blob: 52a16ede1aac221443fd28924d892d1f8c737559 [file] [log] [blame]
Neale Ranns17dcec02019-01-09 21:22:20 -08001/* Hey Emacs use -*- mode: C -*- */
Pavel Kotucek9c7ef032016-12-21 07:46:45 +01002/*
3 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Neale Rannse6df80d2020-08-27 09:09:56 +000017option version = "4.0.0";
Neale Ranns17dcec02019-01-09 21:22:20 -080018
Prashant Maheshwaridbf68c92019-11-14 12:42:59 +053019import "vnet/ipsec/ipsec_types.api";
Neale Rannsc87b66c2019-02-07 07:26:12 -080020import "vnet/interface_types.api";
Jakub Grajciar287d5e12020-02-28 08:26:32 +010021import "vnet/ip/ip_types.api";
22import "vnet/interface_types.api";
Neale Rannsdd4ccf22020-06-30 07:47:14 +000023import "vnet/tunnel/tunnel_types.api";
Dave Barach0d056e52017-09-28 15:11:16 -040024
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010025/** \brief IPsec: Add/delete Security Policy Database
26 @param client_index - opaque cookie to identify the sender
27 @param context - sender context, to match reply w/ request
28 @param is_add - add SPD if non-zero, else delete
29 @param spd_id - SPD instance id (control plane allocated)
30*/
31
Dave Barach11b8dbf2017-04-24 10:46:54 -040032autoreply define ipsec_spd_add_del
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010033{
34 u32 client_index;
35 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +010036 bool is_add;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010037 u32 spd_id;
38};
39
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010040/** \brief IPsec: Add/delete SPD from interface
41
42 @param client_index - opaque cookie to identify the sender
43 @param context - sender context, to match reply w/ request
44 @param is_add - add security mode if non-zero, else delete
45 @param sw_if_index - index of the interface
46 @param spd_id - SPD instance id to use for lookups
47*/
48
49
Dave Barach11b8dbf2017-04-24 10:46:54 -040050autoreply define ipsec_interface_add_del_spd
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010051{
52 u32 client_index;
53 u32 context;
54
Jakub Grajciar287d5e12020-02-28 08:26:32 +010055 bool is_add;
56 vl_api_interface_index_t sw_if_index;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010057 u32 spd_id;
58};
59
Neale Ranns17dcec02019-01-09 21:22:20 -080060
61enum ipsec_spd_action
62{
63 /* bypass - no IPsec processing */
64 IPSEC_API_SPD_ACTION_BYPASS = 0,
65 /* discard - discard packet with ICMP processing */
66 IPSEC_API_SPD_ACTION_DISCARD,
67 /* resolve - send request to control plane for SA resolving */
68 IPSEC_API_SPD_ACTION_RESOLVE,
69 /* protect - apply IPsec policy using following parameters */
70 IPSEC_API_SPD_ACTION_PROTECT,
71};
72
73/** \brief IPsec: Security Policy Database entry
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010074
75 See RFC 4301, 4.4.1.1 on how to match packet to selectors
76
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010077 @param spd_id - SPD instance id (control plane allocated)
78 @param priority - priority of SPD entry (non-unique value). Used to order SPD matching - higher priorities match before lower
79 @param is_outbound - entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010080 @param remote_address_start - start of remote address range to match
81 @param remote_address_stop - end of remote address range to match
82 @param local_address_start - start of local address range to match
83 @param local_address_stop - end of local address range to match
Neale Ranns17dcec02019-01-09 21:22:20 -080084 @param protocol - protocol type to match [0 means any] otherwise IANA value
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010085 @param remote_port_start - start of remote port range to match ...
86 @param remote_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
87 @param local_port_start - start of local port range to match ...
