From c73f3299ad765c87f57a0a810819d42c11b04d5e Mon Sep 17 00:00:00 2001 From: Filip Tehlar Date: Tue, 22 Jun 2021 08:21:31 +0000 Subject: ipsec: api cleanup Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar Change-Id: I0db7343e907524af5adb2f4771b45712927d5833 --- src/vat/api_format.c | 445 --------------------------------------------------- 1 file changed, 445 deletions(-) (limited to 'src/vat/api_format.c') diff --git a/src/vat/api_format.c b/src/vat/api_format.c index 077a4cae5d3..3a93bdfa790 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -426,34 +426,6 @@ api_unformat_sw_if_index (unformat_input_t * input, va_list * args) #endif /* VPP_API_TEST_BUILTIN */ -uword -unformat_ipsec_api_crypto_alg (unformat_input_t * input, va_list * args) -{ - u32 *r = va_arg (*args, u32 *); - - if (0); -#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_API_CRYPTO_ALG_##f; - foreach_ipsec_crypto_alg -#undef _ - else - return 0; - return 1; -} - -uword -unformat_ipsec_api_integ_alg (unformat_input_t * input, va_list * args) -{ - u32 *r = va_arg (*args, u32 *); - - if (0); -#define _(v,f,s) else if (unformat (input, s)) *r = IPSEC_API_INTEG_ALG_##f; - foreach_ipsec_integ_alg -#undef _ - else - return 0; - return 1; -} - #if (VPP_API_TEST_BUILTIN==0) static const char *mfib_flag_names[] = MFIB_ENTRY_NAMES_SHORT; @@ -2468,10 +2440,6 @@ _(modify_vhost_user_if_reply) \ _(modify_vhost_user_if_v2_reply) \ _(delete_vhost_user_if_reply) \ _(want_l2_macs_events_reply) \ -_(ipsec_spd_add_del_reply) \ -_(ipsec_interface_add_del_spd_reply) \ -_(ipsec_spd_entry_add_del_reply) \ -_(ipsec_sad_entry_add_del_reply) \ _(delete_loopback_reply) \ _(bd_ip_mac_add_del_reply) \ _(bd_ip_mac_flush_reply) \ @@ -2618,11 +2586,6 @@ _(WANT_L2_MACS_EVENTS_REPLY, want_l2_macs_events_reply) \ _(L2_MACS_EVENT, l2_macs_event) \ _(IP_ADDRESS_DETAILS, ip_address_details) \ _(IP_DETAILS, ip_details) \ -_(IPSEC_SPD_ADD_DEL_REPLY, ipsec_spd_add_del_reply) \ -_(IPSEC_INTERFACE_ADD_DEL_SPD_REPLY, ipsec_interface_add_del_spd_reply) \ -_(IPSEC_SPD_ENTRY_ADD_DEL_REPLY, ipsec_spd_entry_add_del_reply) \ -_(IPSEC_SAD_ENTRY_ADD_DEL_REPLY, ipsec_sad_entry_add_del_reply) \ -_(IPSEC_SA_DETAILS, ipsec_sa_details) \ _(DELETE_LOOPBACK_REPLY, delete_loopback_reply) \ _(BD_IP_MAC_ADD_DEL_REPLY, bd_ip_mac_add_del_reply) \ _(BD_IP_MAC_FLUSH_REPLY, bd_ip_mac_flush_reply) \ @@ -8675,403 +8638,6 @@ api_ip_dump (vat_main_t * vam) return ret; } -static int -api_ipsec_spd_add_del (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ipsec_spd_add_del_t *mp; - u32 spd_id = ~0; - u8 is_add = 1; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "spd_id %d", &spd_id)) - ; - else if (unformat (i, "del")) - is_add = 0; - else - { - clib_warning ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - if (spd_id == ~0) - { - errmsg ("spd_id must be set"); - return -99; - } - - M (IPSEC_SPD_ADD_DEL, mp); - - mp->spd_id = ntohl (spd_id); - mp->is_add = is_add; - - S (mp); - W (ret); - return ret; -} - -static int -api_ipsec_interface_add_del_spd (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ipsec_interface_add_del_spd_t *mp; - u32 sw_if_index; - u8 sw_if_index_set = 0; - u32 spd_id = (u32) ~ 0; - u8 is_add = 1; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "del")) - is_add = 0; - else if (unformat (i, "spd_id %d", &spd_id)) - ; - else - if (unformat (i, "%U", api_unformat_sw_if_index, vam, &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "sw_if_index %d", &sw_if_index)) - sw_if_index_set = 1; - else - { - clib_warning ("parse error '%U'", format_unformat_error, i); - return -99; - } - - } - - if (spd_id == (u32) ~ 0) - { - errmsg ("spd_id must be set"); - return -99; - } - - if (sw_if_index_set == 0) - { - errmsg ("missing interface name or sw_if_index"); - return -99; - } - - M (IPSEC_INTERFACE_ADD_DEL_SPD, mp); - - mp->spd_id = ntohl (spd_id); - mp->sw_if_index = ntohl (sw_if_index); - mp->is_add = is_add; - - S (mp); - W (ret); - return ret; -} - -static int -api_ipsec_spd_entry_add_del (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ipsec_spd_entry_add_del_t *mp; - u8 is_add = 1, is_outbound = 0; - u32 spd_id = 0, sa_id = 0, protocol = 0, policy = 0; - i32 priority = 0; - u32 rport_start = 0, rport_stop = (u32) ~ 0; - u32 lport_start = 0, lport_stop = (u32) ~ 0; - vl_api_address_t laddr_start = { }, laddr_stop = - { - }, raddr_start = - { - }, raddr_stop = - { - }; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "del")) - is_add = 0; - if (unformat (i, "outbound")) - is_outbound = 1; - if (unformat (i, "inbound")) - is_outbound = 0; - else if (unformat (i, "spd_id %d", &spd_id)) - ; - else if (unformat (i, "sa_id %d", &sa_id)) - ; - else if (unformat (i, "priority %d", &priority)) - ; - else if (unformat (i, "protocol %d", &protocol)) - ; - else if (unformat (i, "lport_start %d", &lport_start)) - ; - else if (unformat (i, "lport_stop %d", &lport_stop)) - ; - else if (unformat (i, "rport_start %d", &rport_start)) - ; - else if (unformat (i, "rport_stop %d", &rport_stop)) - ; - else if (unformat (i, "laddr_start %U", - unformat_vl_api_address, &laddr_start)) - ; - else if (unformat (i, "laddr_stop %U", unformat_vl_api_address, - &laddr_stop)) - ; - else if (unformat (i, "raddr_start %U", unformat_vl_api_address, - &raddr_start)) - ; - else if (unformat (i, "raddr_stop %U", unformat_vl_api_address, - &raddr_stop)) - ; - else - if (unformat (i, "action %U", unformat_ipsec_policy_action, &policy)) - { - if (policy == IPSEC_POLICY_ACTION_RESOLVE) - { - clib_warning ("unsupported action: 'resolve'"); - return -99; - } - } - else - { - clib_warning ("parse error '%U'", format_unformat_error, i); - return -99; - } - - } - - M (IPSEC_SPD_ENTRY_ADD_DEL, mp); - - mp->is_add = is_add; - - mp->entry.spd_id = ntohl (spd_id); - mp->entry.priority = ntohl (priority); - mp->entry.is_outbound = is_outbound; - - clib_memcpy (&mp->entry.remote_address_start, &raddr_start, - sizeof (vl_api_address_t)); - clib_memcpy (&mp->entry.remote_address_stop, &raddr_stop, - sizeof (vl_api_address_t)); - clib_memcpy (&mp->entry.local_address_start, &laddr_start, - sizeof (vl_api_address_t)); - clib_memcpy (&mp->entry.local_address_stop, &laddr_stop, - sizeof (vl_api_address_t)); - - mp->entry.protocol = (u8) protocol; - mp->entry.local_port_start = ntohs ((u16) lport_start); - mp->entry.local_port_stop = ntohs ((u16) lport_stop); - mp->entry.remote_port_start = ntohs ((u16) rport_start); - mp->entry.remote_port_stop = ntohs ((u16) rport_stop); - mp->entry.policy = (u8) policy; - mp->entry.sa_id = ntohl (sa_id); - - S (mp); - W (ret); - return ret; -} - -static int -api_ipsec_sad_entry_add_del (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ipsec_sad_entry_add_del_t *mp; - u32 sad_id = 0, spi = 0; - u8 *ck = 0, *ik = 0; - u8 is_add = 1; - - vl_api_ipsec_crypto_alg_t crypto_alg = IPSEC_API_CRYPTO_ALG_NONE; - vl_api_ipsec_integ_alg_t integ_alg = IPSEC_API_INTEG_ALG_NONE; - vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE; - vl_api_ipsec_proto_t protocol = IPSEC_API_PROTO_AH; - vl_api_address_t tun_src, tun_dst; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "del")) - is_add = 0; - else if (unformat (i, "sad_id %d", &sad_id)) - ; - else if (unformat (i, "spi %d", &spi)) - ; - else if (unformat (i, "esp")) - protocol = IPSEC_API_PROTO_ESP; - else - if (unformat (i, "tunnel_src %U", unformat_vl_api_address, &tun_src)) - { - flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL; - if (ADDRESS_IP6 == tun_src.af) - flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6; - } - else - if (unformat (i, "tunnel_dst %U", unformat_vl_api_address, &tun_dst)) - { - flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL; - if (ADDRESS_IP6 == tun_src.af) - flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6; - } - else - if (unformat (i, "crypto_alg %U", - unformat_ipsec_api_crypto_alg, &crypto_alg)) - ; - else if (unformat (i, "crypto_key %U", unformat_hex_string, &ck)) - ; - else if (unformat (i, "integ_alg %U", - unformat_ipsec_api_integ_alg, &integ_alg)) - ; - else if (unformat (i, "integ_key %U", unformat_hex_string, &ik)) - ; - else - { - clib_warning ("parse error '%U'", format_unformat_error, i); - return -99; - } - - } - - M (IPSEC_SAD_ENTRY_ADD_DEL, mp); - - mp->is_add = is_add; - mp->entry.sad_id = ntohl (sad_id); - mp->entry.protocol = protocol; - mp->entry.spi = ntohl (spi); - mp->entry.flags = flags; - - mp->entry.crypto_algorithm = crypto_alg; - mp->entry.integrity_algorithm = integ_alg; - mp->entry.crypto_key.length = vec_len (ck); - mp->entry.integrity_key.length = vec_len (ik); - - if (mp->entry.crypto_key.length > sizeof (mp->entry.crypto_key.data)) - mp->entry.crypto_key.length = sizeof (mp->entry.crypto_key.data); - - if (mp->entry.integrity_key.length > sizeof (mp->entry.integrity_key.data)) - mp->entry.integrity_key.length = sizeof (mp->entry.integrity_key.data); - - if (ck) - clib_memcpy (mp->entry.crypto_key.data, ck, mp->entry.crypto_key.length); - if (ik) - clib_memcpy (mp->entry.integrity_key.data, ik, - mp->entry.integrity_key.length); - - if (flags & IPSEC_API_SAD_FLAG_IS_TUNNEL) - { - clib_memcpy (&mp->entry.tunnel_src, &tun_src, - sizeof (mp->entry.tunnel_src)); - clib_memcpy (&mp->entry.tunnel_dst, &tun_dst, - sizeof (mp->entry.tunnel_dst)); - } - - S (mp); - W (ret); - return ret; -} - -static void -vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t * mp) -{ - vat_main_t *vam = &vat_main; - - print (vam->ofp, "sa_id %u sw_if_index %u spi %u proto %u crypto_alg %u " - "crypto_key %U integ_alg %u integ_key %U flags %x " - "tunnel_src_addr %U tunnel_dst_addr %U " - "salt %u seq_outbound %lu last_seq_inbound %lu " - "replay_window %lu stat_index %u\n", - ntohl (mp->entry.sad_id), - ntohl (mp->sw_if_index), - ntohl (mp->entry.spi), - ntohl (mp->entry.protocol), - ntohl (mp->entry.crypto_algorithm), - format_hex_bytes, mp->entry.crypto_key.data, - mp->entry.crypto_key.length, ntohl (mp->entry.integrity_algorithm), - format_hex_bytes, mp->entry.integrity_key.data, - mp->entry.integrity_key.length, ntohl (mp->entry.flags), - format_vl_api_address, &mp->entry.tunnel_src, format_vl_api_address, - &mp->entry.tunnel_dst, ntohl (mp->salt), - clib_net_to_host_u64 (mp->seq_outbound), - clib_net_to_host_u64 (mp->last_seq_inbound), - clib_net_to_host_u64 (mp->replay_window), ntohl (mp->stat_index)); -} - -#define vl_api_ipsec_sa_details_t_endian