec.api:91
vl_api_ipsec_spd_details_t::protocol
u8 protocol
Definition: ipsec.api:486
ipsec_sa_t::integ_key
u8 integ_key[128]
Definition: ipsec.h:112
ipsec_add_del_tunnel_args_t::remote_spi
u32 remote_spi
Definition: ipsec.h:152
vl_api_ipsec_sad_add_del_entry_t::is_tunnel
u8 is_tunnel
Definition: ipsec.api:159
pool_foreach
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
Definition: pool.h:376
vl_api_ipsec_tunnel_if_add_del_t::is_add
u8 is_add
Definition: ipsec.api:517
vl_api_ipsec_sad_add_del_entry_t::crypto_key_length
u8 crypto_key_length
Definition: ipsec.api:150
ipsec_add_del_tunnel_args_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec.h:161
vl_api_ipsec_sad_add_del_entry_t::sad_id
u32 sad_id
Definition: ipsec.api:143
ipsec_add_del_tunnel_args_t::local_spi
u32 local_spi
Definition: ipsec.h:151
ikev2_initiate_sa_init
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:2890
vl_api_ikev2_set_esp_transforms_t::name
u8 name[64]
Definition: ipsec.api:349
ipsec_main
ipsec_main_t ipsec_main
Definition: ipsec.h:282
vec_new
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:310
ikev2_set_profile_auth
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
Definition: ikev2.c:2686
vl_api_ipsec_tunnel_if_add_del_t_handler
static void vl_api_ipsec_tunnel_if_add_del_t_handler(vl_api_ipsec_tunnel_if_add_del_t *mp)
Definition: ipsec_api.c:356
vl_api_ikev2_set_responder_t_handler
static void vl_api_ikev2_set_responder_t_handler(vl_api_ikev2_set_responder_t *mp)
Definition: ipsec_api.c:520
ipsec_sa_t::use_esn
u8 use_esn
Definition: ipsec.h:114
ipsec_add_del_tunnel_args_t::remote_ip
ip4_address_t remote_ip
Definition: ipsec.h:150
vl_api_ipsec_spd_dump_t_handler
static void vl_api_ipsec_spd_dump_t_handler(vl_api_ipsec_spd_dump_t *mp)
Definition: ipsec_api.c:300
port_range_t::start
u16 start
Definition: ipsec.h:142
api_errno.h
vl_api_ipsec_interface_add_del_spd_t::is_add
u8 is_add
Definition: ipsec.api:46
vl_api_ikev2_profile_set_ts_t_handler
static void vl_api_ikev2_profile_set_ts_t_handler(vl_api_ikev2_profile_set_ts_t *mp)
Definition: ipsec_api.c:477
ipsec_main_t::cb
ipsec_main_callbacks_t cb
Definition: ipsec.h:279
vl_api_ikev2_initiate_del_child_sa_t
IKEv2: Initiate the delete Child SA exchange.
Definition: ipsec.api:416
ikev2_set_profile_esp_transforms
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:2842
vl_api_ipsec_sa_set_key_t::crypto_key
u8 crypto_key[128]
Definition: ipsec.api:186
vl_api_ikev2_profile_set_id_t
IKEv2: Set IKEv2 profile local/remote identification.
Definition: ipsec.api:240
vl_api_ikev2_profile_set_ts_t
IKEv2: Set IKEv2 profile traffic selector parameters.
Definition: ipsec.api:264
vl_api_ikev2_initiate_del_child_sa_t_handler
static void vl_api_ikev2_initiate_del_child_sa_t_handler(vl_api_ikev2_initiate_del_child_sa_t *mp)
Definition: ipsec_api.c:667
format_ipsec_crypto_alg
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:58
vl_api_ipsec_spd_details_t::sa_id
u32 sa_id
Definition: ipsec.api:488
ipsec_main_t
Definition: ipsec.h:243
ipsec_spd_t::policies
ipsec_policy_t * policies
Definition: ipsec.h:210
vl_api_ipsec_spd_add_del_entry_t::priority
i32 priority
Definition: ipsec.api:83
vl_msg_api_alloc
void * vl_msg_api_alloc(int nbytes)
Definition: memory_shared.c:180
vl_api_ipsec_spd_details_t::priority
i32 priority
Definition: ipsec.api:475
vl_api_ipsec_spd_add_del_t_handler
static void vl_api_ipsec_spd_add_del_t_handler(vl_api_ipsec_spd_add_del_t *mp)
Definition: ipsec_api.c:73
vl_api_ipsec_spd_add_del_entry_t::local_address_stop
u8 local_address_stop[16]
Definition: ipsec.api:92
ip4_address_t
Definition: ip4_packet.h:49
api_helper_macros.h
vl_api_ipsec_spd_details_t::spd_id
u32 spd_id
Definition: ipsec.api:474
hash_get
#define hash_get(h, key)
Definition: hash.h:248
ikev2_set_profile_id
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
Definition: ikev2.c:2718
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:397
ipsec_policy_t::protocol
u8 protocol
Definition: ipsec.h:193
vl_api_ipsec_tunnel_if_add_del_t::remote_crypto_key
u8 remote_crypto_key[128]
Definition: ipsec.api:528
vlib_counter_t::packets
counter_t packets
packet counter
Definition: counter.h:141
vl_api_ipsec_tunnel_if_add_del_reply_t
Add/delete IPsec tunnel interface response.
