FD.io VPP  v21.01.1
Vector Packet Processing
ikev2.api
Go to the documentation of this file.
1 /* Hey Emacs use -*- mode: C -*- */
2 /*
3  * Copyright (c) 2015-2020 Cisco and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 option version = "1.0.1";
18 
19 import "plugins/ikev2/ikev2_types.api";
20 import "vnet/ip/ip_types.api";
21 import "vnet/interface_types.api";
22 
23 /** \brief Get the plugin version
24  @param client_index - opaque cookie to identify the sender
25  @param context - sender context, to match reply w/ request
26 */
27 define ikev2_plugin_get_version
28 {
31 };
32 
33 /** \brief Reply to get the plugin version
34  @param context - returned sender context, to match reply w/ request
35  @param major - Incremented every time a known breaking behavior change is introduced
36  @param minor - Incremented with small changes, may be used to avoid buggy versions
37 */
38 define ikev2_plugin_get_version_reply
39 {
43 };
44 
45 /** \brief Dump all profiles
46  @param client_index - opaque cookie to identify the sender
47  @param context - sender context, to match reply w/ request
48 */
49 define ikev2_profile_dump
50 {
53  option status="in_progress";
54 };
55 
56 /** \brief Details about all profiles
57  @param context - returned sender context, to match reply w/ request
58  @param profile - profile element with encapsulated attributes
59 */
60 define ikev2_profile_details
61 {
63  vl_api_ikev2_profile_t profile;
64  option status="in_progress";
65 };
66 
67 /** \brief Dump all SAs
68  @param client_index - opaque cookie to identify the sender
69  @param context - sender context, to match reply w/ request
70 */
71 define ikev2_sa_dump
72 {
75 
76  option status = "in_progress";
77 };
78 
79 /** \brief Details about IKE SA
80  @param context - sender context, to match reply w/ request
81  @param retval - return code
82  @param sa - SA data
83 */
84 define ikev2_sa_details
85 {
88 
89  vl_api_ikev2_sa_t sa;
90  option status = "in_progress";
91 };
92 
93 /** \brief Dump child SA of specific SA
94  @param client_index - opaque cookie to identify the sender
95  @param context - sender context, to match reply w/ request
96  @param sa_index - index of specific sa
97 */
98 define ikev2_child_sa_dump
99 {
102 
104  option vat_help = "sa_index <index>";
105  option status = "in_progress";
106 };
107 
108 /** \brief Child SA details
109  @param context - sender context, to match reply w/ request
110  @param retval - return code
111  @param child_sa - child SA data
112 */
113 define ikev2_child_sa_details
114 {
117 
118  vl_api_ikev2_child_sa_t child_sa;
119  option status = "in_progress";
120 };
121 
122 /** \brief get specific nonce
123  @param client_index - opaque cookie to identify the sender
124  @param context - sender context, to match reply w/ request
125  @param is_initiator - specify type initiator|responder of nonce
126  @param sa_index - index of specific sa
127 */
128 define ikev2_nonce_get
129 {
132 
135  option vat_help = "initiator|responder sa_index <index>";
136  option status = "in_progress";
137 };
138 
139 /** \brief reply on specific nonce
140  @param context - sender context, to match reply w/ request
141  @param retval - return code
142  @param data_len - nonce length
143  @param nonce - nonce data
144 */
145 
146 define ikev2_nonce_get_reply
147 {
150 
152  u8 nonce[data_len];
153  option status = "in_progress";
154 };
155 
156 /** \brief dump traffic selectors
157  @param client_index - opaque cookie to identify the sender
158  @param context - sender context, to match reply w/ request
159  @param is_initiator - specify type initiator|responder of nonce
160  @param sa_index - index of specific sa
161  @param child_sa_index - index of specific sa child of specific sa
162 */
163 
164 define ikev2_traffic_selector_dump
165 {
168 
172  option vat_help = "initiator|responder sa_index <index> child_sa_index <index>";
173  option status = "in_progress";
174 };
175 
176 /** \brief details on specific traffic selector
177  @param context - sender context, to match reply w/ request
178  @param retval - return code
179  @param ts - traffic selector data
180 */
181 
182 define ikev2_traffic_selector_details
183 {
186 
187  vl_api_ikev2_ts_t ts;
188  option status = "in_progress";
189 };
190 
191 /** \brief IKEv2: Add/delete profile
192  @param client_index - opaque cookie to identify the sender
193  @param context - sender context, to match reply w/ request
194  @param name - IKEv2 profile name
195  @param is_add - Add IKEv2 profile if non-zero, else delete
196 */
197 autoreply define ikev2_profile_add_del
198 {
201 
202  string name[64];
203  bool is_add;
204  option vat_help = "name <profile_name> [del]";
205  option status="in_progress";
206 };
207 
208 /** \brief IKEv2: Set IKEv2 profile authentication method
209  @param client_index - opaque cookie to identify the sender
210  @param context - sender context, to match reply w/ request
211  @param name - IKEv2 profile name
212  @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
213  @param is_hex - Authentication data in hex format if non-zero, else string
214  @param data_len - Authentication data length
215  @param data - Authentication data (for rsa-sig cert file path)
216 */
217 autoreply define ikev2_profile_set_auth
218 {
221 
222  string name[64];
224  bool is_hex;
227  option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
228  option status="in_progress";
229 };
230 
231 /** \brief IKEv2: Set IKEv2 profile local/remote identification
232  @param client_index - opaque cookie to identify the sender
233  @param context - sender context, to match reply w/ request
234  @param name - IKEv2 profile name
235  @param is_local - Identification is local if non-zero, else remote
236  @param id_type - Identification type
237  @param data_len - Identification data length
238  @param data - Identification data
239 */
240 autoreply define ikev2_profile_set_id
241 {
244 
245  string name[64];
246  bool is_local;
250  option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
251  option status="in_progress";
252 };
253 
254 /** \brief IKEv2: Disable NAT traversal
255  @param client_index - opaque cookie to identify the sender
256  @param context - sender context, to match reply w/ request
257  @param name - IKEv2 profile name
258 */
259 autoreply define ikev2_profile_disable_natt
260 {
263 
264  string name[64];
265  option status="in_progress";
266 };
267 
268 /** \brief IKEv2: Set IKEv2 profile traffic selector parameters
269  @param client_index - opaque cookie to identify the sender
270  @param context - sender context, to match reply w/ request
271  @param name - IKEv2 profile name
272  @param ts - traffic selector data
273 */
274 autoreply define ikev2_profile_set_ts
275 {
278 
279  string name[64];
280  vl_api_ikev2_ts_t ts;
281  option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip> end_addr <ip> (local|remote)";
282  option status="in_progress";
283 };
284 
285 /** \brief IKEv2: Set IKEv2 local RSA private key
286  @param client_index - opaque cookie to identify the sender
287  @param context - sender context, to match reply w/ request
288  @param key_file - Key file absolute path
289 */
290 autoreply define ikev2_set_local_key
291 {
294 
295  string key_file[256];
296  option vat_help = "file <absolute_file_path>";
297  option status="in_progress";
298 };
299 
300 /** \brief IKEv2: Set the tunnel interface which will be protected by IKE
301  If this API is not called, a new tunnel will be created
302  @param client_index - opaque cookie to identify the sender
303  @param context - sender context, to match reply w/ request
304  @param name - IKEv2 profile name
305  @param sw_if_index - Of an existing tunnel
306 */
307 autoreply define ikev2_set_tunnel_interface
308 {
311  string name[64];
312 
313  vl_api_interface_index_t sw_if_index;
314  option status="in_progress";
315 };
316 
317 /** \brief IKEv2: Set IKEv2 responder interface and IP address
318  @param client_index - opaque cookie to identify the sender
319  @param context - sender context, to match reply w/ request
320  @param name - IKEv2 profile name
321  @param responder - responder data
322 */
323 autoreply define ikev2_set_responder
324 {
327 
328  string name[64];
329  vl_api_ikev2_responder_t responder;
330  option vat_help = "<profile_name> interface <interface> address <addr>";
331  option status="in_progress";
332 };
333 
334 /** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
335  @param client_index - opaque cookie to identify the sender
336  @param context - sender context, to match reply w/ request
337  @param name - IKEv2 profile name
338  @param tr - IKE transforms
339 */
340 autoreply define ikev2_set_ike_transforms
341 {
344 
345  string name[64];
346  vl_api_ikev2_ike_transforms_t tr;
347  option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
348  option status="in_progress";
349 };
350 
351 /** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
352  @param client_index - opaque cookie to identify the sender
353  @param context - sender context, to match reply w/ request
354  @param name - IKEv2 profile name
355  @param tr - ESP transforms
356 */
357 autoreply define ikev2_set_esp_transforms
