ipsec: Tunnel SA DSCP behaviour

Type: feature

 - use tunnel_encap_decap_flags to control the copying of DSCP/ECN/etc
during IPSEC tunnel mode encap.
 - use DSCP value to have fixed encap value.

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: If4f51fd4c1dcbb0422aac9bd078e5c14af5bf11f

1 files changed, 30 insertions, 0 deletions

diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api
index 715f3de0e12..ca1b3788e64 100644
--- a/src/vnet/ipsec/ipsec_types.api
+++ b/src/vnet/ipsec/ipsec_types.api
@@ -17,6 +17,7 @@
 option version = "3.0.0";
 
 import "vnet/ip/ip_types.api";
+import "vnet/tunnel/tunnel_types.api";
 
 /*
  * @brief Support cryptographic algorithms
@@ -108,6 +109,8 @@ typedef key
                           TX. It is ignored for RX.
     @param udp_dst_port - If using UDP Encapsulation, use this destination port
                           for TX. Expect traffic on this port for RX.
+    @param tunnel_flags - Flags controlling the copying of encap/decap value
+    @param dscp - Fixed DSCP vaule for tunnel encap
  */
 typedef ipsec_sad_entry
 {
@@ -133,6 +136,33 @@ typedef ipsec_sad_entry
   u16 udp_dst_port [default=4500];
 };
 
+typedef ipsec_sad_entry_v2
+{
+  u32 sad_id;
+
+  u32 spi;
+
+  vl_api_ipsec_proto_t protocol;
+
+  vl_api_ipsec_crypto_alg_t crypto_algorithm;
+  vl_api_key_t crypto_key;
+
+  vl_api_ipsec_integ_alg_t integrity_algorithm;
+  vl_api_key_t integrity_key;
+
+  vl_api_ipsec_sad_flags_t flags;
+
+  vl_api_address_t tunnel_src;
+  vl_api_address_t tunnel_dst;
+  vl_api_tunnel_encap_decap_flags_t tunnel_flags;
+  vl_api_ip_dscp_t dscp;
+  u32 tx_table_id;
+  u32 salt;
+  u16 udp_src_port [default=4500];
+  u16 udp_dst_port [default=4500];
+};
+
+
 /*
  * Local Variables:
  * eval: (c-set-style "gnu")