ikev2: make UDP encap flag configurable

[vpp.git] / src / plugins / ikev2 / ikev2_cli.c

diff --git a/src/plugins/ikev2/ikev2_cli.c b/src/plugins/ikev2/ikev2_cli.c
index 2ca1a5c..6b9876b 100644 (file)
--- a/src/plugins/ikev2/ikev2_cli.c
+++ b/src/plugins/ikev2/ikev2_cli.c
@@ -184,6 +184,7 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
   ip4_address_t ip4;
   ip4_address_t end_addr;
   u32 responder_sw_if_index = (u32) ~ 0;
+  u32 tun_sw_if_index = (u32) ~ 0;
   ip4_address_t responder_ip4;
   ikev2_transform_encr_type_t crypto_alg;
   ikev2_transform_integ_type_t integ_alg;
@@ -326,6 +327,13 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
                                         responder_ip4);
          goto done;
        }
+      else if (unformat (line_input, "set %U tunnel %U",
+                        unformat_token, valid_chars, &name,
+                        unformat_vnet_sw_interface, vnm, &tun_sw_if_index))
+       {
+         r = ikev2_set_profile_tunnel_interface (vm, name, tun_sw_if_index);
+         goto done;
+       }
       else
        if (unformat
            (line_input,
@@ -362,6 +370,12 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
            ikev2_set_profile_sa_lifetime (vm, name, tmp4, tmp1, tmp2, tmp5);
          goto done;
        }
+      else if (unformat (line_input, "set %U udp-encap",
+                        unformat_token, valid_chars, &name))
+       {
+         r = ikev2_set_profile_udp_encap (vm, name);
+         goto done;
+       }
       else
        break;
     }
@@ -384,6 +398,8 @@ VLIB_CLI_COMMAND (ikev2_profile_add_del_command, static) = {
     "ikev2 profile set <id> auth [rsa-sig|shared-key-mic] [cert-file|string|hex]"
     " <data>\n"
     "ikev2 profile set <id> id <local|remote> <type> <data>\n"
+    "ikev2 profile set <id> tunnel <interface>\n"
+    "ikev2 profile set <id> udp-encap\n"
     "ikev2 profile set <id> traffic-selector <local|remote> ip-range "
     "<start-addr> - <end-addr> port-range <start-port> - <end-port> "
     "protocol <protocol-number>\n"
@@ -465,6 +481,11 @@ show_ikev2_profile_command_fn (vlib_main_t * vm,
                       format_ip4_address, &p->rem_ts.end_addr,
                       p->rem_ts.start_port, p->rem_ts.end_port,
                       p->rem_ts.protocol_id);
+    if (~0 != p->tun_itf)
+      vlib_cli_output(vm, "  protected tunnel %U",
+                      format_vnet_sw_if_index_name, vnet_get_main(), p->tun_itf);
+    if (p->udp_encap)
+      vlib_cli_output(vm, "  udp-encap");
   }));
   /* *INDENT-ON* */