aboutsummaryrefslogtreecommitdiffstats
path: root/vpp-api-test
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2016-04-08 11:18:08 +0200
committerGerrit Code Review <gerrit@fd.io>2016-04-09 03:02:31 +0000
commite5f42feb4f373d8109c52a5ced9c38fc4323d6ed (patch)
treedc46aaca208a3c37e9471e5dd5088be26681b489 /vpp-api-test
parentb2cdd2f5f040dc45cb54d2d3fc2dedc19833fcf9 (diff)
Add IKEv2 APIs
Change-Id: I5936b05aa927b67c707b5858ffee45fc7a5d2043 Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'vpp-api-test')
-rw-r--r--vpp-api-test/vat/api_format.c364
1 files changed, 364 insertions, 0 deletions
diff --git a/vpp-api-test/vat/api_format.c b/vpp-api-test/vat/api_format.c
index 959d33b801f..be36cb1da1e 100644
--- a/vpp-api-test/vat/api_format.c
+++ b/vpp-api-test/vat/api_format.c
@@ -36,6 +36,7 @@
#include <vnet/classify/input_acl.h>
#if DPDK > 0
#include <vnet/ipsec/ipsec.h>
+#include <vnet/ipsec/ikev2.h>
#else
#include <inttypes.h>
#endif
@@ -327,6 +328,42 @@ format_ipsec_integ_alg (u8 * s, va_list * args)
#endif
}
+uword
+unformat_ikev2_auth_method (unformat_input_t * input, va_list * args)
+{
+#if DPDK > 0
+ u32 * r = va_arg (*args, u32 *);
+
+ if (0) ;
+#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_AUTH_METHOD_##f;
+ foreach_ikev2_auth_method
+#undef _
+ else
+ return 0;
+ return 1;
+#else
+ return 0;
+#endif
+}
+
+uword
+unformat_ikev2_id_type (unformat_input_t * input, va_list * args)
+{
+#if DPDK > 0
+ u32 * r = va_arg (*args, u32 *);
+
+ if (0) ;
+#define _(v,f,s) else if (unformat (input, s)) *r = IKEV2_ID_TYPE_##f;
+ foreach_ikev2_id_type
+#undef _
+ else
+ return 0;
+ return 1;
+#else
+ return 0;
+#endif
+}
+
u8 * format_ip4_address (u8 * s, va_list * args)
{
u8 * a = va_arg (*args, u8 *);
@@ -1890,6 +1927,11 @@ _(ipsec_interface_add_del_spd_reply) \
_(ipsec_spd_add_del_entry_reply) \
_(ipsec_sad_add_del_entry_reply) \
_(ipsec_sa_set_key_reply) \
+_(ikev2_profile_add_del_reply) \
+_(ikev2_profile_set_auth_reply) \
+_(ikev2_profile_set_id_reply) \
+_(ikev2_profile_set_ts_reply) \
+_(ikev2_set_local_key_reply) \
_(delete_loopback_reply) \
_(bd_ip_mac_add_del_reply) \
_(map_del_domain_reply) \
@@ -2038,6 +2080,11 @@ _(IPSEC_INTERFACE_ADD_DEL_SPD_REPLY, ipsec_interface_add_del_spd_reply) \
_(IPSEC_SPD_ADD_DEL_ENTRY_REPLY, ipsec_spd_add_del_entry_reply) \
_(IPSEC_SAD_ADD_DEL_ENTRY_REPLY, ipsec_sad_add_del_entry_reply) \
_(IPSEC_SA_SET_KEY_REPLY, ipsec_sa_set_key_reply) \
+_(IKEV2_PROFILE_ADD_DEL_REPLY, ikev2_profile_add_del_reply) \
+_(IKEV2_PROFILE_SET_AUTH_REPLY, ikev2_profile_set_auth_reply) \
+_(IKEV2_PROFILE_SET_ID_REPLY, ikev2_profile_set_id_reply) \
+_(IKEV2_PROFILE_SET_TS_REPLY, ikev2_profile_set_ts_reply) \
+_(IKEV2_SET_LOCAL_KEY_REPLY, ikev2_set_local_key_reply) \
_(DELETE_LOOPBACK_REPLY, delete_loopback_reply) \
_(BD_IP_MAC_ADD_DEL_REPLY, bd_ip_mac_add_del_reply) \
_(DHCP_COMPL_EVENT, dhcp_compl_event) \
@@ -8405,6 +8452,314 @@ api_ipsec_sa_set_key (vat_main_t * vam)
#endif
}
+static int
+api_ikev2_profile_add_del (vat_main_t * vam)
+{
+#if DPDK > 0
+ unformat_input_t * i = vam->input;
+ vl_api_ikev2_profile_add_del_t * mp;
+ f64 timeout;
+ u8 is_add = 1;
+ u8 * name = 0;
+
+ const char * valid_chars = "a-zA-Z0-9_";
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
+ if (unformat (i, "del"))
+ is_add = 0;
+ else if (unformat (i, "name %U", unformat_token, valid_chars, &name))
+ vec_add1 (name, 0);
+ else {
+ errmsg ("parse error '%U'", format_unformat_error, i);
+ return -99;
+ }
+ }
+
+ if (!vec_len (name)) {
