Classes
struct	_sai_ipsec_sa_status_notification_t
	IPsec SA status for notification. More...

struct	_sai_ipsec_api_t
	IPsec methods table retrieved with sai_api_query() More...

Typedefs
typedef enum _sai_ipsec_direction_t	sai_ipsec_direction_t
	IPsec direction types For PHY ASIC Egress is system to line direction and ingress is the opposite.

typedef enum _sai_ipsec_cipher_t	sai_ipsec_cipher_t
	IPsec cipher suite types.

typedef enum _sai_ipsec_sa_octet_count_status_t	sai_ipsec_sa_octet_count_status_t
	IPsec SA sequence number status type.

typedef struct _sai_ipsec_sa_status_notification_t	sai_ipsec_sa_status_notification_t
	IPsec SA status for notification.

typedef enum _sai_ipsec_attr_t	sai_ipsec_attr_t
	Attribute Id for sai_ipsec.

typedef enum _sai_ipsec_port_attr_t	sai_ipsec_port_attr_t
	Attribute Id for sai_ipsec_port.

typedef enum _sai_ipsec_port_stat_t	sai_ipsec_port_stat_t
	IPsec flow counter IDs in sai_get_ipsec_sa_stats() call.

typedef enum _sai_ipsec_sa_attr_t	sai_ipsec_sa_attr_t
	Attribute Id for sai_ipsec_sa.

typedef enum _sai_ipsec_sa_stat_t	sai_ipsec_sa_stat_t
	IPsec flow counter IDs in sai_get_ipsec_sa_stats() call.

typedef sai_status_t(*	sai_create_ipsec_fn) (_Out_ sai_object_id_t ipsec_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t attr_list)
	Create a IPsec object.

typedef sai_status_t(*	sai_remove_ipsec_fn) (_In_ sai_object_id_t ipsec_id)
	Delete the IPsec object.

typedef sai_status_t(*	sai_set_ipsec_attribute_fn) (_In_ sai_object_id_t ipsec_id, _In_ const sai_attribute_t *attr)
	Set IPsec attribute.

typedef sai_status_t(*	sai_get_ipsec_attribute_fn) (_In_ sai_object_id_t ipsec_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)
	Get IPsec attribute.

typedef sai_status_t(*	sai_create_ipsec_port_fn) (_Out_ sai_object_id_t ipsec_port_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t attr_list)
	Create a IPsec port.

typedef sai_status_t(*	sai_remove_ipsec_port_fn) (_In_ sai_object_id_t ipsec_port_id)
	Delete a IPsec port.

typedef sai_status_t(*	sai_set_ipsec_port_attribute_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ const sai_attribute_t *attr)
	Set IPsec port attribute.

typedef sai_status_t(*	sai_get_ipsec_port_attribute_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)
	Get IPsec port attribute.

typedef sai_status_t(*	sai_get_ipsec_port_stats_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t counter_ids, _Out_ uint64_t counters)
	Get IPsec port counters.

typedef sai_status_t(*	sai_get_ipsec_port_stats_ext_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t counter_ids, _In_ sai_stats_mode_t mode, _Out_ uint64_t counters)
	Get IPsec port counters extended.

typedef sai_status_t(*	sai_clear_ipsec_port_stats_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids)
	Clear IPsec port counters.

typedef sai_status_t(*	sai_create_ipsec_sa_fn) (_Out_ sai_object_id_t ipsec_sa_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t attr_list)
	Create a IPsec Security Association.

typedef sai_status_t(*	sai_remove_ipsec_sa_fn) (_In_ sai_object_id_t ipsec_sa_id)
	Delete a IPsec Security Association.

typedef sai_status_t(*	sai_set_ipsec_sa_attribute_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ const sai_attribute_t *attr)
	Set IPsec Security Association attribute.

typedef sai_status_t(*	sai_get_ipsec_sa_attribute_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)
	Get IPsec Security Association attribute.

typedef sai_status_t(*	sai_get_ipsec_sa_stats_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t counter_ids, _Out_ uint64_t counters)
	Get IPsec Security Association counters.

typedef sai_status_t(*	sai_get_ipsec_sa_stats_ext_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t counter_ids, _In_ sai_stats_mode_t mode, _Out_ uint64_t counters)
	Get IPsec Security Association counters extended.

typedef sai_status_t(*	sai_clear_ipsec_sa_stats_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids)
	Clear IPsec Security Association counters.

typedef void(*	sai_ipsec_sa_status_change_notification_fn) (_In_ uint32_t count, _In_ const sai_ipsec_sa_status_notification_t *data)
	IPsec SA status change notification.

typedef struct _sai_ipsec_api_t	sai_ipsec_api_t
	IPsec methods table retrieved with sai_api_query()

