#include <vppinfra/error.h>
#define IKEV2_NONCE_SIZE 32
-
+#define IKEV2_PORT 500
+#define IKEV2_PORT_NATT 4500
#define IKEV2_KEY_PAD "Key Pad for IKEv2"
+#define IKEV2_GCM_ICV_SIZE 16
+#define IKEV2_GCM_NONCE_SIZE 12
+#define IKEV2_GCM_SALT_SIZE 4
+#define IKEV2_GCM_IV_SIZE (IKEV2_GCM_NONCE_SIZE - IKEV2_GCM_SALT_SIZE)
+
typedef u8 v8;
/* *INDENT-OFF* */
#define IKEV2_PAYLOAD_FLAG_CRITICAL (1<<7)
#define IKEV2_PAYLOAD_NONE 0
+#define IKEV2_PAYLOAD_NAT_D 20
+#define IKEV2_PAYLOAD_NAT_OA 21
#define IKEV2_PAYLOAD_SA 33
#define IKEV2_PAYLOAD_KE 34
#define IKEV2_PAYLOAD_IDI 35
_(9 , DES_IV32, "des-iv32") \
_(11, NULL, "null") \
_(12, AES_CBC, "aes-cbc") \
- _(13, AES_CTR, "aes-ctr")
+ _(13, AES_CTR, "aes-ctr") \
+ _(20, AES_GCM_16, "aes-gcm-16")
typedef enum
{
crypto_alg,
ikev2_transform_integ_type_t
integ_alg,
- ikev2_transform_dh_type_t
- dh_type, u32 crypto_key_size);
+ u32 crypto_key_size);
clib_error_t *ikev2_set_profile_sa_lifetime (vlib_main_t * vm, u8 * name,
u64 lifetime, u32 jitter,
u32 handover, u64 maxdata);
+clib_error_t *ikev2_set_profile_tunnel_interface (vlib_main_t * vm, u8 * name,
+ u32 sw_if_index);
+vnet_api_error_t ikev2_set_profile_ipsec_udp_port (vlib_main_t * vm,
+ u8 * name, u16 port,
+ u8 is_set);
+clib_error_t *ikev2_set_profile_udp_encap (vlib_main_t * vm, u8 * name);
clib_error_t *ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name);
clib_error_t *ikev2_initiate_delete_child_sa (vlib_main_t * vm, u32 ispi);
clib_error_t *ikev2_initiate_delete_ike_sa (vlib_main_t * vm, u64 ispi);
va_list * args);
uword unformat_ikev2_transform_esn_type (unformat_input_t * input,
va_list * args);
+void ikev2_cli_reference (void);
+
+clib_error_t *ikev2_set_liveness_params (u32 period, u32 max_retries);
#endif /* __included_ikev2_h__ */
Code Review / vpp.git / blobdiff