FD.io VPP  v21.10.1-2-g0a485f517
Vector Packet Processing
ipsec.api
Go to the documentation of this file.
1 /* Hey Emacs use -*- mode: C -*- */
2 /*
3  * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 option version = "5.0.2";
18 
19 import "vnet/ipsec/ipsec_types.api";
20 import "vnet/interface_types.api";
21 import "vnet/ip/ip_types.api";
22 import "vnet/interface_types.api";
23 import "vnet/tunnel/tunnel_types.api";
24 
25 /** \brief IPsec: Add/delete Security Policy Database
26  @param client_index - opaque cookie to identify the sender
27  @param context - sender context, to match reply w/ request
28  @param is_add - add SPD if non-zero, else delete
29  @param spd_id - SPD instance id (control plane allocated)
30 */
31 
32 autoreply define ipsec_spd_add_del
33 {
36  bool is_add;
38 };
39 
40 /** \brief IPsec: Add/delete SPD from interface
41 
42  @param client_index - opaque cookie to identify the sender
43  @param context - sender context, to match reply w/ request
44  @param is_add - add security mode if non-zero, else delete
45  @param sw_if_index - index of the interface
46  @param spd_id - SPD instance id to use for lookups
47 */
48 
49 
50 autoreply define ipsec_interface_add_del_spd
51 {
54 
55  bool is_add;
56  vl_api_interface_index_t sw_if_index;
58 };
59 
60 
62 {
63  /* bypass - no IPsec processing */
65  /* discard - discard packet with ICMP processing */
67  /* resolve - send request to control plane for SA resolving */
69  /* protect - apply IPsec policy using following parameters */
71 };
72 
73 /** \brief IPsec: Security Policy Database entry
74 
75  See RFC 4301, 4.4.1.1 on how to match packet to selectors
76 
77  @param spd_id - SPD instance id (control plane allocated)
78  @param priority - priority of SPD entry (non-unique value). Used to order SPD matching - higher priorities match before lower
79  @param is_outbound - entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic
80  @param remote_address_start - start of remote address range to match
81  @param remote_address_stop - end of remote address range to match
82  @param local_address_start - start of local address range to match
83  @param local_address_stop - end of local address range to match
84  @param protocol - protocol type to match [0 means any] otherwise IANA value
85  @param remote_port_start - start of remote port range to match ...
86  @param remote_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
87  @param local_port_start - start of local port range to match ...
88  @param local_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
89  @param policy - action to perform on match
90  @param sa_id - SAD instance id (control plane allocated)
91 */
92 typedef ipsec_spd_entry
93 {
94  u32 spd_id;
97 
99  vl_api_ipsec_spd_action_t policy;
100  /* Which protocol?? */
102 
103  // Selector
104  vl_api_address_t remote_address_start;
105  vl_api_address_t remote_address_stop;
106  vl_api_address_t local_address_start;
107  vl_api_address_t local_address_stop;
108 
113 };
114 
115 /** \brief IPsec: Add/delete Security Policy Database entry
116 
117  @param client_index - opaque cookie to identify the sender
118  @param context - sender context, to match reply w/ request
119  @param is_add - add SPD if non-zero, else delete
120  @param entry - Description of the entry to add/dell
121 */
122 define ipsec_spd_entry_add_del
123 {
126  bool is_add;
127  vl_api_ipsec_spd_entry_t entry;
128 };
129 
130 /** \brief IPsec: Reply Add/delete Security Policy Database entry
131 
132  @param context - sender context, to match reply w/ request
133  @param retval - success/fail rutrun code
134  @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
135 */
136 define ipsec_spd_entry_add_del_reply
137 {
141 };
142 
143 /** \brief Dump IPsec all SPD IDs
144  @param client_index - opaque cookie to identify the sender
145  @param context - sender context, to match reply w/ request
146 */
147 define ipsec_spds_dump {
150 };
151 
152 /** \brief Dump IPsec all SPD IDs response
153  @param client_index - opaque cookie to identify the sender
154  @param spd_id - SPD instance id (control plane allocated)
155  @param npolicies - number of policies in SPD
156 */
157 define ipsec_spds_details {
161 };
162 
163 /** \brief Dump ipsec policy database data
164  @param client_index - opaque cookie to identify the sender
165  @param context - sender context, to match reply w/ request
166  @param spd_id - SPD instance id
167  @param sa_id - SA id, optional, set to ~0 to see all policies in SPD
168 */
169 define ipsec_spd_dump {
174 };
175 
176 /** \brief IPsec policy database response
177  @param context - sender context which was passed in the request
178  €param entry - The SPD entry.
