Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 1664f9ba4a154f6d11870e0bb9fdaa527b5afbaf / . / src / vnet / ipsec / ipsec_api.c
blob: 9c4ba5263198dcb8ef1bbb9ac47c5a1b02a6b6eb [file] [log] [blame]
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]1/*
2 *------------------------------------------------------------------
3 * ipsec_api.c - ipsec api
4 *
5 * Copyright (c) 2016 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
18 */
19
20#include <vnet/vnet.h>
21#include <vlibmemory/api.h>
22
23#include <vnet/interface.h>
24#include <vnet/api_errno.h>
25#include <vnet/ip/ip.h>
26
27#include <vnet/vnet_msg_enum.h>
28
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]29#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]30#include <vnet/ipsec/ipsec.h>
31#include <vnet/ipsec/ikev2.h>
32#endif /* IPSEC */
33
34#define vl_typedefs /* define message structures */
35#include <vnet/vnet_all_api_h.h>
36#undef vl_typedefs
37
38#define vl_endianfun /* define message structures */
39#include <vnet/vnet_all_api_h.h>
40#undef vl_endianfun
41
42/* instantiate all the print functions we know about */
43#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
44#define vl_printfun
45#include <vnet/vnet_all_api_h.h>
46#undef vl_printfun
47
48#include <vlibapi/api_helper_macros.h>
49
50#define foreach_vpe_api_msg \
51_(IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \
52_(IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \
53_(IPSEC_SPD_ADD_DEL_ENTRY, ipsec_spd_add_del_entry) \
54_(IPSEC_SAD_ADD_DEL_ENTRY, ipsec_sad_add_del_entry) \
55_(IPSEC_SA_SET_KEY, ipsec_sa_set_key) \
56_(IPSEC_SPD_DUMP, ipsec_spd_dump) \
57_(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del) \
58_(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth) \
59_(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id) \
60_(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts) \
Radu Nicolaucb33dc22017-02-16 16:49:46 +0000[diff] [blame]61_(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key) \
62_(IKEV2_SET_RESPONDER, ikev2_set_responder) \
63_(IKEV2_SET_IKE_TRANSFORMS, ikev2_set_ike_transforms) \
64_(IKEV2_SET_ESP_TRANSFORMS, ikev2_set_esp_transforms) \
65_(IKEV2_SET_SA_LIFETIME, ikev2_set_sa_lifetime) \
66_(IKEV2_INITIATE_SA_INIT, ikev2_initiate_sa_init) \
67_(IKEV2_INITIATE_DEL_IKE_SA, ikev2_initiate_del_ike_sa) \
68_(IKEV2_INITIATE_DEL_CHILD_SA, ikev2_initiate_del_child_sa) \
69_(IKEV2_INITIATE_REKEY_CHILD_SA, ikev2_initiate_rekey_child_sa)
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]70
71static void vl_api_ipsec_spd_add_del_t_handler
72 (vl_api_ipsec_spd_add_del_t * mp)
73{
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]74#if WITH_LIBSSL == 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]75 clib_warning ("unimplemented");
76#else
77
78 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
79 vl_api_ipsec_spd_add_del_reply_t *rmp;
80 int rv;
81
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]82 rv = ipsec_add_del_spd (vm, ntohl (mp->spd_id), mp->is_add);
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]83
84 REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_REPLY);
85#endif
86}
87
88static void vl_api_ipsec_interface_add_del_spd_t_handler
89 (vl_api_ipsec_interface_add_del_spd_t * mp)
90{
91 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
92 vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
93 int rv;
94 u32 sw_if_index __attribute__ ((unused));
95 u32 spd_id __attribute__ ((unused));
96
97 sw_if_index = ntohl (mp->sw_if_index);
98 spd_id = ntohl (mp->spd_id);
99
100 VALIDATE_SW_IF_INDEX (mp);
