FD.io VPP  v19.04.2-12-g66b1689
Vector Packet Processing
ipsec.api File Reference

Go to the source code of this file.

Data Structures

struct  vl_api_ipsec_spd_add_del_t
 IPsec: Add/delete Security Policy Database. More...
 
struct  vl_api_ipsec_interface_add_del_spd_t
 IPsec: Add/delete SPD from interface. More...
 
struct  vl_api_ipsec_spd_entry_add_del_t
 IPsec: Add/delete Security Policy Database entry. More...
 
struct  vl_api_ipsec_spd_entry_add_del_reply_t
 IPsec: Reply Add/delete Security Policy Database entry. More...
 
struct  vl_api_ipsec_spds_dump_t
 Dump IPsec all SPD IDs. More...
 
struct  vl_api_ipsec_spds_details_t
 Dump IPsec all SPD IDs response. More...
 
struct  vl_api_ipsec_spd_dump_t
 Dump ipsec policy database data. More...
 
struct  vl_api_ipsec_spd_details_t
 IPsec policy database response. More...
 
struct  vl_api_ipsec_sad_entry_add_del_t
 IPsec: Add/delete Security Association Database entry. More...
 
struct  vl_api_ipsec_sad_entry_add_del_reply_t
 
struct  vl_api_ipsec_sa_set_key_t
 IPsec: Update Security Association keys. More...
 
struct  vl_api_ipsec_spd_interface_dump_t
 IPsec: Get SPD interfaces. More...
 
struct  vl_api_ipsec_spd_interface_details_t
 IPsec: SPD interface response. More...
 
struct  vl_api_ipsec_tunnel_if_add_del_t
 Add or delete IPsec tunnel interface. More...
 
struct  vl_api_ipsec_tunnel_if_add_del_reply_t
 Add/delete IPsec tunnel interface response. More...
 
struct  vl_api_ipsec_sa_dump_t
 Dump IPsec security association. More...
 
struct  vl_api_ipsec_sa_details_t
 IPsec security association database response. More...
 
struct  vl_api_ipsec_tunnel_if_set_key_t
 Set key on IPsec interface. More...
 
struct  vl_api_ipsec_tunnel_if_set_sa_t
 Set new SA on IPsec interface. More...
 
struct  vl_api_ipsec_backend_dump_t
 Dump IPsec backends. More...
 
struct  vl_api_ipsec_backend_details_t
 IPsec backend details. More...
 
struct  vl_api_ipsec_select_backend_t
 Select IPsec backend. More...
 

Enumerations

enum  ipsec_spd_action { IPSEC_API_SPD_ACTION_BYPASS = 0, IPSEC_API_SPD_ACTION_DISCARD, IPSEC_API_SPD_ACTION_RESOLVE, IPSEC_API_SPD_ACTION_PROTECT }
 
enum  ipsec_crypto_alg {
  IPSEC_API_CRYPTO_ALG_NONE = 0, IPSEC_API_CRYPTO_ALG_AES_CBC_128, IPSEC_API_CRYPTO_ALG_AES_CBC_192, IPSEC_API_CRYPTO_ALG_AES_CBC_256,
  IPSEC_API_CRYPTO_ALG_AES_CTR_128, IPSEC_API_CRYPTO_ALG_AES_CTR_192, IPSEC_API_CRYPTO_ALG_AES_CTR_256, IPSEC_API_CRYPTO_ALG_AES_GCM_128,
  IPSEC_API_CRYPTO_ALG_AES_GCM_192, IPSEC_API_CRYPTO_ALG_AES_GCM_256, IPSEC_API_CRYPTO_ALG_DES_CBC, IPSEC_API_CRYPTO_ALG_3DES_CBC
}
 
