44 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) 51 #define foreach_vpe_api_msg \ 52 _(IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \ 53 _(IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \ 54 _(IPSEC_SPD_ADD_DEL_ENTRY, ipsec_spd_add_del_entry) \ 55 _(IPSEC_SAD_ADD_DEL_ENTRY, ipsec_sad_add_del_entry) \ 56 _(IPSEC_SA_SET_KEY, ipsec_sa_set_key) \ 57 _(IPSEC_SA_DUMP, ipsec_sa_dump) \ 58 _(IPSEC_SPDS_DUMP, ipsec_spds_dump) \ 59 _(IPSEC_SPD_DUMP, ipsec_spd_dump) \ 60 _(IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump) \ 61 _(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del) \ 62 _(IPSEC_TUNNEL_IF_SET_KEY, ipsec_tunnel_if_set_key) \ 63 _(IPSEC_TUNNEL_IF_SET_SA, ipsec_tunnel_if_set_sa) \ 64 _(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del) \ 65 _(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth) \ 66 _(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id) \ 67 _(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts) \ 68 _(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key) \ 69 _(IKEV2_SET_RESPONDER, ikev2_set_responder) \ 70 _(IKEV2_SET_IKE_TRANSFORMS, ikev2_set_ike_transforms) \ 71 _(IKEV2_SET_ESP_TRANSFORMS, ikev2_set_esp_transforms) \ 72 _(IKEV2_SET_SA_LIFETIME, ikev2_set_sa_lifetime) \ 73 _(IKEV2_INITIATE_SA_INIT, ikev2_initiate_sa_init) \ 74 _(IKEV2_INITIATE_DEL_IKE_SA, ikev2_initiate_del_ike_sa) \ 75 _(IKEV2_INITIATE_DEL_CHILD_SA, ikev2_initiate_del_child_sa) \ 76 _(IKEV2_INITIATE_REKEY_CHILD_SA, ikev2_initiate_rekey_child_sa) \ 77 _(IPSEC_SELECT_BACKEND, ipsec_select_backend) \ 78 _(IPSEC_BACKEND_DUMP, ipsec_backend_dump) 88 vl_api_ipsec_spd_add_del_reply_t *rmp;
101 vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
104 u32 spd_id __attribute__ ((unused));
107 spd_id = ntohl (mp->
spd_id);
114 rv = VNET_API_ERROR_UNIMPLEMENTED;
119 REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
126 vl_api_ipsec_spd_add_del_entry_reply_t *rmp;
159 if (mp->
policy == IPSEC_POLICY_ACTION_RESOLVE)
162 rv = VNET_API_ERROR_UNIMPLEMENTED;
178 rv = VNET_API_ERROR_UNIMPLEMENTED;
183 REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_ENTRY_REPLY);
190 vl_api_ipsec_sad_add_del_entry_reply_t *rmp;
206 rv = VNET_API_ERROR_UNIMPLEMENTED;
217 rv = VNET_API_ERROR_UNIMPLEMENTED;
244 rv = VNET_API_ERROR_UNIMPLEMENTED;
250 rv = VNET_API_ERROR_UNIMPLEMENTED;
255 REPLY_MACRO (VL_API_IPSEC_SAD_ADD_DEL_ENTRY_REPLY);
266 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPDS_DETAILS);
288 send_ipsec_spds_details (spd, reg, mp->context);
304 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
362 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
363 send_ipsec_spd_details (policy, reg,
380 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_INTERFACE_DETAILS);
408 send_ipsec_spd_interface_details(reg, v, k, mp->context);
416 send_ipsec_spd_interface_details(reg, v, k, mp->context);
430 vl_api_ipsec_sa_set_key_reply_t *rmp;
442 rv = VNET_API_ERROR_UNIMPLEMENTED;
492 rv = VNET_API_ERROR_UNIMPLEMENTED;
510 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS);
516 mp->
spi = htonl (sa->
spi);
547 mp->
salt = clib_host_to_net_u32 (sa->
salt);
578 u32 *sa_index_to_tun_if_index = 0;
591 vnet_hw_interface_t *hi;
592 u32 sw_if_index = ~0;
594 hi = vnet_get_hw_interface (vnm, t->hw_if_index);
595 sw_if_index = hi->sw_if_index;
596 sa_index_to_tun_if_index[t->input_sa_index] = sw_if_index;
597 sa_index_to_tun_if_index[t->output_sa_index] = sw_if_index;
