d6/d7f/ipsec_8api_source.html

 /* Hey Emacs use -*- mode: C -*- */
 /*
  * Copyright (c) 2015-2016 Cisco and/or its affiliates.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 option version = "5.0.1";

 import "vnet/ipsec/ipsec_types.api";
 import "vnet/interface_types.api";
 import "vnet/ip/ip_types.api";
 import "vnet/interface_types.api";
 import "vnet/tunnel/tunnel_types.api";

 /** \brief IPsec: Add/delete Security Policy Database
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param is_add - add SPD if non-zero, else delete
     @param spd_id - SPD instance id (control plane allocated)
 */

 autoreply define ipsec_spd_add_del
 {
   u32 client_index;
   u32 context;
   bool is_add;
   u32 spd_id;
 };

 /** \brief IPsec: Add/delete SPD from interface

     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param is_add - add security mode if non-zero, else delete
     @param sw_if_index - index of the interface
     @param spd_id - SPD instance id to use for lookups
 */


 autoreply define ipsec_interface_add_del_spd
 {
   u32 client_index;
   u32 context;

   bool is_add;
   vl_api_interface_index_t sw_if_index;
   u32 spd_id;
 };


 enum ipsec_spd_action
 {
   /* bypass - no IPsec processing */
   IPSEC_API_SPD_ACTION_BYPASS = 0,
   /* discard - discard packet with ICMP processing */
   IPSEC_API_SPD_ACTION_DISCARD,
   /* resolve - send request to control plane for SA resolving */
   IPSEC_API_SPD_ACTION_RESOLVE,
   /* protect - apply IPsec policy using following parameters */
   IPSEC_API_SPD_ACTION_PROTECT,
 };

 /** \brief IPsec: Security Policy Database entry

     See RFC 4301, 4.4.1.1 on how to match packet to selectors

     @param spd_id - SPD instance id (control plane allocated)
     @param priority - priority of SPD entry (non-unique value).  Used to order SPD matching - higher priorities match before lower
     @param is_outbound - entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic
     @param remote_address_start - start of remote address range to match
     @param remote_address_stop - end of remote address range to match
     @param local_address_start - start of local address range to match
     @param local_address_stop - end of local address range to match
     @param protocol - protocol type to match [0 means any] otherwise IANA value
     @param remote_port_start - start of remote port range to match ...
     @param remote_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
     @param local_port_start - start of local port range to match ...
     @param local_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
     @param policy - action to perform on match
     @param sa_id - SAD instance id (control plane allocated)
 */
 typedef ipsec_spd_entry
 {
   u32 spd_id;
   i32 priority;
   bool is_outbound;

   u32 sa_id;
   vl_api_ipsec_spd_action_t policy;
   /* Which protocol?? */
   u8 protocol;

   // Selector
   vl_api_address_t remote_address_start;
   vl_api_address_t remote_address_stop;
   vl_api_address_t local_address_start;
   vl_api_address_t local_address_stop;

   u16 remote_port_start;
   u16 remote_port_stop;
   u16 local_port_start;
   u16 local_port_stop;
 };

 /** \brief IPsec: Add/delete Security Policy Database entry

     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param is_add - add SPD if non-zero, else delete
     @param entry - Description of the entry to add/dell
 */
 define ipsec_spd_entry_add_del
 {
   u32 client_index;
   u32 context;
   bool is_add;
   vl_api_ipsec_spd_entry_t entry;
 };

 /** \brief IPsec: Reply Add/delete Security Policy Database entry

     @param context - sender context, to match reply w/ request
     @param retval - success/fail rutrun code
     @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
 */
 define ipsec_spd_entry_add_del_reply
 {
   u32 context;
   i32 retval;
   u32 stat_index;
 };

 /** \brief Dump IPsec all SPD IDs
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
 */
 define ipsec_spds_dump {
   u32 client_index;
   u32 context;
 };

 /** \brief Dump IPsec all SPD IDs response
     @param client_index - opaque cookie to identify the sender
     @param spd_id - SPD instance id (control plane allocated)
     @param npolicies - number of policies in SPD
 */
 define ipsec_spds_details {
   u32 context;
   u32 spd_id;
   u32 npolicies;
 };

