ikev2.api revision fc7b77db
1/* Hey Emacs use -*- mode: C -*- */
2/*
3 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17option version = "1.0.0";
18
19/** \brief Get the plugin version
20    @param client_index - opaque cookie to identify the sender
21    @param context - sender context, to match reply w/ request
22*/
23define ikev2_plugin_get_version
24{
25  u32 client_index;
26  u32 context;
27};
28
29/** \brief Reply to get the plugin version
30    @param context - returned sender context, to match reply w/ request
31    @param major - Incremented every time a known breaking behavior change is introduced
32    @param minor - Incremented with small changes, may be used to avoid buggy versions
33*/
34define ikev2_plugin_get_version_reply
35{
36  u32 context;
37  u32 major;
38  u32 minor;
39};
40
41/** \brief IKEv2: Add/delete profile
42    @param client_index - opaque cookie to identify the sender
43    @param context - sender context, to match reply w/ request
44
45    @param name - IKEv2 profile name
46    @param is_add - Add IKEv2 profile if non-zero, else delete
47*/
48autoreply define ikev2_profile_add_del
49{
50  u32 client_index;
51  u32 context;
52
53  u8 name[64];
54  u8 is_add;
55  option vat_help = "name <profile_name> [del]";
56};
57
58/** \brief IKEv2: Set IKEv2 profile authentication method
59    @param client_index - opaque cookie to identify the sender
60    @param context - sender context, to match reply w/ request
61
62    @param name - IKEv2 profile name
63    @param auth_method - IKEv2 authentication method (shared-key-mic/rsa-sig)
64    @param is_hex - Authentication data in hex format if non-zero, else string
65    @param data_len - Authentication data length
66    @param data - Authentication data (for rsa-sig cert file path)
67*/
68autoreply define ikev2_profile_set_auth
69{
70  u32 client_index;
71  u32 context;
72
73  u8 name[64];
74  u8 auth_method;
75  u8 is_hex;
76  u32 data_len;
77  u8 data[data_len];
78  option vat_help = "name <profile_name> auth_method <method> (auth_data 0x<data> | auth_data <data>)";
79};
80
81/** \brief IKEv2: Set IKEv2 profile local/remote identification
82    @param client_index - opaque cookie to identify the sender
83    @param context - sender context, to match reply w/ request
84
85    @param name - IKEv2 profile name
86    @param is_local - Identification is local if non-zero, else remote
87    @param id_type - Identification type
88    @param data_len - Identification data length
89    @param data - Identification data
90*/
91autoreply define ikev2_profile_set_id
92{
93  u32 client_index;
94  u32 context;
95
96  u8 name[64];
97  u8 is_local;
98  u8 id_type;
99  u32 data_len;
100  u8 data[data_len];
101  option vat_help = "name <profile_name> id_type <type> (id_data 0x<data> | id_data <data>) (local|remote)";
102};
103
104/** \brief IKEv2: Set IKEv2 profile traffic selector parameters
105    @param client_index - opaque cookie to identify the sender
106    @param context - sender context, to match reply w/ request
107
108    @param name - IKEv2 profile name
109    @param is_local - Traffic selector is local if non-zero, else remote
110    @param proto - Traffic selector IP protocol (if zero not relevant)
111    @param start_port - The smallest port number allowed by traffic selector
112    @param end_port - The largest port number allowed by traffic selector
113    @param start_addr - The smallest address included in traffic selector
114    @param end_addr - The largest address included in traffic selector
115*/
116autoreply define ikev2_profile_set_ts
117{
118  u32 client_index;
119  u32 context;
120
121  u8 name[64];
122  u8 is_local;
123  u8 proto;
124  u16 start_port;
125  u16 end_port;
126  u32 start_addr;
127  u32 end_addr;
128  option vat_help = "name <profile_name> protocol <proto> start_port <port> end_port <port> start_addr <ip4> end_addr <ip4> (local|remote)";
129};
130
131/** \brief IKEv2: Set IKEv2 local RSA private key
132    @param client_index - opaque cookie to identify the sender
133    @param context - sender context, to match reply w/ request
134
135    @param key_file - Key file absolute path
136*/
137autoreply define ikev2_set_local_key
138{
139  u32 client_index;
140  u32 context;
141
142  u8 key_file[256];
143  option vat_help = "file <absolute_file_path>";
144};
145
146/** \brief IKEv2: Set IKEv2 responder interface and IP address
147    @param client_index - opaque cookie to identify the sender
