diff options
author | Neale Ranns <nranns@cisco.com> | 2019-02-25 10:28:29 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-02-25 19:37:09 +0000 |
commit | 7c44d78ef2e7bf0c8714be4184511ed8f23ff239 (patch) | |
tree | b09f294ebe6365bd38ed0dc7ef4c696cd7630de0 /src/vat/api_format.c | |
parent | f883f6a1132ad4bb7aa9d9a79d420274fbcf3b64 (diff) |
IKEv2 to plugin
for easy integration with ptoducts running their own Ike stack.
Without the VPP IKE plugin loaded, the product is free to handle
IKE packets as it pleases.
Change-Id: Id0839f4d58b797f4c2da0382eb499fc08b05f66f
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vat/api_format.c')
-rw-r--r-- | src/vat/api_format.c | 708 |
1 files changed, 0 insertions, 708 deletions
diff --git a/src/vat/api_format.c b/src/vat/api_format.c index daeec503856..cef60e05725 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -41,7 +41,6 @@ #include <vnet/classify/flow_classify.h> #include <vnet/mpls/mpls.h> #include <vnet/ipsec/ipsec.h> -#include <vnet/ipsec/ikev2.h> #include <inttypes.h> #include <vnet/cop/cop.h> #include <vnet/ip/ip6_hop_by_hop.h> @@ -395,33 +394,6 @@ format_ipsec_integ_alg (u8 * s, va_list * args) return format (s, "%s", t); } -uword -unformat_ikev2_auth_method (unformat_input_t * input, va_list * args) -{ - u32 *r = va_arg (*args, u32 *); - - if (0); -#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f; - foreach_ikev2_auth_method -#undef _ - else - return 0; - return 1; -} - -uword -unformat_ikev2_id_type (unformat_input_t * input, va_list * args) -{ - u32 *r = va_arg (*args, u32 *); - - if (0); -#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f; - foreach_ikev2_id_type -#undef _ - else - return 0; - return 1; -} #else /* VPP_API_TEST_BUILTIN == 1 */ static uword api_unformat_sw_if_index (unformat_input_t * input, va_list * args) @@ -5214,19 +5186,6 @@ _(ipsec_sa_set_key_reply) \ _(ipsec_tunnel_if_add_del_reply) \ _(ipsec_tunnel_if_set_key_reply) \ _(ipsec_tunnel_if_set_sa_reply) \ -_(ikev2_profile_add_del_reply) \ -_(ikev2_profile_set_auth_reply) \ -_(ikev2_profile_set_id_reply) \ -_(ikev2_profile_set_ts_reply) \ -_(ikev2_set_local_key_reply) \ -_(ikev2_set_responder_reply) \ -_(ikev2_set_ike_transforms_reply) \ -_(ikev2_set_esp_transforms_reply) \ -_(ikev2_set_sa_lifetime_reply) \ -_(ikev2_initiate_sa_init_reply) \ -_(ikev2_initiate_del_ike_sa_reply) \ -_(ikev2_initiate_del_child_sa_reply) \ -_(ikev2_initiate_rekey_child_sa_reply) \ _(delete_loopback_reply) \ _(bd_ip_mac_add_del_reply) \ _(bd_ip_mac_flush_reply) \ @@ -5470,19 +5429,6 @@ _(IPSEC_SA_SET_KEY_REPLY, ipsec_sa_set_key_reply) \ _(IPSEC_TUNNEL_IF_ADD_DEL_REPLY, ipsec_tunnel_if_add_del_reply) \ _(IPSEC_TUNNEL_IF_SET_KEY_REPLY, ipsec_tunnel_if_set_key_reply) \ _(IPSEC_TUNNEL_IF_SET_SA_REPLY, ipsec_tunnel_if_set_sa_reply) \ -_(IKEV2_PROFILE_ADD_DEL_REPLY, ikev2_profile_add_del_reply) \ -_(IKEV2_PROFILE_SET_AUTH_REPLY, ikev2_profile_set_auth_reply) \ -_(IKEV2_PROFILE_SET_ID_REPLY, ikev2_profile_set_id_reply) \ -_(IKEV2_PROFILE_SET_TS_REPLY, ikev2_profile_set_ts_reply) \ -_(IKEV2_SET_LOCAL_KEY_REPLY, ikev2_set_local_key_reply) \ -_(IKEV2_SET_RESPONDER_REPLY, ikev2_set_responder_reply) \ -_(IKEV2_SET_IKE_TRANSFORMS_REPLY, ikev2_set_ike_transforms_reply) \ -_(IKEV2_SET_ESP_TRANSFORMS_REPLY, ikev2_set_esp_transforms_reply) \ -_(IKEV2_SET_SA_LIFETIME_REPLY, ikev2_set_sa_lifetime_reply) \ -_(IKEV2_INITIATE_SA_INIT_REPLY, ikev2_initiate_sa_init_reply) \ -_(IKEV2_INITIATE_DEL_IKE_SA_REPLY, ikev2_initiate_del_ike_sa_reply) \ -_(IKEV2_INITIATE_DEL_CHILD_SA_REPLY, ikev2_initiate_del_child_sa_reply) \ -_(IKEV2_INITIATE_REKEY_CHILD_SA_REPLY, ikev2_initiate_rekey_child_sa_reply) \ _(DELETE_LOOPBACK_REPLY, delete_loopback_reply) \ _(BD_IP_MAC_ADD_DEL_REPLY, bd_ip_mac_add_del_reply) \ _(BD_IP_MAC_FLUSH_REPLY, bd_ip_mac_flush_reply) \ @@ -15467,643 +15413,6 @@ api_ipsec_tunnel_if_set_sa (vat_main_t * vam) } static int -api_ikev2_profile_add_del (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_profile_add_del_t *mp; - u8 is_add = 1; - u8 *name = 0; - int ret; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "del")) - is_add = 0; - else if (unformat (i, "name %U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_PROFILE_ADD_DEL, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - mp->is_add = is_add; - vec_free (name); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_profile_set_auth (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_profile_set_auth_t *mp; - u8 *name = 0; - u8 *data = 0; - u32 auth_method = 0; - u8 is_hex = 0; - int ret; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "name %U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else if (unformat (i, "auth_method %U", - unformat_ikev2_auth_method, &auth_method)) - ; - else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data)) - is_hex = 1; - else if (unformat (i, "auth_data %v", &data)) - ; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - if (!vec_len (data)) - { - errmsg ("auth_data must be specified"); - return -99; - } - - if (!auth_method) - { - errmsg ("auth_method must be specified"); - return -99; - } - - M (IKEV2_PROFILE_SET_AUTH, mp); - - mp->is_hex = is_hex; - mp->auth_method = (u8) auth_method; - mp->data_len = vec_len (data); - clib_memcpy (mp->name, name, vec_len (name)); - clib_memcpy (mp->data, data, vec_len (data)); - vec_free (name); - vec_free (data); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_profile_set_id (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_profile_set_id_t *mp; - u8 *name = 0; - u8 *data = 0; - u8 is_local = 0; - u32 id_type = 0; - ip4_address_t ip4; - int ret; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "name %U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else if (unformat (i, "id_type %U", unformat_ikev2_id_type, &id_type)) - ; - else if (unformat (i, "id_data %U", unformat_ip4_address, &ip4)) - { - data = vec_new (u8, 4); - clib_memcpy (data, ip4.as_u8, 4); - } - else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data)) - ; - else if (unformat (i, "id_data %v", &data)) - ; - else if (unformat (i, "local")) - is_local = 1; - else if (unformat (i, "remote")) - is_local = 0; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - if (!vec_len (data)) - { - errmsg ("id_data must be specified"); - return -99; - } - - if (!id_type) - { - errmsg ("id_type must be specified"); - return -99; - } - - M (IKEV2_PROFILE_SET_ID, mp); - - mp->is_local = is_local; - mp->id_type = (u8) id_type; - mp->data_len = vec_len (data); - clib_memcpy (mp->name, name, vec_len (name)); - clib_memcpy (mp->data, data, vec_len (data)); - vec_free (name); - vec_free (data); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_profile_set_ts (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_profile_set_ts_t *mp; - u8 *name = 0; - u8 is_local = 0; - u32 proto = 0, start_port = 0, end_port = (u32) ~ 0; - ip4_address_t start_addr, end_addr; - - const char *valid_chars = "a-zA-Z0-9_"; - int ret; - - start_addr.as_u32 = 0; - end_addr.as_u32 = (u32) ~ 0; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "name %U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else if (unformat (i, "protocol %d", &proto)) - ; - else if (unformat (i, "start_port %d", &start_port)) - ; - else if (unformat (i, "end_port %d", &end_port)) - ; - else - if (unformat (i, "start_addr %U", unformat_ip4_address, &start_addr)) - ; - else if (unformat (i, "end_addr %U", unformat_ip4_address, &end_addr)) - ; - else if (unformat (i, "local")) - is_local = 1; - else if (unformat (i, "remote")) - is_local = 0; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_PROFILE_SET_TS, mp); - - mp->is_local = is_local; - mp->proto = (u8) proto; - mp->start_port = (u16) start_port; - mp->end_port = (u16) end_port; - mp->start_addr = start_addr.as_u32; - mp->end_addr = end_addr.as_u32; - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_set_local_key (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_local_key_t *mp; - u8 *file = 0; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "file %v", &file)) - vec_add1 (file, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (file)) - { - errmsg ("RSA key file must be specified"); - return -99; - } - - if (vec_len (file) > 256) - { - errmsg ("file name too long"); - return -99; - } - - M (IKEV2_SET_LOCAL_KEY, mp); - - clib_memcpy (mp->key_file, file, vec_len (file)); - vec_free (file); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_set_responder (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_responder_t *mp; - int ret; - u8 *name = 0; - u32 sw_if_index = ~0; - ip4_address_t address; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat - (i, "%U interface %d address %U", unformat_token, valid_chars, - &name, &sw_if_index, unformat_ip4_address, &address)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_SET_RESPONDER, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - - mp->sw_if_index = sw_if_index; - clib_memcpy (mp->address, &address, sizeof (address)); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_set_ike_transforms (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_ike_transforms_t *mp; - int ret; - u8 *name = 0; - u32 crypto_alg, crypto_key_size, integ_alg, dh_group; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name, - &crypto_alg, &crypto_key_size, &integ_alg, &dh_group)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_SET_IKE_TRANSFORMS, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - mp->crypto_alg = crypto_alg; - mp->crypto_key_size = crypto_key_size; - mp->integ_alg = integ_alg; - mp->dh_group = dh_group; - - S (mp); - W (ret); - return ret; -} - - -static int -api_ikev2_set_esp_transforms (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_esp_transforms_t *mp; - int ret; - u8 *name = 0; - u32 crypto_alg, crypto_key_size, integ_alg, dh_group; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name, - &crypto_alg, &crypto_key_size, &integ_alg, &dh_group)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_SET_ESP_TRANSFORMS, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - mp->crypto_alg = crypto_alg; - mp->crypto_key_size = crypto_key_size; - mp->integ_alg = integ_alg; - mp->dh_group = dh_group; - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_set_sa_lifetime (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_set_sa_lifetime_t *mp; - int ret; - u8 *name = 0; - u64 lifetime, lifetime_maxdata; - u32 lifetime_jitter, handover; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name, - &lifetime, &lifetime_jitter, &handover, - &lifetime_maxdata)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_SET_SA_LIFETIME, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - mp->lifetime = lifetime; - mp->lifetime_jitter = lifetime_jitter; - mp->handover = handover; - mp->lifetime_maxdata = lifetime_maxdata; - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_initiate_sa_init (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_initiate_sa_init_t *mp; - int ret; - u8 *name = 0; - - const char *valid_chars = "a-zA-Z0-9_"; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U", unformat_token, valid_chars, &name)) - vec_add1 (name, 0); - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - if (!vec_len (name)) - { - errmsg ("profile name must be specified"); - return -99; - } - - if (vec_len (name) > 64) - { - errmsg ("profile name too long"); - return -99; - } - - M (IKEV2_INITIATE_SA_INIT, mp); - - clib_memcpy (mp->name, name, vec_len (name)); - vec_free (name); - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_initiate_del_ike_sa (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_initiate_del_ike_sa_t *mp; - int ret; - u64 ispi; - - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%lx", &ispi)) - ; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - M (IKEV2_INITIATE_DEL_IKE_SA, mp); - - mp->ispi = ispi; - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_initiate_del_child_sa (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_initiate_del_child_sa_t *mp; - int ret; - u32 ispi; - - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%x", &ispi)) - ; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - M (IKEV2_INITIATE_DEL_CHILD_SA, mp); - - mp->ispi = ispi; - - S (mp); - W (ret); - return ret; -} - -static int -api_ikev2_initiate_rekey_child_sa (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ikev2_initiate_rekey_child_sa_t *mp; - int ret; - u32 ispi; - - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%x", &ispi)) - ; - else - { - errmsg ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - M (IKEV2_INITIATE_REKEY_CHILD_SA, mp); - - mp->ispi = ispi; - - S (mp); - W (ret); - return ret; -} - -static int api_get_first_msg_id (vat_main_t * vam) { vl_api_get_first_msg_id_t *mp; @@ -23175,23 +22484,6 @@ _(ipsec_sa_dump, "[sa_id <n>]") \ _(ipsec_tunnel_if_set_key, "<intfc> <local|remote> <crypto|integ>\n" \ " <alg> <hex>\n") \ _(ipsec_tunnel_if_set_sa, "<intfc> sa_id <n> <inbound|outbound>\n") \ -_(ikev2_profile_add_del, "name <profile_name> [del]") \ -_(ikev2_profile_set_auth, "name <profile_name> auth_method <method>\n" \ - "(auth_data 0x<data> | auth_data <data>)") \ -_(ikev2_profile_set_id, "name <profile_name> id_type <type>\n" \ - "(id_data 0x<data> | id_data <data>) (local|remote)") \ -_(ikev2_profile_set_ts, "name <profile_name> protocol <proto>\n" \ - "start_port <port> end_port <port> start_addr <ip4> end_addr <ip4>\n" \ - "(local|remote)") \ -_(ikev2_set_local_key, "file <absolute_file_path>") \ -_(ikev2_set_responder, "<profile_name> interface <interface> address <addr>") \ -_(ikev2_set_ike_transforms, "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>") \ -_(ikev2_set_esp_transforms, "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>") \ -_(ikev2_set_sa_lifetime, "<profile_name> <seconds> <jitter> <handover> <max bytes>") \ -_(ikev2_initiate_sa_init, "<profile_name>") \ -_(ikev2_initiate_del_ike_sa, "<ispi>") \ -_(ikev2_initiate_del_child_sa, "<ispi>") \ -_(ikev2_initiate_rekey_child_sa, "<ispi>") \ _(delete_loopback,"sw_if_index <nn>") \ _(bd_ip_mac_add_del, "bd_id <bridge-domain-id> <ip4/6-addr> <mac-addr> [del]") \ _(bd_ip_mac_flush, "bd_id <bridge-domain-id>") \ |