88 @param local_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
Neale Ranns17dcec02019-01-09 21:22:20 -080089 @param policy - action to perform on match
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010090 @param sa_id - SAD instance id (control plane allocated)
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010091*/
Neale Ranns17dcec02019-01-09 21:22:20 -080092typedef ipsec_spd_entry
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010093{
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010094 u32 spd_id;
95 i32 priority;
Jakub Grajciar287d5e12020-02-28 08:26:32 +010096 bool is_outbound;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010097
Neale Ranns17dcec02019-01-09 21:22:20 -080098 u32 sa_id;
99 vl_api_ipsec_spd_action_t policy;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100100 /* Which protocol?? */
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100101 u8 protocol;
102
Neale Ranns17dcec02019-01-09 21:22:20 -0800103 // Selector
Neale Ranns17dcec02019-01-09 21:22:20 -0800104 vl_api_address_t remote_address_start;
105 vl_api_address_t remote_address_stop;
106 vl_api_address_t local_address_start;
107 vl_api_address_t local_address_stop;
108
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100109 u16 remote_port_start;
110 u16 remote_port_stop;
111 u16 local_port_start;
112 u16 local_port_stop;
Neale Ranns17dcec02019-01-09 21:22:20 -0800113};
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100114
Neale Ranns17dcec02019-01-09 21:22:20 -0800115/** \brief IPsec: Add/delete Security Policy Database entry
116
117 @param client_index - opaque cookie to identify the sender
118 @param context - sender context, to match reply w/ request
119 @param is_add - add SPD if non-zero, else delete
120 @param entry - Description of the entry to add/dell
121*/
Neale Rannsa09c1ff2019-02-04 01:10:30 -0800122define ipsec_spd_entry_add_del
Neale Ranns17dcec02019-01-09 21:22:20 -0800123{
124 u32 client_index;
125 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100126 bool is_add;
Neale Ranns17dcec02019-01-09 21:22:20 -0800127 vl_api_ipsec_spd_entry_t entry;
128};
129
Neale Rannsa09c1ff2019-02-04 01:10:30 -0800130/** \brief IPsec: Reply Add/delete Security Policy Database entry
131
132 @param context - sender context, to match reply w/ request
133 @param retval - success/fail rutrun code
134 @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
135*/
136define ipsec_spd_entry_add_del_reply
137{
138 u32 context;
139 i32 retval;
140 u32 stat_index;
141};
142
Neale Ranns17dcec02019-01-09 21:22:20 -0800143/** \brief Dump IPsec all SPD IDs
144 @param client_index - opaque cookie to identify the sender
145 @param context - sender context, to match reply w/ request
146*/
147define ipsec_spds_dump {
148 u32 client_index;
149 u32 context;
150};
151
152/** \brief Dump IPsec all SPD IDs response
153 @param client_index - opaque cookie to identify the sender
154 @param spd_id - SPD instance id (control plane allocated)
155 @param npolicies - number of policies in SPD
156*/
157define ipsec_spds_details {
158 u32 context;
159 u32 spd_id;
160 u32 npolicies;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100161};
Neale Ranns17dcec02019-01-09 21:22:20 -0800162
163/** \brief Dump ipsec policy database data
164 @param client_index - opaque cookie to identify the sender
165 @param context - sender context, to match reply w/ request
166 @param spd_id - SPD instance id
167 @param sa_id - SA id, optional, set to ~0 to see all policies in SPD
168*/
169define ipsec_spd_dump {
170 u32 client_index;
171 u32 context;
172 u32 spd_id;
173 u32 sa_id;
174};
175
176/** \brief IPsec policy database response
177 @param context - sender context which was passed in the request
178 €param entry - The SPD entry.
179 @param bytes - byte count of packets matching this policy
180 @param packets - count of packets matching this policy
181*/
182define ipsec_spd_details {
183 u32 context;
184 vl_api_ipsec_spd_entry_t entry;
Neale Ranns17dcec02019-01-09 21:22:20 -0800185};
186
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100187/** \brief IPsec: Add/delete Security Association Database entry
188 @param client_index - opaque cookie to identify the sender
189 @param context - sender context, to match reply w/ request
Neale Ranns17dcec02019-01-09 21:22:20 -0800190 @param entry - Entry to add or delete
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100191 */
Neale Rannseba31ec2019-02-17 18:04:27 +0000192define ipsec_sad_entry_add_del
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100193{
194 u32 client_index;
195 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100196 bool is_add;
Neale Ranns17dcec02019-01-09 21:22:20 -0800197 vl_api_ipsec_sad_entry_t entry;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100198};
Neale Rannseba31ec2019-02-17 18:04:27 +0000199define ipsec_sad_entry_add_del_reply
200{
201 u32 context;
202 i32 retval;
203 u32 stat_index;
204};
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100205
Neale Rannsc87b66c2019-02-07 07:26:12 -0800206/** \brief Add or Update Protection for a tunnel with IPSEC
