FD.io VPP
v18.07.1-19-g511ce25
Vector Packet Processing
|
IPsec: Add/delete Security Association Database entry. More...
IPsec: Add/delete Security Association Database entry.
client_index | - opaque cookie to identify the sender |
context | - sender context, to match reply w/ request |
is_add | - add SAD entry if non-zero, else delete |
sad_id | - sad id |
spi | - security parameter index |
protocol | - 0 = AH, 1 = ESP |
crypto_algorithm | - 0 = Null, 1 = AES-CBC-128, 2 = AES-CBC-192, 3 = AES-CBC-256, 4 = 3DES-CBC |
crypto_key_length | - length of crypto_key in bytes |
crypto_key | - crypto keying material |
integrity_algorithm | - 0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512 |
integrity_key_length | - length of integrity_key in bytes |
integrity_key | - integrity keying material |
use_extended_sequence_number | - use ESN when non-zero |
is_tunnel | - IPsec tunnel mode if non-zero, else transport mode |
is_tunnel_ipv6 | - IPsec tunnel mode is IPv6 if non-zero, else IPv4 tunnel only valid if is_tunnel is non-zero |
tunnel_src_address | - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero |
tunnel_dst_address | - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero |
udp_encap | - enable UDP encapsulation for NAT traversal |
To be added: Anti-replay IPsec tunnel address copy mode (to support GDOI)
u8 vl_api_ipsec_sad_add_del_entry_t::tunnel_dst_address[16] |
u8 vl_api_ipsec_sad_add_del_entry_t::tunnel_src_address[16] |
u8 vl_api_ipsec_sad_add_del_entry_t::use_extended_sequence_number |