Definition: ipsec.api:541
ipsec_sa_t::is_tunnel_ip6
u8 is_tunnel_ip6
Definition: ipsec.h:118
vl_api_ikev2_initiate_rekey_child_sa_t
IKEv2: Initiate the rekey Child SA exchange.
Definition: ipsec.api:431
vl_api_ipsec_tunnel_if_add_del_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec.api:532
vl_api_ikev2_profile_set_ts_t::proto
u8 proto
Definition: ipsec.api:271
vl_api_ikev2_initiate_sa_init_t::name
u8 name[64]
Definition: ipsec.api:391
ipsec_main_callbacks_t::check_support_cb
clib_error_t *(* check_support_cb)(ipsec_sa_t *sa)
Definition: ipsec.h:240
vl_api_ipsec_spd_add_del_t
IPsec: Add/delete Security Policy Database.
Definition: ipsec.api:23
ipsec_main_t::vnet_main
vnet_main_t * vnet_main
Definition: ipsec.h:259
vl_api_ipsec_tunnel_if_add_del_t::local_integ_key
u8 local_integ_key[128]
Definition: ipsec.api:531
ipsec_add_del_tunnel_args_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec.h:154
ipsec_policy_t
Definition: ipsec.h:183
ikev2_initiate_delete_child_sa
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:3070
vl_api_ikev2_initiate_sa_init_t_handler
static void vl_api_ikev2_initiate_sa_init_t_handler(vl_api_ikev2_initiate_sa_init_t *mp)
Definition: ipsec_api.c:622
vl_api_ipsec_spd_details_t::remote_stop_port
u16 remote_stop_port
Definition: ipsec.api:485
REPLY_MACRO
#define REPLY_MACRO(t)
Definition: api_helper_macros.h:30
vl_api_ikev2_set_sa_lifetime_t_handler
static void vl_api_ikev2_set_sa_lifetime_t_handler(vl_api_ikev2_set_sa_lifetime_t *mp)
Definition: ipsec_api.c:597
ipsec_sa_t
Definition: ipsec.h:100
vl_api_ipsec_interface_add_del_spd_t::spd_id
u32 spd_id
Definition: ipsec.api:48
vl_api_ikev2_profile_set_id_t::name
u8 name[64]
Definition: ipsec.api:245
ipsec_policy_t::laddr
ip46_address_range_t laddr
Definition: ipsec.h:191
vl_api_ipsec_sad_add_del_entry_t::is_add
u8 is_add
Definition: ipsec.api:141
ipsec_add_del_tunnel_args_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec.h:159
vl_api_ipsec_spd_add_del_entry_t::local_port_stop
u16 local_port_stop
Definition: ipsec.api:99
vl_api_ikev2_set_ike_transforms_t::name
u8 name[64]
Definition: ipsec.api:326
vl_api_ikev2_set_ike_transforms_t_handler
static void vl_api_ikev2_set_ike_transforms_t_handler(vl_api_ikev2_set_ike_transforms_t *mp)
Definition: ipsec_api.c:545
vl_api_ipsec_spd_details_t::remote_stop_addr
u8 remote_stop_addr[16]
Definition: ipsec.api:483
ipsec_main_t::spd_index_by_spd_id
uword * spd_index_by_spd_id
Definition: ipsec.h:265
vl_api_ipsec_spd_details_t::policy
u8 policy
Definition: ipsec.api:487
ikev2_set_local_key
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
Definition: ikev2.c:2643
ikev2_set_profile_ts
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip4_address_t start_addr, ip4_address_t end_addr, int is_local)
Definition: ikev2.c:2757
api_main_t
Definition: api_common.h:168
ipsec_sa_t::tunnel_dst_addr
ip46_address_t tunnel_dst_addr
Definition: ipsec.h:120
vl_api_ikev2_profile_set_ts_t::start_port
u16 start_port
Definition: ipsec.api:272
vl_api_ipsec_tunnel_if_add_del_t::remote_integ_key
u8 remote_integ_key[128]
Definition: ipsec.api:533
vl_api_ikev2_set_sa_lifetime_t::handover
u32 handover
Definition: ipsec.api:375
BAD_SW_IF_INDEX_LABEL
#define BAD_SW_IF_INDEX_LABEL
Definition: api_helper_macros.h:124
vl_api_ipsec_interface_add_del_spd_t
IPsec: Add/delete SPD from interface.