+ errmsg ("profile name must be specified");
+ return -99;
+ }
+
+ if (vec_len (name) > 64) {
+ errmsg ("profile name too long");
+ return -99;
+ }
+
+ M(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del);
+
+ memcpy(mp->name, name, vec_len (name));
+ mp->is_add = is_add;
+ vec_free (name);
+
+ S; W;
+ /* NOTREACHED */
+ return 0;
+#else
+ clib_warning ("unsupported (no dpdk)");
+ return -99;
+#endif
+}
+
+static int
+api_ikev2_profile_set_auth (vat_main_t * vam)
+{
+#if DPDK > 0
+ unformat_input_t * i = vam->input;
+ vl_api_ikev2_profile_set_auth_t * mp;
+ f64 timeout;
+ u8 * name = 0;
+ u8 * data = 0;
+ u32 auth_method = 0;
+ u8 is_hex = 0;
+
+ const char * valid_chars = "a-zA-Z0-9_";
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
+ if (unformat (i, "name %U", unformat_token, valid_chars, &name))
+ vec_add1 (name, 0);
+ else if (unformat (i, "auth_method %U",
+ unformat_ikev2_auth_method, &auth_method))
+ ;
+ else if (unformat (i, "auth_data 0x%U", unformat_hex_string, &data))
+ is_hex = 1;
+ else if (unformat (i, "auth_data %v", &data))
+ ;
+ else {
+ errmsg ("parse error '%U'", format_unformat_error, i);
+ return -99;
+ }
+ }
+
+ if (!vec_len (name)) {
+ errmsg ("profile name must be specified");
+ return -99;
+ }
+
+ if (vec_len (name) > 64) {
+ errmsg ("profile name too long");
+ return -99;
+ }
+
+ if (!vec_len(data)) {
+ errmsg ("auth_data must be specified");
+ return -99;
+ }
+
+ if (!auth_method) {
+ errmsg ("auth_method must be specified");
+ return -99;
+ }
+
+ M(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth);
+
+ mp->is_hex = is_hex;
+ mp->auth_method = (u8) auth_method;
+ mp->data_len = vec_len (data);
+ memcpy (mp->name, name, vec_len (name));
+ memcpy (mp->data, data, vec_len (data));
+ vec_free (name);
+ vec_free (data);
+
+ S; W;
+ /* NOTREACHED */
+ return 0;
+#else
+ clib_warning ("unsupported (no dpdk)");
+ return -99;
+#endif
+}
+
+static int
+api_ikev2_profile_set_id (vat_main_t * vam)
+{
+#if DPDK > 0
+ unformat_input_t * i = vam->input;
+ vl_api_ikev2_profile_set_id_t * mp;
+ f64 timeout;
+ u8 * name = 0;
+ u8 * data = 0;
+ u8 is_local = 0;
+ u32 id_type = 0;
+ ip4_address_t ip4;
+
+ const char * valid_chars = "a-zA-Z0-9_";
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
+ if (unformat (i, "name %U", unformat_token, valid_chars, &name))
+ vec_add1 (name, 0);
+ else if (unformat (i, "id_type %U",
+ unformat_ikev2_id_type, &id_type))
+ ;
+ else if (unformat (i, "id_data %U", unformat_ip4_address, &ip4))
+ {
+ data = vec_new(u8, 4);
+ memcpy(data, ip4.as_u8, 4);
+ }
+ else if (unformat (i, "id_data 0x%U", unformat_hex_string, &data))
+ ;
+ else if (unformat (i, "id_data %v", &data))
+ ;
+ else if (unformat (i, "local"))
+ is_local = 1;
+ else if (unformat (i, "remote"))
+ is_local = 0;
+ else {
+ errmsg ("parse error '%U'", format_unformat_error, i);
+ return -99;
+ }
+ }
+
+ if (!vec_len (name)) {
+ errmsg ("profile name must be specified");
+ return -99;
+ }
+
+ if (vec_len (name) > 64) {
+ errmsg ("profile name too long");
+ return -99;
+ }
+
+ if (!vec_len(data)) {
+ errmsg ("id_data must be specified");
+ return -99;
+ }
+
+ if (!id_type) {
+ errmsg ("id_type must be specified");
+ return -99;
+ }
+
+ M(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id);
+
+ mp->is_local = is_local;
+ mp->id_type = (u8) id_type;
+ mp->data_len = vec_len (data);
+ memcpy (mp->name, name, vec_len (name));
+ memcpy (mp->data, data, vec_len (data));
+ vec_free (name);
+ vec_free (data);
+
+ S; W;
+ /* NOTREACHED */
+ return 0;
+#else
+ clib_warning ("unsupported (no dpdk)");
+ return -99;
+#endif
+}
+
+static int
+api_ikev2_profile_set_ts (vat_main_t * vam)
+{
+#if DPDK > 0
+ unformat_input_t * i = vam->input;
+ vl_api_ikev2_profile_set_ts_t * mp;
+ f64 timeout;
+ u8 * name = 0;
+ u8 is_local = 0;
+ u32 proto = 0, start_port = 0, end_port = (u32) ~0;
+ ip4_address_t start_addr, end_addr;
+
+ const char * valid_chars = "a-zA-Z0-9_";
+
+ start_addr.as_u32 = 0;
+ end_addr.as_u32 = (u32) ~0;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
+ if (unformat (i, "name %U", unformat_token, valid_chars, &name))
+ vec_add1 (name, 0);
+ else if (unformat (i, "protocol %d", &proto))
+ ;
+ else if (unformat (i, "start_port %d", &start_port))
+ ;
+ else if (unformat (i, "end_port %d", &end_port))
+ ;
+ else if (unformat (i, "start_addr %U", unformat_ip4_address, &start_addr))
+ ;
+ else if (unformat (i, "end_addr %U", unformat_ip4_address, &end_addr))
+ ;
+ else if (unformat (i, "local"))
+ is_local = 1;
+ else if (unformat (i, "remote"))
+ is_local = 0;
+ else {
+ errmsg ("parse error '%U'", format_unformat_error, i);
+ return -99;
+ }
+ }
+
+ if (!vec_len (name)) {
+ errmsg ("profile name must be specified");
+ return -99;
+ }
+
+ if (vec_len (name) > 64) {
+ errmsg ("profile name too long");
+ return -99;
+ }
+
+ M(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts);
+
+ mp->is_local = is_local;
+ mp->proto = (u8) proto;
+ mp->start_port = (u16) start_port;
+ mp->end_port = (u16) end_port;
+ mp->start_addr = start_addr.as_u32;
+ mp->end_addr = end_addr.as_u32;
+ memcpy (mp->name, name, vec_len (name));
+ vec_free (name);
+
+ S; W;
+ /* NOTREACHED */
+ return 0;
+#else
+ clib_warning ("unsupported (no dpdk)");
+ return -99;
+#endif
+}
+
+static int
+api_ikev2_set_local_key (vat_main_t * vam)
+{
+#if DPDK > 0
+ unformat_input_t * i = vam->input;
+ vl_api_ikev2_set_local_key_t * mp;
+ f64 timeout;
+ u8 * file = 0;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) {
+ if (unformat (i, "file %v", &file))
+ vec_add1 (file, 0);
+ else {
+ errmsg ("parse error '%U'", format_unformat_error, i);
+ return -99;
+ }
+ }
+
+ if (!vec_len (file)) {
+ errmsg ("RSA key file must be specified");
+ return -99;
+ }
+
+ if (vec_len (file) > 256) {
+ errmsg ("file name too long");
+ return -99;
+ }
+
+ M(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key);
+
+ memcpy (mp->key_file, file, vec_len (file));
+ vec_free (file);
+
+ S; W;
+ /* NOTREACHED */
+ return 0;
+#else
+ clib_warning ("unsupported (no dpdk)");
+ return -99;
+#endif
+}
+
/*
* MAP
*/
@@ -9209,6 +9564,15 @@ _(ipsec_spd_add_del_entry, "spd_id <n> priority <n> action <action>\n" \
" laddr_stop <ip4|ip6> raddr_start <ip4|ip6> raddr_stop <ip4|ip6>\n" \
" [lport_start <n> lport_stop <n>] [rport_start <n> rport_stop <n>]" )\
_(ipsec_sa_set_key, "sa_id <n> crypto_key <hex> integ_key <hex>") \
+_(ikev2_profile_add_del, "name <profile_name> [del]") \
+_(ikev2_profile_set_auth, "name <profile_name> auth_method <method>\n" \
+ "(auth_data 0x<data> | auth_data <data>)") \
+_(ikev2_profile_set_id, "name <profile_name> id_type <type>\n" \
+ "(id_data 0x<data> | id_data <data>) (local|remote)") \
+_(ikev2_profile_set_ts, "name <profile_name> protocol <proto>\n" \
+ "start_port <port> end_port <port> start_addr <ip4> end_addr <ip4>\n" \
+ "(local|remote)") \
+_(ikev2_set_local_key, "file <absolute_file_path>") \
_(delete_loopback,"sw_if_index <nn>") \
_(bd_ip_mac_add_del, "bd_id <bridge-domain-id> <ip4/6-addr> <mac-addr> [del]") \
_(map_add_domain, \