FD.io VPP  v21.01.1
Vector Packet Processing
ikev2_cli.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include <vlib/vlib.h>
16 #include <vnet/vnet.h>
17 #include <vppinfra/error.h>
18 #include <vnet/ipsec/ipsec_sa.h>
19 #include <plugins/ikev2/ikev2.h>
20 #include <plugins/ikev2/ikev2_priv.h>
21 
22 u8 *
23 format_ikev2_id_type_and_data (u8 * s, va_list * args)
24 {
25  ikev2_id_t *id = va_arg (*args, ikev2_id_t *);
26 
27  if (id->type == 0 || vec_len (id->data) == 0)
28  return format (s, "none");
29 
30  s = format (s, "id-type %U data ", format_ikev2_id_type, id->type);
31 
32  switch (id->type)
33  {
34  case IKEV2_ID_TYPE_ID_IPV4_ADDR:
35  s = format (s, "%U", format_ip4_address, id->data);
36  break;
37  case IKEV2_ID_TYPE_ID_IPV6_ADDR:
38  s = format (s, "%U", format_ip6_address, id->data);
39  break;
40  case IKEV2_ID_TYPE_ID_FQDN: /* fallthrough */
41  case IKEV2_ID_TYPE_ID_RFC822_ADDR:
42  s = format (s, "%v", id->data);
43  break;
44  default:
45  s = format (s, "0x%U", format_hex_bytes, &id->data,
46  (uword) (vec_len (id->data)));
47  break;
48  }
49 
50  return s;
51 }
52 
53 static u8 *
54 format_ikev2_traffic_selector (u8 * s, va_list * va)
55 {
56  ikev2_ts_t *ts = va_arg (*va, ikev2_ts_t *);
57  u32 index = va_arg (*va, u32);
58 
59  s = format (s, "%u type %u protocol_id %u addr "
60  "%U - %U port %u - %u\n",
61  index, ts->ts_type, ts->protocol_id,
62  format_ip_address, &ts->start_addr,
63  format_ip_address, &ts->end_addr,
64  clib_net_to_host_u16 (ts->start_port),
65  clib_net_to_host_u16 (ts->end_port));
66  return s;
67 }
68 
69 static u8 *
70 format_ikev2_child_sa (u8 * s, va_list * va)
71 {
72  ikev2_child_sa_t *child = va_arg (*va, ikev2_child_sa_t *);
73  u32 index = va_arg (*va, u32);
74  ikev2_ts_t *ts;
75  ikev2_sa_transform_t *tr;
76  u8 *c = 0;
77 
78  u32 indent = format_get_indent (s);
79  indent += 1;
80 
81  s = format (s, "child sa %u:", index);
82 
83  tr = ikev2_sa_get_td_for_type (child->r_proposals,
84  IKEV2_TRANSFORM_TYPE_ENCR);
85  c = format (c, "%U ", format_ikev2_sa_transform, tr);
86 
87  tr = ikev2_sa_get_td_for_type (child->r_proposals,
88  IKEV2_TRANSFORM_TYPE_INTEG);
89  c = format (c, "%U ", format_ikev2_sa_transform, tr);
90 
91  tr = ikev2_sa_get_td_for_type (child->r_proposals,
92  IKEV2_TRANSFORM_TYPE_ESN);
93  c = format (c, "%U ", format_ikev2_sa_transform, tr);
94 
95  s = format (s, "%v\n", c);
96  vec_free (c);
97 
98  s = format (s, "%Uspi(i) %lx spi(r) %lx\n", format_white_space, indent,
99  child->i_proposals ? child->i_proposals[0].spi : 0,
100  child->r_proposals ? child->r_proposals[0].spi : 0);
101 
102  s = format (s, "%USK_e i:%U\n%Ur:%U\n",
103  format_white_space, indent,
104  format_hex_bytes, child->sk_ei, vec_len (child->sk_ei),
105  format_white_space, indent + 6,
106  format_hex_bytes, child->sk_er, vec_len (child->sk_er));
107  if (child->sk_ai)
108  {
109  s = format (s, "%USK_a i:%U\n%Ur:%U\n",
110  format_white_space, indent,
111  format_hex_bytes, child->sk_ai, vec_len (child->sk_ai),
112  format_white_space, indent + 6,
113  format_hex_bytes, child->sk_ar, vec_len (child->sk_ar));
114  }
115  s = format (s, "%Utraffic selectors (i):", format_white_space, indent);
116  vec_foreach (ts, child->tsi)
117  s = format (s, "%U", format_ikev2_traffic_selector, ts, ts - child->tsi);
118  s = format (s, "%Utraffic selectors (r):", format_white_space, indent);
119  vec_foreach (ts, child->tsr)
120  s = format (s, "%U", format_ikev2_traffic_selector, ts, ts - child->tsr);
121  return s;
122 }
123 
124 static u8 *
125 format_ikev2_sa (u8 * s, va_list * va)
126 {
127  ikev2_sa_t *sa = va_arg (*va, ikev2_sa_t *);
128  int details = va_arg (*va, int);
129  ikev2_sa_transform_t *tr;
130  ikev2_child_sa_t *child;
131  u32 indent = 1;
132 
133  s = format (s, "iip %U ispi %lx rip %U rspi %lx",
134  format_ip_address, &sa->iaddr, sa->ispi,
135  format_ip_address, &sa->raddr, sa->rspi);
136  if (!details)
137  return s;
138 
139  s = format (s, "\n%U", format_white_space, indent);
140 
141  tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
142  s = format (s, "%U ", format_ikev2_sa_transform, tr);
143 
144  tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
145  s = format (s, "%U ", format_ikev2_sa_transform, tr);
146 
147  tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
148  s = format (s, "%U ", format_ikev2_sa_transform, tr);
149 
150  tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_DH);
151  s = format (s, "%U", format_ikev2_sa_transform, tr);
152 
153  s = format (s, "\n%U", format_white_space, indent);
154 
155  s = format (s, "nonce i:%U\n%Ur:%U\n",
156  format_hex_bytes, sa->i_nonce, vec_len (sa->i_nonce),
157  format_white_space, indent + 6,
158  format_hex_bytes, sa->r_nonce, vec_len (sa->r_nonce));
