blob: dee9144dda1acafa4b13650bdfa0f120d1c7b040 [file] [log] [blame]
Neale Ranns17dcec02019-01-09 21:22:20 -08001/* Hey Emacs use -*- mode: C -*- */
Pavel Kotucek9c7ef032016-12-21 07:46:45 +01002/*
3 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Matthew Smith48d32b42020-04-02 07:45:49 -050017option version = "3.0.2";
Neale Ranns17dcec02019-01-09 21:22:20 -080018
Prashant Maheshwaridbf68c92019-11-14 12:42:59 +053019import "vnet/ipsec/ipsec_types.api";
Neale Rannsc87b66c2019-02-07 07:26:12 -080020import "vnet/interface_types.api";
Jakub Grajciar287d5e12020-02-28 08:26:32 +010021import "vnet/ip/ip_types.api";
22import "vnet/interface_types.api";
Dave Barach0d056e52017-09-28 15:11:16 -040023
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010024/** \brief IPsec: Add/delete Security Policy Database
25 @param client_index - opaque cookie to identify the sender
26 @param context - sender context, to match reply w/ request
27 @param is_add - add SPD if non-zero, else delete
28 @param spd_id - SPD instance id (control plane allocated)
29*/
30
Dave Barach11b8dbf2017-04-24 10:46:54 -040031autoreply define ipsec_spd_add_del
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010032{
33 u32 client_index;
34 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +010035 bool is_add;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010036 u32 spd_id;
37};
38
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010039/** \brief IPsec: Add/delete SPD from interface
40
41 @param client_index - opaque cookie to identify the sender
42 @param context - sender context, to match reply w/ request
43 @param is_add - add security mode if non-zero, else delete
44 @param sw_if_index - index of the interface
45 @param spd_id - SPD instance id to use for lookups
46*/
47
48
Dave Barach11b8dbf2017-04-24 10:46:54 -040049autoreply define ipsec_interface_add_del_spd
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010050{
51 u32 client_index;
52 u32 context;
53
Jakub Grajciar287d5e12020-02-28 08:26:32 +010054 bool is_add;
55 vl_api_interface_index_t sw_if_index;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010056 u32 spd_id;
57};
58
Neale Ranns17dcec02019-01-09 21:22:20 -080059
60enum ipsec_spd_action
61{
62 /* bypass - no IPsec processing */
63 IPSEC_API_SPD_ACTION_BYPASS = 0,
64 /* discard - discard packet with ICMP processing */
65 IPSEC_API_SPD_ACTION_DISCARD,
66 /* resolve - send request to control plane for SA resolving */
67 IPSEC_API_SPD_ACTION_RESOLVE,
68 /* protect - apply IPsec policy using following parameters */
69 IPSEC_API_SPD_ACTION_PROTECT,
70};
71
72/** \brief IPsec: Security Policy Database entry
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010073
74 See RFC 4301, 4.4.1.1 on how to match packet to selectors
75
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010076 @param spd_id - SPD instance id (control plane allocated)
77 @param priority - priority of SPD entry (non-unique value). Used to order SPD matching - higher priorities match before lower
78 @param is_outbound - entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010079 @param remote_address_start - start of remote address range to match
80 @param remote_address_stop - end of remote address range to match
81 @param local_address_start - start of local address range to match
82 @param local_address_stop - end of local address range to match
Neale Ranns17dcec02019-01-09 21:22:20 -080083 @param protocol - protocol type to match [0 means any] otherwise IANA value
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010084 @param remote_port_start - start of remote port range to match ...
85 @param remote_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
86 @param local_port_start - start of local port range to match ...
87 @param local_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
Neale Ranns17dcec02019-01-09 21:22:20 -080088 @param policy - action to perform on match
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010089 @param sa_id - SAD instance id (control plane allocated)
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010090*/
Neale Ranns17dcec02019-01-09 21:22:20 -080091typedef ipsec_spd_entry
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010092{
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010093 u32 spd_id;
94 i32 priority;
Jakub Grajciar287d5e12020-02-28 08:26:32 +010095 bool is_outbound;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010096
Neale Ranns17dcec02019-01-09 21:22:20 -080097 u32 sa_id;
98 vl_api_ipsec_spd_action_t policy;
Jakub Grajciar287d5e12020-02-28 08:26:32 +010099 /* Which protocol?? */
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100100 u8 protocol;
101
Neale Ranns17dcec02019-01-09 21:22:20 -0800102 // Selector
Neale Ranns17dcec02019-01-09 21:22:20 -0800103 vl_api_address_t remote_address_start;
104 vl_api_address_t remote_address_stop;
105 vl_api_address_t local_address_start;
106 vl_api_address_t local_address_stop;
107
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100108 u16 remote_port_start;
109 u16 remote_port_stop;
110 u16 local_port_start;
111 u16 local_port_stop;
Neale Ranns17dcec02019-01-09 21:22:20 -0800112};
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100113
Neale Ranns17dcec02019-01-09 21:22:20 -0800114/** \brief IPsec: Add/delete Security Policy Database entry
115
116 @param client_index - opaque cookie to identify the sender
117 @param context - sender context, to match reply w/ request
118 @param is_add - add SPD if non-zero, else delete
119 @param entry - Description of the entry to add/dell
120*/
Neale Rannsa09c1ff2019-02-04 01:10:30 -0800121define ipsec_spd_entry_add_del
Neale Ranns17dcec02019-01-09 21:22:20 -0800122{
123 u32 client_index;
124 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100125 bool is_add;
Neale Ranns17dcec02019-01-09 21:22:20 -0800126 vl_api_ipsec_spd_entry_t entry;
127};
128
Neale Rannsa09c1ff2019-02-04 01:10:30 -0800129/** \brief IPsec: Reply Add/delete Security Policy Database entry
130
131 @param context - sender context, to match reply w/ request
132 @param retval - success/fail rutrun code
133 @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
134*/
135define ipsec_spd_entry_add_del_reply
136{
137 u32 context;
138 i32 retval;
139 u32 stat_index;
140};
141
Neale Ranns17dcec02019-01-09 21:22:20 -0800142/** \brief Dump IPsec all SPD IDs
143 @param client_index - opaque cookie to identify the sender
144 @param context - sender context, to match reply w/ request
145*/
146define ipsec_spds_dump {
147 u32 client_index;
148 u32 context;
149};
150
151/** \brief Dump IPsec all SPD IDs response
152 @param client_index - opaque cookie to identify the sender
153 @param spd_id - SPD instance id (control plane allocated)
154 @param npolicies - number of policies in SPD
155*/
156define ipsec_spds_details {
157 u32 context;
158 u32 spd_id;
159 u32 npolicies;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100160};
Neale Ranns17dcec02019-01-09 21:22:20 -0800161
162/** \brief Dump ipsec policy database data
163 @param client_index - opaque cookie to identify the sender
164 @param context - sender context, to match reply w/ request
165 @param spd_id - SPD instance id
166 @param sa_id - SA id, optional, set to ~0 to see all policies in SPD
167*/
168define ipsec_spd_dump {
169 u32 client_index;
170 u32 context;
171 u32 spd_id;
172 u32 sa_id;
173};
174
175/** \brief IPsec policy database response
176 @param context - sender context which was passed in the request
177 €param entry - The SPD entry.
178 @param bytes - byte count of packets matching this policy
179 @param packets - count of packets matching this policy
180*/
181define ipsec_spd_details {
182 u32 context;
183 vl_api_ipsec_spd_entry_t entry;
Neale Ranns17dcec02019-01-09 21:22:20 -0800184};
185
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100186/** \brief IPsec: Add/delete Security Association Database entry
187 @param client_index - opaque cookie to identify the sender
188 @param context - sender context, to match reply w/ request
Neale Ranns17dcec02019-01-09 21:22:20 -0800189 @param entry - Entry to add or delete
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100190 */
Neale Rannseba31ec2019-02-17 18:04:27 +0000191define ipsec_sad_entry_add_del
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100192{
193 u32 client_index;
194 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100195 bool is_add;
Neale Ranns17dcec02019-01-09 21:22:20 -0800196 vl_api_ipsec_sad_entry_t entry;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100197};
Neale Rannseba31ec2019-02-17 18:04:27 +0000198define ipsec_sad_entry_add_del_reply
199{
200 u32 context;
201 i32 retval;
202 u32 stat_index;
203};
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100204
Neale Rannsc87b66c2019-02-07 07:26:12 -0800205/** \brief Add or Update Protection for a tunnel with IPSEC
206
207 Tunnel protection directly associates an SA with all packets
208 ingress and egress on the tunnel. This could also be achieved by
209 assigning an SPD to the tunnel, but that would incur an unnessccary
210 SPD entry lookup.
211
212 For tunnels the ESP acts on the post-encapsulated packet. So if this
213 packet:
214 +---------+------+
215 | Payload | O-IP |
216 +---------+------+
217 where O-IP is the overlay IP addrees that was routed into the tunnel,
218 the resulting encapsulated packet will be:
219 +---------+------+------+
220 | Payload | O-IP | T-IP |
221 +---------+------+------+
222 where T-IP is the tunnel's src.dst IP addresses.