 /** \brief Dump ipsec policy database data
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param spd_id - SPD instance id
     @param sa_id - SA id, optional, set to ~0 to see all policies in SPD
 */
 define ipsec_spd_dump {
     u32 client_index;
     u32 context;
     u32 spd_id;
     u32 sa_id;
 };

 /** \brief IPsec policy database response
     @param context - sender context which was passed in the request
     €param entry - The SPD entry.
     @param bytes - byte count of packets matching this policy
     @param packets - count of packets matching this policy
 */
 define ipsec_spd_details {
     u32 context;
     vl_api_ipsec_spd_entry_t entry;
 };

 /** \brief IPsec: Add/delete Security Association Database entry
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param entry - Entry to add or delete
  */
 define ipsec_sad_entry_add_del
 {
   option deprecated;
   u32 client_index;
   u32 context;
   bool is_add;
   vl_api_ipsec_sad_entry_t entry;
 };
 define ipsec_sad_entry_add_del_v2
 {
   u32 client_index;
   u32 context;
   bool is_add;
   vl_api_ipsec_sad_entry_v2_t entry;
 };
 define ipsec_sad_entry_add_del_v3
 {
   u32 client_index;
   u32 context;
   bool is_add;
   vl_api_ipsec_sad_entry_v3_t entry;
 };

 define ipsec_sad_entry_add_del_reply
 {
   option deprecated;
   u32 context;
   i32 retval;
   u32 stat_index;
 };
 define ipsec_sad_entry_add_del_v2_reply
 {
   u32 context;
   i32 retval;
   u32 stat_index;
 };
 define ipsec_sad_entry_add_del_v3_reply
 {
   u32 context;
   i32 retval;
   u32 stat_index;
 };

 /** \brief Add or Update Protection for a tunnel with IPSEC

     Tunnel protection directly associates an SA with all packets
     ingress and egress on the tunnel. This could also be achieved by
     assigning an SPD to the tunnel, but that would incur an unnessccary
     SPD entry lookup.

     For tunnels the ESP acts on the post-encapsulated packet. So if this
     packet:
       +---------+------+
       | Payload | O-IP |
       +---------+------+
     where O-IP is the overlay IP addrees that was routed into the tunnel,
     the resulting encapsulated packet will be:
       +---------+------+------+
       | Payload | O-IP | T-IP |
       +---------+------+------+
     where T-IP is the tunnel's src.dst IP addresses.
     If the SAs used for protection are in transport mode then the ESP is
     inserted before T-IP, i.e.:
       +---------+------+-----+------+
       | Payload | O-IP | ESP | T-IP |
       +---------+------+-----+------+
     If the SAs used for protection are in tunnel mode then another
     encapsulation occurs, i.e.:
       +---------+------+------+-----+------+
       | Payload | O-IP | T-IP | ESP | C-IP |
       +---------+------+------+-----+------+
     where C-IP are the crypto endpoint IP addresses defined as the tunnel
     endpoints in the SA.
     The mode for the inbound and outbound SA must be the same.

     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param sw_id_index - Tunnel interface to protect
     @param nh - The peer/next-hop on the tunnel to which the traffic
                 should be protected. For a P2P interface set this to the
                 all 0s address.
     @param sa_in - The ID [set] of inbound SAs
     @param sa_out - The ID of outbound SA
 */
 typedef ipsec_tunnel_protect
 {
   vl_api_interface_index_t sw_if_index;
   vl_api_address_t nh;
   u32 sa_out;
   u8 n_sa_in;
   u32 sa_in[n_sa_in];
 };

 autoreply define ipsec_tunnel_protect_update
 {
   u32 client_index;
   u32 context;

   vl_api_ipsec_tunnel_protect_t tunnel;
 };

 autoreply define ipsec_tunnel_protect_del
 {
   u32 client_index;
   u32 context;

   vl_api_interface_index_t sw_if_index;
   vl_api_address_t nh;
 };

