FD.io VPP  v20.05.1-5-g09f167997
Vector Packet Processing
ipsec.api
Go to the documentation of this file.
1 /* Hey Emacs use -*- mode: C -*- */
2 /*
3  * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 option version = "3.0.2";
18 
19 import "vnet/ipsec/ipsec_types.api";
20 import "vnet/interface_types.api";
21 import "vnet/ip/ip_types.api";
22 import "vnet/interface_types.api";
23 
24 /** \brief IPsec: Add/delete Security Policy Database
25  @param client_index - opaque cookie to identify the sender
26  @param context - sender context, to match reply w/ request
27  @param is_add - add SPD if non-zero, else delete
28  @param spd_id - SPD instance id (control plane allocated)
29 */
30 
31 autoreply define ipsec_spd_add_del
32 {
33  u32 client_index;
34  u32 context;
35  bool is_add;
36  u32 spd_id;
37 };
38 
39 /** \brief IPsec: Add/delete SPD from interface
40 
41  @param client_index - opaque cookie to identify the sender
42  @param context - sender context, to match reply w/ request
43  @param is_add - add security mode if non-zero, else delete
44  @param sw_if_index - index of the interface
45  @param spd_id - SPD instance id to use for lookups
46 */
47 
48 
49 autoreply define ipsec_interface_add_del_spd
50 {
51  u32 client_index;
52  u32 context;
53 
54  bool is_add;
55  vl_api_interface_index_t sw_if_index;
56  u32 spd_id;
57 };
58 
59 
60 enum ipsec_spd_action
61 {
62  /* bypass - no IPsec processing */
63  IPSEC_API_SPD_ACTION_BYPASS = 0,
64  /* discard - discard packet with ICMP processing */
65  IPSEC_API_SPD_ACTION_DISCARD,
66  /* resolve - send request to control plane for SA resolving */
67  IPSEC_API_SPD_ACTION_RESOLVE,
68  /* protect - apply IPsec policy using following parameters */
69  IPSEC_API_SPD_ACTION_PROTECT,
70 };
71 
72 /** \brief IPsec: Security Policy Database entry
73 
74  See RFC 4301, 4.4.1.1 on how to match packet to selectors
75 
76  @param spd_id - SPD instance id (control plane allocated)
77  @param priority - priority of SPD entry (non-unique value). Used to order SPD matching - higher priorities match before lower
78  @param is_outbound - entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic
79  @param remote_address_start - start of remote address range to match
80  @param remote_address_stop - end of remote address range to match
81  @param local_address_start - start of local address range to match
82  @param local_address_stop - end of local address range to match
83  @param protocol - protocol type to match [0 means any] otherwise IANA value
84  @param remote_port_start - start of remote port range to match ...
85  @param remote_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
86  @param local_port_start - start of local port range to match ...
87  @param local_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
88  @param policy - action to perform on match
89  @param sa_id - SAD instance id (control plane allocated)
90 */
91 typedef ipsec_spd_entry
92 {
93  u32 spd_id;
94  i32 priority;
95  bool is_outbound;
96 
97  u32 sa_id;
98  vl_api_ipsec_spd_action_t policy;
99  /* Which protocol?? */
100  u8 protocol;
101 
102  // Selector
103  vl_api_address_t remote_address_start;
104  vl_api_address_t remote_address_stop;
105  vl_api_address_t local_address_start;
106  vl_api_address_t local_address_stop;
107 
108  u16 remote_port_start;
109  u16 remote_port_stop;
110  u16 local_port_start;
111  u16 local_port_stop;
112 };
113 
114 /** \brief IPsec: Add/delete Security Policy Database entry
115 
116  @param client_index - opaque cookie to identify the sender
117  @param context - sender context, to match reply w/ request
118  @param is_add - add SPD if non-zero, else delete
119  @param entry - Description of the entry to add/dell
120 */
121 define ipsec_spd_entry_add_del
122 {
123  u32 client_index;
124  u32 context;
125  bool is_add;
126  vl_api_ipsec_spd_entry_t entry;
127 };
128 
