IPSEC: move SA counters into the stats segment

[vpp.git] / src / vnet / ipsec / ipsec.api

diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api
index 92c39ac..91d21d4 100644 (file)
--- a/src/vnet/ipsec/ipsec.api
+++ b/src/vnet/ipsec/ipsec.api
@@ -96,7 +96,6 @@ typedef ipsec_spd_entry
   u8 protocol;
 
   // Selector
-  u8 is_ip_any;
   vl_api_address_t remote_address_start;
   vl_api_address_t remote_address_stop;
   vl_api_address_t local_address_start;
@@ -115,7 +114,7 @@ typedef ipsec_spd_entry
     @param is_add - add SPD if non-zero, else delete
     @param entry - Description of the entry to add/dell
 */
-autoreply define ipsec_spd_entry_add_del
+define ipsec_spd_entry_add_del
 {
   u32 client_index;
   u32 context;
@@ -123,6 +122,19 @@ autoreply define ipsec_spd_entry_add_del
   vl_api_ipsec_spd_entry_t entry;
 };
 
+/** \brief IPsec: Reply Add/delete Security Policy Database entry
+
+    @param context - sender context, to match reply w/ request
+    @param retval - success/fail rutrun code
+    @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
+*/
+define ipsec_spd_entry_add_del_reply
+{
+  u32 context;
+  i32 retval;
+  u32 stat_index;
+};
+
 /** \brief Dump IPsec all SPD IDs
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
@@ -165,8 +177,6 @@ define ipsec_spd_dump {
 define ipsec_spd_details {
     u32 context;
     vl_api_ipsec_spd_entry_t entry;
-    u64 bytes;
-    u64 packets;
 };
 
 /*
@@ -222,6 +232,10 @@ enum ipsec_sad_flags
   IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08,
   /* enable UDP encapsulation for NAT traversal */
   IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10,
+
+  /* come-on Ole please fix this */
+  IPSEC_API_SAD_COMBO_12 = 12,
+  IPSEC_API_SAD_COMBO_20 = 20,
 };
 
 enum ipsec_proto
@@ -251,6 +265,7 @@ typedef key
     @param integrity_key - integrity keying material
     @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
     @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
+    @param tx_table_id - the FIB id used for encapsulated packets
  */
 typedef ipsec_sad_entry
 {
@@ -270,6 +285,7 @@ typedef ipsec_sad_entry
 
   vl_api_address_t tunnel_src;
   vl_api_address_t tunnel_dst;
+  u32 tx_table_id;
 };
 
 /** \brief IPsec: Add/delete Security Association Database entry
@@ -277,13 +293,19 @@ typedef ipsec_sad_entry
     @param context - sender context, to match reply w/ request
     @param entry - Entry to add or delete
  */
-autoreply define ipsec_sad_entry_add_del
+define ipsec_sad_entry_add_del
 {
   u32 client_index;
   u32 context;
   u8 is_add;
   vl_api_ipsec_sad_entry_t entry;
 };
+define ipsec_sad_entry_add_del_reply
+{
+  u32 context;
+  i32 retval;
+  u32 stat_index;
+};
 
 /** \brief IPsec: Update Security Association keys
     @param client_index - opaque cookie to identify the sender
@@ -677,41 +699,18 @@ define ipsec_sa_dump {
     @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
     @param total_data_size - total bytes sent or received
     @param udp_encap - 1 if UDP encap enabled, 0 otherwise
-    @param tx_table_id - the FIB id used for encapsulated packets
 */
 define ipsec_sa_details {
   u32 context;
-  u32 sa_id;
-  u32 sw_if_index;
-
-  u32 spi;
-  u8 protocol;
-
-  u8 crypto_alg;
-  u8 crypto_key_len;
-  u8 crypto_key[128];
-
-  u8 integ_alg;
-  u8 integ_key_len;
-  u8 integ_key[128];
-
-  u8 use_esn;
-  u8 use_anti_replay;
-
-  u8 is_tunnel;
-  u8 is_tunnel_ip6;
-  u8 tunnel_src_addr[16];
-  u8 tunnel_dst_addr[16];
+  vl_api_ipsec_sad_entry_t entry;
 
+  u32 sw_if_index;
   u32 salt;
   u64 seq_outbound;
   u64 last_seq_inbound;
   u64 replay_window;
 
   u64 total_data_size;
-  u8 udp_encap;
-
-  u32 tx_table_id;
 };
 
 /** \brief Set key on IPsec interface