go.ligato.io/vpp-agent/v3@v3.5.0/plugins/vpp/ifplugin/vppcalls/vpp2101/ipsec_vppcalls.go (about)

     1  //  Copyright (c) 2019 Cisco and/or its affiliates.
     2  //
     3  //  Licensed under the Apache License, Version 2.0 (the "License");
     4  //  you may not use this file except in compliance with the License.
     5  //  You may obtain a copy of the License at:
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  //  Unless required by applicable law or agreed to in writing, software
    10  //  distributed under the License is distributed on an "AS IS" BASIS,
    11  //  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  //  See the License for the specific language governing permissions and
    13  //  limitations under the License.
    14  
    15  package vpp2101
    16  
    17  import (
    18  	"context"
    19  	"encoding/hex"
    20  
    21  	vpp_ipsec "go.ligato.io/vpp-agent/v3/plugins/vpp/binapi/vpp2101/ipsec"
    22  	ifs "go.ligato.io/vpp-agent/v3/proto/ligato/vpp/interfaces"
    23  )
    24  
    25  // AddIPSecTunnelInterface adds a new IPSec tunnel interface.
    26  func (h *InterfaceVppHandler) AddIPSecTunnelInterface(ctx context.Context, ifName string, ipSecLink *ifs.IPSecLink) (uint32, error) {
    27  	return h.tunnelIfAddDel(ctx, ifName, ipSecLink, true)
    28  }
    29  
    30  // DeleteIPSecTunnelInterface removes existing IPSec tunnel interface.
    31  func (h *InterfaceVppHandler) DeleteIPSecTunnelInterface(ctx context.Context, ifName string, idx uint32, ipSecLink *ifs.IPSecLink) error {
    32  	// Note: ifIdx is not used now, tunnel should be matched based on parameters
    33  	_, err := h.tunnelIfAddDel(ctx, ifName, ipSecLink, false)
    34  	return err
    35  }
    36  
    37  func (h *InterfaceVppHandler) tunnelIfAddDel(ctx context.Context, ifName string, ipSecLink *ifs.IPSecLink, isAdd bool) (uint32, error) {
    38  	localCryptoKey, err := hex.DecodeString(ipSecLink.LocalCryptoKey)
    39  	if err != nil {
    40  		return 0, err
    41  	}
    42  	remoteCryptoKey, err := hex.DecodeString(ipSecLink.RemoteCryptoKey)
    43  	if err != nil {
    44  		return 0, err
    45  	}
    46  	localIntegKey, err := hex.DecodeString(ipSecLink.LocalIntegKey)
    47  	if err != nil {
    48  		return 0, err
    49  	}
    50  	remoteIntegKey, err := hex.DecodeString(ipSecLink.RemoteIntegKey)
    51  	if err != nil {
    52  		return 0, err
    53  	}
    54  
    55  	localIP, err := IPToAddress(ipSecLink.LocalIp)
    56  	if err != nil {
    57  		return 0, err
    58  	}
    59  	remoteIP, err := IPToAddress(ipSecLink.RemoteIp)
    60  	if err != nil {
    61  		return 0, err
    62  	}
    63  
    64  	req := &vpp_ipsec.IpsecTunnelIfAddDel{
    65  		IsAdd:              isAdd,
    66  		Esn:                ipSecLink.Esn,
    67  		AntiReplay:         ipSecLink.AntiReplay,
    68  		LocalIP:            localIP,
    69  		RemoteIP:           remoteIP,
    70  		LocalSpi:           ipSecLink.LocalSpi,
    71  		RemoteSpi:          ipSecLink.RemoteSpi,
    72  		CryptoAlg:          uint8(ipSecLink.CryptoAlg),
    73  		LocalCryptoKey:     localCryptoKey,
    74  		LocalCryptoKeyLen:  uint8(len(localCryptoKey)),
    75  		RemoteCryptoKey:    remoteCryptoKey,
    76  		RemoteCryptoKeyLen: uint8(len(remoteCryptoKey)),
    77  		IntegAlg:           uint8(ipSecLink.IntegAlg),
    78  		LocalIntegKey:      localIntegKey,
    79  		LocalIntegKeyLen:   uint8(len(localIntegKey)),
    80  		RemoteIntegKey:     remoteIntegKey,
    81  		RemoteIntegKeyLen:  uint8(len(remoteIntegKey)),
    82  		UDPEncap:           ipSecLink.EnableUdpEncap,
    83  	}
    84  	reply, err := h.ipsec.IpsecTunnelIfAddDel(ctx, req)
    85  	if err != nil {
    86  		return 0, err
    87  	}
    88  
    89  	return uint32(reply.SwIfIndex), nil
    90  }