FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
ikev2_cli.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include <vlib/vlib.h>
16 #include <vnet/vnet.h>
17 #include <vnet/pg/pg.h>
18 #include <vppinfra/error.h>
19 #include <vnet/udp/udp.h>
20 #include <vnet/ipsec/ipsec_sa.h>
21 #include <plugins/ikev2/ikev2.h>
22 #include <plugins/ikev2/ikev2_priv.h>
23 
24 u8 *
25 format_ikev2_id_type_and_data (u8 * s, va_list * args)
26 {
27  ikev2_id_t *id = va_arg (*args, ikev2_id_t *);
28 
29  if (id->type == 0 || vec_len (id->data) == 0)
30  return format (s, "none");
31 
32  s = format (s, "%U", format_ikev2_id_type, id->type);
33 
34  if (id->type == IKEV2_ID_TYPE_ID_FQDN ||
35  id->type == IKEV2_ID_TYPE_ID_RFC822_ADDR)
36  {
37  s = format (s, " %v", id->data);
38  }
39  else
40  {
41  s =
42  format (s, " %U", format_hex_bytes, &id->data,
43  (uword) (vec_len (id->data)));
44  }
45 
46  return s;
47 }
48 
49 static u8 *
50 format_ikev2_traffic_selector (u8 * s, va_list * va)
51 {
52  ikev2_ts_t *ts = va_arg (*va, ikev2_ts_t *);
53  u32 index = va_arg (*va, u32);
54 
55  s = format (s, "%u type %u protocol_id %u addr "
56  "%U - %U port %u - %u\n",
57  index, ts->ts_type, ts->protocol_id,
58  format_ip_address, &ts->start_addr,
59  format_ip_address, &ts->end_addr,
60  clib_net_to_host_u16 (ts->start_port),
61  clib_net_to_host_u16 (ts->end_port));
62  return s;
63 }
64 
65 static u8 *
66 format_ikev2_child_sa (u8 * s, va_list * va)
67 {
68  ikev2_child_sa_t *child = va_arg (*va, ikev2_child_sa_t *);
69  u32 index = va_arg (*va, u32);
70  ikev2_ts_t *ts;
71  ikev2_sa_transform_t *tr;
72  u8 *c = 0;
73 
74  u32 indent = format_get_indent (s);
75  indent += 1;
76 
77  s = format (s, "child sa %u:", index);
78 
79  tr = ikev2_sa_get_td_for_type (child->r_proposals,
80  IKEV2_TRANSFORM_TYPE_ENCR);
81  c = format (c, "%U ", format_ikev2_sa_transform, tr);
82 
83  tr = ikev2_sa_get_td_for_type (child->r_proposals,
84  IKEV2_TRANSFORM_TYPE_INTEG);
85  c = format (c, "%U ", format_ikev2_sa_transform, tr);
86 
87  tr = ikev2_sa_get_td_for_type (child->r_proposals,
88  IKEV2_TRANSFORM_TYPE_ESN);
89  c = format (c, "%U ", format_ikev2_sa_transform, tr);
90 
91  s = format (s, "%v\n", c);
92  vec_free (c);
93 
94  s = format (s, "%Uspi(i) %lx spi(r) %lx\n", format_white_space, indent,
95  child->i_proposals ? child->i_proposals[0].spi : 0,
96  child->r_proposals ? child->r_proposals[0].spi : 0);
97 
98  s = format (s, "%USK_e i:%U\n%Ur:%U\n",
99  format_white_space, indent,
100  format_hex_bytes, child->sk_ei, vec_len (child->sk_ei),
101  format_white_space, indent + 6,
102  format_hex_bytes, child->sk_er, vec_len (child->sk_er));
103  if (child->sk_ai)
104  {
105  s = format (s, "%USK_a i:%U\n%Ur:%U\n",
106  format_white_space, indent,
107  format_hex_bytes, child->sk_ai, vec_len (child->sk_ai),
108  format_white_space, indent + 6,
109  format_hex_bytes, child->sk_ar, vec_len (child->sk_ar));
110  }
111  s = format (s, "%Utraffic selectors (i):", format_white_space, indent);
112  vec_foreach (ts, child->tsi)
113  s = format (s, "%U", format_ikev2_traffic_selector, ts, ts - child->tsi);
114  s = format (s, "%Utraffic selectors (r):", format_white_space, indent);
115  vec_foreach (ts, child->tsr)
116  s = format (s, "%U", format_ikev2_traffic_selector, ts, ts - child->tsr);
117  return s;
118 }
119 
120 static u8 *
121 format_ikev2_sa (u8 * s, va_list * va)
122 {
123  ikev2_sa_t *sa = va_arg (*va, ikev2_sa_t *);
124  int details = va_arg (*va, int);
125  ikev2_sa_transform_t *tr;
126  ikev2_child_sa_t *child;
127  u32 indent = 1;
128 
129  s = format (s, "iip %U ispi %lx rip %U rspi %lx",
130  format_ip_address, &sa->iaddr, sa->ispi,
131  format_ip_address, &sa->raddr, sa->rspi);
132  if (!details)
133  return s;
134 
135  s = format (s, "\n%U", format_white_space, indent);
136 
137  tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
138  s = format (s, "%U ", format_ikev2_sa_transform, tr);
139 
140  tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
141  s = format (s, "%U ", format_ikev2_sa_transform, tr);
142 
143  tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
144  s = format (s, "%U ", format_ikev2_sa_transform, tr);
145 
146  tr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_DH);
147  s = format (s, "%U", format_ikev2_sa_transform, tr);
148 
149  s = format (s, "\n%U", format_white_space, indent);
150 
151  s = format (s, "nonce i:%U\n%Ur:%U\n",
152  format_hex_bytes, sa->i_nonce, vec_len (sa->i_nonce),
153  format_white_space, indent + 6,
154  format_hex_bytes, sa->r_nonce, vec_len (sa->r_nonce));
155 
156  s = format (s, "%USK_d %U\n", format_white_space, indent,
157  format_hex_bytes, sa->sk_d, vec_len (sa->sk_d));
158  if (sa->sk_ai)
159  {
160  s = format (s, "%USK_a i:%U\n%Ur:%U\n",
161  format_white_space, indent,
162  format_hex_bytes, sa->sk_ai, vec_len (sa->sk_ai),