101
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]102#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]103 rv = ipsec_set_interface_spd (vm, sw_if_index, spd_id, mp->is_add);
104#else
105 rv = VNET_API_ERROR_UNIMPLEMENTED;
106#endif
107
108 BAD_SW_IF_INDEX_LABEL;
109
110 REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
111}
112
113static void vl_api_ipsec_spd_add_del_entry_t_handler
114 (vl_api_ipsec_spd_add_del_entry_t * mp)
115{
116 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
117 vl_api_ipsec_spd_add_del_entry_reply_t *rmp;
118 int rv;
119
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]120#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]121 ipsec_policy_t p;
122
123 memset (&p, 0, sizeof (p));
124
125 p.id = ntohl (mp->spd_id);
126 p.priority = ntohl (mp->priority);
127 p.is_outbound = mp->is_outbound;
128 p.is_ipv6 = mp->is_ipv6;
129
130 if (mp->is_ipv6 || mp->is_ip_any)
131 {
132 clib_memcpy (&p.raddr.start, mp->remote_address_start, 16);
133 clib_memcpy (&p.raddr.stop, mp->remote_address_stop, 16);
134 clib_memcpy (&p.laddr.start, mp->local_address_start, 16);
135 clib_memcpy (&p.laddr.stop, mp->local_address_stop, 16);
136 }
137 else
138 {
139 clib_memcpy (&p.raddr.start.ip4.data, mp->remote_address_start, 4);
140 clib_memcpy (&p.raddr.stop.ip4.data, mp->remote_address_stop, 4);
141 clib_memcpy (&p.laddr.start.ip4.data, mp->local_address_start, 4);
142 clib_memcpy (&p.laddr.stop.ip4.data, mp->local_address_stop, 4);
143 }
144 p.protocol = mp->protocol;
145 p.rport.start = ntohs (mp->remote_port_start);
146 p.rport.stop = ntohs (mp->remote_port_stop);
147 p.lport.start = ntohs (mp->local_port_start);
148 p.lport.stop = ntohs (mp->local_port_stop);
149 /* policy action resolve unsupported */
150 if (mp->policy == IPSEC_POLICY_ACTION_RESOLVE)
151 {
152 clib_warning ("unsupported action: 'resolve'");
153 rv = VNET_API_ERROR_UNIMPLEMENTED;
154 goto out;
155 }
156 p.policy = mp->policy;
157 p.sa_id = ntohl (mp->sa_id);
158
159 rv = ipsec_add_del_policy (vm, &p, mp->is_add);
160 if (rv)
161 goto out;
162
163 if (mp->is_ip_any)
164 {
165 p.is_ipv6 = 1;
166 rv = ipsec_add_del_policy (vm, &p, mp->is_add);
167 }
168#else
169 rv = VNET_API_ERROR_UNIMPLEMENTED;
170 goto out;
171#endif
172
173out:
174 REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_ENTRY_REPLY);
175}
176
177static void vl_api_ipsec_sad_add_del_entry_t_handler
178 (vl_api_ipsec_sad_add_del_entry_t * mp)
179{
180 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
181 vl_api_ipsec_sad_add_del_entry_reply_t *rmp;
182 int rv;
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]183#if WITH_LIBSSL > 0
Sergio Gonzalez Monroyd04b60b2017-01-20 15:35:23 +0000[diff] [blame]184 ipsec_main_t *im = &ipsec_main;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]185 ipsec_sa_t sa;
186
187 memset (&sa, 0, sizeof (sa));
188
189 sa.id = ntohl (mp->sad_id);
190 sa.spi = ntohl (mp->spi);
191 /* security protocol AH unsupported */
192 if (mp->protocol == IPSEC_PROTOCOL_AH)
193 {
194 clib_warning ("unsupported security protocol 'AH'");
195 rv = VNET_API_ERROR_UNIMPLEMENTED;
196 goto out;
197 }
198 sa.protocol = mp->protocol;
199 /* check for unsupported crypto-alg */
200 if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
201 mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
202 {
203 clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
204 mp->crypto_algorithm);
205 rv = VNET_API_ERROR_UNIMPLEMENTED;
206 goto out;
207 }
208 sa.crypto_alg = mp->crypto_algorithm;
209 sa.crypto_key_len = mp->crypto_key_length;
