Copyright (C) 2021 Intel Corporation Copyright (c) 2023 Dell Inc, or its subsidiaries. SPDX-License-Identifier: Apache-2.0
Major pieces taken from: https://github.com/ligato/cn-infra/blob/master/examples/cryptodata-proto-plugin/ipsec/ipsec.proto
IP addresses or hostanmes
Field | Type | Label | Description |
---|---|---|---|
addr | string |
Field | Type | Label | Description |
---|---|---|---|
cacert | string | repeated |
Field | Type | Label | Description |
---|---|---|---|
cert_policy | string | repeated |
Field | Type | Label | Description |
---|---|---|---|
cert | string | repeated |
Child SA
Field | Type | Label | Description |
---|---|---|---|
name | string | Child SA name | |
ag_proposals | Proposals | ||
esp_proposals | Proposals | ||
local_ts | TrafficSelectors | ||
remote_ts | TrafficSelectors | ||
rekey_time | uint32 | ||
life_time | uint32 | ||
rand_time | uint32 | ||
updown | string | ||
inactivity | uint32 | ||
mark_in | uint32 | ||
mark_in_sa | string | ||
mark_out | uint32 | ||
set_mark_in | uint32 | ||
set_mark_out | uint32 | ||
hw_offload | string |
IKE connection
Field | Type | Label | Description |
---|---|---|---|
name | string | connection name | |
version | string | ||
local_addrs | Addrs | repeated | |
remote_addrs | Addrs | repeated | |
local_port | uint32 | ||
remote_port | uint32 | ||
proposals | Proposals | ||
vips | Vips | ||
dscp | uint64 | We use only the lower 6 bytes | |
encap | string | ||
mobike | string | ||
dpd_delay | uint32 | ||
dpd_timeout | uint32 | ||
reauth_time | uint32 | ||
rekey_time | uint32 | ||
pools | Pools | ||
local_auth | LocalAuth | ||
remote_auth | RemoteAuth | ||
children | Child | repeated |
Field | Type | Label | Description |
---|---|---|---|
group | string | repeated |
Field | Type | Label | Description |
---|---|---|---|
child | string | ||
ike | string | ||
timeout | string | ||
loglevel | string |
Intentionally empty
Field | Type | Label | Description |
---|---|---|---|
type | string | ||
flag | string | ||
subject | string |
Field | Type | Label | Description |
---|---|---|---|
certs | ListCert | repeated |
Field | Type | Label | Description |
---|---|---|---|
ike | string |
Field | Type | Label | Description |
---|---|---|---|
connection | ListConnResp | repeated |
Field | Type | Label | Description |
---|---|---|---|
noblock | string | ||
ike | string | ||
ike_id | uint64 | ||
child | string | ||
child_id | uint64 |
Field | Type | Label | Description |
---|---|---|---|
ikesas | ListIkeSa | repeated |
Field | Type | Label | Description |
---|---|---|---|
connection | Connection |
Field | Type | Label | Description |
---|---|---|---|
success | string |
Field | Type | Label | Description |
---|---|---|---|
child | string | ||
ike | string | ||
child_id | uint64 | ||
ike_id | uint64 | ||
reauth | string |
Field | Type | Label | Description |
---|---|---|---|
success | string | ||
matches | uint32 |
Intentionally empty
Field | Type | Label | Description |
---|---|---|---|
status | string | Generic status string for now |
Field | Type | Label | Description |
---|---|---|---|
child | string | ||
ike | string | ||
child_id | uint64 | ||
ike_id | uint64 | ||
force | string | ||
timeout | string | ||