Enumerations
enum	_sai_ipsec_direction_t { SAI_IPSEC_DIRECTION_EGRESS , SAI_IPSEC_DIRECTION_INGRESS }
	IPsec direction types For PHY ASIC Egress is system to line direction and ingress is the opposite. More...

enum	_sai_ipsec_cipher_t { SAI_IPSEC_CIPHER_AES128_GCM16 , SAI_IPSEC_CIPHER_AES256_GCM16 , SAI_IPSEC_CIPHER_AES128_GMAC , SAI_IPSEC_CIPHER_AES256_GMAC }
	IPsec cipher suite types. More...

enum	_sai_ipsec_sa_octet_count_status_t { SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_LOW_WATERMARK , SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_HIGH_WATERMARK , SAI_IPSEC_SA_OCTET_COUNT_STATUS_ABOVE_HIGH_WATERMARK }
	IPsec SA sequence number status type. More...

enum	_sai_ipsec_attr_t { SAI_IPSEC_ATTR_START , SAI_IPSEC_ATTR_TERM_REMOTE_IP_MATCH_SUPPORTED = SAI_IPSEC_ATTR_START , SAI_IPSEC_ATTR_SWITCHING_MODE_CUT_THROUGH_SUPPORTED , SAI_IPSEC_ATTR_SWITCHING_MODE_STORE_AND_FORWARD_SUPPORTED , SAI_IPSEC_ATTR_STATS_MODE_READ_SUPPORTED , SAI_IPSEC_ATTR_STATS_MODE_READ_CLEAR_SUPPORTED , SAI_IPSEC_ATTR_SN_32BIT_SUPPORTED , SAI_IPSEC_ATTR_ESN_64BIT_SUPPORTED , SAI_IPSEC_ATTR_SUPPORTED_CIPHER_LIST , SAI_IPSEC_ATTR_SYSTEM_SIDE_MTU , SAI_IPSEC_ATTR_WARM_BOOT_SUPPORTED , SAI_IPSEC_ATTR_WARM_BOOT_ENABLE , SAI_IPSEC_ATTR_EXTERNAL_SA_INDEX_ENABLE , SAI_IPSEC_ATTR_CTAG_TPID , SAI_IPSEC_ATTR_STAG_TPID , SAI_IPSEC_ATTR_MAX_VLAN_TAGS_PARSED , SAI_IPSEC_ATTR_OCTET_COUNT_HIGH_WATERMARK , SAI_IPSEC_ATTR_OCTET_COUNT_LOW_WATERMARK , SAI_IPSEC_ATTR_STATS_MODE , SAI_IPSEC_ATTR_AVAILABLE_IPSEC_SA , SAI_IPSEC_ATTR_SA_LIST , SAI_IPSEC_ATTR_END , SAI_IPSEC_ATTR_CUSTOM_RANGE_START = 0x10000000 , SAI_IPSEC_ATTR_CUSTOM_RANGE_END }
	Attribute Id for sai_ipsec. More...

enum	_sai_ipsec_port_attr_t { SAI_IPSEC_PORT_ATTR_START , SAI_IPSEC_PORT_ATTR_PORT_ID = SAI_IPSEC_PORT_ATTR_START , SAI_IPSEC_PORT_ATTR_CTAG_ENABLE , SAI_IPSEC_PORT_ATTR_STAG_ENABLE , SAI_IPSEC_PORT_ATTR_NATIVE_VLAN_ID , SAI_IPSEC_PORT_ATTR_VRF_FROM_PACKET_VLAN_ENABLE , SAI_IPSEC_PORT_ATTR_SWITCH_SWITCHING_MODE , SAI_IPSEC_PORT_ATTR_END , SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_START = 0x10000000 , SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_END }
	Attribute Id for sai_ipsec_port. More...

enum	_sai_ipsec_port_stat_t { SAI_IPSEC_PORT_STAT_TX_ERROR_PKTS , SAI_IPSEC_PORT_STAT_TX_IPSEC_PKTS , SAI_IPSEC_PORT_STAT_TX_NON_IPSEC_PKTS , SAI_IPSEC_PORT_STAT_RX_ERROR_PKTS , SAI_IPSEC_PORT_STAT_RX_IPSEC_PKTS , SAI_IPSEC_PORT_STAT_RX_NON_IPSEC_PKTS }
	IPsec flow counter IDs in sai_get_ipsec_sa_stats() call. More...

