Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 5babf98369e07847806752c09f4dac81f270765e / . / src / vnet / ipsec / ipsec_test.c
blob: f399032eb9a73795426d7b6ce5a5ace2f55a3ea1 [file] [log] [blame]
Filip Tehlar0ad06082021-07-25 14:38:45 +0000[diff] [blame]1/* SPDX-License-Identifier: Apache-2.0
2 * Copyright(c) 2021 Cisco Systems, Inc.
3 */
4
5#include <vat/vat.h>
6#include <vlibapi/api.h>
7#include <vlibmemory/api.h>
8#include <vppinfra/error.h>
9#include <vpp/api/types.h>
10
11#include <vnet/ipsec/ipsec.h>
12#include <vnet/ip/ip_types_api.h>
13
14#define __plugin_msg_base ipsec_test_main.msg_id_base
15#include <vlibapi/vat_helper_macros.h>
16
17#include <vlibmemory/vlib.api_enum.h>
18#include <vlibmemory/vlib.api_types.h>
19
20/* Declare message IDs */
21#include <vnet/format_fns.h>
22#include <vnet/ipsec/ipsec.api_enum.h>
23#include <vnet/ipsec/ipsec.api_types.h>
24
25#define vl_endianfun /* define message structures */
26#include <vnet/ipsec/ipsec.api.h>
27#undef vl_endianfun
28
29typedef struct
30{
31 /* API message ID base */
32 u16 msg_id_base;
33 u32 ping_id;
34 vat_main_t *vat_main;
35} ipsec_test_main_t;
36
37static ipsec_test_main_t ipsec_test_main;
38
39static void
40vl_api_ipsec_spds_details_t_handler (vl_api_ipsec_spds_details_t *mp)
41{
42}
43
44static void
45vl_api_ipsec_itf_details_t_handler (vl_api_ipsec_itf_details_t *mp)
46{
47}
48
49static int
50api_ipsec_itf_delete (vat_main_t *vat)
51{
52 return -1;
53}
54
55static int
56api_ipsec_itf_create (vat_main_t *vat)
57{
58 return -1;
59}
60
61static void
62vl_api_ipsec_itf_create_reply_t_handler (vl_api_ipsec_itf_create_reply_t *vat)
63{
64}
65
66static int
67api_ipsec_spd_entry_add_del (vat_main_t *vam)
68{
69 unformat_input_t *i = vam->input;
70 vl_api_ipsec_spd_entry_add_del_t *mp;
71 u8 is_add = 1, is_outbound = 0;
72 u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0;
73 i32 priority = 0;
74 u32 rport_start = 0, rport_stop = (u32) ~0;
75 u32 lport_start = 0, lport_stop = (u32) ~0;
76 vl_api_address_t laddr_start = {}, laddr_stop = {}, raddr_start = {},
77 raddr_stop = {};
78 int ret;
79
80 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
81 {
82 if (unformat (i, "del"))
83 is_add = 0;
84 if (unformat (i, "outbound"))
85 is_outbound = 1;
86 if (unformat (i, "inbound"))
87 is_outbound = 0;
88 else if (unformat (i, "spd_id %d", &spd_id))
89 ;
90 else if (unformat (i, "sa_id %d", &sa_id))
91 ;
92 else if (unformat (i, "priority %d", &priority))
93 ;
94 else if (unformat (i, "protocol %d", &protocol))
95 ;
96 else if (unformat (i, "lport_start %d", &lport_start))
97 ;
98 else if (unformat (i, "lport_stop %d", &lport_stop))
99 ;
100 else if (unformat (i, "rport_start %d", &rport_start))
101 ;
102 else if (unformat (i, "rport_stop %d", &rport_stop))
103 ;
104 else if (unformat (i, "laddr_start %U", unformat_vl_api_address,
105 &laddr_start))
106 ;
107 else if (unformat (i, "laddr_stop %U", unformat_vl_api_address,
108 &laddr_stop))
109 ;
110 else if (unformat (i, "raddr_start %U", unformat_vl_api_address,
111 &raddr_start))
112 ;
113 else if (unformat (i, "raddr_stop %U", unformat_vl_api_address,
114 &raddr_stop))
115 ;
116 else if (unformat (i, "action %U", unformat_ipsec_policy_action,
117 &policy))
118 {
119 if (policy == IPSEC_POLICY_ACTION_RESOLVE)
120 {
121 clib_warning ("unsupported action: 'resolve'");
122 return -99;
123 }
124 }
125 else
126 {
127 clib_warning ("parse error '%U'", format_unformat_error, i);
128 return -99;
129 }
130 }
131
132 M (IPSEC_SPD_ENTRY_ADD_DEL, mp);
133
134 mp->is_add = is_add;
135
136 mp->entry.spd_id = ntohl (spd_id);
137 mp->entry.priority = ntohl (priority);
138 mp->entry.is_outbound = is_outbound;
139
140 clib_memcpy (&mp->entry.remote_address_start, &raddr_start,
141 sizeof (vl_api_address_t));
142 clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop,
143 sizeof (vl_api_address_t));
144 clib_memcpy (&mp->entry.local_address_start, &laddr_start,
145 sizeof (vl_api_address_t));
146 clib_memcpy (&mp->entry.local_address_stop, &laddr_stop,
147 sizeof (vl_api_address_t));
148
149 mp->entry.protocol = (u8) protocol;
150 mp->entry.local_port_start = ntohs ((u16) lport_start);
151 mp->entry.local_port_stop = ntohs ((u16) lport_stop);
152 mp->entry.remote_port_start = ntohs ((u16) rport_start);
153 mp->entry.remote_port_stop = ntohs ((u16) rport_stop);
154 mp->entry.policy = (u8) policy;
155 mp->entry.sa_id = ntohl (sa_id);
156
157 S (mp);
158 W (ret);
159 return ret;
160}
161
162static void
163vl_api_ipsec_spd_details_t_handler (vl_api_ipsec_spd_details_t *mp)
164{
165}
166
167static void
168vl_api_ipsec_sad_entry_add_del_reply_t_handler (
169 vl_api_ipsec_sad_entry_add_del_reply_t *mp)
170{
171}
172
173static void
174vl_api_ipsec_sad_entry_add_del_v3_reply_t_handler (
175 vl_api_ipsec_sad_entry_add_del_v3_reply_t *mp)
176{
177}
178
179static void
180vl_api_ipsec_sad_entry_add_reply_t_handler (
181 vl_api_ipsec_sad_entry_add_reply_t *mp)
182{
183}
184
185static int
186api_ipsec_sad_entry_del (vat_main_t *vat)
187{
188 return -1;
189}
190
191static void
192vl_api_ipsec_sad_entry_add_del_v2_reply_t_handler (
193 vl_api_ipsec_sad_entry_add_del_v2_reply_t *mp)
194{
195}
196
197static void
198vl_api_ipsec_spd_interface_details_t_handler (
199 vl_api_ipsec_spd_interface_details_t *vat)
200{
201}
202
203static int
204api_ipsec_sad_entry_add_del_v3 (vat_main_t *vat)
205{
206 return -1;
207}
208
209static int
210api_ipsec_tunnel_protect_update (vat_main_t *vat)
211{
212 return -1;
213}
214
215static void
216vl_api_ipsec_backend_details_t_handler (vl_api_ipsec_backend_details_t *mp)
217{
218}
219
220static int
221api_ipsec_sa_v3_dump (vat_main_t *vat)
222{
223 return -1;
224}
225
226static int
227api_ipsec_tunnel_protect_dump (vat_main_t *vat)
228{
229 return -1;
230}
231
232static int
233api_ipsec_tunnel_protect_del (vat_main_t *vat)
234{
235 return -1;
236}
237
238static void
239vl_api_ipsec_tunnel_protect_details_t_handler (
240 vl_api_ipsec_tunnel_protect_details_t *mp)
241{
242}
243
244static int
245api_ipsec_sad_entry_add (vat_main_t *vat)
246{
247 return -1;
248}
249
250static void
251vl_api_ipsec_spd_entry_add_del_reply_t_handler (
252 vl_api_ipsec_spd_entry_add_del_reply_t *mp)
253{
254}
255
256static int
257api_ipsec_spds_dump (vat_main_t *vam)
258{
259 return -1;
260}
261
262static int
263api_ipsec_itf_dump (vat_main_t *vam)
264{
265 return -1;
266}
267
268static void
269vl_api_ipsec_sa_v3_details_t_handler (vl_api_ipsec_sa_v3_details_t *mp)
270{
271}
272
273static int
274api_ipsec_spd_interface_dump (vat_main_t *vat)
275{
276 return -1;
277}
278
279static void
280vl_api_ipsec_sa_v2_details_t_handler (vl_api_ipsec_sa_v2_details_t *mp)
281{
282}
283
284static int
285api_ipsec_sa_v2_dump (vat_main_t *mp)
286{
287 return -1;
288}
289
290static int
291api_ipsec_sa_dump (vat_main_t *vam)
292{
293 unformat_input_t *i = vam->input;
294 vl_api_ipsec_sa_dump_t *mp;
295 vl_api_control_ping_t *mp_ping;
296 u32 sa_id = ~0;
297 int ret;
298
299 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
300 {
301 if (unformat (i, "sa_id %d", &sa_id))
302 ;
303 else
304 {
305 clib_warning ("parse error '%U'", format_unformat_error, i);
306 return -99;
307 }
308 }
309
310 M (IPSEC_SA_DUMP, mp);
311
312 mp->sa_id = ntohl (sa_id);
313
314 S (mp);
315
316 /* Use a control ping for synchronization */
317 PING (&ipsec_test_main, mp_ping);
318 S (mp_ping);
319
320 W (ret);
321 return ret;
322}
323
324static void
325vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t *mp)
326{
327 vat_main_t *vam = &vat_main;
328
329 print (vam->ofp,
330 "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u "
331 "crypto_key %U integ_alg %u integ_key %U flags %x "
332 "tunnel_src_addr %U tunnel_dst_addr %U "
333 "salt %u seq_outbound %lu last_seq_inbound %lu "
334 "replay_window %lu stat_index %u\n",
335 ntohl (mp->entry.sad_id), ntohl (mp->sw_if_index),
336 ntohl (mp->entry.spi), ntohl (mp->entry.protocol),
337 ntohl (mp->entry.crypto_algorithm), format_hex_bytes,
338 mp->entry.crypto_key.data, mp->entry.crypto_key.length,
339 ntohl (mp->entry.integrity_algorithm), format_hex_bytes,
340 mp->entry.integrity_key.data, mp->entry.integrity_key.length,
341 ntohl (mp->entry.flags), format_vl_api_address, &mp->entry.tunnel_src,
342 format_vl_api_address, &mp->entry.tunnel_dst, ntohl (mp->salt),
343 clib_net_to_host_u64 (mp->seq_outbound),
344 clib_net_to_host_u64 (mp->last_seq_inbound),
345 clib_net_to_host_u64 (mp->replay_window), ntohl (mp->stat_index));
346}
347
348static int
349api_ipsec_spd_dump (vat_main_t *vam)
350{
351 return -1;
352}
353
354uword
355unformat_ipsec_api_crypto_alg (unformat_input_t *input, va_list *args)
356{
357 u32 *r = va_arg (*args, u32 *);
358
359 if (0)
360 ;
361#define _(v, f, s) else if (unformat (input, s)) *r = IPSEC_API_CRYPTO_ALG_##f;
362 foreach_ipsec_crypto_alg
363#undef _
364 else return 0;
365 return 1;
366}
367
368uword
369unformat_ipsec_api_integ_alg (unformat_input_t *input, va_list *args)
370{
371 u32 *r = va_arg (*args, u32 *);
372
373 if (0)
374 ;
375#define _(v, f, s) else if (unformat (input, s)) *r = IPSEC_API_INTEG_ALG_##f;
376 foreach_ipsec_integ_alg
377#undef _
378 else return 0;
379 return 1;
380}
381
382static int
383api_ipsec_sad_entry_add_del (vat_main_t *vam)
384{
385 unformat_input_t *i = vam->input;
386 vl_api_ipsec_sad_entry_add_del_t *mp;
387 u32 sad_id = 0, spi = 0;
388 u8 *ck = 0, *ik = 0;
389 u8 is_add = 1;
390
391 vl_api_ipsec_crypto_alg_t crypto_alg = IPSEC_API_CRYPTO_ALG_NONE;
392 vl_api_ipsec_integ_alg_t integ_alg = IPSEC_API_INTEG_ALG_NONE;
393 vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
394 vl_api_ipsec_proto_t protocol = IPSEC_API_PROTO_AH;
395 vl_api_address_t tun_src, tun_dst;
396 int ret;
397
398 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
399 {
400 if (unformat (i, "del"))
401 is_add = 0;
402 else if (unformat (i, "sad_id %d", &sad_id))
403 ;
404 else if (unformat (i, "spi %d", &spi))
405 ;
406 else if (unformat (i, "esp"))
407 protocol = IPSEC_API_PROTO_ESP;
408 else if (unformat (i, "tunnel_src %U", unformat_vl_api_address,
409 &tun_src))
410 {
411 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
412 if (ADDRESS_IP6 == tun_src.af)
413 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
414 }
415 else if (unformat (i, "tunnel_dst %U", unformat_vl_api_address,
416 &tun_dst))
417 {
418 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL;
419 if (ADDRESS_IP6 == tun_src.af)
420 flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
421 }
422 else if (unformat (i, "crypto_alg %U", unformat_ipsec_api_crypto_alg,
423 &crypto_alg))
424 ;
425 else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck))
426 ;
427 else if (unformat (i, "integ_alg %U", unformat_ipsec_api_integ_alg,
428 &integ_alg))
429 ;
430 else if (unformat (i, "integ_key %U", unformat_hex_string, &ik))
431 ;
432 else
433 {