159 
160  s = format (s, "%USK_d %U\n", format_white_space, indent,
161  format_hex_bytes, sa->sk_d, vec_len (sa->sk_d));
162  if (sa->sk_ai)
163  {
164  s = format (s, "%USK_a i:%U\n%Ur:%U\n",
165  format_white_space, indent,
166  format_hex_bytes, sa->sk_ai, vec_len (sa->sk_ai),
167  format_white_space, indent + 6,
168  format_hex_bytes, sa->sk_ar, vec_len (sa->sk_ar));
169  }
170  s = format (s, "%USK_e i:%U\n%Ur:%U\n",
171  format_white_space, indent,
172  format_hex_bytes, sa->sk_ei, vec_len (sa->sk_ei),
173  format_white_space, indent + 6,
174  format_hex_bytes, sa->sk_er, vec_len (sa->sk_er));
175  s = format (s, "%USK_p i:%U\n%Ur:%U\n",
176  format_white_space, indent,
177  format_hex_bytes, sa->sk_pi, vec_len (sa->sk_pi),
178  format_white_space, indent + 6,
179  format_hex_bytes, sa->sk_pr, vec_len (sa->sk_pr));
180 
181  s = format (s, "%Uidentifier (i) %U\n",
182  format_white_space, indent,
183  format_ikev2_id_type_and_data, &sa->i_id);
184  s = format (s, "%Uidentifier (r) %U\n",
185  format_white_space, indent,
186  format_ikev2_id_type_and_data, &sa->r_id);
187 
188  vec_foreach (child, sa->childs)
189  {
190  s = format (s, "%U%U", format_white_space, indent + 2,
191  format_ikev2_child_sa, child, child - sa->childs);
192  }
193 
194  return s;
195 }
196 
197 static clib_error_t *
198 show_ikev2_sa_command_fn (vlib_main_t * vm,
199  unformat_input_t * input, vlib_cli_command_t * cmd)
200 {
201  unformat_input_t _line_input, *line_input = &_line_input;
202  ikev2_main_t *km = &ikev2_main;
203  ikev2_main_per_thread_data_t *tkm;
204  ikev2_sa_t *sa;
205  u64 rspi;
206  u8 *s = 0;
207  int details = 0, show_one = 0;
208 
209  if (unformat_user (input, unformat_line_input, line_input))
210  {
211  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
212  {
213  if (unformat (line_input, "rspi %lx", &rspi))
214  {
215  show_one = 1;
216  }
217  else if (unformat (line_input, "details"))
218  details = 1;
219  else
220  break;
221  }
222  unformat_free (line_input);
223  }
224 
225  vec_foreach (tkm, km->per_thread_data)
226  {
227  /* *INDENT-OFF* */
228  pool_foreach (sa, tkm->sas) {
229  if (show_one)
230  {
231  if (sa->rspi == rspi)
232  {
233  s = format (s, "%U\n", format_ikev2_sa, sa, 1);
234  break;
235  }
236  }
237  else
238  s = format (s, "%U\n", format_ikev2_sa, sa, details);
239  }
240  /* *INDENT-ON* */
241  }
242 
243  vlib_cli_output (vm, "%v", s);
244  vec_free (s);
245  return 0;
246 }
247 
248 /* *INDENT-OFF* */
249 VLIB_CLI_COMMAND (show_ikev2_sa_command, static) = {
250  .path = "show ikev2 sa",
251  .short_help = "show ikev2 sa [rspi <rspi>] [details]",
252  .function = show_ikev2_sa_command_fn,
253 };
254 /* *INDENT-ON* */
255 
256 static clib_error_t *
257 ikev2_disable_dpd_command_fn (vlib_main_t * vm,
258  unformat_input_t * input,
259  vlib_cli_command_t * cmd)
260 {
261  ikev2_disable_dpd ();
262  return 0;
263 }
264 
265 /* *INDENT-OFF* */
266 VLIB_CLI_COMMAND (ikev2_cli_disable_dpd_command, static) = {
267  .path = "ikev2 dpd disable",
268  .short_help = "ikev2 dpd disable",
269  .function = ikev2_disable_dpd_command_fn,
270 };
271 /* *INDENT-ON* */
272 
273 static uword
274 unformat_ikev2_token (unformat_input_t * input, va_list * va)
275 {
276  u8 **string_return = va_arg (*va, u8 **);
277  const char *token_chars = "a-zA-Z0-9_";
278  if (*string_return)
279  {
280  /* if string_return was already allocated (eg. because of a previous
281  * partial match with a successful unformat_token()), we must free it
282  * before reusing the pointer, otherwise we'll be leaking memory
283  */
284  vec_free (*string_return);
285  *string_return = 0;
286  }
287  return unformat_user (input, unformat_token, token_chars, string_return);
288 }
289 
290 static clib_error_t *
291 ikev2_profile_add_del_command_fn (vlib_main_t * vm,
292  unformat_input_t * input,
293  vlib_cli_command_t * cmd)
294 {
295  vnet_main_t *vnm = vnet_get_main ();
296  unformat_input_t _line_input, *line_input = &_line_input;
297  u8 *name = 0;
298  clib_error_t *r = 0;
299  u32 id_type;
300  u8 *data = 0;
301  u32 tmp1, tmp2, tmp3;
302  u64 tmp4, tmp5;
303  ip_address_t ip, end_addr;
304  u32 responder_sw_if_index = (u32) ~ 0;
305  u32 tun_sw_if_index = (u32) ~ 0;
306  ikev2_transform_encr_type_t crypto_alg;
307  ikev2_transform_integ_type_t integ_alg;
308  ikev2_transform_dh_type_t dh_type;
309 
310  if (!unformat_user (input, unformat_line_input, line_input))
311  return 0;
312 
313  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
314  {
315  if (unformat (line_input, "add %U", unformat_ikev2_token, &name))
316  {
317  r = ikev2_add_del_profile (vm, name, 1);
318  goto done;
319  }
320  else if (unformat (line_input, "del %U", unformat_ikev2_token, &name))