enum	_sai_ipsec_sa_attr_t { SAI_IPSEC_SA_ATTR_START , SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION = SAI_IPSEC_SA_ATTR_START , SAI_IPSEC_SA_ATTR_IPSEC_ID , SAI_IPSEC_SA_ATTR_OCTET_COUNT_STATUS , SAI_IPSEC_SA_ATTR_EXTERNAL_SA_INDEX , SAI_IPSEC_SA_ATTR_SA_INDEX , SAI_IPSEC_SA_ATTR_IPSEC_PORT_LIST , SAI_IPSEC_SA_ATTR_IPSEC_SPI , SAI_IPSEC_SA_ATTR_IPSEC_ESN_ENABLE , SAI_IPSEC_SA_ATTR_IPSEC_CIPHER , SAI_IPSEC_SA_ATTR_ENCRYPT_KEY , SAI_IPSEC_SA_ATTR_SALT , SAI_IPSEC_SA_ATTR_AUTH_KEY , SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_ENABLE , SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_WINDOW , SAI_IPSEC_SA_ATTR_TERM_DST_IP , SAI_IPSEC_SA_ATTR_TERM_VLAN_ID_ENABLE , SAI_IPSEC_SA_ATTR_TERM_VLAN_ID , SAI_IPSEC_SA_ATTR_TERM_SRC_IP_ENABLE , SAI_IPSEC_SA_ATTR_TERM_SRC_IP , SAI_IPSEC_SA_ATTR_EGRESS_ESN , SAI_IPSEC_SA_ATTR_MINIMUM_INGRESS_ESN , SAI_IPSEC_SA_ATTR_END , SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_START = 0x10000000 , SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_END }
	Attribute Id for sai_ipsec_sa. More...

enum	_sai_ipsec_sa_stat_t { SAI_IPSEC_SA_STAT_PROTECTED_OCTETS , SAI_IPSEC_SA_STAT_PROTECTED_PKTS , SAI_IPSEC_SA_STAT_GOOD_PKTS , SAI_IPSEC_SA_STAT_BAD_HEADER_PKTS_IN , SAI_IPSEC_SA_STAT_REPLAYED_PKTS_IN , SAI_IPSEC_SA_STAT_LATE_PKTS_IN , SAI_IPSEC_SA_STAT_BAD_TRAILER_PKTS_IN , SAI_IPSEC_SA_STAT_AUTH_FAIL_PKTS_IN , SAI_IPSEC_SA_STAT_DUMMY_DROPPED_PKTS_IN , SAI_IPSEC_SA_STAT_OTHER_DROPPED_PKTS }
	IPsec flow counter IDs in sai_get_ipsec_sa_stats() call. More...

Detailed Description

Typedef Documentation

◆ sai_clear_ipsec_port_stats_fn

typedef sai_status_t(* sai_clear_ipsec_port_stats_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids)

Clear IPsec port counters.

Parameters

[in]	ipsec_port_id	IPsec port id
[in]	number_of_counters	Number of counters in the array
[in]	counter_ids	Specifies the array of counter ids

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 873 of file saiipsec.h.

◆ sai_clear_ipsec_sa_stats_fn

typedef sai_status_t(* sai_clear_ipsec_sa_stats_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids)

Clear IPsec Security Association counters.

Parameters

[in]	ipsec_sa_id	IPsec Security Association id
[in]	number_of_counters	Number of counters in the array
[in]	counter_ids	Specifies the array of counter ids

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 973 of file saiipsec.h.

◆ sai_create_ipsec_fn

typedef sai_status_t(* sai_create_ipsec_fn) (_Out_ sai_object_id_t *ipsec_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t *attr_list)

Create a IPsec object.

Parameters

[out]	ipsec_id	The IPsec object id associated with this switch/PHY
[in]	switch_id	The switch/PHY Object id
[in]	attr_count	Number of attributes
[in]	attr_list	Array of attributes

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 736 of file saiipsec.h.

◆ sai_create_ipsec_port_fn

typedef sai_status_t(* sai_create_ipsec_port_fn) (_Out_ sai_object_id_t *ipsec_port_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t *attr_list)

Create a IPsec port.

Parameters

[out]	ipsec_port_id	The IPsec port id
[in]	switch_id	The switch/PHY Object id
[in]	attr_count	Number of attributes
[in]	attr_list	Array of attributes

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 788 of file saiipsec.h.

◆ sai_create_ipsec_sa_fn

typedef sai_status_t(* sai_create_ipsec_sa_fn) (_Out_ sai_object_id_t *ipsec_sa_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t *attr_list)

Create a IPsec Security Association.

Parameters

[out]	ipsec_sa_id	The IPsec Security Association id
[in]	switch_id	The switch/PHY Object id
[in]	attr_count	Number of attributes
[in]	attr_list	Array of attributes

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 888 of file saiipsec.h.

◆ sai_get_ipsec_attribute_fn

typedef sai_status_t(* sai_get_ipsec_attribute_fn) (_In_ sai_object_id_t ipsec_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)

Get IPsec attribute.

