X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec.api;h=2b015f9c223aeebeef15b23e27befb873dd9f28f;hb=4c422f9a3c9d5a4ecae3f4ef6bee16bb8ce35bb2;hp=d6a28017fff1099b587e2cfdca3be57f3cac4fca;hpb=a9a0b2ce2daabc5479aa7722e3ec7023f8c6c0d5;p=vpp.git diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api index d6a28017fff..2b015f9c223 100644 --- a/src/vnet/ipsec/ipsec.api +++ b/src/vnet/ipsec/ipsec.api @@ -13,7 +13,7 @@ * limitations under the License. */ -option version = "2.0.0"; +option version = "2.1.0"; /** \brief IPsec: Add/delete Security Policy Database @param client_index - opaque cookie to identify the sender @@ -455,7 +455,7 @@ define ipsec_spds_dump { @param spd_id - SPD instance id (control plane allocated) @param npolicies - number of policies in SPD */ - define ipsec_spds_details { +define ipsec_spds_details { u32 context; u32 spd_id; u32 npolicies; @@ -515,6 +515,31 @@ define ipsec_spd_details { u64 packets; }; +/** \brief IPsec: Get SPD interfaces + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param spd_index - SPD index + @param spd_index_valid - if 1 spd_index is used to filter + spd_index's, if 0 no filtering is done +*/ +define ipsec_spd_interface_dump { + u32 client_index; + u32 context; + u32 spd_index; + u8 spd_index_valid; +}; + +/** \brief IPsec: SPD interface response + @param context - sender context which was passed in the request + @param spd_index - SPD index + @param sw_if_index - index of the interface +*/ +define ipsec_spd_interface_details { + u32 context; + u32 spd_index; + u32 sw_if_index; +}; + /** \brief Add or delete IPsec tunnel interface @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -537,6 +562,8 @@ define ipsec_spd_details { @param remote_integ_key - integrity key for inbound IPsec SA @param renumber - intf display name uses a specified instance if != 0 @param show_instance - instance to display for intf if renumber is set + @param udp_encap - enable UDP encapsulation for NAT traversal + @param tx_table_id - the FIB id used after packet encap */ define ipsec_tunnel_if_add_del { u32 client_index; @@ -560,6 +587,8 @@ define ipsec_tunnel_if_add_del { u8 remote_integ_key[128]; u8 renumber; u32 show_instance; + u8 udp_encap; + u32 tx_table_id; }; /** \brief Add/delete IPsec tunnel interface response @@ -610,6 +639,7 @@ define ipsec_sa_dump { @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay @param total_data_size - total bytes sent or received @param udp_encap - 1 if UDP encap enabled, 0 otherwise + @param tx_table_id - the FIB id used for encapsulated packets */ define ipsec_sa_details { u32 context; @@ -642,6 +672,8 @@ define ipsec_sa_details { u64 total_data_size; u8 udp_encap; + + u32 tx_table_id; }; /** \brief Set key on IPsec interface @@ -678,6 +710,42 @@ autoreply define ipsec_tunnel_if_set_sa { u8 is_outbound; }; +/** \brief Dump IPsec backends + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define ipsec_backend_dump { + u32 client_index; + u32 context; +}; + +/** \brief IPsec backend details + @param name - name of the backend + @param protocol - IPsec protocol (value from ipsec_protocol_t) + @param index - backend index + @param active - set to 1 if the backend is active, otherwise 0 +*/ +define ipsec_backend_details { + u32 context; + u8 name[128]; + u8 protocol; + u8 index; + u8 active; +}; + +/** \brief Select IPsec backend + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param protocol - IPsec protocol (value from ipsec_protocol_t) + @param index - backend index +*/ +autoreply define ipsec_select_backend { + u32 client_index; + u32 context; + u8 protocol; + u8 index; +}; + /* * Local Variables: * eval: (c-set-style "gnu")