/* Hey Emacs use -*- mode: C -*- */ /* * Copyright (c) 2015-2020 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ option version = "1.0.0"; import "vnet/ip/ip_types.api"; import "vnet/interface_types.api"; typedef ikev2_id { u8 type; u8 data_len; string data[64]; }; typedef ikev2_ts { u32 sa_index; u32 child_sa_index; bool is_local; u8 protocol_id; u16 start_port; u16 end_port; vl_api_address_t start_addr; vl_api_address_t end_addr; }; typedef ikev2_auth { u8 method; u8 hex; /* hex encoding of the shared secret */ u32 data_len; u8 data[data_len]; }; typedef ikev2_responder { vl_api_interface_index_t sw_if_index; vl_api_address_t addr; }; typedef ikev2_ike_transforms { u8 crypto_alg; u32 crypto_key_size; u8 integ_alg; u8 dh_group; }; typedef ikev2_esp_transforms { u8 crypto_alg; u32 crypto_key_size; u8 integ_alg; }; typedef ikev2_profile { string name[64]; vl_api_ikev2_id_t loc_id; vl_api_ikev2_id_t rem_id; vl_api_ikev2_ts_t loc_ts; vl_api_ikev2_ts_t rem_ts; vl_api_ikev2_responder_t responder; vl_api_ikev2_ike_transforms_t ike_ts; vl_api_ikev2_esp_transforms_t esp_ts; u64 lifetime; u64 lifetime_maxdata; u32 lifetime_jitter; u32 handover; u16 ipsec_over_udp_port; u32 tun_itf; bool udp_encap; bool natt_disabled; vl_api_ikev2_auth_t auth; }; typedef ikev2_sa_transform { u8 transform_type; u16 transform_id; u16 key_len; u16 key_trunc; u16 block_size; u8 dh_group; }; typedef ikev2_keys { u8 sk_d[64]; u8 sk_d_len; u8 sk_ai[64]; u8 sk_ai_len; u8 sk_ar[64]; u8 sk_ar_len; u8 sk_ei[64]; u8 sk_ei_len; u8 sk_er[64]; u8 sk_er_len; u8 sk_pi[64]; u8 sk_pi_len; u8 sk_pr[64]; u8 sk_pr_len; }; typedef ikev2_child_sa { u32 sa_index; u32 child_sa_index; u32 i_spi; u32 r_spi; vl_api_ikev2_keys_t keys; vl_api_ikev2_sa_transform_t encryption; vl_api_ikev2_sa_transform_t integrity; vl_api_ikev2_sa_transform_t esn; }; typedef ikev2_child_sa_v2 { u32 sa_index; u32 child_sa_index; u32 i_spi; u32 r_spi; vl_api_ikev2_keys_t keys; vl_api_ikev2_sa_transform_t encryption; vl_api_ikev2_sa_transform_t integrity; vl_api_ikev2_sa_transform_t esn; f64 uptime; }; typedef ikev2_sa_stats { u16 n_keepalives; u16 n_rekey_req; u16 n_sa_init_req; u16 n_sa_auth_req; u16 n_retransmit; u16 n_init_sa_retransmit; }; enum ikev2_state { UNKNOWN, SA_INIT, DELETED, AUTH_FAILED, AUTHENTICATED, NOTIFY_AND_DELETE, TS_UNACCEPTABLE, NO_PROPOSAL_CHOSEN, }; typedef ikev2_sa { u32 sa_index; u32 profile_index; u64 ispi; u64 rspi; vl_api_address_t iaddr; vl_api_address_t raddr; vl_api_ikev2_keys_t keys; /* ID */ vl_api_ikev2_id_t i_id; vl_api_ikev2_id_t r_id; vl_api_ikev2_sa_transform_t encryption; vl_api_ikev2_sa_transform_t integrity; vl_api_ikev2_sa_transform_t prf; vl_api_ikev2_sa_transform_t dh; vl_api_ikev2_sa_stats_t stats; }; typedef ikev2_sa_v2 { u32 sa_index; string profile_name[64]; vl_api_ikev2_state_t state; u64 ispi; u64 rspi; vl_api_address_t iaddr; vl_api_address_t raddr; vl_api_ikev2_keys_t keys; /* ID */ vl_api_ikev2_id_t i_id; vl_api_ikev2_id_t r_id; vl_api_ikev2_sa_transform_t encryption; vl_api_ikev2_sa_transform_t integrity; vl_api_ikev2_sa_transform_t prf; vl_api_ikev2_sa_transform_t dh; vl_api_ikev2_sa_stats_t stats; }; typedef ikev2_sa_v3 { u32 sa_index; string profile_name[64]; vl_api_ikev2_state_t state; u64 ispi; u64 rspi; vl_api_address_t iaddr; vl_api_address_t raddr; vl_api_ikev2_keys_t keys; /* ID */ vl_api_ikev2_id_t i_id; vl_api_ikev2_id_t r_id; vl_api_ikev2_sa_transform_t encryption; vl_api_ikev2_sa_transform_t integrity; vl_api_ikev2_sa_transform_t prf; vl_api_ikev2_sa_transform_t dh; vl_api_ikev2_sa_stats_t stats; f64 uptime; };