210 clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
211 /* check for unsupported integ-alg */
Pavel Kotucek78053e12017-03-10 10:03:59 +0100[diff] [blame]212 if (mp->integrity_algorithm >= IPSEC_INTEG_N_ALG)
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]213 {
214 clib_warning ("unsupported integ-alg: '%U'", format_ipsec_integ_alg,
215 mp->integrity_algorithm);
216 rv = VNET_API_ERROR_UNIMPLEMENTED;
217 goto out;
218 }
219
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]220 sa.integ_alg = mp->integrity_algorithm;
221 sa.integ_key_len = mp->integrity_key_length;
222 clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
223 sa.use_esn = mp->use_extended_sequence_number;
224 sa.is_tunnel = mp->is_tunnel;
225 sa.is_tunnel_ip6 = mp->is_tunnel_ipv6;
226 if (sa.is_tunnel_ip6)
227 {
228 clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16);
229 clib_memcpy (&sa.tunnel_dst_addr, mp->tunnel_dst_address, 16);
230 }
231 else
232 {
233 clib_memcpy (&sa.tunnel_src_addr.ip4.data, mp->tunnel_src_address, 4);
234 clib_memcpy (&sa.tunnel_dst_addr.ip4.data, mp->tunnel_dst_address, 4);
235 }
236
Sergio Gonzalez Monroyd04b60b2017-01-20 15:35:23 +0000[diff] [blame]237 ASSERT (im->cb.check_support_cb);
238 clib_error_t *err = im->cb.check_support_cb (&sa);
239 if (err)
240 {
241 clib_warning ("%s", err->what);
242 rv = VNET_API_ERROR_UNIMPLEMENTED;
243 goto out;
244 }
245
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]246 rv = ipsec_add_del_sa (vm, &sa, mp->is_add);
247#else
248 rv = VNET_API_ERROR_UNIMPLEMENTED;
249 goto out;
250#endif
251
252out:
253 REPLY_MACRO (VL_API_IPSEC_SAD_ADD_DEL_ENTRY_REPLY);
254}
255
256static void
257send_ipsec_spd_details (ipsec_policy_t * p, unix_shared_memory_queue_t * q,
258 u32 context)
259{
260 vl_api_ipsec_spd_details_t *mp;
261
262 mp = vl_msg_api_alloc (sizeof (*mp));
263 memset (mp, 0, sizeof (*mp));
264 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
265 mp->context = context;
266
267 mp->spd_id = htonl (p->id);
268 mp->priority = htonl (p->priority);
269 mp->is_outbound = p->is_outbound;
270 mp->is_ipv6 = p->is_ipv6;
271 if (p->is_ipv6)
272 {
273 memcpy (mp->local_start_addr, &p->laddr.start.ip6, 16);
274 memcpy (mp->local_stop_addr, &p->laddr.stop.ip6, 16);
275 memcpy (mp->remote_start_addr, &p->raddr.start.ip6, 16);
276 memcpy (mp->remote_stop_addr, &p->raddr.stop.ip6, 16);
277 }
278 else
279 {
280 memcpy (mp->local_start_addr, &p->laddr.start.ip4, 4);
281 memcpy (mp->local_stop_addr, &p->laddr.stop.ip4, 4);
282 memcpy (mp->remote_start_addr, &p->raddr.start.ip4, 4);
283 memcpy (mp->remote_stop_addr, &p->raddr.stop.ip4, 4);
284 }
285 mp->local_start_port = htons (p->lport.start);
286 mp->local_stop_port = htons (p->lport.stop);
287 mp->remote_start_port = htons (p->rport.start);
288 mp->remote_stop_port = htons (p->rport.stop);
289 mp->protocol = p->protocol;
290 mp->policy = p->policy;
291 mp->sa_id = htonl (p->sa_id);
292 mp->bytes = clib_host_to_net_u64 (p->counter.bytes);
293 mp->packets = clib_host_to_net_u64 (p->counter.packets);
294
295 vl_msg_api_send_shmem (q, (u8 *) & mp);
296}
297
298static void
299vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp)
300{
301 unix_shared_memory_queue_t *q;
302 ipsec_main_t *im = &ipsec_main;
303 ipsec_policy_t *policy;
304 ipsec_spd_t *spd;
305 uword *p;
306 u32 spd_index;
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]307#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]308 q = vl_api_client_index_to_input_queue (mp->client_index);
309 if (q == 0)
310 return;
311
312 p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id));