602 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == sa->id)
603 send_ipsec_sa_details (sa, reg, mp->context,
604 sa_index_to_tun_if_index[sa - im->sad]);
608 vec_free (sa_index_to_tun_if_index);
619 vl_api_ipsec_tunnel_if_set_key_reply_t *rmp;
633 if (mp->
alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
636 rv = VNET_API_ERROR_UNIMPLEMENTED;
644 rv = VNET_API_ERROR_UNIMPLEMENTED;
650 rv = VNET_API_ERROR_UNIMPLEMENTED;
666 REPLY_MACRO (VL_API_IPSEC_TUNNEL_IF_SET_KEY_REPLY);
673 vl_api_ipsec_tunnel_if_set_sa_reply_t *rmp;
695 vl_api_ikev2_profile_add_del_reply_t *rmp;
705 rv = VNET_API_ERROR_UNSPECIFIED;
707 rv = VNET_API_ERROR_UNIMPLEMENTED;
717 vl_api_ikev2_profile_set_auth_reply_t *rmp;
723 int data_len = ntohl (mp->
data_len);
731 rv = VNET_API_ERROR_UNSPECIFIED;
733 rv = VNET_API_ERROR_UNIMPLEMENTED;
742 vl_api_ikev2_profile_add_del_reply_t *rmp;
749 int data_len = ntohl (mp->
data_len);
756 rv = VNET_API_ERROR_UNSPECIFIED;
758 rv = VNET_API_ERROR_UNIMPLEMENTED;
767 vl_api_ikev2_profile_set_ts_reply_t *rmp;
779 rv = VNET_API_ERROR_UNSPECIFIED;
781 rv = VNET_API_ERROR_UNIMPLEMENTED;
790 vl_api_ikev2_profile_set_ts_reply_t *rmp;
799 rv = VNET_API_ERROR_UNSPECIFIED;
801 rv = VNET_API_ERROR_UNIMPLEMENTED;
810 vl_api_ikev2_set_responder_reply_t *rmp;
824 rv = VNET_API_ERROR_UNSPECIFIED;
826 rv = VNET_API_ERROR_UNIMPLEMENTED;
836 vl_api_ikev2_set_ike_transforms_reply_t *rmp;
850 rv = VNET_API_ERROR_UNSPECIFIED;
852 rv = VNET_API_ERROR_UNIMPLEMENTED;
855 REPLY_MACRO (VL_API_IKEV2_SET_IKE_TRANSFORMS_REPLY);
862 vl_api_ikev2_set_esp_transforms_reply_t *rmp;
876 rv = VNET_API_ERROR_UNSPECIFIED;
878 rv = VNET_API_ERROR_UNIMPLEMENTED;
881 REPLY_MACRO (VL_API_IKEV2_SET_ESP_TRANSFORMS_REPLY);
887 vl_api_ikev2_set_sa_lifetime_reply_t *rmp;
901 rv = VNET_API_ERROR_UNSPECIFIED;
903 rv = VNET_API_ERROR_UNIMPLEMENTED;
912 vl_api_ikev2_initiate_sa_init_reply_t *rmp;
924 rv = VNET_API_ERROR_UNSPECIFIED;
926 rv = VNET_API_ERROR_UNIMPLEMENTED;
936 vl_api_ikev2_initiate_del_ike_sa_reply_t *rmp;
945 rv = VNET_API_ERROR_UNSPECIFIED;
947 rv = VNET_API_ERROR_UNIMPLEMENTED;
950 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_IKE_SA_REPLY);
957 vl_api_ikev2_initiate_del_child_sa_reply_t *rmp;
966 rv = VNET_API_ERROR_UNSPECIFIED;
968 rv = VNET_API_ERROR_UNIMPLEMENTED;
971 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_CHILD_SA_REPLY);
978 vl_api_ikev2_initiate_rekey_child_sa_reply_t *rmp;
987 rv = VNET_API_ERROR_UNSPECIFIED;
989 rv = VNET_API_ERROR_UNIMPLEMENTED;
992 REPLY_MACRO (VL_API_IKEV2_INITIATE_REKEY_CHILD_SA_REPLY);
1002 #define vl_msg_name_crc_list 1004 #undef vl_msg_name_crc_list 1009 #define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id); 1010 foreach_vl_msg_name_crc_ipsec;
1033 vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
1034 clib_memset (mp, 0, sizeof (*mp));
1035 mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS);
1036 mp->context = context;
1037 snprintf ((char *)mp->name, sizeof (mp->name),
"%.*s", vec_len (ab->name),
1039 mp->protocol = IPSEC_PROTOCOL_AH;
1040 mp->index = ab - im->ah_backends;
1041 mp->active = mp->index == im->ah_current_backend ? 1 : 0;
1042 vl_api_send_msg (rp, (u8 *)mp);
1045 vl_api_ipsec_backend_details_t *mp = vl_msg_api_alloc (sizeof (*mp));
1046 clib_memset (mp, 0, sizeof (*mp));
1047 mp->_vl_msg_id = ntohs (VL_API_IPSEC_BACKEND_DETAILS);
1048 mp->context = context;
1049 snprintf ((char *)mp->name, sizeof (mp->name),
"%.*s", vec_len (eb->name),
1051 mp->protocol = IPSEC_PROTOCOL_ESP;
