summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2_test.c
diff options
context:
space:
mode:
authorJan Cavojsky <Jan.Cavojsky@pantheon.tech>2020-06-26 15:05:10 +0200
committerBenoƮt Ganne <bganne@cisco.com>2020-07-06 14:25:11 +0000
commit6a9bd81886772b5ffeb367736fb83bf95f37435f (patch)
treeddee63c01bc026ef021b5ca3b370192f6f5c7eea /src/plugins/ikev2/ikev2_test.c
parent4f42a717798ca25cf575587cbc606d6d7787fedd (diff)
ikev2: add profile dump API
Type: feature Signed-off-by: Jan Cavojsky <Jan.Cavojsky@pantheon.tech> Change-Id: I84776a50b520134e8a3ca6ae41b4cc29009e6319
Diffstat (limited to 'src/plugins/ikev2/ikev2_test.c')
-rw-r--r--src/plugins/ikev2/ikev2_test.c189
1 files changed, 189 insertions, 0 deletions
diff --git a/src/plugins/ikev2/ikev2_test.c b/src/plugins/ikev2/ikev2_test.c
index 298125d23b0..91722ec2b9a 100644
--- a/src/plugins/ikev2/ikev2_test.c
+++ b/src/plugins/ikev2/ikev2_test.c
@@ -21,6 +21,7 @@
#include <vlibapi/api.h>
#include <vlibmemory/api.h>
#include <vppinfra/error.h>
+#include <vnet/ipsec/ipsec_sa.h>
#include <plugins/ikev2/ikev2.h>
#define __plugin_msg_base ikev2_test_main.msg_id_base
@@ -30,11 +31,13 @@
#include <vnet/format_fns.h>
#include <ikev2/ikev2.api_enum.h>
#include <ikev2/ikev2.api_types.h>
+#include <vpp/api/vpe.api_types.h>
typedef struct
{
/* API message ID base */
u16 msg_id_base;
+ u32 ping_id;
vat_main_t *vat_main;
} ikev2_test_main_t;
@@ -54,6 +57,7 @@ unformat_ikev2_auth_method (unformat_input_t * input, va_list * args)
return 1;
}
+
uword
unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
{
@@ -68,6 +72,191 @@ unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
return 1;
}
+#define MACRO_FORMAT(lc) \
+u8 * format_ikev2_##lc (u8 * s, va_list * args) \
+{ \
+ u32 i = va_arg (*args, u32); \
+ char * t = 0; \
+ switch (i) { \
+ foreach_ikev2_##lc \
+ default: \
+ return format (s, "unknown (%u)", i); \
+ } \
+ s = format (s, "%s", t); \
+ return s; \
+}
+
+#define _(v,f,str) case IKEV2_AUTH_METHOD_##f: t = str; break;
+MACRO_FORMAT (auth_method)
+#undef _
+#define _(v,f,str) case IKEV2_ID_TYPE_##f: t = str; break;
+ MACRO_FORMAT (id_type)
+#undef _
+#define _(v,f,str) case IKEV2_TRANSFORM_ENCR_TYPE_##f: t = str; break;
+ MACRO_FORMAT (transform_encr_type)
+#undef _
+#define _(v,f,str) case IKEV2_TRANSFORM_INTEG_TYPE_##f: t = str; break;
+ MACRO_FORMAT (transform_integ_type)
+#undef _
+#define _(v,f,str) case IKEV2_TRANSFORM_DH_TYPE_##f: t = str; break;
+ MACRO_FORMAT (transform_dh_type)
+#undef _
+ u8 *format_ikev2_id_type_and_data (u8 * s, va_list * args)
+{
+ vl_api_ikev2_id_t *id = va_arg (*args, vl_api_ikev2_id_t *);
+
+ if (id->type == 0)
+ return format (s, "none");
+
+ s = format (s, "%U", format_ikev2_id_type, id->type);
+
+ switch (id->type)
+ {
+ case 0:
+ return format (s, "none");
+ case IKEV2_ID_TYPE_ID_FQDN:
+ s = format (s, " %s", id->data);
+ break;
+ case IKEV2_ID_TYPE_ID_RFC822_ADDR:
+ s = format (s, " %s", id->data);
+ break;
+ case IKEV2_ID_TYPE_ID_IPV4_ADDR:
+ s = format (s, " %U", format_ip4_address, id->data);
+ break;
+ case IKEV2_ID_TYPE_ID_KEY_ID:
+ s = format (s, " 0x%U", format_hex_bytes, id->data, id->data_len);
+ break;
+ default:
+ s = format (s, " %s", id->data);
+ }
+
+ return s;
+}
+
+static int
+api_ikev2_profile_dump (vat_main_t * vam)
+{
+ ikev2_test_main_t *ik = &ikev2_test_main;
+ vl_api_ikev2_profile_dump_t *mp;
+ vl_api_control_ping_t *mp_ping;
+ int ret;
+
+ /* Construct the API message */
+ M (IKEV2_PROFILE_DUMP, mp);
+
+ /* send it... */
+ S (mp);
+
+ /* Use a control ping for synchronization */
+ if (!ik->ping_id)