 /**
  * @brief Dump all tunnel protections
  */
 define ipsec_tunnel_protect_dump
 {
   u32 client_index;
   u32 context;
   vl_api_interface_index_t sw_if_index;
 };

 define ipsec_tunnel_protect_details
 {
   u32 context;
   vl_api_ipsec_tunnel_protect_t tun;
 };

 /** \brief IPsec: Get SPD interfaces
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param spd_index - SPD index
     @param spd_index_valid - if 1 spd_index is used to filter
       spd_index's, if 0 no filtering is done
 */
 define ipsec_spd_interface_dump {
     u32 client_index;
     u32 context;
     u32 spd_index;
     u8 spd_index_valid;
 };

 /** \brief IPsec: SPD interface response
     @param context - sender context which was passed in the request
     @param spd_index - SPD index
     @param sw_if_index - index of the interface
 */
 define ipsec_spd_interface_details {
     u32 context;
     u32 spd_index;
     vl_api_interface_index_t sw_if_index;
 };

 typedef ipsec_itf
 {
   u32 user_instance [default=0xffffffff];
   vl_api_tunnel_mode_t mode;
   vl_api_interface_index_t sw_if_index;
 };

 /** \brief Create an IPSec interface
  */
 define ipsec_itf_create {
   u32 client_index;
   u32 context;
   vl_api_ipsec_itf_t itf;
 };

 /** \brief Add IPsec interface interface response
     @param context - sender context, to match reply w/ request
     @param retval - return status
     @param sw_if_index - sw_if_index of new interface (for successful add)
 */
 define ipsec_itf_create_reply
 {
   u32 context;
   i32 retval;
   vl_api_interface_index_t sw_if_index;
 };

 autoreply define ipsec_itf_delete
 {
   u32 client_index;
   u32 context;
   vl_api_interface_index_t sw_if_index;
 };

 define ipsec_itf_dump
 {
   u32 client_index;
   u32 context;
   vl_api_interface_index_t sw_if_index;
 };

 define ipsec_itf_details
 {
   u32 context;
   vl_api_ipsec_itf_t itf;
 };

 /** \brief Dump IPsec security association
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param sa_id - optional ID of an SA to dump, if ~0 dump all SAs in SAD
 */
 define ipsec_sa_dump
 {
   option deprecated;
   u32 client_index;
   u32 context;
   u32 sa_id;
 };
 define ipsec_sa_v2_dump
 {
   u32 client_index;
   u32 context;
   u32 sa_id;
 };
 define ipsec_sa_v3_dump
 {
   u32 client_index;
   u32 context;
   u32 sa_id;
 };

 /** \brief IPsec security association database response
     @param context - sender context which was passed in the request
     @param entry - The SA details
     @param sw_if_index - sw_if_index of tunnel interface, policy-based SAs = ~0
     @param salt - 4 byte salt
     @param seq - current sequence number for outbound
     @param seq_hi - high 32 bits of ESN for outbound
     @param last_seq - highest sequence number received inbound
     @param last_seq_hi - high 32 bits of highest ESN received inbound
     @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
     @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa
 */
 define ipsec_sa_details {
   option deprecated;
   u32 context;
   vl_api_ipsec_sad_entry_t entry;

   vl_api_interface_index_t sw_if_index;
   u32 salt;
   u64 seq_outbound;
   u64 last_seq_inbound;
   u64 replay_window;

   u32 stat_index;
 };
 define ipsec_sa_v2_details {
   u32 context;
   vl_api_ipsec_sad_entry_v2_t entry;

   vl_api_interface_index_t sw_if_index;
   u32 salt;
   u64 seq_outbound;
   u64 last_seq_inbound;
   u64 replay_window;

   u32 stat_index;
 };
 define ipsec_sa_v3_details {
   u32 context;
   vl_api_ipsec_sad_entry_v3_t entry;

   vl_api_interface_index_t sw_if_index;
   u64 seq_outbound;
   u64 last_seq_inbound;
   u64 replay_window;

   u32 stat_index;
 };

 /** \brief Dump IPsec backends
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
 */
 define ipsec_backend_dump {
   u32 client_index;
   u32 context;
 };

