1 /* Hey Emacs use -*- mode: C -*- */
3 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 option version = "1.0.1";
19 import "plugins/ikev2/ikev2_types.api";
20 import "vnet/ip/ip_types.api";
21 import "vnet/interface_types.api";
23 /** \brief Get the plugin version
24 @param client_index - opaque cookie to identify the sender
25 @param context - sender context, to match reply w/ request
27 define ikev2_plugin_get_version
33 /** \brief Reply to get the plugin version
34 @param context - returned sender context, to match reply w/ request
35 @param major - Incremented every time a known breaking behavior change is introduced
36 @param minor - Incremented with small changes, may be used to avoid buggy versions
38 define ikev2_plugin_get_version_reply
45 /** \brief Dump all profiles
46 @param client_index - opaque cookie to identify the sender
47 @param context - sender context, to match reply w/ request
49 define ikev2_profile_dump
53 option status="in_progress";
56 /** \brief Details about all profiles
57 @param context - returned sender context, to match reply w/ request
58 @param profile - profile element with encapsulated attributes
60 define ikev2_profile_details
63 vl_api_ikev2_profile_t profile;
64 option status="in_progress";
68 /** \brief IKEv2: Add/delete profile
69 @param client_index - opaque cookie to identify the sender
70 @param context - sender context, to match reply w/ request
72 @param name - IKEv2 profile name
73 @param is_add - Add IKEv2 profile if non-zero, else delete
75 autoreply define ikev2_profile_add_del
82 option vat_help = "name <profile_name> [del]";
85 /** \brief IKEv2: Set IKEv2 profile authentication method
86 @param client_index - opaque cookie to identify the sender
87 @param context - sender context, to match reply w/ request
89 @param name - IKEv2 profile name
90 @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
91 @param is_hex - Authentication data in hex format if non-zero, else string
92 @param data_len - Authentication data length
93 @param data - Authentication data (for rsa-sig cert file path)
95 autoreply define ikev2_profile_set_auth
105 option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
108 /** \brief IKEv2: Set IKEv2 profile local/remote identification
109 @param client_index - opaque cookie to identify the sender
110 @param context - sender context, to match reply w/ request
112 @param name - IKEv2 profile name
113 @param is_local - Identification is local if non-zero, else remote
114 @param id_type - Identification type
115 @param data_len - Identification data length
116 @param data - Identification data
118 autoreply define ikev2_profile_set_id
128 option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
131 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
132 @param client_index - opaque cookie to identify the sender
133 @param context - sender context, to match reply w/ request
135 @param name - IKEv2 profile name
136 @param is_local - Traffic selector is local if non-zero, else remote
137 @param proto - Traffic selector IP protocol (if zero not relevant)
138 @param start_port - The smallest port number allowed by traffic selector
139 @param end_port - The largest port number allowed by traffic selector
140 @param start_addr - The smallest address included in traffic selector
141 @param end_addr - The largest address included in traffic selector
143 autoreply define ikev2_profile_set_ts
155 option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
158 /** \brief IKEv2: Set IKEv2 local RSA private key
159 @param client_index - opaque cookie to identify the sender
160 @param context - sender context, to match reply w/ request
162 @param key_file - Key file absolute path
164 autoreply define ikev2_set_local_key
169 string key_file[256];
170 option vat_help = "file <absolute_file_path>";
173 /** \brief IKEv2: Set the tunnel interface which will be protected by IKE
174 If this API is not called, a new tunnel will be created
175 @param client_index - opaque cookie to identify the sender
176 @param context - sender context, to match reply w/ request
177 @param name - IKEv2 profile name
178 @param sw_if_index - Of an existing tunnel
180 autoreply define ikev2_set_tunnel_interface
186 vl_api_interface_index_t sw_if_index;
189 /** \brief IKEv2: Set IKEv2 responder interface and IP address
190 @param client_index - opaque cookie to identify the sender
191 @param context - sender context, to match reply w/ request
193 @param name - IKEv2 profile name
194 @param sw_if_index - interface index
195 @param address - interface address
197 autoreply define ikev2_set_responder
203 vl_api_interface_index_t sw_if_index;
204 vl_api_ip4_address_t address;
205 option vat_help = "<profile_name> interface <interface> address <addr>";
208 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
209 @param client_index - opaque cookie to identify the sender
210 @param context - sender context, to match reply w/ request
212 @param name - IKEv2 profile name
213 @param crypto_alg - encryption algorithm
214 @param crypto_key_size - encryption key size
215 @param integ_alg - integrity algorithm
216 @param dh_group - Diffie-Hellman group
219 autoreply define ikev2_set_ike_transforms
229 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
232 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
233 @param client_index - opaque cookie to identify the sender
234 @param context - sender context, to match reply w/ request
236 @param name - IKEv2 profile name
237 @param crypto_alg - encryption algorithm
238 @param crypto_key_size - encryption key size
239 @param integ_alg - integrity algorithm
240 @param dh_group - Diffie-Hellman group
243 autoreply define ikev2_set_esp_transforms
253 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
256 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
257 @param client_index - opaque cookie to identify the sender
258 @param context - sender context, to match reply w/ request
260 @param name - IKEv2 profile name
261 @param lifetime - SA maximum life time in seconds (0 to disable)
262 @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
263 @param handover - Hand over time
264 @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
267 autoreply define ikev2_set_sa_lifetime
276 u64 lifetime_maxdata;
277 option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
280 /** \brief IKEv2: Initiate the SA_INIT exchange
281 @param client_index - opaque cookie to identify the sender
282 @param context - sender context, to match reply w/ request
284 @param name - IKEv2 profile name
287 autoreply define ikev2_initiate_sa_init
293 option vat_help = "<profile_name>";
296 /** \brief IKEv2: Initiate the delete IKE SA exchange
297 @param client_index - opaque cookie to identify the sender
298 @param context - sender context, to match reply w/ request
300 @param ispi - IKE SA initiator SPI
303 autoreply define ikev2_initiate_del_ike_sa
309 option vat_help = "<ispi>";
312 /** \brief IKEv2: Initiate the delete Child SA exchange
313 @param client_index - opaque cookie to identify the sender
314 @param context - sender context, to match reply w/ request
316 @param ispi - Child SA initiator SPI
319 autoreply define ikev2_initiate_del_child_sa
325 option vat_help = "<ispi>";
328 /** \brief IKEv2: Initiate the rekey Child SA exchange
329 @param client_index - opaque cookie to identify the sender
330 @param context - sender context, to match reply w/ request
332 @param ispi - Child SA initiator SPI
335 autoreply define ikev2_initiate_rekey_child_sa
341 option vat_help = "<ispi>";
344 /** \brief IKEv2: Set UDP encapsulation
345 @param client_index - opaque cookie to identify the sender
346 @param context - sender context, to match reply w/ request
347 @param name - IKEv2 profile name
349 autoreply define ikev2_profile_set_udp_encap
357 /** \brief IKEv2: Set/unset custom ipsec-over-udp port
358 @param client_index - opaque cookie to identify the sender
359 @param context - sender context, to match reply w/ request
360 @param is_set - whether set or unset custom port
361 @param port - port number
362 @param name - IKEv2 profile name
364 autoreply define ikev2_profile_set_ipsec_udp_port
374 /** \brief IKEv2: Set liveness parameters
375 @param client_index - opaque cookie to identify the sender
376 @param context - sender context, to match reply w/ request
377 @param period - how often is liveness check performed
378 @param max_retries - max retries for liveness check
380 autoreply define ikev2_profile_set_liveness
391 * eval: (c-set-style "gnu")