163  format_white_space, indent + 6,
164  format_hex_bytes, sa->sk_ar, vec_len (sa->sk_ar));
165  }
166  s = format (s, "%USK_e i:%U\n%Ur:%U\n",
167  format_white_space, indent,
168  format_hex_bytes, sa->sk_ei, vec_len (sa->sk_ei),
169  format_white_space, indent + 6,
170  format_hex_bytes, sa->sk_er, vec_len (sa->sk_er));
171  s = format (s, "%USK_p i:%U\n%Ur:%U\n",
172  format_white_space, indent,
173  format_hex_bytes, sa->sk_pi, vec_len (sa->sk_pi),
174  format_white_space, indent + 6,
175  format_hex_bytes, sa->sk_pr, vec_len (sa->sk_pr));
176 
177  s = format (s, "%Uidentifier (i) %U\n",
178  format_white_space, indent,
179  format_ikev2_id_type_and_data, &sa->i_id);
180  s = format (s, "%Uidentifier (r) %U\n",
181  format_white_space, indent,
182  format_ikev2_id_type_and_data, &sa->r_id);
183 
184  vec_foreach (child, sa->childs)
185  {
186  s = format (s, "%U%U", format_white_space, indent + 2,
187  format_ikev2_child_sa, child, child - sa->childs);
188  }
189 
190  return s;
191 }
192 
193 static clib_error_t *
194 show_ikev2_sa_command_fn (vlib_main_t * vm,
195  unformat_input_t * input, vlib_cli_command_t * cmd)
196 {
197  unformat_input_t _line_input, *line_input = &_line_input;
198  ikev2_main_t *km = &ikev2_main;
199  ikev2_main_per_thread_data_t *tkm;
200  ikev2_sa_t *sa;
201  u64 rspi;
202  u8 *s = 0;
203  int details = 0, show_one = 0;
204 
205  if (unformat_user (input, unformat_line_input, line_input))
206  {
207  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
208  {
209  if (unformat (line_input, "rspi %lx", &rspi))
210  {
211  show_one = 1;
212  }
213  else if (unformat (line_input, "details"))
214  details = 1;
215  else
216  break;
217  }
218  unformat_free (line_input);
219  }
220 
221  vec_foreach (tkm, km->per_thread_data)
222  {
223  /* *INDENT-OFF* */
224  pool_foreach (sa, tkm->sas, ({
225  if (show_one)
226  {
227  if (sa->rspi == rspi)
228  {
229  s = format (s, "%U\n", format_ikev2_sa, sa, 1);
230  break;
231  }
232  }
233  else
234  s = format (s, "%U\n", format_ikev2_sa, sa, details);
235  }));
236  /* *INDENT-ON* */
237  }
238 
239  vlib_cli_output (vm, "%v", s);
240  vec_free (s);
241  return 0;
242 }
243 
244 /* *INDENT-OFF* */
245 VLIB_CLI_COMMAND (show_ikev2_sa_command, static) = {
246  .path = "show ikev2 sa",
247  .short_help = "show ikev2 sa [rspi <rspi>] [details]",
248  .function = show_ikev2_sa_command_fn,
249 };
250 /* *INDENT-ON* */
251 
252 static clib_error_t *
253 ikev2_disable_dpd_command_fn (vlib_main_t * vm,
254  unformat_input_t * input,
255  vlib_cli_command_t * cmd)
256 {
257  ikev2_disable_dpd ();
258  return 0;
259 }
260 
261 /* *INDENT-OFF* */
262 VLIB_CLI_COMMAND (ikev2_cli_disable_dpd_command, static) = {
263  .path = "ikev2 dpd disable",
264  .short_help = "ikev2 dpd disable",
265  .function = ikev2_disable_dpd_command_fn,
266 };
267 /* *INDENT-ON* */
268 
269 static uword
270 unformat_ikev2_token (unformat_input_t * input, va_list * va)
271 {
272  u8 **string_return = va_arg (*va, u8 **);
273  const char *token_chars = "a-zA-Z0-9_";
274  if (*string_return)
275  {
276  /* if string_return was already allocated (eg. because of a previous
277  * partial match with a successful unformat_token()), we must free it
278  * before reusing the pointer, otherwise we'll be leaking memory
279  */
280  vec_free (*string_return);
281  *string_return = 0;
282  }
283  return unformat_user (input, unformat_token, token_chars, string_return);
284 }
285 
286 static clib_error_t *
287 ikev2_profile_add_del_command_fn (vlib_main_t * vm,
288  unformat_input_t * input,
289  vlib_cli_command_t * cmd)
290 {
291  vnet_main_t *vnm = vnet_get_main ();
292  unformat_input_t _line_input, *line_input = &_line_input;
293  u8 *name = 0;
294  clib_error_t *r = 0;
295  u32 id_type;
296  u8 *data = 0;
297  u32 tmp1, tmp2, tmp3;
298  u64 tmp4, tmp5;
299  ip_address_t ip, end_addr;
300  u32 responder_sw_if_index = (u32) ~ 0;
301  u32 tun_sw_if_index = (u32) ~ 0;
302  ikev2_transform_encr_type_t crypto_alg;
303  ikev2_transform_integ_type_t integ_alg;
304  ikev2_transform_dh_type_t dh_type;
305 
306  if (!unformat_user (input, unformat_line_input, line_input))
307  return 0;
308 
309  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
310  {
311  if (unformat (line_input, "add %U", unformat_ikev2_token, &name))
312  {
313  r = ikev2_add_del_profile (vm, name, 1);
314  goto done;
315  }
316  else if (unformat (line_input, "del %U", unformat_ikev2_token, &name))
317  {
318  r = ikev2_add_del_profile (vm, name, 0);
319  goto done;
320  }
321  else if (unformat (line_input, "set %U auth shared-key-mic string %v",
322  unformat_ikev2_token, &name, &data))
323  {
324  r =
325  ikev2_set_profile_auth (vm, name,
326  IKEV2_AUTH_METHOD_SHARED_KEY_MIC, data,
327  0);
328  goto done;
329  }
330  else if (unformat (line_input, "set %U auth shared-key-mic hex %U",
