FD.io VPP  v21.10.1-2-g0a485f517
Vector Packet Processing
ipsec_types.api
Go to the documentation of this file.
1 /* Hey Emacs use -*- mode: C -*- */
2 /*
3  * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 option version = "3.0.1";
18 
19 import "vnet/ip/ip_types.api";
20 import "vnet/tunnel/tunnel_types.api";
21 
22 /*
23  * @brief Support cryptographic algorithms
24  */
26 {
39 };
40 
41 /*
42  * @brief Supported Integrity Algorithms
43  */
45 {
47  /* RFC2403 */
49  /* RFC2404 */
51  /* draft-ietf-ipsec-ciph-sha-256-00 */
53  /* RFC4868 */
55  /* RFC4868 */
57  /* RFC4868 */
59 };
60 
62 {
64  /* Enable extended sequence numbers */
66  /* Enable Anti-replay */
68  /* IPsec tunnel mode if non-zero, else transport mode */
70  /* IPsec tunnel mode is IPv6 if non-zero,
71  * else IPv4 tunnel only valid if is_tunnel is non-zero
72  * DEPRECATED - the user does not need to set this it is
73  * derived from the tunnel's address types.
74  */
76  /* enable UDP encapsulation for NAT traversal */
78  /* IPsec SA is for inbound traffic */
80  /* IPsec SA uses an Async driver */
81  IPSEC_API_SAD_FLAG_ASYNC = 0x80 [backwards_compatible],
82 };
83 
85 {
88 };
89 
90 typedef key
91 {
92  /* the length of the key */
93  u8 length;
94  /* The data for the key */
95  u8 data[128];
96 };
97 
98 /** \brief IPsec: Security Association Database entry
99  @param client_index - opaque cookie to identify the sender
100  @param context - sender context, to match reply w/ request
101  @param is_add - add SAD entry if non-zero, else delete
102  @param sad_id - sad id
103  @param spi - security parameter index
104  @param protocol - 0 = AH, 1 = ESP
105  @param crypto_algorithm - a supported crypto algorithm
106  @param crypto_key - crypto keying material
107  @param integrity_algorithm - one of the supported algorithms
108  @param integrity_key - integrity keying material
109  @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
110  @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
111  @param tx_table_id - the FIB id used for encapsulated packets
112  @param salt - for use with counter mode ciphers
113  @param udp_src_port - If using UDP Encapsulation, use this source port for
114  TX. It is ignored for RX.
115  @param udp_dst_port - If using UDP Encapsulation, use this destination port
116  for TX. Expect traffic on this port for RX.
117  @param tunnel_flags - Flags controlling the copying of encap/decap value
118  @param dscp - Fixed DSCP vaule for tunnel encap
119  */
120 typedef ipsec_sad_entry
121 {
122  u32 sad_id;
123 
125 
126  vl_api_ipsec_proto_t protocol;
127 
128  vl_api_ipsec_crypto_alg_t crypto_algorithm;
129  vl_api_key_t crypto_key;
130 
131  vl_api_ipsec_integ_alg_t integrity_algorithm;
132  vl_api_key_t integrity_key;
133 
134  vl_api_ipsec_sad_flags_t flags;
135 
136  vl_api_address_t tunnel_src;
137  vl_api_address_t tunnel_dst;
140  u16 udp_src_port [default=4500];
