1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
|
/* Hey Emacs use -*- mode: C -*- */
/*
* Copyright (c) 2015-2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
option version = "1.0.0";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
typedef ikev2_id
{
u8 type;
u8 data_len;
string data[64];
};
typedef ikev2_ts
{
u32 sa_index;
u32 child_sa_index;
bool is_local;
u8 protocol_id;
u16 start_port;
u16 end_port;
vl_api_address_t start_addr;
vl_api_address_t end_addr;
};
typedef ikev2_auth
{
u8 method;
u8 hex; /* hex encoding of the shared secret */
u32 data_len;
u8 data[data_len];
};
typedef ikev2_responder
{
vl_api_interface_index_t sw_if_index;
vl_api_address_t addr;
};
typedef ikev2_ike_transforms
{
u8 crypto_alg;
u32 crypto_key_size;
u8 integ_alg;
u8 dh_group;
};
typedef ikev2_esp_transforms
{
u8 crypto_alg;
u32 crypto_key_size;
u8 integ_alg;
};
typedef ikev2_profile
{
string name[64];
vl_api_ikev2_id_t loc_id;
vl_api_ikev2_id_t rem_id;
vl_api_ikev2_ts_t loc_ts;
vl_api_ikev2_ts_t rem_ts;
vl_api_ikev2_responder_t responder;
vl_api_ikev2_ike_transforms_t ike_ts;
vl_api_ikev2_esp_transforms_t esp_ts;
u64 lifetime;
u64 lifetime_maxdata;
u32 lifetime_jitter;
u32 handover;
u16 ipsec_over_udp_port;
u32 tun_itf;
bool udp_encap;
bool natt_disabled;
vl_api_ikev2_auth_t auth;
};
typedef ikev2_sa_transform
{
u8 transform_type;
u16 transform_id;
u16 key_len;
u16 key_trunc;
u16 block_size;
u8 dh_group;
};
typedef ikev2_keys
{
u8 sk_d[64];
u8 sk_d_len;
u8 sk_ai[64];
u8 sk_ai_len;
u8 sk_ar[64];
u8 sk_ar_len;
u8 sk_ei[64];
u8 sk_ei_len;
u8 sk_er[64];
u8 sk_er_len;
u8 sk_pi[64];
u8 sk_pi_len;
u8 sk_pr[64];
u8 sk_pr_len;
};
typedef ikev2_child_sa
{
u32 sa_index;
u32 child_sa_index;
u32 i_spi;
u32 r_spi;
vl_api_ikev2_keys_t keys;
vl_api_ikev2_sa_transform_t encryption;
vl_api_ikev2_sa_transform_t integrity;
vl_api_ikev2_sa_transform_t esn;
};
typedef ikev2_child_sa_v2
{
u32 sa_index;
u32 child_sa_index;
u32 i_spi;
u32 r_spi;
vl_api_ikev2_keys_t keys;
vl_api_ikev2_sa_transform_t encryption;
vl_api_ikev2_sa_transform_t integrity;
vl_api_ikev2_sa_transform_t esn;
f64 uptime;
};
typedef ikev2_sa_stats
{
u16 n_keepalives;
u16 n_rekey_req;
u16 n_sa_init_req;
u16 n_sa_auth_req;
u16 n_retransmit;
u16 n_init_sa_retransmit;
};
enum ikev2_state
{
UNKNOWN,
SA_INIT,
DELETED,
AUTH_FAILED,
AUTHENTICATED,
NOTIFY_AND_DELETE,
TS_UNACCEPTABLE,
NO_PROPOSAL_CHOSEN,
};
typedef ikev2_sa
{
u32 sa_index;
u32 profile_index;
u64 ispi;
u64 rspi;
vl_api_address_t iaddr;
vl_api_address_t raddr;
vl_api_ikev2_keys_t keys;
/* ID */
vl_api_ikev2_id_t i_id;
vl_api_ikev2_id_t r_id;
vl_api_ikev2_sa_transform_t encryption;
vl_api_ikev2_sa_transform_t integrity;
vl_api_ikev2_sa_transform_t prf;
vl_api_ikev2_sa_transform_t dh;
vl_api_ikev2_sa_stats_t stats;
};
typedef ikev2_sa_v2
{
u32 sa_index;
string profile_name[64];
vl_api_ikev2_state_t state;
u64 ispi;
u64 rspi;
vl_api_address_t iaddr;
vl_api_address_t raddr;
vl_api_ikev2_keys_t keys;
/* ID */
vl_api_ikev2_id_t i_id;
vl_api_ikev2_id_t r_id;
vl_api_ikev2_sa_transform_t encryption;
vl_api_ikev2_sa_transform_t integrity;
vl_api_ikev2_sa_transform_t prf;
vl_api_ikev2_sa_transform_t dh;
vl_api_ikev2_sa_stats_t stats;
};
typedef ikev2_sa_v3
{
u32 sa_index;
string profile_name[64];
vl_api_ikev2_state_t state;
u64 ispi;
u64 rspi;
vl_api_address_t iaddr;
vl_api_address_t raddr;
vl_api_ikev2_keys_t keys;
/* ID */
vl_api_ikev2_id_t i_id;
vl_api_ikev2_id_t r_id;
vl_api_ikev2_sa_transform_t encryption;
vl_api_ikev2_sa_transform_t integrity;
vl_api_ikev2_sa_transform_t prf;
vl_api_ikev2_sa_transform_t dh;
vl_api_ikev2_sa_stats_t stats;
f64 uptime;
};
|
