diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-06-06 13:28:14 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2019-06-07 11:19:12 +0000 |
| commit | f2922422d972644e67d1ca989e40cd0100ecb06d (patch) | |
| tree | 6833280b7516aa3602a001830f0f3c0e5dd33e1c /src/vnet/ipsec/ipsec_cli.c | |
| parent | 814f15948cbcf67f9a9c9792b22ce1f182eaa20d (diff) | |
ipsec: remove the set_key API
there's no use case to just change the key of an SA. instead the SA
should be renegociated and the new SA applied to the existing SPD entry
or tunnel.
the set_key functions were untested.
Type: refactor
Change-Id: Ib096eebaafb20be7b5501ece5a24aea038373002
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_cli.c')
| -rw-r--r-- | src/vnet/ipsec/ipsec_cli.c | 131 |
1 files changed, 0 insertions, 131 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 36ea6145993..312289ae7d8 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -346,54 +346,6 @@ VLIB_CLI_COMMAND (ipsec_policy_add_del_command, static) = { }; /* *INDENT-ON* */ -static clib_error_t * -set_ipsec_sa_key_command_fn (vlib_main_t * vm, - unformat_input_t * input, - vlib_cli_command_t * cmd) -{ - unformat_input_t _line_input, *line_input = &_line_input; - ipsec_key_t ck = { }, ik = - { - }; - clib_error_t *error = NULL; - u32 id; - - if (!unformat_user (input, unformat_line_input, line_input)) - return 0; - - while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) - { - if (unformat (line_input, "%u", &id)) - ; - else - if (unformat (line_input, "crypto-key %U", unformat_ipsec_key, &ck)) - ; - else if (unformat (line_input, "integ-key %U", unformat_ipsec_key, &ik)) - ; - else - { - error = clib_error_return (0, "parse error: '%U'", - format_unformat_error, line_input); - goto done; - } - } - - ipsec_set_sa_key (id, &ck, &ik); - -done: - unformat_free (line_input); - - return error; -} - -/* *INDENT-OFF* */ -VLIB_CLI_COMMAND (set_ipsec_sa_key_command, static) = { - .path = "set ipsec sa", - .short_help = "set ipsec sa <id> crypto-key <key> integ-key <key>", - .function = set_ipsec_sa_key_command_fn, -}; -/* *INDENT-ON* */ - static void ipsec_sa_show_all (vlib_main_t * vm, ipsec_main_t * im) { @@ -869,89 +821,6 @@ VLIB_CLI_COMMAND (create_ipsec_tunnel_command, static) = { }; /* *INDENT-ON* */ -static clib_error_t * -set_interface_key_command_fn (vlib_main_t * vm, - unformat_input_t * input, - vlib_cli_command_t * cmd) -{ - unformat_input_t _line_input, *line_input = &_line_input; - ipsec_main_t *im = &ipsec_main; - ipsec_if_set_key_type_t type = IPSEC_IF_SET_KEY_TYPE_NONE; - u32 hw_if_index = (u32) ~ 0; - u32 alg; - u8 *key = 0; - clib_error_t *error = NULL; - - if (!unformat_user (input, unformat_line_input, line_input)) - return 0; - - while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) - { - if (unformat (line_input, "%U", - unformat_vnet_hw_interface, im->vnet_main, &hw_if_index)) - ; - else - if (unformat - (line_input, "local crypto %U", unformat_ipsec_crypto_alg, &alg)) - type = IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO; - else - if (unformat - (line_input, "remote crypto %U", unformat_ipsec_crypto_alg, &alg)) - type = IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO; - else - if (unformat - (line_input, "local integ %U", unformat_ipsec_integ_alg, &alg)) - type = IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG; - else - if (unformat - (line_input, "remote integ %U", unformat_ipsec_integ_alg, &alg)) - type = IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG; - else if (unformat (line_input, "%U", unformat_hex_string, &key)) - ; - else - { - error = clib_error_return (0, "parse error: '%U'", - format_unformat_error, line_input); - goto done; - } - } - - if (type == IPSEC_IF_SET_KEY_TYPE_NONE) - { - error = clib_error_return (0, "unknown key type"); - goto done; - } - - if (alg > 0 && vec_len (key) == 0) - { - error = clib_error_return (0, "key is not specified"); - goto done; - } - - if (hw_if_index == (u32) ~ 0) - { - error = clib_error_return (0, "interface not specified"); - goto done; - } - - ipsec_set_interface_key (im->vnet_main, hw_if_index, type, alg, key); - -done: - vec_free (key); - unformat_free (line_input); - - return error; -} - -/* *INDENT-OFF* */ -VLIB_CLI_COMMAND (set_interface_key_command, static) = { - .path = "set interface ipsec key", - .short_help = - "set interface ipsec key <int> <local|remote> <crypto|integ> <key type> <key>", - .function = set_interface_key_command_fn, -}; -/* *INDENT-ON* */ - clib_error_t * ipsec_cli_init (vlib_main_t * vm) { |