From 041add7d12217494934b651e4e38b5eab5216ddc Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Thu, 2 Jan 2020 04:06:10 +0000 Subject: ipsec: Tunnel SA DSCP behaviour Type: feature - use tunnel_encap_decap_flags to control the copying of DSCP/ECN/etc during IPSEC tunnel mode encap. - use DSCP value to have fixed encap value. Signed-off-by: Neale Ranns Change-Id: If4f51fd4c1dcbb0422aac9bd078e5c14af5bf11f --- src/vnet/ipsec/ipsec.api | 48 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 16 deletions(-) (limited to 'src/vnet/ipsec/ipsec.api') diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api index 89dcdb761de..178c7c6f46e 100644 --- a/src/vnet/ipsec/ipsec.api +++ b/src/vnet/ipsec/ipsec.api @@ -196,12 +196,25 @@ define ipsec_sad_entry_add_del bool is_add; vl_api_ipsec_sad_entry_t entry; }; +define ipsec_sad_entry_add_del_v2 +{ + u32 client_index; + u32 context; + bool is_add; + vl_api_ipsec_sad_entry_v2_t entry; +}; define ipsec_sad_entry_add_del_reply { u32 context; i32 retval; u32 stat_index; }; +define ipsec_sad_entry_add_del_v2_reply +{ + u32 context; + i32 retval; + u32 stat_index; +}; /** \brief Add or Update Protection for a tunnel with IPSEC @@ -439,25 +452,17 @@ define ipsec_sa_dump u32 context; u32 sa_id; }; +define ipsec_sa_v2_dump +{ + u32 client_index; + u32 context; + u32 sa_id; +}; /** \brief IPsec security association database response @param context - sender context which was passed in the request - @param sa_id - SA ID, policy-based SAs >=0, tunnel interface SAs = 0 + @param entry - The SA details @param sw_if_index - sw_if_index of tunnel interface, policy-based SAs = ~0 - @param spi - security parameter index - @param protocol - IPsec protocol (value from ipsec_protocol_t) - @param crypto_alg - crypto algorithm (value from ipsec_crypto_alg_t) - @param crypto_key_len - length of crypto_key in bytes - @param crypto_key - crypto keying material - @param integ_alg - integrity algorithm (value from ipsec_integ_alg_t) - @param integ_key_len - length of integ_key in bytes - @param integ_key - integrity keying material - @param use_esn - using extended sequence numbers when non-zero - @param use_anti_replay - using anti-replay window when non-zero - @param is_tunnel - IPsec tunnel mode when non-zero, else transport mode - @param is_tunnel_ipv6 - If using tunnel mode, endpoints are IPv6 - @param tunnel_src_addr - Tunnel source address if using tunnel mode - @param tunnel_dst_addr - Tunnel destination address is using tunnel mode @param salt - 4 byte salt @param seq - current sequence number for outbound @param seq_hi - high 32 bits of ESN for outbound @@ -465,7 +470,6 @@ define ipsec_sa_dump @param last_seq_hi - high 32 bits of highest ESN received inbound @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa - @param udp_encap - 1 if UDP encap enabled, 0 otherwise */ define ipsec_sa_details { u32 context; @@ -479,6 +483,18 @@ define ipsec_sa_details { u32 stat_index; }; +define ipsec_sa_v2_details { + u32 context; + vl_api_ipsec_sad_entry_v2_t entry; + + vl_api_interface_index_t sw_if_index; + u32 salt; + u64 seq_outbound; + u64 last_seq_inbound; + u64 replay_window; + + u32 stat_index; +}; /** \brief Set new SA on IPsec interface -- cgit 1.2.3-korg