1 /* Hey Emacs use -*- mode: C -*- */
3 * Copyright (c) 2015-2020 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 option version = "1.0.1";
19 import "plugins/ikev2/ikev2_types.api";
20 import "vnet/ip/ip_types.api";
21 import "vnet/interface_types.api";
23 /** \brief Get the plugin version
24 @param client_index - opaque cookie to identify the sender
25 @param context - sender context, to match reply w/ request
27 define ikev2_plugin_get_version
33 /** \brief Reply to get the plugin version
34 @param context - returned sender context, to match reply w/ request
35 @param major - Incremented every time a known breaking behavior change is introduced
36 @param minor - Incremented with small changes, may be used to avoid buggy versions
38 define ikev2_plugin_get_version_reply
45 /** \brief Dump all profiles
46 @param client_index - opaque cookie to identify the sender
47 @param context - sender context, to match reply w/ request
49 define ikev2_profile_dump
53 option status="in_progress";
56 /** \brief Details about all profiles
57 @param context - returned sender context, to match reply w/ request
58 @param profile - profile element with encapsulated attributes
60 define ikev2_profile_details
63 vl_api_ikev2_profile_t profile;
64 option status="in_progress";
67 /** \brief Dump all SAs
68 @param client_index - opaque cookie to identify the sender
69 @param context - sender context, to match reply w/ request
76 option status = "in_progress";
79 /** \brief Details about IKE SA
80 @param context - sender context, to match reply w/ request
81 @param retval - return code
84 define ikev2_sa_details
90 option status = "in_progress";
93 /** \brief Dump child SA of specific SA
94 @param client_index - opaque cookie to identify the sender
95 @param context - sender context, to match reply w/ request
96 @param sa_index - index of specific sa
98 define ikev2_child_sa_dump
104 option vat_help = "sa_index <index>";
105 option status = "in_progress";
108 /** \brief Child SA details
109 @param context - sender context, to match reply w/ request
110 @param retval - return code
111 @param child_sa - child SA data
113 define ikev2_child_sa_details
118 vl_api_ikev2_child_sa_t child_sa;
119 option status = "in_progress";
122 /** \brief get specific nonce
123 @param client_index - opaque cookie to identify the sender
124 @param context - sender context, to match reply w/ request
125 @param is_initiator - specify type initiator|responder of nonce
126 @param sa_index - index of specific sa
128 define ikev2_nonce_get
135 option vat_help = "initiator|responder sa_index <index>";
136 option status = "in_progress";
139 /** \brief reply on specific nonce
140 @param context - sender context, to match reply w/ request
141 @param retval - return code
142 @param data_len - nonce length
143 @param nonce - nonce data
146 define ikev2_nonce_get_reply
153 option status = "in_progress";
156 /** \brief dump traffic selectors
157 @param client_index - opaque cookie to identify the sender
158 @param context - sender context, to match reply w/ request
159 @param is_initiator - specify type initiator|responder of nonce
160 @param sa_index - index of specific sa
161 @param child_sa_index - index of specific sa child of specific sa
164 define ikev2_traffic_selector_dump
172 option vat_help = "initiator|responder sa_index <index> child_sa_index <index>";
173 option status = "in_progress";
176 /** \brief details on specific traffic selector
177 @param context - sender context, to match reply w/ request
178 @param retval - return code
179 @param ts - traffic selector data
182 define ikev2_traffic_selector_details
187 vl_api_ikev2_ts_t ts;
188 option status = "in_progress";
191 /** \brief IKEv2: Add/delete profile
192 @param client_index - opaque cookie to identify the sender
193 @param context - sender context, to match reply w/ request
194 @param name - IKEv2 profile name
195 @param is_add - Add IKEv2 profile if non-zero, else delete
197 autoreply define ikev2_profile_add_del
204 option vat_help = "name <profile_name> [del]";
205 option status="in_progress";
208 /** \brief IKEv2: Set IKEv2 profile authentication method
209 @param client_index - opaque cookie to identify the sender
210 @param context - sender context, to match reply w/ request
211 @param name - IKEv2 profile name
212 @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
213 @param is_hex - Authentication data in hex format if non-zero, else string
214 @param data_len - Authentication data length
215 @param data - Authentication data (for rsa-sig cert file path)
217 autoreply define ikev2_profile_set_auth
227 option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
228 option status="in_progress";
231 /** \brief IKEv2: Set IKEv2 profile local/remote identification
232 @param client_index - opaque cookie to identify the sender
233 @param context - sender context, to match reply w/ request
234 @param name - IKEv2 profile name
235 @param is_local - Identification is local if non-zero, else remote
236 @param id_type - Identification type
237 @param data_len - Identification data length
238 @param data - Identification data
240 autoreply define ikev2_profile_set_id
250 option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
251 option status="in_progress";
254 /** \brief IKEv2: Disable NAT traversal
255 @param client_index - opaque cookie to identify the sender
256 @param context - sender context, to match reply w/ request
257 @param name - IKEv2 profile name
259 autoreply define ikev2_profile_disable_natt
265 option status="in_progress";
268 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
269 @param client_index - opaque cookie to identify the sender
270 @param context - sender context, to match reply w/ request
271 @param name - IKEv2 profile name
272 @param ts - traffic selector data
274 autoreply define ikev2_profile_set_ts
280 vl_api_ikev2_ts_t ts;
281 option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip> end_addr <ip> (local|remote)";
282 option status="in_progress";
