SAI Metadata
Loading...
Searching...
No Matches
saiipsec.h
Go to the documentation of this file.
1
25#if !defined (__SAIIPSEC_H_)
26#define __SAIIPSEC_H_
27
28#include <saitypes.h>
29
40typedef enum _sai_ipsec_direction_t
41{
42 SAI_IPSEC_DIRECTION_EGRESS,
43 SAI_IPSEC_DIRECTION_INGRESS,
44} sai_ipsec_direction_t;
45
49typedef enum _sai_ipsec_cipher_t
50{
51 SAI_IPSEC_CIPHER_AES128_GCM16,
52 SAI_IPSEC_CIPHER_AES256_GCM16,
53 SAI_IPSEC_CIPHER_AES128_GMAC,
54 SAI_IPSEC_CIPHER_AES256_GMAC,
55} sai_ipsec_cipher_t;
56
60typedef enum _sai_ipsec_sa_octet_count_status_t
61{
63 SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_LOW_WATERMARK,
64
66 SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_HIGH_WATERMARK,
67
69 SAI_IPSEC_SA_OCTET_COUNT_STATUS_ABOVE_HIGH_WATERMARK,
70
71} sai_ipsec_sa_octet_count_status_t;
72
76typedef struct _sai_ipsec_sa_status_notification_t
77{
83 sai_object_id_t ipsec_sa_id;
84
88 sai_ipsec_sa_octet_count_status_t ipsec_sa_octet_count_status;
89
93 bool ipsec_egress_sn_at_max_limit;
94
95} sai_ipsec_sa_status_notification_t;
96
100typedef enum _sai_ipsec_attr_t
101{
105 SAI_IPSEC_ATTR_START,
106
115 SAI_IPSEC_ATTR_TERM_REMOTE_IP_MATCH_SUPPORTED = SAI_IPSEC_ATTR_START,
116
123 SAI_IPSEC_ATTR_SWITCHING_MODE_CUT_THROUGH_SUPPORTED,
124
131 SAI_IPSEC_ATTR_SWITCHING_MODE_STORE_AND_FORWARD_SUPPORTED,
132
139 SAI_IPSEC_ATTR_STATS_MODE_READ_SUPPORTED,
140
147 SAI_IPSEC_ATTR_STATS_MODE_READ_CLEAR_SUPPORTED,
148
155 SAI_IPSEC_ATTR_SN_32BIT_SUPPORTED,
156
163 SAI_IPSEC_ATTR_ESN_64BIT_SUPPORTED,
164
171 SAI_IPSEC_ATTR_SUPPORTED_CIPHER_LIST,
172
180 SAI_IPSEC_ATTR_SYSTEM_SIDE_MTU,
181
188 SAI_IPSEC_ATTR_WARM_BOOT_SUPPORTED,
189
197 SAI_IPSEC_ATTR_WARM_BOOT_ENABLE,
198
206 SAI_IPSEC_ATTR_EXTERNAL_SA_INDEX_ENABLE,
207
216 SAI_IPSEC_ATTR_CTAG_TPID,
217
226 SAI_IPSEC_ATTR_STAG_TPID,
227
235 SAI_IPSEC_ATTR_MAX_VLAN_TAGS_PARSED,
236
248 SAI_IPSEC_ATTR_OCTET_COUNT_HIGH_WATERMARK,
249
261 SAI_IPSEC_ATTR_OCTET_COUNT_LOW_WATERMARK,
262
271 SAI_IPSEC_ATTR_STATS_MODE,
272
279 SAI_IPSEC_ATTR_AVAILABLE_IPSEC_SA,
280
288 SAI_IPSEC_ATTR_SA_LIST,
289
293 SAI_IPSEC_ATTR_END,
294
298 SAI_IPSEC_ATTR_CUSTOM_RANGE_START = 0x10000000,
299
303 SAI_IPSEC_ATTR_CUSTOM_RANGE_END
304} sai_ipsec_attr_t;
305
309typedef enum _sai_ipsec_port_attr_t
310{
314 SAI_IPSEC_PORT_ATTR_START,
315
323 SAI_IPSEC_PORT_ATTR_PORT_ID = SAI_IPSEC_PORT_ATTR_START,
324
332 SAI_IPSEC_PORT_ATTR_CTAG_ENABLE,
333
341 SAI_IPSEC_PORT_ATTR_STAG_ENABLE,
342
350 SAI_IPSEC_PORT_ATTR_NATIVE_VLAN_ID,
351
362 SAI_IPSEC_PORT_ATTR_VRF_FROM_PACKET_VLAN_ENABLE,
363
373 SAI_IPSEC_PORT_ATTR_SWITCH_SWITCHING_MODE,
374
378 SAI_IPSEC_PORT_ATTR_END,
379
383 SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_START = 0x10000000,
384
388 SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_END
389} sai_ipsec_port_attr_t;
390
394typedef enum _sai_ipsec_port_stat_t
395{
400 SAI_IPSEC_PORT_STAT_TX_ERROR_PKTS,
401
405 SAI_IPSEC_PORT_STAT_TX_IPSEC_PKTS,
406
410 SAI_IPSEC_PORT_STAT_TX_NON_IPSEC_PKTS,
411
416 SAI_IPSEC_PORT_STAT_RX_ERROR_PKTS,
417
421 SAI_IPSEC_PORT_STAT_RX_IPSEC_PKTS,
422
426 SAI_IPSEC_PORT_STAT_RX_NON_IPSEC_PKTS,
427} sai_ipsec_port_stat_t;
428
432typedef enum _sai_ipsec_sa_attr_t
433{
437 SAI_IPSEC_SA_ATTR_START,
438
