ikev2: add SA dump API

Type: feature Ticket: VPP-1897 Change-Id: I0245aceeb344efd29b1f9217c35889a8bbe1f744 Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
author: jan_cavojsky <Jan.Cavojsky@pantheon.tech> 2020-07-08 09:24:12 +0200
committer: Benoît Ganne <bganne@cisco.com> 2020-07-24 11:44:23 +0000
commit: a340fe1ac6a31d4e60affa7209ade48189b18eb4 (patch)
tree: 775711b5b5b14c9a626d8dd128fdad4021e50372 /src/plugins/ikev2/ikev2_api.c
parent: 7fc88cf3a1236ebf9f21a2054eee7d586e031e5f (diff)
1 files changed, 277 insertions, 0 deletions
diff --git a/src/plugins/ikev2/ikev2_api.c b/src/plugins/ikev2/ikev2_api.c
index f1ff40a8a0a..c73505b2421 100644
--- a/src/plugins/ikev2/ikev2_api.c
+++ b/src/plugins/ikev2/ikev2_api.c
@@ -32,6 +32,7 @@
 
 
 #define vl_endianfun		/* define message structures */
+#include <plugins/ikev2/ikev2.api.h>
 #include <plugins/ikev2/ikev2_types.api.h>
 #undef vl_endianfun
 
@@ -42,6 +43,19 @@ extern ikev2_main_t ikev2_main;
 #define REPLY_MSG_ID_BASE ikev2_main.msg_id_base
 #include <vlibapi/api_helper_macros.h>
 
+static u32
+ikev2_encode_sa_index (u32 sai, u32 ti)
+{
+  return (ti << 16) | sai;
+}
+
+static void
+ikev2_decode_sa_index (u32 api_sai, u32 * sai, u32 * ti)
+{
+  *sai = api_sai & 0xffff;
+  *ti = api_sai >> 16;
+}
+
 static void
 cp_ike_transforms (vl_api_ikev2_ike_transforms_t * vl_api_ts,
 		   ikev2_transforms_set * ts)
@@ -105,6 +119,18 @@ cp_responder (vl_api_ikev2_responder_t * vl_api_responder,
   ip4_address_encode (&responder->ip4, vl_api_responder->ip4);
 }
 
+void
+cp_sa_transform (vl_api_ikev2_sa_transform_t * vl_tr,
+		 ikev2_sa_transform_t * tr)
+{
+  vl_tr->transform_type = tr->type;
+  vl_tr->key_len = tr->key_len;
+  vl_tr->key_trunc = tr->key_trunc;
+  vl_tr->block_size = tr->block_size;
+  vl_tr->dh_group = tr->dh_group;
+  vl_tr->transform_id = tr->encr_type;
+}
+
 static void
 send_profile (ikev2_profile_t * profile, vl_api_registration_t * reg,
 	      u32 context)
@@ -169,6 +195,257 @@ vl_api_ikev2_profile_dump_t_handler (vl_api_ikev2_profile_dump_t * mp)
 }
 