Parameters

[in]	ipsec_id	The IPsec object id associated with this switch/PHY
[in]	attr_count	Number of attributes
[in,out]	attr_list	Array of attributes

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 773 of file saiipsec.h.

◆ sai_get_ipsec_port_attribute_fn

typedef sai_status_t(* sai_get_ipsec_port_attribute_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)

Get IPsec port attribute.

Parameters

[in]	ipsec_port_id	IPsec port id
[in]	attr_count	Number of attributes
[in,out]	attr_list	Array of attributes

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 825 of file saiipsec.h.

◆ sai_get_ipsec_port_stats_ext_fn

typedef sai_status_t(* sai_get_ipsec_port_stats_ext_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids, _In_ sai_stats_mode_t mode, _Out_ uint64_t *counters)

Get IPsec port counters extended.

Parameters

[in]	ipsec_port_id	IPsec port id
[in]	number_of_counters	Number of counters in the array
[in]	counter_ids	Specifies the array of counter ids
[in]	mode	Should match SAI_IPSEC_ATTR_STATS_MODE
[out]	counters	Array of resulting counter values.

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 857 of file saiipsec.h.

◆ sai_get_ipsec_port_stats_fn

typedef sai_status_t(* sai_get_ipsec_port_stats_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids, _Out_ uint64_t *counters)

Get IPsec port counters.

Parameters

[in]	ipsec_port_id	IPsec port id
[in]	number_of_counters	Number of counters in the array
[in]	counter_ids	Specifies the array of counter ids
[out]	counters	Array of resulting counter values.

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 840 of file saiipsec.h.

◆ sai_get_ipsec_sa_attribute_fn

typedef sai_status_t(* sai_get_ipsec_sa_attribute_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)

Get IPsec Security Association attribute.

Parameters

[in]	ipsec_sa_id	IPsec Security Association id
[in]	attr_count	Number of attributes
[in,out]	attr_list	Array of attributes

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 925 of file saiipsec.h.

◆ sai_get_ipsec_sa_stats_ext_fn

typedef sai_status_t(* sai_get_ipsec_sa_stats_ext_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids, _In_ sai_stats_mode_t mode, _Out_ uint64_t *counters)

Get IPsec Security Association counters extended.

Parameters

[in]	ipsec_sa_id	IPsec Security Association id
[in]	number_of_counters	Number of counters in the array
[in]	counter_ids	Specifies the array of counter ids
[in]	mode	Should match SAI_IPSEC_ATTR_STATS_MODE
[out]	counters	Array of resulting counter values.

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 957 of file saiipsec.h.

◆ sai_get_ipsec_sa_stats_fn

typedef sai_status_t(* sai_get_ipsec_sa_stats_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids, _Out_ uint64_t *counters)

Get IPsec Security Association counters.

Parameters

[in]	ipsec_sa_id	IPsec Security Association id
[in]	number_of_counters	Number of counters in the array
[in]	counter_ids	Specifies the array of counter ids
[out]	counters	Array of resulting counter values.

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 940 of file saiipsec.h.

◆ sai_ipsec_sa_status_change_notification_fn

typedef void(* sai_ipsec_sa_status_change_notification_fn) (_In_ uint32_t count, _In_ const sai_ipsec_sa_status_notification_t *data)

IPsec SA status change notification.

Passed as a parameter into sai_initialize_switch()

Count:: data[count]

Parameters

[in]	count	Number of notifications
[in]	data	Array of notifications

Definition at line 988 of file saiipsec.h.

◆ sai_remove_ipsec_fn

typedef sai_status_t(* sai_remove_ipsec_fn) (_In_ sai_object_id_t ipsec_id)

Delete the IPsec object.

Parameters

[in] ipsec_id The IPsec object id associated with this switch/PHY

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 749 of file saiipsec.h.

◆ sai_remove_ipsec_port_fn

typedef sai_status_t(* sai_remove_ipsec_port_fn) (_In_ sai_object_id_t ipsec_port_id)

Delete a IPsec port.

Parameters

[in] ipsec_port_id The IPsec port id

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 801 of file saiipsec.h.

◆ sai_remove_ipsec_sa_fn

typedef sai_status_t(* sai_remove_ipsec_sa_fn) (_In_ sai_object_id_t ipsec_sa_id)

Delete a IPsec Security Association.

Parameters

[in] ipsec_sa_id The IPsec Security Association id

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 901 of file saiipsec.h.

◆ sai_set_ipsec_attribute_fn

typedef sai_status_t(* sai_set_ipsec_attribute_fn) (_In_ sai_object_id_t ipsec_id, _In_ const sai_attribute_t *attr)

Set IPsec attribute.

Parameters

[in]	ipsec_id	The IPsec object id associated with this switch/PHY
[in]	attr	Attribute

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 760 of file saiipsec.h.

