* limitations under the License.
*/
-option version = "3.0.0";
+option version = "3.0.1";
import "vnet/ip/ip_types.api";
+import "vnet/tunnel/tunnel_types.api";
/*
* @brief Support cryptographic algorithms
enum ipsec_proto
{
- IPSEC_API_PROTO_ESP,
- IPSEC_API_PROTO_AH,
+ IPSEC_API_PROTO_ESP = 50,
+ IPSEC_API_PROTO_AH = 51,
};
typedef key
@param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
@param tx_table_id - the FIB id used for encapsulated packets
@param salt - for use with counter mode ciphers
+ @param udp_src_port - If using UDP Encapsulation, use this source port for
+ TX. It is ignored for RX.
+ @param udp_dst_port - If using UDP Encapsulation, use this destination port
+ for TX. Expect traffic on this port for RX.
+ @param tunnel_flags - Flags controlling the copying of encap/decap value
+ @param dscp - Fixed DSCP vaule for tunnel encap
*/
typedef ipsec_sad_entry
{
vl_api_address_t tunnel_dst;
u32 tx_table_id;
u32 salt;
+ u16 udp_src_port [default=4500];
+ u16 udp_dst_port [default=4500];
};
+typedef ipsec_sad_entry_v2
+{
+ u32 sad_id;
+
+ u32 spi;
+
+ vl_api_ipsec_proto_t protocol;
+
+ vl_api_ipsec_crypto_alg_t crypto_algorithm;
+ vl_api_key_t crypto_key;
+
+ vl_api_ipsec_integ_alg_t integrity_algorithm;
+ vl_api_key_t integrity_key;
+
+ vl_api_ipsec_sad_flags_t flags;
+
+ vl_api_address_t tunnel_src;
+ vl_api_address_t tunnel_dst;
+ vl_api_tunnel_encap_decap_flags_t tunnel_flags;
+ vl_api_ip_dscp_t dscp;
+ u32 tx_table_id;
+ u32 salt;
+ u16 udp_src_port [default=4500];
+ u16 udp_dst_port [default=4500];
+};
+
+typedef ipsec_sad_entry_v3
+{
+ u32 sad_id;
+ u32 spi;
+
+ vl_api_ipsec_proto_t protocol;
+
+ vl_api_ipsec_crypto_alg_t crypto_algorithm;
+ vl_api_key_t crypto_key;
+
+ vl_api_ipsec_integ_alg_t integrity_algorithm;
+ vl_api_key_t integrity_key;
+
+ vl_api_ipsec_sad_flags_t flags;
+
+ vl_api_tunnel_t tunnel;
+
+ u32 salt;
+ u16 udp_src_port [default=4500];
+ u16 udp_dst_port [default=4500];
+};
+
+
/*
* Local Variables:
* eval: (c-set-style "gnu")