diff options
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r-- | src/vnet/ipsec/ipsec.api | 27 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_api.c | 55 |
2 files changed, 81 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api index d6a28017fff..793422d86fb 100644 --- a/src/vnet/ipsec/ipsec.api +++ b/src/vnet/ipsec/ipsec.api @@ -455,7 +455,7 @@ define ipsec_spds_dump { @param spd_id - SPD instance id (control plane allocated) @param npolicies - number of policies in SPD */ - define ipsec_spds_details { +define ipsec_spds_details { u32 context; u32 spd_id; u32 npolicies; @@ -515,6 +515,31 @@ define ipsec_spd_details { u64 packets; }; +/** \brief IPsec: Get SPD interfaces + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param spd_index - SPD index + @param spd_index_valid - if 1 spd_index is used to filter + spd_index's, if 0 no filtering is done +*/ +define ipsec_spd_interface_dump { + u32 client_index; + u32 context; + u32 spd_index; + u8 spd_index_valid; +}; + +/** \brief IPsec: SPD interface response + @param context - sender context which was passed in the request + @param spd_index - SPD index + @param sw_if_index - index of the interface +*/ +define ipsec_spd_interface_details { + u32 context; + u32 spd_index; + u32 sw_if_index; +}; + /** \brief Add or delete IPsec tunnel interface @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index f80c3400a6f..ced2c9ce6cd 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -56,6 +56,7 @@ _(IPSEC_SA_SET_KEY, ipsec_sa_set_key) \ _(IPSEC_SA_DUMP, ipsec_sa_dump) \ _(IPSEC_SPDS_DUMP, ipsec_spds_dump) \ _(IPSEC_SPD_DUMP, ipsec_spd_dump) \ +_(IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump) \ _(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del) \ _(IPSEC_TUNNEL_IF_SET_KEY, ipsec_tunnel_if_set_key) \ _(IPSEC_TUNNEL_IF_SET_SA, ipsec_tunnel_if_set_sa) \ @@ -367,6 +368,60 @@ vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp) } static void +send_ipsec_spd_interface_details (vl_api_registration_t * reg, u32 spd_index, + u32 sw_if_index, u32 context) +{ + vl_api_ipsec_spd_interface_details_t *mp; + + mp = vl_msg_api_alloc (sizeof (*mp)); + clib_memset (mp, 0, sizeof (*mp)); + mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_INTERFACE_DETAILS); + mp->context = context; + + mp->spd_index = htonl (spd_index); + mp->sw_if_index = htonl (sw_if_index); + + vl_api_send_msg (reg, (u8 *) mp); +} + +static void +vl_api_ipsec_spd_interface_dump_t_handler (vl_api_ipsec_spd_interface_dump_t * + mp) +{ + ipsec_main_t *im = &ipsec_main; + vl_api_registration_t *reg; + u32 k, v, spd_index; + +#if WITH_LIBSSL > 0 + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + if (mp->spd_index_valid) + { + spd_index = ntohl (mp->spd_index); + /* *INDENT-OFF* */ + hash_foreach(k, v, im->spd_index_by_sw_if_index, ({ + if (v == spd_index) + send_ipsec_spd_interface_details(reg, v, k, mp->context); + })); + /* *INDENT-ON* */ + } + else + { + /* *INDENT-OFF* */ + hash_foreach(k, v, im->spd_index_by_sw_if_index, ({ + send_ipsec_spd_interface_details(reg, v, k, mp->context); + })); + /* *INDENT-ON* */ + } + +#else + clib_warning ("unimplemented"); +#endif +} + +static void vl_api_ipsec_sa_set_key_t_handler (vl_api_ipsec_sa_set_key_t * mp) { vlib_main_t *vm __attribute__ ((unused)) = vlib_get_main (); |