◆ sai_set_ipsec_port_attribute_fn

typedef sai_status_t(* sai_set_ipsec_port_attribute_fn) (_In_ sai_object_id_t ipsec_port_id, _In_ const sai_attribute_t *attr)

Set IPsec port attribute.

Parameters

[in]	ipsec_port_id	The IPsec port id
[in]	attr	Attribute

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 812 of file saiipsec.h.

◆ sai_set_ipsec_sa_attribute_fn

typedef sai_status_t(* sai_set_ipsec_sa_attribute_fn) (_In_ sai_object_id_t ipsec_sa_id, _In_ const sai_attribute_t *attr)

Set IPsec Security Association attribute.

Parameters

[in]	ipsec_sa_id	The IPsec Security Association id
[in]	attr	Attribute

Returns: SAI_STATUS_SUCCESS on success, failure status code on error

Definition at line 912 of file saiipsec.h.

Enumeration Type Documentation

◆ _sai_ipsec_attr_t

enum _sai_ipsec_attr_t

Attribute Id for sai_ipsec.

Enumerator
SAI_IPSEC_ATTR_START	Start of IPsec attributes.
SAI_IPSEC_ATTR_TERM_REMOTE_IP_MATCH_SUPPORTED	Security Engine supports matching source IP address for tunnel termination. If false, source IP address cannot be checked before decryption. Value Type: bool Flags: READ_ONLY
SAI_IPSEC_ATTR_SWITCHING_MODE_CUT_THROUGH_SUPPORTED	SAI_SWITCH_SWITCHING_MODE_CUT_THROUGH supported. Value Type: bool Flags: READ_ONLY
SAI_IPSEC_ATTR_SWITCHING_MODE_STORE_AND_FORWARD_SUPPORTED	SAI_SWITCH_SWITCHING_MODE_STORE_AND_FORWARD supported. Value Type: bool Flags: READ_ONLY
SAI_IPSEC_ATTR_STATS_MODE_READ_SUPPORTED	SAI_STATS_MODE_READ supported. Value Type: bool Flags: READ_ONLY
SAI_IPSEC_ATTR_STATS_MODE_READ_CLEAR_SUPPORTED	SAI_STATS_MODE_READ_CLEAR supported. Value Type: bool Flags: READ_ONLY
SAI_IPSEC_ATTR_SN_32BIT_SUPPORTED	Indicates if 32-bit Sequence Number (SN) is supported. Value Type: bool Flags: READ_ONLY
SAI_IPSEC_ATTR_ESN_64BIT_SUPPORTED	Indicates if 64-bit Extended Sequence Number (ESN) is supported. Value Type: bool Flags: READ_ONLY
SAI_IPSEC_ATTR_SUPPORTED_CIPHER_LIST	List of supported cipher suites. Value Type: sai_s32_list_t sai_ipsec_cipher_t Flags: READ_ONLY
SAI_IPSEC_ATTR_SYSTEM_SIDE_MTU	IPsec MTU capability on system side (not including IPsec overhead). Value Type: sai_uint16_t Flags: READ_ONLY IsVlan: false
SAI_IPSEC_ATTR_WARM_BOOT_SUPPORTED	Warm boot is supported for all saiipsec objects. Value Type: bool Flags: READ_ONLY
SAI_IPSEC_ATTR_WARM_BOOT_ENABLE	If false, disables creation of saiipsec objects during warm-boot. Value Type: bool Flags: CREATE_AND_SET Default value: false
SAI_IPSEC_ATTR_EXTERNAL_SA_INDEX_ENABLE	If true, SA Index is assigned by NOS. If false, SA Index is assigned by IPsec SAI driver. Value Type: bool Flags: MANDATORY_ON_CREATE \| CREATE_ONLY
SAI_IPSEC_ATTR_CTAG_TPID	TPID value used to identify C-tag. Value Type: sai_uint16_t Flags: CREATE_AND_SET IsVlan: false Default value: 0x8100
SAI_IPSEC_ATTR_STAG_TPID	TPID value used to identify S-tag. Value Type: sai_uint16_t Flags: CREATE_AND_SET IsVlan: false Default value: 0x88A8
SAI_IPSEC_ATTR_MAX_VLAN_TAGS_PARSED	Maximum number of VLAN tags to parse. Value Type: sai_uint8_t Flags: CREATE_AND_SET Default value: 0
SAI_IPSEC_ATTR_OCTET_COUNT_HIGH_WATERMARK	High watermark for byte count. The sai_ipsec_sa_status changes when a new packet is processed and the per SA octet count crosses this watermark. This watermark is used even if only 1 watermark is needed. Value Type: sai_uint64_t Flags: CREATE_AND_SET Default value: 0
SAI_IPSEC_ATTR_OCTET_COUNT_LOW_WATERMARK	Low watermark for byte count. The sai_ipsec_sa_status changes when a new packet is processed and the per SA octet count crosses this watermark. This watermark is used only if 2 watermarks are needed. Value Type: sai_uint64_t Flags: CREATE_AND_SET Default value: 0
SAI_IPSEC_ATTR_STATS_MODE	Global setting of read-clear or read-only for statistics read. The mode parameter for get_ipsec_<foo>_stats_ext should match this. Value Type: sai_stats_mode_t Flags: CREATE_AND_SET Default value: SAI_STATS_MODE_READ_AND_CLEAR
SAI_IPSEC_ATTR_AVAILABLE_IPSEC_SA	Available IPsec Security Associations. Value Type: sai_uint32_t Flags: READ_ONLY
SAI_IPSEC_ATTR_SA_LIST	IPsec SA list. Value Type: sai_object_list_t Flags: READ_ONLY Allowed object types SAI_OBJECT_TYPE_IPSEC_SA
SAI_IPSEC_ATTR_END	End of IPsec attributes.
SAI_IPSEC_ATTR_CUSTOM_RANGE_START	Custom range base value.
SAI_IPSEC_ATTR_CUSTOM_RANGE_END	End of custom range base.