 static void
+send_sa (ikev2_sa_t * sa, vl_api_ikev2_sa_dump_t * mp, u32 api_sa_index)
+{
+  vl_api_ikev2_sa_details_t *rmp = 0;
+  int rv = 0;
+  ikev2_sa_transform_t *tr;
+
+  /* *INDENT-OFF* */
+  REPLY_MACRO2_ZERO (VL_API_IKEV2_SA_DETAILS,
+  {
+    vl_api_ikev2_sa_t *rsa = &rmp->sa;
+    vl_api_ikev2_keys_t* k = &rsa->keys;
+    rsa->profile_index = rsa->profile_index;
+    rsa->sa_index = api_sa_index;
+    ip4_address_encode (&sa->iaddr, rsa->iaddr);
+    ip4_address_encode (&sa->raddr, rsa->raddr);
+    rsa->ispi = sa->ispi;
+    rsa->rspi = sa->rspi;
+    cp_id(&rsa->i_id, &sa->i_id);
+    cp_id(&rsa->r_id, &sa->r_id);
+
+    tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
+    if (tr)
+      cp_sa_transform (&rsa->encryption, tr);
+
+    tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
+    if (tr)
+      cp_sa_transform (&rsa->prf, tr);
+
+    tr = ikev2_sa_get_td_for_type (sa->r_proposals,
+                                   IKEV2_TRANSFORM_TYPE_INTEG);
+    if (tr)
+      cp_sa_transform (&rsa->integrity, tr);
+
+    tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_DH);
+    if (tr)
+      cp_sa_transform (&rsa->dh, tr);
+
+    k->sk_d_len = vec_len (sa->sk_d);
+    clib_memcpy (&k->sk_d, sa->sk_d, k->sk_d_len);
+
+    k->sk_ai_len = vec_len (sa->sk_ai);
+    clib_memcpy (&k->sk_ai, sa->sk_ai, k->sk_ai_len);
+
+    k->sk_ar_len = vec_len (sa->sk_ar);
+    clib_memcpy (&k->sk_ar, sa->sk_ar, k->sk_ar_len);
+
+    k->sk_ei_len = vec_len (sa->sk_ei);
+    clib_memcpy (&k->sk_ei, sa->sk_ei, k->sk_ei_len);
+
+    k->sk_er_len = vec_len (sa->sk_er);
+    clib_memcpy (&k->sk_er, sa->sk_er, k->sk_er_len);
+
+    k->sk_pi_len = vec_len (sa->sk_pi);
+    clib_memcpy (&k->sk_pi, sa->sk_pi, k->sk_pi_len);
+
+    k->sk_pr_len = vec_len (sa->sk_pr);
+    clib_memcpy (&k->sk_pr, sa->sk_pr, k->sk_pr_len);
+
+    vl_api_ikev2_sa_t_endian(rsa);
+  });
+  /* *INDENT-ON* */
+}
+
+static void
+vl_api_ikev2_sa_dump_t_handler (vl_api_ikev2_sa_dump_t * mp)
+{
+  ikev2_main_t *km = &ikev2_main;
+  ikev2_main_per_thread_data_t *tkm;
+  ikev2_sa_t *sa;
+
+  vec_foreach (tkm, km->per_thread_data)
+  {
+    /* *INDENT-OFF* */
+    pool_foreach (sa, tkm->sas,
+    ({
+      u32 api_sa_index = ikev2_encode_sa_index (sa - tkm->sas,
+                                              tkm - km->per_thread_data);
+      send_sa (sa, mp, api_sa_index);
+    }));
+    /* *INDENT-ON* */
+  }
+}
+
+
+static void
+send_child_sa (ikev2_child_sa_t * child,
+	       vl_api_ikev2_child_sa_dump_t * mp, u32 child_sa_index,
+	       u32 sa_index)
+{
+  vl_api_ikev2_child_sa_details_t *rmp = 0;
+  int rv = 0;
+  ikev2_sa_transform_t *tr;
+
+  /* *INDENT-OFF* */
+  REPLY_MACRO2_ZERO (VL_API_IKEV2_CHILD_SA_DETAILS,
+  {
+    vl_api_ikev2_keys_t *k = &rmp->child_sa.keys;
+    rmp->child_sa.child_sa_index = child_sa_index;
+    rmp->child_sa.sa_index = sa_index;
+    rmp->child_sa.i_spi =
+      child->i_proposals ? child->i_proposals[0].spi : 0;
+    rmp->child_sa.r_spi =
+      child->r_proposals ? child->r_proposals[0].spi : 0;
+
+    tr = ikev2_sa_get_td_for_type (child->r_proposals,
+                                   IKEV2_TRANSFORM_TYPE_ENCR);
+    if (tr)
+      cp_sa_transform (&rmp->child_sa.encryption, tr);
+
+    tr = ikev2_sa_get_td_for_type (child->r_proposals,
+                                   IKEV2_TRANSFORM_TYPE_INTEG);
+    if (tr)
+      cp_sa_transform (&rmp->child_sa.integrity, tr);
+
+    tr = ikev2_sa_get_td_for_type (child->r_proposals,
+                                   IKEV2_TRANSFORM_TYPE_ESN);
+    if (tr)
+      cp_sa_transform (&rmp->child_sa.esn, tr);
+
+    k->sk_ei_len = vec_len (child->sk_ei);
+    clib_memcpy (&k->sk_ei, child->sk_ei, k->sk_ei_len);
+
+    k->sk_er_len = vec_len (child->sk_er);