445 SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION = SAI_IPSEC_SA_ATTR_START,
446
454 SAI_IPSEC_SA_ATTR_IPSEC_ID,
455
462 SAI_IPSEC_SA_ATTR_OCTET_COUNT_STATUS,
463
472 SAI_IPSEC_SA_ATTR_EXTERNAL_SA_INDEX,
473
480 SAI_IPSEC_SA_ATTR_SA_INDEX,
481
490 SAI_IPSEC_SA_ATTR_IPSEC_PORT_LIST,
491
498 SAI_IPSEC_SA_ATTR_IPSEC_SPI,
499
507 SAI_IPSEC_SA_ATTR_IPSEC_ESN_ENABLE,
508
516 SAI_IPSEC_SA_ATTR_IPSEC_CIPHER,
517
525 SAI_IPSEC_SA_ATTR_ENCRYPT_KEY,
526
534 SAI_IPSEC_SA_ATTR_SALT,
535
543 SAI_IPSEC_SA_ATTR_AUTH_KEY,
544
553 SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_ENABLE,
554
563 SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_WINDOW,
564
572 SAI_IPSEC_SA_ATTR_TERM_DST_IP,
573
582 SAI_IPSEC_SA_ATTR_TERM_VLAN_ID_ENABLE,
583
592 SAI_IPSEC_SA_ATTR_TERM_VLAN_ID,
593
602 SAI_IPSEC_SA_ATTR_TERM_SRC_IP_ENABLE,
603
611 SAI_IPSEC_SA_ATTR_TERM_SRC_IP,
612
621 SAI_IPSEC_SA_ATTR_EGRESS_ESN,
622
632 SAI_IPSEC_SA_ATTR_MINIMUM_INGRESS_ESN,
633
637 SAI_IPSEC_SA_ATTR_END,
638
642 SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_START = 0x10000000,
643
647 SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_END
648} sai_ipsec_sa_attr_t;
649
653typedef enum _sai_ipsec_sa_stat_t
654{
658 SAI_IPSEC_SA_STAT_PROTECTED_OCTETS,
659
664 SAI_IPSEC_SA_STAT_PROTECTED_PKTS,
665
671 SAI_IPSEC_SA_STAT_GOOD_PKTS,
672
678 SAI_IPSEC_SA_STAT_BAD_HEADER_PKTS_IN,
679
685 SAI_IPSEC_SA_STAT_REPLAYED_PKTS_IN,
686
692 SAI_IPSEC_SA_STAT_LATE_PKTS_IN,
693
700 SAI_IPSEC_SA_STAT_BAD_TRAILER_PKTS_IN,
701
708 SAI_IPSEC_SA_STAT_AUTH_FAIL_PKTS_IN,
709
717 SAI_IPSEC_SA_STAT_DUMMY_DROPPED_PKTS_IN,
718
723 SAI_IPSEC_SA_STAT_OTHER_DROPPED_PKTS,
724} sai_ipsec_sa_stat_t;
725
736typedef sai_status_t (*sai_create_ipsec_fn)(
737 _Out_ sai_object_id_t *ipsec_id,
738 _In_ sai_object_id_t switch_id,
739 _In_ uint32_t attr_count,
740 _In_ const sai_attribute_t *attr_list);
741
749typedef sai_status_t (*sai_remove_ipsec_fn)(
750 _In_ sai_object_id_t ipsec_id);
751
760typedef sai_status_t (*sai_set_ipsec_attribute_fn)(
761 _In_ sai_object_id_t ipsec_id,
762 _In_ const sai_attribute_t *attr);
763
773typedef sai_status_t (*sai_get_ipsec_attribute_fn)(
774 _In_ sai_object_id_t ipsec_id,
775 _In_ uint32_t attr_count,
776 _Inout_ sai_attribute_t *attr_list);
777
788typedef sai_status_t (*sai_create_ipsec_port_fn)(
789 _Out_ sai_object_id_t *ipsec_port_id,
790 _In_ sai_object_id_t switch_id,
791 _In_ uint32_t attr_count,
792 _In_ const sai_attribute_t *attr_list);
793
801typedef sai_status_t (*sai_remove_ipsec_port_fn)(
802 _In_ sai_object_id_t ipsec_port_id);
803
812typedef sai_status_t (*sai_set_ipsec_port_attribute_fn)(
813 _In_ sai_object_id_t ipsec_port_id,
814 _In_ const sai_attribute_t *attr);
815
825typedef sai_status_t (*sai_get_ipsec_port_attribute_fn)(
826 _In_ sai_object_id_t ipsec_port_id,
827 _In_ uint32_t attr_count,
828 _Inout_ sai_attribute_t *attr_list);
829
840typedef sai_status_t (*sai_get_ipsec_port_stats_fn)(
841 _In_ sai_object_id_t ipsec_port_id,
842 _In_ uint32_t number_of_counters,
843 _In_ const sai_stat_id_t *counter_ids,
844 _Out_ uint64_t *counters);
845
857typedef sai_status_t (*sai_get_ipsec_port_stats_ext_fn)(
858 _In_ sai_object_id_t ipsec_port_id,
859 _In_ uint32_t number_of_counters,
860 _In_ const sai_stat_id_t *counter_ids,
861 _In_ sai_stats_mode_t mode,
862 _Out_ uint64_t *counters);
863
873typedef sai_status_t (*sai_clear_ipsec_port_stats_fn)(
874 _In_ sai_object_id_t ipsec_port_id,
875 _In_ uint32_t number_of_counters,
876 _In_ const sai_stat_id_t *counter_ids);
877
888typedef sai_status_t (*sai_create_ipsec_sa_fn)(
889 _Out_ sai_object_id_t *ipsec_sa_id,
890 _In_ sai_object_id_t switch_id,
891 _In_ uint32_t attr_count,
892 _In_ const sai_attribute_t *attr_list);
893
901typedef sai_status_t (*sai_remove_ipsec_sa_fn)(
902 _In_ sai_object_id_t ipsec_sa_id);
903
912typedef sai_status_t (*sai_set_ipsec_sa_attribute_fn)(
913 _In_ sai_object_id_t ipsec_sa_id,
914 _In_ const sai_attribute_t *attr);
915
925typedef sai_status_t (*sai_get_ipsec_sa_attribute_fn)(
926 _In_ sai_object_id_t ipsec_sa_id,
927 _In_ uint32_t attr_count,
928 _Inout_ sai_attribute_t *attr_list);
929
940typedef sai_status_t (*sai_get_ipsec_sa_stats_fn)(
941 _In_ sai_object_id_t ipsec_sa_id,
942 _In_ uint32_t number_of_counters,
943 _In_ const sai_stat_id_t *counter_ids,
944 _Out_ uint64_t *counters);
945
957typedef sai_status_t (*sai_get_ipsec_sa_stats_ext_fn)(
958 _In_ sai_object_id_t ipsec_sa_id,
959 _In_ uint32_t number_of_counters,
960 _In_ const sai_stat_id_t *counter_ids,
961 _In_ sai_stats_mode_t mode,
962 _Out_ uint64_t *counters);
963
973typedef sai_status_t (*sai_clear_ipsec_sa_stats_fn)(
974 _In_ sai_object_id_t ipsec_sa_id,
975 _In_ uint32_t number_of_counters,
976 _In_ const sai_stat_id_t *counter_ids);
977
988typedef void (*sai_ipsec_sa_status_change_notification_fn)(
989 _In_ uint32_t count,
990 _In_ const sai_ipsec_sa_status_notification_t *data);
991
995typedef struct _sai_ipsec_api_t
996{
997 sai_create_ipsec_fn create_ipsec;
998 sai_remove_ipsec_fn remove_ipsec;
999 sai_set_ipsec_attribute_fn set_ipsec_attribute;
1000 sai_get_ipsec_attribute_fn get_ipsec_attribute;
1001 sai_create_ipsec_port_fn create_ipsec_port;
1002 sai_remove_ipsec_port_fn remove_ipsec_port;
1003 sai_set_ipsec_port_attribute_fn set_ipsec_port_attribute;
1004 sai_get_ipsec_port_attribute_fn get_ipsec_port_attribute;
1005 sai_get_ipsec_port_stats_fn get_ipsec_port_stats;
1006 sai_get_ipsec_port_stats_ext_fn get_ipsec_port_stats_ext;
1007 sai_clear_ipsec_port_stats_fn clear_ipsec_port_stats;
1008 sai_create_ipsec_sa_fn create_ipsec_sa;
1009 sai_remove_ipsec_sa_fn remove_ipsec_sa;
1010 sai_set_ipsec_sa_attribute_fn set_ipsec_sa_attribute;
1011 sai_get_ipsec_sa_attribute_fn get_ipsec_sa_attribute;
1012 sai_get_ipsec_sa_stats_fn get_ipsec_sa_stats;
1013 sai_get_ipsec_sa_stats_ext_fn get_ipsec_sa_stats_ext;
1014 sai_clear_ipsec_sa_stats_fn clear_ipsec_sa_stats;
1015} sai_ipsec_api_t;
1016
1020#endif
sai_ipsec_port_attr_t
enum _sai_ipsec_port_attr_t sai_ipsec_port_attr_t
Attribute Id for sai_ipsec_port.
_sai_ipsec_attr_t
_sai_ipsec_attr_t
Attribute Id for sai_ipsec.
Definition saiipsec.h:101
sai_remove_ipsec_fn
sai_status_t(* sai_remove_ipsec_fn)(_In_ sai_object_id_t ipsec_id)
Delete the IPsec object.
Definition saiipsec.h:749
sai_ipsec_sa_stat_t
enum _sai_ipsec_sa_stat_t sai_ipsec_sa_stat_t
IPsec flow counter IDs in sai_get_ipsec_sa_stats() call.
sai_set_ipsec_attribute_fn
sai_status_t(* sai_set_ipsec_attribute_fn)(_In_ sai_object_id_t ipsec_id, _In_ const sai_attribute_t *attr)
Set IPsec attribute.
Definition saiipsec.h:760
_sai_ipsec_sa_octet_count_status_t
_sai_ipsec_sa_octet_count_status_t
IPsec SA sequence number status type.
Definition saiipsec.h:61
_sai_ipsec_sa_stat_t
_sai_ipsec_sa_stat_t
IPsec flow counter IDs in sai_get_ipsec_sa_stats() call.
Definition saiipsec.h:654
sai_set_ipsec_sa_attribute_fn
sai_status_t(* sai_set_ipsec_sa_attribute_fn)(_In_ sai_object_id_t ipsec_sa_id, _In_ const sai_attribute_t *attr)
Set IPsec Security Association attribute.
Definition saiipsec.h:912
sai_create_ipsec_fn
sai_status_t(* sai_create_ipsec_fn)(_Out_ sai_object_id_t *ipsec_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t *attr_list)
Create a IPsec object.
Definition saiipsec.h:736
sai_ipsec_sa_status_notification_t
struct _sai_ipsec_sa_status_notification_t sai_ipsec_sa_status_notification_t
IPsec SA status for notification.
sai_ipsec_attr_t
enum _sai_ipsec_attr_t sai_ipsec_attr_t
Attribute Id for sai_ipsec.
sai_get_ipsec_sa_stats_fn
sai_status_t(* sai_get_ipsec_sa_stats_fn)(_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids, _Out_ uint64_t *counters)
Get IPsec Security Association counters.
Definition saiipsec.h:940
sai_ipsec_api_t
struct _sai_ipsec_api_t sai_ipsec_api_t
IPsec methods table retrieved with sai_api_query()
sai_get_ipsec_attribute_fn
sai_status_t(* sai_get_ipsec_attribute_fn)(_In_ sai_object_id_t ipsec_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)
Get IPsec attribute.
Definition saiipsec.h:773
sai_get_ipsec_sa_attribute_fn
sai_status_t(* sai_get_ipsec_sa_attribute_fn)(_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)
Get IPsec Security Association attribute.
Definition saiipsec.h:925
sai_get_ipsec_port_attribute_fn
sai_status_t(* sai_get_ipsec_port_attribute_fn)(_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t attr_count, _Inout_ sai_attribute_t *attr_list)
Get IPsec port attribute.
Definition saiipsec.h:825
_sai_ipsec_sa_attr_t
_sai_ipsec_sa_attr_t
Attribute Id for sai_ipsec_sa.
Definition saiipsec.h:433
sai_ipsec_direction_t
enum _sai_ipsec_direction_t sai_ipsec_direction_t
IPsec direction types For PHY ASIC Egress is system to line direction and ingress is the opposite.
sai_get_ipsec_port_stats_ext_fn
sai_status_t(* sai_get_ipsec_port_stats_ext_fn)(_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids, _In_ sai_stats_mode_t mode, _Out_ uint64_t *counters)
Get IPsec port counters extended.
Definition saiipsec.h:857
sai_create_ipsec_sa_fn
sai_status_t(* sai_create_ipsec_sa_fn)(_Out_ sai_object_id_t *ipsec_sa_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t *attr_list)
Create a IPsec Security Association.
Definition saiipsec.h:888
_sai_ipsec_port_attr_t
_sai_ipsec_port_attr_t
Attribute Id for sai_ipsec_port.
Definition saiipsec.h:310
sai_create_ipsec_port_fn
sai_status_t(* sai_create_ipsec_port_fn)(_Out_ sai_object_id_t *ipsec_port_id, _In_ sai_object_id_t switch_id, _In_ uint32_t attr_count, _In_ const sai_attribute_t *attr_list)
Create a IPsec port.
Definition saiipsec.h:788
sai_ipsec_sa_attr_t
enum _sai_ipsec_sa_attr_t sai_ipsec_sa_attr_t
Attribute Id for sai_ipsec_sa.
sai_clear_ipsec_port_stats_fn
sai_status_t(* sai_clear_ipsec_port_stats_fn)(_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids)
Clear IPsec port counters.
Definition saiipsec.h:873
sai_remove_ipsec_sa_fn
sai_status_t(* sai_remove_ipsec_sa_fn)(_In_ sai_object_id_t ipsec_sa_id)
Delete a IPsec Security Association.
Definition saiipsec.h:901
sai_set_ipsec_port_attribute_fn
sai_status_t(* sai_set_ipsec_port_attribute_fn)(_In_ sai_object_id_t ipsec_port_id, _In_ const sai_attribute_t *attr)
Set IPsec port attribute.
Definition saiipsec.h:812
_sai_ipsec_cipher_t
_sai_ipsec_cipher_t
IPsec cipher suite types.
Definition saiipsec.h:50
sai_ipsec_cipher_t
enum _sai_ipsec_cipher_t sai_ipsec_cipher_t
IPsec cipher suite types.
sai_get_ipsec_port_stats_fn
sai_status_t(* sai_get_ipsec_port_stats_fn)(_In_ sai_object_id_t ipsec_port_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids, _Out_ uint64_t *counters)
Get IPsec port counters.
Definition saiipsec.h:840
sai_get_ipsec_sa_stats_ext_fn
sai_status_t(* sai_get_ipsec_sa_stats_ext_fn)(_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids, _In_ sai_stats_mode_t mode, _Out_ uint64_t *counters)
Get IPsec Security Association counters extended.
Definition saiipsec.h:957
_sai_ipsec_port_stat_t
_sai_ipsec_port_stat_t
IPsec flow counter IDs in sai_get_ipsec_sa_stats() call.
Definition saiipsec.h:395
sai_remove_ipsec_port_fn
sai_status_t(* sai_remove_ipsec_port_fn)(_In_ sai_object_id_t ipsec_port_id)
Delete a IPsec port.
Definition saiipsec.h:801
_sai_ipsec_direction_t
_sai_ipsec_direction_t
IPsec direction types For PHY ASIC Egress is system to line direction and ingress is the opposite.
Definition saiipsec.h:41
sai_clear_ipsec_sa_stats_fn
sai_status_t(* sai_clear_ipsec_sa_stats_fn)(_In_ sai_object_id_t ipsec_sa_id, _In_ uint32_t number_of_counters, _In_ const sai_stat_id_t *counter_ids)
Clear IPsec Security Association counters.
Definition saiipsec.h:973
sai_ipsec_port_stat_t
enum _sai_ipsec_port_stat_t sai_ipsec_port_stat_t
IPsec flow counter IDs in sai_get_ipsec_sa_stats() call.
sai_ipsec_sa_octet_count_status_t
enum _sai_ipsec_sa_octet_count_status_t sai_ipsec_sa_octet_count_status_t
IPsec SA sequence number status type.
sai_ipsec_sa_status_change_notification_fn
void(* sai_ipsec_sa_status_change_notification_fn)(_In_ uint32_t count, _In_ const sai_ipsec_sa_status_notification_t *data)
IPsec SA status change notification.
Definition saiipsec.h:988
SAI_IPSEC_ATTR_TERM_REMOTE_IP_MATCH_SUPPORTED
@ SAI_IPSEC_ATTR_TERM_REMOTE_IP_MATCH_SUPPORTED
Security Engine supports matching source IP address for tunnel termination.
Definition saiipsec.h:115
SAI_IPSEC_ATTR_STATS_MODE_READ_CLEAR_SUPPORTED
@ SAI_IPSEC_ATTR_STATS_MODE_READ_CLEAR_SUPPORTED
SAI_STATS_MODE_READ_CLEAR supported.
Definition saiipsec.h:147
SAI_IPSEC_ATTR_MAX_VLAN_TAGS_PARSED
@ SAI_IPSEC_ATTR_MAX_VLAN_TAGS_PARSED
Maximum number of VLAN tags to parse.
Definition saiipsec.h:235
SAI_IPSEC_ATTR_SYSTEM_SIDE_MTU
@ SAI_IPSEC_ATTR_SYSTEM_SIDE_MTU
IPsec MTU capability on system side (not including IPsec overhead).
Definition saiipsec.h:180
SAI_IPSEC_ATTR_STATS_MODE_READ_SUPPORTED
@ SAI_IPSEC_ATTR_STATS_MODE_READ_SUPPORTED
SAI_STATS_MODE_READ supported.
Definition saiipsec.h:139
SAI_IPSEC_ATTR_START
@ SAI_IPSEC_ATTR_START
Start of IPsec attributes.
Definition saiipsec.h:105
SAI_IPSEC_ATTR_OCTET_COUNT_HIGH_WATERMARK
@ SAI_IPSEC_ATTR_OCTET_COUNT_HIGH_WATERMARK
High watermark for byte count.
Definition saiipsec.h:248
SAI_IPSEC_ATTR_WARM_BOOT_ENABLE
@ SAI_IPSEC_ATTR_WARM_BOOT_ENABLE
If false, disables creation of saiipsec objects during warm-boot.
Definition saiipsec.h:197
SAI_IPSEC_ATTR_SUPPORTED_CIPHER_LIST
@ SAI_IPSEC_ATTR_SUPPORTED_CIPHER_LIST
List of supported cipher suites.
Definition saiipsec.h:171
SAI_IPSEC_ATTR_SWITCHING_MODE_CUT_THROUGH_SUPPORTED
@ SAI_IPSEC_ATTR_SWITCHING_MODE_CUT_THROUGH_SUPPORTED
SAI_SWITCH_SWITCHING_MODE_CUT_THROUGH supported.
Definition saiipsec.h:123
SAI_IPSEC_ATTR_EXTERNAL_SA_INDEX_ENABLE
@ SAI_IPSEC_ATTR_EXTERNAL_SA_INDEX_ENABLE
If true, SA Index is assigned by NOS. If false, SA Index is assigned by IPsec SAI driver.
Definition saiipsec.h:206
SAI_IPSEC_ATTR_ESN_64BIT_SUPPORTED
@ SAI_IPSEC_ATTR_ESN_64BIT_SUPPORTED
Indicates if 64-bit Extended Sequence Number (ESN) is supported.
Definition saiipsec.h:163
SAI_IPSEC_ATTR_WARM_BOOT_SUPPORTED
@ SAI_IPSEC_ATTR_WARM_BOOT_SUPPORTED
Warm boot is supported for all saiipsec objects.
Definition saiipsec.h:188
SAI_IPSEC_ATTR_SA_LIST
@ SAI_IPSEC_ATTR_SA_LIST
IPsec SA list.
