1 /* Hey Emacs use -*- mode: C -*- */
3 * Copyright (c) 2015-2020 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 option version = "1.0.1";
19 import "plugins/ikev2/ikev2_types.api";
20 import "vnet/ip/ip_types.api";
21 import "vnet/interface_types.api";
23 /** \brief Get the plugin version
24 @param client_index - opaque cookie to identify the sender
25 @param context - sender context, to match reply w/ request
27 define ikev2_plugin_get_version
33 /** \brief Reply to get the plugin version
34 @param context - returned sender context, to match reply w/ request
35 @param major - Incremented every time a known breaking behavior change is introduced
36 @param minor - Incremented with small changes, may be used to avoid buggy versions
38 define ikev2_plugin_get_version_reply
45 /** \brief Dump all profiles
46 @param client_index - opaque cookie to identify the sender
47 @param context - sender context, to match reply w/ request
49 define ikev2_profile_dump
53 option status="in_progress";
56 /** \brief Details about all profiles
57 @param context - returned sender context, to match reply w/ request
58 @param profile - profile element with encapsulated attributes
60 define ikev2_profile_details
63 vl_api_ikev2_profile_t profile;
64 option status="in_progress";
67 /** \brief Dump all SAs
68 @param client_index - opaque cookie to identify the sender
69 @param context - sender context, to match reply w/ request
77 /** \brief Dump all SAs
78 @param client_index - opaque cookie to identify the sender
79 @param context - sender context, to match reply w/ request
81 define ikev2_sa_v2_dump
87 /** \brief Dump all SAs
88 @param client_index - opaque cookie to identify the sender
89 @param context - sender context, to match reply w/ request
91 define ikev2_sa_v3_dump
95 option status = "in_progress";
98 /** \brief Details about IKE SA
99 @param context - sender context, to match reply w/ request
100 @param retval - return code
103 define ikev2_sa_details
108 vl_api_ikev2_sa_t sa;
111 /** \brief Details about IKE SA
112 @param context - sender context, to match reply w/ request
113 @param retval - return code
116 define ikev2_sa_v2_details
121 vl_api_ikev2_sa_v2_t sa;
124 /** \brief Details about IKE SA
125 @param context - sender context, to match reply w/ request
126 @param retval - return code
129 define ikev2_sa_v3_details
134 vl_api_ikev2_sa_v3_t sa;
135 option status = "in_progress";
138 /** \brief Dump child SA of specific SA
139 @param client_index - opaque cookie to identify the sender
140 @param context - sender context, to match reply w/ request
141 @param sa_index - index of specific sa
143 define ikev2_child_sa_dump
149 option vat_help = "sa_index <index>";
152 /** \brief Child SA details
153 @param context - sender context, to match reply w/ request
154 @param retval - return code
155 @param child_sa - child SA data
157 define ikev2_child_sa_details
162 vl_api_ikev2_child_sa_t child_sa;
165 /** \brief Dump child SA of specific SA
166 @param client_index - opaque cookie to identify the sender
167 @param context - sender context, to match reply w/ request
168 @param sa_index - index of specific sa
170 define ikev2_child_sa_v2_dump
176 option vat_help = "sa_index <index>";
177 option status = "in_progress";
180 /** \brief Child SA details
181 @param context - sender context, to match reply w/ request
182 @param retval - return code
183 @param child_sa - child SA data
185 define ikev2_child_sa_v2_details
190 vl_api_ikev2_child_sa_v2_t child_sa;
191 option status = "in_progress";
194 /** \brief get specific nonce
195 @param client_index - opaque cookie to identify the sender
196 @param context - sender context, to match reply w/ request
197 @param is_initiator - specify type initiator|responder of nonce
198 @param sa_index - index of specific sa
200 define ikev2_nonce_get
207 option vat_help = "initiator|responder sa_index <index>";
208 option status = "in_progress";
211 /** \brief reply on specific nonce
212 @param context - sender context, to match reply w/ request
213 @param retval - return code
214 @param data_len - nonce length
215 @param nonce - nonce data
218 define ikev2_nonce_get_reply
225 option status = "in_progress";
228 /** \brief dump traffic selectors
229 @param client_index - opaque cookie to identify the sender
230 @param context - sender context, to match reply w/ request
231 @param is_initiator - specify type initiator|responder of nonce