141  u16 udp_dst_port [default=4500];
142 };
143 
144 typedef ipsec_sad_entry_v2
145 {
146  u32 sad_id;
147 
148  u32 spi;
149 
150  vl_api_ipsec_proto_t protocol;
151 
152  vl_api_ipsec_crypto_alg_t crypto_algorithm;
153  vl_api_key_t crypto_key;
154 
155  vl_api_ipsec_integ_alg_t integrity_algorithm;
156  vl_api_key_t integrity_key;
157 
158  vl_api_ipsec_sad_flags_t flags;
159 
160  vl_api_address_t tunnel_src;
161  vl_api_address_t tunnel_dst;
162  vl_api_tunnel_encap_decap_flags_t tunnel_flags;
163  vl_api_ip_dscp_t dscp;
165  u32 salt;
166  u16 udp_src_port [default=4500];
167  u16 udp_dst_port [default=4500];
168 };
169 
170 typedef ipsec_sad_entry_v3
171 {
172  u32 sad_id;
173  u32 spi;
174 
175  vl_api_ipsec_proto_t protocol;
176 
177  vl_api_ipsec_crypto_alg_t crypto_algorithm;
178  vl_api_key_t crypto_key;
179 
180  vl_api_ipsec_integ_alg_t integrity_algorithm;
181  vl_api_key_t integrity_key;
182 
183  vl_api_ipsec_sad_flags_t flags;
184 
185  vl_api_tunnel_t tunnel;
186 
187  u32 salt;
188  u16 udp_src_port [default=4500];
189  u16 udp_dst_port [default=4500];
190 };
191 
192 
193 /*
194  * Local Variables:
195  * eval: (c-set-style "gnu")
196  * End:
197  */
udp_src_port
u16 udp_src_port[default=4500]
Definition: ipsec_types.api:140
IPSEC_API_CRYPTO_ALG_DES_CBC
@ IPSEC_API_CRYPTO_ALG_DES_CBC
Definition: ipsec_types.api:37
crypto_key
vl_api_key_t crypto_key
Definition: ipsec_types.api:129
integrity_key
vl_api_key_t integrity_key
Definition: ipsec_types.api:132
udp_dst_port
u16 udp_dst_port[default=4500]
Definition: ipsec_types.api:141
IPSEC_API_SAD_FLAG_ASYNC
@ IPSEC_API_SAD_FLAG_ASYNC
Definition: ipsec_types.api:81
IPSEC_API_CRYPTO_ALG_AES_CTR_128
@ IPSEC_API_CRYPTO_ALG_AES_CTR_128
Definition: ipsec_types.api:31
IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY
@ IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY
Definition: ipsec_types.api:67
protocol
vl_api_ipsec_proto_t protocol
Definition: ipsec_types.api:126
ipsec_crypto_alg
ipsec_crypto_alg
Definition: ipsec_types.api:25
IPSEC_API_INTEG_ALG_SHA_256_128
@ IPSEC_API_INTEG_ALG_SHA_256_128
Definition: ipsec_types.api:54
ipsec_proto
ipsec_proto
Definition: ipsec_types.api:84
IPSEC_API_CRYPTO_ALG_AES_CBC_192
@ IPSEC_API_CRYPTO_ALG_AES_CBC_192
Definition: ipsec_types.api:29
u16
unsigned short u16
Definition: types.h:57
IPSEC_API_INTEG_ALG_NONE
@ IPSEC_API_INTEG_ALG_NONE
Definition: ipsec_types.api:46
IPSEC_API_CRYPTO_ALG_NONE
@ IPSEC_API_CRYPTO_ALG_NONE
Definition: ipsec_types.api:27
key
typedef key
Definition: ipsec_types.api:91
IPSEC_API_INTEG_ALG_SHA1_96
@ IPSEC_API_INTEG_ALG_SHA1_96
Definition: ipsec_types.api:50
tunnel_src
vl_api_address_t tunnel_src
Definition: ipsec_types.api:136
IPSEC_API_SAD_FLAG_IS_INBOUND
@ IPSEC_API_SAD_FLAG_IS_INBOUND
Definition: ipsec_types.api:79
IPSEC_API_SAD_FLAG_USE_ESN
@ IPSEC_API_SAD_FLAG_USE_ESN
Definition: ipsec_types.api:65
tunnel
vl_api_tunnel_t tunnel
Definition: ipsec_types.api:185
IPSEC_API_INTEG_ALG_MD5_96
@ IPSEC_API_INTEG_ALG_MD5_96
Definition: ipsec_types.api:48
ipsec_sad_entry_v2
typedef ipsec_sad_entry_v2
Definition: ipsec_types.api:145
tunnel_flags
vl_api_tunnel_encap_decap_flags_t tunnel_flags
Definition: ipsec_types.api:162
IPSEC_API_SAD_FLAG_UDP_ENCAP
@ IPSEC_API_SAD_FLAG_UDP_ENCAP
Definition: ipsec_types.api:77
crypto_algorithm
vl_api_ipsec_crypto_alg_t crypto_algorithm
Definition: ipsec_types.api:128
tx_table_id
u32 tx_table_id
Definition: ipsec_types.api:138
IPSEC_API_CRYPTO_ALG_3DES_CBC
@ IPSEC_API_CRYPTO_ALG_3DES_CBC
Definition: ipsec_types.api:38
IPSEC_API_SAD_FLAG_NONE
@ IPSEC_API_SAD_FLAG_NONE
Definition: ipsec_types.api:63
IPSEC_API_INTEG_ALG_SHA_384_192
@ IPSEC_API_INTEG_ALG_SHA_384_192
Definition: ipsec_types.api:56
IPSEC_API_SAD_FLAG_IS_TUNNEL
@ IPSEC_API_SAD_FLAG_IS_TUNNEL
Definition: ipsec_types.api:69
ipsec_sad_flags
ipsec_sad_flags
Definition: ipsec_types.api:61
IPSEC_API_CRYPTO_ALG_AES_GCM_128
@ IPSEC_API_CRYPTO_ALG_AES_GCM_128
Definition: ipsec_types.api:34
IPSEC_API_INTEG_ALG_SHA_512_256
@ IPSEC_API_INTEG_ALG_SHA_512_256
Definition: ipsec_types.api:58
flags
vl_api_ipsec_sad_flags_t flags
Definition: ipsec_types.api:134
IPSEC_API_CRYPTO_ALG_AES_GCM_256
@ IPSEC_API_CRYPTO_ALG_AES_GCM_256
Definition: ipsec_types.api:36
IPSEC_API_CRYPTO_ALG_AES_GCM_192
@ IPSEC_API_CRYPTO_ALG_AES_GCM_192
Definition: ipsec_types.api:35
data
u8 data[128]
Definition: ipsec_types.api:95
integrity_algorithm
vl_api_ipsec_integ_alg_t integrity_algorithm
Definition: ipsec_types.api:131
version
option version
Definition: ipsec_types.api:17
tunnel_dst
vl_api_address_t tunnel_dst
Definition: ipsec_types.api:137
IPSEC_API_CRYPTO_ALG_AES_CBC_256
@ IPSEC_API_CRYPTO_ALG_AES_CBC_256
Definition: ipsec_types.api:30
IPSEC_API_CRYPTO_ALG_AES_CTR_192
@ IPSEC_API_CRYPTO_ALG_AES_CTR_192
Definition: ipsec_types.api:32
u32
unsigned int u32
Definition: types.h:88
IPSEC_API_PROTO_AH
@ IPSEC_API_PROTO_AH
Definition: ipsec_types.api:87
ipsec_sad_entry
typedef ipsec_sad_entry
IPsec: Security Association Database entry.
Definition: ipsec_types.api:121
salt
u32 salt
Definition: ipsec_types.api:139
length
char const int length
Definition: cJSON.h:163
u8
unsigned char u8
Definition: types.h:56
IPSEC_API_PROTO_ESP
@ IPSEC_API_PROTO_ESP
Definition: ipsec_types.api:86
IPSEC_API_CRYPTO_ALG_AES_CTR_256
@ IPSEC_API_CRYPTO_ALG_AES_CTR_256
Definition: ipsec_types.api:33
dscp
vl_api_ip_dscp_t dscp
Definition: ipsec_types.api:163
spi
u32 spi
Definition: ipsec_types.api:124
ipsec_sad_entry_v3
typedef ipsec_sad_entry_v3
Definition: ipsec_types.api:171
IPSEC_API_SAD_FLAG_IS_TUNNEL_V6
@ IPSEC_API_SAD_FLAG_IS_TUNNEL_V6
Definition: ipsec_types.api:75
IPSEC_API_CRYPTO_ALG_AES_CBC_128
@ IPSEC_API_CRYPTO_ALG_AES_CBC_128
Definition: ipsec_types.api:28
ipsec_integ_alg
ipsec_integ_alg
Definition: ipsec_types.api:44
IPSEC_API_INTEG_ALG_SHA_256_96
@ IPSEC_API_INTEG_ALG_SHA_256_96
Definition: ipsec_types.api:52