u32 tun_itf;
u8 udp_encap;
+ u8 natt_disabled;
} ikev2_profile_t;
+typedef enum
+{
+ /* SA will switch to port 4500 when NAT is detected.
+ * This is the default. */
+ IKEV2_NATT_ENABLED,
+
+ /* Do nothing when NAT is detected */
+ IKEV2_NATT_DISABLED,
+
+ /* NAT was detected and port switched to 4500 */
+ IKEV2_NATT_ACTIVE,
+} ikev2_natt_state_t;
+
+#define ikev2_natt_active(_sa) ((_sa)->natt_state == IKEV2_NATT_ACTIVE)
+
typedef struct
{
ikev2_state_t state;
u8 *last_sa_init_res_packet_data;
/* retransmit */
+ /* message id expected in the request from the other peer */
u32 last_msg_id;
u8 *last_res_packet_data;
u8 is_initiator;
+ /* last message id that was used for an initiated request */
u32 last_init_msg_id;
u32 profile_index;
u8 is_tun_itf_set;
u32 sw_if_index;
/* is NAT traversal mode */
- u8 natt;
+ ikev2_natt_state_t natt_state;
u8 keys_generated;
} ikev2_sa_t;
/* max number of retries before considering peer dead */
u32 liveness_max_retries;
+
+ /* dead peer detection */
+ u8 dpd_disabled;
} ikev2_main_t;
extern ikev2_main_t ikev2_main;
u32 rlen);
int ikev2_set_log_level (ikev2_log_level_t log_level);
u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type);
+void ikev2_disable_dpd (void);
+clib_error_t *ikev2_profile_natt_disable (u8 * name);
static_always_inline ikev2_main_per_thread_data_t *
ikev2_get_per_thread_data ()
Code Review / vpp.git / blobdiff