179  @param bytes - byte count of packets matching this policy
180  @param packets - count of packets matching this policy
181 */
182 define ipsec_spd_details {
184  vl_api_ipsec_spd_entry_t entry;
185 };
186 
187 /** \brief IPsec: Add/delete Security Association Database entry
188  @param client_index - opaque cookie to identify the sender
189  @param context - sender context, to match reply w/ request
190  @param entry - Entry to add or delete
191  */
192 define ipsec_sad_entry_add_del
193 {
194  option deprecated;
197  bool is_add;
198  vl_api_ipsec_sad_entry_t entry;
199 };
200 define ipsec_sad_entry_add_del_v2
201 {
204  bool is_add;
205  vl_api_ipsec_sad_entry_v2_t entry;
206 };
207 define ipsec_sad_entry_add_del_v3
208 {
211  bool is_add;
212  vl_api_ipsec_sad_entry_v3_t entry;
213 };
214 define ipsec_sad_entry_add
215 {
218  vl_api_ipsec_sad_entry_v3_t entry;
219 };
220 autoreply define ipsec_sad_entry_del
221 {
225 };
226 
227 define ipsec_sad_entry_add_del_reply
228 {
229  option deprecated;
233 };
234 define ipsec_sad_entry_add_del_v2_reply
235 {
239 };
240 define ipsec_sad_entry_add_del_v3_reply
241 {
245 };
246 define ipsec_sad_entry_add_reply
247 {
251 };
252 
253 /** \brief Add or Update Protection for a tunnel with IPSEC
254 
255  Tunnel protection directly associates an SA with all packets
256  ingress and egress on the tunnel. This could also be achieved by
257  assigning an SPD to the tunnel, but that would incur an unnessccary
258  SPD entry lookup.
259 
260  For tunnels the ESP acts on the post-encapsulated packet. So if this
261  packet:
262  +---------+------+
263  | Payload | O-IP |
264  +---------+------+
265  where O-IP is the overlay IP addrees that was routed into the tunnel,
266  the resulting encapsulated packet will be:
267  +---------+------+------+
268  | Payload | O-IP | T-IP |
269  +---------+------+------+
270  where T-IP is the tunnel's src.dst IP addresses.
271  If the SAs used for protection are in transport mode then the ESP is
272  inserted before T-IP, i.e.:
273  +---------+------+-----+------+
274  | Payload | O-IP | ESP | T-IP |
275  +---------+------+-----+------+
276  If the SAs used for protection are in tunnel mode then another
277  encapsulation occurs, i.e.:
278  +---------+------+------+-----+------+
279  | Payload | O-IP | T-IP | ESP | C-IP |
280  +---------+------+------+-----+------+
281  where C-IP are the crypto endpoint IP addresses defined as the tunnel
282  endpoints in the SA.
283  The mode for the inbound and outbound SA must be the same.
284 
285  @param client_index - opaque cookie to identify the sender
286  @param context - sender context, to match reply w/ request
287  @param sw_id_index - Tunnel interface to protect
288  @param nh - The peer/next-hop on the tunnel to which the traffic
289  should be protected. For a P2P interface set this to the
290  all 0s address.