Definition: ipsec.api:41
vl_api_ikev2_profile_set_auth_t::data
u8 data[0]
Definition: ipsec.api:227
vl_api_ikev2_set_esp_transforms_t::integ_alg
u32 integ_alg
Definition: ipsec.api:352
ikev2_initiate_rekey_child_sa
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:3220
ipsec_add_del_tunnel_args_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:153
api_main
api_main_t api_main
Definition: api_shared.c:35
vl_api_ipsec_spd_add_del_entry_t::remote_port_start
u16 remote_port_start
Definition: ipsec.api:96
vl_api_ikev2_set_esp_transforms_t_handler
static void vl_api_ikev2_set_esp_transforms_t_handler(vl_api_ikev2_set_esp_transforms_t *mp)
Definition: ipsec_api.c:571
vl_api_ipsec_tunnel_if_add_del_t::esn
u8 esn
Definition: ipsec.api:518
vl_api_ikev2_set_responder_t::name
u8 name[64]
Definition: ipsec.api:305
ipsec_add_del_tunnel_args_t
Definition: ipsec.h:145
ipsec_add_del_tunnel_args_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec.h:156
vl_api_ikev2_profile_set_id_t::id_type
u8 id_type
Definition: ipsec.api:247
vl_api_ipsec_tunnel_if_add_del_t::remote_ip
u8 remote_ip[4]
Definition: ipsec.api:521
vl_api_ipsec_spd_add_del_entry_t::remote_address_stop
u8 remote_address_stop[16]
Definition: ipsec.api:90
ipsec_add_del_sa
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
Definition: ipsec.c:411
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:340
vl_api_ipsec_sad_add_del_entry_t
IPsec: Add/delete Security Association Database entry.
Definition: ipsec.api:137
vl_api_ikev2_set_ike_transforms_t::crypto_alg
u32 crypto_alg
Definition: ipsec.api:327
vl_api_ipsec_spd_details_t::local_start_port
u16 local_start_port
Definition: ipsec.api:480
ip46_address_range_t::start
ip46_address_t start
Definition: ipsec.h:137
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
vl_api_ikev2_set_sa_lifetime_t::name
u8 name[64]
Definition: ipsec.api:372
vl_api_ipsec_tunnel_if_add_del_t::local_spi
u32 local_spi
Definition: ipsec.api:522
clib_memcpy
#define clib_memcpy(a, b, c)
Definition: string.h:69
vl_api_client_index_to_input_queue
unix_shared_memory_queue_t * vl_api_client_index_to_input_queue(u32 index)
Definition: memory_shared.c:625
vl_api_ipsec_spd_add_del_entry_t::remote_address_start
u8 remote_address_start[16]
Definition: ipsec.api:89
ipsec_set_sa_key
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
Definition: ipsec.c:455
vl_api_ipsec_sad_add_del_entry_t::tunnel_src_address
u8 tunnel_src_address[16]
Definition: ipsec.api:161
vl_api_ikev2_initiate_sa_init_t
IKEv2: Initiate the SA_INIT exchange.
