From 12989b538881f9681f078cf1485c51df1251877a Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Thu, 26 Sep 2019 16:20:19 +0000
Subject: ipsec: remove dedicated IPSec tunnels

APIs for dedicated IPSec tunnels will remain in this release and are
used to programme the IPIP tunnel protect. APIs will be removed in a
future release.

see:
 https://wiki.fd.io/view/VPP/IPSec

Type: feature

Change-Id: I0f01f597946fdd15dfa5cae3643104d5a9c83089
Signed-off-by: Neale Ranns <nranns@cisco.com>
---
 src/vnet/ipsec/ipsec_tun.h | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 'src/vnet/ipsec/ipsec_tun.h')

diff --git a/src/vnet/ipsec/ipsec_tun.h b/src/vnet/ipsec/ipsec_tun.h
index 2041cbe758b..840840335a5 100644
--- a/src/vnet/ipsec/ipsec_tun.h
+++ b/src/vnet/ipsec/ipsec_tun.h
@@ -17,6 +17,36 @@
 
 #include <vnet/ipsec/ipsec.h>
 
+/* *INDENT-OFF* */
+typedef CLIB_PACKED(struct {
+  /*
+   * Key fields: remote ip and spi on incoming packet
+   * all fields in NET byte order
+   */
+  union {
+    struct {
+      ip4_address_t remote_ip;
+      u32 spi;
+    };
+    u64 as_u64;
+  };
+}) ipsec4_tunnel_key_t;
+/* *INDENT-ON* */
+
+/* *INDENT-OFF* */
+typedef CLIB_PACKED(struct {
+  /*
+   * Key fields: remote ip and spi on incoming packet
+   * all fields in NET byte order
+   */
+  ip6_address_t remote_ip;
+  u32 spi;
+}) ipsec6_tunnel_key_t;
+/* *INDENT-ON* */
+
+extern u8 *format_ipsec4_tunnel_key (u8 * s, va_list * args);
+extern u8 *format_ipsec6_tunnel_key (u8 * s, va_list * args);
+
 typedef enum ipsec_protect_flags_t_
 {
   IPSEC_PROTECT_L2 = (1 << 0),
@@ -66,8 +96,13 @@ typedef struct ipsec_tun_protect_t_
   }                                                        \
 }
 
+extern int ipsec_tun_protect_update_one (u32 sw_if_index, u32 sa_out,
+					 u32 sa_in);
 extern int ipsec_tun_protect_update (u32 sw_if_index, u32 sa_out,
-				     u32 sa_ins[2]);
+				     u32 * sa_ins);
+extern int ipsec_tun_protect_update_in (u32 sw_if_index, u32 sa_in);
+extern int ipsec_tun_protect_update_out (u32 sw_if_index, u32 sa_out);
+
 extern int ipsec_tun_protect_del (u32 sw_if_index);
 
 typedef walk_rc_t (*ipsec_tun_protect_walk_cb_t) (index_t itpi, void *arg);
-- 
cgit 1.2.3-korg