232 @param sa_index - index of specific sa
233 @param child_sa_index - index of specific sa child of specific sa
236 define ikev2_traffic_selector_dump
244 option vat_help = "initiator|responder sa_index <index> child_sa_index <index>";
245 option status = "in_progress";
248 /** \brief details on specific traffic selector
249 @param context - sender context, to match reply w/ request
250 @param retval - return code
251 @param ts - traffic selector data
254 define ikev2_traffic_selector_details
259 vl_api_ikev2_ts_t ts;
260 option status = "in_progress";
263 /** \brief IKEv2: Add/delete profile
264 @param client_index - opaque cookie to identify the sender
265 @param context - sender context, to match reply w/ request
266 @param name - IKEv2 profile name
267 @param is_add - Add IKEv2 profile if non-zero, else delete
269 autoreply define ikev2_profile_add_del
276 option vat_help = "name <profile_name> [del]";
277 option status="in_progress";
280 /** \brief IKEv2: Set IKEv2 profile authentication method
281 @param client_index - opaque cookie to identify the sender
282 @param context - sender context, to match reply w/ request
283 @param name - IKEv2 profile name
284 @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
285 @param is_hex - Authentication data in hex format if non-zero, else string
286 @param data_len - Authentication data length
287 @param data - Authentication data (for rsa-sig cert file path)
289 autoreply define ikev2_profile_set_auth
299 option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
300 option status="in_progress";
303 /** \brief IKEv2: Set IKEv2 profile local/remote identification
304 @param client_index - opaque cookie to identify the sender
305 @param context - sender context, to match reply w/ request
306 @param name - IKEv2 profile name
307 @param is_local - Identification is local if non-zero, else remote
308 @param id_type - Identification type
309 @param data_len - Identification data length
310 @param data - Identification data
312 autoreply define ikev2_profile_set_id
322 option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
323 option status="in_progress";
326 /** \brief IKEv2: Disable NAT traversal
327 @param client_index - opaque cookie to identify the sender
328 @param context - sender context, to match reply w/ request
329 @param name - IKEv2 profile name
331 autoreply define ikev2_profile_disable_natt
337 option status="in_progress";
340 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
341 @param client_index - opaque cookie to identify the sender
342 @param context - sender context, to match reply w/ request
343 @param name - IKEv2 profile name
344 @param ts - traffic selector data
346 autoreply define ikev2_profile_set_ts
352 vl_api_ikev2_ts_t ts;
353 option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip> end_addr <ip> (local|remote)";
354 option status="in_progress";
357 /** \brief IKEv2: Set IKEv2 local RSA private key
358 @param client_index - opaque cookie to identify the sender
359 @param context - sender context, to match reply w/ request
360 @param key_file - Key file absolute path
362 autoreply define ikev2_set_local_key
367 string key_file[256];
368 option vat_help = "file <absolute_file_path>";
369 option status="in_progress";
372 /** \brief IKEv2: Set the tunnel interface which will be protected by IKE
373 If this API is not called, a new tunnel will be created
374 @param client_index - opaque cookie to identify the sender
375 @param context - sender context, to match reply w/ request
376 @param name - IKEv2 profile name
377 @param sw_if_index - Of an existing tunnel
379 autoreply define ikev2_set_tunnel_interface
385 vl_api_interface_index_t sw_if_index;
386 option status="in_progress";
389 /** \brief IKEv2: Set IKEv2 responder interface and IP address
390 @param client_index - opaque cookie to identify the sender
391 @param context - sender context, to match reply w/ request
392 @param name - IKEv2 profile name
393 @param responder - responder data
395 autoreply define ikev2_set_responder
401 vl_api_ikev2_responder_t responder;
402 option vat_help = "<profile_name> interface <interface> address <addr>";
403 option status="in_progress";
406 autoreply define ikev2_set_responder_hostname
413 vl_api_interface_index_t sw_if_index;
414 option status="in_progress";
417 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
418 @param client_index - opaque cookie to identify the sender