321  {
322  r = ikev2_add_del_profile (vm, name, 0);
323  goto done;
324  }
325  else if (unformat (line_input, "set %U auth shared-key-mic string %v",
326  unformat_ikev2_token, &name, &data))
327  {
328  r =
329  ikev2_set_profile_auth (vm, name,
330  IKEV2_AUTH_METHOD_SHARED_KEY_MIC, data,
331  0);
332  goto done;
333  }
334  else if (unformat (line_input, "set %U auth shared-key-mic hex %U",
335  unformat_ikev2_token, &name,
336  unformat_hex_string, &data))
337  {
338  r =
339  ikev2_set_profile_auth (vm, name,
340  IKEV2_AUTH_METHOD_SHARED_KEY_MIC, data,
341  1);
342  goto done;
343  }
344  else if (unformat (line_input, "set %U auth rsa-sig cert-file %v",
345  unformat_ikev2_token, &name, &data))
346  {
347  r =
348  ikev2_set_profile_auth (vm, name, IKEV2_AUTH_METHOD_RSA_SIG, data,
349  0);
350  goto done;
351  }
352  else if (unformat (line_input, "set %U id local %U %U",
353  unformat_ikev2_token, &name,
354  unformat_ikev2_id_type, &id_type,
355  unformat_ip_address, &ip))
356  {
357  data = vec_new (u8, ip_address_size (&ip));
358  clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
359  r =
360  ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
361  goto done;
362  }
363  else if (unformat (line_input, "set %U id local %U 0x%U",
364  unformat_ikev2_token, &name,
365  unformat_ikev2_id_type, &id_type,
366  unformat_hex_string, &data))
367  {
368  r =
369  ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
370  goto done;
371  }
372  else if (unformat (line_input, "set %U id local %U %v",
373  unformat_ikev2_token, &name,
374  unformat_ikev2_id_type, &id_type, &data))
375  {
376  r =
377  ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
378  goto done;
379  }
380  else if (unformat (line_input, "set %U id remote %U %U",
381  unformat_ikev2_token, &name,
382  unformat_ikev2_id_type, &id_type,
383  unformat_ip_address, &ip))
384  {
385  data = vec_new (u8, ip_address_size (&ip));
386  clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
387  r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
388  0);
389  goto done;
390  }
391  else if (unformat (line_input, "set %U id remote %U 0x%U",
392  unformat_ikev2_token, &name,
393  unformat_ikev2_id_type, &id_type,
394  unformat_hex_string, &data))
395  {
396  r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
397  0);
398  goto done;
399  }
400  else if (unformat (line_input, "set %U id remote %U %v",
401  unformat_ikev2_token, &name,
402  unformat_ikev2_id_type, &id_type, &data))
403  {
404  r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
405  0);
406  goto done;
407  }
408  else if (unformat (line_input, "set %U traffic-selector local "
409  "ip-range %U - %U port-range %u - %u protocol %u",
410  unformat_ikev2_token, &name,
411  unformat_ip_address, &ip,
412  unformat_ip_address, &end_addr, &tmp1, &tmp2, &tmp3))
413  {
414  r =
415  ikev2_set_profile_ts (vm, name, (u8) tmp3, (u16) tmp1, (u16) tmp2,
416  ip, end_addr, /*local */ 1);
417  goto done;
418  }
419  else if (unformat (line_input, "set %U traffic-selector remote "
420  "ip-range %U - %U port-range %u - %u protocol %u",
421  unformat_ikev2_token, &name,
422  unformat_ip_address, &ip,
423  unformat_ip_address, &end_addr, &tmp1, &tmp2, &tmp3))
424  {
425  r =
426  ikev2_set_profile_ts (vm, name, (u8) tmp3, (u16) tmp1, (u16) tmp2,
427  ip, end_addr, /*remote */ 0);
428  goto done;
429  }
430  else if (unformat (line_input, "set %U responder %U %U",
431  unformat_ikev2_token, &name,
432  unformat_vnet_sw_interface, vnm,
433  &responder_sw_if_index, unformat_ip_address, &ip))
434  {
435  r =
436  ikev2_set_profile_responder (vm, name, responder_sw_if_index, ip);
437  goto done;
438  }
439  else if (unformat (line_input, "set %U tunnel %U",
440  unformat_ikev2_token, &name,
441  unformat_vnet_sw_interface, vnm, &tun_sw_if_index))
442  {
443  r = ikev2_set_profile_tunnel_interface (vm, name, tun_sw_if_index);
444  goto done;
445  }
446  else
447  if (unformat
448  (line_input,
449  "set %U ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U",
450  unformat_ikev2_token, &name,
451  unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
452  unformat_ikev2_transform_integ_type, &integ_alg,
453  unformat_ikev2_transform_dh_type, &dh_type))
454  {
455  r =
456  ikev2_set_profile_ike_transforms (vm, name, crypto_alg, integ_alg,
457  dh_type, tmp1);
458  goto done;
459  }
460  else
461  if (unformat
462  (line_input,
463  "set %U ike-crypto-alg %U %u ike-dh %U",
464  unformat_ikev2_token, &name,
465  unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
466  unformat_ikev2_transform_dh_type, &dh_type))
467  {
468  r =
469  ikev2_set_profile_ike_transforms (vm, name, crypto_alg,
470  IKEV2_TRANSFORM_INTEG_TYPE_NONE,
471  dh_type, tmp1);
