* limitations under the License.
*/
-option version = "1.0.0";
+option version = "1.0.1";
+
+import "vnet/ip/ip_types.api";
+import "vnet/interface_types.api";
/** \brief Get the plugin version
@param client_index - opaque cookie to identify the sender
u32 client_index;
u32 context;
- u8 name[64];
- u8 is_add;
+ string name[64];
+ bool is_add;
+ option vat_help = "name <profile_name> [del]";
};
/** \brief IKEv2: Set IKEv2 profile authentication method
u32 client_index;
u32 context;
- u8 name[64];
+ string name[64];
u8 auth_method;
- u8 is_hex;
+ bool is_hex;
u32 data_len;
u8 data[data_len];
+ option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
};
/** \brief IKEv2: Set IKEv2 profile local/remote identification
u32 client_index;
u32 context;
- u8 name[64];
- u8 is_local;
+ string name[64];
+ bool is_local;
u8 id_type;
u32 data_len;
u8 data[data_len];
+ option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
};
/** \brief IKEv2: Set IKEv2 profile traffic selector parameters
u32 client_index;
u32 context;
- u8 name[64];
- u8 is_local;
+ string name[64];
+ bool is_local;
u8 proto;
u16 start_port;
u16 end_port;
u32 start_addr;
u32 end_addr;
+ option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
};
/** \brief IKEv2: Set IKEv2 local RSA private key
u32 context;
u8 key_file[256];
+ option vat_help = "file <absolute_file_path>";
+};
+
+/** \brief IKEv2: Set the tunnel interface which will be protected by IKE
+ If this API is not called, a new tunnel will be created
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param name - IKEv2 profile name
+ @param sw_if_index - Of an existing tunnel
+*/
+autoreply define ikev2_set_tunnel_interface
+{
+ u32 client_index;
+ u32 context;
+ string name[64];
+
+ vl_api_interface_index_t sw_if_index;
};
/** \brief IKEv2: Set IKEv2 responder interface and IP address
u32 client_index;
u32 context;
- u8 name[64];
- u32 sw_if_index;
- u8 address[4];
+ string name[64];
+ vl_api_interface_index_t sw_if_index;
+ vl_api_ip4_address_t address;
+ option vat_help = "<profile_name> interface <interface> address <addr>";
};
/** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
u32 client_index;
u32 context;
- u8 name[64];
+ string name[64];
u32 crypto_alg;
u32 crypto_key_size;
u32 integ_alg;
u32 dh_group;
+ option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
};
/** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
u32 client_index;
u32 context;
- u8 name[64];
+ string name[64];
u32 crypto_alg;
u32 crypto_key_size;
u32 integ_alg;
u32 dh_group;
+ option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
};
/** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
u32 client_index;
u32 context;
- u8 name[64];
+ string name[64];
u64 lifetime;
u32 lifetime_jitter;
u32 handover;
u64 lifetime_maxdata;
+ option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
};
/** \brief IKEv2: Initiate the SA_INIT exchange
u32 client_index;
u32 context;
- u8 name[64];
+ string name[64];
+ option vat_help = "<profile_name>";
};
/** \brief IKEv2: Initiate the delete IKE SA exchange
u32 context;
u64 ispi;
+ option vat_help = "<ispi>";
};
/** \brief IKEv2: Initiate the delete Child SA exchange
u32 context;
u32 ispi;
+ option vat_help = "<ispi>";
};
/** \brief IKEv2: Initiate the rekey Child SA exchange
u32 context;
u32 ispi;
+ option vat_help = "<ispi>";
+};
+
+/** \brief IKEv2: Set UDP encapsulation
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param name - IKEv2 profile name
+*/
+autoreply define ikev2_profile_set_udp_encap
+{
+ u32 client_index;
+ u32 context;
+
+ string name[64];
};
+/** \brief IKEv2: Set/unset custom ipsec-over-udp port
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param is_set - whether set or unset custom port
+ @port - port number
+ @param name - IKEv2 profile name
+*/
+autoreply define ikev2_profile_set_ipsec_udp_port
+{
+ u32 client_index;
+ u32 context;
+
+ u8 is_set;
+ u16 port;
+ string name[64];
+};
/*
* Local Variables:
* eval: (c-set-style "gnu")