From: Neale Ranns Date: Thu, 13 Feb 2020 10:10:30 +0000 (+0000) Subject: ikev2: Responder honours the protected tunnel config X-Git-Tag: v20.09-rc0~600 X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commitdiff_plain;h=685001f0abe26bafbc1f27da303019fcbc2cd4b2 ikev2: Responder honours the protected tunnel config Type: feature Change-Id: Iee84f94c617c53658f13c5430b945568c5e06ce9 Signed-off-by: Neale Ranns --- diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index 4bbe5549c75..75b9dcbac61 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -1409,6 +1409,12 @@ ikev2_sa_auth (ikev2_sa_t * sa) sa->childs[0].r_proposals = ikev2_select_proposal (sa->childs[0].i_proposals, IKEV2_PROTOCOL_ESP); + + if (~0 != sel_p->tun_itf) + { + sa->is_tun_itf_set = 1; + sa->tun_itf = sel_p->tun_itf; + } } } else @@ -2872,6 +2878,7 @@ ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add) clib_memset (p, 0, sizeof (*p)); p->name = vec_dup (name); p->responder.sw_if_index = ~0; + p->tun_itf = ~0; uword index = p - km->profiles; mhash_set_mem (&km->profile_index_by_name, name, &index, 0); } diff --git a/src/plugins/ikev2/ikev2_cli.c b/src/plugins/ikev2/ikev2_cli.c index 8b9a6cdf8f1..a48828d3499 100644 --- a/src/plugins/ikev2/ikev2_cli.c +++ b/src/plugins/ikev2/ikev2_cli.c @@ -474,6 +474,9 @@ show_ikev2_profile_command_fn (vlib_main_t * vm, format_ip4_address, &p->rem_ts.end_addr, p->rem_ts.start_port, p->rem_ts.end_port, p->rem_ts.protocol_id); + if (~0 != p->tun_itf) + vlib_cli_output(vm, " protected tunnel %U", + format_vnet_sw_if_index_name, vnet_get_main(), p->tun_itf); })); /* *INDENT-ON* */