{
u32 sw_if_index;
ip_address_t addr;
+ u8 *hostname;
+ u8 is_resolved;
} ikev2_responder_t;
typedef struct
u32 tun_itf;
u8 udp_encap;
+ u8 natt_disabled;
} ikev2_profile_t;
+typedef enum
+{
+ /* SA will switch to port 4500 when NAT is detected.
+ * This is the default. */
+ IKEV2_NATT_ENABLED,
+
+ /* Do nothing when NAT is detected */
+ IKEV2_NATT_DISABLED,
+
+ /* NAT was detected and port switched to 4500 */
+ IKEV2_NATT_ACTIVE,
+} ikev2_natt_state_t;
+
+#define ikev2_natt_active(_sa) ((_sa)->natt_state == IKEV2_NATT_ACTIVE)
+
+typedef struct
+{
+ u16 n_keepalives;
+ u16 n_rekey_req;
+ u16 n_sa_auth_req;
+ u16 n_sa_init_req;
+ u16 n_init_retransmit;
+ u16 n_retransmit;
+} ikev2_stats_t;
+
typedef struct
{
ikev2_state_t state;
/* pending rekeyings */
ikev2_rekey_t *rekey;
+ ikev2_rekey_t *new_child;
+
/* packet data */
u8 *last_sa_init_req_packet_data;
u8 *last_sa_init_res_packet_data;
/* retransmit */
+ /* message id expected in the request from the other peer */
u32 last_msg_id;
u8 *last_res_packet_data;
u8 is_initiator;
+ /* last message id that was used for an initiated request */
u32 last_init_msg_id;
u32 profile_index;
u8 is_tun_itf_set;
u32 sw_if_index;
/* is NAT traversal mode */
- u8 natt;
+ ikev2_natt_state_t natt_state;
u8 keys_generated;
+
+ ikev2_stats_t stats;
} ikev2_sa_t;
/* logging level */
ikev2_log_level_t log_level;
- /* custom ipsec-over-udp ports managed by ike */
- uword *udp_ports;
-
/* how often a liveness check will be performed */
u32 liveness_period;
/* max number of retries before considering peer dead */
u32 liveness_max_retries;
+
+ /* dead peer detection */
+ u8 dpd_disabled;
+
+ /* pointer to name resolver function in dns plugin */
+ int (*dns_resolve_name) ();
} ikev2_main_t;
extern ikev2_main_t ikev2_main;
u32 rlen);
int ikev2_set_log_level (ikev2_log_level_t log_level);
u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type);
+void ikev2_disable_dpd (void);
+clib_error_t *ikev2_profile_natt_disable (u8 * name);
static_always_inline ikev2_main_per_thread_data_t *
ikev2_get_per_thread_data ()