419 @param context - sender context, to match reply w/ request
420 @param name - IKEv2 profile name
421 @param tr - IKE transforms
423 autoreply define ikev2_set_ike_transforms
429 vl_api_ikev2_ike_transforms_t tr;
430 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
431 option status="in_progress";
434 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
435 @param client_index - opaque cookie to identify the sender
436 @param context - sender context, to match reply w/ request
437 @param name - IKEv2 profile name
438 @param tr - ESP transforms
440 autoreply define ikev2_set_esp_transforms
446 vl_api_ikev2_esp_transforms_t tr;
447 option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg>";
448 option status="in_progress";
451 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
452 @param client_index - opaque cookie to identify the sender
453 @param context - sender context, to match reply w/ request
454 @param name - IKEv2 profile name
455 @param lifetime - SA maximum life time in seconds (0 to disable)
456 @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
457 @param handover - Hand over time
458 @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
460 autoreply define ikev2_set_sa_lifetime
469 u64 lifetime_maxdata;
470 option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
471 option status="in_progress";
474 /** \brief IKEv2: Initiate the SA_INIT exchange
475 @param client_index - opaque cookie to identify the sender
476 @param context - sender context, to match reply w/ request
477 @param name - IKEv2 profile name
479 autoreply define ikev2_initiate_sa_init
485 option vat_help = "<profile_name>";
486 option status="in_progress";
489 /** \brief IKEv2: Initiate the delete IKE SA exchange
490 @param client_index - opaque cookie to identify the sender
491 @param context - sender context, to match reply w/ request
492 @param ispi - IKE SA initiator SPI
494 autoreply define ikev2_initiate_del_ike_sa
500 option vat_help = "<ispi>";
501 option status="in_progress";
504 /** \brief IKEv2: Initiate the delete Child SA exchange
505 @param client_index - opaque cookie to identify the sender
506 @param context - sender context, to match reply w/ request
507 @param ispi - Child SA initiator SPI
509 autoreply define ikev2_initiate_del_child_sa
515 option vat_help = "<ispi>";
516 option status="in_progress";
519 /** \brief IKEv2: Initiate the rekey Child SA exchange
520 @param client_index - opaque cookie to identify the sender
521 @param context - sender context, to match reply w/ request
522 @param ispi - Child SA initiator SPI
524 autoreply define ikev2_initiate_rekey_child_sa
530 option vat_help = "<ispi>";
531 option status="in_progress";
534 /** \brief IKEv2: Set UDP encapsulation
535 @param client_index - opaque cookie to identify the sender
536 @param context - sender context, to match reply w/ request
537 @param name - IKEv2 profile name
539 autoreply define ikev2_profile_set_udp_encap
545 option status="in_progress";
548 /** \brief IKEv2: Set/unset custom ipsec-over-udp port
549 @param client_index - opaque cookie to identify the sender
550 @param context - sender context, to match reply w/ request
551 @param is_set - whether set or unset custom port
552 @param port - port number
553 @param name - IKEv2 profile name
555 autoreply define ikev2_profile_set_ipsec_udp_port
563 option status="in_progress";
566 /** \brief IKEv2: Set liveness parameters
567 @param client_index - opaque cookie to identify the sender
568 @param context - sender context, to match reply w/ request
569 @param period - how often is liveness check performed
570 @param max_retries - max retries for liveness check
572 autoreply define ikev2_profile_set_liveness
579 option status="in_progress";
587 description "packets processed";
589 ike_sa_init_retransmit {
593 description "IKE SA INIT retransmit";
599 description "IKE_SA_INIT ignore (IKE SA already auth)";
605 description "IKE request retransmit";
611 description "IKE request ignore (old msgid)";
617 description "Non IKEv2 packets received";
623 description "Bad packet length";
629 description "Malformed packet";
635 description "No buffer space";
641 description "IKE keepalive messages received";
647 description "IKE rekey requests received";
653 description "IKE EXCHANGE SA requests received";
659 description "IKE AUTH SA requests received";
663 "/err/ikev2-ip4" "ike";
664 "/err/ikev2-ip6" "ike";
665 "/err/ikev2-ip4-natt" "ike";
670 * eval: (c-set-style "gnu")