 /** \brief IPsec backend details
     @param name - name of the backend
     @param protocol - IPsec protocol (value from ipsec_protocol_t)
     @param index - backend index
     @param active - set to 1 if the backend is active, otherwise 0
 */
 define ipsec_backend_details {
   u32 context;
   string name[128];
   vl_api_ipsec_proto_t protocol;
   u8 index;
   bool active;
 };

 /** \brief Select IPsec backend
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param protocol - IPsec protocol (value from ipsec_protocol_t)
     @param index - backend index
 */
 autoreply define ipsec_select_backend {
   u32 client_index;
   u32 context;
   vl_api_ipsec_proto_t protocol;
   u8 index;
 };


 /** \brief IPsec Set Async mode
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param async_enable - ipsec async mode on or off
 */
 autoreply define ipsec_set_async_mode {
   u32 client_index;
   u32 context;
   bool async_enable;
 };

 /*
  * Local Variables:
  * eval: (c-set-style "gnu")
  * End:
  */
vl_api_ipsec_sa_v2_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:446

vl_api_ipsec_backend_details_t::context
u32 context
Definition: ipsec.api:480

vl_api_ipsec_sa_v2_details_t::context
u32 context
Definition: ipsec.api:441

vl_api_ipsec_sad_entry_add_del_t::deprecated
option deprecated
Definition: ipsec.api:194

vl_api_ipsec_sa_v2_details_t::salt
u32 salt
Definition: ipsec.api:445

vl_api_ipsec_sa_v2_details_t::replay_window
u64 replay_window
Definition: ipsec.api:448

IPSEC_API_SPD_ACTION_BYPASS
Definition: ipsec.api:64

vl_api_ipsec_sa_dump_t::client_index
u32 client_index
Definition: ipsec.api:398

vl_api_ipsec_spd_entry_add_del_t::is_add
bool is_add
Definition: ipsec.api:126

vl_api_ipsec_set_async_mode_t::client_index
u32 client_index
Definition: ipsec.api:507

vl_api_ipsec_sad_entry_add_del_v3_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:232

vl_api_ipsec_sad_entry_add_del_v3_t::is_add
bool is_add
Definition: ipsec.api:211

vl_api_ipsec_sa_v3_dump_t::client_index
u32 client_index
Definition: ipsec.api:410

vl_api_ipsec_itf_create_t::client_index
u32 client_index
Definition: ipsec.api:353

vl_api_ipsec_sa_v2_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:406

vl_api_ipsec_sa_v3_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:457

vl_api_ipsec_backend_dump_t::client_index
u32 client_index
Definition: ipsec.api:469

n_sa_in
u8 n_sa_in
Definition: ipsec.api:281

u64
unsigned long u64
Definition: types.h:89

vl_api_ipsec_backend_details_t::active
bool active
Definition: ipsec.api:484

vl_api_ipsec_sa_v2_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:447

vl_api_ipsec_itf_details_t::itf
vl_api_ipsec_itf_t itf
Definition: ipsec.api:387

vl_api_ipsec_sad_entry_add_del_reply_t::context
u32 context
Definition: ipsec.api:218

vl_api_ipsec_tunnel_protect_dump_t::context
u32 context
Definition: ipsec.api:308

vl_api_ipsec_backend_details_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:482

local_address_stop
vl_api_address_t local_address_stop
Definition: ipsec.api:107

vl_api_ipsec_sad_entry_add_del_v2_t::entry
vl_api_ipsec_sad_entry_v2_t entry
Definition: ipsec.api:205

vl_api_ipsec_sa_v3_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:458

vl_api_ipsec_backend_dump_t::context
u32 context
Definition: ipsec.api:470

local_port_stop
u16 local_port_stop
Definition: ipsec.api:112

local_address_start
vl_api_address_t local_address_start
Definition: ipsec.api:106

vl_api_ipsec_tunnel_protect_del_t::context
u32 context
Definition: ipsec.api:296

vl_api_ipsec_spd_interface_details_t::context
u32 context
Definition: ipsec.api:338

vl_api_ipsec_tunnel_protect_update_t::client_index
u32 client_index
Definition: ipsec.api:287

