summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2020-02-13 10:10:30 +0000
committerDamjan Marion <dmarion@me.com>2020-02-13 11:55:38 +0000
commit685001f0abe26bafbc1f27da303019fcbc2cd4b2 (patch)
treefa00952824ea94cecccb1bd9d76060062f4dbeb0
parent11da575089cd73fb75b847d01aee81fb551e8598 (diff)
ikev2: Responder honours the protected tunnel config
Type: feature Change-Id: Iee84f94c617c53658f13c5430b945568c5e06ce9 Signed-off-by: Neale Ranns <nranns@cisco.com>
-rw-r--r--src/plugins/ikev2/ikev2.c7
-rw-r--r--src/plugins/ikev2/ikev2_cli.c3
2 files changed, 10 insertions, 0 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 4bbe5549c75..75b9dcbac61 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1409,6 +1409,12 @@ ikev2_sa_auth (ikev2_sa_t * sa)
sa->childs[0].r_proposals =
ikev2_select_proposal (sa->childs[0].i_proposals,
IKEV2_PROTOCOL_ESP);
+
+ if (~0 != sel_p->tun_itf)
+ {
+ sa->is_tun_itf_set = 1;
+ sa->tun_itf = sel_p->tun_itf;
+ }
}
}
else
@@ -2872,6 +2878,7 @@ ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add)
clib_memset (p, 0, sizeof (*p));
p->name = vec_dup (name);
p->responder.sw_if_index = ~0;
+ p->tun_itf = ~0;
uword index = p - km->profiles;
mhash_set_mem (&km->profile_index_by_name, name, &index, 0);
}
diff --git a/src/plugins/ikev2/ikev2_cli.c b/src/plugins/ikev2/ikev2_cli.c
index 8b9a6cdf8f1..a48828d3499 100644
--- a/src/plugins/ikev2/ikev2_cli.c
+++ b/src/plugins/ikev2/ikev2_cli.c
@@ -474,6 +474,9 @@ show_ikev2_profile_command_fn (vlib_main_t * vm,
format_ip4_address, &p->rem_ts.end_addr,
p->rem_ts.start_port, p->rem_ts.end_port,
p->rem_ts.protocol_id);
+ if (~0 != p->tun_itf)
+ vlib_cli_output(vm, " protected tunnel %U",
+ format_vnet_sw_if_index_name, vnet_get_main(), p->tun_itf);
}));
/* *INDENT-ON* */