From 041add7d12217494934b651e4e38b5eab5216ddc Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Thu, 2 Jan 2020 04:06:10 +0000 Subject: ipsec: Tunnel SA DSCP behaviour Type: feature - use tunnel_encap_decap_flags to control the copying of DSCP/ECN/etc during IPSEC tunnel mode encap. - use DSCP value to have fixed encap value. Signed-off-by: Neale Ranns Change-Id: If4f51fd4c1dcbb0422aac9bd078e5c14af5bf11f --- src/vnet/ipsec/ipsec_types.api | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'src/vnet/ipsec/ipsec_types.api') diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api index 715f3de0e12..ca1b3788e64 100644 --- a/src/vnet/ipsec/ipsec_types.api +++ b/src/vnet/ipsec/ipsec_types.api @@ -17,6 +17,7 @@ option version = "3.0.0"; import "vnet/ip/ip_types.api"; +import "vnet/tunnel/tunnel_types.api"; /* * @brief Support cryptographic algorithms @@ -108,6 +109,8 @@ typedef key TX. It is ignored for RX. @param udp_dst_port - If using UDP Encapsulation, use this destination port for TX. Expect traffic on this port for RX. + @param tunnel_flags - Flags controlling the copying of encap/decap value + @param dscp - Fixed DSCP vaule for tunnel encap */ typedef ipsec_sad_entry { @@ -133,6 +136,33 @@ typedef ipsec_sad_entry u16 udp_dst_port [default=4500]; }; +typedef ipsec_sad_entry_v2 +{ + u32 sad_id; + + u32 spi; + + vl_api_ipsec_proto_t protocol; + + vl_api_ipsec_crypto_alg_t crypto_algorithm; + vl_api_key_t crypto_key; + + vl_api_ipsec_integ_alg_t integrity_algorithm; + vl_api_key_t integrity_key; + + vl_api_ipsec_sad_flags_t flags; + + vl_api_address_t tunnel_src; + vl_api_address_t tunnel_dst; + vl_api_tunnel_encap_decap_flags_t tunnel_flags; + vl_api_ip_dscp_t dscp; + u32 tx_table_id; + u32 salt; + u16 udp_src_port [default=4500]; + u16 udp_dst_port [default=4500]; +}; + + /* * Local Variables: * eval: (c-set-style "gnu") -- cgit 1.2.3-korg