331  unformat_ikev2_token, &name,
332  unformat_hex_string, &data))
333  {
334  r =
335  ikev2_set_profile_auth (vm, name,
336  IKEV2_AUTH_METHOD_SHARED_KEY_MIC, data,
337  1);
338  goto done;
339  }
340  else if (unformat (line_input, "set %U auth rsa-sig cert-file %v",
341  unformat_ikev2_token, &name, &data))
342  {
343  r =
344  ikev2_set_profile_auth (vm, name, IKEV2_AUTH_METHOD_RSA_SIG, data,
345  0);
346  goto done;
347  }
348  else if (unformat (line_input, "set %U id local %U %U",
349  unformat_ikev2_token, &name,
350  unformat_ikev2_id_type, &id_type,
351  unformat_ip_address, &ip))
352  {
353  data = vec_new (u8, ip_address_size (&ip));
354  clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
355  r =
356  ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
357  goto done;
358  }
359  else if (unformat (line_input, "set %U id local %U 0x%U",
360  unformat_ikev2_token, &name,
361  unformat_ikev2_id_type, &id_type,
362  unformat_hex_string, &data))
363  {
364  r =
365  ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
366  goto done;
367  }
368  else if (unformat (line_input, "set %U id local %U %v",
369  unformat_ikev2_token, &name,
370  unformat_ikev2_id_type, &id_type, &data))
371  {
372  r =
373  ikev2_set_profile_id (vm, name, (u8) id_type, data, /*local */ 1);
374  goto done;
375  }
376  else if (unformat (line_input, "set %U id remote %U %U",
377  unformat_ikev2_token, &name,
378  unformat_ikev2_id_type, &id_type,
379  unformat_ip_address, &ip))
380  {
381  data = vec_new (u8, ip_address_size (&ip));
382  clib_memcpy (data, ip_addr_bytes (&ip), ip_address_size (&ip));
383  r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
384  0);
385  goto done;
386  }
387  else if (unformat (line_input, "set %U id remote %U 0x%U",
388  unformat_ikev2_token, &name,
389  unformat_ikev2_id_type, &id_type,
390  unformat_hex_string, &data))
391  {
392  r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
393  0);
394  goto done;
395  }
396  else if (unformat (line_input, "set %U id remote %U %v",
397  unformat_ikev2_token, &name,
398  unformat_ikev2_id_type, &id_type, &data))
399  {
400  r = ikev2_set_profile_id (vm, name, (u8) id_type, data, /*remote */
401  0);
402  goto done;
403  }
404  else if (unformat (line_input, "set %U traffic-selector local "
405  "ip-range %U - %U port-range %u - %u protocol %u",
406  unformat_ikev2_token, &name,
407  unformat_ip_address, &ip,
408  unformat_ip_address, &end_addr, &tmp1, &tmp2, &tmp3))
409  {
410  r =
411  ikev2_set_profile_ts (vm, name, (u8) tmp3, (u16) tmp1, (u16) tmp2,
412  ip, end_addr, /*local */ 1);
413  goto done;
414  }
415  else if (unformat (line_input, "set %U traffic-selector remote "
416  "ip-range %U - %U port-range %u - %u protocol %u",
417  unformat_ikev2_token, &name,
418  unformat_ip_address, &ip,
419  unformat_ip_address, &end_addr, &tmp1, &tmp2, &tmp3))
420  {
421  r =
422  ikev2_set_profile_ts (vm, name, (u8) tmp3, (u16) tmp1, (u16) tmp2,
423  ip, end_addr, /*remote */ 0);
424  goto done;
425  }
426  else if (unformat (line_input, "set %U responder %U %U",
427  unformat_ikev2_token, &name,
428  unformat_vnet_sw_interface, vnm,
429  &responder_sw_if_index, unformat_ip_address, &ip))
430  {
431  r =
432  ikev2_set_profile_responder (vm, name, responder_sw_if_index, ip);
433  goto done;
434  }
435  else if (unformat (line_input, "set %U tunnel %U",
436  unformat_ikev2_token, &name,
437  unformat_vnet_sw_interface, vnm, &tun_sw_if_index))
438  {
439  r = ikev2_set_profile_tunnel_interface (vm, name, tun_sw_if_index);
440  goto done;
441  }
442  else
443  if (unformat
444  (line_input,
445  "set %U ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U",
446  unformat_ikev2_token, &name,
447  unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
448  unformat_ikev2_transform_integ_type, &integ_alg,
449  unformat_ikev2_transform_dh_type, &dh_type))
450  {
451  r =
452  ikev2_set_profile_ike_transforms (vm, name, crypto_alg, integ_alg,
453  dh_type, tmp1);
454  goto done;
455  }
456  else
457  if (unformat
458  (line_input,
459  "set %U ike-crypto-alg %U %u ike-dh %U",
460  unformat_ikev2_token, &name,
461  unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
462  unformat_ikev2_transform_dh_type, &dh_type))
463  {
464  r =
465  ikev2_set_profile_ike_transforms (vm, name, crypto_alg,
466  IKEV2_TRANSFORM_INTEG_TYPE_NONE,
467  dh_type, tmp1);
468  goto done;
469  }
470  else
471  if (unformat
472  (line_input,
473  "set %U esp-crypto-alg %U %u esp-integ-alg %U",
474  unformat_ikev2_token, &name,
475  unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1,
476  unformat_ikev2_transform_integ_type, &integ_alg))
477  {
478  r =
479  ikev2_set_profile_esp_transforms (vm, name, crypto_alg, integ_alg,
480  tmp1);
481  goto done;
482  }
483  else if (unformat
484  (line_input,
485  "set %U esp-crypto-alg %U %u",