472  goto done;
473  }
474  else
475  if (unformat
476  (line_input,
477  "set %U esp-crypto-alg %U %u esp-integ-alg %U",
478  unformat_ikev2_token, &name,
479  unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
480  unformat_ikev2_transform_integ_type, &integ_alg))
481  {
482  r =
483  ikev2_set_profile_esp_transforms (vm, name, crypto_alg, integ_alg,
484  tmp1);
485  goto done;
486  }
487  else if (unformat
488  (line_input,
489  "set %U esp-crypto-alg %U %u",
490  unformat_ikev2_token, &name,
491  unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1))
492  {
493  r =
494  ikev2_set_profile_esp_transforms (vm, name, crypto_alg, 0, tmp1);
495  goto done;
496  }
497  else if (unformat (line_input, "set %U sa-lifetime %lu %u %u %lu",
498  unformat_ikev2_token, &name,
499  &tmp4, &tmp1, &tmp2, &tmp5))
500  {
501  r =
502  ikev2_set_profile_sa_lifetime (vm, name, tmp4, tmp1, tmp2, tmp5);
503  goto done;
504  }
505  else if (unformat (line_input, "set %U udp-encap",
506  unformat_ikev2_token, &name))
507  {
508  r = ikev2_set_profile_udp_encap (vm, name);
509  goto done;
510  }
511  else if (unformat (line_input, "set %U ipsec-over-udp port %u",
512  unformat_ikev2_token, &name, &tmp1))
513  {
514  int rv = ikev2_set_profile_ipsec_udp_port (vm, name, tmp1, 1);
515  if (rv)
516  r = clib_error_return (0, "Error: %U", format_vnet_api_errno, rv);
517  goto done;
518  }
519  else if (unformat (line_input, "set %U disable natt",
520  unformat_ikev2_token, &name))
521  {
522  r = ikev2_profile_natt_disable (name);
523  goto done;
524  }
525  else
526  break;
527  }
528 
529  r = clib_error_return (0, "parse error: '%U'",
530  format_unformat_error, line_input);
531 
532 done:
533  vec_free (name);
534  vec_free (data);
535  unformat_free (line_input);
536  return r;
537 }
538 
539 /* *INDENT-OFF* */
540 VLIB_CLI_COMMAND (ikev2_profile_add_del_command, static) = {
541  .path = "ikev2 profile",
542  .short_help =
543  "ikev2 profile [add|del] <id>\n"
544  "ikev2 profile set <id> auth [rsa-sig|shared-key-mic] [cert-file|string|hex]"
545  " <data>\n"
546  "ikev2 profile set <id> id <local|remote> <type> <data>\n"
547  "ikev2 profile set <id> tunnel <interface>\n"
548  "ikev2 profile set <id> udp-encap\n"
549  "ikev2 profile set <id> traffic-selector <local|remote> ip-range "
550  "<start-addr> - <end-addr> port-range <start-port> - <end-port> "
551  "protocol <protocol-number>\n"
552  "ikev2 profile set <id> responder <interface> <addr>\n"
553  "ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>\n"
554  "ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> "
555  "[esp-integ-alg <integ alg>]\n"
556  "ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>"
557  "ikev2 profile set <id> disable natt\n",
558  .function = ikev2_profile_add_del_command_fn,
559 };
560 /* *INDENT-ON* */
561 
562 static clib_error_t *
563 show_ikev2_profile_command_fn (vlib_main_t * vm,
564  unformat_input_t * input,
565  vlib_cli_command_t * cmd)
566 {
567  ikev2_main_t *km = &ikev2_main;
568  ikev2_profile_t *p;
569 
570  /* *INDENT-OFF* */
571  pool_foreach (p, km->profiles) {
572  vlib_cli_output(vm, "profile %v", p->name);
573 
574  if (p->auth.data)
575  {
576  if (p->auth.hex)
577  vlib_cli_output(vm, " auth-method %U auth data 0x%U",
578  format_ikev2_auth_method, p->auth.method,
579  format_hex_bytes, p->auth.data, vec_len(p->auth.data));
580  else
581  vlib_cli_output(vm, " auth-method %U auth data %v",
582  format_ikev2_auth_method, p->auth.method, p->auth.data);
583  }
584 
585  if (p->loc_id.data)
586  vlib_cli_output(vm, " local %U", format_ikev2_id_type_and_data, &p->loc_id);
587 
588  if (p->rem_id.data)
589  vlib_cli_output(vm, " remote %U", format_ikev2_id_type_and_data, &p->rem_id);
590 
591  if (!ip_address_is_zero (&p->loc_ts.start_addr))
592  vlib_cli_output(vm, " local traffic-selector addr %U - %U port %u - %u"
593  " protocol %u",
594  format_ip_address, &p->loc_ts.start_addr,
595  format_ip_address, &p->loc_ts.end_addr,
596  p->loc_ts.start_port, p->loc_ts.end_port,
597  p->loc_ts.protocol_id);
598 
599  if (!ip_address_is_zero (&p->rem_ts.start_addr))
600  vlib_cli_output(vm, " remote traffic-selector addr %U - %U port %u - %u"
601  " protocol %u",
602  format_ip_address, &p->rem_ts.start_addr,
603  format_ip_address, &p->rem_ts.end_addr,
604  p->rem_ts.start_port, p->rem_ts.end_port,
605  p->rem_ts.protocol_id);
606  if (~0 != p->tun_itf)
607  vlib_cli_output(vm, " protected tunnel %U",
608  format_vnet_sw_if_index_name, vnet_get_main(), p->tun_itf);
609  if (~0 != p->responder.sw_if_index)
610  vlib_cli_output(vm, " responder %U %U",
611  format_vnet_sw_if_index_name, vnet_get_main(), p->responder.sw_if_index,
612  format_ip_address, &p->responder.addr);
613  if (p->udp_encap)