223 If the SAs used for protection are in transport mode then the ESP is
224 inserted before T-IP, i.e.:
225 +---------+------+-----+------+
226 | Payload | O-IP | ESP | T-IP |
227 +---------+------+-----+------+
228 If the SAs used for protection are in tunnel mode then another
229 encapsulation occurs, i.e.:
230 +---------+------+------+-----+------+
231 | Payload | O-IP | T-IP | ESP | C-IP |
232 +---------+------+------+-----+------+
233 where C-IP are the crypto endpoint IP addresses defined as the tunnel
234 endpoints in the SA.
235 The mode for the inbound and outbound SA must be the same.
236
237 @param client_index - opaque cookie to identify the sender
238 @param context - sender context, to match reply w/ request
239 @param sw_id_index - Tunnel interface to protect
Neale Ranns28287212019-12-16 00:53:11 +0000240 @param nh - The peer/next-hop on the tunnel to which the traffic
241 should be protected. For a P2P interface set this to the
242 all 0s address.
Neale Rannsc87b66c2019-02-07 07:26:12 -0800243 @param sa_in - The ID [set] of inbound SAs
244 @param sa_out - The ID of outbound SA
245*/
246typedef ipsec_tunnel_protect
247{
248 vl_api_interface_index_t sw_if_index;
Neale Ranns28287212019-12-16 00:53:11 +0000249 vl_api_address_t nh;
Neale Rannsc87b66c2019-02-07 07:26:12 -0800250 u32 sa_out;
251 u8 n_sa_in;
252 u32 sa_in[n_sa_in];
253};
254
255autoreply define ipsec_tunnel_protect_update
256{
257 u32 client_index;
258 u32 context;
259
260 vl_api_ipsec_tunnel_protect_t tunnel;
261};
262
263autoreply define ipsec_tunnel_protect_del
264{
265 u32 client_index;
266 u32 context;
267
268 vl_api_interface_index_t sw_if_index;
Neale Ranns28287212019-12-16 00:53:11 +0000269 vl_api_address_t nh;
Neale Rannsc87b66c2019-02-07 07:26:12 -0800270};
271
Neale Ranns12989b52019-09-26 16:20:19 +0000272/**
273 * @brief Dump all tunnel protections
274 */
Neale Rannsc87b66c2019-02-07 07:26:12 -0800275define ipsec_tunnel_protect_dump
276{
277 u32 client_index;
278 u32 context;
279 vl_api_interface_index_t sw_if_index;
280};
281
282define ipsec_tunnel_protect_details
283{
284 u32 context;
285 vl_api_ipsec_tunnel_protect_t tun;
286};
287
Filip Varga871bca92018-11-02 13:51:44 +0100288/** \brief IPsec: Get SPD interfaces
289 @param client_index - opaque cookie to identify the sender
290 @param context - sender context, to match reply w/ request
291 @param spd_index - SPD index
292 @param spd_index_valid - if 1 spd_index is used to filter
293 spd_index's, if 0 no filtering is done
294*/
295define ipsec_spd_interface_dump {
296 u32 client_index;
297 u32 context;
298 u32 spd_index;
299 u8 spd_index_valid;
300};
301
302/** \brief IPsec: SPD interface response
303 @param context - sender context which was passed in the request
304 @param spd_index - SPD index
305 @param sw_if_index - index of the interface
306*/
307define ipsec_spd_interface_details {
308 u32 context;
309 u32 spd_index;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100310 vl_api_interface_index_t sw_if_index;
Filip Varga871bca92018-11-02 13:51:44 +0100311};
312
Matthew Smithb0972cb2017-05-02 16:20:41 -0500313/** \brief Add or delete IPsec tunnel interface
Neale Ranns12989b52019-09-26 16:20:19 +0000314
315 !!DEPRECATED!!
