1 /* Hey Emacs use -*- mode: C -*- */
3 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 option version = "1.0.1";
19 import "plugins/ikev2/ikev2_types.api";
20 import "vnet/ip/ip_types.api";
21 import "vnet/interface_types.api";
23 /** \brief Get the plugin version
24 @param client_index - opaque cookie to identify the sender
25 @param context - sender context, to match reply w/ request
27 define ikev2_plugin_get_version
33 /** \brief Reply to get the plugin version
34 @param context - returned sender context, to match reply w/ request
35 @param major - Incremented every time a known breaking behavior change is introduced
36 @param minor - Incremented with small changes, may be used to avoid buggy versions
38 define ikev2_plugin_get_version_reply
45 /** \brief Dump all profiles
46 @param client_index - opaque cookie to identify the sender
47 @param context - sender context, to match reply w/ request
49 define ikev2_profile_dump
53 option status="in_progress";
56 /** \brief Details about all profiles
57 @param context - returned sender context, to match reply w/ request
58 @param profile - profile element with encapsulated attributes
60 define ikev2_profile_details
63 vl_api_ikev2_profile_t profile;
64 option status="in_progress";
68 /** \brief IKEv2: Add/delete profile
69 @param client_index - opaque cookie to identify the sender
70 @param context - sender context, to match reply w/ request
71 @param name - IKEv2 profile name
72 @param is_add - Add IKEv2 profile if non-zero, else delete
74 autoreply define ikev2_profile_add_del
81 option vat_help = "name <profile_name> [del]";
82 option status="in_progress";
85 /** \brief IKEv2: Set IKEv2 profile authentication method
86 @param client_index - opaque cookie to identify the sender
87 @param context - sender context, to match reply w/ request
88 @param name - IKEv2 profile name
89 @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
90 @param is_hex - Authentication data in hex format if non-zero, else string
91 @param data_len - Authentication data length
92 @param data - Authentication data (for rsa-sig cert file path)
94 autoreply define ikev2_profile_set_auth
104 option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
105 option status="in_progress";
108 /** \brief IKEv2: Set IKEv2 profile local/remote identification
109 @param client_index - opaque cookie to identify the sender
110 @param context - sender context, to match reply w/ request
111 @param name - IKEv2 profile name
112 @param is_local - Identification is local if non-zero, else remote
113 @param id_type - Identification type
114 @param data_len - Identification data length
115 @param data - Identification data
117 autoreply define ikev2_profile_set_id
127 option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
128 option status="in_progress";
131 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
132 @param client_index - opaque cookie to identify the sender
133 @param context - sender context, to match reply w/ request
134 @param name - IKEv2 profile name
135 @param ts - traffic selector data
137 autoreply define ikev2_profile_set_ts
143 vl_api_ikev2_ts_t ts;
144 option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
145 option status="in_progress";
148 /** \brief IKEv2: Set IKEv2 local RSA private key
149 @param client_index - opaque cookie to identify the sender
150 @param context - sender context, to match reply w/ request
151 @param key_file - Key file absolute path
153 autoreply define ikev2_set_local_key
158 string key_file[256];
159 option vat_help = "file <absolute_file_path>";
160 option status="in_progress";
163 /** \brief IKEv2: Set the tunnel interface which will be protected by IKE
164 If this API is not called, a new tunnel will be created
165 @param client_index - opaque cookie to identify the sender
166 @param context - sender context, to match reply w/ request
167 @param name - IKEv2 profile name
168 @param sw_if_index - Of an existing tunnel
170 autoreply define ikev2_set_tunnel_interface
176 vl_api_interface_index_t sw_if_index;
177 option status="in_progress";
180 /** \brief IKEv2: Set IKEv2 responder interface and IP address
181 @param client_index - opaque cookie to identify the sender
182 @param context - sender context, to match reply w/ request
183 @param name - IKEv2 profile name
184 @param responder - responder data
186 autoreply define ikev2_set_responder
192 vl_api_ikev2_responder_t responder;
193 option vat_help = "<profile_name> interface <interface> address <addr>";
194 option status="in_progress";
197 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
198 @param client_index - opaque cookie to identify the sender
199 @param context - sender context, to match reply w/ request
200 @param name - IKEv2 profile name
201 @param tr - IKE transforms
203 autoreply define ikev2_set_ike_transforms
209 vl_api_ikev2_ike_transforms_t tr;
210 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
211 option status="in_progress";
214 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
215 @param client_index - opaque cookie to identify the sender
216 @param context - sender context, to match reply w/ request
217 @param name - IKEv2 profile name
218 @param tr - ESP transforms
220 autoreply define ikev2_set_esp_transforms
226 vl_api_ikev2_esp_transforms_t tr;
227 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg>";
228 option status="in_progress";
231 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
232 @param client_index - opaque cookie to identify the sender
233 @param context - sender context, to match reply w/ request
234 @param name - IKEv2 profile name
235 @param lifetime - SA maximum life time in seconds (0 to disable)
236 @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
237 @param handover - Hand over time
238 @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
240 autoreply define ikev2_set_sa_lifetime
249 u64 lifetime_maxdata;
250 option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
251 option status="in_progress";
254 /** \brief IKEv2: Initiate the SA_INIT exchange
255 @param client_index - opaque cookie to identify the sender
256 @param context - sender context, to match reply w/ request
257 @param name - IKEv2 profile name
259 autoreply define ikev2_initiate_sa_init
265 option vat_help = "<profile_name>";
266 option status="in_progress";
269 /** \brief IKEv2: Initiate the delete IKE SA exchange
270 @param client_index - opaque cookie to identify the sender
271 @param context - sender context, to match reply w/ request
272 @param ispi - IKE SA initiator SPI
274 autoreply define ikev2_initiate_del_ike_sa
280 option vat_help = "<ispi>";
281 option status="in_progress";
284 /** \brief IKEv2: Initiate the delete Child SA exchange
285 @param client_index - opaque cookie to identify the sender
286 @param context - sender context, to match reply w/ request
287 @param ispi - Child SA initiator SPI
289 autoreply define ikev2_initiate_del_child_sa
295 option vat_help = "<ispi>";
296 option status="in_progress";
299 /** \brief IKEv2: Initiate the rekey Child SA exchange
300 @param client_index - opaque cookie to identify the sender
301 @param context - sender context, to match reply w/ request
302 @param ispi - Child SA initiator SPI
304 autoreply define ikev2_initiate_rekey_child_sa
310 option vat_help = "<ispi>";
311 option status="in_progress";
314 /** \brief IKEv2: Set UDP encapsulation
315 @param client_index - opaque cookie to identify the sender
316 @param context - sender context, to match reply w/ request
317 @param name - IKEv2 profile name
319 autoreply define ikev2_profile_set_udp_encap
325 option status="in_progress";
328 /** \brief IKEv2: Set/unset custom ipsec-over-udp port
329 @param client_index - opaque cookie to identify the sender
330 @param context - sender context, to match reply w/ request
331 @param is_set - whether set or unset custom port
332 @param port - port number
333 @param name - IKEv2 profile name
335 autoreply define ikev2_profile_set_ipsec_udp_port
343 option status="in_progress";
346 /** \brief IKEv2: Set liveness parameters
347 @param client_index - opaque cookie to identify the sender
348 @param context - sender context, to match reply w/ request
349 @param period - how often is liveness check performed
350 @param max_retries - max retries for liveness check
352 autoreply define ikev2_profile_set_liveness
359 option status="in_progress";
364 * eval: (c-set-style "gnu")