From 282872127bbeee6ae59ab3f885c09bad601ee0cc Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Mon, 16 Dec 2019 00:53:11 +0000
Subject: ipsec: IPSec protection for multi-point tunnel interfaces

Type: feature

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
---
 src/vnet/ipsec/ipsec.api | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/vnet/ipsec/ipsec.api')

diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api
index 6d34d056003..b5027f60301 100644
--- a/src/vnet/ipsec/ipsec.api
+++ b/src/vnet/ipsec/ipsec.api
@@ -234,12 +234,16 @@ define ipsec_sad_entry_add_del_reply
     @param client_index - opaque cookie to identify the sender
     @param context - sender context, to match reply w/ request
     @param sw_id_index - Tunnel interface to protect
+    @param nh - The peer/next-hop on the tunnel to which the traffic
+                should be protected. For a P2P interface set this to the
+                all 0s address.
     @param sa_in - The ID [set] of inbound SAs
     @param sa_out - The ID of outbound SA
 */
 typedef ipsec_tunnel_protect
 {
   vl_api_interface_index_t sw_if_index;
+  vl_api_address_t nh;
   u32 sa_out;
   u8 n_sa_in;
   u32 sa_in[n_sa_in];
@@ -259,6 +263,7 @@ autoreply define ipsec_tunnel_protect_del
   u32 context;
 
   vl_api_interface_index_t sw_if_index;
+  vl_api_address_t nh;
 };
 
 /**
-- 
cgit 1.2.3-korg