Definition at line 100 of file saiipsec.h.

◆ _sai_ipsec_cipher_t

enum _sai_ipsec_cipher_t

IPsec cipher suite types.

Definition at line 49 of file saiipsec.h.

◆ _sai_ipsec_direction_t

enum _sai_ipsec_direction_t

IPsec direction types For PHY ASIC Egress is system to line direction and ingress is the opposite.

Definition at line 40 of file saiipsec.h.

◆ _sai_ipsec_port_attr_t

enum _sai_ipsec_port_attr_t

Attribute Id for sai_ipsec_port.

Enumerator
SAI_IPSEC_PORT_ATTR_START	Start of IPsec Port attributes.
SAI_IPSEC_PORT_ATTR_PORT_ID	Associated port id. Value Type: sai_object_id_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY Allowed object types SAI_OBJECT_TYPE_PORT
SAI_IPSEC_PORT_ATTR_CTAG_ENABLE	Enable vlan tag parsing for C-tag TPID. Value Type: bool Flags: CREATE_AND_SET Default value: false
SAI_IPSEC_PORT_ATTR_STAG_ENABLE	Enable vlan tag parsing for S-tag TPID. Value Type: bool Flags: CREATE_AND_SET Default value: false
SAI_IPSEC_PORT_ATTR_NATIVE_VLAN_ID	Port native Vlan Id used for Security Engine SA termination. Value Type: sai_uint16_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY IsVlan: true
SAI_IPSEC_PORT_ATTR_VRF_FROM_PACKET_VLAN_ENABLE	Enable VRF identification from ingress parsed packet Vlan. False means only port native Vlan can be used for tunnel termination VRF. True means packet Vlan tag is also used. Value Type: bool Flags: CREATE_AND_SET Default value: false
SAI_IPSEC_PORT_ATTR_SWITCH_SWITCHING_MODE	Switching mode for port. If configured as cut-through, the IPG for Tx MAC in the switch ASIC has to be increased to accommodate the IPsec packet size expansion. Value Type: sai_switch_switching_mode_t Flags: CREATE_AND_SET Default value: SAI_SWITCH_SWITCHING_MODE_CUT_THROUGH
SAI_IPSEC_PORT_ATTR_END	End of IPsec Port attributes.
SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_START	Custom range base value.
SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_END	End of custom range base.

Definition at line 309 of file saiipsec.h.

◆ _sai_ipsec_port_stat_t

enum _sai_ipsec_port_stat_t

IPsec flow counter IDs in sai_get_ipsec_sa_stats() call.

Enumerator
SAI_IPSEC_PORT_STAT_TX_ERROR_PKTS	Packets dropped after receive MAC and before IPsec SA processing. This could be due to malformed header, buffer overrun, etc.
SAI_IPSEC_PORT_STAT_TX_IPSEC_PKTS	Packets mapped to an SA for IPsec processing.
SAI_IPSEC_PORT_STAT_TX_NON_IPSEC_PKTS	Non-IPsec packets that pass through this port.
SAI_IPSEC_PORT_STAT_RX_ERROR_PKTS	Packets dropped after receive MAC and before IPsec SA processing. This could be due to malformed header, buffer overrun, etc.
SAI_IPSEC_PORT_STAT_RX_IPSEC_PKTS	Packets mapped to an SA for IPsec processing.
SAI_IPSEC_PORT_STAT_RX_NON_IPSEC_PKTS	Non-IPsec packets that pass through this port.

Definition at line 394 of file saiipsec.h.