129 /** \brief IPsec: Reply Add/delete Security Policy Database entry
130 
131  @param context - sender context, to match reply w/ request
132  @param retval - success/fail rutrun code
133  @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
134 */
135 define ipsec_spd_entry_add_del_reply
136 {
137  u32 context;
138  i32 retval;
139  u32 stat_index;
140 };
141 
142 /** \brief Dump IPsec all SPD IDs
143  @param client_index - opaque cookie to identify the sender
144  @param context - sender context, to match reply w/ request
145 */
146 define ipsec_spds_dump {
147  u32 client_index;
148  u32 context;
149 };
150 
151 /** \brief Dump IPsec all SPD IDs response
152  @param client_index - opaque cookie to identify the sender
153  @param spd_id - SPD instance id (control plane allocated)
154  @param npolicies - number of policies in SPD
155 */
156 define ipsec_spds_details {
157  u32 context;
158  u32 spd_id;
159  u32 npolicies;
160 };
161 
162 /** \brief Dump ipsec policy database data
163  @param client_index - opaque cookie to identify the sender
164  @param context - sender context, to match reply w/ request
165  @param spd_id - SPD instance id
166  @param sa_id - SA id, optional, set to ~0 to see all policies in SPD
167 */
168 define ipsec_spd_dump {
169  u32 client_index;
170  u32 context;
171  u32 spd_id;
172  u32 sa_id;
173 };
174 
175 /** \brief IPsec policy database response
176  @param context - sender context which was passed in the request
177  €param entry - The SPD entry.
178  @param bytes - byte count of packets matching this policy
179  @param packets - count of packets matching this policy
180 */
181 define ipsec_spd_details {
182  u32 context;
183  vl_api_ipsec_spd_entry_t entry;
184 };
185 
186 /** \brief IPsec: Add/delete Security Association Database entry
187  @param client_index - opaque cookie to identify the sender
188  @param context - sender context, to match reply w/ request
189  @param entry - Entry to add or delete
190  */
191 define ipsec_sad_entry_add_del
192 {
193  u32 client_index;
194  u32 context;
195  bool is_add;
196  vl_api_ipsec_sad_entry_t entry;
197 };
198 define ipsec_sad_entry_add_del_reply
199 {
200  u32 context;
201  i32 retval;
202  u32 stat_index;
203 };
204 
205 /** \brief Add or Update Protection for a tunnel with IPSEC
206 
207  Tunnel protection directly associates an SA with all packets
208  ingress and egress on the tunnel. This could also be achieved by
209  assigning an SPD to the tunnel, but that would incur an unnessccary
210  SPD entry lookup.
211 
212  For tunnels the ESP acts on the post-encapsulated packet. So if this
213  packet:
214  +---------+------+
215  | Payload | O-IP |
216  +---------+------+
217  where O-IP is the overlay IP addrees that was routed into the tunnel,
218  the resulting encapsulated packet will be:
219  +---------+------+------+
220  | Payload | O-IP | T-IP |
221  +---------+------+------+
222  where T-IP is the tunnel's src.dst IP addresses.
223  If the SAs used for protection are in transport mode then the ESP is
224  inserted before T-IP, i.e.:
225  +---------+------+-----+------+
226  | Payload | O-IP | ESP | T-IP |
227  +---------+------+-----+------+
228  If the SAs used for protection are in tunnel mode then another
229  encapsulation occurs, i.e.:
230  +---------+------+------+-----+------+
231  | Payload | O-IP | T-IP | ESP | C-IP |
232  +---------+------+------+-----+------+
233  where C-IP are the crypto endpoint IP addresses defined as the tunnel
234  endpoints in the SA.
235  The mode for the inbound and outbound SA must be the same.
236 
237  @param client_index - opaque cookie to identify the sender
238  @param context - sender context, to match reply w/ request
239  @param sw_id_index - Tunnel interface to protect
240  @param nh - The peer/next-hop on the tunnel to which the traffic
241  should be protected. For a P2P interface set this to the
242  all 0s address.