protocol
u8 protocol
Definition: ipsec.api:101

vl_api_ipsec_spd_interface_dump_t::spd_index
u32 spd_index
Definition: ipsec.api:328

vl_api_ipsec_spd_dump_t::spd_id
u32 spd_id
Definition: ipsec.api:172

vl_api_ipsec_itf_create_t::itf
vl_api_ipsec_itf_t itf
Definition: ipsec.api:355

policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:99

name
string name[64]
Definition: fib.api:25

vl_api_ipsec_itf_delete_t::client_index
u32 client_index
Definition: ipsec.api:372

vl_api_ipsec_sa_v2_details_t::stat_index
u32 stat_index
Definition: ipsec.api:450

sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:347

u8
unsigned char u8
Definition: types.h:56

vl_api_ipsec_tunnel_protect_dump_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:309

vl_api_ipsec_itf_delete_t::context
u32 context
Definition: ipsec.api:373

u32
unsigned int u32
Definition: types.h:88

vl_api_ipsec_tunnel_protect_del_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:298

ipsec_tunnel_protect
typedef ipsec_tunnel_protect
Add or Update Protection for a tunnel with IPSEC.
Definition: ipsec.api:277

vl_api_ipsec_sa_v3_details_t::stat_index
u32 stat_index
Definition: ipsec.api:461

is_outbound
bool is_outbound
Definition: ipsec.api:96

vl_api_ipsec_itf_dump_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:381

vl_api_ipsec_itf_create_reply_t::retval
i32 retval
Definition: ipsec.api:366

remote_address_start
vl_api_address_t remote_address_start
Definition: ipsec.api:104

vl_api_ipsec_sad_entry_add_del_v3_reply_t::retval
i32 retval
Definition: ipsec.api:231

ipsec_spd_action
ipsec_spd_action
Definition: ipsec.api:61

vl_api_ipsec_spd_entry_add_del_reply_t::context
u32 context
Definition: ipsec.api:138

remote_address_stop
vl_api_address_t remote_address_stop
Definition: ipsec.api:105

vl_api_ipsec_sa_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:435

vl_api_ipsec_sa_v3_dump_t::context
u32 context
Definition: ipsec.api:411

sa_in
u32 sa_in[n_sa_in]
Definition: ipsec.api:282

vl_api_ipsec_sa_dump_t::context
u32 context
Definition: ipsec.api:399

vl_api_ipsec_sa_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:434

priority
i32 priority
Definition: ipsec.api:95

sa_out
u32 sa_out
Definition: ipsec.api:280

ipsec_itf
typedef ipsec_itf
Definition: ipsec.api:344

vl_api_ipsec_spd_add_del_t::client_index
u32 client_index
Definition: ipsec.api:34

vl_api_ipsec_itf_create_t::context
u32 context
Definition: ipsec.api:354

sa_id
u32 sa_id
Definition: ipsec.api:98

vl_api_ipsec_sad_entry_add_del_v2_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:226

vl_api_ipsec_tunnel_protect_details_t::tun
vl_api_ipsec_tunnel_protect_t tun
Definition: ipsec.api:315

u16
unsigned short u16
Definition: types.h:57

ipsec_spd_entry
typedef ipsec_spd_entry
IPsec: Security Policy Database entry.
Definition: ipsec.api:93

vl_api_ipsec_sad_entry_add_del_v2_reply_t::retval
i32 retval
Definition: ipsec.api:225

vl_api_ipsec_tunnel_protect_update_t::context
u32 context
Definition: ipsec.api:288

vl_api_ipsec_sad_entry_add_del_v3_reply_t::context
u32 context
Definition: ipsec.api:230

vl_api_ipsec_itf_create_reply_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:367

remote_port_stop
u16 remote_port_stop
Definition: ipsec.api:110

vl_api_ipsec_sa_v2_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:444

vl_api_ipsec_tunnel_protect_update_t::tunnel
vl_api_ipsec_tunnel_protect_t tunnel
Definition: ipsec.api:290

vl_api_ipsec_spd_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:173

vl_api_ipsec_interface_add_del_spd_t::spd_id
u32 spd_id
Definition: ipsec.api:57

vl_api_ipsec_itf_create_reply_t::context
u32 context
Definition: ipsec.api:365

vl_api_ipsec_interface_add_del_spd_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:56