◆ _sai_ipsec_sa_attr_t

enum _sai_ipsec_sa_attr_t

Attribute Id for sai_ipsec_sa.

Enumerator
SAI_IPSEC_SA_ATTR_START	Start of IPsec Security Association attributes.
SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION	IPsec direction. Value Type: sai_ipsec_direction_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY
SAI_IPSEC_SA_ATTR_IPSEC_ID	IPsec object id. Value Type: sai_object_id_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY Allowed object types SAI_OBJECT_TYPE_IPSEC
SAI_IPSEC_SA_ATTR_OCTET_COUNT_STATUS	SA byte count status. Value Type: sai_ipsec_sa_octet_count_status_t Flags: READ_ONLY
SAI_IPSEC_SA_ATTR_EXTERNAL_SA_INDEX	Externally assigned SA Index value for this Security Association. Used only when SAI_IPSEC_ATTR_EXTERNAL_SA_INDEX_ENABLE == true. Value Type: sai_uint32_t Flags: CREATE_AND_SET Default value: 0
SAI_IPSEC_SA_ATTR_SA_INDEX	SA Index value for this Security Association. Value Type: sai_uint32_t Flags: READ_ONLY
SAI_IPSEC_SA_ATTR_IPSEC_PORT_LIST	List of IPsec ports for this SA. Value Type: sai_object_list_t Flags: CREATE_AND_SET Allowed object types SAI_OBJECT_TYPE_IPSEC_PORT Default value: empty
SAI_IPSEC_SA_ATTR_IPSEC_SPI	SPI value for this Security Association, carried in ESP header. Value Type: sai_uint32_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY
SAI_IPSEC_SA_ATTR_IPSEC_ESN_ENABLE	Enable 64-bit ESN (vs 32-bit SN) for this Security Association. Value Type: bool Flags: CREATE_ONLY Default value: true
SAI_IPSEC_SA_ATTR_IPSEC_CIPHER	Cipher suite for this SA. Value Type: sai_ipsec_cipher_t Flags: CREATE_ONLY Default value: SAI_IPSEC_CIPHER_AES256_GCM16
SAI_IPSEC_SA_ATTR_ENCRYPT_KEY	IPsec Traffic Encryption Key used for encryption/decryption. Network Byte order. AES128 uses only Bytes 16..31. Value Type: sai_encrypt_key_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY
SAI_IPSEC_SA_ATTR_SALT	IPsec Salt portion of IV Network Byte order. Value Type: sai_uint32_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY
SAI_IPSEC_SA_ATTR_AUTH_KEY	IPsec Authentication Key Network Byte order. Value Type: sai_auth_key_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY
SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_ENABLE	Replay protection enable for this Security Association. Value Type: bool Flags: CREATE_AND_SET Default value: false Valid only when: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_INGRESS
SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_WINDOW	Replay protection window for this Security Association. Value Type: sai_uint32_t Flags: CREATE_AND_SET Default value: 0 Valid only when: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_INGRESS
SAI_IPSEC_SA_ATTR_TERM_DST_IP	SA local IP address for tunnel termination. Value Type: sai_ip_address_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY Condition: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_INGRESS
SAI_IPSEC_SA_ATTR_TERM_VLAN_ID_ENABLE	Match Vlan Id for tunnel termination. Value Type: bool Flags: CREATE_ONLY Default value: false Valid only when: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_INGRESS
SAI_IPSEC_SA_ATTR_TERM_VLAN_ID	Vlan Id for tunnel termination. Value Type: sai_uint16_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY IsVlan: true Condition: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_INGRESS and SAI_IPSEC_SA_ATTR_TERM_VLAN_ID_ENABLE == true
SAI_IPSEC_SA_ATTR_TERM_SRC_IP_ENABLE	Match remote IP address for tunnel termination. Value Type: bool Flags: CREATE_ONLY Default value: false Valid only when: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_INGRESS
SAI_IPSEC_SA_ATTR_TERM_SRC_IP	Remote IP address for tunnel termination. Value Type: sai_ip_address_t Flags: MANDATORY_ON_CREATE \| CREATE_ONLY Condition: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_INGRESS and SAI_IPSEC_SA_ATTR_TERM_SRC_IP_ENABLE == true
SAI_IPSEC_SA_ATTR_EGRESS_ESN	IPsec egress sequence number (SN). One less than the next SN. Value Type: sai_uint64_t Flags: CREATE_AND_SET Default value: 0 Valid only when: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_EGRESS
SAI_IPSEC_SA_ATTR_MINIMUM_INGRESS_ESN	Minimum value of ingress IPsec sequence number (SN). Can be Updated by value from IPsec peer for gross level delay prevention. Value Type: sai_uint64_t Flags: CREATE_AND_SET Default value: 1 Valid only when: SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION == SAI_IPSEC_DIRECTION_INGRESS
SAI_IPSEC_SA_ATTR_END	End of IPsec Security Association attributes.
SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_START	Custom range base value.
SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_END	End of custom range base.

