X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_types.api;h=715f3de0e120c896d92a853267c428ace52e63e7;hb=abc5660c6;hp=3015613b3c95a6ae31db6b434089896b320afa51;hpb=2fcd265d383a17e74b7d51f26e81bd27f830bf6b;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api
index 3015613b3c9..715f3de0e12 100644
--- a/src/vnet/ipsec/ipsec_types.api
+++ b/src/vnet/ipsec/ipsec_types.api
@@ -71,12 +71,14 @@ enum ipsec_sad_flags
   IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08,
   /* enable UDP encapsulation for NAT traversal */
   IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10,
+  /* IPsec SA is for inbound traffic */
+  IPSEC_API_SAD_FLAG_IS_INBOUND = 0x40,
 };
 
 enum ipsec_proto
 {
-  IPSEC_API_PROTO_ESP,
-  IPSEC_API_PROTO_AH,
+  IPSEC_API_PROTO_ESP = 50,
+  IPSEC_API_PROTO_AH = 51,
 };
 
 typedef key
@@ -102,6 +104,10 @@ typedef key
     @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
     @param tx_table_id - the FIB id used for encapsulated packets
     @param salt - for use with counter mode ciphers
+    @param udp_src_port - If using UDP Encapsulation, use this source port for
+                          TX. It is ignored for RX.
+    @param udp_dst_port - If using UDP Encapsulation, use this destination port
+                          for TX. Expect traffic on this port for RX.
  */
 typedef ipsec_sad_entry
 {
@@ -123,6 +129,8 @@ typedef ipsec_sad_entry
   vl_api_address_t tunnel_dst;
   u32 tx_table_id;
   u32 salt;
+  u16 udp_src_port [default=4500];
+  u16 udp_dst_port [default=4500];
 };
 
 /*