243  @param sa_in - The ID [set] of inbound SAs
244  @param sa_out - The ID of outbound SA
245 */
246 typedef ipsec_tunnel_protect
247 {
248  vl_api_interface_index_t sw_if_index;
249  vl_api_address_t nh;
250  u32 sa_out;
251  u8 n_sa_in;
252  u32 sa_in[n_sa_in];
253 };
254 
255 autoreply define ipsec_tunnel_protect_update
256 {
257  u32 client_index;
258  u32 context;
259 
260  vl_api_ipsec_tunnel_protect_t tunnel;
261 };
262 
263 autoreply define ipsec_tunnel_protect_del
264 {
265  u32 client_index;
266  u32 context;
267 
268  vl_api_interface_index_t sw_if_index;
269  vl_api_address_t nh;
270 };
271 
272 /**
273  * @brief Dump all tunnel protections
274  */
275 define ipsec_tunnel_protect_dump
276 {
277  u32 client_index;
278  u32 context;
279  vl_api_interface_index_t sw_if_index;
280 };
281 
282 define ipsec_tunnel_protect_details
283 {
284  u32 context;
285  vl_api_ipsec_tunnel_protect_t tun;
286 };
287 
288 /** \brief IPsec: Get SPD interfaces
289  @param client_index - opaque cookie to identify the sender
290  @param context - sender context, to match reply w/ request
291  @param spd_index - SPD index
292  @param spd_index_valid - if 1 spd_index is used to filter
293  spd_index's, if 0 no filtering is done
294 */
295 define ipsec_spd_interface_dump {
296  u32 client_index;
297  u32 context;
298  u32 spd_index;
299  u8 spd_index_valid;
300 };
301 
302 /** \brief IPsec: SPD interface response
303  @param context - sender context which was passed in the request
304  @param spd_index - SPD index
305  @param sw_if_index - index of the interface
306 */
307 define ipsec_spd_interface_details {
308  u32 context;
309  u32 spd_index;
310  vl_api_interface_index_t sw_if_index;
311 };
312 
313 /** \brief Add or delete IPsec tunnel interface
314 
315  !!DEPRECATED!!
316  use the tunnel protect APIs instead
317 
318  @param client_index - opaque cookie to identify the sender
319  @param context - sender context, to match reply w/ request
320  @param is_add - add IPsec tunnel interface if nonzero, else delete
321  @param is_ip6 - tunnel v6 or v4
322  @param esn - enable extended sequence numbers if nonzero, else disable
323  @param anti_replay - enable anti replay check if nonzero, else disable
324  @param local_ip - local IP address
325  @param remote_ip - IP address of remote IPsec peer
326  @param local_spi - SPI of outbound IPsec SA
327  @param remote_spi - SPI of inbound IPsec SA
328  @param crypto_alg - encryption algorithm ID
329  @param local_crypto_key_len - length of local crypto key in bytes
330  @param local_crypto_key - crypto key for outbound IPsec SA
331  @param remote_crypto_key_len - length of remote crypto key in bytes
332  @param remote_crypto_key - crypto key for inbound IPsec SA
333  @param integ_alg - integrity algorithm ID
334  @param local_integ_key_len - length of local integrity key in bytes
335  @param local_integ_key - integrity key for outbound IPsec SA
336  @param remote_integ_key_len - length of remote integrity key in bytes
337  @param remote_integ_key - integrity key for inbound IPsec SA
338  @param renumber - intf display name uses a specified instance if != 0
339  @param show_instance - instance to display for intf if renumber is set
340  @param udp_encap - enable UDP encapsulation for NAT traversal
341  @param tx_table_id - the FIB id used after packet encap
342  @param salt - for use with counter mode ciphers
343 */
344 define ipsec_tunnel_if_add_del {
345  u32 client_index;
346  u32 context;
347  bool is_add;
348  bool esn;
349  bool anti_replay;
350  vl_api_address_t local_ip;
351  vl_api_address_t remote_ip;
352  u32 local_spi;
353  u32 remote_spi;
354  u8 crypto_alg;
