FD.io VPP  v18.01.2-1-g9b554f3
Vector Packet Processing
Data Fields
vl_api_ipsec_spd_add_del_entry_t Struct Reference

IPsec: Add/delete Security Policy Database entry. More...

Data Fields

u32 client_index
 
u32 context
 
u8 is_add
 
u32 spd_id
 
i32 priority
 
u8 is_outbound
 
u8 is_ipv6
 
u8 is_ip_any
 
u8 remote_address_start [16]
 
u8 remote_address_stop [16]
 
u8 local_address_start [16]
 
u8 local_address_stop [16]
 
u8 protocol
 
u16 remote_port_start
 
u16 remote_port_stop
 
u16 local_port_start
 
u16 local_port_stop
 
u8 policy
 
u32 sa_id
 

Detailed Description

IPsec: Add/delete Security Policy Database entry.

See RFC 4301, 4.4.1.1 on how to match packet to selectors

Template Parameters
client_index- opaque cookie to identify the sender
context- sender context, to match reply w/ request
is_add- add SPD if non-zero, else delete
spd_id- SPD instance id (control plane allocated)
priority- priority of SPD entry (non-unique value). Used to order SPD matching - higher priorities match before lower
is_outbound- entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic
is_ipv6- remote/local address are IPv6 if non-zero, else IPv4
remote_address_start- start of remote address range to match
remote_address_stop- end of remote address range to match
local_address_start- start of local address range to match
local_address_stop- end of local address range to match
protocol- protocol type to match [0 means any]
remote_port_start- start of remote port range to match ...
remote_port_stop- end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
local_port_start- start of local port range to match ...
local_port_stop- end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
policy- 0 = bypass (no IPsec processing), 1 = discard (discard packet with ICMP processing), 2 = resolve (send request to control plane for SA resolving, and discard without ICMP processing), 3 = protect (apply IPsec policy using following parameters)
sa_id- SAD instance id (control plane allocated)

Definition at line 78 of file ipsec.api.

Field Documentation

u32 vl_api_ipsec_spd_add_del_entry_t::client_index

Definition at line 80 of file ipsec.api.

u32 vl_api_ipsec_spd_add_del_entry_t::context

Definition at line 81 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::is_add

Definition at line 82 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::is_ip_any

Definition at line 90 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::is_ipv6

Definition at line 89 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::is_outbound

Definition at line 86 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::local_address_start[16]

Definition at line 93 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::local_address_stop[16]

Definition at line 94 of file ipsec.api.

u16 vl_api_ipsec_spd_add_del_entry_t::local_port_start

Definition at line 100 of file ipsec.api.

u16 vl_api_ipsec_spd_add_del_entry_t::local_port_stop

Definition at line 101 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::policy

Definition at line 104 of file ipsec.api.

i32 vl_api_ipsec_spd_add_del_entry_t::priority

Definition at line 85 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::protocol

Definition at line 96 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::remote_address_start[16]

Definition at line 91 of file ipsec.api.

u8 vl_api_ipsec_spd_add_del_entry_t::remote_address_stop[16]

Definition at line 92 of file ipsec.api.

u16 vl_api_ipsec_spd_add_del_entry_t::remote_port_start

Definition at line 98 of file ipsec.api.

u16 vl_api_ipsec_spd_add_del_entry_t::remote_port_stop

Definition at line 99 of file ipsec.api.

u32 vl_api_ipsec_spd_add_del_entry_t::sa_id

Definition at line 105 of file ipsec.api.

u32 vl_api_ipsec_spd_add_del_entry_t::spd_id

Definition at line 84 of file ipsec.api.

The documentation for this struct was generated from the following file: