diff options
-rw-r--r-- | vnet/Makefile.am | 13 | ||||
-rw-r--r-- | vnet/vnet/ipsec-gre/ipsec_gre.api | 79 | ||||
-rw-r--r-- | vnet/vnet/ipsec-gre/ipsec_gre_api.c | 190 | ||||
-rw-r--r-- | vnet/vnet/vnet_all_api_h.h | 1 | ||||
-rw-r--r-- | vpp-api/java/Makefile.am | 4 | ||||
-rw-r--r-- | vpp/vpp-api/api.c | 94 | ||||
-rw-r--r-- | vpp/vpp-api/vpe.api | 59 |
7 files changed, 283 insertions, 157 deletions
diff --git a/vnet/Makefile.am b/vnet/Makefile.am index 15b01e36a46..eaf31e25c11 100644 --- a/vnet/Makefile.am +++ b/vnet/Makefile.am @@ -45,7 +45,9 @@ BUILT_SOURCES = \ vnet/bfd/bfd.api.h \ vnet/bfd/bfd.api.json \ vnet/ipsec/ipsec.api.h \ - vnet/ipsec/ipsec.api.json + vnet/ipsec/ipsec.api.json \ + vnet/ipsec-gre/ipsec_gre.api.h \ + vnet/ipsec-gre/ipsec_gre.api.json libvnet_la_SOURCES = libvnetplugin_la_SOURCES = @@ -548,11 +550,13 @@ nobase_include_HEADERS += \ libvnet_la_SOURCES += \ vnet/ipsec-gre/ipsec_gre.c \ vnet/ipsec-gre/node.c \ - vnet/ipsec-gre/interface.c + vnet/ipsec-gre/interface.c \ + vnet/ipsec-gre/ipsec_gre_api.c nobase_include_HEADERS += \ vnet/ipsec-gre/ipsec_gre.h \ - vnet/ipsec-gre/error.def + vnet/ipsec-gre/error.def \ + vnet/ipsec-gre/ipsec_gre.api.h ######################################## # LISP control plane: lisp-cp @@ -983,7 +987,8 @@ api_DATA = \ vnet/vxlan/vxlan.api.json \ vnet/vxlan-gpe/vxlan_gpe.api.json \ vnet/bfd/bfd.api.json \ - vnet/ipsec/ipsec.api.json + vnet/ipsec/ipsec.api.json \ + vnet/ipsec-gre/ipsec_gre.api.json # The actual %.api.h rule is in .../build-data/packages/suffix-rules.mk # and requires a symbolic link at the top of the vnet source tree diff --git a/vnet/vnet/ipsec-gre/ipsec_gre.api b/vnet/vnet/ipsec-gre/ipsec_gre.api new file mode 100644 index 00000000000..793bca0afcd --- /dev/null +++ b/vnet/vnet/ipsec-gre/ipsec_gre.api @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2015-2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** \brief Add / del ipsec gre tunnel request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param local_sa_id - local SA id + @param remote_sa_id - remote SA id + @param is_add - 1 if adding the tunnel, 0 if deleting + @param src_address - tunnel source address + @param dst_address - tunnel destination address +*/ +define ipsec_gre_add_del_tunnel { + u32 client_index; + u32 context; + u32 local_sa_id; + u32 remote_sa_id; + u8 is_add; + u8 src_address[4]; + u8 dst_address[4]; +}; + +/** \brief Reply for add / del ipsec gre tunnel request + @param context - returned sender context, to match reply w/ request + @param retval - return code + @param sw_if_index - software index of the new ipsec gre tunnel +*/ +define ipsec_gre_add_del_tunnel_reply { + u32 context; + i32 retval; + u32 sw_if_index; +}; + +/** \brief Dump ipsec gre tunnel table + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param tunnel_index - gre tunnel identifier or -1 in case of all tunnels +*/ +define ipsec_gre_tunnel_dump { + u32 client_index; + u32 context; + u32 sw_if_index; +}; + +/** \brief