291  @param sa_in - The ID [set] of inbound SAs
292  @param sa_out - The ID of outbound SA
293 */
294 typedef ipsec_tunnel_protect
295 {
296  vl_api_interface_index_t sw_if_index;
297  vl_api_address_t nh;
301 };
302 
303 autoreply define ipsec_tunnel_protect_update
304 {
307 
308  vl_api_ipsec_tunnel_protect_t tunnel;
309 };
310 
311 autoreply define ipsec_tunnel_protect_del
312 {
315 
316  vl_api_interface_index_t sw_if_index;
317  vl_api_address_t nh;
318 };
319 
320 /**
321  * @brief Dump all tunnel protections
322  */
323 define ipsec_tunnel_protect_dump
324 {
327  vl_api_interface_index_t sw_if_index;
328 };
329 
330 define ipsec_tunnel_protect_details
331 {
333  vl_api_ipsec_tunnel_protect_t tun;
334 };
335 
336 /** \brief IPsec: Get SPD interfaces
337  @param client_index - opaque cookie to identify the sender
338  @param context - sender context, to match reply w/ request
339  @param spd_index - SPD index
340  @param spd_index_valid - if 1 spd_index is used to filter
341  spd_index's, if 0 no filtering is done
342 */
343 define ipsec_spd_interface_dump {
348 };
349 
350 /** \brief IPsec: SPD interface response
351  @param context - sender context which was passed in the request
352  @param spd_index - SPD index
353  @param sw_if_index - index of the interface
354 */
355 define ipsec_spd_interface_details {
358  vl_api_interface_index_t sw_if_index;
359 };
360 
361 typedef ipsec_itf
362 {
363  u32 user_instance [default=0xffffffff];
364  vl_api_tunnel_mode_t mode;
365  vl_api_interface_index_t sw_if_index;
366 };
367 
368 /** \brief Create an IPSec interface
369  */
373  vl_api_ipsec_itf_t itf;
374 };
375 
376 /** \brief Add IPsec interface interface response
377  @param context - sender context, to match reply w/ request
378  @param retval - return status
379  @param sw_if_index - sw_if_index of new interface (for successful add)
380 */
381 define ipsec_itf_create_reply
382 {
385  vl_api_interface_index_t sw_if_index;
386 };
387 
388 autoreply define ipsec_itf_delete
389 {
392  vl_api_interface_index_t sw_if_index;
393 };
394 
395 define ipsec_itf_dump
396 {
399  vl_api_interface_index_t sw_if_index;
400 };
401 
402 define ipsec_itf_details
403 {
405  vl_api_ipsec_itf_t itf;
406 };
407 
408 /** \brief Dump IPsec security association
409  @param client_index - opaque cookie to identify the sender
410  @param context - sender context, to match reply w/ request
411  @param sa_id - optional ID of an SA to dump, if ~0 dump all SAs in SAD
412 */
413 define ipsec_sa_dump
414 {
415  option deprecated;
419 };
420 define ipsec_sa_v2_dump
421 {
425 };
426 define ipsec_sa_v3_dump
427 {
431 };
432 
433 /** \brief IPsec security association database response
434  @param context - sender context which was passed in the request
435  @param entry - The SA details
436  @param sw_if_index - sw_if_index of tunnel interface, policy-based SAs = ~0
437  @param salt - 4 byte salt
438  @param seq - current sequence number for outbound
439  @param seq_hi - high 32 bits of ESN for outbound
440  @param last_seq - highest sequence number received inbound
441  @param last_seq_hi - high 32 bits of highest ESN received inbound
442  @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
443  @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa
444 */
445 define ipsec_sa_details {
446  option deprecated;
448  vl_api_ipsec_sad_entry_t entry;
449 
450  vl_api_interface_index_t sw_if_index;
455 
457 };
458 define ipsec_sa_v2_details {
460  vl_api_ipsec_sad_entry_v2_t entry;
461 
462  vl_api_interface_index_t sw_if_index;
467 
469 };
470 define ipsec_sa_v3_details {
472  vl_api_ipsec_sad_entry_v3_t entry;
473 
474  vl_api_interface_index_t sw_if_index;
478 
480 };
481 
482 /** \brief Dump IPsec backends
483  @param client_index - opaque cookie to identify the sender
484  @param context - sender context, to match reply w/ request
485 */
486 define ipsec_backend_dump {
489 };
490 
491 /** \brief IPsec backend details
492  @param name - name of the backend
493  @param protocol - IPsec protocol (value from ipsec_protocol_t)
494  @param index - backend index
495  @param active - set to 1 if the backend is active, otherwise 0
496 */
497 define ipsec_backend_details {
499  string name[128];
500  vl_api_ipsec_proto_t protocol;
502  bool active;
503 };
504 
505 /** \brief Select IPsec backend
506  @param client_index - opaque cookie to identify the sender
507  @param context - sender context, to match reply w/ request
508  @param protocol - IPsec protocol (value from ipsec_protocol_t)
509  @param index - backend index
510 */
511 autoreply define ipsec_select_backend {
514  vl_api_ipsec_proto_t protocol;
516 };
517 
518 
519 /** \brief IPsec Set Async mode
520  @param client_index - opaque cookie to identify the sender
521  @param context - sender context, to match reply w/ request
522  @param async_enable - ipsec async mode on or off
523 */
524 autoreply define ipsec_set_async_mode {
528 };
529 
530 /*
531  * Local Variables:
532  * eval: (c-set-style "gnu")
533  * End:
534  */
vl_api_ipsec_sa_dump_t
Dump IPsec security association.
