ikev2: add support for custom ipsec-over-udp port

[vpp.git] / src / plugins / ikev2 / ikev2.api

diff --git a/src/plugins/ikev2/ikev2.api b/src/plugins/ikev2/ikev2.api
index 6c47482..274d496 100644 (file)
--- a/src/plugins/ikev2/ikev2.api
+++ b/src/plugins/ikev2/ikev2.api
@@ -14,7 +14,10 @@
  * limitations under the License.
  */
 
-option version = "1.0.0";
+option version = "1.0.1";
+
+import "vnet/ip/ip_types.api";
+import "vnet/interface_types.api";
 
 /** \brief Get the plugin version
     @param client_index - opaque cookie to identify the sender
@@ -50,8 +53,9 @@ autoreply define ikev2_profile_add_del
   u32 client_index;
   u32 context;
 
-  u8 name[64];
-  u8 is_add;
+  string name[64];
+  bool is_add;
+  option vat_help = "name <profile_name> [del]";
 };
 
 /** \brief IKEv2: Set IKEv2 profile authentication method
@@ -69,11 +73,12 @@ autoreply define ikev2_profile_set_auth
   u32 client_index;
   u32 context;
 
-  u8 name[64];
+  string name[64];
   u8 auth_method;
-  u8 is_hex;
+  bool is_hex;
   u32 data_len;
   u8 data[data_len];
+  option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
 };
 
 /** \brief IKEv2: Set IKEv2 profile local/remote identification
@@ -91,11 +96,12 @@ autoreply define ikev2_profile_set_id
   u32 client_index;
   u32 context;
 
-  u8 name[64];
-  u8 is_local;
+  string name[64];
+  bool is_local;
   u8 id_type;
   u32 data_len;
   u8 data[data_len];
+  option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
 };
 
 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
@@ -115,13 +121,14 @@ autoreply define ikev2_profile_set_ts
   u32 client_index;
   u32 context;
 
-  u8 name[64];
-  u8 is_local;
+  string name[64];
+  bool is_local;
   u8 proto;
   u16 start_port;
   u16 end_port;
   u32 start_addr;
   u32 end_addr;
+  option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
 };
 
 /** \brief IKEv2: Set IKEv2 local RSA private key
@@ -136,6 +143,23 @@ autoreply define ikev2_set_local_key
   u32 context;
 
   u8 key_file[256];
+  option vat_help = "file <absolute_file_path>";
+};
+
+/** \brief IKEv2: Set the tunnel interface which will be protected by IKE
+    If this API is not called, a new tunnel will be created
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param name - IKEv2 profile name
+    @param sw_if_index - Of an existing tunnel
+*/
+autoreply define ikev2_set_tunnel_interface
+{
+  u32 client_index;
+  u32 context;
+  string name[64];
+
+  vl_api_interface_index_t sw_if_index;
 };
 
 /** \brief IKEv2: Set IKEv2 responder interface and IP address
@@ -151,9 +175,10 @@ autoreply define ikev2_set_responder
   u32 client_index;
   u32 context;
 
-  u8 name[64];
-  u32 sw_if_index;
-  u8 address[4];
+  string name[64];
+  vl_api_interface_index_t sw_if_index;
+  vl_api_ip4_address_t address;
+  option vat_help = "<profile_name> interface <interface> address <addr>";
 };
 
 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
@@ -172,11 +197,12 @@ autoreply define ikev2_set_ike_transforms
   u32 client_index;
   u32 context;
 
-  u8 name[64];
+  string name[64];
   u32 crypto_alg;
   u32 crypto_key_size;
   u32 integ_alg;
   u32 dh_group;
+  option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
 };
 
 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
@@ -195,11 +221,12 @@ autoreply define ikev2_set_esp_transforms
   u32 client_index;
   u32 context;
 
-  u8 name[64];
+  string name[64];
   u32 crypto_alg;
   u32 crypto_key_size;
   u32 integ_alg;
   u32 dh_group;
+  option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
 };
 
 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
@@ -218,11 +245,12 @@ autoreply define ikev2_set_sa_lifetime
   u32 client_index;
   u32 context;
 
-  u8 name[64];
+  string name[64];
   u64 lifetime;
   u32 lifetime_jitter;
   u32 handover;
   u64 lifetime_maxdata;
+  option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
 };
 
 /** \brief IKEv2: Initiate the SA_INIT exchange
@@ -237,7 +265,8 @@ autoreply define ikev2_initiate_sa_init
   u32 client_index;
   u32 context;
 
-  u8 name[64];
+  string name[64];
+  option vat_help = "<profile_name>";
 };
 
 /** \brief IKEv2: Initiate the delete IKE SA exchange
@@ -253,6 +282,7 @@ autoreply define ikev2_initiate_del_ike_sa
   u32 context;
 
   u64 ispi;
+  option vat_help = "<ispi>";
 };
 
 /** \brief IKEv2: Initiate the delete Child SA exchange
@@ -268,6 +298,7 @@ autoreply define ikev2_initiate_del_child_sa
   u32 context;
 
   u32 ispi;
+  option vat_help = "<ispi>";
 };
 
 /** \brief IKEv2: Initiate the rekey Child SA exchange
@@ -283,8 +314,38 @@ autoreply define ikev2_initiate_rekey_child_sa
   u32 context;
 
   u32 ispi;
+  option vat_help = "<ispi>";
+};
+
+/** \brief IKEv2: Set UDP encapsulation
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param name - IKEv2 profile name
+*/
+autoreply define ikev2_profile_set_udp_encap
+{
+  u32 client_index;
+  u32 context;
+
+  string name[64];
 };
 
+/** \brief IKEv2: Set/unset custom ipsec-over-udp port
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param is_set - whether set or unset custom port
+    @port - port number
+    @param name - IKEv2 profile name
+*/
+autoreply define ikev2_profile_set_ipsec_udp_port
+{
+  u32 client_index;
+  u32 context;
+
+  u8 is_set;
+  u16 port;
+  string name[64];
+};
 /*
  * Local Variables:
  * eval: (c-set-style "gnu")