355  u8 local_crypto_key_len;
356  u8 local_crypto_key[128];
357  u8 remote_crypto_key_len;
358  u8 remote_crypto_key[128];
359  u8 integ_alg;
360  u8 local_integ_key_len;
361  u8 local_integ_key[128];
362  u8 remote_integ_key_len;
363  u8 remote_integ_key[128];
364  bool renumber;
365  u32 show_instance;
366  bool udp_encap;
367  u32 tx_table_id;
368  u32 salt;
369 };
370 
371 /** \brief Add/delete IPsec tunnel interface response
372  @param context - sender context, to match reply w/ request
373  @param retval - return status
374  @param sw_if_index - sw_if_index of new interface (for successful add)
375 */
376 define ipsec_tunnel_if_add_del_reply {
377  u32 context;
378  i32 retval;
379  vl_api_interface_index_t sw_if_index;
380 };
381 
382 /** \brief Dump IPsec security association
383  @param client_index - opaque cookie to identify the sender
384  @param context - sender context, to match reply w/ request
385  @param sa_id - optional ID of an SA to dump, if ~0 dump all SAs in SAD
386 */
387 define ipsec_sa_dump {
388  u32 client_index;
389  u32 context;
390  u32 sa_id;
391 };
392 
393 /** \brief IPsec security association database response
394  @param context - sender context which was passed in the request
395  @param sa_id - SA ID, policy-based SAs >=0, tunnel interface SAs = 0
396  @param sw_if_index - sw_if_index of tunnel interface, policy-based SAs = ~0
397  @param spi - security parameter index
398  @param protocol - IPsec protocol (value from ipsec_protocol_t)
399  @param crypto_alg - crypto algorithm (value from ipsec_crypto_alg_t)
400  @param crypto_key_len - length of crypto_key in bytes
401  @param crypto_key - crypto keying material
402  @param integ_alg - integrity algorithm (value from ipsec_integ_alg_t)
403  @param integ_key_len - length of integ_key in bytes
404  @param integ_key - integrity keying material
405  @param use_esn - using extended sequence numbers when non-zero
406  @param use_anti_replay - using anti-replay window when non-zero
407  @param is_tunnel - IPsec tunnel mode when non-zero, else transport mode
408  @param is_tunnel_ipv6 - If using tunnel mode, endpoints are IPv6
409  @param tunnel_src_addr - Tunnel source address if using tunnel mode
410  @param tunnel_dst_addr - Tunnel destination address is using tunnel mode
411  @param salt - 4 byte salt
412  @param seq - current sequence number for outbound
413  @param seq_hi - high 32 bits of ESN for outbound
414  @param last_seq - highest sequence number received inbound
415  @param last_seq_hi - high 32 bits of highest ESN received inbound
416  @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
417  @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa
418  @param udp_encap - 1 if UDP encap enabled, 0 otherwise
419 */
420 define ipsec_sa_details {
421  u32 context;
422  vl_api_ipsec_sad_entry_t entry;
423 
424  vl_api_interface_index_t sw_if_index;
425  u32 salt;
426  u64 seq_outbound;
427  u64 last_seq_inbound;
428  u64 replay_window;
429 
430  u32 stat_index;
431 };
432 
433 /** \brief Set new SA on IPsec interface
434 
435  !! DEPRECATED !!
436 
437  @param client_index - opaque cookie to identify the sender
438  @param context - sender context, to match reply w/ request
439  @param sw_if_index - index of tunnel interface
440  @param sa_id - ID of SA to use
441  @param is_outbound - 1 if outbound (local) SA, 0 if inbound (remote)
442 */
443 autoreply define ipsec_tunnel_if_set_sa {
444  u32 client_index;
445  u32 context;
446  vl_api_interface_index_t sw_if_index;
447  u32 sa_id;
448  u8 is_outbound;
449 };
450 
451 /** \brief Dump IPsec backends
452  @param client_index - opaque cookie to identify the sender