316 use the tunnel protect APIs instead
317
Matthew Smithb0972cb2017-05-02 16:20:41 -0500318 @param client_index - opaque cookie to identify the sender
319 @param context - sender context, to match reply w/ request
320 @param is_add - add IPsec tunnel interface if nonzero, else delete
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400321 @param is_ip6 - tunnel v6 or v4
Matthew Smithb0972cb2017-05-02 16:20:41 -0500322 @param esn - enable extended sequence numbers if nonzero, else disable
323 @param anti_replay - enable anti replay check if nonzero, else disable
324 @param local_ip - local IP address
325 @param remote_ip - IP address of remote IPsec peer
326 @param local_spi - SPI of outbound IPsec SA
327 @param remote_spi - SPI of inbound IPsec SA
328 @param crypto_alg - encryption algorithm ID
329 @param local_crypto_key_len - length of local crypto key in bytes
330 @param local_crypto_key - crypto key for outbound IPsec SA
331 @param remote_crypto_key_len - length of remote crypto key in bytes
332 @param remote_crypto_key - crypto key for inbound IPsec SA
333 @param integ_alg - integrity algorithm ID
334 @param local_integ_key_len - length of local integrity key in bytes
335 @param local_integ_key - integrity key for outbound IPsec SA
336 @param remote_integ_key_len - length of remote integrity key in bytes
337 @param remote_integ_key - integrity key for inbound IPsec SA
Matthew Smith8e1039a2018-04-12 07:32:56 -0500338 @param renumber - intf display name uses a specified instance if != 0
339 @param show_instance - instance to display for intf if renumber is set
Filip Tehlarb4a7a7d2018-11-30 07:27:27 -0800340 @param udp_encap - enable UDP encapsulation for NAT traversal
Pierre Pfister4c422f92018-12-10 11:19:08 +0100341 @param tx_table_id - the FIB id used after packet encap
Neale Ranns80f6fd52019-04-16 02:41:34 +0000342 @param salt - for use with counter mode ciphers
Matthew Smithb0972cb2017-05-02 16:20:41 -0500343*/
Matthew Smithe04d09d2017-05-14 21:47:18 -0500344define ipsec_tunnel_if_add_del {
Matthew Smithb0972cb2017-05-02 16:20:41 -0500345 u32 client_index;
346 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100347 bool is_add;
348 bool esn;
349 bool anti_replay;
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400350 vl_api_address_t local_ip;
351 vl_api_address_t remote_ip;
Matthew Smithb0972cb2017-05-02 16:20:41 -0500352 u32 local_spi;
353 u32 remote_spi;
354 u8 crypto_alg;
355 u8 local_crypto_key_len;
356 u8 local_crypto_key[128];
357 u8 remote_crypto_key_len;
358 u8 remote_crypto_key[128];
359 u8 integ_alg;
360 u8 local_integ_key_len;
361 u8 local_integ_key[128];
362 u8 remote_integ_key_len;
363 u8 remote_integ_key[128];
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100364 bool renumber;
Matthew Smith8e1039a2018-04-12 07:32:56 -0500365 u32 show_instance;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100366 bool udp_encap;
Pierre Pfister4c422f92018-12-10 11:19:08 +0100367 u32 tx_table_id;
Neale Ranns80f6fd52019-04-16 02:41:34 +0000368 u32 salt;
Matthew Smithb0972cb2017-05-02 16:20:41 -0500369};
370
Matthew Smithe04d09d2017-05-14 21:47:18 -0500371/** \brief Add/delete IPsec tunnel interface response
372 @param context - sender context, to match reply w/ request
373 @param retval - return status
374 @param sw_if_index - sw_if_index of new interface (for successful add)
375*/
376define ipsec_tunnel_if_add_del_reply {
377 u32 context;
378 i32 retval;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100379 vl_api_interface_index_t sw_if_index;
Matthew Smithe04d09d2017-05-14 21:47:18 -0500380};
381
Matthew Smith28029532017-09-26 13:33:44 -0500382/** \brief Dump IPsec security association
383 @param client_index - opaque cookie to identify the sender
384 @param context - sender context, to match reply w/ request
385 @param sa_id - optional ID of an SA to dump, if ~0 dump all SAs in SAD
386*/
387define ipsec_sa_dump {
388 u32 client_index;
389 u32 context;
390 u32 sa_id;
391};
392
393/** \brief IPsec security association database response
394 @param context - sender context which was passed in the request
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100395 @param sa_id - SA ID, policy-based SAs >=0, tunnel interface SAs = 0
Matthew Smith28029532017-09-26 13:33:44 -0500396 @param sw_if_index - sw_if_index of tunnel interface, policy-based SAs = ~0
397 @param spi - security parameter index