vl_noop_handler -#define vl_api_ipsec_sa_details_t_print vl_noop_handler - -static void vl_api_ipsec_sa_details_t_handler_json - (vl_api_ipsec_sa_details_t * mp) -{ - vat_main_t *vam = &vat_main; - vat_json_node_t *node = NULL; - vl_api_ipsec_sad_flags_t flags; - - if (VAT_JSON_ARRAY != vam->json_tree.type) - { - ASSERT (VAT_JSON_NONE == vam->json_tree.type); - vat_json_init_array (&vam->json_tree); - } - node = vat_json_array_add (&vam->json_tree); - - vat_json_init_object (node); - vat_json_object_add_uint (node, "sa_id", ntohl (mp->entry.sad_id)); - vat_json_object_add_uint (node, "sw_if_index", ntohl (mp->sw_if_index)); - vat_json_object_add_uint (node, "spi", ntohl (mp->entry.spi)); - vat_json_object_add_uint (node, "proto", ntohl (mp->entry.protocol)); - vat_json_object_add_uint (node, "crypto_alg", - ntohl (mp->entry.crypto_algorithm)); - vat_json_object_add_uint (node, "integ_alg", - ntohl (mp->entry.integrity_algorithm)); - flags = ntohl (mp->entry.flags); - vat_json_object_add_uint (node, "use_esn", - ! !(flags & IPSEC_API_SAD_FLAG_USE_ESN)); - vat_json_object_add_uint (node, "use_anti_replay", - ! !(flags & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY)); - vat_json_object_add_uint (node, "is_tunnel", - ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL)); - vat_json_object_add_uint (node, "is_tunnel_ip6", - ! !(flags & IPSEC_API_SAD_FLAG_IS_TUNNEL_V6)); - vat_json_object_add_uint (node, "udp_encap", - ! !(flags & IPSEC_API_SAD_FLAG_UDP_ENCAP)); - vat_json_object_add_bytes (node, "crypto_key", mp->entry.crypto_key.data, - mp->entry.crypto_key.length); - vat_json_object_add_bytes (node, "integ_key", mp->entry.integrity_key.data, - mp->entry.integrity_key.length); - vat_json_object_add_address (node, "src", &mp->entry.tunnel_src); - vat_json_object_add_address (node, "dst", &mp->entry.tunnel_dst); - vat_json_object_add_uint (node, "replay_window", - clib_net_to_host_u64 (mp->replay_window)); - vat_json_object_add_uint (node, "stat_index", ntohl (mp->stat_index)); -} - -static int -api_ipsec_sa_dump (vat_main_t * vam) -{ - unformat_input_t *i = vam->input; - vl_api_ipsec_sa_dump_t *mp; - vl_api_control_ping_t *mp_ping; - u32 sa_id = ~0; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "sa_id %d", &sa_id)) - ; - else - { - clib_warning ("parse error '%U'", format_unformat_error, i); - return -99; - } - } - - M (IPSEC_SA_DUMP, mp); - - mp->sa_id = ntohl (sa_id); - - S (mp); - - /* Use a control ping for synchronization */ - M (CONTROL_PING, mp_ping); - S (mp_ping); - - W (ret); - return ret; -} - static int api_get_first_msg_id (vat_main_t * vam) { @@ -11675,17 +11241,6 @@ _(interface_name_renumber, \ _(want_l2_macs_events, "[disable] [learn-limit ] [scan-delay ] [max-entries ]") \ _(ip_address_dump, "(ipv4 | ipv6) ( | sw_if_index )") \ _(ip_dump, "ipv4 | ipv6") \ -_(ipsec_spd_add_del, "spd_id [del]") \ -_(ipsec_interface_add_del_spd, "( | sw_if_index )\n" \ - " spid_id ") \ -_(ipsec_sad_entry_add_del, "sad_id spi crypto_alg \n" \ - " crypto_key tunnel_src tunnel_dst \n" \ - " integ_alg integ_key ") \ -_(ipsec_spd_entry_add_del, "spd_id priority action \n" \ - " (inbound|outbound) [sa_id ] laddr_start \n" \ - " laddr_stop raddr_start raddr_stop \n" \ - " [lport_start lport_stop ] [rport_start rport_stop ]" ) \ -_(ipsec_sa_dump, "[sa_id ]") \ _(delete_loopback,"sw_if_index ") \ _(bd_ip_mac_add_del, "bd_id [del]") \ _(bd_ip_mac_flush, "bd_id ") \ -- cgit 1.2.3-korg