453  @param context - sender context, to match reply w/ request
454 */
455 define ipsec_backend_dump {
456  u32 client_index;
457  u32 context;
458 };
459 
460 /** \brief IPsec backend details
461  @param name - name of the backend
462  @param protocol - IPsec protocol (value from ipsec_protocol_t)
463  @param index - backend index
464  @param active - set to 1 if the backend is active, otherwise 0
465 */
466 define ipsec_backend_details {
467  u32 context;
468  string name[128];
469  vl_api_ipsec_proto_t protocol;
470  u8 index;
471  bool active;
472 };
473 
474 /** \brief Select IPsec backend
475  @param client_index - opaque cookie to identify the sender
476  @param context - sender context, to match reply w/ request
477  @param protocol - IPsec protocol (value from ipsec_protocol_t)
478  @param index - backend index
479 */
480 autoreply define ipsec_select_backend {
481  u32 client_index;
482  u32 context;
483  vl_api_ipsec_proto_t protocol;
484  u8 index;
485 };
486 
487 /*
488  * Local Variables:
489  * eval: (c-set-style "gnu")
490  * End:
491  */
vl_api_ipsec_backend_details_t::context
u32 context
Definition: ipsec.api:467
vl_api_ipsec_sa_dump_t::client_index
u32 client_index
Definition: ipsec.api:388
vl_api_ipsec_spd_entry_add_del_t::is_add
bool is_add
Definition: ipsec.api:125
vl_api_ipsec_tunnel_if_add_del_t::crypto_alg
u8 crypto_alg
Definition: ipsec.api:354
vl_api_ipsec_tunnel_if_add_del_t::client_index
u32 client_index
Definition: ipsec.api:345
vl_api_ipsec_backend_dump_t::client_index
u32 client_index
Definition: ipsec.api:456
n_sa_in
u8 n_sa_in
Definition: ipsec.api:251
u64
unsigned long u64
Definition: types.h:89
vl_api_ipsec_backend_details_t::active
bool active
Definition: ipsec.api:471
vl_api_ipsec_sad_entry_add_del_reply_t::context
u32 context
Definition: ipsec.api:200
vl_api_ipsec_tunnel_protect_dump_t::context
u32 context
Definition: ipsec.api:278
vl_api_ipsec_backend_details_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:469
local_address_stop
vl_api_address_t local_address_stop
Definition: ipsec.api:106
vl_api_ipsec_tunnel_if_set_sa_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:446
vl_api_ipsec_tunnel_if_add_del_t::renumber
bool renumber
Definition: ipsec.api:364
vl_api_ipsec_backend_dump_t::context
u32 context
Definition: ipsec.api:457
local_port_stop
u16 local_port_stop
Definition: ipsec.api:111
vl_api_ipsec_tunnel_if_add_del_t::integ_alg
u8 integ_alg
Definition: ipsec.api:359
local_address_start
vl_api_address_t local_address_start
Definition: ipsec.api:105
vl_api_ipsec_tunnel_protect_del_t::context
u32 context
Definition: ipsec.api:266
vl_api_ipsec_spd_interface_details_t::context
u32 context
Definition: ipsec.api:308
vl_api_ipsec_tunnel_if_add_del_t::remote_crypto_key_len
u8 remote_crypto_key_len
Definition: ipsec.api:357
vl_api_ipsec_tunnel_protect_update_t::client_index
u32 client_index
Definition: ipsec.api:257
protocol
u8 protocol
Definition: ipsec.api:100
vl_api_ipsec_spd_interface_dump_t::spd_index
u32 spd_index
Definition: ipsec.api:298
vl_api_ipsec_spd_dump_t::spd_id
u32 spd_id
Definition: ipsec.api:171
policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:98
vl_api_ipsec_tunnel_if_add_del_t::remote_spi
u32 remote_spi
Definition: ipsec.api:353
u8
unsigned char u8
Definition: types.h:56
vl_api_ipsec_tunnel_protect_dump_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:279
vl_api_ipsec_tunnel_if_add_del_t::remote_ip
vl_api_address_t remote_ip
Definition: ipsec.api:351
vl_api_ipsec_tunnel_protect_del_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:268
ipsec_tunnel_protect
typedef ipsec_tunnel_protect
Add or Update Protection for a tunnel with IPSEC.