434 clib_warning ("parse error '%U'", format_unformat_error, i);
435 return -99;
436 }
437 }
438
439 M (IPSEC_SAD_ENTRY_ADD_DEL, mp);
440
441 mp->is_add = is_add;
442 mp->entry.sad_id = ntohl (sad_id);
443 mp->entry.protocol = protocol;
444 mp->entry.spi = ntohl (spi);
445 mp->entry.flags = flags;
446
447 mp->entry.crypto_algorithm = crypto_alg;
448 mp->entry.integrity_algorithm = integ_alg;
449 mp->entry.crypto_key.length = vec_len (ck);
450 mp->entry.integrity_key.length = vec_len (ik);
451
452 if (mp->entry.crypto_key.length > sizeof (mp->entry.crypto_key.data))
453 mp->entry.crypto_key.length = sizeof (mp->entry.crypto_key.data);
454
455 if (mp->entry.integrity_key.length > sizeof (mp->entry.integrity_key.data))
456 mp->entry.integrity_key.length = sizeof (mp->entry.integrity_key.data);
457
458 if (ck)
459 clib_memcpy (mp->entry.crypto_key.data, ck, mp->entry.crypto_key.length);
460 if (ik)
461 clib_memcpy (mp->entry.integrity_key.data, ik,
462 mp->entry.integrity_key.length);
463
464 if (flags & IPSEC_API_SAD_FLAG_IS_TUNNEL)
465 {
466 clib_memcpy (&mp->entry.tunnel_src, &tun_src,
467 sizeof (mp->entry.tunnel_src));
468 clib_memcpy (&mp->entry.tunnel_dst, &tun_dst,
469 sizeof (mp->entry.tunnel_dst));
470 }
471
472 S (mp);
473 W (ret);
474 return ret;
475}
476
477static int
478api_ipsec_sad_entry_add_del_v2 (vat_main_t *vam)
479{
480 return -1;
481}
482
483static int
484api_ipsec_interface_add_del_spd (vat_main_t *vam)
485{
486 vnet_main_t *vnm = vnet_get_main ();
487 unformat_input_t *i = vam->input;
488 vl_api_ipsec_interface_add_del_spd_t *mp;
489 u32 sw_if_index;
490 u8 sw_if_index_set = 0;
491 u32 spd_id = (u32) ~0;
492 u8 is_add = 1;
493 int ret;
494
495 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
496 {
497 if (unformat (i, "del"))
498 is_add = 0;
499 else if (unformat (i, "spd_id %d", &spd_id))
500 ;
501 else if (unformat (i, "%U", unformat_vnet_sw_interface, vnm,
502 &sw_if_index))
503 sw_if_index_set = 1;
504 else if (unformat (i, "sw_if_index %d", &sw_if_index))
505 sw_if_index_set = 1;
506 else
507 {
508 clib_warning ("parse error '%U'", format_unformat_error, i);
509 return -99;
510 }
511 }
512
513 if (spd_id == (u32) ~0)
514 {
515 errmsg ("spd_id must be set");
516 return -99;
517 }
518
519 if (sw_if_index_set == 0)
520 {
521 errmsg ("missing interface name or sw_if_index");
522 return -99;
523 }
524
525 M (IPSEC_INTERFACE_ADD_DEL_SPD, mp);
526
527 mp->spd_id = ntohl (spd_id);
528 mp->sw_if_index = ntohl (sw_if_index);
529 mp->is_add = is_add;
530
531 S (mp);
532 W (ret);
533 return ret;
534}
535
536static int
537api_ipsec_backend_dump (vat_main_t *vam)
538{
539 return -1;
540}
541
542static int
543api_ipsec_select_backend (vat_main_t *vam)
544{
545 return -1;
546}
547
548static int
549api_ipsec_set_async_mode (vat_main_t *vam)
550{
551 return -1;
552}
553
554static int
555api_ipsec_spd_add_del (vat_main_t *vam)
556{
557 unformat_input_t *i = vam->input;
558 vl_api_ipsec_spd_add_del_t *mp;
559 u32 spd_id = ~0;
560 u8 is_add = 1;
561 int ret;
562
563 while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
564 {
565 if (unformat (i, "spd_id %d", &spd_id))
566 ;
567 else if (unformat (i, "del"))
568 is_add = 0;
569 else
570 {
571 clib_warning ("parse error '%U'", format_unformat_error, i);
572 return -99;
573 }
574 }
575 if (spd_id == ~0)
576 {
577 errmsg ("spd_id must be set");
578 return -99;
579 }
580
581 M (IPSEC_SPD_ADD_DEL, mp);
582
583 mp->spd_id = ntohl (spd_id);
584 mp->is_add = is_add;
585
586 S (mp);
587 W (ret);
588 return ret;
589}
590
591#include <vnet/ipsec/ipsec.api_test.c>
592
593/*
594 * Local Variables:
595 * eval: (c-set-style "gnu")
596 * End:
597 */