313 if (!p)
314 return;
315
316 spd_index = p[0];
317 spd = pool_elt_at_index (im->spds, spd_index);
318
319 /* *INDENT-OFF* */
320 pool_foreach (policy, spd->policies,
321 ({
322 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
323 send_ipsec_spd_details (policy, q,
324 mp->context);}
325 ));
326 /* *INDENT-ON* */
327#else
328 clib_warning ("unimplemented");
329#endif
330}
331
332static void
333vl_api_ipsec_sa_set_key_t_handler (vl_api_ipsec_sa_set_key_t * mp)
334{
335 vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
336 vl_api_ipsec_sa_set_key_reply_t *rmp;
337 int rv;
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]338#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]339 ipsec_sa_t sa;
340 sa.id = ntohl (mp->sa_id);
341 sa.crypto_key_len = mp->crypto_key_length;
342 clib_memcpy (&sa.crypto_key, mp->crypto_key, sizeof (sa.crypto_key));
343 sa.integ_key_len = mp->integrity_key_length;
344 clib_memcpy (&sa.integ_key, mp->integrity_key, sizeof (sa.integ_key));
345
346 rv = ipsec_set_sa_key (vm, &sa);
347#else
348 rv = VNET_API_ERROR_UNIMPLEMENTED;
349#endif
350
351 REPLY_MACRO (VL_API_IPSEC_SA_SET_KEY_REPLY);
352}
353
354static void
355vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp)
356{
357 vl_api_ikev2_profile_add_del_reply_t *rmp;
358 int rv = 0;
359
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]360#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]361 vlib_main_t *vm = vlib_get_main ();
362 clib_error_t *error;
363 u8 *tmp = format (0, "%s", mp->name);
364 error = ikev2_add_del_profile (vm, tmp, mp->is_add);
365 vec_free (tmp);
366 if (error)
367 rv = VNET_API_ERROR_UNSPECIFIED;
368#else
369 rv = VNET_API_ERROR_UNIMPLEMENTED;
370#endif
371
372 REPLY_MACRO (VL_API_IKEV2_PROFILE_ADD_DEL_REPLY);
373}
374
375static void
376 vl_api_ikev2_profile_set_auth_t_handler
377 (vl_api_ikev2_profile_set_auth_t * mp)
378{
379 vl_api_ikev2_profile_set_auth_reply_t *rmp;
380 int rv = 0;
381
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]382#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]383 vlib_main_t *vm = vlib_get_main ();
384 clib_error_t *error;
385 u8 *tmp = format (0, "%s", mp->name);
386 u8 *data = vec_new (u8, mp->data_len);
387 clib_memcpy (data, mp->data, mp->data_len);
388 error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
389 vec_free (tmp);
390 vec_free (data);
391 if (error)
392 rv = VNET_API_ERROR_UNSPECIFIED;
393#else
394 rv = VNET_API_ERROR_UNIMPLEMENTED;
395#endif
396
397 REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_AUTH_REPLY);
398}
399
400static void
401vl_api_ikev2_profile_set_id_t_handler (vl_api_ikev2_profile_set_id_t * mp)
402{
403 vl_api_ikev2_profile_add_del_reply_t *rmp;
404 int rv = 0;
405
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]406#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]407 vlib_main_t *vm = vlib_get_main ();
408 clib_error_t *error;
409 u8 *tmp = format (0, "%s", mp->name);
410 u8 *data = vec_new (u8, mp->data_len);
411 clib_memcpy (data, mp->data, mp->data_len);
412 error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
413 vec_free (tmp);
414 vec_free (data);
415 if (error)
416 rv = VNET_API_ERROR_UNSPECIFIED;
417#else
418 rv = VNET_API_ERROR_UNIMPLEMENTED;
419#endif
420
421 REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY);
422}
423
424static void
425vl_api_ikev2_profile_set_ts_t_handler (vl_api_ikev2_profile_set_ts_t * mp)
426{
427 vl_api_ikev2_profile_set_ts_reply_t *rmp;
428 int rv = 0;
429