enum  ipsec_integ_alg {
  IPSEC_API_INTEG_ALG_NONE = 0, IPSEC_API_INTEG_ALG_MD5_96, IPSEC_API_INTEG_ALG_SHA1_96, IPSEC_API_INTEG_ALG_SHA_256_96,
  IPSEC_API_INTEG_ALG_SHA_256_128, IPSEC_API_INTEG_ALG_SHA_384_192, IPSEC_API_INTEG_ALG_SHA_512_256
}
 
enum  ipsec_sad_flags {
  IPSEC_API_SAD_FLAG_NONE = 0, IPSEC_API_SAD_FLAG_USE_ESN = 0x01, IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY = 0x02, IPSEC_API_SAD_FLAG_IS_TUNNEL = 0x04,
  IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08, IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10
}
 
enum  ipsec_proto { IPSEC_API_PROTO_ESP, IPSEC_API_PROTO_AH }
 

Variables

option version = "3.0.0"
 
import vnet ip ip_types api
 
typedef ipsec_spd_entry
 IPsec: Security Policy Database entry. More...
 
i32 priority
 
u8 is_outbound
 
u32 sa_id
 
vl_api_ipsec_spd_action_t policy
 
u8 protocol
 
vl_api_address_t remote_address_start
 
vl_api_address_t remote_address_stop
 
vl_api_address_t local_address_start
 
vl_api_address_t local_address_stop
 
u16 remote_port_start
 
u16 remote_port_stop
 
u16 local_port_start
 
u16 local_port_stop
 
typedef key
 
u8 data [128]
 
typedef ipsec_sad_entry
 IPsec: Security Association Database entry. More...
 
u32 spi
 
vl_api_ipsec_crypto_alg_t crypto_algorithm
 
vl_api_key_t crypto_key
 
vl_api_ipsec_integ_alg_t integrity_algorithm
 
vl_api_key_t integrity_key
 
vl_api_ipsec_sad_flags_t flags
 
vl_api_address_t tunnel_src
 
vl_api_address_t tunnel_dst
 
u32 tx_table_id
 

Enumeration Type Documentation

Enumerator
IPSEC_API_CRYPTO_ALG_NONE 
IPSEC_API_CRYPTO_ALG_AES_CBC_128 
IPSEC_API_CRYPTO_ALG_AES_CBC_192 
IPSEC_API_CRYPTO_ALG_AES_CBC_256 
IPSEC_API_CRYPTO_ALG_AES_CTR_128 
IPSEC_API_CRYPTO_ALG_AES_CTR_192 
IPSEC_API_CRYPTO_ALG_AES_CTR_256 
IPSEC_API_CRYPTO_ALG_AES_GCM_128 
IPSEC_API_CRYPTO_ALG_AES_GCM_192 
IPSEC_API_CRYPTO_ALG_AES_GCM_256 
IPSEC_API_CRYPTO_ALG_DES_CBC 
IPSEC_API_CRYPTO_ALG_3DES_CBC 

Definition at line 185 of file ipsec.api.

Enumerator
IPSEC_API_INTEG_ALG_NONE 
IPSEC_API_INTEG_ALG_MD5_96 
IPSEC_API_INTEG_ALG_SHA1_96 
IPSEC_API_INTEG_ALG_SHA_256_96 
IPSEC_API_INTEG_ALG_SHA_256_128 
IPSEC_API_INTEG_ALG_SHA_384_192 
IPSEC_API_INTEG_ALG_SHA_512_256 

Definition at line 204 of file ipsec.api.

Enumerator
IPSEC_API_PROTO_ESP 
IPSEC_API_PROTO_AH 

Definition at line 237 of file ipsec.api.

Enumerator
IPSEC_API_SAD_FLAG_NONE 
IPSEC_API_SAD_FLAG_USE_ESN 
IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY 
IPSEC_API_SAD_FLAG_IS_TUNNEL 
IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 
IPSEC_API_SAD_FLAG_UDP_ENCAP 

Definition at line 221 of file ipsec.api.