Definition: ipsec.api:247
vl_api_ipsec_tunnel_if_add_del_t::esn
bool esn
Definition: ipsec.api:348
is_outbound
bool is_outbound
Definition: ipsec.api:95
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: gre.api:53
remote_address_start
vl_api_address_t remote_address_start
Definition: ipsec.api:103
vl_api_ipsec_tunnel_if_add_del_t::local_ip
vl_api_address_t local_ip
Definition: ipsec.api:350
u32
unsigned int u32
Definition: types.h:88
ipsec_spd_action
ipsec_spd_action
Definition: ipsec.api:60
vl_api_ipsec_spd_entry_add_del_reply_t::context
u32 context
Definition: ipsec.api:137
remote_address_stop
vl_api_address_t remote_address_stop
Definition: ipsec.api:104
vl_api_ipsec_sa_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:427
sa_in
u32 sa_in[n_sa_in]
Definition: ipsec.api:252
vl_api_ipsec_sa_dump_t::context
u32 context
Definition: ipsec.api:389
vl_api_ipsec_sa_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:426
priority
i32 priority
Definition: ipsec.api:94
sa_out
u32 sa_out
Definition: ipsec.api:250
vl_api_ipsec_spd_add_del_t::client_index
u32 client_index
Definition: ipsec.api:33
sa_id
u32 sa_id
Definition: ipsec.api:97
vl_api_ipsec_tunnel_if_add_del_t::remote_integ_key_len
u8 remote_integ_key_len
Definition: ipsec.api:362
vl_api_ipsec_tunnel_if_add_del_t::udp_encap
bool udp_encap
Definition: ipsec.api:366
vl_api_ipsec_tunnel_protect_details_t::tun
vl_api_ipsec_tunnel_protect_t tun
Definition: ipsec.api:285
u16
unsigned short u16
Definition: types.h:57
ipsec_spd_entry
typedef ipsec_spd_entry
IPsec: Security Policy Database entry.
Definition: ipsec.api:92
vl_api_ipsec_tunnel_protect_update_t::context
u32 context
Definition: ipsec.api:258
remote_port_stop
u16 remote_port_stop
Definition: ipsec.api:109
vl_api_ipsec_tunnel_protect_update_t::tunnel
vl_api_ipsec_tunnel_protect_t tunnel
Definition: ipsec.api:260
vl_api_ipsec_tunnel_if_add_del_t::anti_replay
bool anti_replay
Definition: ipsec.api:349
vl_api_ipsec_spd_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:172
vl_api_ipsec_interface_add_del_spd_t::spd_id
u32 spd_id
Definition: ipsec.api:56
vl_api_ipsec_interface_add_del_spd_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:55
vl_api_ipsec_spds_dump_t::client_index
u32 client_index
Definition: ipsec.api:147
vl_api_ipsec_select_backend_t::client_index
u32 client_index
Definition: ipsec.api:481
vl_api_ipsec_spd_add_del_t::context
u32 context
Definition: ipsec.api:34
vl_api_ipsec_sad_entry_add_del_t::client_index
u32 client_index
Definition: ipsec.api:193
vl_api_ipsec_tunnel_if_add_del_reply_t::context
u32 context
Definition: ipsec.api:377
vl_api_ipsec_sad_entry_add_del_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:196
vl_api_ipsec_select_backend_t::index
u8 index
Definition: ipsec.api:484
vl_api_ipsec_interface_add_del_spd_t::context
u32 context
Definition: ipsec.api:52
vl_api_ipsec_tunnel_if_add_del_t::local_spi
u32 local_spi
Definition: ipsec.api:352
vl_api_ipsec_select_backend_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:483
vl_api_ipsec_sad_entry_add_del_t::is_add
bool is_add
Definition: ipsec.api:195
vl_api_ipsec_tunnel_if_add_del_reply_t::retval
i32 retval
Definition: ipsec.api:378
vl_api_ipsec_spd_add_del_t::spd_id
u32 spd_id
Definition: ipsec.api:36
name
string name[64]
Definition: ip.api:44
vl_api_ipsec_spd_dump_t::client_index
u32 client_index
Definition: ipsec.api:169
vl_api_ipsec_sa_details_t::salt
u32 salt
Definition: ipsec.api:425
vl_api_ipsec_sa_details_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:422
vl_api_ipsec_spd_add_del_t::is_add
bool is_add
Definition: ipsec.api:35
i32
signed int i32
Definition: types.h:77
vl_api_ipsec_sa_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:424
vl_api_ipsec_tunnel_if_add_del_t::salt
u32 salt
Definition: ipsec.api:368
vl_api_ipsec_spds_dump_t::context
u32 context
Definition: ipsec.api:148
vl_api_ipsec_tunnel_if_set_sa_t::client_index
u32 client_index
Definition: ipsec.api:444
vl_api_ipsec_spd_interface_dump_t::spd_index_valid
u8 spd_index_valid
Definition: ipsec.api:299
version
option version
Definition: ipsec.api:17
vl_api_ipsec_tunnel_if_add_del_t::context
u32 context
Definition: ipsec.api:346
vl_api_ipsec_select_backend_t::context
u32 context
Definition: ipsec.api:482
vl_api_ipsec_interface_add_del_spd_t::is_add
bool is_add
Definition: ipsec.api:54
vl_api_ipsec_tunnel_protect_details_t::context
u32 context
Definition: ipsec.api:284
vl_api_ipsec_tunnel_if_add_del_reply_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:379
vl_api_ipsec_spd_dump_t::context
u32 context
Definition: ipsec.api:170
vl_api_ipsec_spd_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:139
vl_api_ipsec_sa_details_t::replay_window
u64 replay_window
Definition: ipsec.api:428
vl_api_ipsec_spd_interface_dump_t::context
u32 context
Definition: ipsec.api:297
vl_api_ipsec_spd_entry_add_del_t::client_index
u32 client_index
Definition: ipsec.api:123
vl_api_ipsec_backend_details_t::index
u8 index
Definition: ipsec.api:470
vl_api_ipsec_spds_details_t::spd_id
u32 spd_id
Definition: ipsec.api:158
vl_api_ipsec_interface_add_del_spd_t::client_index
u32 client_index
Definition: ipsec.api:51
vl_api_ipsec_spd_details_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:183
vl_api_ipsec_spd_entry_add_del_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:126
vl_api_ipsec_tunnel_if_add_del_t::local_integ_key_len
u8 local_integ_key_len
Definition: ipsec.api:360
vl_api_ipsec_sa_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:390
vl_api_ipsec_tunnel_if_add_del_t::local_crypto_key_len
u8 local_crypto_key_len
Definition: ipsec.api:355
vl_api_ipsec_spd_details_t::context
u32 context
Definition: ipsec.api:182
remote_port_start
u16 remote_port_start
Definition: ipsec.api:108
vl_api_ipsec_tunnel_if_add_del_t::is_add
bool is_add
Definition: ipsec.api:347
vl_api_ipsec_tunnel_if_set_sa_t::is_outbound
u8 is_outbound
Definition: ipsec.api:448
vl_api_ipsec_tunnel_protect_dump_t::client_index
u32 client_index
Definition: ipsec.api:277
vl_api_ipsec_tunnel_if_set_sa_t::sa_id
u32 sa_id
Definition: ipsec.api:447
vl_api_ipsec_spd_entry_add_del_t::context
u32 context
Definition: ipsec.api:124
vl_api_ipsec_sa_details_t::context
u32 context
Definition: ipsec.api:421
vl_api_ipsec_spds_details_t::npolicies
u32 npolicies
Definition: ipsec.api:159
vl_api_ipsec_tunnel_protect_del_t::client_index
u32 client_index
Definition: ipsec.api:265
nh
vl_api_address_t nh
Definition: ipsec.api:249
vl_api_ipsec_tunnel_if_add_del_t::tx_table_id
u32 tx_table_id
Definition: ipsec.api:367
vl_api_ipsec_spds_details_t::context
u32 context
Definition: ipsec.api:157
vl_api_ipsec_spd_interface_details_t::spd_index
u32 spd_index
Definition: ipsec.api:309
vl_api_ipsec_spd_interface_dump_t::client_index
u32 client_index
Definition: ipsec.api:296
vl_api_ipsec_sad_entry_add_del_reply_t::retval
i32 retval
Definition: ipsec.api:201
local_port_start
u16 local_port_start
Definition: ipsec.api:110
vl_api_ipsec_tunnel_if_set_sa_t::context
u32 context
Definition: ipsec.api:445
vl_api_ipsec_spd_entry_add_del_reply_t::retval
i32 retval
Definition: ipsec.api:138
vl_api_ipsec_sa_details_t::stat_index
u32 stat_index
Definition: ipsec.api:430
vl_api_ipsec_tunnel_protect_del_t::nh
vl_api_address_t nh
Definition: ipsec.api:269
vl_api_ipsec_spd_interface_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:310
vl_api_ipsec_sad_entry_add_del_t::context
u32 context
Definition: ipsec.api:194
vl_api_ipsec_sad_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:202
vl_api_ipsec_tunnel_if_add_del_t::show_instance
u32 show_instance
Definition: ipsec.api:365