vl_api_ipsec_spds_dump_t::client_index
u32 client_index
Definition: ipsec.api:148

vl_api_ipsec_sa_details_t::deprecated
option deprecated
Definition: ipsec.api:428

vl_api_ipsec_select_backend_t::client_index
u32 client_index
Definition: ipsec.api:494

vl_api_ipsec_spd_add_del_t::context
u32 context
Definition: ipsec.api:35

vl_api_ipsec_sad_entry_add_del_t::client_index
u32 client_index
Definition: ipsec.api:195

vl_api_ipsec_sa_dump_t::deprecated
option deprecated
Definition: ipsec.api:397

vl_api_ipsec_sad_entry_add_del_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:198

vl_api_ipsec_select_backend_t::index
u8 index
Definition: ipsec.api:497

vl_api_ipsec_sad_entry_add_del_v3_t::context
u32 context
Definition: ipsec.api:210

vl_api_ipsec_set_async_mode_t::async_enable
bool async_enable
Definition: ipsec.api:509

vl_api_ipsec_interface_add_del_spd_t::context
u32 context
Definition: ipsec.api:53

vl_api_ipsec_sad_entry_add_del_reply_t::deprecated
option deprecated
Definition: ipsec.api:217

vl_api_ipsec_select_backend_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:496

vl_api_ipsec_sad_entry_add_del_t::is_add
bool is_add
Definition: ipsec.api:197

vl_api_ipsec_sa_v3_details_t::context
u32 context
Definition: ipsec.api:453

vl_api_ipsec_spd_add_del_t::spd_id
u32 spd_id
Definition: ipsec.api:37

vl_api_ipsec_spd_dump_t::client_index
u32 client_index
Definition: ipsec.api:170

vl_api_ipsec_sa_details_t::salt
u32 salt
Definition: ipsec.api:433

IPSEC_API_SPD_ACTION_DISCARD
Definition: ipsec.api:66

vl_api_ipsec_sa_details_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:430

vl_api_ipsec_spd_add_del_t::is_add
bool is_add
Definition: ipsec.api:36

i32
signed int i32
Definition: types.h:77

IPSEC_API_SPD_ACTION_PROTECT
Definition: ipsec.api:70

vl_api_ipsec_sa_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:432

vl_api_ipsec_itf_dump_t::context
u32 context
Definition: ipsec.api:380

vl_api_ipsec_spds_dump_t::context
u32 context
Definition: ipsec.api:149

vl_api_ipsec_itf_details_t::context
u32 context
Definition: ipsec.api:386

vl_api_ipsec_spd_interface_dump_t::spd_index_valid
u8 spd_index_valid
Definition: ipsec.api:329

version
option version
Definition: ipsec.api:17

vl_api_ipsec_select_backend_t::context
u32 context
Definition: ipsec.api:495

vl_api_ipsec_sad_entry_add_del_v2_t::client_index
u32 client_index
Definition: ipsec.api:202

vl_api_ipsec_interface_add_del_spd_t::is_add
bool is_add
Definition: ipsec.api:55

vl_api_ipsec_tunnel_protect_details_t::context
u32 context
Definition: ipsec.api:314

vl_api_ipsec_spd_dump_t::context
u32 context
Definition: ipsec.api:171

vl_api_ipsec_spd_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:140

vl_api_ipsec_sa_details_t::replay_window
u64 replay_window
Definition: ipsec.api:436

ipsec_itf_delete
int ipsec_itf_delete(u32 sw_if_index)
Definition: ipsec_itf.c:320

vl_api_ipsec_spd_interface_dump_t::context
u32 context
Definition: ipsec.api:327

vl_api_ipsec_spd_entry_add_del_t::client_index
u32 client_index
Definition: ipsec.api:124

vl_api_ipsec_backend_details_t::index
u8 index
Definition: ipsec.api:483

vl_api_ipsec_spds_details_t::spd_id
u32 spd_id
Definition: ipsec.api:159

vl_api_ipsec_interface_add_del_spd_t::client_index
u32 client_index
Definition: ipsec.api:52