Definition saiipsec.h:288
SAI_IPSEC_ATTR_OCTET_COUNT_LOW_WATERMARK
@ SAI_IPSEC_ATTR_OCTET_COUNT_LOW_WATERMARK
Low watermark for byte count.
Definition saiipsec.h:261
SAI_IPSEC_ATTR_STATS_MODE
@ SAI_IPSEC_ATTR_STATS_MODE
Global setting of read-clear or read-only for statistics read. The mode parameter for get_ipsec_<foo>...
Definition saiipsec.h:271
SAI_IPSEC_ATTR_CTAG_TPID
@ SAI_IPSEC_ATTR_CTAG_TPID
TPID value used to identify C-tag.
Definition saiipsec.h:216
SAI_IPSEC_ATTR_END
@ SAI_IPSEC_ATTR_END
End of IPsec attributes.
Definition saiipsec.h:293
SAI_IPSEC_ATTR_SN_32BIT_SUPPORTED
@ SAI_IPSEC_ATTR_SN_32BIT_SUPPORTED
Indicates if 32-bit Sequence Number (SN) is supported.
Definition saiipsec.h:155
SAI_IPSEC_ATTR_CUSTOM_RANGE_START
@ SAI_IPSEC_ATTR_CUSTOM_RANGE_START
Custom range base value.
Definition saiipsec.h:298
SAI_IPSEC_ATTR_STAG_TPID
@ SAI_IPSEC_ATTR_STAG_TPID
TPID value used to identify S-tag.
Definition saiipsec.h:226
SAI_IPSEC_ATTR_SWITCHING_MODE_STORE_AND_FORWARD_SUPPORTED
@ SAI_IPSEC_ATTR_SWITCHING_MODE_STORE_AND_FORWARD_SUPPORTED
SAI_SWITCH_SWITCHING_MODE_STORE_AND_FORWARD supported.
Definition saiipsec.h:131
SAI_IPSEC_ATTR_CUSTOM_RANGE_END
@ SAI_IPSEC_ATTR_CUSTOM_RANGE_END
End of custom range base.
Definition saiipsec.h:303
SAI_IPSEC_ATTR_AVAILABLE_IPSEC_SA
@ SAI_IPSEC_ATTR_AVAILABLE_IPSEC_SA
Available IPsec Security Associations.
Definition saiipsec.h:279
SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_LOW_WATERMARK
@ SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_LOW_WATERMARK
Definition saiipsec.h:63
SAI_IPSEC_SA_OCTET_COUNT_STATUS_ABOVE_HIGH_WATERMARK
@ SAI_IPSEC_SA_OCTET_COUNT_STATUS_ABOVE_HIGH_WATERMARK
Definition saiipsec.h:69
SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_HIGH_WATERMARK
@ SAI_IPSEC_SA_OCTET_COUNT_STATUS_BELOW_HIGH_WATERMARK
Definition saiipsec.h:66
SAI_IPSEC_SA_STAT_GOOD_PKTS
@ SAI_IPSEC_SA_STAT_GOOD_PKTS
Count of validated error-free received (ingress) packets for this SA. Valid only for ingress,...
Definition saiipsec.h:671
SAI_IPSEC_SA_STAT_DUMMY_DROPPED_PKTS_IN
@ SAI_IPSEC_SA_STAT_DUMMY_DROPPED_PKTS_IN
Count of dummy packets dropped by IPsec logic. These are packets with 59 as the next header field val...
Definition saiipsec.h:717
SAI_IPSEC_SA_STAT_LATE_PKTS_IN
@ SAI_IPSEC_SA_STAT_LATE_PKTS_IN
Count of packets outside the replay window. Always 0 if the hardware does not provide a separate coun...
Definition saiipsec.h:692
SAI_IPSEC_SA_STAT_BAD_TRAILER_PKTS_IN
@ SAI_IPSEC_SA_STAT_BAD_TRAILER_PKTS_IN
Count of packets with bad trailer. This could be due to insufficient or invalid padding,...
Definition saiipsec.h:700
SAI_IPSEC_SA_STAT_AUTH_FAIL_PKTS_IN
@ SAI_IPSEC_SA_STAT_AUTH_FAIL_PKTS_IN
Count of packets with authentication and integrity failure For cut-through switching,...
Definition saiipsec.h:708
SAI_IPSEC_SA_STAT_REPLAYED_PKTS_IN
@ SAI_IPSEC_SA_STAT_REPLAYED_PKTS_IN
Count of replayed packets. This also includes late packets if the hardware does not provide a separat...
Definition saiipsec.h:685
SAI_IPSEC_SA_STAT_OTHER_DROPPED_PKTS
@ SAI_IPSEC_SA_STAT_OTHER_DROPPED_PKTS
Count of other packets dropped by IPsec logic. This could be due to not programmed or incorrectly pro...
Definition saiipsec.h:723
SAI_IPSEC_SA_STAT_BAD_HEADER_PKTS_IN
@ SAI_IPSEC_SA_STAT_BAD_HEADER_PKTS_IN
Count of packets with bad header for this SA. This could be due the packet header being different fro...
Definition saiipsec.h:678
SAI_IPSEC_SA_STAT_PROTECTED_PKTS
@ SAI_IPSEC_SA_STAT_PROTECTED_PKTS
Count of Ethernet frames processed by this SA. This should normally be the sum of all the good and er...
