* limitations under the License.
*/
-option version = "3.0.1";
+option version = "4.0.0";
import "vnet/ipsec/ipsec_types.api";
import "vnet/interface_types.api";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
+import "vnet/tunnel/tunnel_types.api";
/** \brief IPsec: Add/delete Security Policy Database
@param client_index - opaque cookie to identify the sender
@param salt - for use with counter mode ciphers
*/
define ipsec_tunnel_if_add_del {
+ option deprecated="20.09";
u32 client_index;
u32 context;
bool is_add;
vl_api_interface_index_t sw_if_index;
};
+typedef ipsec_itf
+{
+ u32 user_instance [default=0xffffffff];
+ vl_api_tunnel_mode_t mode;
+ vl_api_interface_index_t sw_if_index;
+};
+
+/** \brief Create an IPSec interface
+ */
+define ipsec_itf_create {
+ u32 client_index;
+ u32 context;
+ vl_api_ipsec_itf_t itf;
+};
+
+/** \brief Add IPsec interface interface response
+ @param context - sender context, to match reply w/ request
+ @param retval - return status
+ @param sw_if_index - sw_if_index of new interface (for successful add)
+*/
+define ipsec_itf_create_reply
+{
+ u32 context;
+ i32 retval;
+ vl_api_interface_index_t sw_if_index;
+};
+
+autoreply define ipsec_itf_delete
+{
+ u32 client_index;
+ u32 context;
+ vl_api_interface_index_t sw_if_index;
+};
+
+define ipsec_itf_dump
+{
+ u32 client_index;
+ u32 context;
+ vl_api_interface_index_t sw_if_index;
+};
+
+define ipsec_itf_details
+{
+ u32 context;
+ vl_api_ipsec_itf_t itf;
+};
+
/** \brief Dump IPsec security association
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param sa_id - optional ID of an SA to dump, if ~0 dump all SAs in SAD
*/
-define ipsec_sa_dump {
+define ipsec_sa_dump
+{
u32 client_index;
u32 context;
u32 sa_id;
@param last_seq - highest sequence number received inbound
@param last_seq_hi - high 32 bits of highest ESN received inbound
@param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
- @param total_data_size - total bytes sent or received
+ @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa
@param udp_encap - 1 if UDP encap enabled, 0 otherwise
*/
define ipsec_sa_details {
u64 last_seq_inbound;
u64 replay_window;
- u64 total_data_size;
+ u32 stat_index;
};
/** \brief Set new SA on IPsec interface
@param is_outbound - 1 if outbound (local) SA, 0 if inbound (remote)
*/
autoreply define ipsec_tunnel_if_set_sa {
+ option deprecated="20.09";
u32 client_index;
u32 context;
vl_api_interface_index_t sw_if_index;
u8 index;
};
+
+/** \brief IPsec Set Async mode
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param async_enable - ipsec async mode on or off
+*/
+autoreply define ipsec_set_async_mode {
+ u32 client_index;
+ u32 context;
+ bool async_enable;
+};
+
/*
* Local Variables:
* eval: (c-set-style "gnu")