IPsec: Add/delete Security Association Database entry.
- Template Parameters
-
client_index | - opaque cookie to identify the sender |
context | - sender context, to match reply w/ request |
is_add | - add SAD entry if non-zero, else delete |
sad_id | - sad id |
spi | - security parameter index |
protocol | - 0 = AH, 1 = ESP |
crypto_algorithm | - 0 = Null, 1 = AES-CBC-128, 2 = AES-CBC-192, 3 = AES-CBC-256, 4 = 3DES-CBC |
crypto_key_length | - length of crypto_key in bytes |
crypto_key | - crypto keying material |
integrity_algorithm | - 0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512 |
integrity_key_length | - length of integrity_key in bytes |
integrity_key | - integrity keying material |
use_extended_sequence_number | - use ESN when non-zero |
is_tunnel | - IPsec tunnel mode if non-zero, else transport mode |
is_tunnel_ipv6 | - IPsec tunnel mode is IPv6 if non-zero, else IPv4 tunnel only valid if is_tunnel is non-zero |
tunnel_src_address | - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero |
tunnel_dst_address | - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero |
To be added: Anti-replay IPsec tunnel address copy mode (to support GDOI)
Definition at line 170 of file ipsec.api.