X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fikev2%2Fikev2_priv.h;h=4c56b980f1c88056f1d7eefc2dcaf5f108541ba7;hb=af2cc6425;hp=2b89b66efa662f9d824a24fc641ac4c5eaaed4ca;hpb=edf2900ac633ae0d8575b04094b1bca40e1a221f;p=vpp.git

diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index 2b89b66efa6..4c56b980f1c 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -257,6 +257,8 @@ typedef struct
 {
   u32 sw_if_index;
   ip_address_t addr;
+  u8 *hostname;
+  u8 is_resolved;
 } ikev2_responder_t;
 
 typedef struct
@@ -347,8 +349,34 @@ typedef struct
 
   u32 tun_itf;
   u8 udp_encap;
+  u8 natt_disabled;
 } ikev2_profile_t;
 
+typedef enum
+{
+  /* SA will switch to port 4500 when NAT is detected.
+   * This is the default. */
+  IKEV2_NATT_ENABLED,
+
+  /* Do nothing when NAT is detected */
+  IKEV2_NATT_DISABLED,
+
+  /* NAT was detected and port switched to 4500 */
+  IKEV2_NATT_ACTIVE,
+} ikev2_natt_state_t;
+
+#define ikev2_natt_active(_sa) ((_sa)->natt_state == IKEV2_NATT_ACTIVE)
+
+typedef struct
+{
+  u16 n_keepalives;
+  u16 n_rekey_req;
+  u16 n_sa_auth_req;
+  u16 n_sa_init_req;
+  u16 n_init_retransmit;
+  u16 n_retransmit;
+} ikev2_stats_t;
+
 typedef struct
 {
   ikev2_state_t state;
@@ -395,6 +423,8 @@ typedef struct
   /* pending rekeyings */
   ikev2_rekey_t *rekey;
 
+  ikev2_rekey_t *new_child;
+
   /* packet data */
   u8 *last_sa_init_req_packet_data;
   u8 *last_sa_init_res_packet_data;
@@ -428,8 +458,10 @@ typedef struct
   u32 sw_if_index;
 
   /* is NAT traversal mode */
-  u8 natt;
+  ikev2_natt_state_t natt_state;
   u8 keys_generated;
+
+  ikev2_stats_t stats;
 } ikev2_sa_t;
 
 
@@ -488,14 +520,17 @@ typedef struct
   /* logging level */
   ikev2_log_level_t log_level;
 
-  /* custom ipsec-over-udp ports managed by ike */
-  uword *udp_ports;
-
   /* how often a liveness check will be performed */
   u32 liveness_period;
 
   /* max number of retries before considering peer dead */
   u32 liveness_max_retries;
+
+  /* dead peer detection */
+  u8 dpd_disabled;
+
+  /* pointer to name resolver function in dns plugin */
+  int (*dns_resolve_name) ();
 } ikev2_main_t;
 
 extern ikev2_main_t ikev2_main;
@@ -571,6 +606,8 @@ ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep,
 					    u32 rlen);
 int ikev2_set_log_level (ikev2_log_level_t log_level);
 u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type);
+void ikev2_disable_dpd (void);
+clib_error_t *ikev2_profile_natt_disable (u8 * name);
 
 static_always_inline ikev2_main_per_thread_data_t *
 ikev2_get_per_thread_data ()