Definition saiipsec.h:664
SAI_IPSEC_SA_STAT_PROTECTED_OCTETS
@ SAI_IPSEC_SA_STAT_PROTECTED_OCTETS
Total octets in all Ethernet frames processed by this SA.
Definition saiipsec.h:658
SAI_IPSEC_SA_ATTR_SALT
@ SAI_IPSEC_SA_ATTR_SALT
IPsec Salt portion of IV Network Byte order.
Definition saiipsec.h:534
SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_START
@ SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_START
Custom range base value.
Definition saiipsec.h:642
SAI_IPSEC_SA_ATTR_IPSEC_PORT_LIST
@ SAI_IPSEC_SA_ATTR_IPSEC_PORT_LIST
List of IPsec ports for this SA.
Definition saiipsec.h:490
SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_ENABLE
@ SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_ENABLE
Replay protection enable for this Security Association.
Definition saiipsec.h:553
SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_END
@ SAI_IPSEC_SA_ATTR_CUSTOM_RANGE_END
End of custom range base.
Definition saiipsec.h:647
SAI_IPSEC_SA_ATTR_IPSEC_SPI
@ SAI_IPSEC_SA_ATTR_IPSEC_SPI
SPI value for this Security Association, carried in ESP header.
Definition saiipsec.h:498
SAI_IPSEC_SA_ATTR_EGRESS_ESN
@ SAI_IPSEC_SA_ATTR_EGRESS_ESN
IPsec egress sequence number (SN). One less than the next SN.
Definition saiipsec.h:621
SAI_IPSEC_SA_ATTR_OCTET_COUNT_STATUS
@ SAI_IPSEC_SA_ATTR_OCTET_COUNT_STATUS
SA byte count status.
Definition saiipsec.h:462
SAI_IPSEC_SA_ATTR_SA_INDEX
@ SAI_IPSEC_SA_ATTR_SA_INDEX
SA Index value for this Security Association.
Definition saiipsec.h:480
SAI_IPSEC_SA_ATTR_MINIMUM_INGRESS_ESN
@ SAI_IPSEC_SA_ATTR_MINIMUM_INGRESS_ESN
Minimum value of ingress IPsec sequence number (SN). Can be Updated by value from IPsec peer for gros...
Definition saiipsec.h:632
SAI_IPSEC_SA_ATTR_TERM_SRC_IP
@ SAI_IPSEC_SA_ATTR_TERM_SRC_IP
Remote IP address for tunnel termination.
Definition saiipsec.h:611
SAI_IPSEC_SA_ATTR_EXTERNAL_SA_INDEX
@ SAI_IPSEC_SA_ATTR_EXTERNAL_SA_INDEX
Externally assigned SA Index value for this Security Association. Used only when SAI_IPSEC_ATTR_EXTER...
Definition saiipsec.h:472
SAI_IPSEC_SA_ATTR_ENCRYPT_KEY
@ SAI_IPSEC_SA_ATTR_ENCRYPT_KEY
IPsec Traffic Encryption Key used for encryption/decryption. Network Byte order. AES128 uses only Byt...
Definition saiipsec.h:525
SAI_IPSEC_SA_ATTR_IPSEC_ESN_ENABLE
@ SAI_IPSEC_SA_ATTR_IPSEC_ESN_ENABLE
Enable 64-bit ESN (vs 32-bit SN) for this Security Association.
Definition saiipsec.h:507
SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION
@ SAI_IPSEC_SA_ATTR_IPSEC_DIRECTION
IPsec direction.
Definition saiipsec.h:445
SAI_IPSEC_SA_ATTR_START
@ SAI_IPSEC_SA_ATTR_START
Start of IPsec Security Association attributes.
Definition saiipsec.h:437
SAI_IPSEC_SA_ATTR_AUTH_KEY
@ SAI_IPSEC_SA_ATTR_AUTH_KEY
IPsec Authentication Key Network Byte order.
Definition saiipsec.h:543
SAI_IPSEC_SA_ATTR_IPSEC_CIPHER
@ SAI_IPSEC_SA_ATTR_IPSEC_CIPHER
Cipher suite for this SA.
Definition saiipsec.h:516
SAI_IPSEC_SA_ATTR_TERM_VLAN_ID
@ SAI_IPSEC_SA_ATTR_TERM_VLAN_ID
Vlan Id for tunnel termination.
Definition saiipsec.h:592
SAI_IPSEC_SA_ATTR_TERM_VLAN_ID_ENABLE
@ SAI_IPSEC_SA_ATTR_TERM_VLAN_ID_ENABLE
Match Vlan Id for tunnel termination.
Definition saiipsec.h:582
SAI_IPSEC_SA_ATTR_TERM_DST_IP
@ SAI_IPSEC_SA_ATTR_TERM_DST_IP
SA local IP address for tunnel termination.
Definition saiipsec.h:572
SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_WINDOW
@ SAI_IPSEC_SA_ATTR_IPSEC_REPLAY_PROTECTION_WINDOW
Replay protection window for this Security Association.
Definition saiipsec.h:563
SAI_IPSEC_SA_ATTR_IPSEC_ID
@ SAI_IPSEC_SA_ATTR_IPSEC_ID
IPsec object id.