614  vlib_cli_output(vm, " udp-encap");
615 
616  if (p->natt_disabled)
617  vlib_cli_output(vm, " NAT-T disabled");
618 
619  if (p->ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
620  vlib_cli_output(vm, " ipsec-over-udp port %d", p->ipsec_over_udp_port);
621 
622  if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_type || p->ike_ts.crypto_key_size)
623  vlib_cli_output(vm, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U",
624  format_ikev2_transform_encr_type, p->ike_ts.crypto_alg, p->ike_ts.crypto_key_size,
625  format_ikev2_transform_integ_type, p->ike_ts.integ_alg,
626  format_ikev2_transform_dh_type, p->ike_ts.dh_type);
627 
628  if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg || p->esp_ts.dh_type)
629  vlib_cli_output(vm, " esp-crypto-alg %U %u esp-integ-alg %U",
630  format_ikev2_transform_encr_type, p->esp_ts.crypto_alg, p->esp_ts.crypto_key_size,
631  format_ikev2_transform_integ_type, p->esp_ts.integ_alg);
632 
633  vlib_cli_output(vm, " lifetime %d jitter %d handover %d maxdata %d",
634  p->lifetime, p->lifetime_jitter, p->handover, p->lifetime_maxdata);
635  }
636  /* *INDENT-ON* */
637 
638  return 0;
639 }
640 
641 /* *INDENT-OFF* */
642 VLIB_CLI_COMMAND (show_ikev2_profile_command, static) = {
643  .path = "show ikev2 profile",
644  .short_help = "show ikev2 profile",
645  .function = show_ikev2_profile_command_fn,
646 };
647 /* *INDENT-ON* */
648 
649 static clib_error_t *
650 set_ikev2_liveness_period_fn (vlib_main_t * vm,
651  unformat_input_t * input,
652  vlib_cli_command_t * cmd)
653 {
654  unformat_input_t _line_input, *line_input = &_line_input;
655  clib_error_t *r = 0;
656  u32 period = 0, max_retries = 0;
657 
658  if (!unformat_user (input, unformat_line_input, line_input))
659  return 0;
660 
661  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
662  {
663  if (unformat (line_input, "%d %d", &period, &max_retries))
664  {
665  r = ikev2_set_liveness_params (period, max_retries);
666  goto done;
667  }
668  else
669  break;
670  }
671 
672  r = clib_error_return (0, "parse error: '%U'",
673  format_unformat_error, line_input);
674 
675 done:
676  unformat_free (line_input);
677  return r;
678 }
679 
680 /* *INDENT-OFF* */
681 VLIB_CLI_COMMAND (set_ikev2_liveness_command, static) = {
682  .path = "ikev2 set liveness",
683  .short_help = "ikev2 set liveness <period> <max-retires>",
684  .function = set_ikev2_liveness_period_fn,
685 };
686 /* *INDENT-ON* */
687 
688 static clib_error_t *
689 set_ikev2_local_key_command_fn (vlib_main_t * vm,
690  unformat_input_t * input,
691  vlib_cli_command_t * cmd)
692 {
693  unformat_input_t _line_input, *line_input = &_line_input;
694  clib_error_t *r = 0;
695  u8 *data = 0;
696 
697  if (!unformat_user (input, unformat_line_input, line_input))
698  return 0;
699 
700  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
701  {
702  if (unformat (line_input, "%s", &data))
703  {
704  r = ikev2_set_local_key (vm, data);
705  goto done;
706  }
707  else
708  break;
709  }
710 
711  r = clib_error_return (0, "parse error: '%U'",
712  format_unformat_error, line_input);
713 
714 done:
715  vec_free (data);
716  unformat_free (line_input);
717  return r;
718 }
719 
720 /* *INDENT-OFF* */
721 VLIB_CLI_COMMAND (set_ikev2_local_key_command, static) = {
722  .path = "set ikev2 local key",
723  .short_help =
724  "set ikev2 local key <file>",
725  .function = set_ikev2_local_key_command_fn,
726 };
727 /* *INDENT-ON* */
728 
729 
730 static clib_error_t *
731 ikev2_initiate_command_fn (vlib_main_t * vm,
732  unformat_input_t * input, vlib_cli_command_t * cmd)
733 {
734  unformat_input_t _line_input, *line_input = &_line_input;
735  clib_error_t *r = 0;
736  u8 *name = 0;
737  u32 tmp1;
738  u64 tmp2;
739 
740  if (!unformat_user (input, unformat_line_input, line_input))
741  return 0;
742 
743  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
744  {
745  if (unformat (line_input, "sa-init %U", unformat_ikev2_token, &name))
746  {
747  r = ikev2_initiate_sa_init (vm, name);
748  goto done;
749  }
750  else if (unformat (line_input, "del-child-sa %x", &tmp1))
751  {
752  r = ikev2_initiate_delete_child_sa (vm, tmp1);
753  goto done;
754  }
755  else if (unformat (line_input, "del-sa %lx", &tmp2))
756  {
757  r = ikev2_initiate_delete_ike_sa (vm, tmp2);
758  goto done;
759  }
760  else if (unformat (line_input, "rekey-child-sa %x", &tmp1))
761  {
762  r = ikev2_initiate_rekey_child_sa (vm, tmp1);
763  goto done;
764  }
765  else
766  break;
767  }
768 
769  r = clib_error_return (0, "parse error: '%U'",
770  format_unformat_error, line_input);
771 
772 done:
773  vec_free (name);
774  unformat_free (line_input);
775  return r;
776 }
777 
778 /* *INDENT-OFF* */
779 VLIB_CLI_COMMAND (ikev2_initiate_command, static) = {