207
208 Tunnel protection directly associates an SA with all packets
209 ingress and egress on the tunnel. This could also be achieved by
210 assigning an SPD to the tunnel, but that would incur an unnessccary
211 SPD entry lookup.
212
213 For tunnels the ESP acts on the post-encapsulated packet. So if this
214 packet:
215 +---------+------+
216 | Payload | O-IP |
217 +---------+------+
218 where O-IP is the overlay IP addrees that was routed into the tunnel,
219 the resulting encapsulated packet will be:
220 +---------+------+------+
221 | Payload | O-IP | T-IP |
222 +---------+------+------+
223 where T-IP is the tunnel's src.dst IP addresses.
224 If the SAs used for protection are in transport mode then the ESP is
225 inserted before T-IP, i.e.:
226 +---------+------+-----+------+
227 | Payload | O-IP | ESP | T-IP |
228 +---------+------+-----+------+
229 If the SAs used for protection are in tunnel mode then another
230 encapsulation occurs, i.e.:
231 +---------+------+------+-----+------+
232 | Payload | O-IP | T-IP | ESP | C-IP |
233 +---------+------+------+-----+------+
234 where C-IP are the crypto endpoint IP addresses defined as the tunnel
235 endpoints in the SA.
236 The mode for the inbound and outbound SA must be the same.
237
238 @param client_index - opaque cookie to identify the sender
239 @param context - sender context, to match reply w/ request
240 @param sw_id_index - Tunnel interface to protect
Neale Ranns28287212019-12-16 00:53:11 +0000241 @param nh - The peer/next-hop on the tunnel to which the traffic
242 should be protected. For a P2P interface set this to the
243 all 0s address.
Neale Rannsc87b66c2019-02-07 07:26:12 -0800244 @param sa_in - The ID [set] of inbound SAs
245 @param sa_out - The ID of outbound SA
246*/
247typedef ipsec_tunnel_protect
248{
249 vl_api_interface_index_t sw_if_index;
Neale Ranns28287212019-12-16 00:53:11 +0000250 vl_api_address_t nh;
Neale Rannsc87b66c2019-02-07 07:26:12 -0800251 u32 sa_out;
252 u8 n_sa_in;
253 u32 sa_in[n_sa_in];
254};
255
256autoreply define ipsec_tunnel_protect_update
257{
258 u32 client_index;
259 u32 context;
260
261 vl_api_ipsec_tunnel_protect_t tunnel;
262};
263
264autoreply define ipsec_tunnel_protect_del
265{
266 u32 client_index;
267 u32 context;
268
269 vl_api_interface_index_t sw_if_index;
Neale Ranns28287212019-12-16 00:53:11 +0000270 vl_api_address_t nh;
Neale Rannsc87b66c2019-02-07 07:26:12 -0800271};
272
Neale Ranns12989b52019-09-26 16:20:19 +0000273/**
274 * @brief Dump all tunnel protections
275 */
Neale Rannsc87b66c2019-02-07 07:26:12 -0800276define ipsec_tunnel_protect_dump
277{
278 u32 client_index;
279 u32 context;
280 vl_api_interface_index_t sw_if_index;
281};
282
283define ipsec_tunnel_protect_details
284{
285 u32 context;
286 vl_api_ipsec_tunnel_protect_t tun;
287};
288
Filip Varga871bca92018-11-02 13:51:44 +0100289/** \brief IPsec: Get SPD interfaces
290 @param client_index - opaque cookie to identify the sender
291 @param context - sender context, to match reply w/ request
292 @param spd_index - SPD index
293 @param spd_index_valid - if 1 spd_index is used to filter
294 spd_index's, if 0 no filtering is done
295*/
296define ipsec_spd_interface_dump {
297 u32 client_index;
298 u32 context;
299 u32 spd_index;
300 u8 spd_index_valid;
301};
302
303/** \brief IPsec: SPD interface response
304 @param context - sender context which was passed in the request
305 @param spd_index - SPD index
306 @param sw_if_index - index of the interface
307*/
308define ipsec_spd_interface_details {
309 u32 context;
310 u32 spd_index;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100311 vl_api_interface_index_t sw_if_index;
Filip Varga871bca92018-11-02 13:51:44 +0100312};
313
Matthew Smithb0972cb2017-05-02 16:20:41 -0500314/** \brief Add or delete IPsec tunnel interface
Neale Ranns12989b52019-09-26 16:20:19 +0000315
316 !!DEPRECATED!!