Definition: ipsec.api:413
vl_api_ipsec_sa_v3_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:476
vl_api_ipsec_sad_entry_add_del_reply_t::retval
i32 retval
Definition: ipsec.api:231
vl_api_ipsec_spd_interface_details_t::context
u32 context
Definition: ipsec.api:356
vl_api_ipsec_backend_dump_t::context
u32 context
Definition: ipsec.api:488
vl_api_ipsec_spd_dump_t::spd_id
u32 spd_id
Definition: ipsec.api:172
vl_api_ipsec_sa_v2_details_t::entry
vl_api_ipsec_sad_entry_v2_t entry
Definition: ipsec.api:460
vl_api_ipsec_tunnel_protect_del_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:316
vl_api_ipsec_sa_v3_details_t::entry
vl_api_ipsec_sad_entry_v3_t entry
Definition: ipsec.api:472
vl_api_ipsec_backend_dump_t
Dump IPsec backends.
Definition: ipsec.api:486
vl_api_ipsec_sad_entry_del_t::context
u32 context
Definition: ipsec.api:223
n_sa_in
u8 n_sa_in
Definition: ipsec.api:299
vl_api_ipsec_sad_entry_add_del_v2_reply_t::retval
i32 retval
Definition: ipsec.api:237
vl_api_ipsec_tunnel_protect_update_t::client_index
u32 client_index
Definition: ipsec.api:305
vl_api_ipsec_sa_v3_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:474
vl_api_ipsec_sad_entry_add_del_reply_t::context
u32 context
Definition: ipsec.api:230
vl_api_ipsec_interface_add_del_spd_t::spd_id
u32 spd_id
Definition: ipsec.api:57
vl_api_ipsec_sa_v2_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:464
vl_api_ipsec_sad_entry_add_reply_t::context
u32 context
Definition: ipsec.api:248
vl_api_ipsec_tunnel_protect_del_t::nh
vl_api_address_t nh
Definition: ipsec.api:317
vl_api_ipsec_itf_details_t::itf
vl_api_ipsec_itf_t itf
Definition: ipsec.api:405
vl_api_ipsec_sad_entry_add_del_v3_t
Definition: ipsec.api:207
vl_api_ipsec_sad_entry_add_del_v3_t::context
u32 context
Definition: ipsec.api:210
vl_api_ipsec_sad_entry_add_del_t
IPsec: Add/delete Security Association Database entry.
Definition: ipsec.api:192
vl_api_ipsec_sad_entry_add_del_v3_reply_t
Definition: ipsec.api:240
vl_api_ipsec_spd_entry_add_del_reply_t::retval
i32 retval
Definition: ipsec.api:139
local_port_stop
u16 local_port_stop
Definition: ipsec.api:112
vl_api_ipsec_spd_details_t
IPsec policy database response.
Definition: ipsec.api:182
vl_api_ipsec_sa_v2_dump_t
Definition: ipsec.api:420
policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:99
vl_api_ipsec_spd_add_del_t::is_add
bool is_add
Definition: ipsec.api:36
vl_api_ipsec_sa_details_t::stat_index
u32 stat_index
Definition: ipsec.api:456
IPSEC_API_SPD_ACTION_PROTECT
@ IPSEC_API_SPD_ACTION_PROTECT
Definition: ipsec.api:70
vl_api_ipsec_spd_entry_add_del_t::is_add
bool is_add
Definition: ipsec.api:126
name
string name[64]
Definition: fib.api:25
vl_api_ipsec_sa_dump_t::client_index
u32 client_index
Definition: ipsec.api:416
vl_api_ipsec_itf_create_reply_t
Add IPsec interface interface response.
Definition: ipsec.api:381
vl_api_ipsec_spd_entry_add_del_reply_t
IPsec: Reply Add/delete Security Policy Database entry.