Definition saiipsec.h:454
SAI_IPSEC_SA_ATTR_END
@ SAI_IPSEC_SA_ATTR_END
End of IPsec Security Association attributes.
Definition saiipsec.h:637
SAI_IPSEC_SA_ATTR_TERM_SRC_IP_ENABLE
@ SAI_IPSEC_SA_ATTR_TERM_SRC_IP_ENABLE
Match remote IP address for tunnel termination.
Definition saiipsec.h:602
SAI_IPSEC_PORT_ATTR_START
@ SAI_IPSEC_PORT_ATTR_START
Start of IPsec Port attributes.
Definition saiipsec.h:314
SAI_IPSEC_PORT_ATTR_NATIVE_VLAN_ID
@ SAI_IPSEC_PORT_ATTR_NATIVE_VLAN_ID
Port native Vlan Id used for Security Engine SA termination.
Definition saiipsec.h:350
SAI_IPSEC_PORT_ATTR_VRF_FROM_PACKET_VLAN_ENABLE
@ SAI_IPSEC_PORT_ATTR_VRF_FROM_PACKET_VLAN_ENABLE
Enable VRF identification from ingress parsed packet Vlan.
Definition saiipsec.h:362
SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_END
@ SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_END
End of custom range base.
Definition saiipsec.h:388
SAI_IPSEC_PORT_ATTR_STAG_ENABLE
@ SAI_IPSEC_PORT_ATTR_STAG_ENABLE
Enable vlan tag parsing for S-tag TPID.
Definition saiipsec.h:341
SAI_IPSEC_PORT_ATTR_PORT_ID
@ SAI_IPSEC_PORT_ATTR_PORT_ID
Associated port id.
Definition saiipsec.h:323
SAI_IPSEC_PORT_ATTR_CTAG_ENABLE
@ SAI_IPSEC_PORT_ATTR_CTAG_ENABLE
Enable vlan tag parsing for C-tag TPID.
Definition saiipsec.h:332
SAI_IPSEC_PORT_ATTR_END
@ SAI_IPSEC_PORT_ATTR_END
End of IPsec Port attributes.
Definition saiipsec.h:378
SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_START
@ SAI_IPSEC_PORT_ATTR_CUSTOM_RANGE_START
Custom range base value.
Definition saiipsec.h:383
SAI_IPSEC_PORT_ATTR_SWITCH_SWITCHING_MODE
@ SAI_IPSEC_PORT_ATTR_SWITCH_SWITCHING_MODE
Switching mode for port. If configured as cut-through, the IPG for Tx MAC in the switch ASIC has to b...
Definition saiipsec.h:373
SAI_IPSEC_PORT_STAT_TX_ERROR_PKTS
@ SAI_IPSEC_PORT_STAT_TX_ERROR_PKTS
Packets dropped after receive MAC and before IPsec SA processing. This could be due to malformed head...
Definition saiipsec.h:400
SAI_IPSEC_PORT_STAT_TX_IPSEC_PKTS
@ SAI_IPSEC_PORT_STAT_TX_IPSEC_PKTS
Packets mapped to an SA for IPsec processing.
Definition saiipsec.h:405
SAI_IPSEC_PORT_STAT_RX_ERROR_PKTS
@ SAI_IPSEC_PORT_STAT_RX_ERROR_PKTS
Packets dropped after receive MAC and before IPsec SA processing. This could be due to malformed head...
Definition saiipsec.h:416
SAI_IPSEC_PORT_STAT_RX_IPSEC_PKTS
@ SAI_IPSEC_PORT_STAT_RX_IPSEC_PKTS
Packets mapped to an SA for IPsec processing.
Definition saiipsec.h:421
SAI_IPSEC_PORT_STAT_TX_NON_IPSEC_PKTS
@ SAI_IPSEC_PORT_STAT_TX_NON_IPSEC_PKTS
Non-IPsec packets that pass through this port.
Definition saiipsec.h:410
SAI_IPSEC_PORT_STAT_RX_NON_IPSEC_PKTS
@ SAI_IPSEC_PORT_STAT_RX_NON_IPSEC_PKTS
Non-IPsec packets that pass through this port.
Definition saiipsec.h:426
sai_stats_mode_t
enum _sai_stats_mode_t sai_stats_mode_t
SAI statistics modes.
saitypes.h
This module defines SAI portable types.
_sai_attribute_t
Definition saitypes.h:1537
_sai_ipsec_api_t
IPsec methods table retrieved with sai_api_query()
Definition saiipsec.h:996
_sai_ipsec_sa_status_notification_t
IPsec SA status for notification.
Definition saiipsec.h:77
_sai_ipsec_sa_status_notification_t::ipsec_egress_sn_at_max_limit
bool ipsec_egress_sn_at_max_limit
IPsec egress SA sequence number at max limit.
Definition saiipsec.h:93
_sai_ipsec_sa_status_notification_t::ipsec_sa_octet_count_status
sai_ipsec_sa_octet_count_status_t ipsec_sa_octet_count_status
IPsec SA byte count status.
Definition saiipsec.h:88
_sai_ipsec_sa_status_notification_t::ipsec_sa_id
sai_object_id_t ipsec_sa_id
IPsec SA object id.
Definition saiipsec.h:83