loglevel | string |
Field | Type | Label | Description |
---|---|---|---|
success | string | ||
matches | uint32 | ||
terminated | uint32 |
Field | Type | Label | Description |
---|---|---|---|
name | string |
Field | Type | Label | Description |
---|---|---|---|
success | string |
Intentionally empty
Field | Type | Label | Description |
---|---|---|---|
daemon | string | ||
version | string | ||
sysname | string | ||
release | string | ||
machine | string |
list-cert
Field | Type | Label | Description |
---|---|---|---|
type | CertificateType | ||
flag | X509CertificateFlag | ||
hasprivkey | string | ||
data | string | ||
subject | string | ||
notbefore | string | ||
notafter | string |
Field | Type | Label | Description |
---|---|---|---|
name | string | Child SA name | |
mode | string | ||
label | string | ||
rekey_time | uint32 | ||
rekey_bytes | uint32 | ||
rekey_packets | uint32 | ||
dpd_action | string | ||
close_action | string | ||
local_ts | TrafficSelectors | ||
remote_ts | TrafficSelectors | ||
interface | string | ||
priority | string |
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
protocol | string | ||
encap | string | ||
spi_in | string | ||
spi_out | string | ||
cpi_in | string | ||
cpi_out | string | ||
mark_in | string | ||
mark_mask_in | string | ||
mark_out | string | ||
mark_mask_out | string | ||
if_id_in | string | ||
if_id_out | string | ||
encr_alg | string | ||
encr_keysize | string | ||
integ_alg | string | ||
integ_keysize | string | ||
dh_group | string | ||
esn | string |
Field | Type | Label | Description |
---|---|---|---|
class | string | ||
eaptype | string | ||
eapvendor | string | ||
xauth | string | ||
revocation | string | ||
id | string | ||
ca_id | string | ||
aaa_id | string | ||
eap_id | string | ||
xauth_id | string | ||
group | Groups | ||
cert_policy | CertPolicy | ||
certs | Certs | ||
cacerts | CaCerts |
Field | Type | Label | Description |
---|---|---|---|
name | string | Connection name | |
local_addrs | Addrs | repeated | |
remote_addrs | Addrs | repeated | |
version | string | ||
reauth_time | uint32 | ||
rekey_time | uint32 | ||
unique | string | ||
dpd_delay | uint32 | ||
dpd_timeout | uint32 | ||
ppk | string | ||
ppk_required | string | ||
local_auth | ListConnAuth | repeated | |
remote_auth | ListConnAuth | repeated | |
children | ListChild | repeated |
Field | Type | Label | Description |
---|---|---|---|
name | string | IKE_SA name | |
uniqueid | string | ||
version | string | ||
ikestate | IkeSaState | ||
local_host | string | ||
local_port | string | ||
local_id | string | ||
remote_host | string | ||
remote_port | string | ||
remote_id | string | ||
remote_xauth_id | string | ||
remote_eap_id | string | ||
initiator | string | ||
initiator_spi | string | ||
responder_spi | string | ||
nat_local | string | ||
nat_remote | string | ||
nat_fake | string | ||
nat_any | string | ||
if_id_in | string | ||
if_id_out | string | ||
encr_alg | string | ||
encr_keysize | string | ||
integ_alg | string | ||
integ_keysize | string | ||
prf_alg | string | ||
dh_group | string | ||
ppk | string | ||
established | string | ||
rekey_time | string | ||
reauth_time | string | ||