Definition: ipsec.api:136
vl_api_ipsec_sa_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:453
remote_address_start
vl_api_address_t remote_address_start
Definition: ipsec.api:104
vl_api_ipsec_sa_v2_details_t::last_seq_inbound
u64 last_seq_inbound
Definition: ipsec.api:465
vl_api_ipsec_sa_v3_details_t::replay_window
u64 replay_window
Definition: ipsec.api:477
vl_api_ipsec_itf_dump_t
Definition: ipsec.api:395
vl_api_ipsec_tunnel_protect_dump_t::context
u32 context
Definition: ipsec.api:326
local_address_start
vl_api_address_t local_address_start
Definition: ipsec.api:106
u16
unsigned short u16
Definition: types.h:57
vl_api_ipsec_sa_details_t::salt
u32 salt
Definition: ipsec.api:451
vl_api_ipsec_sad_entry_add_del_t::client_index
u32 client_index
Definition: ipsec.api:195
vl_api_ipsec_itf_create_reply_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:385
vl_api_ipsec_spd_add_del_t::client_index
u32 client_index
Definition: ipsec.api:34
vl_api_ipsec_sa_details_t::context
u32 context
Definition: ipsec.api:447
vl_api_ipsec_sa_v3_details_t
Definition: ipsec.api:470
ipsec_tunnel_protect
typedef ipsec_tunnel_protect
Add or Update Protection for a tunnel with IPSEC.
Definition: ipsec.api:295
vl_api_ipsec_spd_details_t::context
u32 context
Definition: ipsec.api:183
vl_api_ipsec_tunnel_protect_details_t::tun
vl_api_ipsec_tunnel_protect_t tun
Definition: ipsec.api:333
vl_api_ipsec_sad_entry_add_del_v2_reply_t
Definition: ipsec.api:234
vl_api_ipsec_sad_entry_del_t::id
u32 id
Definition: ipsec.api:224
vl_api_ipsec_spd_details_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:184
vl_api_ipsec_spd_interface_dump_t::spd_index
u32 spd_index
Definition: ipsec.api:346
vl_api_ipsec_sa_v3_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:475
vl_api_ipsec_sa_v3_details_t::stat_index
u32 stat_index
Definition: ipsec.api:479
sa_out
u32 sa_out
Definition: ipsec.api:298
vl_api_ipsec_sad_entry_add_del_t::context
u32 context
Definition: ipsec.api:196
vl_api_ipsec_sad_entry_add_del_t::is_add
bool is_add
Definition: ipsec.api:197
vl_api_ipsec_tunnel_protect_del_t::client_index
u32 client_index
Definition: ipsec.api:313
vl_api_ipsec_set_async_mode_t
IPsec Set Async mode.
Definition: ipsec.api:524
vl_api_ipsec_spds_details_t::npolicies
u32 npolicies
Definition: ipsec.api:160
local_address_stop
vl_api_address_t local_address_stop
Definition: ipsec.api:107
vl_api_ipsec_spd_add_del_t
IPsec: Add/delete Security Policy Database.
Definition: ipsec.api:32
vl_api_ipsec_tunnel_protect_dump_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:327
vl_api_ipsec_sad_entry_add_del_t::deprecated
option deprecated
Definition: ipsec.api:194
vl_api_ipsec_spd_entry_add_del_t
IPsec: Add/delete Security Policy Database entry.
Definition: ipsec.api:122
i32
signed int i32
Definition: types.h:77
protocol
u8 protocol
Definition: ipsec.api:101
vl_api_ipsec_tunnel_protect_details_t
Definition: ipsec.api:330
vl_api_ipsec_itf_delete_t::context
u32 context
Definition: ipsec.api:391
ipsec_spd_action
ipsec_spd_action
Definition: ipsec.api:61
vl_api_ipsec_sad_entry_add_del_v2_t::client_index
u32 client_index
Definition: ipsec.api:202
vl_api_ipsec_sad_entry_add_del_v3_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:244
is_outbound
bool is_outbound
Definition: ipsec.api:96
IPSEC_API_SPD_ACTION_RESOLVE
@ IPSEC_API_SPD_ACTION_RESOLVE
Definition: ipsec.api:68
vl_api_ipsec_spd_add_del_t::context
u32 context
Definition: ipsec.api:35
ipsec_itf_create
int ipsec_itf_create(u32 user_instance, tunnel_mode_t mode, u32 *sw_if_indexp)
Definition: ipsec_itf.c:272
vl_api_ipsec_sa_v2_details_t::stat_index
u32 stat_index
Definition: ipsec.api:468
vl_api_ipsec_sad_entry_add_reply_t::retval
i32 retval
Definition: ipsec.api:249
ipsec_itf
typedef ipsec_itf
Definition: ipsec.api:362
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:365
vl_api_ipsec_interface_add_del_spd_t
IPsec: Add/delete SPD from interface.
