X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fikev2%2Fikev2.c;h=db68135db42464d034acd9a15e869c9cb0aa335f;hb=b29d523af039ac007238300a7316ba9e3e44ce25;hp=b0ed4f2a1f56efe92e34ef7ad7d742c3642c7f7e;hpb=05aceacc38d1988c0651829d4733feb4745b427e;p=vpp.git diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index b0ed4f2a1f5..db68135db42 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -398,6 +398,7 @@ ikev2_complete_sa_data (ikev2_sa_t * sa, ikev2_sa_t * sai) sa->i_auth.key = _(sai->i_auth.key); sa->last_sa_init_req_packet_data = _(sai->last_sa_init_req_packet_data); sa->childs = _(sai->childs); + sa->udp_encap = sai->udp_encap; #undef _ @@ -1372,6 +1373,9 @@ ikev2_sa_auth (ikev2_sa_t * sa) } } + if (sel_p) + sa->udp_encap = sel_p->udp_encap; + vec_free(auth); vec_free(psk); })); @@ -1608,6 +1612,9 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, } a.flags = IPSEC_SA_FLAG_USE_ANTI_REPLAY; + a.flags |= IPSEC_SA_FLAG_IS_TUNNEL; + if (sa->udp_encap) + a.flags |= IPSEC_SA_FLAG_UDP_ENCAP; a.is_rekey = is_rekey; tr = ikev2_sa_get_td_for_type (proposals, IKEV2_TRANSFORM_TYPE_ESN); @@ -3151,6 +3158,22 @@ ikev2_set_profile_tunnel_interface (vlib_main_t * vm, return 0; } +clib_error_t * +ikev2_set_profile_udp_encap (vlib_main_t * vm, u8 * name) +{ + ikev2_profile_t *p = ikev2_profile_index_by_name (name); + clib_error_t *r; + + if (!p) + { + r = clib_error_return (0, "unknown profile %v", name); + return r; + } + + p->udp_encap = 1; + return 0; +} + clib_error_t * ikev2_set_profile_sa_lifetime (vlib_main_t * vm, u8 * name, u64 lifetime, u32 jitter, u32 handover, @@ -3235,6 +3258,7 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name) sa.is_profile_index_set = 1; sa.state = IKEV2_STATE_SA_INIT; sa.tun_itf = p->tun_itf; + sa.udp_encap = p->udp_encap; sa.is_tun_itf_set = 1; sa.initial_contact = 1; ikev2_generate_sa_init_data (&sa);