summaryrefslogtreecommitdiffstats
path: root/src/plugins/tlsopenssl/tls_openssl_api.c
blob: c34829f0b2966c06e0ce68517739cf2ef950e50e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

/*
 * Copyright (c) 2018 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <vnet/vnet.h>
#include <vlibapi/api.h>
#include <vlibmemory/api.h>
#include <vpp/app/version.h>
#include <tlsopenssl/tls_openssl.h>

/* define message IDs */
#include <tlsopenssl/tls_openssl.api_enum.h>
#include <tlsopenssl/tls_openssl.api_types.h>

#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)

#define REPLY_MSG_ID_BASE om->msg_id_base
#include <vlibapi/api_helper_macros.h>

extern openssl_main_t openssl_main;

/* API message handler */
static void
vl_api_tls_openssl_set_engine_t_handler (vl_api_tls_openssl_set_engine_t * mp)
{
  vl_api_tls_openssl_set_engine_reply_t *rmp;
  openssl_main_t *om = &openssl_main;
  char *engine, *alg;
  char *ciphers;
  int rv;

  ciphers = (char *) &mp->ciphers;
  ciphers[63] = '\0';
  if (ciphers[0])
    tls_openssl_set_ciphers (ciphers);

  engine = (char *) mp->engine;
  engine[63] = '\0';
  alg = (char *) mp->algorithm;
  alg[63] = '\0';
  rv = openssl_engine_register (engine, alg, mp->async_enable);
  om->async = mp->async_enable;

  REPLY_MACRO (VL_API_TLS_OPENSSL_SET_ENGINE_REPLY);
}

#include <tlsopenssl/tls_openssl.api.c>
clib_error_t *
tls_openssl_api_init (vlib_main_t * vm)
{
  openssl_main_t *om = &openssl_main;

  /* Ask for a correctly-sized block of API message decode slots */
  om->msg_id_base = setup_message_id_table ();

  return 0;
}

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */
Y KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """COP utilities library.""" from resources.libraries.python.PapiExecutor import PapiSocketExecutor from resources.libraries.python.topology import Topology class Cop: """COP utilities.""" @staticmethod def cop_add_whitelist_entry( node, interface, ip_version, fib_id, default_cop=0): """Add cop whitelisted entry. :param node: Node to add COP whitelist on. :param interface: Interface of the node where the COP is added. :param ip_version: IP version. 'ip4' and 'ip6' are valid values. :param fib_id: Specify the fib table ID. :param default_cop: 1 => enable non-ip4, non-ip6 filtration, 0 => disable it. :type node: dict :type interface: str :type ip_version: str :type fib_id: int :type default_cop: int :raises ValueError: If parameter 'ip_version' has incorrect value. """ if ip_version not in (u"ip4", u"ip6"): raise ValueError(u"IP version is not in correct format") cmd = u"cop_whitelist_enable_disable" err_msg = f"Failed to add COP whitelist on interface {interface} " \ f"on host {node[u'host']}" args = dict( sw_if_index=Topology.get_interface_sw_index(node, interface), fib_id=int(fib_id), ip4=bool(ip_version == u"ip4"), ip6=bool(ip_version == u"ip6"), default_cop=default_cop ) with PapiSocketExecutor(node) as papi_exec: papi_exec.add(cmd, **args).get_reply(err_msg) @staticmethod def cop_interface_enable_or_disable(node, interface, state): """Enable or disable COP on the interface. :param node: Node to add COP whitelist on. :param interface: Interface of the node where the COP is added. :param state: Enable or disable COP on the interface. :type node: dict :type interface: str :type state: str :raises ValueError: If parameter 'state' has incorrect value. """ state = state.lower() if state in (u"enable", u"disable"): enable = bool(state == u"enable") else: raise ValueError(u"Possible state values are 'enable' or 'disable'") cmd = u"cop_interface_enable_disable" err_msg = f"Failed to enable/disable COP on interface {interface} " \ f"on host {node[u'host']}" args = dict( sw_if_index=Topology.get_interface_sw_index(node, interface), enable_disable=enable ) with PapiSocketExecutor(node) as papi_exec: papi_exec.add(cmd, **args).get_reply(err_msg)