Skip to content

Latest commit

 

History

History
1075 lines (601 loc) · 27.8 KB

autogen.md

File metadata and controls

1075 lines (601 loc) · 27.8 KB
Raw

Protocol Documentation

Table of Contents

Top

ipsec.proto

Copyright (C) 2021 Intel Corporation Copyright (c) 2023 Dell Inc, or its subsidiaries. SPDX-License-Identifier: Apache-2.0

Major pieces taken from: https://github.com/ligato/cn-infra/blob/master/examples/cryptodata-proto-plugin/ipsec/ipsec.proto

Addrs

IP addresses or hostanmes

Field Type Label Description
addr string

CaCerts

Field Type Label Description
cacert string repeated

CertPolicy

Field Type Label Description
cert_policy string repeated

Certs

Field Type Label Description
cert string repeated

Child

Child SA

Field Type Label Description
name string Child SA name
ag_proposals Proposals
esp_proposals Proposals
local_ts TrafficSelectors
remote_ts TrafficSelectors
rekey_time uint32
life_time uint32
rand_time uint32
updown string
inactivity uint32
mark_in uint32
mark_in_sa string
mark_out uint32
set_mark_in uint32
set_mark_out uint32
hw_offload string

Connection

IKE connection

Field Type Label Description
name string connection name
version string
local_addrs Addrs repeated
remote_addrs Addrs repeated
local_port uint32
remote_port uint32
proposals Proposals
vips Vips
dscp uint64 We use only the lower 6 bytes
encap string
mobike string
dpd_delay uint32
dpd_timeout uint32
reauth_time uint32
rekey_time uint32
pools Pools
local_auth LocalAuth
remote_auth RemoteAuth
children Child repeated

Groups

Field Type Label Description
group string repeated

IPsecInitiateRequest

Field Type Label Description
child string
ike string
timeout string
loglevel string

IPsecInitiateResponse

Intentionally empty

IPsecListCertsRequest

Field Type Label Description
type string
flag string
subject string

IPsecListCertsResponse

Field Type Label Description
certs ListCert repeated

IPsecListConnsRequest

Field Type Label Description
ike string

IPsecListConnsResponse

Field Type Label Description
connection ListConnResp repeated

IPsecListSasRequest

Field Type Label Description
noblock string
ike string
ike_id uint64
child string
child_id uint64

IPsecListSasResponse

Field Type Label Description
ikesas ListIkeSa repeated

IPsecLoadConnRequest

Field Type Label Description
connection Connection

IPsecLoadConnResponse

Field Type Label Description
success string

IPsecRekeyRequest

Field Type Label Description
child string
ike string
child_id uint64
ike_id uint64
reauth string

IPsecRekeyResponse

Field Type Label Description
success string
matches uint32

IPsecStatsRequest

Intentionally empty

IPsecStatsResponse

Field Type Label Description
status string Generic status string for now

IPsecTerminateRequest

Field Type Label Description
child string
ike string
child_id uint64
ike_id uint64
force string
timeout string
loglevel string

IPsecTerminateResponse

Field Type Label Description
success string
matches uint32
terminated uint32

IPsecUnloadConnRequest

Field Type Label Description
name string

IPsecUnloadConnResponse

Field Type Label Description
success string

IPsecVersionRequest

Intentionally empty

IPsecVersionResponse

Field Type Label Description
daemon string
version string
sysname string
release string
machine string

ListCert

list-cert

Field Type Label Description
type CertificateType
flag X509CertificateFlag
hasprivkey string
data string
subject string
notbefore string
notafter string

ListChild

Field Type Label Description
name string Child SA name
mode string
label string
rekey_time uint32
rekey_bytes uint32
rekey_packets uint32
dpd_action string
close_action string
local_ts TrafficSelectors
remote_ts TrafficSelectors
interface string
priority string

ListChildSa

Field Type Label Description
name string
protocol string
encap string
spi_in string
spi_out string
cpi_in string
cpi_out string
mark_in string
mark_mask_in string
mark_out string
mark_mask_out string
if_id_in string
if_id_out string
encr_alg string
encr_keysize string
integ_alg string
integ_keysize string
dh_group string
esn string

ListConnAuth

Field Type Label Description
class string
eaptype string
eapvendor string
xauth string
revocation string
id string
ca_id string
aaa_id string
eap_id string
xauth_id string
group Groups
cert_policy CertPolicy
certs Certs
cacerts CaCerts