486  unformat_ikev2_token, &name,
487  unformat_ikev2_transform_encr_type, &crypto_alg, &tmp1))
488  {
489  r =
490  ikev2_set_profile_esp_transforms (vm, name, crypto_alg, 0, tmp1);
491  goto done;
492  }
493  else if (unformat (line_input, "set %U sa-lifetime %lu %u %u %lu",
494  unformat_ikev2_token, &name,
495  &tmp4, &tmp1, &tmp2, &tmp5))
496  {
497  r =
498  ikev2_set_profile_sa_lifetime (vm, name, tmp4, tmp1, tmp2, tmp5);
499  goto done;
500  }
501  else if (unformat (line_input, "set %U udp-encap",
502  unformat_ikev2_token, &name))
503  {
504  r = ikev2_set_profile_udp_encap (vm, name);
505  goto done;
506  }
507  else if (unformat (line_input, "set %U ipsec-over-udp port %u",
508  unformat_ikev2_token, &name, &tmp1))
509  {
510  int rv = ikev2_set_profile_ipsec_udp_port (vm, name, tmp1, 1);
511  if (rv)
512  r = clib_error_return (0, "Error: %U", format_vnet_api_errno, rv);
513  goto done;
514  }
515  else if (unformat (line_input, "set %U disable natt",
516  unformat_ikev2_token, &name))
517  {
518  r = ikev2_profile_natt_disable (name);
519  goto done;
520  }
521  else
522  break;
523  }
524 
525  r = clib_error_return (0, "parse error: '%U'",
526  format_unformat_error, line_input);
527 
528 done:
529  vec_free (name);
530  vec_free (data);
531  unformat_free (line_input);
532  return r;
533 }
534 
535 /* *INDENT-OFF* */
536 VLIB_CLI_COMMAND (ikev2_profile_add_del_command, static) = {
537  .path = "ikev2 profile",
538  .short_help =
539  "ikev2 profile [add|del] <id>\n"
540  "ikev2 profile set <id> auth [rsa-sig|shared-key-mic] [cert-file|string|hex]"
541  " <data>\n"
542  "ikev2 profile set <id> id <local|remote> <type> <data>\n"
543  "ikev2 profile set <id> tunnel <interface>\n"
544  "ikev2 profile set <id> udp-encap\n"
545  "ikev2 profile set <id> traffic-selector <local|remote> ip-range "
546  "<start-addr> - <end-addr> port-range <start-port> - <end-port> "
547  "protocol <protocol-number>\n"
548  "ikev2 profile set <id> responder <interface> <addr>\n"
549  "ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>\n"
550  "ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> "
551  "[esp-integ-alg <integ alg>]\n"
552  "ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>"
553  "ikev2 profile set <id> disable natt\n",
554  .function = ikev2_profile_add_del_command_fn,
555 };
556 /* *INDENT-ON* */
557 
558 static clib_error_t *
559 show_ikev2_profile_command_fn (vlib_main_t * vm,
560  unformat_input_t * input,
561  vlib_cli_command_t * cmd)
562 {
563  ikev2_main_t *km = &ikev2_main;
564  ikev2_profile_t *p;
565 
566  /* *INDENT-OFF* */
567  pool_foreach (p, km->profiles, ({
568  vlib_cli_output(vm, "profile %v", p->name);
569 
570  if (p->auth.data)
571  {
572  if (p->auth.hex)
573  vlib_cli_output(vm, " auth-method %U auth data 0x%U",
574  format_ikev2_auth_method, p->auth.method,
575  format_hex_bytes, p->auth.data, vec_len(p->auth.data));
576  else
577  vlib_cli_output(vm, " auth-method %U auth data %v",
578  format_ikev2_auth_method, p->auth.method, p->auth.data);
579  }
580 
581  if (p->loc_id.data)
582  {
583  if (p->loc_id.type == IKEV2_ID_TYPE_ID_IPV4_ADDR)
584  vlib_cli_output(vm, " local id-type %U data %U",
585  format_ikev2_id_type, p->loc_id.type,
586  format_ip_address, p->loc_id.data);
587  else if (p->loc_id.type == IKEV2_ID_TYPE_ID_KEY_ID)
588  vlib_cli_output(vm, " local id-type %U data 0x%U",
589  format_ikev2_id_type, p->loc_id.type,
590  format_hex_bytes, p->loc_id.data,
591  vec_len(p->loc_id.data));
592  else
593  vlib_cli_output(vm, " local id-type %U data %v",
594  format_ikev2_id_type, p->loc_id.type, p->loc_id.data);
595  }
596 
597  if (p->rem_id.data)
598  {
599  if (p->rem_id.type == IKEV2_ID_TYPE_ID_IPV4_ADDR)
600  vlib_cli_output(vm, " remote id-type %U data %U",
601  format_ikev2_id_type, p->rem_id.type,
602  format_ip_address, p->rem_id.data);
603  else if (p->rem_id.type == IKEV2_ID_TYPE_ID_KEY_ID)
604  vlib_cli_output(vm, " remote id-type %U data 0x%U",
605  format_ikev2_id_type, p->rem_id.type,
606  format_hex_bytes, p->rem_id.data,
607  vec_len(p->rem_id.data));
608  else
609  vlib_cli_output(vm, " remote id-type %U data %v",
610  format_ikev2_id_type, p->rem_id.type, p->rem_id.data);
611  }
612 
613  if (!ip_address_is_zero (&p->loc_ts.start_addr))
614  vlib_cli_output(vm, " local traffic-selector addr %U - %U port %u - %u"
615  " protocol %u",
616  format_ip_address, &p->loc_ts.start_addr,
617  format_ip_address, &p->loc_ts.end_addr,
618  p->loc_ts.start_port, p->loc_ts.end_port,
619  p->loc_ts.protocol_id);
620 
621  if (!ip_address_is_zero (&p->rem_ts.start_addr))
622  vlib_cli_output(vm, " remote traffic-selector addr %U - %U port %u - %u"
623  " protocol %u",
624  format_ip_address, &p->rem_ts.start_addr,
625  format_ip_address, &p->rem_ts.end_addr,
626  p->rem_ts.start_port, p->rem_ts.end_port,
627  p->rem_ts.protocol_id);
628  if (~0 != p->tun_itf)
629  vlib_cli_output(vm, " protected tunnel %U",
630  format_vnet_sw_if_index_name, vnet_get_main(), p->tun_itf);
631  if (~0 != p->responder.sw_if_index)
632  vlib_cli_output(vm, " responder %U %U",
633  format_vnet_sw_if_index_name, vnet_get_main(), p->responder.sw_if_index,
634  format_ip_address, &p->responder.addr);
635  if (p->udp_encap)
636  vlib_cli_output(vm, " udp-encap");
637 
638  if (p->natt_disabled)
639  vlib_cli_output(vm, " NAT-T disabled");
640 
641  if (p->ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
642  vlib_cli_output(vm, " ipsec-over-udp port %d", p->ipsec_over_udp_port);
643 
644  if (p->ike_ts.crypto_alg || p->ike_ts.integ_alg || p->ike_ts.dh_type || p->ike_ts.crypto_key_size)
645  vlib_cli_output(vm, " ike-crypto-alg %U %u ike-integ-alg %U ike-dh %U",
646  format_ikev2_transform_encr_type, p->ike_ts.crypto_alg, p->ike_ts.crypto_key_size,
647  format_ikev2_transform_integ_type, p->ike_ts.integ_alg,
648  format_ikev2_transform_dh_type, p->ike_ts.dh_type);
649 
650  if (p->esp_ts.crypto_alg || p->esp_ts.integ_alg || p->esp_ts.dh_type)
651  vlib_cli_output(vm, " esp-crypto-alg %U %u esp-integ-alg %U",
652  format_ikev2_transform_encr_type, p->esp_ts.crypto_alg, p->esp_ts.crypto_key_size,
653  format_ikev2_transform_integ_type, p->esp_ts.integ_alg);
654 
655  vlib_cli_output(vm, " lifetime %d jitter %d handover %d maxdata %d",
656  p->lifetime, p->lifetime_jitter, p->handover, p->lifetime_maxdata);
657  }));
658  /* *INDENT-ON* */
659 
660  return 0;
661 }
662 
663 /* *INDENT-OFF* */
664 VLIB_CLI_COMMAND (show_ikev2_profile_command, static) = {
665  .path = "show ikev2 profile",
666  .short_help = "show ikev2 profile",
667  .function = show_ikev2_profile_command_fn,
668 };
669 /* *INDENT-ON* */
670 
671 static clib_error_t *
672 set_ikev2_liveness_period_fn (vlib_main_t * vm,
673  unformat_input_t * input,
674  vlib_cli_command_t * cmd)
675 {
676  unformat_input_t _line_input, *line_input = &_line_input;
677  clib_error_t *r = 0;
678  u32 period = 0, max_retries = 0;
679 
680  if (!unformat_user (input, unformat_line_input, line_input))
681  return 0;
682 
683  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
684  {
685  if (unformat (line_input, "%d %d", &period, &max_retries))
686  {
687  r = ikev2_set_liveness_params (period, max_retries);
688  goto done;
689  }
690  else
691  break;
692  }
693 
694  r = clib_error_return (0, "parse error: '%U'",
695  format_unformat_error, line_input);
696 
697 done:
698  unformat_free (line_input);
699  return r;
700 }
701 
702 /* *INDENT-OFF* */
703 VLIB_CLI_COMMAND (set_ikev2_liveness_command, static) = {
704  .path = "ikev2 set liveness",
705  .short_help = "ikev2 set liveness <period> <max-retires>",
706  .function = set_ikev2_liveness_period_fn,
707 };
708 /* *INDENT-ON* */
709 
710 static clib_error_t *
711 set_ikev2_local_key_command_fn (vlib_main_t * vm,
712  unformat_input_t * input,
713  vlib_cli_command_t * cmd)
714 {
715  unformat_input_t _line_input, *line_input = &_line_input;
716  clib_error_t *r = 0;
717  u8 *data = 0;
718 
719  if (!unformat_user (input, unformat_line_input, line_input))
720  return 0;
721 
722  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
723  {
724  if (unformat (line_input, "%s", &data))
725  {
726  r = ikev2_set_local_key (vm, data);
727  goto done;
728  }
729  else
730  break;
731  }
732 
733  r = clib_error_return (0, "parse error: '%U'",
734  format_unformat_error, line_input);
735 
736 done:
737  vec_free (data);
738  unformat_free (line_input);
739  return r;
740 }
741 
742 /* *INDENT-OFF* */
743 VLIB_CLI_COMMAND (set_ikev2_local_key_command, static) = {
744  .path = "set ikev2 local key",
745  .short_help =
746  "set ikev2 local key <file>",
747  .function = set_ikev2_local_key_command_fn,
748 };
749 /* *INDENT-ON* */
750 
751 
752 static clib_error_t *
753 ikev2_initiate_command_fn (vlib_main_t * vm,
754  unformat_input_t * input, vlib_cli_command_t * cmd)
755 {
756  unformat_input_t _line_input, *line_input = &_line_input;
757  clib_error_t *r = 0;
758  u8 *name = 0;
759  u32 tmp1;
760  u64 tmp2;
761 
762  if (!unformat_user (input, unformat_line_input, line_input))
763  return 0;
764 
765  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
766  {
767  if (unformat (line_input, "sa-init %U", unformat_ikev2_token, &name))
768  {
769  r = ikev2_initiate_sa_init (vm, name);
770  goto done;
771  }
772  else if (unformat (line_input, "del-child-sa %x", &tmp1))
773  {
774  r = ikev2_initiate_delete_child_sa (vm, tmp1);
775  goto done;
776  }
777  else if (unformat (line_input, "del-sa %lx", &tmp2))
778  {
779  r = ikev2_initiate_delete_ike_sa (vm, tmp2);
780  goto done;
781  }
782  else if (unformat (line_input, "rekey-child-sa %x", &tmp1))
783  {
784  r = ikev2_initiate_rekey_child_sa (vm, tmp1);
785  goto done;
786  }
787  else