398 @param protocol - IPsec protocol (value from ipsec_protocol_t)
399 @param crypto_alg - crypto algorithm (value from ipsec_crypto_alg_t)
400 @param crypto_key_len - length of crypto_key in bytes
401 @param crypto_key - crypto keying material
402 @param integ_alg - integrity algorithm (value from ipsec_integ_alg_t)
403 @param integ_key_len - length of integ_key in bytes
404 @param integ_key - integrity keying material
405 @param use_esn - using extended sequence numbers when non-zero
406 @param use_anti_replay - using anti-replay window when non-zero
407 @param is_tunnel - IPsec tunnel mode when non-zero, else transport mode
408 @param is_tunnel_ipv6 - If using tunnel mode, endpoints are IPv6
409 @param tunnel_src_addr - Tunnel source address if using tunnel mode
410 @param tunnel_dst_addr - Tunnel destination address is using tunnel mode
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100411 @param salt - 4 byte salt
Matthew Smith28029532017-09-26 13:33:44 -0500412 @param seq - current sequence number for outbound
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100413 @param seq_hi - high 32 bits of ESN for outbound
Matthew Smith28029532017-09-26 13:33:44 -0500414 @param last_seq - highest sequence number received inbound
415 @param last_seq_hi - high 32 bits of highest ESN received inbound
416 @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
Matthew Smith48d32b42020-04-02 07:45:49 -0500417 @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa
Klement Sekera4b089f22018-04-17 18:04:57 +0200418 @param udp_encap - 1 if UDP encap enabled, 0 otherwise
Matthew Smith28029532017-09-26 13:33:44 -0500419*/
420define ipsec_sa_details {
421 u32 context;
Neale Ranns8d7c5022019-02-06 01:41:05 -0800422 vl_api_ipsec_sad_entry_t entry;
423
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100424 vl_api_interface_index_t sw_if_index;
Matthew Smith28029532017-09-26 13:33:44 -0500425 u32 salt;
426 u64 seq_outbound;
427 u64 last_seq_inbound;
428 u64 replay_window;
429
Matthew Smith48d32b42020-04-02 07:45:49 -0500430 u32 stat_index;
Matthew Smith28029532017-09-26 13:33:44 -0500431};
432
Matthew Smithca514fd2017-10-12 12:06:59 -0500433/** \brief Set new SA on IPsec interface
Neale Ranns12989b52019-09-26 16:20:19 +0000434
435 !! DEPRECATED !!
436
Matthew Smithca514fd2017-10-12 12:06:59 -0500437 @param client_index - opaque cookie to identify the sender
438 @param context - sender context, to match reply w/ request
439 @param sw_if_index - index of tunnel interface
440 @param sa_id - ID of SA to use
441 @param is_outbound - 1 if outbound (local) SA, 0 if inbound (remote)
442*/
443autoreply define ipsec_tunnel_if_set_sa {
444 u32 client_index;
445 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100446 vl_api_interface_index_t sw_if_index;
Matthew Smithca514fd2017-10-12 12:06:59 -0500447 u32 sa_id;
448 u8 is_outbound;
449};
450
Klement Sekerab4d30532018-11-08 13:00:02 +0100451/** \brief Dump IPsec backends
452 @param client_index - opaque cookie to identify the sender
453 @param context - sender context, to match reply w/ request
454*/
455define ipsec_backend_dump {
456 u32 client_index;
457 u32 context;
458};
459
460/** \brief IPsec backend details
461 @param name - name of the backend
462 @param protocol - IPsec protocol (value from ipsec_protocol_t)
463 @param index - backend index
464 @param active - set to 1 if the backend is active, otherwise 0
465*/
466define ipsec_backend_details {
467 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100468 string name[128];
Neale Ranns17dcec02019-01-09 21:22:20 -0800469 vl_api_ipsec_proto_t protocol;
Klement Sekerab4d30532018-11-08 13:00:02 +0100470 u8 index;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100471 bool active;
Klement Sekerab4d30532018-11-08 13:00:02 +0100472};
473
474/** \brief Select IPsec backend
475 @param client_index - opaque cookie to identify the sender
476 @param context - sender context, to match reply w/ request
477 @param protocol - IPsec protocol (value from ipsec_protocol_t)
478 @param index - backend index
479*/
480autoreply define ipsec_select_backend {
481 u32 client_index;
482 u32 context;
Neale Ranns17dcec02019-01-09 21:22:20 -0800483 vl_api_ipsec_proto_t protocol;
Klement Sekerab4d30532018-11-08 13:00:02 +0100484 u8 index;
485};
486
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100487/*
488 * Local Variables:
489 * eval: (c-set-style "gnu")
490 * End:
491 */