ListConnResp

Field Type Label Description
name string Connection name
local_addrs Addrs repeated
remote_addrs Addrs repeated
version string
reauth_time uint32
rekey_time uint32
unique string
dpd_delay uint32
dpd_timeout uint32
ppk string
ppk_required string
local_auth ListConnAuth repeated
remote_auth ListConnAuth repeated
children ListChild repeated

ListIkeSa

Field Type Label Description
name string IKE_SA name
uniqueid string
version string
ikestate IkeSaState
local_host string
local_port string
local_id string
remote_host string
remote_port string
remote_id string
remote_xauth_id string
remote_eap_id string
initiator string
initiator_spi string
responder_spi string
nat_local string
nat_remote string
nat_fake string
nat_any string
if_id_in string
if_id_out string
encr_alg string
encr_keysize string
integ_alg string
integ_keysize string
prf_alg string
dh_group string
ppk string
established string
rekey_time string
reauth_time string
local_vips string repeated
remote_vips string repeated
tasks_queued string repeated
tasks_active string repeated
tasks_passive string repeated
childsas ListChildSa repeated

LocalAuth

Field Type Label Description
auth AuthType
id string
eap_id string
aaa_id string
xauth_id string
certs Certs
pubkeys PubKeys

Pools

Field Type Label Description
pool string repeated

Proposals

Field Type Label Description
crypto_alg CryptoAlgorithm repeated
integ_alg IntegAlgorithm repeated
prf PRFunction repeated
dhgroups DHGroups repeated

PubKeys

Field Type Label Description
pubkey string repeated

RemoteAuth

Field Type Label Description
auth AuthType
id string
eap_id string
groups Groups
cert_policy CertPolicy
certs Certs
ca_certs CaCerts
pubkeys PubKeys

TrafficSelectors

Field Type Label Description
ts TrafficSelectors.TrafficSelector repeated

TrafficSelectors.TrafficSelector

Field Type Label Description
cidr string
proto string
port string

Vips

Field Type Label Description
vip string repeated

AuthType

Authentication Type

Name Number Description
AUTH_TYPE_UNSPECIFIED 0
AUTH_TYPE_PUBKEY 1
AUTH_TYPE_PSK 2
AUTH_TYPE_XAUTH 3
AUTH_TYPE_EAP 4

CertificateType

Certificate type

Name Number Description
CERTIFICATE_TYPE_X509_UNSPECIFIED 0
CERTIFICATE_TYPE_X509_AC 1
CERTIFICATE_TYPE_X509_CRL 2
CERTIFICATE_TYPE_OCSP_RESPONSE 3
CERTIFICATE_TYPE_PUBKEY 4

ChildSaState

CHILD_SA state

Name Number Description
CHILD_SA_STATE_UNSPECIFIED 0
CHILD_SA_STATE_CREATED 1
CHILD_SA_STATE_ROUTED 2
CHILD_SA_STATE_INSTALLING 3
CHILD_SA_STATE_INSTALLED 4
CHILD_SA_STATE_UPDATING 5
CHILD_SA_STATE_REKEYING 6
CHILD_SA_STATE_REKEYED 7
CHILD_SA_STATE_RETRYING 8
CHILD_SA_STATE_DELETING 9
CHILD_SA_STATE_DELETED 10
CHILD_SA_STATE_DESTROYING 11

CryptoAlgorithm

Cryptographic algorithm for encryption

Name Number Description
CRYPTO_ALGORITHM_UNSPECIFIED 0
CRYPTO_ALGORITHM_AES128 1
CRYPTO_ALGORITHM_AES192 2
CRYPTO_ALGORITHM_AES256 3
CRYPTO_ALGORITHM_AES128GCM128 4
CRYPTO_ALGORITHM_AES256GCM128 5
CRYPTO_ALGORITHM_AES128GMAC 6
CRYPTO_ALGORITHM_AES256GMAC 7

DHGroups

Diffie Hellman Groups

Name Number Description
DH_GROUPS_UNSPECIFIED 0
DH_GROUPS_MODP768 1
DH_GROUPS_MODP1024 2
DH_GROUPS_MODP1536 3
DH_GROUPS_MODP2048 4
DH_GROUPS_MODP3072 5
DH_GROUPS_MODP4096 6
DH_GROUPS_MODP6144 7
DH_GROUPS_MODP8192 8
DH_GROUPS_MODP1024S160 9
DH_GROUPS_MODP2048S224 10
DH_GROUPS_MODP2048S256 11
DH_GROUPS_CURVE25519 12

