summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec.api
diff options
context:
space:
mode:
authorArthur de Kerhor <arthurdekerhor@gmail.com>2022-08-31 19:13:03 +0200
committerBeno�t Ganne <bganne@cisco.com>2022-12-16 10:13:24 +0000
commit4117b24acb4241d7f2ef38248bc254f6a4a7b422 (patch)
tree982eb58cbe8cfd0d43e2a09e129d129c1a8a5511 /src/vnet/ipsec/ipsec.api
parent863d1c8711018ded9bd4db5f27851a0b8ac45836 (diff)
ipsec: new api for sa ips and ports updates
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA without having to rekey. Could be done by deleting and re-adding the SA but it would not preserve the anti-replay window if there is one. Use case: a nat update/reboot between the 2 endpoints of the tunnel. Type: feature Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec.api')
-rw-r--r--src/vnet/ipsec/ipsec.api22
1 files changed, 22 insertions, 0 deletions
diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api
index 56ad646d001..6cbad6e74fa 100644
--- a/src/vnet/ipsec/ipsec.api
+++ b/src/vnet/ipsec/ipsec.api
@@ -201,6 +201,28 @@ autoreply define ipsec_sad_entry_del
u32 id;
};
+/** \brief An API to update the tunnel parameters and the ports associated with an SA
+
+ Used in the NAT-T case when the NAT data changes
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param sa_id - the id of the SA to update
+ @param is_tun - update the tunnel if non-zero, else update only the ports
+ @param tunnel - sender context, to match reply w/ request
+ @param udp_src_port - new src port for NAT-T. Used if different from 0xffff
+ @param udp_dst_port - new dst port for NAT-T. Used if different from 0xffff
+ */
+autoreply define ipsec_sad_entry_update
+{
+ u32 client_index;
+ u32 context;
+ u32 sad_id;
+ bool is_tun;
+ vl_api_tunnel_t tunnel;
+ u16 udp_src_port [default=0xffff];
+ u16 udp_dst_port [default=0xffff];
+};
+
define ipsec_sad_entry_add_del_reply
{
option deprecated;