Definition: ipsec.api:50
vl_api_ipsec_spds_dump_t
Dump IPsec all SPD IDs.
Definition: ipsec.api:147
vl_api_ipsec_sad_entry_add_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:250
vl_api_ipsec_sa_dump_t::deprecated
option deprecated
Definition: ipsec.api:415
vl_api_ipsec_sad_entry_add_del_v3_t::client_index
u32 client_index
Definition: ipsec.api:209
vl_api_ipsec_interface_add_del_spd_t::context
u32 context
Definition: ipsec.api:53
priority
i32 priority
Definition: ipsec.api:95
vl_api_ipsec_backend_details_t::name
string name[128]
Definition: ipsec.api:499
vl_api_ipsec_spd_add_del_t::spd_id
u32 spd_id
Definition: ipsec.api:37
vl_api_ipsec_sad_entry_add_del_v3_t::entry
vl_api_ipsec_sad_entry_v3_t entry
Definition: ipsec.api:212
vl_api_ipsec_sad_entry_add_del_v2_reply_t::context
u32 context
Definition: ipsec.api:236
vl_api_ipsec_spd_interface_details_t
IPsec: SPD interface response.
Definition: ipsec.api:355
vl_api_ipsec_spd_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:173
vl_api_ipsec_sa_v2_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:462
vl_api_ipsec_itf_create_t
Create an IPSec interface.
Definition: ipsec.api:370
vl_api_ipsec_spds_details_t
Dump IPsec all SPD IDs response.
Definition: ipsec.api:157
vl_api_ipsec_itf_dump_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:399
vl_api_ipsec_sa_v3_details_t::context
u32 context
Definition: ipsec.api:471
vl_api_ipsec_itf_details_t::context
u32 context
Definition: ipsec.api:404
vl_api_ipsec_spd_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:140
vl_api_ipsec_sa_v2_dump_t::client_index
u32 client_index
Definition: ipsec.api:422
vl_api_ipsec_select_backend_t::client_index
u32 client_index
Definition: ipsec.api:512
sa_in
u32 sa_in[n_sa_in]
Definition: ipsec.api:300
vl_api_ipsec_sad_entry_add_t
Definition: ipsec.api:214
vl_api_ipsec_backend_dump_t::client_index
u32 client_index
Definition: ipsec.api:487
vl_api_ipsec_sa_v2_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:424
vl_api_ipsec_sa_dump_t::context
u32 context
Definition: ipsec.api:417
vl_api_ipsec_itf_delete_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:392
ipsec_spd_entry
typedef ipsec_spd_entry
IPsec: Security Policy Database entry.
Definition: ipsec.api:93
remote_port_stop
u16 remote_port_stop
Definition: ipsec.api:110
vl_api_ipsec_sa_details_t::seq_outbound
u64 seq_outbound
Definition: ipsec.api:452
remote_address_stop
vl_api_address_t remote_address_stop
Definition: ipsec.api:105
vl_api_ipsec_select_backend_t::context
u32 context
Definition: ipsec.api:513
vl_api_ipsec_spd_interface_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:358
vl_api_ipsec_sad_entry_add_del_reply_t::deprecated
option deprecated
Definition: ipsec.api:229
sa_id
u32 sa_id
Definition: ipsec.api:98
vl_api_ipsec_spd_dump_t::context
u32 context
Definition: ipsec.api:171
vl_api_ipsec_backend_details_t::context
u32 context
Definition: ipsec.api:498
version
option version
Definition: ipsec.api:17
vl_api_ipsec_tunnel_protect_del_t
Definition: ipsec.api:311
vl_api_ipsec_backend_details_t::active
bool active
Definition: ipsec.api:502
vl_api_ipsec_spd_entry_add_del_t::client_index
u32 client_index
Definition: ipsec.api:124
vl_api_ipsec_sad_entry_add_del_v3_t::is_add
bool is_add
Definition: ipsec.api:211
vl_api_ipsec_sad_entry_add_reply_t
Definition: ipsec.api:246
vl_api_ipsec_itf_create_reply_t::context
u32 context
Definition: ipsec.api:383
vl_api_ipsec_select_backend_t
Select IPsec backend.
