summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_api.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec/ipsec_api.c')
-rw-r--r--src/vnet/ipsec/ipsec_api.c139
1 files changed, 138 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 2c7c0d9626d..99e25f1b17a 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -30,6 +30,7 @@
#if WITH_LIBSSL > 0
#include <vnet/ipsec/ipsec.h>
+#include <vnet/ipsec/ipsec_tun.h>
#endif /* IPSEC */
#define vl_typedefs /* define message structures */
@@ -60,7 +61,10 @@ _(IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump) \
_(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del) \
_(IPSEC_TUNNEL_IF_SET_SA, ipsec_tunnel_if_set_sa) \
_(IPSEC_SELECT_BACKEND, ipsec_select_backend) \
-_(IPSEC_BACKEND_DUMP, ipsec_backend_dump)
+_(IPSEC_BACKEND_DUMP, ipsec_backend_dump) \
+_(IPSEC_TUNNEL_PROTECT_UPDATE, ipsec_tunnel_protect_update) \
+_(IPSEC_TUNNEL_PROTECT_DEL, ipsec_tunnel_protect_del) \
+_(IPSEC_TUNNEL_PROTECT_DUMP, ipsec_tunnel_protect_dump)
static void
vl_api_ipsec_spd_add_del_t_handler (vl_api_ipsec_spd_add_del_t * mp)
@@ -104,6 +108,132 @@ static void vl_api_ipsec_interface_add_del_spd_t_handler
REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
}
+static void vl_api_ipsec_tunnel_protect_update_t_handler
+ (vl_api_ipsec_tunnel_protect_update_t * mp)
+{
+ vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
+ vl_api_ipsec_tunnel_protect_update_reply_t *rmp;
+ u32 sw_if_index, ii, *sa_ins = NULL;
+ int rv;
+
+ sw_if_index = ntohl (mp->tunnel.sw_if_index);
+
+ VALIDATE_SW_IF_INDEX (&(mp->tunnel));
+
+#if WITH_LIBSSL > 0
+
+ for (ii = 0; ii < mp->tunnel.n_sa_in; ii++)
+ vec_add1 (sa_ins, ntohl (mp->tunnel.sa_in[ii]));
+
+ rv = ipsec_tun_protect_update (sw_if_index,
+ ntohl (mp->tunnel.sa_out), sa_ins);
+#else
+ rv = VNET_API_ERROR_UNIMPLEMENTED;
+#endif
+
+ BAD_SW_IF_INDEX_LABEL;
+
+ REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_UPDATE_REPLY);
+}
+
+static void vl_api_ipsec_tunnel_protect_del_t_handler
+ (vl_api_ipsec_tunnel_protect_del_t * mp)
+{
+ vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main ();
+ vl_api_ipsec_tunnel_protect_del_reply_t *rmp;
+ int rv;
+ u32 sw_if_index;
+
+ sw_if_index = ntohl (mp->sw_if_index);
+
+ VALIDATE_SW_IF_INDEX (mp);
+
+#if WITH_LIBSSL > 0
+ rv = ipsec_tun_protect_del (sw_if_index);
+#else
+ rv = VNET_API_ERROR_UNIMPLEMENTED;
+#endif
+
+ BAD_SW_IF_INDEX_LABEL;
+
+ REPLY_MACRO (VL_API_IPSEC_TUNNEL_PROTECT_DEL_REPLY);
+}
+
+typedef struct ipsec_tunnel_protect_walk_ctx_t_
+{
+ vl_api_registration_t *reg;
+ u32 context;
+} ipsec_tunnel_protect_walk_ctx_t;
+
+static walk_rc_t
+send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
+{
+ ipsec_tunnel_protect_walk_ctx_t *ctx = arg;
+ vl_api_ipsec_tunnel_protect_details_t *mp;
+ ipsec_tun_protect_t *itp;
+ u32 sai, ii = 0;
+
+ itp = ipsec_tun_protect_get (itpi);
+
+
+ mp = vl_msg_api_alloc (sizeof (*mp) + (sizeof (u32) * itp->itp_n_sa_in));
+ clib_memset (mp, 0, sizeof (*mp));
+ mp->_vl_msg_id = ntohs (VL_API_IPSEC_TUNNEL_PROTECT_DETAILS);
+ mp->context = ctx->context;
+
+ mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
+
+ mp->tun.sa_out = htonl (itp->itp_out_sa);
+ mp->tun.n_sa_in = itp->itp_n_sa_in;
+ /* *INDENT-OFF* */
+ FOR_EACH_IPSEC_PROTECT_INPUT_SAI(itp, sai,
+ ({
+ mp->tun.sa_in[ii++] = htonl (sai);
+ }));
+ /* *INDENT-ON* */
+
+ vl_api_send_msg (ctx->reg, (u8 *) mp);
+
+ return (WALK_CONTINUE);
+}
+
+static void
+vl_api_ipsec_tunnel_protect_dump_t_handler (vl_api_ipsec_tunnel_protect_dump_t
+ * mp)
+{
+ vl_api_registration_t *reg;
+ u32 sw_if_index;
+
+#if WITH_LIBSSL > 0
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ ipsec_tunnel_protect_walk_ctx_t ctx = {
+ .reg = reg,
+ .context = mp->context,
+ };
+
+ sw_if_index = ntohl (mp->sw_if_index);
+
+ if (~0 == sw_if_index)
+ {
+ ipsec_tun_protect_walk (send_ipsec_tunnel_protect_details, &ctx);
+ }
+ else
+ {
+ index_t itpi;
+
+ itpi = ipsec_tun_protect_find (sw_if_index);
+
+ if (INDEX_INVALID != itpi)
+ send_ipsec_tunnel_protect_details (itpi, &ctx);
+ }
+#else
+ clib_warning ("unimplemented");
+#endif
+}
+
static int
ipsec_spd_action_decode (vl_api_ipsec_spd_action_t in,
ipsec_policy_action_t * out)
@@ -879,6 +1009,13 @@ ipsec_api_hookup (vlib_main_t * vm)
#undef _
/*
+ * Adding and deleting SAs is MP safe since when they are added/delete
+ * no traffic is using them
+ */
+ am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL] = 1;
+ am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY] = 1;
+
+ /*
* Set up the (msg_name, crc, message-id) table
*/
setup_message_id_table (am);