Definition at line 432 of file saiipsec.h.

◆ _sai_ipsec_sa_octet_count_status_t

enum _sai_ipsec_sa_octet_count_status_t

IPsec SA sequence number status type.

Enumerator
SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_LOW_WATERMARK	SA byte count below lower of 2 watermarks
SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_HIGH_WATERMARK	SA byte count below higher of 2 watermarks
SAI_IPSEC_SA_OCTET_COUNT_STATUS_ABOVE_HIGH_WATERMARK	SA byte count above higher of 2 watermarks

Definition at line 60 of file saiipsec.h.

◆ _sai_ipsec_sa_stat_t

enum _sai_ipsec_sa_stat_t

IPsec flow counter IDs in sai_get_ipsec_sa_stats() call.

Enumerator
SAI_IPSEC_SA_STAT_PROTECTED_OCTETS	Total octets in all Ethernet frames processed by this SA.
SAI_IPSEC_SA_STAT_PROTECTED_PKTS	Count of Ethernet frames processed by this SA. This should normally be the sum of all the good and error packets for this SA.
SAI_IPSEC_SA_STAT_GOOD_PKTS	Count of validated error-free received (ingress) packets for this SA. Valid only for ingress, always returns 0 for egress.
SAI_IPSEC_SA_STAT_BAD_HEADER_PKTS_IN	Count of packets with bad header for this SA. This could be due the packet header being different from the format expected for this SA. Valid only for ingress, always returns 0 for egress.
SAI_IPSEC_SA_STAT_REPLAYED_PKTS_IN	Count of replayed packets. This also includes late packets if the hardware does not provide a separate counter for late packets. Valid only for ingress, always returns 0 for egress.
SAI_IPSEC_SA_STAT_LATE_PKTS_IN	Count of packets outside the replay window. Always 0 if the hardware does not provide a separate counter for late packets. Valid only for ingress, always returns 0 for egress.
SAI_IPSEC_SA_STAT_BAD_TRAILER_PKTS_IN	Count of packets with bad trailer. This could be due to insufficient or invalid padding, etc. For cut-through switching, this drop would normally be implemented as CRC corruption. Valid only for ingress, always returns 0 for egress.
SAI_IPSEC_SA_STAT_AUTH_FAIL_PKTS_IN	Count of packets with authentication and integrity failure For cut-through switching, this drop would normally be implemented as CRC corruption. Valid only for ingress, always returns 0 for egress.
SAI_IPSEC_SA_STAT_DUMMY_DROPPED_PKTS_IN	Count of dummy packets dropped by IPsec logic. These are packets with 59 as the next header field value in IPsec trailer. For cut-through switching, this drop would normally be implemented as CRC corruption. Valid only for ingress, always returns 0 for egress.
SAI_IPSEC_SA_STAT_OTHER_DROPPED_PKTS	Count of other packets dropped by IPsec logic. This could be due to not programmed or incorrectly programmed SA, MTU violation, etc.

Definition at line 653 of file saiipsec.h.

Classes

Typedefs

Enumerations

Detailed Description

Typedef Documentation

◆ sai_clear_ipsec_port_stats_fn

◆ sai_clear_ipsec_sa_stats_fn

◆ sai_create_ipsec_fn

◆ sai_create_ipsec_port_fn

◆ sai_create_ipsec_sa_fn

◆ sai_get_ipsec_attribute_fn

◆ sai_get_ipsec_port_attribute_fn

◆ sai_get_ipsec_port_stats_ext_fn

◆ sai_get_ipsec_port_stats_fn

◆ sai_get_ipsec_sa_attribute_fn

◆ sai_get_ipsec_sa_stats_ext_fn

◆ sai_get_ipsec_sa_stats_fn

◆ sai_ipsec_sa_status_change_notification_fn

◆ sai_remove_ipsec_fn

◆ sai_remove_ipsec_port_fn

◆ sai_remove_ipsec_sa_fn

◆ sai_set_ipsec_attribute_fn

◆ sai_set_ipsec_port_attribute_fn

◆ sai_set_ipsec_sa_attribute_fn

Enumeration Type Documentation

◆ _sai_ipsec_attr_t

◆ _sai_ipsec_cipher_t

◆ _sai_ipsec_direction_t

◆ _sai_ipsec_port_attr_t

◆ _sai_ipsec_port_stat_t

◆ _sai_ipsec_sa_attr_t

◆ _sai_ipsec_sa_octet_count_status_t

◆ _sai_ipsec_sa_stat_t