ipsec gre tunnel operational state response + @param context - returned sender context, to match reply w/ request + @param sw_if_index - software index of the ipsec gre tunnel + @param local_sa_id - local SA id + @param remote_sa_id - remote SA id + @param src_address - tunnel source address + @param dst_address - tunnel destination address +*/ +define ipsec_gre_tunnel_details { + u32 context; + u32 sw_if_index; + u32 local_sa_id; + u32 remote_sa_id; + u8 src_address[4]; + u8 dst_address[4]; +}; + +/* + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ +
\ No newline at end of file diff --git a/vnet/vnet/ipsec-gre/ipsec_gre_api.c b/vnet/vnet/ipsec-gre/ipsec_gre_api.c new file mode 100644 index 00000000000..a7ea1490bae --- /dev/null +++ b/vnet/vnet/ipsec-gre/ipsec_gre_api.c @@ -0,0 +1,190 @@ +/* + *------------------------------------------------------------------ + * ipsec_gre_api.c - ipsec_gre api + * + * Copyright (c) 2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *------------------------------------------------------------------ + */ + +#include <vnet/vnet.h> +#include <vlibmemory/api.h> + +#include <vnet/interface.h> +#include <vnet/api_errno.h> +#include <vnet/ipsec-gre/ipsec_gre.h> + +#include <vnet/vnet_msg_enum.h> + +#define vl_typedefs /* define message structures */ +#include <vnet/vnet_all_api_h.h> +#undef vl_typedefs + +#define vl_endianfun /* define message structures */ +#include <vnet/vnet_all_api_h.h> +#undef vl_endianfun + +/* instantiate all the print functions we know about */ +#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) +#define vl_printfun +#include <vnet/vnet_all_api_h.h> +#undef vl_printfun + +#include <vlibapi/api_helper_macros.h> + +#define foreach_vpe_api_msg \ +_(IPSEC_GRE_ADD_DEL_TUNNEL, ipsec_gre_add_del_tunnel) \ +_(IPSEC_GRE_TUNNEL_DUMP, ipsec_gre_tunnel_dump) + +static void +vl_api_ipsec_gre_add_del_tunnel_t_handler (vl_api_ipsec_gre_add_del_tunnel_t * + mp) +{ + vl_api_ipsec_gre_add_del_tunnel_reply_t *rmp; + int rv = 0; + vnet_ipsec_gre_add_del_tunnel_args_t _a, *a = &_a; + u32 sw_if_index = ~0; + + /* Check src & dst are different */ + if (memcmp (mp->src_address, mp->dst_address, 4) == 0) + { + rv = VNET_API_ERROR_SAME_SRC_DST; + goto out; + } + + memset (a, 0, sizeof (*a)); + + /* ip addresses sent in network byte order */ + clib_memcpy (&(a->src), mp->src_address, 4); + clib_memcpy (&(a->dst), mp->dst_address, 4); + a->is_add = mp->is_add; + a->lsa = ntohl (mp->local_sa_id); + a->rsa = ntohl (mp->remote_sa_id); + + rv = vnet_ipsec_gre_add_del_tunnel (a, &sw_if_index); + +out: + /* *INDENT-OFF* */ + REPLY_MACRO2(VL_API_GRE_ADD_DEL_TUNNEL_REPLY, + ({ + rmp->sw_if_index = ntohl (sw_if_index); + })); + /* *INDENT-ON* */ +} + +static void send_ipsec_gre_tunnel_details + (ipsec_gre_tunnel_t * t, unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_ipsec_gre_tunnel_details_t *rmp; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_IPSEC_GRE_TUNNEL_DETAILS); + clib_memcpy (rmp->src_address, &(t->tunnel_src), 4); + clib_memcpy (rmp->dst_address, &(t->tunnel_dst), 4); + rmp->sw_if_index = htonl (t->sw_if_index); + rmp->local_sa_id = htonl (t->local_sa_id); + rmp->remote_sa_id = htonl (t->remote_sa_id); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void vl_api_ipsec_gre_tunnel_dump_t_handler + (vl_api_ipsec_gre_tunnel_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + ipsec_gre_main_t *igm = &ipsec_gre_main; + ipsec_gre_tunnel_t *t; + u32 sw_if_index; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + { + return; + } + + sw_if_index = ntohl (mp->sw_if_index); + + if (~0 == sw_if_index) + { + /* *INDENT-OFF* */ + pool_foreach (t, igm->tunnels, + ({ + send_ipsec_gre_tunnel_details(t, q, mp->context); + })); + /* *INDENT-ON* */ + } + else + { + if ((sw_if_index >= vec_len (igm->tunnel_index_by_sw_if_index)) || + (~0 == igm->tunnel_index_by_sw_if_index[sw_if_index])) + { + return; + } + t = &igm->tunnels[igm->tunnel_index_by_sw_if_index[sw_if_index]]; + send_ipsec_gre_tunnel_details (t, q, mp->context); + } +} + +/* + * ipsec_gre_api_hookup + * Add vpe's API message handlers to the table. + * vlib has alread mapped shared memory and + * added the client registration handlers. + * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process() + */ +#define vl_msg_name_crc_list +#include <vnet/vnet_all_api_h.h> +#undef vl_msg_name_crc_list + +static void +setup_message_id_table (api_main_t * am) +{ +#define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id); + foreach_vl_msg_name_crc_ipsec_gre; +#undef _ +} + +static clib_error_t * +ipsec_gre_api_hookup (vlib_main_t * vm) +{ + api_main_t *am = &api_main; + +#define _(N,n) \ + vl_msg_api_set_handlers(VL_API_##N, #n, \ + vl_api_##n##_t_handler, \ + vl_noop_handler, \ + vl_api_##n##_t_endian, \ + vl_api_##n##_t_print, \ + sizeof(vl_api_##n##_t), 1); + foreach_vpe_api_msg; +#undef _ + + /* + * Set up the (msg_name, crc, message-id) table + */ + setup_message_id_table (am); + + return 0; +} + +VLIB_API_INIT_FUNCTION (ipsec_gre_api_hookup); + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/vnet/vnet/vnet_all_api_h.h b/vnet/vnet/vnet_all_api_h.h index 2210222da76..da962a3b189 100644 --- a/vnet/vnet/vnet_all_api_h.h +++ b/vnet/vnet/vnet_all_api_h.h @@ -44,6 +44,7 @@ #include <vnet/vxlan-gpe/vxlan_gpe.api.h> #include <vnet/bfd/bfd.api.h> #include <vnet/ipsec/ipsec.api.h> +#include <vnet/ipsec-gre/ipsec_gre.api.h> /* * fd.io coding-style-patch-verification: ON diff --git a/vpp-api/java/Makefile.am b/vpp-api/java/Makefile.am index db6a0082dd9..ed2da7c4062 100644 --- a/vpp-api/java/Makefile.am +++ b/vpp-api/java/Makefile.am @@ -97,7 +97,8 @@ jvpp-core/io_fd_vpp_jvpp_core_JVppCoreImpl.h: \ $(prefix)/../vnet/vnet/vxlan_gpe.api.json \ $(prefix)/../vnet/vnet/tap.api.json \ $(prefix)/../vnet/vnet/bfd.api.json \ - $(prefix)/../vnet/vnet/ipsec.api.json + $(prefix)/../vnet/vnet/ipsec.api.json \ + $(prefix)/../vnet/vnet/ipsec_gre.api.json cp -rf @srcdir@/jvpp-core/* -t jvpp-core/ mkdir -p jvpp-core/target cd jvpp-core \ @@ -119,6 +120,7 @@ jvpp-core/io_fd_vpp_jvpp_core_JVppCoreImpl.h: \ $(prefix)/../vnet/vnet/vxlan_gpe.api.json \ $(prefix)/../vnet/vnet/bfd.api.json \ $(prefix)/../vnet/vnet/ipsec.api.json \ + $(prefix)/../vnet/vnet/ipsec_gre.api.json \ && cp -rf types dto future callfacade callback notification *.java -t $(packagedir_jvpp_core) \ && rm -rf types dto future callfacade callback notification *.java diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c index ec2618184c3..4ac0afd3026 100644 --- a/vpp/vpp-api/api.c +++ b/vpp/vpp-api/api.c @@ -82,7 +82,6 @@ #include <vnet/ip/ip_source_and_port_range_check.h> #include <vnet/policer/policer.h> #include <vnet/flow/flow_report.h> -#include <vnet/ipsec-gre/ipsec_gre.h> #include <vnet/flow/flow_report_classify.h> #include <vnet/ip/punt.h> #include <vnet/feature/feature.h> @@ -250,8 +249,6 @@ _(IP_SOURCE_AND_PORT_RANGE_CHECK_ADD_DEL, \ ip_source_and_port_range_check_add_del) \ _(IP_SOURCE_AND_PORT_RANGE_CHECK_INTERFACE_ADD_DEL, \ ip_source_and_port_range_check_interface_add_del) \ -_(IPSEC_GRE_ADD_DEL_TUNNEL, ipsec_gre_add_del_tunnel) \ -_(IPSEC_GRE_TUNNEL_DUMP, ipsec_gre_tunnel_dump) \ _(DELETE_SUBIF, delete_subif) \ _(L2_INTERFACE_PBB_TAG_REWRITE, l2_interface_pbb_tag_rewrite) \ _(PUNT, punt) \ @@ -5735,97 +5732,6 @@ reply: } static void -vl_api_ipsec_gre_add_del_tunnel_t_handler (vl_api_ipsec_gre_add_del_tunnel_t * - mp) -{ - vl_api_ipsec_gre_add_del_tunnel_reply_t *rmp; - int rv = 0; - vnet_ipsec_gre_add_del_tunnel_args_t _a, *a = &_a; - u32 sw_if_index = ~0; - - /* Check src & dst are different */ - if (memcmp (mp->src_address, mp->dst_address, 4) == 0) - { - rv = VNET_API_ERROR_SAME_SRC_DST; - goto out; - } - - memset (a, 0, sizeof (*a)); - - /* ip addresses sent in network byte order */ - clib_memcpy (&(a->src), mp->src_address, 4); - clib_memcpy (&(a->dst), mp->dst_address, 4); - a->is_add = mp->is_add; - a->lsa = ntohl (mp->local_sa_id); - a->rsa = ntohl (mp->remote_sa_id); - - rv = vnet_ipsec_gre_add_del_tunnel (a, &sw_if_index); - -out: - /* *INDENT-OFF* */ - REPLY_MACRO2(VL_API_GRE_ADD_DEL_TUNNEL_REPLY, - ({ - rmp->sw_if_index = ntohl (sw_if_index); - })); - /* *INDENT-ON* */ -} - -static void send_ipsec_gre_tunnel_details - (ipsec_gre_tunnel_t * t, unix_shared_memory_queue_t * q, u32 context) -{ - vl_api_ipsec_gre_tunnel_details_t *rmp; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = ntohs (VL_API_IPSEC_GRE_TUNNEL_DETAILS); - clib_memcpy (rmp->src_address, &(t->tunnel_src), 4); - clib_memcpy (rmp->dst_address, &(t->tunnel_dst), 4); - rmp->sw_if_index = htonl (t->sw_if_index); - rmp->local_sa_id = htonl (t->local_sa_id); - rmp->remote_sa_id = htonl (t->remote_sa_id); - rmp->context = context; - - vl_msg_api_send_shmem (q, (u8 *) & rmp); -} - -static void vl_api_ipsec_gre_tunnel_dump_t_handler - (vl_api_ipsec_gre_tunnel_dump_t * mp) -{ - unix_shared_memory_queue_t *q; - ipsec_gre_main_t *igm = &ipsec_gre_main; - ipsec_gre_tunnel_t *t; - u32 sw_if_index; - - q = vl_api_client_index_to_input_queue (mp->client_index); - if (q == 0) - { - return; - } - - sw_if_index = ntohl (mp->sw_if_index); - - if (~0 == sw_if_index) - { - /* *INDENT-OFF* */ - pool_foreach (t, igm->tunnels, - ({ - send_ipsec_gre_tunnel_details(t, q, mp->context); - })); - /* *INDENT-ON* */ - } - else - { - if ((sw_if_index >= vec_len (igm->tunnel_index_by_sw_if_index)) || - (~0 == igm->tunnel_index_by_sw_if_index[sw_if_index])) - { - return; - } - t = &igm->tunnels[igm->tunnel_index_by_sw_if_index[sw_if_index]]; - send_ipsec_gre_tunnel_details (t, q, mp->context); - } -} - -static void vl_api_delete_subif_t_handler (vl_api_delete_subif_t * mp) { vl_api_delete_subif_reply_t *rmp; diff --git a/vpp/vpp-api/vpe.api b/vpp/vpp-api/vpe.api index 0d7de596141..52254cd3b3e 100644 --- a/vpp/vpp-api/vpe.api +++ b/vpp/vpp-api/vpe.api @@ -34,6 +34,7 @@ * L2TP APIs: see .../vnet/vnet/l2tp/{l2tp.api, l2tp_api.c} * BFD APIs: see .../vnet/vnet/bfd/{bfd.api, bfd_api.c} * IPSEC APIs: see .../vnet/vnet/ipsec/{ipsec.api, ipsec_api.c} + * IPSEC-GRE APIs: see .../vnet/vnet/ipsec-gre/{ipsec_gre.api, ipsec_gre_api.c} */ /** \brief Create a new subinterface with the given vlan id @@ -3519,64 +3520,6 @@ define ip_source_and_port_range_check_interface_add_del_reply i32 retval; }; -/** \brief Add / del ipsec gre tunnel request - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param local_sa_id - local SA id - @param remote_sa_id - remote SA id - @param is_add - 1 if adding the tunnel, 0 if deleting - @param src_address - tunnel source address - @param dst_address - tunnel destination address -*/ -define ipsec_gre_add_del_tunnel { - u32 client_index; - u32 context; - u32 local_sa_id; - u32 remote_sa_id; - u8 is_add; - u8 src_address[4]; - u8 dst_address[4]; -}; - -/** \brief Reply for add / del ipsec gre tunnel request - @param context - returned sender context, to match reply w/ request - @param retval - return code - @param sw_if_index - software index of the new ipsec gre tunnel -*/ -define ipsec_gre_add_del_tunnel_reply { - u32 context; - i32 retval; - u32 sw_if_index; -}; - -/** \brief Dump ipsec gre tunnel table - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param tunnel_index - gre tunnel identifier or -1 in case of all tunnels -*/ -define ipsec_gre_tunnel_dump { - u32 client_index; - u32 context; - u32 sw_if_index; -}; - -/** \brief mpls gre tunnel operational state response - @param context - returned sender context, to match reply w/ request - @param sw_if_index - software index of the ipsec gre tunnel - @param local_sa_id - local SA id - @param remote_sa_id - remote SA id - @param src_address - tunnel source address - @param dst_address - tunnel destination address -*/ -define ipsec_gre_tunnel_details { - u32 context; - u32 sw_if_index; - u32 local_sa_id; - u32 remote_sa_id; - u8 src_address[4]; - u8 dst_address[4]; -}; - /** \brief Delete sub interface request @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request |