788  break;
789  }
790 
791  r = clib_error_return (0, "parse error: '%U'",
792  format_unformat_error, line_input);
793 
794 done:
795  vec_free (name);
796  unformat_free (line_input);
797  return r;
798 }
799 
800 /* *INDENT-OFF* */
801 VLIB_CLI_COMMAND (ikev2_initiate_command, static) = {
802  .path = "ikev2 initiate",
803  .short_help =
804  "ikev2 initiate sa-init <profile id>\n"
805  "ikev2 initiate del-child-sa <child sa ispi>\n"
806  "ikev2 initiate del-sa <sa ispi>\n"
807  "ikev2 initiate rekey-child-sa <child sa ispi>\n",
808  .function = ikev2_initiate_command_fn,
809 };
810 /* *INDENT-ON* */
811 
812 void
813 ikev2_cli_reference (void)
814 {
815 }
816 
817 static clib_error_t *
818 ikev2_set_log_level_command_fn (vlib_main_t * vm,
819  unformat_input_t * input,
820  vlib_cli_command_t * cmd)
821 {
822  unformat_input_t _line_input, *line_input = &_line_input;
823  u32 log_level = IKEV2_LOG_NONE;
824  clib_error_t *error = 0;
825 
826  /* Get a line of input. */
827  if (!unformat_user (input, unformat_line_input, line_input))
828  return 0;
829 
830  if (!unformat (line_input, "%d", &log_level))
831  {
832  error = clib_error_return (0, "unknown input '%U'",
833  format_unformat_error, line_input);
834  goto done;
835  }
836  int rc = ikev2_set_log_level (log_level);
837  if (rc < 0)
838  error = clib_error_return (0, "setting log level failed!");
839 
840 done:
841  unformat_free (line_input);
842  return error;
843 }
844 
845 /* *INDENT-OFF* */
846 VLIB_CLI_COMMAND (ikev2_set_log_level_command, static) = {
847  .path = "ikev2 set logging level",
848  .function = ikev2_set_log_level_command_fn,
849  .short_help = "ikev2 set logging level <0-5>",
850 };
851 /* *INDENT-ON* */
852 
853 /*
854  * fd.io coding-style-patch-verification: ON
855  *
856  * Local Variables:
857  * eval: (c-set-style "gnu")
858  * End:
859  */
ikev2_main_t::per_thread_data
ikev2_main_per_thread_data_t * per_thread_data
Definition: ikev2_priv.h:493
ikev2_profile_natt_disable
clib_error_t * ikev2_profile_natt_disable(u8 *name)
Definition: ikev2.c:4812
ikev2_profile_t
Definition: ikev2_priv.h:330
end_addr
vl_api_address_t end_addr
Definition: ikev2_types.api:38
unformat_token
unformat_function_t unformat_token
Definition: format.h:286
format_ikev2_id_type_and_data
u8 * format_ikev2_id_type_and_data(u8 *s, va_list *args)
Definition: ikev2_cli.c:25
ikev2_sa_t::r_id
ikev2_id_t r_id
Definition: ikev2_priv.h:406
ikev2_id_t::type
ikev2_id_type_t type
Definition: ikev2_priv.h:273
ikev2_profile_t::ike_ts
ikev2_transforms_set ike_ts
Definition: ikev2_priv.h:340
ikev2_ts_t::end_addr
ip_address_t end_addr
Definition: ikev2_priv.h:253
ikev2_profile_t::lifetime
u64 lifetime
Definition: ikev2_priv.h:342
ikev2_transform_integ_type_t
ikev2_transform_integ_type_t
Definition: ikev2.h:282
ikev2_add_del_profile
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
Definition: ikev2.c:3802
vnet_get_main
vnet_main_t * vnet_get_main(void)
Definition: misc.c:46
ikev2_ts_t::ts_type
ikev2_traffic_selector_type_t ts_type
Definition: ikev2_priv.h:247
ikev2_set_profile_udp_encap
clib_error_t * ikev2_set_profile_udp_encap(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:4098
unformat_ikev2_transform_encr_type
uword unformat_ikev2_transform_encr_type(unformat_input_t *input, va_list *args)
ikev2_child_sa_t
Definition: ikev2_priv.h:277
ikev2_transforms_set::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:266
ikev2_main_t::profiles
ikev2_profile_t * profiles
Definition: ikev2_priv.h:473
u64
unsigned long u64
Definition: types.h:89
ikev2_id_t
Definition: ikev2_priv.h:271
ikev2_initiate_delete_ike_sa
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
Definition: ikev2.c:4430
ikev2_ts_t
Definition: ikev2_priv.h:245
format_ikev2_sa_transform
u8 * format_ikev2_sa_transform(u8 *s, va_list *args)
Definition: ikev2_format.c:25
unformat_hex_string
unformat_function_t unformat_hex_string
Definition: format.h:289
unformat_ikev2_id_type
uword unformat_ikev2_id_type(unformat_input_t *input, va_list *args)
ikev2_responder_t::addr
ip_address_t addr
Definition: ikev2_priv.h:259
ikev2_sa_proposal_t::spi
u32 spi
Definition: ikev2_priv.h:241
ikev2_transforms_set::crypto_key_size
u32 crypto_key_size
Definition: ikev2_priv.h:267
ikev2_transforms_set::crypto_alg
ikev2_transform_encr_type_t crypto_alg
Definition: ikev2_priv.h:264
ip_address_size
u16 ip_address_size(const ip_address_t *a)
Definition: ip_types.c:84
ikev2_set_profile_tunnel_interface
clib_error_t * ikev2_set_profile_tunnel_interface(vlib_main_t *vm, u8 *name, u32 sw_if_index)
Definition: ikev2.c:4045
set_ikev2_liveness_period_fn
static clib_error_t * set_ikev2_liveness_period_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:672
ikev2_sa_t::sk_pi
u8 * sk_pi
Definition: ikev2_priv.h:397
unformat_user
uword unformat_user(unformat_input_t *input, unformat_function_t *func,...)
