IPsec: Add/delete Security Policy Database entry.
See RFC 4301, 4.4.1.1 on how to match packet to selectors
- Template Parameters
-
client_index | - opaque cookie to identify the sender |
context | - sender context, to match reply w/ request |
is_add | - add SPD if non-zero, else delete |
spd_id | - SPD instance id (control plane allocated) |
priority | - priority of SPD entry (non-unique value). Used to order SPD matching - higher priorities match before lower |
is_outbound | - entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic |
is_ipv6 | - remote/local address are IPv6 if non-zero, else IPv4 |
remote_address_start | - start of remote address range to match |
remote_address_stop | - end of remote address range to match |
local_address_start | - start of local address range to match |
local_address_stop | - end of local address range to match |
protocol | - protocol type to match [0 means any] |
remote_port_start | - start of remote port range to match ... |
remote_port_stop | - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE] |
local_port_start | - start of local port range to match ... |
local_port_stop | - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE] |
policy | - 0 = bypass (no IPsec processing), 1 = discard (discard packet with ICMP processing), 2 = resolve (send request to control plane for SA resolving, and discard without ICMP processing), 3 = protect (apply IPsec policy using following parameters) |
sa_id | - SAD instance id (control plane allocated) |
Definition at line 98 of file ipsec.api.