local_vips | string | repeated | |
remote_vips | string | repeated | |
tasks_queued | string | repeated | |
tasks_active | string | repeated | |
tasks_passive | string | repeated | |
childsas | ListChildSa | repeated |
Field | Type | Label | Description |
---|---|---|---|
auth | AuthType | ||
id | string | ||
eap_id | string | ||
aaa_id | string | ||
xauth_id | string | ||
certs | Certs | ||
pubkeys | PubKeys |
Field | Type | Label | Description |
---|---|---|---|
pool | string | repeated |
Field | Type | Label | Description |
---|---|---|---|
crypto_alg | CryptoAlgorithm | repeated | |
integ_alg | IntegAlgorithm | repeated | |
prf | PRFunction | repeated | |
dhgroups | DHGroups | repeated |
Field | Type | Label | Description |
---|---|---|---|
pubkey | string | repeated |
Field | Type | Label | Description |
---|---|---|---|
auth | AuthType | ||
id | string | ||
eap_id | string | ||
groups | Groups | ||
cert_policy | CertPolicy | ||
certs | Certs | ||
ca_certs | CaCerts | ||
pubkeys | PubKeys |
Field | Type | Label | Description |
---|---|---|---|
ts | TrafficSelectors.TrafficSelector | repeated |
Field | Type | Label | Description |
---|---|---|---|
cidr | string | ||
proto | string | ||
port | string |
Field | Type | Label | Description |
---|---|---|---|
vip | string | repeated |
Authentication Type
Name | Number | Description |
---|---|---|
AUTH_TYPE_UNSPECIFIED | 0 | |
AUTH_TYPE_PUBKEY | 1 | |
AUTH_TYPE_PSK | 2 | |
AUTH_TYPE_XAUTH | 3 | |
AUTH_TYPE_EAP | 4 |
Certificate type
Name | Number | Description |
---|---|---|
CERTIFICATE_TYPE_X509_UNSPECIFIED | 0 | |
CERTIFICATE_TYPE_X509_AC | 1 | |
CERTIFICATE_TYPE_X509_CRL | 2 | |
CERTIFICATE_TYPE_OCSP_RESPONSE | 3 | |
CERTIFICATE_TYPE_PUBKEY | 4 |
CHILD_SA state
Name | Number | Description |
---|---|---|
CHILD_SA_STATE_UNSPECIFIED | 0 | |
CHILD_SA_STATE_CREATED | 1 | |
CHILD_SA_STATE_ROUTED | 2 | |
CHILD_SA_STATE_INSTALLING | 3 | |
CHILD_SA_STATE_INSTALLED | 4 | |
CHILD_SA_STATE_UPDATING | 5 | |
CHILD_SA_STATE_REKEYING | 6 | |
CHILD_SA_STATE_REKEYED | 7 | |
CHILD_SA_STATE_RETRYING | 8 | |
CHILD_SA_STATE_DELETING | 9 | |
CHILD_SA_STATE_DELETED | 10 | |
CHILD_SA_STATE_DESTROYING | 11 |
Cryptographic algorithm for encryption
Name | Number | Description |
---|---|---|
CRYPTO_ALGORITHM_UNSPECIFIED | 0 | |
CRYPTO_ALGORITHM_AES128 | 1 | |
CRYPTO_ALGORITHM_AES192 | 2 | |
CRYPTO_ALGORITHM_AES256 | 3 | |
CRYPTO_ALGORITHM_AES128GCM128 | 4 | |
CRYPTO_ALGORITHM_AES256GCM128 | 5 | |
CRYPTO_ALGORITHM_AES128GMAC | 6 | |
CRYPTO_ALGORITHM_AES256GMAC | 7 |
Diffie Hellman Groups
Name | Number | Description |
---|---|---|
DH_GROUPS_UNSPECIFIED | 0 | |
DH_GROUPS_MODP768 | 1 | |
DH_GROUPS_MODP1024 | 2 | |
DH_GROUPS_MODP1536 | 3 | |
DH_GROUPS_MODP2048 | 4 | |
DH_GROUPS_MODP3072 | 5 | |
DH_GROUPS_MODP4096 | 6 | |
DH_GROUPS_MODP6144 | 7 | |
DH_GROUPS_MODP8192 | 8 | |
DH_GROUPS_MODP1024S160 | 9 | |
DH_GROUPS_MODP2048S224 | 10 | |
DH_GROUPS_MODP2048S256 | 11 | |
DH_GROUPS_CURVE25519 | 12 |
IKE_SA state
Name | Number | Description |
---|---|---|
IKE_SA_STATE_UNSPECIFIED | 0 | |
IKE_SA_STATE_CREATED | 1 | |
IKE_SA_STATE_CONNECTING | 2 | |
IKE_SA_STATE_ESTABLISHED | 3 | |
IKE_SA_STATE_PASSIVE | 4 | |
IKE_SA_STATE_REKEYING | 5 | |
