1 /* Hey Emacs use -*- mode: C -*- */
3 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 option version = "1.0.0";
19 /** \brief Get the plugin version
20 @param client_index - opaque cookie to identify the sender
21 @param context - sender context, to match reply w/ request
23 define ikev2_plugin_get_version
29 /** \brief Reply to get the plugin version
30 @param context - returned sender context, to match reply w/ request
31 @param major - Incremented every time a known breaking behavior change is introduced
32 @param minor - Incremented with small changes, may be used to avoid buggy versions
34 define ikev2_plugin_get_version_reply
41 /** \brief IKEv2: Add/delete profile
42 @param client_index - opaque cookie to identify the sender
43 @param context - sender context, to match reply w/ request
45 @param name - IKEv2 profile name
46 @param is_add - Add IKEv2 profile if non-zero, else delete
48 autoreply define ikev2_profile_add_del
57 /** \brief IKEv2: Set IKEv2 profile authentication method
58 @param client_index - opaque cookie to identify the sender
59 @param context - sender context, to match reply w/ request
61 @param name - IKEv2 profile name
62 @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
63 @param is_hex - Authentication data in hex format if non-zero, else string
64 @param data_len - Authentication data length
65 @param data - Authentication data (for rsa-sig cert file path)
67 autoreply define ikev2_profile_set_auth
79 /** \brief IKEv2: Set IKEv2 profile local/remote identification
80 @param client_index - opaque cookie to identify the sender
81 @param context - sender context, to match reply w/ request
83 @param name - IKEv2 profile name
84 @param is_local - Identification is local if non-zero, else remote
85 @param id_type - Identification type
86 @param data_len - Identification data length
87 @param data - Identification data
89 autoreply define ikev2_profile_set_id
101 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
102 @param client_index - opaque cookie to identify the sender
103 @param context - sender context, to match reply w/ request
105 @param name - IKEv2 profile name
106 @param is_local - Traffic selector is local if non-zero, else remote
107 @param proto - Traffic selector IP protocol (if zero not relevant)
108 @param start_port - The smallest port number allowed by traffic selector
109 @param end_port - The largest port number allowed by traffic selector
110 @param start_addr - The smallest address included in traffic selector
111 @param end_addr - The largest address included in traffic selector
113 autoreply define ikev2_profile_set_ts
127 /** \brief IKEv2: Set IKEv2 local RSA private key
128 @param client_index - opaque cookie to identify the sender
129 @param context - sender context, to match reply w/ request
131 @param key_file - Key file absolute path
133 autoreply define ikev2_set_local_key
141 /** \brief IKEv2: Set IKEv2 responder interface and IP address
142 @param client_index - opaque cookie to identify the sender
143 @param context - sender context, to match reply w/ request
145 @param name - IKEv2 profile name
146 @param sw_if_index - interface index
147 @param address - interface address
149 autoreply define ikev2_set_responder
159 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
160 @param client_index - opaque cookie to identify the sender
161 @param context - sender context, to match reply w/ request
163 @param name - IKEv2 profile name
164 @param crypto_alg - encryption algorithm
165 @param crypto_key_size - encryption key size
166 @param integ_alg - integrity algorithm
167 @param dh_group - Diffie-Hellman group
170 autoreply define ikev2_set_ike_transforms
182 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
183 @param client_index - opaque cookie to identify the sender
184 @param context - sender context, to match reply w/ request
186 @param name - IKEv2 profile name
187 @param crypto_alg - encryption algorithm
188 @param crypto_key_size - encryption key size
189 @param integ_alg - integrity algorithm
190 @param dh_group - Diffie-Hellman group
193 autoreply define ikev2_set_esp_transforms
205 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
206 @param client_index - opaque cookie to identify the sender
207 @param context - sender context, to match reply w/ request
209 @param name - IKEv2 profile name
210 @param lifetime - SA maximum life time in seconds (0 to disable)
211 @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
212 @param handover - Hand over time
213 @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
216 autoreply define ikev2_set_sa_lifetime
225 u64 lifetime_maxdata;
228 /** \brief IKEv2: Initiate the SA_INIT exchange
229 @param client_index - opaque cookie to identify the sender
230 @param context - sender context, to match reply w/ request
232 @param name - IKEv2 profile name
235 autoreply define ikev2_initiate_sa_init
243 /** \brief IKEv2: Initiate the delete IKE SA exchange
244 @param client_index - opaque cookie to identify the sender
245 @param context - sender context, to match reply w/ request
247 @param ispi - IKE SA initiator SPI
250 autoreply define ikev2_initiate_del_ike_sa
258 /** \brief IKEv2: Initiate the delete Child SA exchange
259 @param client_index - opaque cookie to identify the sender
260 @param context - sender context, to match reply w/ request
262 @param ispi - Child SA initiator SPI
265 autoreply define ikev2_initiate_del_child_sa
273 /** \brief IKEv2: Initiate the rekey Child SA exchange
274 @param client_index - opaque cookie to identify the sender
275 @param context - sender context, to match reply w/ request
277 @param ispi - Child SA initiator SPI
280 autoreply define ikev2_initiate_rekey_child_sa
290 * eval: (c-set-style "gnu")