317 use the tunnel protect APIs instead
318
Matthew Smithb0972cb2017-05-02 16:20:41 -0500319 @param client_index - opaque cookie to identify the sender
320 @param context - sender context, to match reply w/ request
321 @param is_add - add IPsec tunnel interface if nonzero, else delete
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400322 @param is_ip6 - tunnel v6 or v4
Matthew Smithb0972cb2017-05-02 16:20:41 -0500323 @param esn - enable extended sequence numbers if nonzero, else disable
324 @param anti_replay - enable anti replay check if nonzero, else disable
325 @param local_ip - local IP address
326 @param remote_ip - IP address of remote IPsec peer
327 @param local_spi - SPI of outbound IPsec SA
328 @param remote_spi - SPI of inbound IPsec SA
329 @param crypto_alg - encryption algorithm ID
330 @param local_crypto_key_len - length of local crypto key in bytes
331 @param local_crypto_key - crypto key for outbound IPsec SA
332 @param remote_crypto_key_len - length of remote crypto key in bytes
333 @param remote_crypto_key - crypto key for inbound IPsec SA
334 @param integ_alg - integrity algorithm ID
335 @param local_integ_key_len - length of local integrity key in bytes
336 @param local_integ_key - integrity key for outbound IPsec SA
337 @param remote_integ_key_len - length of remote integrity key in bytes
338 @param remote_integ_key - integrity key for inbound IPsec SA
Matthew Smith8e1039a2018-04-12 07:32:56 -0500339 @param renumber - intf display name uses a specified instance if != 0
340 @param show_instance - instance to display for intf if renumber is set
Filip Tehlarb4a7a7d2018-11-30 07:27:27 -0800341 @param udp_encap - enable UDP encapsulation for NAT traversal
Pierre Pfister4c422f92018-12-10 11:19:08 +0100342 @param tx_table_id - the FIB id used after packet encap
Neale Ranns80f6fd52019-04-16 02:41:34 +0000343 @param salt - for use with counter mode ciphers
Matthew Smithb0972cb2017-05-02 16:20:41 -0500344*/
Matthew Smithe04d09d2017-05-14 21:47:18 -0500345define ipsec_tunnel_if_add_del {
Neale Rannse6df80d2020-08-27 09:09:56 +0000346 option deprecated="20.09";
Matthew Smithb0972cb2017-05-02 16:20:41 -0500347 u32 client_index;
348 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100349 bool is_add;
350 bool esn;
351 bool anti_replay;
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400352 vl_api_address_t local_ip;
353 vl_api_address_t remote_ip;
Matthew Smithb0972cb2017-05-02 16:20:41 -0500354 u32 local_spi;
355 u32 remote_spi;
356 u8 crypto_alg;
357 u8 local_crypto_key_len;
358 u8 local_crypto_key[128];
359 u8 remote_crypto_key_len;
360 u8 remote_crypto_key[128];
361 u8 integ_alg;
362 u8 local_integ_key_len;
363 u8 local_integ_key[128];
364 u8 remote_integ_key_len;
365 u8 remote_integ_key[128];
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100366 bool renumber;
Matthew Smith8e1039a2018-04-12 07:32:56 -0500367 u32 show_instance;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100368 bool udp_encap;
Pierre Pfister4c422f92018-12-10 11:19:08 +0100369 u32 tx_table_id;
Neale Ranns80f6fd52019-04-16 02:41:34 +0000370 u32 salt;
Matthew Smithb0972cb2017-05-02 16:20:41 -0500371};
372
Matthew Smithe04d09d2017-05-14 21:47:18 -0500373/** \brief Add/delete IPsec tunnel interface response
374 @param context - sender context, to match reply w/ request
375 @param retval - return status
376 @param sw_if_index - sw_if_index of new interface (for successful add)
377*/
378define ipsec_tunnel_if_add_del_reply {
379 u32 context;
380 i32 retval;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100381 vl_api_interface_index_t sw_if_index;
Matthew Smithe04d09d2017-05-14 21:47:18 -0500382};
383
Neale Rannsdd4ccf22020-06-30 07:47:14 +0000384typedef ipsec_itf
385{
386 u32 user_instance [default=0xffffffff];
387 vl_api_tunnel_mode_t mode;
388 vl_api_interface_index_t sw_if_index;
389};
390
391/** \brief Create an IPSec interface
392 */
393define ipsec_itf_create {
