From 9ec846c2684b69f47505d73ea9f873b793a11558 Mon Sep 17 00:00:00 2001
From: Neale Ranns <neale@graphiant.com>
Date: Tue, 9 Feb 2021 14:04:02 +0000
Subject: ipsec: Use the new tunnel API types to add flow label and TTL copy
 support

Type: feature

attmpet 2. this includes changes in ah_encrypt that don't use
uninitialised memory when doing tunnel mode fixups.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
---
 src/vnet/ipsec/ipsec.api | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 'src/vnet/ipsec/ipsec.api')

diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api
index c009d8dffaa..8d4580a2c28 100644
--- a/src/vnet/ipsec/ipsec.api
+++ b/src/vnet/ipsec/ipsec.api
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-option version = "5.0.0";
+option version = "5.0.1";
 
 import "vnet/ipsec/ipsec_types.api";
 import "vnet/interface_types.api";
@@ -191,6 +191,7 @@ define ipsec_spd_details {
  */
 define ipsec_sad_entry_add_del
 {
+  option deprecated;
   u32 client_index;
   u32 context;
   bool is_add;
@@ -203,8 +204,17 @@ define ipsec_sad_entry_add_del_v2
   bool is_add;
   vl_api_ipsec_sad_entry_v2_t entry;
 };
+define ipsec_sad_entry_add_del_v3
+{
+  u32 client_index;
+  u32 context;
+  bool is_add;
+  vl_api_ipsec_sad_entry_v3_t entry;
+};
+
 define ipsec_sad_entry_add_del_reply
 {
+  option deprecated;
   u32 context;
   i32 retval;
   u32 stat_index;
@@ -215,6 +225,12 @@ define ipsec_sad_entry_add_del_v2_reply
   i32 retval;
   u32 stat_index;
 };
+define ipsec_sad_entry_add_del_v3_reply
+{
+  u32 context;
+  i32 retval;
+  u32 stat_index;
+};
 
 /** \brief Add or Update Protection for a tunnel with IPSEC
 
@@ -378,6 +394,7 @@ define ipsec_itf_details
 */
 define ipsec_sa_dump
 {
+  option deprecated;
   u32 client_index;
   u32 context;
   u32 sa_id;
@@ -388,6 +405,12 @@ define ipsec_sa_v2_dump
   u32 context;
   u32 sa_id;
 };
+define ipsec_sa_v3_dump
+{
+  u32 client_index;
+  u32 context;
+  u32 sa_id;
+};
 
 /** \brief IPsec security association database response
     @param context - sender context which was passed in the request
@@ -402,6 +425,7 @@ define ipsec_sa_v2_dump
     @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa
 */
 define ipsec_sa_details {
+  option deprecated;
   u32 context;
   vl_api_ipsec_sad_entry_t entry;
 
@@ -425,6 +449,17 @@ define ipsec_sa_v2_details {
 
   u32 stat_index;
 };
+define ipsec_sa_v3_details {
+  u32 context;
+  vl_api_ipsec_sad_entry_v3_t entry;
+
+  vl_api_interface_index_t sw_if_index;
+  u64 seq_outbound;
+  u64 last_seq_inbound;
+  u64 replay_window;
+
+  u32 stat_index;
+};
 
 /** \brief Dump IPsec backends
     @param client_index - opaque cookie to identify the sender
-- 
cgit 1.2.3-korg