148    @param context - sender context, to match reply w/ request
149
150    @param name - IKEv2 profile name
151    @param sw_if_index - interface index
152    @param address - interface address
153*/
154autoreply define ikev2_set_responder
155{
156  u32 client_index;
157  u32 context;
158
159  u8 name[64];
160  u32 sw_if_index;
161  u8 address[4];
162  option vat_help = "<profile_name> interface <interface> address <addr>";
163};
164
165/** \brief IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
166    @param client_index - opaque cookie to identify the sender
167    @param context - sender context, to match reply w/ request
168
169    @param name - IKEv2 profile name
170    @param crypto_alg - encryption algorithm
171    @param crypto_key_size - encryption key size
172    @param integ_alg - integrity algorithm
173    @param dh_group - Diffie-Hellman group
174    
175*/
176autoreply define ikev2_set_ike_transforms
177{
178  u32 client_index;
179  u32 context;
180
181  u8 name[64];
182  u32 crypto_alg;
183  u32 crypto_key_size;
184  u32 integ_alg;
185  u32 dh_group;
186  option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
187};
188
189/** \brief IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
190    @param client_index - opaque cookie to identify the sender
191    @param context - sender context, to match reply w/ request
192
193    @param name - IKEv2 profile name
194    @param crypto_alg - encryption algorithm
195    @param crypto_key_size - encryption key size
196    @param integ_alg - integrity algorithm
197    @param dh_group - Diffie-Hellman group
198    
199*/
200autoreply define ikev2_set_esp_transforms
201{
202  u32 client_index;
203  u32 context;
204
205  u8 name[64];
206  u32 crypto_alg;
207  u32 crypto_key_size;
208  u32 integ_alg;
209  u32 dh_group;
210  option vat_help = "<profile_name> <crypto alg> <key size> <integrity alg> <DH group>";
211};
212
213/** \brief IKEv2: Set Child SA lifetime, limited by time and/or data
214    @param client_index - opaque cookie to identify the sender
215    @param context - sender context, to match reply w/ request
216
217    @param name - IKEv2 profile name
218    @param lifetime - SA maximum life time in seconds (0 to disable)
219    @param lifetime_jitter - Jitter added to prevent simultaneous rekeying
220    @param handover - Hand over time
221    @param lifetime_maxdata - SA maximum life time in bytes (0 to disable)
222    
223*/
224autoreply define ikev2_set_sa_lifetime
225{
226  u32 client_index;
227  u32 context;
228
229  u8 name[64];
230  u64 lifetime;
231  u32 lifetime_jitter;
232  u32 handover;
233  u64 lifetime_maxdata;
234  option vat_help = "<profile_name> <seconds> <jitter> <handover> <max bytes>";
235};
236
237/** \brief IKEv2: Initiate the SA_INIT exchange
238    @param client_index - opaque cookie to identify the sender
239    @param context - sender context, to match reply w/ request
240
241    @param name - IKEv2 profile name
242    
243*/
244autoreply define ikev2_initiate_sa_init
245{
246  u32 client_index;
247  u32 context;
248
249  u8 name[64];
250  option vat_help = "<profile_name>";
251};
252
253/** \brief IKEv2: Initiate the delete IKE SA exchange
254    @param client_index - opaque cookie to identify the sender
255    @param context - sender context, to match reply w/ request
256
257    @param ispi - IKE SA initiator SPI
258    
259*/
260autoreply define ikev2_initiate_del_ike_sa
261{
262  u32 client_index;
263  u32 context;
264
265  u64 ispi;
266  option vat_help = "<ispi>";
267};
268
269/** \brief IKEv2: Initiate the delete Child SA exchange
270    @param client_index - opaque cookie to identify the sender
271    @param context - sender context, to match reply w/ request
272
273    @param ispi - Child SA initiator SPI
274    
275*/
276autoreply define ikev2_initiate_del_child_sa
277{
278  u32 client_index;
279  u32 context;
280
281  u32 ispi;
282  option vat_help = "<ispi>";
283};
284
285/** \brief IKEv2: Initiate the rekey Child SA exchange
286    @param client_index - opaque cookie to identify the sender
287    @param context - sender context, to match reply w/ request
288
289    @param ispi - Child SA initiator SPI
290    
291*/
292autoreply define ikev2_initiate_rekey_child_sa
293{
294  u32 client_index;
295  u32 context;
296
297  u32 ispi;
298  option vat_help = "<ispi>";
299};
300
301/*
302 * Local Variables:
303 * eval: (c-set-style "gnu")
304 * End:
305 */
306 
307