diff options
author | Jan Cavojsky <Jan.Cavojsky@pantheon.tech> | 2020-06-26 15:05:10 +0200 |
---|---|---|
committer | BenoƮt Ganne <bganne@cisco.com> | 2020-07-06 14:25:11 +0000 |
commit | 6a9bd81886772b5ffeb367736fb83bf95f37435f (patch) | |
tree | ddee63c01bc026ef021b5ca3b370192f6f5c7eea /src/plugins/ikev2/ikev2_test.c | |
parent | 4f42a717798ca25cf575587cbc606d6d7787fedd (diff) |
ikev2: add profile dump API
Type: feature
Signed-off-by: Jan Cavojsky <Jan.Cavojsky@pantheon.tech>
Change-Id: I84776a50b520134e8a3ca6ae41b4cc29009e6319
Diffstat (limited to 'src/plugins/ikev2/ikev2_test.c')
-rw-r--r-- | src/plugins/ikev2/ikev2_test.c | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/src/plugins/ikev2/ikev2_test.c b/src/plugins/ikev2/ikev2_test.c index 298125d23b0..91722ec2b9a 100644 --- a/src/plugins/ikev2/ikev2_test.c +++ b/src/plugins/ikev2/ikev2_test.c @@ -21,6 +21,7 @@ #include <vlibapi/api.h> #include <vlibmemory/api.h> #include <vppinfra/error.h> +#include <vnet/ipsec/ipsec_sa.h> #include <plugins/ikev2/ikev2.h> #define __plugin_msg_base ikev2_test_main.msg_id_base @@ -30,11 +31,13 @@ #include <vnet/format_fns.h> #include <ikev2/ikev2.api_enum.h> #include <ikev2/ikev2.api_types.h> +#include <vpp/api/vpe.api_types.h> typedef struct { /* API message ID base */ u16 msg_id_base; + u32 ping_id; vat_main_t *vat_main; } ikev2_test_main_t; @@ -54,6 +57,7 @@ unformat_ikev2_auth_method (unformat_input_t * input, va_list * args) return 1; } + uword unformat_ikev2_id_type (unformat_input_t * input, va_list * args) { @@ -68,6 +72,191 @@ unformat_ikev2_id_type (unformat_input_t * input, va_list * args) return 1; } +#define MACRO_FORMAT(lc) \ +u8 * format_ikev2_##lc (u8 * s, va_list * args) \ +{ \ + u32 i = va_arg (*args, u32); \ + char * t = 0; \ + switch (i) { \ + foreach_ikev2_##lc \ + default: \ + return format (s, "unknown (%u)", i); \ + } \ + s = format (s, "%s", t); \ + return s; \ +} + +#define _(v,f,str) case IKEV2_AUTH_METHOD_##f: t = str; break; +MACRO_FORMAT (auth_method) +#undef _ +#define _(v,f,str) case IKEV2_ID_TYPE_##f: t = str; break; + MACRO_FORMAT (id_type) +#undef _ +#define _(v,f,str) case IKEV2_TRANSFORM_ENCR_TYPE_##f: t = str; break; + MACRO_FORMAT (transform_encr_type) +#undef _ +#define _(v,f,str) case IKEV2_TRANSFORM_INTEG_TYPE_##f: t = str; break; + MACRO_FORMAT (transform_integ_type) +#undef _ +#define _(v,f,str) case IKEV2_TRANSFORM_DH_TYPE_##f: t = str; break; + MACRO_FORMAT (transform_dh_type) +#undef _ + u8 *format_ikev2_id_type_and_data (u8 * s, va_list * args) +{ + vl_api_ikev2_id_t *id = va_arg (*args, vl_api_ikev2_id_t *); + + if (id->type == 0) + return format (s, "none"); + + s = format (s, "%U", format_ikev2_id_type, id->type); + + switch (id->type) + { + case 0: + return format (s, "none"); + case IKEV2_ID_TYPE_ID_FQDN: + s = format (s, " %s", id->data); + break; + case IKEV2_ID_TYPE_ID_RFC822_ADDR: + s = format (s, " %s", id->data); + break; + case IKEV2_ID_TYPE_ID_IPV4_ADDR: + s = format (s, " %U", format_ip4_address, id->data); + break; + case IKEV2_ID_TYPE_ID_KEY_ID: + s = format (s, " 0x%U", format_hex_bytes, id->data, id->data_len); + break; + default: + s = format (s, " %s", id->data); + } + + return s; +} + +static int +api_ikev2_profile_dump (vat_main_t * vam) +{ + ikev2_test_main_t *ik = &ikev2_test_main; + vl_api_ikev2_profile_dump_t *mp; + vl_api_control_ping_t *mp_ping; + int ret; + + /* Construct the API message */ + M (IKEV2_PROFILE_DUMP, mp); + + /* send it... */ + S (mp); + + /* Use a control ping for synchronization */ + if (!ik->ping_id) + ik->ping_id = vl_msg_api_get_msg_index ((u8 *) (VL_API_CONTROL_PING_CRC)); + mp_ping = vl_msg_api_alloc_as_if_client (sizeof (*mp_ping)); + mp_ping->_vl_msg_id = htons (ik->ping_id); + mp_ping->client_index = vam->my_client_index; + + fformat (vam->ofp, "Sending ping id=%d\n", ik->ping_id); + + vam->result_ready = 0; + S (mp_ping); + + /* Wait for a reply... */ + W (ret); + return ret; +} + +static void vl_api_ikev2_profile_details_t_handler + (vl_api_ikev2_profile_details_t * mp) +{ + vat_main_t *vam = ikev2_test_main.vat_main; + vl_api_ikev2_profile_t *p = &mp->profile; + + fformat (vam->ofp, "profile %s\n", p->name); + + if (p->auth.method) + { + if (p->auth.hex) + fformat (vam->ofp, " auth-method %U auth data 0x%U\n", + format_ikev2_auth_method, p->auth.method, + format_hex_bytes, p->auth.data, + clib_net_to_host_u32 (p->auth.data_len)); + else + fformat (vam->ofp, " auth-method %U auth data %v\n", + format_ikev2_auth_method, p->auth.method, format (0, + "%s", + p-> + auth.data)); + } + + if (p->loc_id.type) + { + fformat (vam->ofp, " local id-type data %U\n", + format_ikev2_id_type_and_data, &p->loc_id); + } + + if (p->rem_id.type) + { + fformat (vam->ofp, " remote id-type data %U\n", + format_ikev2_id_type_and_data, &p->rem_id); + } + + if (*((u32 *) & p->loc_ts.end_addr)) + fformat (vam->ofp, " local traffic-selector addr %U - %U port %u - %u" + " protocol %u\n", + format_ip4_address, &p->loc_ts.start_addr, + format_ip4_address, &p->loc_ts.end_addr, + clib_net_to_host_u16 (p->loc_ts.start_port), + clib_net_to_host_u16 (p->loc_ts.end_port), + p->loc_ts.protocol_id); + + if (*((u32 *) & p->rem_ts.end_addr)) + fformat (vam->ofp, " remote traffic-selector addr %U - %U port %u - %u" + " protocol %u\n", + format_ip4_address, &p->rem_ts.start_addr, + format_ip4_address, &p->rem_ts.end_addr, + clib_net_to_host_u16 (p->rem_ts.start_port), + clib_net_to_host_u16 (p->rem_ts.end_port), + p->rem_ts.protocol_id); + u32 tun_itf = clib_net_to_host_u32 (p->tun_itf); + if (~0 != tun_itf) + fformat (vam->ofp, " protected tunnel idx %d\n", tun_itf); + + u32 sw_if_index = clib_net_to_host_u32 (p->responder.sw_if_index); + if (~0 != sw_if_index) + fformat (vam->ofp, " responder idx %d %U\n", + sw_if_index, format_ip4_address, &p->responder.ip4); + + if (p->udp_encap) + fformat (vam->ofp, " udp-encap\n"); + + u32 ipsec_over_udp_port = clib_net_to_host_u16 (p->ipsec_over_udp_port); + if (ipsec_over_udp_port != IPSEC_UDP_PORT_NONE) + fformat (vam->ofp, " ipsec-over-udp port %d\n", ipsec_over_udp_port); + + u32 crypto_key_size = clib_net_to_host_u32 (p->ike_ts.crypto_key_size); + if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_type + || crypto_key_size) + fformat (vam->ofp, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U\n", + format_ikev2_transform_encr_type, p->ike_ts.crypto_alg, + crypto_key_size, format_ikev2_transform_integ_type, + p->ike_ts.integ_alg, format_ikev2_transform_dh_type, + p->ike_ts.dh_type); + + crypto_key_size = clib_net_to_host_u32 (p->esp_ts.crypto_key_size); + if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg || p->esp_ts.dh_type) + fformat (vam->ofp, " esp-crypto-alg %U %u esp-integ-alg %U\n", + format_ikev2_transform_encr_type, p->esp_ts.crypto_alg, + crypto_key_size, + format_ikev2_transform_integ_type, p->esp_ts.integ_alg); + + fformat (vam->ofp, " lifetime %d jitter %d handover %d maxdata %d\n", + clib_net_to_host_u64 (p->lifetime), + clib_net_to_host_u32 (p->lifetime_jitter), + clib_net_to_host_u32 (p->handover), + clib_net_to_host_u64 (p->lifetime_maxdata)); + + vam->result_ready = 1; +} + static int api_ikev2_plugin_get_version (vat_main_t * vam) { |