/* Hey Emacs use -*- mode: C -*- */
/*
- * Copyright (c) 2015-2016 Cisco and/or its affiliates.
+ * Copyright (c) 2015-2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
option status="in_progress";
};
+/** \brief Dump all SAs
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+*/
+define ikev2_sa_dump
+{
+ u32 client_index;
+ u32 context;
+
+ option status = "in_progress";
+};
+
+/** \brief Details about IKE SA
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param sa - SA data
+*/
+define ikev2_sa_details
+{
+ u32 context;
+ i32 retval;
+
+ vl_api_ikev2_sa_t sa;
+ option status = "in_progress";
+};
+
+/** \brief Dump child SA of specific SA
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param sa_index - index of specific sa
+*/
+define ikev2_child_sa_dump
+{
+ u32 client_index;
+ u32 context;
+
+ u32 sa_index;
+ option vat_help = "sa_index <index>";
+ option status = "in_progress";
+};
+
+/** \brief Child SA details
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param child_sa - child SA data
+*/
+define ikev2_child_sa_details
+{
+ u32 context;
+ i32 retval;
+
+ vl_api_ikev2_child_sa_t child_sa;
+ option status = "in_progress";
+};
+
+/** \brief get specific nonce
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param is_initiator - specify type initiator|responder of nonce
+ @param sa_index - index of specific sa
+*/
+define ikev2_nonce_get
+{
+ u32 client_index;
+ u32 context;
+
+ bool is_initiator;
+ u32 sa_index;
+ option vat_help = "initiator|responder sa_index <index>";
+ option status = "in_progress";
+};
+
+/** \brief reply on specific nonce
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param data_len - nonce length
+ @param nonce - nonce data
+*/
+
+define ikev2_nonce_get_reply
+{
+ u32 context;
+ i32 retval;
+
+ u32 data_len;
+ u8 nonce[data_len];
+ option status = "in_progress";
+};
+
+/** \brief dump traffic selectors
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param is_initiator - specify type initiator|responder of nonce
+ @param sa_index - index of specific sa
+ @param child_sa_index - index of specific sa child of specific sa
+*/
+
+define ikev2_traffic_selector_dump
+{
+ u32 client_index;
+ u32 context;
+
+ bool is_initiator;
+ u32 sa_index;
+ u32 child_sa_index;
+ option vat_help = "initiator|responder sa_index <index> child_sa_index <index>";
+ option status = "in_progress";
+};
+
+/** \brief details on specific traffic selector
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param ts - traffic selector data
+*/
+
+define ikev2_traffic_selector_details
+{
+ u32 context;
+ i32 retval;
+
+ vl_api_ikev2_ts_t ts;
+ option status = "in_progress";
+};
/** \brief IKEv2: Add/delete profile
@param client_index - opaque cookie to identify the sender
option status="in_progress";
};
+/** \brief IKEv2: Disable NAT traversal
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param name - IKEv2 profile name
+*/
+autoreply define ikev2_profile_disable_natt
+{
+ u32 client_index;
+ u32 context;
+
+ string name[64];
+ option status="in_progress";
+};
+
/** \brief IKEv2: Set IKEv2 profile traffic selector parameters
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param name - IKEv2 profile name
- @param is_local - Traffic selector is local if non-zero, else remote
- @param proto - Traffic selector IP protocol (if zero not relevant)
- @param start_port - The smallest port number allowed by traffic selector
- @param end_port - The largest port number allowed by traffic selector
- @param start_addr - The smallest address included in traffic selector
- @param end_addr - The largest address included in traffic selector
+ @param ts - traffic selector data
*/
autoreply define ikev2_profile_set_ts
{
u32 context;
string name[64];
- bool is_local;
- u8 proto;
- u16 start_port;
- u16 end_port;
- u32 start_addr;
- u32 end_addr;
- option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
+ vl_api_ikev2_ts_t ts;