Definition: ipsec.api:511
vl_api_ipsec_sa_v3_dump_t
Definition: ipsec.api:426
vl_api_ipsec_tunnel_protect_details_t::context
u32 context
Definition: ipsec.api:332
vl_api_ipsec_backend_details_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:500
vl_api_ipsec_tunnel_protect_update_t
Definition: ipsec.api:303
vl_api_ipsec_spds_details_t::context
u32 context
Definition: ipsec.api:158
vl_api_ipsec_spd_dump_t::client_index
u32 client_index
Definition: ipsec.api:170
vl_api_ipsec_sad_entry_add_del_v2_t::is_add
bool is_add
Definition: ipsec.api:204
vl_api_ipsec_spds_dump_t::client_index
u32 client_index
Definition: ipsec.api:148
vl_api_ipsec_spd_entry_add_del_reply_t::context
u32 context
Definition: ipsec.api:138
vl_api_ipsec_sa_details_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:448
vl_api_ipsec_itf_create_reply_t::retval
i32 retval
Definition: ipsec.api:384
vl_api_ipsec_sad_entry_add_del_v2_t::entry
vl_api_ipsec_sad_entry_v2_t entry
Definition: ipsec.api:205
vl_api_ipsec_tunnel_protect_update_t::tunnel
vl_api_ipsec_tunnel_protect_t tunnel
Definition: ipsec.api:308
vl_api_ipsec_sa_v3_dump_t::context
u32 context
Definition: ipsec.api:429
vl_api_ipsec_spd_interface_dump_t::context
u32 context
Definition: ipsec.api:345
u64
unsigned long u64
Definition: types.h:89
vl_api_ipsec_backend_details_t
IPsec backend details.
Definition: ipsec.api:497
IPSEC_API_SPD_ACTION_BYPASS
@ IPSEC_API_SPD_ACTION_BYPASS
Definition: ipsec.api:64
vl_api_ipsec_sad_entry_add_del_v2_t::context
u32 context
Definition: ipsec.api:203
vl_api_ipsec_sad_entry_add_del_v2_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:238
vl_api_ipsec_spd_dump_t
Dump ipsec policy database data.
Definition: ipsec.api:169
u32
unsigned int u32
Definition: types.h:88
vl_api_ipsec_sa_details_t::deprecated
option deprecated
Definition: ipsec.api:446
vl_api_ipsec_backend_details_t::index
u8 index
Definition: ipsec.api:501
vl_api_ipsec_spd_entry_add_del_t::entry
vl_api_ipsec_spd_entry_t entry
Definition: ipsec.api:127
vl_api_ipsec_sa_v2_dump_t::context
u32 context
Definition: ipsec.api:423
vl_api_ipsec_interface_add_del_spd_t::client_index
u32 client_index
Definition: ipsec.api:52
vl_api_ipsec_set_async_mode_t::client_index
u32 client_index
Definition: ipsec.api:525
vl_api_ipsec_sa_details_t::replay_window
u64 replay_window
Definition: ipsec.api:454
ipsec_set_async_mode
void ipsec_set_async_mode(u32 is_enabled)
Definition: ipsec.c:328
vl_api_ipsec_sad_entry_add_del_reply_t
Definition: ipsec.api:227
vl_api_ipsec_sa_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:418
remote_port_start
u16 remote_port_start
Definition: ipsec.api:109
vl_api_ipsec_select_backend_t::index
u8 index
Definition: ipsec.api:515
vl_api_ipsec_sad_entry_add_t::context
u32 context
Definition: ipsec.api:217
vl_api_ipsec_select_backend_t::protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec.api:514
vl_api_ipsec_itf_create_t::itf
vl_api_ipsec_itf_t itf
Definition: ipsec.api:373
vl_api_ipsec_sad_entry_del_t
Definition: ipsec.api:220
vl_api_ipsec_spd_interface_dump_t::spd_index_valid
u8 spd_index_valid
Definition: ipsec.api:347
vl_api_ipsec_set_async_mode_t::context
u32 context
Definition: ipsec.api:526
vl_api_ipsec_spd_entry_add_del_t::context
u32 context
Definition: ipsec.api:125
vl_api_ipsec_itf_dump_t::client_index
u32 client_index
Definition: ipsec.api:397
vl_api_ipsec_itf_delete_t
Definition: ipsec.api:388
u8
unsigned char u8
Definition: types.h:56
IPSEC_API_SPD_ACTION_DISCARD
@ IPSEC_API_SPD_ACTION_DISCARD
Definition: ipsec.api:66
vl_api_ipsec_sad_entry_add_t::entry
vl_api_ipsec_sad_entry_v3_t entry
Definition: ipsec.api:218
nh
vl_api_address_t nh
Definition: ipsec.api:297
vl_api_ipsec_itf_dump_t::context
u32 context
Definition: ipsec.api:398
vl_api_ipsec_itf_details_t
Definition: ipsec.api:402
vl_api_ipsec_sa_details_t
IPsec security association database response.