Definition: unformat.c:989
format_get_indent
static u32 format_get_indent(u8 *s)
Definition: format.h:72
vm
vlib_main_t * vm
Definition: in2out_ed.c:1582
ikev2_set_profile_sa_lifetime
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
Definition: ikev2.c:4114
format
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
unformat_vnet_sw_interface
unformat_function_t unformat_vnet_sw_interface
Definition: interface_funcs.h:450
ikev2_profile_t::lifetime_maxdata
u64 lifetime_maxdata
Definition: ikev2_priv.h:343
ikev2_set_liveness_params
clib_error_t * ikev2_set_liveness_params(u32 period, u32 max_retries)
Definition: ikev2.c:4799
ikev2_sa_t::iaddr
ip_address_t iaddr
Definition: ikev2_priv.h:373
ikev2_profile_t::ipsec_over_udp_port
u16 ipsec_over_udp_port
Definition: ikev2_priv.h:346
format_vnet_sw_if_index_name
format_function_t format_vnet_sw_if_index_name
Definition: interface_funcs.h:446
u8
unsigned char u8
Definition: types.h:56
ikev2_set_profile_ipsec_udp_port
vnet_api_error_t ikev2_set_profile_ipsec_udp_port(vlib_main_t *vm, u8 *name, u16 port, u8 is_set)
Definition: ikev2.c:4065
data
u8 data[128]
Definition: ipsec_types.api:89
ikev2_sa_get_td_for_type
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:252
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:180
ikev2_profile_t::rem_id
ikev2_id_t rem_id
Definition: ikev2_priv.h:336
ikev2_sa_t::sk_d
u8 * sk_d
Definition: ikev2_priv.h:392
ikev2_transform_dh_type_t
ikev2_transform_dh_type_t
Definition: ikev2.h:332
log_level
log_level
Definition: vpe_types.api:32
ikev2_main_t
Definition: ikev2_priv.h:470
show_ikev2_sa_command_fn
static clib_error_t * show_ikev2_sa_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:194
pool_foreach
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
Definition: pool.h:513
ikev2_child_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:281
ikev2_profile_t::lifetime_jitter
u32 lifetime_jitter
Definition: ikev2_priv.h:344
ikev2_initiate_sa_init
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:4165
unformat_ikev2_transform_dh_type
uword unformat_ikev2_transform_dh_type(unformat_input_t *input, va_list *args)
vec_new
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:350
format_white_space
u8 * format_white_space(u8 *s, va_list *va)
Definition: std-formats.c:129
ikev2_set_profile_auth
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
Definition: ikev2.c:3838
format_ikev2_child_sa
static u8 * format_ikev2_child_sa(u8 *s, va_list *va)
Definition: ikev2_cli.c:66
ikev2_profile_t::tun_itf
u32 tun_itf
Definition: ikev2_priv.h:348
format_ikev2_traffic_selector
static u8 * format_ikev2_traffic_selector(u8 *s, va_list *va)
Definition: ikev2_cli.c:50
format_hex_bytes
u8 * format_hex_bytes(u8 *s, va_list *va)
Definition: std-formats.c:84
clib_error_return
#define clib_error_return(e, args...)
Definition: error.h:99
ikev2_disable_dpd_command_fn
static clib_error_t * ikev2_disable_dpd_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:253
ikev2_main_per_thread_data_t::sas
ikev2_sa_t * sas
Definition: ikev2_priv.h:457
ikev2_transforms_set::integ_alg
ikev2_transform_integ_type_t integ_alg
Definition: ikev2_priv.h:265
ikev2_id_t::data
u8 * data
Definition: ikev2_priv.h:274
u32
unsigned int u32
Definition: types.h:88
ikev2_child_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:291
ikev2_set_profile_esp_transforms
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, u32 crypto_key_size)
Definition: ikev2.c:4022
ikev2_profile_t::loc_id
ikev2_id_t loc_id
Definition: ikev2_priv.h:335
ikev2_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:394
ikev2_child_sa_t::sk_ar
u8 * sk_ar
Definition: ikev2_priv.h:289
unformat_line_input
unformat_function_t unformat_line_input
Definition: format.h:283
ikev2_profile_t::responder
ikev2_responder_t responder
Definition: ikev2_priv.h:339
ikev2_set_log_level
int ikev2_set_log_level(ikev2_log_level_t log_level)
Definition: ikev2.c:4784
ikev2_set_profile_id
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
Definition: ikev2.c:3881
ikev2_main
ikev2_main_t ikev2_main
Definition: ikev2.c:36
integ_alg
u8 integ_alg
Definition: ikev2_types.api:59
ikev2_profile_t::rem_ts
ikev2_ts_t rem_ts
Definition: ikev2_priv.h:338
unformat_input_t
struct _unformat_input_t unformat_input_t
u16
unsigned short u16
Definition: types.h:57
ikev2_child_sa_t::i_proposals
ikev2_sa_proposal_t * i_proposals
Definition: ikev2_priv.h:280
ikev2_sa_t::r_nonce
u8 * r_nonce
Definition: ikev2_priv.h:378
ikev2_ts_t::end_port
u16 end_port
Definition: ikev2_priv.h:251
ikev2_profile_t::natt_disabled
u8 natt_disabled
Definition: ikev2_priv.h:350
ikev2_initiate_delete_child_sa
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:4390
ip_address_is_zero
bool ip_address_is_zero(const ip_address_t *ip)
Definition: ip_types.c:99
ikev2_sa_transform_t
Definition: ikev2_priv.h:213
unformat_ip_address
uword unformat_ip_address(unformat_input_t *input, va_list *args)
Definition: ip_types.c:41
format_vnet_api_errno
static u8 * format_vnet_api_errno(u8 *s, va_list *args)
Definition: api_errno.h:172
ikev2_sa_t::rspi
u64 rspi
Definition: ikev2_priv.h:376
ikev2_sa_t::i_nonce
u8 * i_nonce
