X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec.api;h=91d21d4dce991e7adc2caf835defb693da254cb4;hb=eba31ecebed1a7d168da17194cab7a8955761f2b;hp=92c39acefd660749c40b1ab95567eeece460c56d;hpb=17dcec0b940374127f6e1e004fb3ec261a0a3709;p=vpp.git diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api index 92c39acefd6..91d21d4dce9 100644 --- a/src/vnet/ipsec/ipsec.api +++ b/src/vnet/ipsec/ipsec.api @@ -96,7 +96,6 @@ typedef ipsec_spd_entry u8 protocol; // Selector - u8 is_ip_any; vl_api_address_t remote_address_start; vl_api_address_t remote_address_stop; vl_api_address_t local_address_start; @@ -115,7 +114,7 @@ typedef ipsec_spd_entry @param is_add - add SPD if non-zero, else delete @param entry - Description of the entry to add/dell */ -autoreply define ipsec_spd_entry_add_del +define ipsec_spd_entry_add_del { u32 client_index; u32 context; @@ -123,6 +122,19 @@ autoreply define ipsec_spd_entry_add_del vl_api_ipsec_spd_entry_t entry; }; +/** \brief IPsec: Reply Add/delete Security Policy Database entry + + @param context - sender context, to match reply w/ request + @param retval - success/fail rutrun code + @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy +*/ +define ipsec_spd_entry_add_del_reply +{ + u32 context; + i32 retval; + u32 stat_index; +}; + /** \brief Dump IPsec all SPD IDs @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -165,8 +177,6 @@ define ipsec_spd_dump { define ipsec_spd_details { u32 context; vl_api_ipsec_spd_entry_t entry; - u64 bytes; - u64 packets; }; /* @@ -222,6 +232,10 @@ enum ipsec_sad_flags IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08, /* enable UDP encapsulation for NAT traversal */ IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10, + + /* come-on Ole please fix this */ + IPSEC_API_SAD_COMBO_12 = 12, + IPSEC_API_SAD_COMBO_20 = 20, }; enum ipsec_proto @@ -251,6 +265,7 @@ typedef key @param integrity_key - integrity keying material @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero + @param tx_table_id - the FIB id used for encapsulated packets */ typedef ipsec_sad_entry { @@ -270,6 +285,7 @@ typedef ipsec_sad_entry vl_api_address_t tunnel_src; vl_api_address_t tunnel_dst; + u32 tx_table_id; }; /** \brief IPsec: Add/delete Security Association Database entry @@ -277,13 +293,19 @@ typedef ipsec_sad_entry @param context - sender context, to match reply w/ request @param entry - Entry to add or delete */ -autoreply define ipsec_sad_entry_add_del +define ipsec_sad_entry_add_del { u32 client_index; u32 context; u8 is_add; vl_api_ipsec_sad_entry_t entry; }; +define ipsec_sad_entry_add_del_reply +{ + u32 context; + i32 retval; + u32 stat_index; +}; /** \brief IPsec: Update Security Association keys @param client_index - opaque cookie to identify the sender @@ -677,41 +699,18 @@ define ipsec_sa_dump { @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay @param total_data_size - total bytes sent or received @param udp_encap - 1 if UDP encap enabled, 0 otherwise - @param tx_table_id - the FIB id used for encapsulated packets */ define ipsec_sa_details { u32 context; - u32 sa_id; - u32 sw_if_index; - - u32 spi; - u8 protocol; - - u8 crypto_alg; - u8 crypto_key_len; - u8 crypto_key[128]; - - u8 integ_alg; - u8 integ_key_len; - u8 integ_key[128]; - - u8 use_esn; - u8 use_anti_replay; - - u8 is_tunnel; - u8 is_tunnel_ip6; - u8 tunnel_src_addr[16]; - u8 tunnel_dst_addr[16]; + vl_api_ipsec_sad_entry_t entry; + u32 sw_if_index; u32 salt; u64 seq_outbound; u64 last_seq_inbound; u64 replay_window; u64 total_data_size; - u8 udp_encap; - - u32 tx_table_id; }; /** \brief Set key on IPsec interface