vl_api_ipsec_spd_details_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:184

vl_api_ipsec_spd_entry_add_del_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:127

vl_api_ipsec_sa_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:400

vl_api_ipsec_spd_details_t::context
u32 context
Definition: ipsec.api:183

remote_port_start
u16 remote_port_start
Definition: ipsec.api:109

vl_api_ipsec_tunnel_protect_dump_t::client_index
u32 client_index
Definition: ipsec.api:307

vl_api_ipsec_itf_dump_t::client_index
u32 client_index
Definition: ipsec.api:379

vl_api_ipsec_spd_entry_add_del_t::context
u32 context
Definition: ipsec.api:125

vl_api_ipsec_set_async_mode_t::context
u32 context
Definition: ipsec.api:508

vl_api_ipsec_sa_details_t::context
u32 context
Definition: ipsec.api:429

vl_api_ipsec_sad_entry_add_del_v2_reply_t::context
u32 context
Definition: ipsec.api:224

vl_api_ipsec_spds_details_t::npolicies
u32 npolicies
Definition: ipsec.api:160

ipsec_itf_create
int ipsec_itf_create(u32 user_instance, tunnel_mode_t mode, u32 *sw_if_indexp)
Definition: ipsec_itf.c:272

vl_api_ipsec_sa_v2_details_t::entry
vl_api_ipsec_sad_entry_v2_t entry
Definition: ipsec.api:442

vl_api_ipsec_sa_v3_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:456

vl_api_ipsec_sad_entry_add_del_v3_t::client_index
u32 client_index
Definition: ipsec.api:209

vl_api_ipsec_sad_entry_add_del_v2_t::is_add
bool is_add
Definition: ipsec.api:204

vl_api_ipsec_tunnel_protect_del_t::client_index
u32 client_index
Definition: ipsec.api:295

nh
vl_api_address_t nh
Definition: ipsec.api:279

IPSEC_API_SPD_ACTION_RESOLVE
Definition: ipsec.api:68

vl_api_ipsec_spds_details_t::context
u32 context
Definition: ipsec.api:158

vl_api_ipsec_spd_interface_details_t::spd_index
u32 spd_index
Definition: ipsec.api:339

ipsec_set_async_mode
void ipsec_set_async_mode(u32 is_enabled)
Definition: ipsec.c:327

mode
vl_api_tunnel_mode_t mode
Definition: ipsec.api:346

vl_api_ipsec_sad_entry_add_del_v3_t::entry
vl_api_ipsec_sad_entry_v3_t entry
Definition: ipsec.api:212

vl_api_ipsec_spd_interface_dump_t::client_index
u32 client_index
Definition: ipsec.api:326

vl_api_ipsec_itf_delete_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:374

vl_api_ipsec_sa_v2_dump_t::client_index
u32 client_index
Definition: ipsec.api:404

vl_api_ipsec_sad_entry_add_del_reply_t::retval
i32 retval
Definition: ipsec.api:219

local_port_start
u16 local_port_start
Definition: ipsec.api:111

vl_api_ipsec_sa_v3_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:412

vl_api_ipsec_spd_entry_add_del_reply_t::retval
i32 retval
Definition: ipsec.api:139

vl_api_ipsec_sad_entry_add_del_v2_t::context
u32 context
Definition: ipsec.api:203

vl_api_ipsec_sa_details_t::stat_index
u32 stat_index
Definition: ipsec.api:438

vl_api_ipsec_sa_v3_details_t::entry
vl_api_ipsec_sad_entry_v3_t entry
Definition: ipsec.api:454

vl_api_ipsec_tunnel_protect_del_t::nh
vl_api_address_t nh
Definition: ipsec.api:299

vl_api_ipsec_sa_v2_dump_t::context
u32 context
Definition: ipsec.api:405

vl_api_ipsec_spd_interface_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:340

vl_api_ipsec_sad_entry_add_del_t::context
u32 context
Definition: ipsec.api:196

vl_api_ipsec_sad_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:220

vl_api_ipsec_sa_v3_details_t::replay_window
u64 replay_window
Definition: ipsec.api:459