FD.io VPP  v18.07.1-19-g511ce25
Vector Packet Processing
vl_api_ipsec_sad_add_del_entry_t Struct Reference

IPsec: Add/delete Security Association Database entry. More...

Data Fields

u32 client_index
 
u32 context
 
u8 is_add
 
u32 sad_id
 
u32 spi
 
u8 protocol
 
u8 crypto_algorithm
 
u8 crypto_key_length
 
u8 crypto_key [128]
 
u8 integrity_algorithm
 
u8 integrity_key_length
 
u8 integrity_key [128]
 
u8 use_extended_sequence_number
 
u8 use_anti_replay
 
u8 is_tunnel
 
u8 is_tunnel_ipv6
 
u8 tunnel_src_address [16]
 
u8 tunnel_dst_address [16]
 
u8 udp_encap
 

Detailed Description

IPsec: Add/delete Security Association Database entry.

Template Parameters
client_index- opaque cookie to identify the sender
context- sender context, to match reply w/ request
is_add- add SAD entry if non-zero, else delete
sad_id- sad id
spi- security parameter index
protocol- 0 = AH, 1 = ESP
crypto_algorithm- 0 = Null, 1 = AES-CBC-128, 2 = AES-CBC-192, 3 = AES-CBC-256, 4 = 3DES-CBC
crypto_key_length- length of crypto_key in bytes
crypto_key- crypto keying material
integrity_algorithm- 0 = None, 1 = MD5-96, 2 = SHA1-96, 3 = SHA-256, 4 = SHA-384, 5=SHA-512
integrity_key_length- length of integrity_key in bytes
integrity_key- integrity keying material
use_extended_sequence_number- use ESN when non-zero
is_tunnel- IPsec tunnel mode if non-zero, else transport mode
is_tunnel_ipv6- IPsec tunnel mode is IPv6 if non-zero, else IPv4 tunnel only valid if is_tunnel is non-zero
tunnel_src_address- IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
tunnel_dst_address- IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
udp_encap- enable UDP encapsulation for NAT traversal

To be added: Anti-replay IPsec tunnel address copy mode (to support GDOI)

Definition at line 140 of file ipsec.api.

Field Documentation

u32 vl_api_ipsec_sad_add_del_entry_t::client_index

Definition at line 142 of file ipsec.api.

u32 vl_api_ipsec_sad_add_del_entry_t::context

Definition at line 143 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::crypto_algorithm

Definition at line 152 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::crypto_key[128]

Definition at line 154 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::crypto_key_length

Definition at line 153 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::integrity_algorithm

Definition at line 156 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::integrity_key[128]

Definition at line 158 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::integrity_key_length

Definition at line 157 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::is_add

Definition at line 144 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::is_tunnel

Definition at line 163 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::is_tunnel_ipv6

Definition at line 164 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::protocol

Definition at line 150 of file ipsec.api.

u32 vl_api_ipsec_sad_add_del_entry_t::sad_id

Definition at line 146 of file ipsec.api.

u32 vl_api_ipsec_sad_add_del_entry_t::spi

Definition at line 148 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::tunnel_dst_address[16]

Definition at line 166 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::tunnel_src_address[16]

Definition at line 165 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::udp_encap

Definition at line 167 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::use_anti_replay

Definition at line 161 of file ipsec.api.

u8 vl_api_ipsec_sad_add_del_entry_t::use_extended_sequence_number

Definition at line 160 of file ipsec.api.


The documentation for this struct was generated from the following file: