X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fikev2%2Fikev2_types.api;h=d39cf88c8d4f201a6801faf779593342c0a0e90d;hb=d7fc12f07;hp=1dc4fdc8b88f03222e455216c3412b7a85c36af5;hpb=6a9bd81886772b5ffeb367736fb83bf95f37435f;p=vpp.git diff --git a/src/plugins/ikev2/ikev2_types.api b/src/plugins/ikev2/ikev2_types.api index 1dc4fdc8b88..d39cf88c8d4 100644 --- a/src/plugins/ikev2/ikev2_types.api +++ b/src/plugins/ikev2/ikev2_types.api @@ -1,6 +1,6 @@ /* Hey Emacs use -*- mode: C -*- */ /* - * Copyright (c) 2015-2016 Cisco and/or its affiliates. + * Copyright (c) 2015-2020 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: @@ -16,7 +16,7 @@ import "vnet/ip/ip_types.api"; - +import "vnet/interface_types.api"; typedef ikev2_id { @@ -27,13 +27,15 @@ typedef ikev2_id typedef ikev2_ts { - u8 ts_type; + u32 sa_index; + u32 child_sa_index; + + bool is_local; u8 protocol_id; - u16 selector_len; u16 start_port; u16 end_port; - vl_api_ip4_address_t start_addr; - vl_api_ip4_address_t end_addr; + vl_api_address_t start_addr; + vl_api_address_t end_addr; }; typedef ikev2_auth @@ -46,16 +48,23 @@ typedef ikev2_auth typedef ikev2_responder { - u32 sw_if_index; - vl_api_ip4_address_t ip4; + vl_api_interface_index_t sw_if_index; + vl_api_address_t addr; }; -typedef ikev2_transforms_set +typedef ikev2_ike_transforms { u8 crypto_alg; + u32 crypto_key_size; u8 integ_alg; - u8 dh_type; + u8 dh_group; +}; + +typedef ikev2_esp_transforms +{ + u8 crypto_alg; u32 crypto_key_size; + u8 integ_alg; }; typedef ikev2_profile @@ -66,14 +75,77 @@ typedef ikev2_profile vl_api_ikev2_ts_t loc_ts; vl_api_ikev2_ts_t rem_ts; vl_api_ikev2_responder_t responder; - vl_api_ikev2_transforms_set_t ike_ts; - vl_api_ikev2_transforms_set_t esp_ts; + vl_api_ikev2_ike_transforms_t ike_ts; + vl_api_ikev2_esp_transforms_t esp_ts; u64 lifetime; u64 lifetime_maxdata; u32 lifetime_jitter; u32 handover; u16 ipsec_over_udp_port; u32 tun_itf; - u8 udp_encap; + bool udp_encap; + bool natt_disabled; vl_api_ikev2_auth_t auth; }; + +typedef ikev2_sa_transform +{ + u8 transform_type; + u16 transform_id; + u16 key_len; + u16 key_trunc; + u16 block_size; + u8 dh_group; +}; + +typedef ikev2_keys +{ + u8 sk_d[64]; + u8 sk_d_len; + u8 sk_ai[64]; + u8 sk_ai_len; + u8 sk_ar[64]; + u8 sk_ar_len; + u8 sk_ei[64]; + u8 sk_ei_len; + u8 sk_er[64]; + u8 sk_er_len; + u8 sk_pi[64]; + u8 sk_pi_len; + u8 sk_pr[64]; + u8 sk_pr_len; +}; + +typedef ikev2_child_sa +{ + u32 sa_index; + u32 child_sa_index; + u32 i_spi; + u32 r_spi; + vl_api_ikev2_keys_t keys; + vl_api_ikev2_sa_transform_t encryption; + vl_api_ikev2_sa_transform_t integrity; + vl_api_ikev2_sa_transform_t esn; +}; + +typedef ikev2_sa +{ + u32 sa_index; + u32 profile_index; + + u64 ispi; + u64 rspi; + vl_api_address_t iaddr; + vl_api_address_t raddr; + + vl_api_ikev2_keys_t keys; + + /* ID */ + vl_api_ikev2_id_t i_id; + vl_api_ikev2_id_t r_id; + + vl_api_ikev2_sa_transform_t encryption; + vl_api_ikev2_sa_transform_t integrity; + vl_api_ikev2_sa_transform_t prf; + vl_api_ikev2_sa_transform_t dh; +};