780  .path = "ikev2 initiate",
781  .short_help =
782  "ikev2 initiate sa-init <profile id>\n"
783  "ikev2 initiate del-child-sa <child sa ispi>\n"
784  "ikev2 initiate del-sa <sa ispi>\n"
785  "ikev2 initiate rekey-child-sa <child sa ispi>\n",
786  .function = ikev2_initiate_command_fn,
787 };
788 /* *INDENT-ON* */
789 
790 void
791 ikev2_cli_reference (void)
792 {
793 }
794 
795 static clib_error_t *
796 ikev2_set_log_level_command_fn (vlib_main_t * vm,
797  unformat_input_t * input,
798  vlib_cli_command_t * cmd)
799 {
800  unformat_input_t _line_input, *line_input = &_line_input;
801  u32 log_level = IKEV2_LOG_NONE;
802  clib_error_t *error = 0;
803 
804  /* Get a line of input. */
805  if (!unformat_user (input, unformat_line_input, line_input))
806  return 0;
807 
808  if (!unformat (line_input, "%d", &log_level))
809  {
810  error = clib_error_return (0, "unknown input '%U'",
811  format_unformat_error, line_input);
812  goto done;
813  }
814  int rc = ikev2_set_log_level (log_level);
815  if (rc < 0)
816  error = clib_error_return (0, "setting log level failed!");
817 
818 done:
819  unformat_free (line_input);
820  return error;
821 }
822 
823 /* *INDENT-OFF* */
824 VLIB_CLI_COMMAND (ikev2_set_log_level_command, static) = {
825  .path = "ikev2 set logging level",
826  .function = ikev2_set_log_level_command_fn,
827  .short_help = "ikev2 set logging level <0-5>",
828 };
829 /* *INDENT-ON* */
830 
831 /*
832  * fd.io coding-style-patch-verification: ON
833  *
834  * Local Variables:
835  * eval: (c-set-style "gnu")
836  * End:
837  */
ikev2_main_t::per_thread_data
ikev2_main_per_thread_data_t * per_thread_data
Definition: ikev2_priv.h:493
ikev2_profile_natt_disable
clib_error_t * ikev2_profile_natt_disable(u8 *name)
Definition: ikev2.c:4813
ikev2_profile_t
Definition: ikev2_priv.h:330
end_addr
vl_api_address_t end_addr
Definition: ikev2_types.api:38
unformat_token
unformat_function_t unformat_token
Definition: format.h:285
format_ikev2_id_type_and_data
u8 * format_ikev2_id_type_and_data(u8 *s, va_list *args)
Definition: ikev2_cli.c:23
ikev2_sa_t::r_id
ikev2_id_t r_id
Definition: ikev2_priv.h:406
ikev2_id_t::type
ikev2_id_type_t type
Definition: ikev2_priv.h:273
ikev2_profile_t::ike_ts
ikev2_transforms_set ike_ts
Definition: ikev2_priv.h:340
ikev2_ts_t::end_addr
ip_address_t end_addr
Definition: ikev2_priv.h:253
ikev2_profile_t::lifetime
u64 lifetime
Definition: ikev2_priv.h:342
ikev2_transform_integ_type_t
ikev2_transform_integ_type_t
Definition: ikev2.h:282
ikev2_add_del_profile
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
Definition: ikev2.c:3803
vnet_get_main
vnet_main_t * vnet_get_main(void)
Definition: misc.c:46
ikev2_ts_t::ts_type
ikev2_traffic_selector_type_t ts_type
Definition: ikev2_priv.h:247
ikev2_set_profile_udp_encap
clib_error_t * ikev2_set_profile_udp_encap(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:4099
unformat_ikev2_transform_encr_type
uword unformat_ikev2_transform_encr_type(unformat_input_t *input, va_list *args)
pool_foreach
#define pool_foreach(VAR, POOL)
Iterate through pool.
Definition: pool.h:527
ikev2_child_sa_t
Definition: ikev2_priv.h:277
format_ikev2_auth_method
u8 * format_ikev2_auth_method(u8 *s, va_list *args)
ikev2_transforms_set::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:266
ikev2_main_t::profiles
ikev2_profile_t * profiles
Definition: ikev2_priv.h:473
u64
unsigned long u64
Definition: types.h:89
ikev2_id_t
Definition: ikev2_priv.h:271
ikev2_initiate_delete_ike_sa
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
Definition: ikev2.c:4431
ikev2_ts_t
Definition: ikev2_priv.h:245
format_ikev2_sa_transform
u8 * format_ikev2_sa_transform(u8 *s, va_list *args)
Definition: ikev2_format.c:25
unformat_hex_string
unformat_function_t unformat_hex_string
Definition: format.h:288
unformat_ikev2_id_type
uword unformat_ikev2_id_type(unformat_input_t *input, va_list *args)
ikev2_responder_t::addr
ip_address_t addr
Definition: ikev2_priv.h:259
ikev2_sa_proposal_t::spi
u32 spi
Definition: ikev2_priv.h:241
ikev2_transforms_set::crypto_key_size
u32 crypto_key_size
Definition: ikev2_priv.h:267
ikev2_transforms_set::crypto_alg
ikev2_transform_encr_type_t crypto_alg
Definition: ikev2_priv.h:264
ip_address_size
u16 ip_address_size(const ip_address_t *a)
Definition: ip_types.c:87
ikev2_set_profile_tunnel_interface
clib_error_t * ikev2_set_profile_tunnel_interface(vlib_main_t *vm, u8 *name, u32 sw_if_index)
Definition: ikev2.c:4046
set_ikev2_liveness_period_fn
static clib_error_t * set_ikev2_liveness_period_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:650
ikev2_sa_t::sk_pi
u8 * sk_pi
Definition: ikev2_priv.h:397
unformat_user
uword unformat_user(unformat_input_t *input, unformat_function_t *func,...)
