/* Hey Emacs use -*- mode: C -*- */
/*
- * Copyright (c) 2015-2016 Cisco and/or its affiliates.
+ * Copyright (c) 2015-2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
option status="in_progress";
};
+/** \brief Dump all SAs
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+*/
+define ikev2_sa_dump
+{
+ u32 client_index;
+ u32 context;
+
+ option status = "in_progress";
+};
+
+/** \brief Details about IKE SA
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param sa - SA data
+*/
+define ikev2_sa_details
+{
+ u32 context;
+ i32 retval;
+
+ vl_api_ikev2_sa_t sa;
+ option status = "in_progress";
+};
+
+/** \brief Dump child SA of specific SA
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param sa_index - index of specific sa
+*/
+define ikev2_child_sa_dump
+{
+ u32 client_index;
+ u32 context;
+
+ u32 sa_index;
+ option vat_help = "sa_index <index>";
+ option status = "in_progress";
+};
+
+/** \brief Child SA details
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param child_sa - child SA data
+*/
+define ikev2_child_sa_details
+{
+ u32 context;
+ i32 retval;
+
+ vl_api_ikev2_child_sa_t child_sa;
+ option status = "in_progress";
+};
+
+/** \brief get specific nonce
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param is_initiator - specify type initiator|responder of nonce
+ @param sa_index - index of specific sa
+*/
+define ikev2_nonce_get
+{
+ u32 client_index;
+ u32 context;
+
+ bool is_initiator;
+ u32 sa_index;
+ option vat_help = "initiator|responder sa_index <index>";
+ option status = "in_progress";
+};
+
+/** \brief reply on specific nonce
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param data_len - nonce length
+ @param nonce - nonce data
+*/
+
+define ikev2_nonce_get_reply
+{
+ u32 context;
+ i32 retval;
+
+ u32 data_len;
+ u8 nonce[data_len];
+ option status = "in_progress";
+};
+
+/** \brief dump traffic selectors
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param is_initiator - specify type initiator|responder of nonce
+ @param sa_index - index of specific sa
+ @param child_sa_index - index of specific sa child of specific sa
+*/
+
+define ikev2_traffic_selector_dump
+{
+ u32 client_index;
+ u32 context;
+
+ bool is_initiator;
+ u32 sa_index;
+ u32 child_sa_index;
+ option vat_help = "initiator|responder sa_index <index> child_sa_index <index>";
+ option status = "in_progress";
+};
+
+/** \brief details on specific traffic selector
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param ts - traffic selector data
+*/
+
+define ikev2_traffic_selector_details
+{
+ u32 context;
+ i32 retval;
+
+ vl_api_ikev2_ts_t ts;
+ option status = "in_progress";
+};
/** \brief IKEv2: Add/delete profile
@param client_index - opaque cookie to identify the sender
option status="in_progress";
};
+/** \brief IKEv2: Disable NAT traversal
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param name - IKEv2 profile name
+*/
+autoreply define ikev2_profile_disable_natt
+{
+ u32 client_index;
+ u32 context;
+
+ string name[64];
+ option status="in_progress";
+};
+
/** \brief IKEv2: Set IKEv2 profile traffic selector parameters
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
string name[64];
vl_api_ikev2_ts_t ts;
- option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
+ option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip> end_addr <ip> (local|remote)";
option status="in_progress";
};
option status="in_progress";
};
+counters ikev2 {
+ processed {
+ severity info;
+ type counter64;
+ units "packets";
+ description "packets processed";
+ };
+ ike_sa_init_retransmit {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE SA INIT retransmit";
+ };
+ ike_sa_init_ignore {
+ severity error;
+ type counter64;
+ units "packets";
+ description "IKE_SA_INIT ignore (IKE SA already auth)";
+ };
+ ike_req_retransmit {
+ severity error;
+ type counter64;
+ units "packets";
+ description "IKE request retransmit";
+ };
+ ike_req_ignore {
+ severity error;
+ type counter64;
+ units "packets";
+ description "IKE request ignore (old msgid)";
+ };
+ not_ikev2 {
+ severity error;
+ type counter64;
+ units "packets";
+ description "Non IKEv2 packets received";
+ };
+ bad_length {
+ severity error;
+ type counter64;
+ units "packets";
+ description "Bad packet length";
+ };
+ malformed_packet {
+ severity error;
+ type counter64;
+ units "packets";
+ description "Malformed packet";
+ };
+ no_buff_space {
+ severity error;
+ type counter64;
+ units "packets";
+ description "No buffer space";
+ };
+ keepalive {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE keepalive messages received";
+ };
+ rekey_req {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE rekey requests received";
+ };
+ init_sa_req {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE EXCHANGE SA requests received";
+ };
+ ike_auth_req {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE AUTH SA requests received";
+ };
+};
+paths {
+ "/err/ikev2-ip4" "ike";
+ "/err/ikev2-ip6" "ike";
+ "/err/ikev2-ip4-natt" "ike";
+};
+
/*
* Local Variables:
* eval: (c-set-style "gnu")