IkeSaState

IKE_SA state

Name Number Description
IKE_SA_STATE_UNSPECIFIED 0
IKE_SA_STATE_CREATED 1
IKE_SA_STATE_CONNECTING 2
IKE_SA_STATE_ESTABLISHED 3
IKE_SA_STATE_PASSIVE 4
IKE_SA_STATE_REKEYING 5
IKE_SA_STATE_REKEYED 6
IKE_SA_STATE_DELETING 7
IKE_SA_STATE_DESTROYING 8

IntegAlgorithm

Cryptographic algorithm for authentication

Name Number Description
INTEG_ALGORITHM_UNSPECIFIED 0
INTEG_ALGORITHM_MD5 1
INTEG_ALGORITHM_MD5_128 2
INTEG_ALGORITHM_SHA1 3
INTEG_ALGORITHM_SHA1_160 4
INTEG_ALGORITHM_SHA256 5
INTEG_ALGORITHM_SHA384 7
INTEG_ALGORITHM_SHA512 8
INTEG_ALGORITHM_SHA256_96 9

IpsecMode

Tunnel mode

Name Number Description
IPSEC_MODE_UNSPECIFIED 0
IPSEC_MODE_TUNNEL_MODE 1
IPSEC_MODE_TRANSPORT_MODE 2

PRFunction

Pesudo Random Function

Name Number Description
PR_FUNCTION_UNSPECIFIED 0
PR_FUNCTION_MD5 1
PR_FUNCTION_SHA1 2
PR_FUNCTION_AESXCBC 3
PR_FUNCTION_AESCMAC 4
PR_FUNCTION_SHA256 5
PR_FUNCTION_SHA384 6
PR_FUNCTION_SHA512 7

X509CertificateFlag

X.509 certificate flag

Name Number Description
X509_CERTIFICATE_FLAG_UNSPECIFIED 0
X509_CERTIFICATE_FLAG_CA 1
X509_CERTIFICATE_FLAG_AA 2
X509_CERTIFICATE_FLAG_OCSP 3

IPsecService

Service functions for IPSec Protocol

Method Name Request Type Response Type Description
IPsecVersion IPsecVersionRequest IPsecVersionResponse
IPsecStats IPsecStatsRequest IPsecStatsResponse
IPsecInitiate IPsecInitiateRequest IPsecInitiateResponse
IPsecTerminate IPsecTerminateRequest IPsecTerminateResponse
IPsecRekey IPsecRekeyRequest IPsecRekeyResponse
IPsecListSas IPsecListSasRequest IPsecListSasResponse
IPsecListConns IPsecListConnsRequest IPsecListConnsResponse
IPsecListCerts IPsecListCertsRequest IPsecListCertsResponse
IPsecLoadConn IPsecLoadConnRequest IPsecLoadConnResponse
IPsecUnloadConn IPsecUnloadConnRequest IPsecUnloadConnResponse

Scalar Value Types

.proto Type Notes C++ Java Python Go C# PHP Ruby
double double double float float64 double float Float
float float float float float32 float float Float
int32 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. int32 int int int32 int integer Bignum or Fixnum (as required)
int64 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. int64 long int/long int64 long integer/string Bignum
uint32 Uses variable-length encoding. uint32 int int/long uint32 uint integer Bignum or Fixnum (as required)
uint64 Uses variable-length encoding. uint64 long int/long uint64 ulong integer/string Bignum or Fixnum (as required)
sint32 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. int32 int int int32 int integer Bignum or Fixnum (as required)
sint64 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. int64 long int/long int64 long integer/string Bignum
fixed32 Always four bytes. More efficient than uint32 if values are often greater than 2^28. uint32 int int uint32 uint integer Bignum or Fixnum (as required)
fixed64 Always eight bytes. More efficient than uint64 if values are often greater than 2^56. uint64 long int/long uint64 ulong integer/string Bignum
sfixed32 Always four bytes. int32 int int int32 int integer Bignum or Fixnum (as required)
sfixed64 Always eight bytes. int64 long int/long int64 long integer/string Bignum
bool bool boolean boolean bool bool boolean TrueClass/FalseClass
string A string must always contain UTF-8 encoded or 7-bit ASCII text. string String str/unicode string string string String (UTF-8)
bytes May contain any arbitrary sequence of bytes. string ByteString str []byte ByteString string String (ASCII-8BIT)