285 /** \brief IKEv2: Set IKEv2 local RSA private key
286 @param client_index - opaque cookie to identify the sender
287 @param context - sender context, to match reply w/ request
288 @param key_file - Key file absolute path
290 autoreply define ikev2_set_local_key
295 string key_file[256];
296 option vat_help = "file <absolute_file_path>";
297 option status="in_progress";
300 /** \brief IKEv2: Set the tunnel interface which will be protected by IKE
301 If this API is not called, a new tunnel will be created
302 @param client_index - opaque cookie to identify the sender
303 @param context - sender context, to match reply w/ request
304 @param name - IKEv2 profile name
305 @param sw_if_index - Of an existing tunnel
307 autoreply define ikev2_set_tunnel_interface
313 vl_api_interface_index_t sw_if_index;
314 option status="in_progress";
317 /** \brief IKEv2: Set IKEv2 responder interface and IP address
318 @param client_index - opaque cookie to identify the sender
319 @param context - sender context, to match reply w/ request
320 @param name - IKEv2 profile name
321 @param responder - responder data
323 autoreply define ikev2_set_responder
329 vl_api_ikev2_responder_t responder;
330 option vat_help = "<profile_name> interface <interface> address <addr>";
331 option status="in_progress";
334 autoreply define ikev2_set_responder_hostname
341 vl_api_interface_index_t sw_if_index;
342 option status="in_progress";
345 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
346 @param client_index - opaque cookie to identify the sender
347 @param context - sender context, to match reply w/ request
348 @param name - IKEv2 profile name
349 @param tr - IKE transforms
351 autoreply define ikev2_set_ike_transforms
357 vl_api_ikev2_ike_transforms_t tr;
358 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
359 option status="in_progress";
362 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
363 @param client_index - opaque cookie to identify the sender
364 @param context - sender context, to match reply w/ request
365 @param name - IKEv2 profile name
366 @param tr - ESP transforms
368 autoreply define ikev2_set_esp_transforms
374 vl_api_ikev2_esp_transforms_t tr;
375 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg>";
376 option status="in_progress";
379 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
380 @param client_index - opaque cookie to identify the sender
381 @param context - sender context, to match reply w/ request
382 @param name - IKEv2 profile name
383 @param lifetime - SA maximum life time in seconds (0 to disable)
384 @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
385 @param handover - Hand over time
386 @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
388 autoreply define ikev2_set_sa_lifetime
397 u64 lifetime_maxdata;
398 option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
399 option status="in_progress";
402 /** \brief IKEv2: Initiate the SA_INIT exchange
403 @param client_index - opaque cookie to identify the sender
404 @param context - sender context, to match reply w/ request
405 @param name - IKEv2 profile name
407 autoreply define ikev2_initiate_sa_init
413 option vat_help = "<profile_name>";
414 option status="in_progress";
417 /** \brief IKEv2: Initiate the delete IKE SA exchange
418 @param client_index - opaque cookie to identify the sender
419 @param context - sender context, to match reply w/ request
420 @param ispi - IKE SA initiator SPI
422 autoreply define ikev2_initiate_del_ike_sa
428 option vat_help = "<ispi>";
429 option status="in_progress";
432 /** \brief IKEv2: Initiate the delete Child SA exchange
433 @param client_index - opaque cookie to identify the sender
434 @param context - sender context, to match reply w/ request
435 @param ispi - Child SA initiator SPI
437 autoreply define ikev2_initiate_del_child_sa
443 option vat_help = "<ispi>";
444 option status="in_progress";
447 /** \brief IKEv2: Initiate the rekey Child SA exchange
448 @param client_index - opaque cookie to identify the sender
449 @param context - sender context, to match reply w/ request
450 @param ispi - Child SA initiator SPI
452 autoreply define ikev2_initiate_rekey_child_sa
458 option vat_help = "<ispi>";
459 option status="in_progress";
462 /** \brief IKEv2: Set UDP encapsulation
463 @param client_index - opaque cookie to identify the sender
464 @param context - sender context, to match reply w/ request
465 @param name - IKEv2 profile name
467 autoreply define ikev2_profile_set_udp_encap
473 option status="in_progress";
476 /** \brief IKEv2: Set/unset custom ipsec-over-udp port
477 @param client_index - opaque cookie to identify the sender
478 @param context - sender context, to match reply w/ request
479 @param is_set - whether set or unset custom port
480 @param port - port number
481 @param name - IKEv2 profile name
483 autoreply define ikev2_profile_set_ipsec_udp_port
491 option status="in_progress";
494 /** \brief IKEv2: Set liveness parameters
495 @param client_index - opaque cookie to identify the sender
496 @param context - sender context, to match reply w/ request
497 @param period - how often is liveness check performed
498 @param max_retries - max retries for liveness check
500 autoreply define ikev2_profile_set_liveness
507 option status="in_progress";
515 description "packets processed";
517 ike_sa_init_retransmit {
521 description "IKE SA INIT retransmit";
527 description "IKE_SA_INIT ignore (IKE SA already auth)";
533 description "IKE request retransmit";
539 description "IKE request ignore (old msgid)";
545 description "Non IKEv2 packets received";
551 description "Bad packet length";
557 description "Malformed packet";
563 description "No buffer space";
569 description "IKE keepalive messages received";
575 description "IKE rekey requests received";
581 description "IKE EXCHANGE SA requests received";
587 description "IKE AUTH SA requests received";
591 "/err/ikev2-ip4" "ike";
592 "/err/ikev2-ip6" "ike";
593 "/err/ikev2-ip4-natt" "ike";
598 * eval: (c-set-style "gnu")