rekey->tsi = tsi;
rekey->tsr = tsr;
/* update Ni */
- vec_free (sa->i_nonce);
+ vec_reset_length (sa->i_nonce);
vec_add (sa->i_nonce, nonce, IKEV2_NONCE_SIZE);
/* generate new Nr */
vec_validate (sa->r_nonce, IKEV2_NONCE_SIZE - 1);
RAND_bytes ((u8 *) sa->r_nonce, IKEV2_NONCE_SIZE);
- vec_free (n);
}
+ else
+ goto cleanup_and_exit;
+ vec_free (n);
return 1;
cleanup_and_exit:
vec_free (n);
+ vec_free (proposal);
+ vec_free (tsr);
+ vec_free (tsi);
return 0;
}
IPSEC_PROTOCOL_ESP, a->encr_type,
&a->loc_ckey, a->integ_type, &a->loc_ikey,
a->flags, 0, a->salt_local, &zero_addr,
- &zero_addr, NULL, a->src_port, a->dst_port);
+ &zero_addr, TUNNEL_ENCAP_DECAP_FLAG_NONE,
+ IP_DSCP_CS0, NULL, a->src_port, a->dst_port);
+
rv |= ipsec_sa_add_and_lock (a->remote_sa_id, a->remote_spi,
IPSEC_PROTOCOL_ESP, a->encr_type, &a->rem_ckey,
a->integ_type, &a->rem_ikey,
(a->flags | IPSEC_SA_FLAG_IS_INBOUND), 0,
a->salt_remote, &zero_addr,
- &zero_addr, NULL, a->ipsec_over_udp_port,
+ &zero_addr, TUNNEL_ENCAP_DECAP_FLAG_NONE,
+ IP_DSCP_CS0, NULL,
+ a->ipsec_over_udp_port,
a->ipsec_over_udp_port);
rv |= ipsec_tun_protect_update (sw_if_index, NULL, a->local_sa_id, sas_in);
ikev2_create_tunnel_interface (vm, sa0, child, p[0],
child - sa0->childs, 1);
}
- if (sa0->is_initiator)
+ if (ike_hdr_is_response (ike0))
{
vec_free (sa0->rekey);
}
sa->sw_if_index);
}
+void
+ikev2_disable_dpd (void)
+{
+ ikev2_main_t *km = &ikev2_main;
+ km->dpd_disabled = 1;
+}
+
static_always_inline int
ikev2_mngr_process_responder_sas (ikev2_sa_t * sa)
{
while (1)
{
- u8 req_sent = 0;
- vlib_process_wait_for_event_or_clock (vm, 1);
+ vlib_process_wait_for_event_or_clock (vm, 2);
vlib_process_get_events (vm, NULL);
/* process ike child sas */
sa->old_id_expiration -= 1;
vec_foreach (c, sa->childs)
- {
- req_sent |= ikev2_mngr_process_child_sa(sa, c, del_old_ids);
- }
+ ikev2_mngr_process_child_sa(sa, c, del_old_ids);
- if (ikev2_mngr_process_responder_sas (sa))
+ if (!km->dpd_disabled && ikev2_mngr_process_responder_sas (sa))
vec_add1 (to_be_deleted, sa - tkm->sas);
}));
/* *INDENT-ON* */
/* *INDENT-ON* */
ikev2_process_pending_sa_init (km);
-
- if (req_sent)
- {
- vlib_process_wait_for_event_or_clock (vm, 5);
- vlib_process_get_events (vm, NULL);
- req_sent = 0;
- }
-
}
return 0;
}