Definition: unformat.c:989
format_get_indent
static u32 format_get_indent(u8 *s)
Definition: format.h:72
vm
vlib_main_t * vm
Definition: in2out_ed.c:1580
ikev2_set_profile_sa_lifetime
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
Definition: ikev2.c:4115
unformat_vnet_sw_interface
unformat_function_t unformat_vnet_sw_interface
Definition: interface_funcs.h:449
ikev2_profile_t::lifetime_maxdata
u64 lifetime_maxdata
Definition: ikev2_priv.h:343
ikev2_set_liveness_params
clib_error_t * ikev2_set_liveness_params(u32 period, u32 max_retries)
Definition: ikev2.c:4800
ikev2_sa_t::iaddr
ip_address_t iaddr
Definition: ikev2_priv.h:373
ikev2_profile_t::ipsec_over_udp_port
u16 ipsec_over_udp_port
Definition: ikev2_priv.h:346
ikev2_auth_t::hex
u8 hex
Definition: ikev2_priv.h:203
format_vnet_sw_if_index_name
format_function_t format_vnet_sw_if_index_name
Definition: interface_funcs.h:445
u8
unsigned char u8
Definition: types.h:56
ikev2_set_profile_ipsec_udp_port
vnet_api_error_t ikev2_set_profile_ipsec_udp_port(vlib_main_t *vm, u8 *name, u16 port, u8 is_set)
Definition: ikev2.c:4066
data
u8 data[128]
Definition: ipsec_types.api:90
ikev2_sa_get_td_for_type
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:251
ikev2_profile_t::auth
ikev2_auth_t auth
Definition: ikev2_priv.h:334
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:180
ikev2_profile_t::rem_id
ikev2_id_t rem_id
Definition: ikev2_priv.h:336
ikev2_sa_t::sk_d
u8 * sk_d
Definition: ikev2_priv.h:392
ikev2_transform_dh_type_t
ikev2_transform_dh_type_t
Definition: ikev2.h:332
log_level
log_level
Definition: vpe_types.api:33
ikev2_main_t
Definition: ikev2_priv.h:470
show_ikev2_sa_command_fn
static clib_error_t * show_ikev2_sa_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:198
format_ip4_address
format_function_t format_ip4_address
Definition: format.h:73
ikev2_child_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:281
ikev2_profile_t::lifetime_jitter
u32 lifetime_jitter
Definition: ikev2_priv.h:344
ikev2_initiate_sa_init
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:4166
unformat_ikev2_transform_dh_type
uword unformat_ikev2_transform_dh_type(unformat_input_t *input, va_list *args)
vec_new
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:350
format_white_space
u8 * format_white_space(u8 *s, va_list *va)
Definition: std-formats.c:129
ikev2_set_profile_auth
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
Definition: ikev2.c:3839
format_ikev2_child_sa
static u8 * format_ikev2_child_sa(u8 *s, va_list *va)
Definition: ikev2_cli.c:70
format
description fragment has unexpected format
Definition: map.api:433
ikev2_profile_t::tun_itf
u32 tun_itf
Definition: ikev2_priv.h:348
format_ikev2_traffic_selector
static u8 * format_ikev2_traffic_selector(u8 *s, va_list *va)
Definition: ikev2_cli.c:54
format_hex_bytes
u8 * format_hex_bytes(u8 *s, va_list *va)
Definition: std-formats.c:84
clib_error_return
#define clib_error_return(e, args...)
Definition: error.h:99
ikev2_disable_dpd_command_fn
static clib_error_t * ikev2_disable_dpd_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:257
ikev2_main_per_thread_data_t::sas
ikev2_sa_t * sas
Definition: ikev2_priv.h:457
ikev2_transforms_set::integ_alg
ikev2_transform_integ_type_t integ_alg
Definition: ikev2_priv.h:265
ikev2_id_t::data
u8 * data
Definition: ikev2_priv.h:274
u32
unsigned int u32
Definition: types.h:88
ikev2_child_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:291
ikev2_set_profile_esp_transforms
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, u32 crypto_key_size)
Definition: ikev2.c:4023
ikev2_profile_t::loc_id
ikev2_id_t loc_id
Definition: ikev2_priv.h:335
ikev2_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:394
ikev2_child_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:289
unformat_line_input
unformat_function_t unformat_line_input
Definition: format.h:282
ikev2_profile_t::responder
ikev2_responder_t responder
Definition: ikev2_priv.h:339
ikev2_set_log_level
int ikev2_set_log_level(ikev2_log_level_t log_level)
Definition: ikev2.c:4785
error
Definition: cJSON.c:84
ikev2_set_profile_id
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
Definition: ikev2.c:3882
ikev2_main
ikev2_main_t ikev2_main
Definition: ikev2.c:35
integ_alg
u8 integ_alg
Definition: ikev2_types.api:59
ikev2_profile_t::rem_ts
ikev2_ts_t rem_ts
Definition: ikev2_priv.h:338
unformat_input_t
struct _unformat_input_t unformat_input_t
u16
unsigned short u16
Definition: types.h:57
ikev2_child_sa_t::i_proposals
ikev2_sa_proposal_t * i_proposals
Definition: ikev2_priv.h:280
ikev2_sa_t::r_nonce
u8 * r_nonce
Definition: ikev2_priv.h:378
ikev2_ts_t::end_port
u16 end_port
Definition: ikev2_priv.h:251
ikev2_profile_t::natt_disabled
u8 natt_disabled
Definition: ikev2_priv.h:350
ikev2_initiate_delete_child_sa
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:4391
ip_address_is_zero
bool ip_address_is_zero(const ip_address_t *ip)
Definition: ip_types.c:102
ikev2_sa_transform_t
Definition: ikev2_priv.h:213
unformat_ip_address
uword unformat_ip_address(unformat_input_t *input, va_list *args)
Definition: ip_types.c:41
ikev2_auth_t::data
u8 * data
Definition: ikev2_priv.h:202
format_vnet_api_errno
static u8 * format_vnet_api_errno(u8 *s, va_list *args)
Definition: api_errno.h:172
ikev2_sa_t::rspi
u64 rspi
Definition: ikev2_priv.h:376
ikev2_sa_t::i_nonce
u8 * i_nonce