394 u32 client_index;
395 u32 context;
396 vl_api_ipsec_itf_t itf;
397};
398
399/** \brief Add IPsec interface interface response
400 @param context - sender context, to match reply w/ request
401 @param retval - return status
402 @param sw_if_index - sw_if_index of new interface (for successful add)
403*/
404define ipsec_itf_create_reply
405{
406 u32 context;
407 i32 retval;
408 vl_api_interface_index_t sw_if_index;
409};
410
411autoreply define ipsec_itf_delete
412{
413 u32 client_index;
414 u32 context;
415 vl_api_interface_index_t sw_if_index;
416};
417
418define ipsec_itf_dump
419{
420 u32 client_index;
421 u32 context;
422 vl_api_interface_index_t sw_if_index;
423};
424
425define ipsec_itf_details
426{
427 u32 context;
428 vl_api_ipsec_itf_t itf;
429};
430
Matthew Smith28029532017-09-26 13:33:44 -0500431/** \brief Dump IPsec security association
432 @param client_index - opaque cookie to identify the sender
433 @param context - sender context, to match reply w/ request
434 @param sa_id - optional ID of an SA to dump, if ~0 dump all SAs in SAD
435*/
Neale Rannsdd4ccf22020-06-30 07:47:14 +0000436define ipsec_sa_dump
437{
Matthew Smith28029532017-09-26 13:33:44 -0500438 u32 client_index;
439 u32 context;
440 u32 sa_id;
441};
442
443/** \brief IPsec security association database response
444 @param context - sender context which was passed in the request
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100445 @param sa_id - SA ID, policy-based SAs >=0, tunnel interface SAs = 0
Matthew Smith28029532017-09-26 13:33:44 -0500446 @param sw_if_index - sw_if_index of tunnel interface, policy-based SAs = ~0
447 @param spi - security parameter index
448 @param protocol - IPsec protocol (value from ipsec_protocol_t)
449 @param crypto_alg - crypto algorithm (value from ipsec_crypto_alg_t)
450 @param crypto_key_len - length of crypto_key in bytes
451 @param crypto_key - crypto keying material
452 @param integ_alg - integrity algorithm (value from ipsec_integ_alg_t)
453 @param integ_key_len - length of integ_key in bytes
454 @param integ_key - integrity keying material
455 @param use_esn - using extended sequence numbers when non-zero
456 @param use_anti_replay - using anti-replay window when non-zero
457 @param is_tunnel - IPsec tunnel mode when non-zero, else transport mode
458 @param is_tunnel_ipv6 - If using tunnel mode, endpoints are IPv6
459 @param tunnel_src_addr - Tunnel source address if using tunnel mode
460 @param tunnel_dst_addr - Tunnel destination address is using tunnel mode
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100461 @param salt - 4 byte salt
Matthew Smith28029532017-09-26 13:33:44 -0500462 @param seq - current sequence number for outbound
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100463 @param seq_hi - high 32 bits of ESN for outbound
Matthew Smith28029532017-09-26 13:33:44 -0500464 @param last_seq - highest sequence number received inbound
465 @param last_seq_hi - high 32 bits of highest ESN received inbound
466 @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
Matthew Smith48d32b42020-04-02 07:45:49 -0500467 @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa
Klement Sekera4b089f22018-04-17 18:04:57 +0200468 @param udp_encap - 1 if UDP encap enabled, 0 otherwise
Matthew Smith28029532017-09-26 13:33:44 -0500469*/
470define ipsec_sa_details {
471 u32 context;
Neale Ranns8d7c5022019-02-06 01:41:05 -0800472 vl_api_ipsec_sad_entry_t entry;
473
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100474 vl_api_interface_index_t sw_if_index;
Matthew Smith28029532017-09-26 13:33:44 -0500475 u32 salt;
476 u64 seq_outbound;
477 u64 last_seq_inbound;
478 u64 replay_window;
479
Matthew Smith48d32b42020-04-02 07:45:49 -0500480 u32 stat_index;
Matthew Smith28029532017-09-26 13:33:44 -0500481};
482
Matthew Smithca514fd2017-10-12 12:06:59 -0500483/** \brief Set new SA on IPsec interface
Neale Ranns12989b52019-09-26 16:20:19 +0000484
485 !! DEPRECATED !!