Definition: ipsec.api:386
vl_api_ipsec_sad_add_del_entry_t_handler
static void vl_api_ipsec_sad_add_del_entry_t_handler(vl_api_ipsec_sad_add_del_entry_t *mp)
Definition: ipsec_api.c:179
vl_api_ipsec_spd_add_del_t::spd_id
u32 spd_id
Definition: ipsec.api:28
vl_api_ikev2_set_ike_transforms_t::dh_group
u32 dh_group
Definition: ipsec.api:330
vl_api_ipsec_spd_details_t::packets
u64 packets
Definition: ipsec.api:490
ipsec_policy_t::rport
port_range_t rport
Definition: ipsec.h:195
vl_api_ipsec_spd_dump_t::client_index
u32 client_index
Definition: ipsec.api:446
ipsec_policy_t::raddr
ip46_address_range_t raddr
Definition: ipsec.h:192
vnet_main_t
Definition: vnet.h:51
vl_api_ikev2_profile_set_auth_t::auth_method
u8 auth_method
Definition: ipsec.api:224
vl_msg_api_send_shmem
void vl_msg_api_send_shmem(unix_shared_memory_queue_t *q, u8 *elem)
Definition: memory_shared.c:553
ipsec_add_del_tunnel_args_t::local_crypto_key
u8 local_crypto_key[128]
Definition: ipsec.h:155
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
u32
unsigned int u32
Definition: types.h:88
vl_api_ipsec_tunnel_if_add_del_t::local_crypto_key
u8 local_crypto_key[128]
Definition: ipsec.api:526
vl_api_ikev2_set_responder_t
IKEv2: Set IKEv2 responder interface and IP address.
Definition: ipsec.api:300
vl_api_ipsec_sad_add_del_entry_t::spi
u32 spi
Definition: ipsec.api:145
ipsec_add_del_tunnel_args_t::integ_alg
ipsec_integ_alg_t integ_alg
Definition: ipsec.h:158
ipsec_add_del_tunnel_args_t::local_ip
ip4_address_t local_ip
Definition: ipsec.h:150
ipsec_add_del_tunnel_args_t::esn
u8 esn
Definition: ipsec.h:148
vl_api_ikev2_initiate_del_ike_sa_t
IKEv2: Initiate the delete IKE SA exchange.
Definition: ipsec.api:401
ipsec_policy_t::is_ipv6
u8 is_ipv6
Definition: ipsec.h:190
vl_api_ikev2_set_sa_lifetime_t::lifetime
u64 lifetime
Definition: ipsec.api:373
vl_api_ikev2_profile_set_ts_t::name
u8 name[64]
Definition: ipsec.api:269
vl_api_ikev2_profile_set_auth_t
IKEv2: Set IKEv2 profile authentication method.
Definition: ipsec.api:218
ipsec_sa_t::integ_key_len
u8 integ_key_len
Definition: ipsec.h:111
vl_api_ipsec_spd_dump_t
Dump ipsec policy database data.
Definition: ipsec.api:445
vl_api_ikev2_profile_set_ts_t::end_port
u16 end_port
Definition: ipsec.api:273
ipsec_sa_t::protocol
ipsec_protocol_t protocol
Definition: ipsec.h:104
vl_api_ikev2_profile_set_id_t::data_len
u32 data_len
Definition: ipsec.api:248
vl_api_ipsec_sa_set_key_t::sa_id
u32 sa_id
Definition: ipsec.api:183
vl_api_ikev2_profile_set_ts_t::is_local
u8 is_local
Definition: ipsec.api:270
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
uword
u64 uword
Definition: types.h:112
vl_api_ipsec_spd_details_t
IPsec policy database response.
Definition: ipsec.api:472
clib_error_t
Definition: clib_error.h:21
format_ipsec_integ_alg
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:90
ipsec_sa_t::crypto_key_len
u8 crypto_key_len
Definition: ipsec.h:107
vl_api_ipsec_tunnel_if_add_del_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec.api:530
vlib_counter_t::bytes
counter_t bytes
byte counter
Definition: counter.h:142
vl_api_ikev2_profile_set_id_t_handler
static void vl_api_ikev2_profile_set_id_t_handler(vl_api_ikev2_profile_set_id_t *mp)
Definition: ipsec_api.c:453
vl_api_ikev2_set_sa_lifetime_t::lifetime_maxdata
u64 lifetime_maxdata
Definition: ipsec.api:376
ipsec_add_del_tunnel_if_internal
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index)
Definition: ipsec_if.c:113
vl_api_ipsec_spd_details_t::is_ipv6
u8 is_ipv6
Definition: ipsec.api:477
vl_api_ipsec_spd_details_t::remote_start_port
u16 remote_start_port
Definition: ipsec.api:484
vnet_all_api_h.h
vl_api_ikev2_set_local_key_t
IKEv2: Set IKEv2 local RSA private key.