+    clib_memcpy (&k->sk_er, child->sk_er, k->sk_er_len);
+
+    if (vec_len (child->sk_ai))
+      {
+        k->sk_ai_len = vec_len (child->sk_ai);
+        clib_memcpy (&k->sk_ai, child->sk_ai,
+		     k->sk_ai_len);
+
+        k->sk_ar_len = vec_len (child->sk_ar);
+        clib_memcpy (&k->sk_ar, child->sk_ar,
+		     k->sk_ar_len);
+      }
+
+    vl_api_ikev2_child_sa_t_endian (&rmp->child_sa);
+  });
+  /* *INDENT-ON* */
+}
+
+static void
+vl_api_ikev2_child_sa_dump_t_handler (vl_api_ikev2_child_sa_dump_t * mp)
+{
+  ikev2_main_t *im = &ikev2_main;
+  ikev2_main_per_thread_data_t *tkm;
+  ikev2_sa_t *sa;
+  ikev2_child_sa_t *child;
+  u32 sai = ~0, ti = ~0;
+
+  ikev2_decode_sa_index (clib_net_to_host_u32 (mp->sa_index), &sai, &ti);
+
+  if (vec_len (im->per_thread_data) <= ti)
+    return;
+
+  tkm = vec_elt_at_index (im->per_thread_data, ti);
+
+  if (pool_len (tkm->sas) <= sai || pool_is_free_index (tkm->sas, sai))
+    return;
+
+  sa = pool_elt_at_index (tkm->sas, sai);
+
+  vec_foreach (child, sa->childs)
+  {
+    u32 child_sa_index = child - sa->childs;
+    send_child_sa (child, mp, child_sa_index, sai);
+  }
+}
+
+static void
+  vl_api_ikev2_traffic_selector_dump_t_handler
+  (vl_api_ikev2_traffic_selector_dump_t * mp)
+{
+  ikev2_main_t *im = &ikev2_main;
+  ikev2_main_per_thread_data_t *tkm;
+  ikev2_sa_t *sa;
+  ikev2_child_sa_t *child;
+  ikev2_ts_t *ts;
+  u32 sai = ~0, ti = ~0;
+
+  u32 api_sa_index = clib_net_to_host_u32 (mp->sa_index);
+  u32 child_sa_index = clib_net_to_host_u32 (mp->child_sa_index);
+  ikev2_decode_sa_index (api_sa_index, &sai, &ti);
+
+  if (vec_len (im->per_thread_data) <= ti)
+    return;
+
+  tkm = vec_elt_at_index (im->per_thread_data, ti);
+
+  if (pool_len (tkm->sas) <= sai || pool_is_free_index (tkm->sas, sai))
+    return;
+
+  sa = pool_elt_at_index (tkm->sas, sai);
+
+  if (vec_len (sa->childs) <= child_sa_index)
+    return;
+
+  child = vec_elt_at_index (sa->childs, child_sa_index);
+
+  vec_foreach (ts, mp->is_initiator ? child->tsi : child->tsr)
+  {
+    vl_api_ikev2_traffic_selector_details_t *rmp = 0;
+    int rv = 0;
+
+    /* *INDENT-OFF* */
+    REPLY_MACRO2_ZERO (VL_API_IKEV2_TRAFFIC_SELECTOR_DETAILS,
+    {
+      rmp->ts.sa_index = api_sa_index;
+      rmp->ts.child_sa_index = child_sa_index;
+      cp_ts (&rmp->ts, ts, mp->is_initiator);
+      vl_api_ikev2_ts_t_endian (&rmp->ts);
+    });
+    /* *INDENT-ON* */
+  }
+}
+
+static void
+vl_api_ikev2_nonce_get_t_handler (vl_api_ikev2_nonce_get_t * mp)
+{
+  ikev2_main_t *im = &ikev2_main;
+  ikev2_main_per_thread_data_t *tkm;
+  ikev2_sa_t *sa;
+  u32 sai = ~0, ti = ~0;
+
+  ikev2_decode_sa_index (clib_net_to_host_u32 (mp->sa_index), &sai, &ti);
+
+  if (vec_len (im->per_thread_data) <= ti)
+    return;
+
+  tkm = vec_elt_at_index (im->per_thread_data, ti);
+
+  if (pool_len (tkm->sas) <= sai || pool_is_free_index (tkm->sas, sai))
+    return;
+
+  sa = pool_elt_at_index (tkm->sas, sai);
+
+  u8 *nonce = mp->is_initiator ? sa->i_nonce : sa->r_nonce;
+  vl_api_ikev2_nonce_get_reply_t *rmp = 0;
+  int data_len = vec_len (nonce);
+  int rv = 0;
+
+  /* *INDENT-OFF* */
+  REPLY_MACRO3_ZERO (VL_API_IKEV2_NONCE_GET_REPLY, data_len,
+  {
+    rmp->data_len = clib_host_to_net_u32 (data_len);
+    clib_memcpy (rmp->nonce, nonce, data_len);
+  });
+  /* *INDENT-ON* */
+}
+
+static void
 vl_api_ikev2_plugin_get_version_t_handler (vl_api_ikev2_plugin_get_version_t *
 					   mp)
 {
author	jan_cavojsky <Jan.Cavojsky@pantheon.tech>	2020-07-08 09:24:12 +0200
committer	Benoît Ganne <bganne@cisco.com>	2020-07-24 11:44:23 +0000
commit	a340fe1ac6a31d4e60affa7209ade48189b18eb4 (patch)
tree	775711b5b5b14c9a626d8dd128fdad4021e50372 /src/plugins/ikev2/ikev2_api.c
parent	7fc88cf3a1236ebf9f21a2054eee7d586e031e5f (diff)