FD.io VPP  v19.04.2-12-g66b1689
Vector Packet Processing
ikev2.api
Go to the documentation of this file.
1 /* Hey Emacs use -*- mode: C -*- */
2 /*
3  * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 option version = "1.0.0";
18 
19 /** \brief Get the plugin version
20  @param client_index - opaque cookie to identify the sender
21  @param context - sender context, to match reply w/ request
22 */
23 define ikev2_plugin_get_version
24 {
27 };
28 
29 /** \brief Reply to get the plugin version
30  @param context - returned sender context, to match reply w/ request
31  @param major - Incremented every time a known breaking behavior change is introduced
32  @param minor - Incremented with small changes, may be used to avoid buggy versions
33 */
34 define ikev2_plugin_get_version_reply
35 {
39 };
40 
41 /** \brief IKEv2: Add/delete profile
42  @param client_index - opaque cookie to identify the sender
43  @param context - sender context, to match reply w/ request
44 
45  @param name - IKEv2 profile name
46  @param is_add - Add IKEv2 profile if non-zero, else delete
47 */
48 autoreply define ikev2_profile_add_del
49 {
52 
53  u8 name[64];
55 };
56 
57 /** \brief IKEv2: Set IKEv2 profile authentication method
58  @param client_index - opaque cookie to identify the sender
59  @param context - sender context, to match reply w/ request
60 
61  @param name - IKEv2 profile name
62  @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
63  @param is_hex - Authentication data in hex format if non-zero, else string
64  @param data_len - Authentication data length
65  @param data - Authentication data (for rsa-sig cert file path)
66 */
67 autoreply define ikev2_profile_set_auth
68 {
71 
72  u8 name[64];
76  u8 data[data_len];
77 };
78 
79 /** \brief IKEv2: Set IKEv2 profile local/remote identification
80  @param client_index - opaque cookie to identify the sender
81  @param context - sender context, to match reply w/ request
82 
83  @param name - IKEv2 profile name
84  @param is_local - Identification is local if non-zero, else remote
85  @param id_type - Identification type
86  @param data_len - Identification data length
87  @param data - Identification data
88 */
89 autoreply define ikev2_profile_set_id
90 {
93 
94  u8 name[64];
98  u8 data[data_len];
99 };
100 
101 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
102  @param client_index - opaque cookie to identify the sender
103  @param context - sender context, to match reply w/ request
104 
105  @param name - IKEv2 profile name
106  @param is_local - Traffic selector is local if non-zero, else remote
107  @param proto - Traffic selector IP protocol (if zero not relevant)
108  @param start_port - The smallest port number allowed by traffic selector
109  @param end_port - The largest port number allowed by traffic selector
110  @param start_addr - The smallest address included in traffic selector
111  @param end_addr - The largest address included in traffic selector
112 */
113 autoreply define ikev2_profile_set_ts
114 {
117 
118  u8 name[64];
125 };
126 
127 /** \brief IKEv2: Set IKEv2 local RSA private key
128  @param client_index - opaque cookie to identify the sender
129  @param context - sender context, to match reply w/ request
130 
131  @param key_file - Key file absolute path
132 */
133 autoreply define ikev2_set_local_key
134 {
137 
138  u8 key_file[256];
139 };
140 
141 /** \brief IKEv2: Set IKEv2 responder interface and IP address
142  @param client_index - opaque cookie to identify the sender
143  @param context - sender context, to match reply w/ request
144 
145  @param name - IKEv2 profile name
146  @param sw_if_index - interface index
147  @param address - interface address
148 */
149 autoreply define ikev2_set_responder
150 {
153 
154  u8 name[64];
157 };
158 
159 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
160  @param client_index - opaque cookie to identify the sender
161  @param context - sender context, to match reply w/ request
162 
163  @param name - IKEv2 profile name
164  @param crypto_alg - encryption algorithm
165  @param crypto_key_size - encryption key size
166  @param integ_alg - integrity algorithm
167  @param dh_group - Diffie-Hellman group
168 
169 */
170 autoreply define ikev2_set_ike_transforms
171 {
174 
175  u8 name[64];
180 };
181 
182 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
183  @param client_index - opaque cookie to identify the sender
184  @param context - sender context, to match reply w/ request
185 
186  @param name - IKEv2 profile name
187  @param crypto_alg - encryption algorithm
188  @param crypto_key_size - encryption key size
189  @param integ_alg - integrity algorithm
190  @param dh_group - Diffie-Hellman group
191 
192 */
193 autoreply define ikev2_set_esp_transforms
194 {
197 
198  u8 name[64];
203 };
204 
205 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
206  @param client_index - opaque cookie to identify the sender
207  @param context - sender context, to match reply w/ request
208 
209  @param name - IKEv2 profile name
210  @param lifetime - SA maximum life time in seconds (0 to disable)
211  @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
212  @param handover - Hand over time
213  @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
214 
215 */
216 autoreply define ikev2_set_sa_lifetime
217 {
220 
221  u8 name[64];
226 };
227 
228 /** \brief IKEv2: Initiate the SA_INIT exchange
229  @param client_index - opaque cookie to identify the sender
230  @param context - sender context, to match reply w/ request
231 
232  @param name - IKEv2 profile name
233 
234 */
235 autoreply define ikev2_initiate_sa_init
236 {
239 
240  u8 name[64];
241 };
242 
243 /** \brief IKEv2: Initiate the delete IKE SA exchange
244  @param client_index - opaque cookie to identify the sender
245  @param context - sender context, to match reply w/ request
246 
247  @param ispi - IKE SA initiator SPI
248 
249 */
250 autoreply define ikev2_initiate_del_ike_sa
251 {
254 
256 };
257 
258 /** \brief IKEv2: Initiate the delete Child SA exchange
259  @param client_index - opaque cookie to identify the sender
260  @param context - sender context, to match reply w/ request
261 
262  @param ispi - Child SA initiator SPI
263 
264 */
265 autoreply define ikev2_initiate_del_child_sa
266 {
269 
271 };
272 
273 /** \brief IKEv2: Initiate the rekey Child SA exchange
274  @param client_index - opaque cookie to identify the sender
275  @param context - sender context, to match reply w/ request
276 
277  @param ispi - Child SA initiator SPI
278 
279 */
281 {
284 
286 };
287 
288 /*
289  * Local Variables:
290  * eval: (c-set-style "gnu")
291  * End:
292  */
293 
typedef address
Definition: ip_types.api:30
unsigned long u64
Definition: types.h:89
u8 data[128]
Definition: ipsec.api:248
unsigned char u8
Definition: types.h:56
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:2920
unsigned int u32
Definition: types.h:88
unsigned short u16
Definition: types.h:57
u8 name[64]
Definition: memclnt.api:152
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
Definition: ikev2.c:2673
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:3255
option version
Definition: ikev2.api:17