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]430#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]431 vlib_main_t *vm = vlib_get_main ();
432 clib_error_t *error;
433 u8 *tmp = format (0, "%s", mp->name);
434 error = ikev2_set_profile_ts (vm, tmp, mp->proto, mp->start_port,
435 mp->end_port, (ip4_address_t) mp->start_addr,
436 (ip4_address_t) mp->end_addr, mp->is_local);
437 vec_free (tmp);
438 if (error)
439 rv = VNET_API_ERROR_UNSPECIFIED;
440#else
441 rv = VNET_API_ERROR_UNIMPLEMENTED;
442#endif
443
444 REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_TS_REPLY);
445}
446
447static void
448vl_api_ikev2_set_local_key_t_handler (vl_api_ikev2_set_local_key_t * mp)
449{
450 vl_api_ikev2_profile_set_ts_reply_t *rmp;
451 int rv = 0;
452
Damjan Mariona9a951f2017-01-16 22:06:10 +0100[diff] [blame]453#if WITH_LIBSSL > 0
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]454 vlib_main_t *vm = vlib_get_main ();
455 clib_error_t *error;
456
457 error = ikev2_set_local_key (vm, mp->key_file);
458 if (error)
459 rv = VNET_API_ERROR_UNSPECIFIED;
460#else
461 rv = VNET_API_ERROR_UNIMPLEMENTED;
462#endif
463
464 REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
465}
466
Radu Nicolaucb33dc22017-02-16 16:49:46 +0000[diff] [blame]467static void
468vl_api_ikev2_set_responder_t_handler (vl_api_ikev2_set_responder_t * mp)
469{
470 vl_api_ikev2_set_responder_reply_t *rmp;
471 int rv = 0;
472
473#if WITH_LIBSSL > 0
474 vlib_main_t *vm = vlib_get_main ();
475 clib_error_t *error;
476
477 u8 *tmp = format (0, "%s", mp->name);
478 ip4_address_t ip4;
479 clib_memcpy (&ip4, mp->address, sizeof (ip4));
480
481 error = ikev2_set_profile_responder (vm, tmp, mp->sw_if_index, ip4);
482 vec_free (tmp);
483 if (error)
484 rv = VNET_API_ERROR_UNSPECIFIED;
485#else
486 rv = VNET_API_ERROR_UNIMPLEMENTED;
487#endif
488
489 REPLY_MACRO (VL_API_IKEV2_SET_RESPONDER_REPLY);
490}
491
492static void
493vl_api_ikev2_set_ike_transforms_t_handler (vl_api_ikev2_set_ike_transforms_t *
494 mp)
495{
496 vl_api_ikev2_set_ike_transforms_reply_t *rmp;
497 int rv = 0;
498
499#if WITH_LIBSSL > 0
500 vlib_main_t *vm = vlib_get_main ();
501 clib_error_t *error;
502
503 u8 *tmp = format (0, "%s", mp->name);
504
505 error =
506 ikev2_set_profile_ike_transforms (vm, tmp, mp->crypto_alg, mp->integ_alg,
507 mp->dh_group, mp->crypto_key_size);
508 vec_free (tmp);
509 if (error)
510 rv = VNET_API_ERROR_UNSPECIFIED;
511#else
512 rv = VNET_API_ERROR_UNIMPLEMENTED;
513#endif
514
515 REPLY_MACRO (VL_API_IKEV2_SET_IKE_TRANSFORMS_REPLY);
516}
517
518static void
519vl_api_ikev2_set_esp_transforms_t_handler (vl_api_ikev2_set_esp_transforms_t *
520 mp)
521{
522 vl_api_ikev2_set_esp_transforms_reply_t *rmp;
523 int rv = 0;
524
525#if WITH_LIBSSL > 0
526 vlib_main_t *vm = vlib_get_main ();
527 clib_error_t *error;
528
529 u8 *tmp = format (0, "%s", mp->name);
530
531 error =
532 ikev2_set_profile_esp_transforms (vm, tmp, mp->crypto_alg, mp->integ_alg,
533 mp->dh_group, mp->crypto_key_size);
534 vec_free (tmp);
535 if (error)
536 rv = VNET_API_ERROR_UNSPECIFIED;
537#else
538 rv = VNET_API_ERROR_UNIMPLEMENTED;
539#endif
540
541 REPLY_MACRO (VL_API_IKEV2_SET_ESP_TRANSFORMS_REPLY);
542}
543
544static void
545vl_api_ikev2_set_sa_lifetime_t_handler (vl_api_ikev2_set_sa_lifetime_t * mp)
546{
547 vl_api_ikev2_set_sa_lifetime_reply_t *rmp;
548 int rv = 0;
549
550#if WITH_LIBSSL > 0
551 vlib_main_t *vm = vlib_get_main ();
552 clib_error_t *error;
553
554 u8 *tmp = format (0, "%s", mp->name);
555
556 error =
557 ikev2_set_profile_sa_lifetime (vm, tmp, mp->lifetime, mp->lifetime_jitter,
558 mp->handover, mp->lifetime_maxdata);
559 vec_free (tmp);