Definition: ikev2_priv.h:377
ikev2_set_local_key
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
Definition: ikev2.c:3606
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:395
ip_address
Definition: ip_types.h:79
ikev2_sa_t::raddr
ip_address_t raddr
Definition: ikev2_priv.h:374
ikev2_initiate_rekey_child_sa
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:4514
ikev2_profile_t::udp_encap
u8 udp_encap
Definition: ikev2_priv.h:349
UNFORMAT_END_OF_INPUT
#define UNFORMAT_END_OF_INPUT
Definition: format.h:144
c
svmdb_client_t * c
Definition: vpp_get_metrics.c:48
ikev2_sa_t
Definition: ikev2_priv.h:368
format_ip6_address
format_function_t format_ip6_address
Definition: format.h:91
ikev2_auth_t::method
ikev2_auth_method_t method
Definition: ikev2_priv.h:201
ikev2_transform_encr_type_t
ikev2_transform_encr_type_t
Definition: ikev2.h:241
ikev2_child_sa_t::tsi
ikev2_ts_t * tsi
Definition: ikev2_priv.h:284
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:380
format_ip_address
u8 * format_ip_address(u8 *s, va_list *args)
Definition: ip_types.c:21
ikev2_child_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:290
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:396
ipsec_sa.h
name
string name[64]
Definition: ip.api:44
unformat_ikev2_token
static uword unformat_ikev2_token(unformat_input_t *input, va_list *va)
Definition: ikev2_cli.c:274
ikev2_profile_t::loc_ts
ikev2_ts_t loc_ts
Definition: ikev2_priv.h:337
ikev2_priv.h
format_ikev2_transform_encr_type
u8 * format_ikev2_transform_encr_type(u8 *s, va_list *args)
ikev2_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:389
VLIB_CLI_COMMAND
#define VLIB_CLI_COMMAND(x,...)
Definition: cli.h:158
rspi
u64 rspi
Definition: ikev2_types.api:137
vnet_main_t
Definition: vnet.h:60
ikev2_ts_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:248
vlib_cli_output
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
Definition: cli.c:696
ikev2_main_per_thread_data_t
Definition: ikev2_priv.h:452
ikev2_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:393
unformat_ikev2_transform_integ_type
uword unformat_ikev2_transform_integ_type(unformat_input_t *input, va_list *args)
ikev2_profile_t::handover
u32 handover
Definition: ikev2_priv.h:345
ikev2_child_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:288
format_ikev2_transform_dh_type
u8 * format_ikev2_transform_dh_type(u8 *s, va_list *args)
format_ikev2_sa
static u8 * format_ikev2_sa(u8 *s, va_list *va)
Definition: ikev2_cli.c:125
clib_error_t
Definition: clib_error.h:21
show_ikev2_profile_command_fn
static clib_error_t * show_ikev2_profile_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:563
format_ikev2_transform_integ_type
u8 * format_ikev2_transform_integ_type(u8 *s, va_list *args)
ip
vl_api_address_t ip
Definition: l2.api:501
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
ikev2_set_profile_responder
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip_address_t addr)
Definition: ikev2.c:3977
ikev2_ts_t::start_port
u16 start_port
Definition: ikev2_priv.h:250
ikev2_sa_t::sk_pr
u8 * sk_pr
Definition: ikev2_priv.h:398
vlib_main_t
Definition: main.h:119
uword
u64 uword
Definition: types.h:112
unformat_free
static void unformat_free(unformat_input_t *i)
Definition: format.h:162
ikev2_set_profile_ike_transforms
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:3998
ikev2_sa_t::i_id
ikev2_id_t i_id
Definition: ikev2_priv.h:405
index
u32 index
Definition: flow_types.api:221
vlib_cli_command_t
Definition: cli.h:91
ikev2_child_sa_t::tsr
ikev2_ts_t * tsr
Definition: ikev2_priv.h:285
ikev2_sa_t::childs
ikev2_child_sa_t * childs
Definition: ikev2_priv.h:438
set_ikev2_local_key_command_fn
static clib_error_t * set_ikev2_local_key_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:689
ikev2_profile_t::name
u8 * name
Definition: ikev2_priv.h:332
format_unformat_error
u8 * format_unformat_error(u8 *s, va_list *va)
Definition: unformat.c:91
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:212
ikev2_ts_t::start_addr
ip_address_t start_addr
Definition: ikev2_priv.h:252
ikev2_responder_t::sw_if_index
u32 sw_if_index
Definition: ikev2_priv.h:258
ikev2_sa_t::ispi
u64 ispi
Definition: ikev2_priv.h:375
ikev2_cli_reference
void ikev2_cli_reference(void)
Definition: ikev2_cli.c:791
ikev2_set_log_level_command_fn
static clib_error_t * ikev2_set_log_level_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:796
ikev2_profile_add_del_command_fn
static clib_error_t * ikev2_profile_add_del_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:291
ikev2_profile_t::esp_ts
ikev2_transforms_set esp_ts
Definition: ikev2_priv.h:341
ip_addr_bytes
u8 * ip_addr_bytes(ip_address_t *ip)
Definition: ip_types.c:149
ikev2_set_profile_ts
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip_address_t start_addr, ip_address_t end_addr, int is_local)
Definition: ikev2.c:3937
IPSEC_UDP_PORT_NONE
#define IPSEC_UDP_PORT_NONE
Definition: ipsec_sa.h:290
ikev2_initiate_command_fn
static clib_error_t * ikev2_initiate_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:731
unformat
uword unformat(unformat_input_t *i, const char *fmt,...)
Definition: unformat.c:978
format_ikev2_id_type
u8 * format_ikev2_id_type(u8 *s, va_list *args)
ikev2_disable_dpd
void ikev2_disable_dpd(void)
Definition: ikev2.c:4980
unformat_check_input
static uword unformat_check_input(unformat_input_t *i)
Definition: format.h:170