358 {
361 
362  string name[64];
363  vl_api_ikev2_esp_transforms_t tr;
364  option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg>";
365  option status="in_progress";
366 };
367 
368 /** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
369  @param client_index - opaque cookie to identify the sender
370  @param context - sender context, to match reply w/ request
371  @param name - IKEv2 profile name
372  @param lifetime - SA maximum life time in seconds (0 to disable)
373  @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
374  @param handover - Hand over time
375  @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
376 */
377 autoreply define ikev2_set_sa_lifetime
378 {
381 
382  string name[64];
387  option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
388  option status="in_progress";
389 };
390 
391 /** \brief IKEv2: Initiate the SA_INIT exchange
392  @param client_index - opaque cookie to identify the sender
393  @param context - sender context, to match reply w/ request
394  @param name - IKEv2 profile name
395 */
396 autoreply define ikev2_initiate_sa_init
397 {
400 
401  string name[64];
402  option vat_help = "<profile_name>";
403  option status="in_progress";
404 };
405 
406 /** \brief IKEv2: Initiate the delete IKE SA exchange
407  @param client_index - opaque cookie to identify the sender
408  @param context - sender context, to match reply w/ request
409  @param ispi - IKE SA initiator SPI
410 */
411 autoreply define ikev2_initiate_del_ike_sa
412 {
415 
417  option vat_help = "<ispi>";
418  option status="in_progress";
419 };
420 
421 /** \brief IKEv2: Initiate the delete Child SA exchange
422  @param client_index - opaque cookie to identify the sender
423  @param context - sender context, to match reply w/ request
424  @param ispi - Child SA initiator SPI
425 */
426 autoreply define ikev2_initiate_del_child_sa
427 {
430 
432  option vat_help = "<ispi>";
433  option status="in_progress";
434 };
435 
436 /** \brief IKEv2: Initiate the rekey Child SA exchange
437  @param client_index - opaque cookie to identify the sender
438  @param context - sender context, to match reply w/ request
439  @param ispi - Child SA initiator SPI
440 */
442 {
445 
447  option vat_help = "<ispi>";
448  option status="in_progress";
449 };
450 
451 /** \brief IKEv2: Set UDP encapsulation
452  @param client_index - opaque cookie to identify the sender
453  @param context - sender context, to match reply w/ request
454  @param name - IKEv2 profile name
455 */
456 autoreply define ikev2_profile_set_udp_encap
457 {
460 
461  string name[64];
462  option status="in_progress";
463 };
464 
465 /** \brief IKEv2: Set/unset custom ipsec-over-udp port
466  @param client_index - opaque cookie to identify the sender
467  @param context - sender context, to match reply w/ request
468  @param is_set - whether set or unset custom port
469  @param port - port number
470  @param name - IKEv2 profile name
471 */
472 autoreply define ikev2_profile_set_ipsec_udp_port
473 {
476 
479  string name[64];
480  option status="in_progress";
481 };
482 
483 /** \brief IKEv2: Set liveness parameters
484  @param client_index - opaque cookie to identify the sender
485  @param context - sender context, to match reply w/ request
486  @param period - how often is liveness check performed
487  @param max_retries - max retries for liveness check
488 */
489 autoreply define ikev2_profile_set_liveness
490 {
493 
496  option status="in_progress";
497 };
498 
499 /*
500  * Local Variables:
501  * eval: (c-set-style "gnu")
502  * End:
503  */
vl_api_ikev2_sa_t sa
Definition: ikev2.api:89
vl_api_ikev2_ike_transforms_t tr
Definition: ikev2.api:346
vl_api_ikev2_ts_t ts
Definition: ikev2.api:280
unsigned long u64
Definition: types.h:89
unsigned char u8
Definition: types.h:56
u8 data[128]
Definition: ipsec_types.api:90
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:4166
unsigned int u32
Definition: types.h:88
vl_api_ikev2_esp_transforms_t tr
Definition: ikev2.api:363
unsigned short u16
Definition: types.h:57
u8 data_len
Definition: ikev2_types.api:24
vl_api_ikev2_profile_t profile
Definition: ikev2.api:63
vl_api_interface_index_t sw_if_index
Definition: ikev2.api:313
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
Definition: ikev2.c:3606
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:4514
string name[64]
Definition: ip.api:44
signed int i32
Definition: types.h:77
vl_api_ikev2_responder_t responder
Definition: ikev2.api:329
option version
Definition: ikev2.api:17
vl_api_ikev2_child_sa_t child_sa
Definition: ikev2.api:118