Enumerator
IPSEC_API_SPD_ACTION_BYPASS 
IPSEC_API_SPD_ACTION_DISCARD 
IPSEC_API_SPD_ACTION_RESOLVE 
IPSEC_API_SPD_ACTION_PROTECT 

Definition at line 57 of file ipsec.api.

Variable Documentation

import vnet ip ip_types api

Definition at line 19 of file ipsec.api.

vl_api_ipsec_crypto_alg_t crypto_algorithm

Definition at line 274 of file ipsec.api.

vl_api_key_t crypto_key

Definition at line 275 of file ipsec.api.

u8 data[128]

Definition at line 248 of file ipsec.api.

vl_api_ipsec_sad_flags_t flags

Definition at line 280 of file ipsec.api.

vl_api_ipsec_integ_alg_t integrity_algorithm

Definition at line 277 of file ipsec.api.

vl_api_key_t integrity_key

Definition at line 278 of file ipsec.api.

typedef ipsec_sad_entry
Initial value:
{
u32 sad_id
unsigned int u32
Definition: types.h:88

IPsec: Security Association Database entry.

Template Parameters
client_index- opaque cookie to identify the sender
context- sender context, to match reply w/ request
is_add- add SAD entry if non-zero, else delete
sad_id- sad id
spi- security parameter index
protocol- 0 = AH, 1 = ESP
crypto_algorithm- a supported crypto algorithm
crypto_key- crypto keying material
integrity_algorithm- one of the supported algorithms
integrity_key- integrity keying material
tunnel_src_address- IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
tunnel_dst_address- IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
tx_table_id- the FIB id used for encapsulated packets

Definition at line 267 of file ipsec.api.

typedef ipsec_spd_entry
Initial value:
{
u32 spd_id
unsigned int u32
Definition: types.h:88

IPsec: Security Policy Database entry.

See RFC 4301, 4.4.1.1 on how to match packet to selectors

Template Parameters
spd_id- SPD instance id (control plane allocated)
priority- priority of SPD entry (non-unique value). Used to order SPD matching - higher priorities match before lower
is_outbound- entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic
remote_address_start- start of remote address range to match
remote_address_stop- end of remote address range to match
local_address_start- start of local address range to match
local_address_stop- end of local address range to match
protocol- protocol type to match [0 means any] otherwise IANA value
remote_port_start- start of remote port range to match ...
remote_port_stop- end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
local_port_start- start of local port range to match ...
local_port_stop- end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
policy- action to perform on match
sa_id- SAD instance id (control plane allocated)

Definition at line 89 of file ipsec.api.

u8 is_outbound

Definition at line 92 of file ipsec.api.

typedef key
Initial value:
{
u8 length
unsigned char u8
Definition: types.h:56

Definition at line 244 of file ipsec.api.

vl_api_address_t local_address_start

Definition at line 101 of file ipsec.api.

vl_api_address_t local_address_stop

Definition at line 102 of file ipsec.api.

u16 local_port_start

Definition at line 106 of file ipsec.api.

u16 local_port_stop

Definition at line 107 of file ipsec.api.

vl_api_ipsec_spd_action_t policy

Definition at line 95 of file ipsec.api.

i32 priority

Definition at line 91 of file ipsec.api.

vl_api_ipsec_proto_t protocol

Definition at line 96 of file ipsec.api.

vl_api_address_t remote_address_start

Definition at line 99 of file ipsec.api.

vl_api_address_t remote_address_stop

Definition at line 100 of file ipsec.api.

u16 remote_port_start

Definition at line 104 of file ipsec.api.

u16 remote_port_stop

Definition at line 105 of file ipsec.api.

u32 sa_id

Definition at line 94 of file ipsec.api.

u32 spi

Definition at line 270 of file ipsec.api.

vl_api_address_t tunnel_dst

Definition at line 283 of file ipsec.api.

vl_api_address_t tunnel_src

Definition at line 282 of file ipsec.api.

u32 tx_table_id

Definition at line 284 of file ipsec.api.

option version = "3.0.0"

Definition at line 17 of file ipsec.api.