+ ik->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC));
+ mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping));
+ mp_ping->_vl_msg_id = htons (ik->ping_id);
+ mp_ping->client_index = vam->my_client_index;
+
+ fformat (vam->ofp, "Sending ping id=%d\n", ik->ping_id);
+
+ vam->result_ready = 0;
+ S (mp_ping);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
+static void vl_api_ikev2_profile_details_t_handler
+ (vl_api_ikev2_profile_details_t * mp)
+{
+ vat_main_t *vam = ikev2_test_main.vat_main;
+ vl_api_ikev2_profile_t *p = &mp->profile;
+
+ fformat (vam->ofp, "profile %s\n", p->name);
+
+ if (p->auth.method)
+ {
+ if (p->auth.hex)
+ fformat (vam->ofp, " auth-method %U auth data 0x%U\n",
+ format_ikev2_auth_method, p->auth.method,
+ format_hex_bytes, p->auth.data,
+ clib_net_to_host_u32 (p->auth.data_len));
+ else
+ fformat (vam->ofp, " auth-method %U auth data %v\n",
+ format_ikev2_auth_method, p->auth.method, format (0,
+ "%s",
+ p->
+ auth.data));
+ }
+
+ if (p->loc_id.type)
+ {
+ fformat (vam->ofp, " local id-type data %U\n",
+ format_ikev2_id_type_and_data, &p->loc_id);
+ }
+
+ if (p->rem_id.type)
+ {
+ fformat (vam->ofp, " remote id-type data %U\n",
+ format_ikev2_id_type_and_data, &p->rem_id);
+ }
+
+ if (*((u32 *) & p->loc_ts.end_addr))
+ fformat (vam->ofp, " local traffic-selector addr %U - %U port %u - %u"
+ " protocol %u\n",
+ format_ip4_address, &p->loc_ts.start_addr,
+ format_ip4_address, &p->loc_ts.end_addr,
+ clib_net_to_host_u16 (p->loc_ts.start_port),
+ clib_net_to_host_u16 (p->loc_ts.end_port),
+ p->loc_ts.protocol_id);
+
+ if (*((u32 *) & p->rem_ts.end_addr))
+ fformat (vam->ofp, " remote traffic-selector addr %U - %U port %u - %u"
+ " protocol %u\n",
+ format_ip4_address, &p->rem_ts.start_addr,
+ format_ip4_address, &p->rem_ts.end_addr,
+ clib_net_to_host_u16 (p->rem_ts.start_port),
+ clib_net_to_host_u16 (p->rem_ts.end_port),
+ p->rem_ts.protocol_id);
+ u32 tun_itf = clib_net_to_host_u32 (p->tun_itf);
+ if (~0 != tun_itf)
+ fformat (vam->ofp, " protected tunnel idx %d\n", tun_itf);
+
+ u32 sw_if_index = clib_net_to_host_u32 (p->responder.sw_if_index);
+ if (~0 != sw_if_index)
+ fformat (vam->ofp, " responder idx %d %U\n",
+ sw_if_index, format_ip4_address, &p->responder.ip4);
+
+ if (p->udp_encap)
+ fformat (vam->ofp, " udp-encap\n");
+
+ u32 ipsec_over_udp_port = clib_net_to_host_u16 (p->ipsec_over_udp_port);
+ if (ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
+ fformat (vam->ofp, " ipsec-over-udp port %d\n", ipsec_over_udp_port);
+
+ u32 crypto_key_size = clib_net_to_host_u32 (p->ike_ts.crypto_key_size);
+ if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_type
+ || crypto_key_size)
+ fformat (vam->ofp, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U\n",
+ format_ikev2_transform_encr_type, p->ike_ts.crypto_alg,
+ crypto_key_size, format_ikev2_transform_integ_type,
+ p->ike_ts.integ_alg, format_ikev2_transform_dh_type,
+ p->ike_ts.dh_type);
+
+ crypto_key_size = clib_net_to_host_u32 (p->esp_ts.crypto_key_size);
+ if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg || p->esp_ts.dh_type)
+ fformat (vam->ofp, " esp-crypto-alg %U %u esp-integ-alg %U\n",
+ format_ikev2_transform_encr_type, p->esp_ts.crypto_alg,
+ crypto_key_size,
+ format_ikev2_transform_integ_type, p->esp_ts.integ_alg);
+
+ fformat (vam->ofp, " lifetime %d jitter %d handover %d maxdata %d\n",
+ clib_net_to_host_u64 (p->lifetime),
+ clib_net_to_host_u32 (p->lifetime_jitter),
+ clib_net_to_host_u32 (p->handover),
+ clib_net_to_host_u64 (p->lifetime_maxdata));
+
+ vam->result_ready = 1;
+}
+
static int
api_ikev2_plugin_get_version (vat_main_t * vam)
{