1052 mp->index = eb - im->esp_backends;
1053 mp->active = mp->index == im->esp_current_backend ? 1 : 0;
1054 vl_api_send_msg (rp, (u8 *)mp);
1063 vl_api_ipsec_select_backend_reply_t *rmp;
1067 rv = VNET_API_ERROR_INSTANCE_IN_USE;
1076 rv = VNET_API_ERROR_INVALID_VALUE;
1084 rv = VNET_API_ERROR_INVALID_VALUE;
1090 rv = VNET_API_ERROR_INVALID_VALUE;
1106 vl_msg_api_set_handlers(VL_API_##N, #n, \ 1107 vl_api_##n##_t_handler, \ 1109 vl_api_##n##_t_endian, \ 1110 vl_api_##n##_t_print, \ 1111 sizeof(vl_api_##n##_t), 1);
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
static void vl_api_ikev2_profile_set_auth_t_handler(vl_api_ikev2_profile_set_auth_t *mp)
static void vl_api_ipsec_sa_set_key_t_handler(vl_api_ipsec_sa_set_key_t *mp)
static void vl_api_ikev2_set_local_key_t_handler(vl_api_ikev2_set_local_key_t *mp)
int ipsec_set_interface_sa(vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
u8 use_extended_sequence_number
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip4_address_t ip4)
ipsec_tunnel_if_t * tunnel_interfaces
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
ip46_address_t tunnel_src_addr
IKEv2: Set Child SA lifetime, limited by time and/or data.
IPsec: SPD interface response.
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
static void vl_api_ikev2_initiate_rekey_child_sa_t_handler(vl_api_ikev2_initiate_rekey_child_sa_t *mp)
static void vl_api_ipsec_tunnel_if_set_key_t_handler(vl_api_ipsec_tunnel_if_set_key_t *mp)
u8 tunnel_dst_address[16]
IKEv2: Add/delete profile.
VLIB_API_INIT_FUNCTION(ipsec_api_hookup)
IPsec: Update Security Association keys.
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
#define REPLY_MACRO2(t, body)
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
ipsec_integ_alg_t integ_alg
IPsec: Add/delete Security Policy Database entry.
u8 remote_crypto_key[128]
static void setup_message_id_table(api_main_t *am)
static void vl_api_ipsec_sa_dump_t_handler(vl_api_ipsec_sa_dump_t *mp)
static vnet_sw_interface_t * vnet_get_sw_interface(vnet_main_t *vnm, u32 sw_if_index)
static void vl_api_ipsec_spd_add_del_entry_t_handler(vl_api_ipsec_spd_add_del_entry_t *mp)
int ipsec_select_ah_backend(ipsec_main_t *im, u32 backend_idx)
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
void * vl_msg_api_alloc(int nbytes)
#define foreach_vpe_api_msg
#define pool_len(p)
Number of elements in pool vector.
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
uword * spd_index_by_sw_if_index
static void vl_api_ipsec_interface_add_del_spd_t_handler(vl_api_ipsec_interface_add_del_spd_t *mp)
#define clib_memcpy(d, s, n)
u8 local_address_start[16]
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
static void vl_api_ipsec_tunnel_if_add_del_t_handler(vl_api_ipsec_tunnel_if_add_del_t *mp)
static void vl_api_ikev2_set_responder_t_handler(vl_api_ikev2_set_responder_t *mp)
Set key on IPsec interface.
static void vl_api_ipsec_backend_dump_t_handler(vl_api_ipsec_backend_dump_t *mp)
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
#define hash_foreach(key_var, value_var, h, body)
static void vl_api_ipsec_spd_dump_t_handler(vl_api_ipsec_spd_dump_t *mp)
static void vl_api_ipsec_spd_interface_dump_t_handler(vl_api_ipsec_spd_interface_dump_t *mp)
static void vl_api_ikev2_profile_set_ts_t_handler(vl_api_ikev2_profile_set_ts_t *mp)
IKEv2: Initiate the delete Child SA exchange.
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
IKEv2: Set IKEv2 profile local/remote identification.
