X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_types.api;h=9fa7e058cbfd31d6f879c01491b2d15987c45cf6;hb=f16e9a550;hp=cba22c8c38b64dd13c07130cb39f17252f03d07b;hpb=5893747d72acd0a507f74fe61c13cae54de23630;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api
index cba22c8c38b..9fa7e058cbf 100644
--- a/src/vnet/ipsec/ipsec_types.api
+++ b/src/vnet/ipsec/ipsec_types.api
@@ -14,9 +14,10 @@
  * limitations under the License.
  */
 
-option version = "3.0.0";
+option version = "3.0.1";
 
 import "vnet/ip/ip_types.api";
+import "vnet/tunnel/tunnel_types.api";
 
 /*
  * @brief Support cryptographic algorithms
@@ -73,12 +74,14 @@ enum ipsec_sad_flags
   IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10,
   /* IPsec SA is for inbound traffic */
   IPSEC_API_SAD_FLAG_IS_INBOUND = 0x40,
+  /* IPsec SA uses an Async driver */
+  IPSEC_API_SAD_FLAG_ASYNC = 0x80 [backwards_compatible],
 };
 
 enum ipsec_proto
 {
-  IPSEC_API_PROTO_ESP,
-  IPSEC_API_PROTO_AH,
+  IPSEC_API_PROTO_ESP = 50,
+  IPSEC_API_PROTO_AH = 51,
 };
 
 typedef key
@@ -104,6 +107,12 @@ typedef key
     @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
     @param tx_table_id - the FIB id used for encapsulated packets
     @param salt - for use with counter mode ciphers
+    @param udp_src_port - If using UDP Encapsulation, use this source port for
+                          TX. It is ignored for RX.
+    @param udp_dst_port - If using UDP Encapsulation, use this destination port
+                          for TX. Expect traffic on this port for RX.
+    @param tunnel_flags - Flags controlling the copying of encap/decap value
+    @param dscp - Fixed DSCP vaule for tunnel encap
  */
 typedef ipsec_sad_entry
 {
@@ -125,8 +134,59 @@ typedef ipsec_sad_entry
   vl_api_address_t tunnel_dst;
   u32 tx_table_id;
   u32 salt;
+  u16 udp_src_port [default=4500];
+  u16 udp_dst_port [default=4500];
 };
 
+typedef ipsec_sad_entry_v2
+{
+  u32 sad_id;
+
+  u32 spi;
+
+  vl_api_ipsec_proto_t protocol;
+
+  vl_api_ipsec_crypto_alg_t crypto_algorithm;
+  vl_api_key_t crypto_key;
+
+  vl_api_ipsec_integ_alg_t integrity_algorithm;
+  vl_api_key_t integrity_key;
+
+  vl_api_ipsec_sad_flags_t flags;
+
+  vl_api_address_t tunnel_src;
+  vl_api_address_t tunnel_dst;
+  vl_api_tunnel_encap_decap_flags_t tunnel_flags;
+  vl_api_ip_dscp_t dscp;
+  u32 tx_table_id;
+  u32 salt;
+  u16 udp_src_port [default=4500];
+  u16 udp_dst_port [default=4500];
+};
+
+typedef ipsec_sad_entry_v3
+{
+  u32 sad_id;
+  u32 spi;
+
+  vl_api_ipsec_proto_t protocol;
+
+  vl_api_ipsec_crypto_alg_t crypto_algorithm;
+  vl_api_key_t crypto_key;
+
+  vl_api_ipsec_integ_alg_t integrity_algorithm;
+  vl_api_key_t integrity_key;
+
+  vl_api_ipsec_sad_flags_t flags;
+
+  vl_api_tunnel_t tunnel;
+
+  u32 salt;
+  u16 udp_src_port [default=4500];
+  u16 udp_dst_port [default=4500];
+};
+
+
 /*
  * Local Variables:
  * eval: (c-set-style "gnu")