+ option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip> end_addr <ip> (local|remote)";
option status="in_progress";
};
/** \brief IKEv2: Set IKEv2 local RSA private key
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
-
@param key_file - Key file absolute path
*/
autoreply define ikev2_set_local_key
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param name - IKEv2 profile name
- @param sw_if_index - interface index
- @param address - interface address
+ @param responder - responder data
*/
autoreply define ikev2_set_responder
{
u32 context;
string name[64];
- vl_api_interface_index_t sw_if_index;
- vl_api_ip4_address_t address;
+ vl_api_ikev2_responder_t responder;
option vat_help = "<profile_name> interface <interface> address <addr>";
option status="in_progress";
};
+autoreply define ikev2_set_responder_hostname
+{
+ u32 client_index;
+ u32 context;
+
+ string name[64];
+ string hostname[64];
+ vl_api_interface_index_t sw_if_index;
+ option status="in_progress";
+};
+
/** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param name - IKEv2 profile name
- @param crypto_alg - encryption algorithm
- @param crypto_key_size - encryption key size
- @param integ_alg - integrity algorithm
- @param dh_group - Diffie-Hellman group
+ @param tr - IKE transforms
*/
autoreply define ikev2_set_ike_transforms
{
u32 context;
string name[64];
- u32 crypto_alg;
- u32 crypto_key_size;
- u32 integ_alg;
- u32 dh_group;
+ vl_api_ikev2_ike_transforms_t tr;
option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
option status="in_progress";
};
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param name - IKEv2 profile name
- @param crypto_alg - encryption algorithm
- @param crypto_key_size - encryption key size
- @param integ_alg - integrity algorithm
- @param dh_group - Diffie-Hellman group
+ @param tr - ESP transforms
*/
autoreply define ikev2_set_esp_transforms
{
u32 context;
string name[64];
- u32 crypto_alg;
- u32 crypto_key_size;
- u32 integ_alg;
- u32 dh_group;
- option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
+ vl_api_ikev2_esp_transforms_t tr;
+ option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg>";
option status="in_progress";
};
option status="in_progress";
};
+counters ikev2 {
+ processed {
+ severity info;
+ type counter64;
+ units "packets";
+ description "packets processed";
+ };
+ ike_sa_init_retransmit {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE SA INIT retransmit";
+ };
+ ike_sa_init_ignore {
+ severity error;
+ type counter64;
+ units "packets";
+ description "IKE_SA_INIT ignore (IKE SA already auth)";
+ };
+ ike_req_retransmit {
+ severity error;
+ type counter64;
+ units "packets";
+ description "IKE request retransmit";
+ };
+ ike_req_ignore {
+ severity error;
+ type counter64;
+ units "packets";
+ description "IKE request ignore (old msgid)";
+ };
+ not_ikev2 {
+ severity error;
+ type counter64;
+ units "packets";
+ description "Non IKEv2 packets received";
+ };
+ bad_length {
+ severity error;
+ type counter64;
+ units "packets";
+ description "Bad packet length";
+ };
+ malformed_packet {
+ severity error;
+ type counter64;
+ units "packets";
+ description "Malformed packet";
+ };
+ no_buff_space {
+ severity error;
+ type counter64;
+ units "packets";
+ description "No buffer space";
+ };
+ keepalive {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE keepalive messages received";
+ };
+ rekey_req {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE rekey requests received";
+ };
+ init_sa_req {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE EXCHANGE SA requests received";
+ };
+ ike_auth_req {
+ severity info;
+ type counter64;
+ units "packets";
+ description "IKE AUTH SA requests received";
+ };
+};
+paths {
+ "/err/ikev2-ip4" "ike";
+ "/err/ikev2-ip6" "ike";
+ "/err/ikev2-ip4-natt" "ike";
+};
+
/*
* Local Variables:
* eval: (c-set-style "gnu")
Code Review / vpp.git / blobdiff