IKE_SA_STATE_REKEYED | 6 | |
IKE_SA_STATE_DELETING | 7 | |
IKE_SA_STATE_DESTROYING | 8 |
Cryptographic algorithm for authentication
Name | Number | Description |
---|---|---|
INTEG_ALGORITHM_UNSPECIFIED | 0 | |
INTEG_ALGORITHM_MD5 | 1 | |
INTEG_ALGORITHM_MD5_128 | 2 | |
INTEG_ALGORITHM_SHA1 | 3 | |
INTEG_ALGORITHM_SHA1_160 | 4 | |
INTEG_ALGORITHM_SHA256 | 5 | |
INTEG_ALGORITHM_SHA384 | 7 | |
INTEG_ALGORITHM_SHA512 | 8 | |
INTEG_ALGORITHM_SHA256_96 | 9 |
Tunnel mode
Name | Number | Description |
---|---|---|
IPSEC_MODE_UNSPECIFIED | 0 | |
IPSEC_MODE_TUNNEL_MODE | 1 | |
IPSEC_MODE_TRANSPORT_MODE | 2 |
Pesudo Random Function
Name | Number | Description |
---|---|---|
PR_FUNCTION_UNSPECIFIED | 0 | |
PR_FUNCTION_MD5 | 1 | |
PR_FUNCTION_SHA1 | 2 | |
PR_FUNCTION_AESXCBC | 3 | |
PR_FUNCTION_AESCMAC | 4 | |
PR_FUNCTION_SHA256 | 5 | |
PR_FUNCTION_SHA384 | 6 | |
PR_FUNCTION_SHA512 | 7 |
X.509 certificate flag
Name | Number | Description |
---|---|---|
X509_CERTIFICATE_FLAG_UNSPECIFIED | 0 | |
X509_CERTIFICATE_FLAG_CA | 1 | |
X509_CERTIFICATE_FLAG_AA | 2 | |
X509_CERTIFICATE_FLAG_OCSP | 3 |
Service functions for IPSec Protocol
Method Name | Request Type | Response Type | Description |
---|---|---|---|
IPsecVersion | IPsecVersionRequest | IPsecVersionResponse | |
IPsecStats | IPsecStatsRequest | IPsecStatsResponse | |
IPsecInitiate | IPsecInitiateRequest | IPsecInitiateResponse | |
IPsecTerminate | IPsecTerminateRequest | IPsecTerminateResponse | |
IPsecRekey | IPsecRekeyRequest | IPsecRekeyResponse | |
IPsecListSas | IPsecListSasRequest | IPsecListSasResponse | |
IPsecListConns | IPsecListConnsRequest | IPsecListConnsResponse | |
IPsecListCerts | IPsecListCertsRequest | IPsecListCertsResponse | |
IPsecLoadConn | IPsecLoadConnRequest | IPsecLoadConnResponse | |
IPsecUnloadConn | IPsecUnloadConnRequest | IPsecUnloadConnResponse |
.proto Type | Notes | C++ | Java | Python | Go | C# | PHP | Ruby |
---|---|---|---|---|---|---|---|---|
double | double | double | float | float64 | double | float | Float | |
float | float | float | float | float32 | float | float | Float | |
int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long | int64 | long | integer/string | Bignum |
uint32 | Uses variable-length encoding. | uint32 | int | int/long | uint32 | uint | integer | Bignum or Fixnum (as required) |
uint64 | Uses variable-length encoding. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum or Fixnum (as required) |
sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long | int64 | long | integer/string | Bignum |
fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int | uint32 | uint | integer | Bignum or Fixnum (as required) |
fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum |
sfixed32 | Always four bytes. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
sfixed64 | Always eight bytes. | int64 | long | int/long | int64 | long | integer/string | Bignum |
bool | bool | boolean | boolean | bool | bool | boolean | TrueClass/FalseClass | |
string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode | string | string | string | String (UTF-8) |
bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str | []byte | ByteString | string | String (ASCII-8BIT) |