560 if (error)
561 rv = VNET_API_ERROR_UNSPECIFIED;
562#else
563 rv = VNET_API_ERROR_UNIMPLEMENTED;
564#endif
565
566 REPLY_MACRO (VL_API_IKEV2_SET_SA_LIFETIME_REPLY);
567}
568
569static void
570vl_api_ikev2_initiate_sa_init_t_handler (vl_api_ikev2_initiate_sa_init_t * mp)
571{
572 vl_api_ikev2_initiate_sa_init_reply_t *rmp;
573 int rv = 0;
574
575#if WITH_LIBSSL > 0
576 vlib_main_t *vm = vlib_get_main ();
577 clib_error_t *error;
578
579 u8 *tmp = format (0, "%s", mp->name);
580
581 error = ikev2_initiate_sa_init (vm, tmp);
582 vec_free (tmp);
583 if (error)
584 rv = VNET_API_ERROR_UNSPECIFIED;
585#else
586 rv = VNET_API_ERROR_UNIMPLEMENTED;
587#endif
588
589 REPLY_MACRO (VL_API_IKEV2_INITIATE_SA_INIT_REPLY);
590}
591
592static void
593vl_api_ikev2_initiate_del_ike_sa_t_handler (vl_api_ikev2_initiate_del_ike_sa_t
594 * mp)
595{
596 vl_api_ikev2_initiate_del_ike_sa_reply_t *rmp;
597 int rv = 0;
598
599#if WITH_LIBSSL > 0
600 vlib_main_t *vm = vlib_get_main ();
601 clib_error_t *error;
602
603 error = ikev2_initiate_delete_ike_sa (vm, mp->ispi);
604 if (error)
605 rv = VNET_API_ERROR_UNSPECIFIED;
606#else
607 rv = VNET_API_ERROR_UNIMPLEMENTED;
608#endif
609
610 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_IKE_SA_REPLY);
611}
612
613static void
614 vl_api_ikev2_initiate_del_child_sa_t_handler
615 (vl_api_ikev2_initiate_del_child_sa_t * mp)
616{
617 vl_api_ikev2_initiate_del_child_sa_reply_t *rmp;
618 int rv = 0;
619
620#if WITH_LIBSSL > 0
621 vlib_main_t *vm = vlib_get_main ();
622 clib_error_t *error;
623
624 error = ikev2_initiate_delete_child_sa (vm, mp->ispi);
625 if (error)
626 rv = VNET_API_ERROR_UNSPECIFIED;
627#else
628 rv = VNET_API_ERROR_UNIMPLEMENTED;
629#endif
630
631 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_CHILD_SA_REPLY);
632}
633
634static void
635 vl_api_ikev2_initiate_rekey_child_sa_t_handler
636 (vl_api_ikev2_initiate_rekey_child_sa_t * mp)
637{
638 vl_api_ikev2_initiate_rekey_child_sa_reply_t *rmp;
639 int rv = 0;
640
641#if WITH_LIBSSL > 0
642 vlib_main_t *vm = vlib_get_main ();
643 clib_error_t *error;
644
645 error = ikev2_initiate_rekey_child_sa (vm, mp->ispi);
646 if (error)
647 rv = VNET_API_ERROR_UNSPECIFIED;
648#else
649 rv = VNET_API_ERROR_UNIMPLEMENTED;
650#endif
651
652 REPLY_MACRO (VL_API_IKEV2_INITIATE_REKEY_CHILD_SA_REPLY);
653}
654
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100[diff] [blame]655/*
656 * ipsec_api_hookup
657 * Add vpe's API message handlers to the table.
658 * vlib has alread mapped shared memory and
659 * added the client registration handlers.
660 * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process()
661 */
662#define vl_msg_name_crc_list
663#include <vnet/vnet_all_api_h.h>
664#undef vl_msg_name_crc_list
665
666static void
667setup_message_id_table (api_main_t * am)
668{
669#define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id);
670 foreach_vl_msg_name_crc_ipsec;
671#undef _
672}
673
674static clib_error_t *
675ipsec_api_hookup (vlib_main_t * vm)
676{
677 api_main_t *am = &api_main;
678
679#define _(N,n) \
680 vl_msg_api_set_handlers(VL_API_##N, #n, \
681 vl_api_##n##_t_handler, \
682 vl_noop_handler, \
683 vl_api_##n##_t_endian, \
684 vl_api_##n##_t_print, \
685 sizeof(vl_api_##n##_t), 1);
686 foreach_vpe_api_msg;
687#undef _
688
689 /*
690 * Set up the (msg_name, crc, message-id) table
691 */
692 setup_message_id_table (am);
693
694 return 0;
695}
696
697VLIB_API_INIT_FUNCTION (ipsec_api_hookup);
698
699/*
700 * fd.io coding-style-patch-verification: ON
701 *
702 * Local Variables:
703 * eval: (c-set-style "gnu")
704 * End:
705 */