typedef struct
{
u8 *name;
- u8 is_enabled;
ikev2_auth_t auth;
ikev2_id_t loc_id;
u64 lifetime_maxdata;
u32 lifetime_jitter;
u32 handover;
+ u16 ipsec_over_udp_port;
u32 tun_itf;
+ u8 udp_encap;
} ikev2_profile_t;
typedef struct
u8 is_initiator;
u32 last_init_msg_id;
- u8 is_profile_index_set;
u32 profile_index;
u8 is_tun_itf_set;
u32 tun_itf;
+ u8 udp_encap;
+ u16 ipsec_over_udp_port;
f64 old_id_expiration;
u32 current_remote_id_mask;
u32 old_remote_id;
u8 old_remote_id_present;
+ u8 init_response_received;
ikev2_child_sa_t *childs;
+
+ u8 liveness_retries;
+ f64 liveness_period_check;
+
+ u16 dst_port;
+ u32 sw_if_index;
+
+ /* is NAT traversal mode */
+ u8 natt;
} ikev2_sa_t;
typedef struct
{
+ CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
+
/* pool of IKEv2 Security Associations */
ikev2_sa_t *sas;
/* hash */
uword *sa_by_rspi;
+
+ EVP_CIPHER_CTX *evp_ctx;
+ HMAC_CTX *hmac_ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ HMAC_CTX _hmac_ctx;
+ EVP_CIPHER_CTX _evp_ctx;
+#endif
} ikev2_main_per_thread_data_t;
typedef struct
/* logging level */
ikev2_log_level_t log_level;
+
+ /* custom ipsec-over-udp ports managed by ike */
+ uword *udp_ports;
+
+ /* how often a liveness check will be performed */
+ u32 liveness_period;
+
+ /* max number of retries before considering peer dead */
+ u32 liveness_max_retries;
} ikev2_main_t;
extern ikev2_main_t ikev2_main;