X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fikev2%2Fikev2_priv.h;h=fa302dcf21a667faa3c58cd819cf628a74758e7f;hb=d7fc12f07;hp=115a5b2a6b332bd653b87e55bbf3e73ce11aff4e;hpb=ec112e5a9eb708c1ee85faf569fef6fa40178294;p=vpp.git diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h index 115a5b2a6b3..fa302dcf21a 100644 --- a/src/plugins/ikev2/ikev2_priv.h +++ b/src/plugins/ikev2/ikev2_priv.h @@ -347,8 +347,24 @@ typedef struct u32 tun_itf; u8 udp_encap; + u8 natt_disabled; } ikev2_profile_t; +typedef enum +{ + /* SA will switch to port 4500 when NAT is detected. + * This is the default. */ + IKEV2_NATT_ENABLED, + + /* Do nothing when NAT is detected */ + IKEV2_NATT_DISABLED, + + /* NAT was detected and port switched to 4500 */ + IKEV2_NATT_ACTIVE, +} ikev2_natt_state_t; + +#define ikev2_natt_active(_sa) ((_sa)->natt_state == IKEV2_NATT_ACTIVE) + typedef struct { ikev2_state_t state; @@ -400,10 +416,12 @@ typedef struct u8 *last_sa_init_res_packet_data; /* retransmit */ + /* message id expected in the request from the other peer */ u32 last_msg_id; u8 *last_res_packet_data; u8 is_initiator; + /* last message id that was used for an initiated request */ u32 last_init_msg_id; u32 profile_index; u8 is_tun_itf_set; @@ -426,7 +444,7 @@ typedef struct u32 sw_if_index; /* is NAT traversal mode */ - u8 natt; + ikev2_natt_state_t natt_state; u8 keys_generated; } ikev2_sa_t; @@ -494,6 +512,9 @@ typedef struct /* max number of retries before considering peer dead */ u32 liveness_max_retries; + + /* dead peer detection */ + u8 dpd_disabled; } ikev2_main_t; extern ikev2_main_t ikev2_main; @@ -569,6 +590,8 @@ ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep, u32 rlen); int ikev2_set_log_level (ikev2_log_level_t log_level); u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type); +void ikev2_disable_dpd (void); +clib_error_t *ikev2_profile_natt_disable (u8 * name); static_always_inline ikev2_main_per_thread_data_t * ikev2_get_per_thread_data ()