Definition: ipsec.api:445
vl_api_ipsec_tunnel_protect_dump_t
Dump all tunnel protections.
Definition: ipsec.api:323
vl_api_ipsec_interface_add_del_spd_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:56
vl_api_ipsec_spd_interface_details_t::spd_index
u32 spd_index
Definition: ipsec.api:357
ipsec_itf_delete
int ipsec_itf_delete(u32 sw_if_index)
Definition: ipsec_itf.c:320
vl_api_ipsec_itf_create_t::client_index
u32 client_index
Definition: ipsec.api:371
mode
vl_api_tunnel_mode_t mode
Definition: ipsec.api:364
vl_api_ipsec_spd_interface_dump_t::client_index
u32 client_index
Definition: ipsec.api:344
vl_api_ipsec_sad_entry_add_del_v3_reply_t::context
u32 context
Definition: ipsec.api:242
vl_api_ipsec_tunnel_protect_dump_t::client_index
u32 client_index
Definition: ipsec.api:325
vl_api_ipsec_sa_v3_dump_t::client_index
u32 client_index
Definition: ipsec.api:428
vl_api_ipsec_sa_v2_details_t::context
u32 context
Definition: ipsec.api:459
vl_api_ipsec_tunnel_protect_del_t::context
u32 context
Definition: ipsec.api:314
local_port_start
u16 local_port_start
Definition: ipsec.api:111
vl_api_ipsec_tunnel_protect_update_t::context
u32 context
Definition: ipsec.api:306
vl_api_ipsec_sad_entry_add_del_v2_t
Definition: ipsec.api:200
vl_api_ipsec_sad_entry_add_del_v3_reply_t::retval
i32 retval
Definition: ipsec.api:243
vl_api_ipsec_sad_entry_add_t::client_index
u32 client_index
Definition: ipsec.api:216
vl_api_ipsec_spds_details_t::spd_id
u32 spd_id
Definition: ipsec.api:159
vl_api_ipsec_sad_entry_del_t::client_index
u32 client_index
Definition: ipsec.api:222
vl_api_ipsec_spds_dump_t::context
u32 context
Definition: ipsec.api:149
vl_api_ipsec_sad_entry_add_del_t::entry
vl_api_ipsec_sad_entry_t entry
Definition: ipsec.api:198
vl_api_ipsec_sad_entry_add_del_reply_t::stat_index
u32 stat_index
Definition: ipsec.api:232
vl_api_ipsec_sa_v3_dump_t::sa_id
u32 sa_id
Definition: ipsec.api:430
vl_api_ipsec_itf_delete_t::client_index
u32 client_index
Definition: ipsec.api:390
vl_api_ipsec_interface_add_del_spd_t::is_add
bool is_add
Definition: ipsec.api:55
vl_api_ipsec_sa_details_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: ipsec.api:450
vl_api_ipsec_sa_v2_details_t::salt
u32 salt
Definition: ipsec.api:463
vl_api_ipsec_set_async_mode_t::async_enable
bool async_enable
Definition: ipsec.api:527
vl_api_ipsec_itf_create_t::context
u32 context
Definition: ipsec.api:372
vl_api_ipsec_sa_v2_details_t::replay_window
u64 replay_window
Definition: ipsec.api:466
vl_api_ipsec_spd_interface_dump_t
IPsec: Get SPD interfaces.
Definition: ipsec.api:343
vl_api_ipsec_sa_v2_details_t
Definition: ipsec.api:458