1 /* Hey Emacs use -*- mode: C -*- */
3 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 option version = "1.0.1";
19 import "vnet/ip/ip_types.api";
20 import "vnet/interface_types.api";
22 /** \brief Get the plugin version
23 @param client_index - opaque cookie to identify the sender
24 @param context - sender context, to match reply w/ request
26 define ikev2_plugin_get_version
32 /** \brief Reply to get the plugin version
33 @param context - returned sender context, to match reply w/ request
34 @param major - Incremented every time a known breaking behavior change is introduced
35 @param minor - Incremented with small changes, may be used to avoid buggy versions
37 define ikev2_plugin_get_version_reply
44 /** \brief IKEv2: Add/delete profile
45 @param client_index - opaque cookie to identify the sender
46 @param context - sender context, to match reply w/ request
48 @param name - IKEv2 profile name
49 @param is_add - Add IKEv2 profile if non-zero, else delete
51 autoreply define ikev2_profile_add_del
58 option vat_help = "name <profile_name> [del]";
61 /** \brief IKEv2: Set IKEv2 profile authentication method
62 @param client_index - opaque cookie to identify the sender
63 @param context - sender context, to match reply w/ request
65 @param name - IKEv2 profile name
66 @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
67 @param is_hex - Authentication data in hex format if non-zero, else string
68 @param data_len - Authentication data length
69 @param data - Authentication data (for rsa-sig cert file path)
71 autoreply define ikev2_profile_set_auth
81 option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
84 /** \brief IKEv2: Set IKEv2 profile local/remote identification
85 @param client_index - opaque cookie to identify the sender
86 @param context - sender context, to match reply w/ request
88 @param name - IKEv2 profile name
89 @param is_local - Identification is local if non-zero, else remote
90 @param id_type - Identification type
91 @param data_len - Identification data length
92 @param data - Identification data
94 autoreply define ikev2_profile_set_id
104 option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
107 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
108 @param client_index - opaque cookie to identify the sender
109 @param context - sender context, to match reply w/ request
111 @param name - IKEv2 profile name
112 @param is_local - Traffic selector is local if non-zero, else remote
113 @param proto - Traffic selector IP protocol (if zero not relevant)
114 @param start_port - The smallest port number allowed by traffic selector
115 @param end_port - The largest port number allowed by traffic selector
116 @param start_addr - The smallest address included in traffic selector
117 @param end_addr - The largest address included in traffic selector
119 autoreply define ikev2_profile_set_ts
131 option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
134 /** \brief IKEv2: Set IKEv2 local RSA private key
135 @param client_index - opaque cookie to identify the sender
136 @param context - sender context, to match reply w/ request
138 @param key_file - Key file absolute path
140 autoreply define ikev2_set_local_key
146 option vat_help = "file <absolute_file_path>";
149 /** \brief IKEv2: Set IKEv2 responder interface and IP address
150 @param client_index - opaque cookie to identify the sender
151 @param context - sender context, to match reply w/ request
153 @param name - IKEv2 profile name
154 @param sw_if_index - interface index
155 @param address - interface address
157 autoreply define ikev2_set_responder
163 vl_api_interface_index_t sw_if_index;
164 vl_api_ip4_address_t address;
165 option vat_help = "<profile_name> interface <interface> address <addr>";
168 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
169 @param client_index - opaque cookie to identify the sender
170 @param context - sender context, to match reply w/ request
172 @param name - IKEv2 profile name
173 @param crypto_alg - encryption algorithm
174 @param crypto_key_size - encryption key size
175 @param integ_alg - integrity algorithm
176 @param dh_group - Diffie-Hellman group
179 autoreply define ikev2_set_ike_transforms
189 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
192 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
193 @param client_index - opaque cookie to identify the sender
194 @param context - sender context, to match reply w/ request
196 @param name - IKEv2 profile name
197 @param crypto_alg - encryption algorithm
198 @param crypto_key_size - encryption key size
199 @param integ_alg - integrity algorithm
200 @param dh_group - Diffie-Hellman group
203 autoreply define ikev2_set_esp_transforms
213 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
216 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
217 @param client_index - opaque cookie to identify the sender
218 @param context - sender context, to match reply w/ request
220 @param name - IKEv2 profile name
221 @param lifetime - SA maximum life time in seconds (0 to disable)
222 @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
223 @param handover - Hand over time
224 @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
227 autoreply define ikev2_set_sa_lifetime
236 u64 lifetime_maxdata;
237 option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
240 /** \brief IKEv2: Initiate the SA_INIT exchange
241 @param client_index - opaque cookie to identify the sender
242 @param context - sender context, to match reply w/ request
244 @param name - IKEv2 profile name
247 autoreply define ikev2_initiate_sa_init
253 option vat_help = "<profile_name>";
256 /** \brief IKEv2: Initiate the delete IKE SA exchange
257 @param client_index - opaque cookie to identify the sender
258 @param context - sender context, to match reply w/ request
260 @param ispi - IKE SA initiator SPI
263 autoreply define ikev2_initiate_del_ike_sa
269 option vat_help = "<ispi>";
272 /** \brief IKEv2: Initiate the delete Child SA exchange
273 @param client_index - opaque cookie to identify the sender
274 @param context - sender context, to match reply w/ request
276 @param ispi - Child SA initiator SPI
279 autoreply define ikev2_initiate_del_child_sa
285 option vat_help = "<ispi>";
288 /** \brief IKEv2: Initiate the rekey Child SA exchange
289 @param client_index - opaque cookie to identify the sender
290 @param context - sender context, to match reply w/ request
292 @param ispi - Child SA initiator SPI
295 autoreply define ikev2_initiate_rekey_child_sa
301 option vat_help = "<ispi>";
306 * eval: (c-set-style "gnu")