option version = "1.0.1";
+import "plugins/ikev2/ikev2_types.api";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
u32 minor;
};
-/** \brief IKEv2: Add/delete profile
+/** \brief Dump all profiles
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
+*/
+define ikev2_profile_dump
+{
+ u32 client_index;
+ u32 context;
+ option status="in_progress";
+};
+
+/** \brief Details about all profiles
+ @param context - returned sender context, to match reply w/ request
+ @param profile - profile element with encapsulated attributes
+*/
+define ikev2_profile_details
+{
+ u32 context;
+ vl_api_ikev2_profile_t profile;
+ option status="in_progress";
+};
+
+/** \brief IKEv2: Add/delete profile
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
@param name - IKEv2 profile name
@param is_add - Add IKEv2 profile if non-zero, else delete
*/
string name[64];
bool is_add;
option vat_help = "name <profile_name> [del]";
+ option status="in_progress";
};
/** \brief IKEv2: Set IKEv2 profile authentication method
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param name - IKEv2 profile name
@param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
@param is_hex - Authentication data in hex format if non-zero, else string
u32 data_len;
u8 data[data_len];
option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
+ option status="in_progress";
};
/** \brief IKEv2: Set IKEv2 profile local/remote identification
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param name - IKEv2 profile name
@param is_local - Identification is local if non-zero, else remote
@param id_type - Identification type
u32 data_len;
u8 data[data_len];
option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
+ option status="in_progress";
};
/** \brief IKEv2: Set IKEv2 profile traffic selector parameters
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param name - IKEv2 profile name
- @param is_local - Traffic selector is local if non-zero, else remote
- @param proto - Traffic selector IP protocol (if zero not relevant)
- @param start_port - The smallest port number allowed by traffic selector
- @param end_port - The largest port number allowed by traffic selector
- @param start_addr - The smallest address included in traffic selector
- @param end_addr - The largest address included in traffic selector
+ @param ts - traffic selector data
*/
autoreply define ikev2_profile_set_ts
{
u32 context;
string name[64];
- bool is_local;
- u8 proto;
- u16 start_port;
- u16 end_port;
- u32 start_addr;
- u32 end_addr;
+ vl_api_ikev2_ts_t ts;
option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
+ option status="in_progress";
};
/** \brief IKEv2: Set IKEv2 local RSA private key
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param key_file - Key file absolute path
*/
autoreply define ikev2_set_local_key
u32 client_index;
u32 context;
- u8 key_file[256];
+ string key_file[256];
option vat_help = "file <absolute_file_path>";
+ option status="in_progress";
};
/** \brief IKEv2: Set the tunnel interface which will be protected by IKE
string name[64];
vl_api_interface_index_t sw_if_index;
+ option status="in_progress";
};
/** \brief IKEv2: Set IKEv2 responder interface and IP address
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param name - IKEv2 profile name
- @param sw_if_index - interface index
- @param address - interface address
+ @param responder - responder data
*/
autoreply define ikev2_set_responder
{
u32 context;
string name[64];
- vl_api_interface_index_t sw_if_index;
- vl_api_ip4_address_t address;
+ vl_api_ikev2_responder_t responder;
option vat_help = "<profile_name> interface <interface> address <addr>";
+ option status="in_progress";
};
/** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param name - IKEv2 profile name
- @param crypto_alg - encryption algorithm
- @param crypto_key_size - encryption key size
- @param integ_alg - integrity algorithm
- @param dh_group - Diffie-Hellman group
-
+ @param tr - IKE transforms
*/
autoreply define ikev2_set_ike_transforms
{
u32 context;
string name[64];
- u32 crypto_alg;
- u32 crypto_key_size;
- u32 integ_alg;
- u32 dh_group;
+ vl_api_ikev2_ike_transforms_t tr;
option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
+ option status="in_progress";
};
/** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param name - IKEv2 profile name
- @param crypto_alg - encryption algorithm
- @param crypto_key_size - encryption key size
- @param integ_alg - integrity algorithm
- @param dh_group - Diffie-Hellman group
-
+ @param tr - ESP transforms
*/
autoreply define ikev2_set_esp_transforms
{
u32 context;
string name[64];
- u32 crypto_alg;
- u32 crypto_key_size;
- u32 integ_alg;
- u32 dh_group;
- option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
+ vl_api_ikev2_esp_transforms_t tr;
+ option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg>";
+ option status="in_progress";
};
/** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param name - IKEv2 profile name
@param lifetime - SA maximum life time in seconds (0 to disable)
@param lifetime_jitter - Jitter added to prevent simultaneous rekeying
@param handover - Hand over time
@param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
-
*/
autoreply define ikev2_set_sa_lifetime
{
u32 handover;
u64 lifetime_maxdata;
option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
+ option status="in_progress";
};
/** \brief IKEv2: Initiate the SA_INIT exchange
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param name - IKEv2 profile name
-
*/
autoreply define ikev2_initiate_sa_init
{
string name[64];
option vat_help = "<profile_name>";
+ option status="in_progress";
};
/** \brief IKEv2: Initiate the delete IKE SA exchange
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param ispi - IKE SA initiator SPI
-
*/
autoreply define ikev2_initiate_del_ike_sa
{
u64 ispi;
option vat_help = "<ispi>";
+ option status="in_progress";
};
/** \brief IKEv2: Initiate the delete Child SA exchange
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param ispi - Child SA initiator SPI
-
*/
autoreply define ikev2_initiate_del_child_sa
{
u32 ispi;
option vat_help = "<ispi>";
+ option status="in_progress";
};
/** \brief IKEv2: Initiate the rekey Child SA exchange
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param ispi - Child SA initiator SPI
-
*/
autoreply define ikev2_initiate_rekey_child_sa
{
u32 ispi;
option vat_help = "<ispi>";
+ option status="in_progress";
};
/** \brief IKEv2: Set UDP encapsulation
u32 context;
string name[64];
+ option status="in_progress";
+};
+
+/** \brief IKEv2: Set/unset custom ipsec-over-udp port
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param is_set - whether set or unset custom port
+ @param port - port number
+ @param name - IKEv2 profile name
+*/
+autoreply define ikev2_profile_set_ipsec_udp_port
+{
+ u32 client_index;
+ u32 context;
+
+ u8 is_set;
+ u16 port;
+ string name[64];
+ option status="in_progress";
+};
+
+/** \brief IKEv2: Set liveness parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param period - how often is liveness check performed
+ @param max_retries - max retries for liveness check
+*/
+autoreply define ikev2_profile_set_liveness
+{
+ u32 client_index;
+ u32 context;
+
+ u32 period;
+ u32 max_retries;
+ option status="in_progress";
};
/*
* eval: (c-set-style "gnu")
* End:
*/
-
Code Review / vpp.git / blobdiff