486
Matthew Smithca514fd2017-10-12 12:06:59 -0500487 @param client_index - opaque cookie to identify the sender
488 @param context - sender context, to match reply w/ request
489 @param sw_if_index - index of tunnel interface
490 @param sa_id - ID of SA to use
491 @param is_outbound - 1 if outbound (local) SA, 0 if inbound (remote)
492*/
493autoreply define ipsec_tunnel_if_set_sa {
Neale Rannse6df80d2020-08-27 09:09:56 +0000494 option deprecated="20.09";
Matthew Smithca514fd2017-10-12 12:06:59 -0500495 u32 client_index;
496 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100497 vl_api_interface_index_t sw_if_index;
Matthew Smithca514fd2017-10-12 12:06:59 -0500498 u32 sa_id;
499 u8 is_outbound;
500};
501
Klement Sekerab4d30532018-11-08 13:00:02 +0100502/** \brief Dump IPsec backends
503 @param client_index - opaque cookie to identify the sender
504 @param context - sender context, to match reply w/ request
505*/
506define ipsec_backend_dump {
507 u32 client_index;
508 u32 context;
509};
510
511/** \brief IPsec backend details
512 @param name - name of the backend
513 @param protocol - IPsec protocol (value from ipsec_protocol_t)
514 @param index - backend index
515 @param active - set to 1 if the backend is active, otherwise 0
516*/
517define ipsec_backend_details {
518 u32 context;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100519 string name[128];
Neale Ranns17dcec02019-01-09 21:22:20 -0800520 vl_api_ipsec_proto_t protocol;
Klement Sekerab4d30532018-11-08 13:00:02 +0100521 u8 index;
Jakub Grajciar287d5e12020-02-28 08:26:32 +0100522 bool active;
Klement Sekerab4d30532018-11-08 13:00:02 +0100523};
524
525/** \brief Select IPsec backend
526 @param client_index - opaque cookie to identify the sender
527 @param context - sender context, to match reply w/ request
528 @param protocol - IPsec protocol (value from ipsec_protocol_t)
529 @param index - backend index
530*/
531autoreply define ipsec_select_backend {
532 u32 client_index;
533 u32 context;
Neale Ranns17dcec02019-01-09 21:22:20 -0800534 vl_api_ipsec_proto_t protocol;
Klement Sekerab4d30532018-11-08 13:00:02 +0100535 u8 index;
536};
537
Yulong Pei2e84d662020-08-14 18:21:08 +0800538
539/** \brief IPsec Set Async mode
540 @param client_index - opaque cookie to identify the sender
541 @param context - sender context, to match reply w/ request
542 @param async_enable - ipsec async mode on or off
543*/
544autoreply define ipsec_set_async_mode {
545 u32 client_index;
546 u32 context;
547 bool async_enable;
548};
549
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100550/*
551 * Local Variables:
552 * eval: (c-set-style "gnu")
553 * End:
554 */