Definition: ipsec.api:284
vl_api_ipsec_tunnel_if_add_del_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec.api:525
u8
unsigned char u8
Definition: types.h:56
vl_api_ipsec_spd_details_t::context
u32 context
Definition: ipsec.api:473
send_ipsec_spd_details
static void send_ipsec_spd_details(ipsec_policy_t *p, unix_shared_memory_queue_t *q, u32 context)
Definition: ipsec_api.c:258
vl_api_ikev2_profile_set_id_t::is_local
u8 is_local
Definition: ipsec.api:246
ipsec_policy_t::counter
vlib_counter_t counter
Definition: ipsec.h:203
ipsec_policy_t::is_outbound
u8 is_outbound
Definition: ipsec.h:187
vl_api_ipsec_sa_set_key_t::integrity_key_length
u8 integrity_key_length
Definition: ipsec.api:188
vl_api_ipsec_sad_add_del_entry_t::integrity_algorithm
u8 integrity_algorithm
Definition: ipsec.api:153
vl_api_ipsec_spd_details_t::bytes
u64 bytes
Definition: ipsec.api:489
vl_api_ipsec_sad_add_del_entry_t::integrity_key
u8 integrity_key[128]
Definition: ipsec.api:155
vl_api_ipsec_sad_add_del_entry_t::is_tunnel_ipv6
u8 is_tunnel_ipv6
Definition: ipsec.api:160
vlib_main_t
Definition: main.h:59
ikev2_set_profile_ike_transforms
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:2817
vl_api_ikev2_set_esp_transforms_t
IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
Definition: ipsec.api:344
ipsec_policy_t::id
u32 id
Definition: ipsec.h:185
vl_api_ipsec_sa_set_key_t::integrity_key
u8 integrity_key[128]
Definition: ipsec.api:189
vl_api_ikev2_profile_add_del_t_handler
static void vl_api_ikev2_profile_add_del_t_handler(vl_api_ikev2_profile_add_del_t *mp)
Definition: ipsec_api.c:407
ipsec_add_del_tunnel_args_t::is_add
u8 is_add
Definition: ipsec.h:147
ipsec_sa_t::crypto_alg
ipsec_crypto_alg_t crypto_alg
Definition: ipsec.h:106
vl_api_ikev2_initiate_del_ike_sa_t_handler
static void vl_api_ikev2_initiate_del_ike_sa_t_handler(vl_api_ikev2_initiate_del_ike_sa_t *mp)
Definition: ipsec_api.c:645
ipsec_api_hookup
static clib_error_t * ipsec_api_hookup(vlib_main_t *vm)
Definition: ipsec_api.c:727
ipsec_policy_t::policy
u8 policy
Definition: ipsec.h:198
vl_api_ikev2_initiate_rekey_child_sa_t::ispi
u32 ispi
Definition: ipsec.api:436
vl_api_ipsec_spd_add_del_entry_t::is_outbound
u8 is_outbound
Definition: ipsec.api:84
vl_api_ipsec_spd_add_del_entry_t::is_ipv6
u8 is_ipv6
Definition: ipsec.api:87
vl_api_ikev2_profile_set_ts_t::start_addr
u32 start_addr
Definition: ipsec.api:274
vl_api_ikev2_set_responder_t::address
u8 address[4]
Definition: ipsec.api:307
ipsec_add_del_tunnel_args_t::anti_replay
u8 anti_replay
Definition: ipsec.h:149
vl_api_ipsec_spd_details_t::local_start_addr
u8 local_start_addr[16]
Definition: ipsec.api:478
vl_api_ipsec_tunnel_if_add_del_t
Add or delete IPsec tunnel interface.
Definition: ipsec.api:514
vl_api_ipsec_interface_add_del_spd_t::sw_if_index
u32 sw_if_index
Definition: ipsec.api:47
vl_api_ikev2_set_ike_transforms_t::crypto_key_size
u32 crypto_key_size
Definition: ipsec.api:328
ipsec_add_del_tunnel_args_t::local_integ_key
u8 local_integ_key[128]
Definition: ipsec.h:160
VALIDATE_SW_IF_INDEX
#define VALIDATE_SW_IF_INDEX(mp)
Definition: api_helper_macros.h:116
vl_api_ipsec_sad_add_del_entry_t::protocol
u8 protocol
Definition: ipsec.api:147
unix_shared_memory_queue_t
struct _unix_shared_memory_queue unix_shared_memory_queue_t
vl_api_ipsec_spd_add_del_entry_t::is_ip_any
u8 is_ip_any
Definition: ipsec.api:88
vl_api_ikev2_set_sa_lifetime_t::lifetime_jitter
u32 lifetime_jitter
Definition: ipsec.api:374
vl_api_ikev2_set_esp_transforms_t::dh_group
u32 dh_group
Definition: ipsec.api:353