Definition: ikev2_priv.h:377
ikev2_set_local_key
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
Definition: ikev2.c:3605
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:395
ip_address
Definition: ip_types.h:47
ikev2_sa_t::raddr
ip_address_t raddr
Definition: ikev2_priv.h:374
ikev2_initiate_rekey_child_sa
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:4513
ikev2_profile_t::udp_encap
u8 udp_encap
Definition: ikev2_priv.h:349
UNFORMAT_END_OF_INPUT
#define UNFORMAT_END_OF_INPUT
Definition: format.h:145
c
svmdb_client_t * c
Definition: vpp_get_metrics.c:49
ikev2_sa_t
Definition: ikev2_priv.h:368
ikev2_transform_encr_type_t
ikev2_transform_encr_type_t
Definition: ikev2.h:241
ikev2_child_sa_t::tsi
ikev2_ts_t * tsi
Definition: ikev2_priv.h:284
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:380
format_ip_address
u8 * format_ip_address(u8 *s, va_list *args)
Definition: ip_types.c:21
ikev2_child_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:290
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:396
ipsec_sa.h
name
string name[64]
Definition: ip.api:44
unformat_ikev2_token
static uword unformat_ikev2_token(unformat_input_t *input, va_list *va)
Definition: ikev2_cli.c:270
ikev2_profile_t::loc_ts
ikev2_ts_t loc_ts
Definition: ikev2_priv.h:337
ikev2_priv.h
format_ikev2_transform_encr_type
u8 * format_ikev2_transform_encr_type(u8 *s, va_list *args)
ikev2_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:389
VLIB_CLI_COMMAND
#define VLIB_CLI_COMMAND(x,...)
Definition: cli.h:158
rspi
u64 rspi
Definition: ikev2_types.api:137
vnet_main_t
Definition: vnet.h:54
ikev2_ts_t::protocol_id
u8 protocol_id
Definition: ikev2_priv.h:248
vlib_cli_output
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
Definition: cli.c:696
ikev2_main_per_thread_data_t
Definition: ikev2_priv.h:452
ikev2_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:393
unformat_ikev2_transform_integ_type
uword unformat_ikev2_transform_integ_type(unformat_input_t *input, va_list *args)
ikev2_profile_t::handover
u32 handover
Definition: ikev2_priv.h:345
ikev2_child_sa_t::sk_ai
u8 * sk_ai
Definition: ikev2_priv.h:288
format_ikev2_transform_dh_type
u8 * format_ikev2_transform_dh_type(u8 *s, va_list *args)
format_ikev2_sa
static u8 * format_ikev2_sa(u8 *s, va_list *va)
Definition: ikev2_cli.c:121
clib_error_t
Definition: clib_error.h:21
show_ikev2_profile_command_fn
static clib_error_t * show_ikev2_profile_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:559
format_ikev2_transform_integ_type
u8 * format_ikev2_transform_integ_type(u8 *s, va_list *args)
ip
vl_api_address_t ip
Definition: l2.api:501
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
ikev2_set_profile_responder
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip_address_t addr)
Definition: ikev2.c:3976
ikev2_ts_t::start_port
u16 start_port
Definition: ikev2_priv.h:250
ikev2_sa_t::sk_pr
u8 * sk_pr
Definition: ikev2_priv.h:398
vlib_main_t
Definition: main.h:120
uword
u64 uword
Definition: types.h:112
unformat_free
static void unformat_free(unformat_input_t *i)
Definition: format.h:163
ikev2_set_profile_ike_transforms
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:3997
ikev2_sa_t::i_id
ikev2_id_t i_id
Definition: ikev2_priv.h:405
index
u32 index
Definition: flow_types.api:221
vlib_cli_command_t
Definition: cli.h:91
ikev2_child_sa_t::tsr
ikev2_ts_t * tsr
Definition: ikev2_priv.h:285
ikev2_sa_t::childs
ikev2_child_sa_t * childs
Definition: ikev2_priv.h:438
set_ikev2_local_key_command_fn
static clib_error_t * set_ikev2_local_key_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:711
format_unformat_error
u8 * format_unformat_error(u8 *s, va_list *va)
Definition: unformat.c:91
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:212
ikev2_ts_t::start_addr
ip_address_t start_addr
Definition: ikev2_priv.h:252
ikev2_responder_t::sw_if_index
u32 sw_if_index
Definition: ikev2_priv.h:258
ikev2_sa_t::ispi
u64 ispi
Definition: ikev2_priv.h:375
ikev2_cli_reference
void ikev2_cli_reference(void)
Definition: ikev2_cli.c:813
ikev2_set_log_level_command_fn
static clib_error_t * ikev2_set_log_level_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:818
ikev2_profile_add_del_command_fn
static clib_error_t * ikev2_profile_add_del_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:287
ikev2_profile_t::esp_ts
ikev2_transforms_set esp_ts
Definition: ikev2_priv.h:341
ip_addr_bytes
u8 * ip_addr_bytes(ip_address_t *ip)
Definition: ip_types.c:146
ikev2_set_profile_ts
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip_address_t start_addr, ip_address_t end_addr, int is_local)
Definition: ikev2.c:3936
IPSEC_UDP_PORT_NONE
#define IPSEC_UDP_PORT_NONE
Definition: ipsec_sa.h:277
ikev2_initiate_command_fn
static clib_error_t * ikev2_initiate_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: ikev2_cli.c:753
unformat
uword unformat(unformat_input_t *i, const char *fmt,...)
Definition: unformat.c:978
format_ikev2_id_type
u8 * format_ikev2_id_type(u8 *s, va_list *args)
ikev2_disable_dpd
void ikev2_disable_dpd(void)
Definition: ikev2.c:4979
unformat_check_input
static uword unformat_check_input(unformat_input_t *i)
Definition: format.h:171