IKEv2: Set IKEv2 profile traffic selector parameters.
static void vl_api_ikev2_initiate_del_child_sa_t_handler(vl_api_ikev2_initiate_del_child_sa_t *mp)
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
ipsec_policy_t * policies
static void vl_api_ipsec_spd_add_del_t_handler(vl_api_ipsec_spd_add_del_t *mp)
u8 local_address_stop[16]
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
u8 remote_crypto_key[128]
counter_t packets
packet counter
Dump IPsec all SPD IDs response.
Add/delete IPsec tunnel interface response.
IKEv2: Initiate the rekey Child SA exchange.
IPsec: Add/delete Security Policy Database.
clib_error_t * ipsec_check_support_cb(ipsec_main_t *im, ipsec_sa_t *sa)
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
static void vl_api_ikev2_initiate_sa_init_t_handler(vl_api_ikev2_initiate_sa_init_t *mp)
static void vl_api_ikev2_set_sa_lifetime_t_handler(vl_api_ikev2_set_sa_lifetime_t *mp)
ip46_address_range_t laddr
static void send_ipsec_sa_details(ipsec_sa_t *sa, vl_api_registration_t *reg, u32 context, u32 sw_if_index)
static void vl_api_ikev2_set_ike_transforms_t_handler(vl_api_ikev2_set_ike_transforms_t *mp)
uword * spd_index_by_spd_id
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip4_address_t start_addr, ip4_address_t end_addr, int is_local)
static void vl_api_ipsec_tunnel_if_set_sa_t_handler(vl_api_ipsec_tunnel_if_set_sa_t *mp)
API main structure, used by both vpp and binary API clients.
ip46_address_t tunnel_dst_addr
An API client registration, only in vpp/vlib.
#define BAD_SW_IF_INDEX_LABEL
IPsec: Add/delete SPD from interface.
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
ipsec_crypto_alg_t crypto_alg
static void vl_api_ikev2_set_esp_transforms_t_handler(vl_api_ikev2_set_esp_transforms_t *mp)
ipsec_ah_backend_t * ah_backends
u8 remote_address_stop[16]
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
#define vec_free(V)
Free vector's memory (no header).
IPsec: Add/delete Security Association Database entry.
#define clib_warning(format, args...)
u8 remote_address_start[16]
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
u8 tunnel_src_address[16]
Set new SA on IPsec interface.
IKEv2: Initiate the SA_INIT exchange.
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
static void vl_api_ipsec_sad_add_del_entry_t_handler(vl_api_ipsec_sad_add_del_entry_t *mp)
static void vl_api_ipsec_spds_dump_t_handler(vl_api_ipsec_spds_dump_t *mp)
static void send_ipsec_spd_interface_details(vl_api_registration_t *reg, u32 spd_index, u32 sw_if_index, u32 context)
ip46_address_range_t raddr
static void send_ipsec_spd_details(ipsec_policy_t *p, vl_api_registration_t *reg, u32 context)
Dump IPsec security association.
IKEv2: Set IKEv2 responder interface and IP address.
ipsec_integ_alg_t integ_alg
IKEv2: Initiate the delete IKE SA exchange.
u32 fib_table_get_table_id(u32 fib_index, fib_protocol_t proto)
Get the Table-ID of the FIB from protocol and index.
IKEv2: Set IKEv2 profile authentication method.
Dump ipsec policy database data.
ipsec_protocol_t protocol
static void send_ipsec_spds_details(ipsec_spd_t *spd, vl_api_registration_t *reg, u32 context)
static vlib_main_t * vlib_get_main(void)
IPsec policy database response.
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
IPsec: Get SPD interfaces.
counter_t bytes
byte counter
static void vl_api_ikev2_profile_set_id_t_handler(vl_api_ikev2_profile_set_id_t *mp)
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index)
IKEv2: Set IKEv2 local RSA private key.
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
vl_api_gbp_endpoint_tun_t tun
static void vl_api_ikev2_profile_add_del_t_handler(vl_api_ikev2_profile_add_del_t *mp)
ipsec_crypto_alg_t crypto_alg
static void vl_api_ikev2_initiate_del_ike_sa_t_handler(vl_api_ikev2_initiate_del_ike_sa_t *mp)
static clib_error_t * ipsec_api_hookup(vlib_main_t *vm)
static void vl_api_ipsec_select_backend_t_handler(vl_api_ipsec_select_backend_t *mp)
IPsec security association database response.
ipsec_esp_backend_t * esp_backends
#define vec_validate_init_empty(V, I, INIT)
Make sure vector is long enough for given index and initialize empty space (no header, unspecified alignment)
Add or delete IPsec tunnel interface.
#define VALIDATE_SW_IF_INDEX(mp)
static uword pool_elts(void *v)
Number of active elements in a pool.
1.8.13