diff options
author | Filip Tehlar <ftehlar@cisco.com> | 2020-10-10 04:39:11 +0000 |
---|---|---|
committer | Beno�t Ganne <bganne@cisco.com> | 2020-10-21 16:11:28 +0000 |
commit | edf2900ac633ae0d8575b04094b1bca40e1a221f (patch) | |
tree | c6afab1f6a9162d07aee9835628b90a030f2a33d /src/plugins/ikev2/ikev2.c | |
parent | 6ba4e41d33ffda2596d9d4b3a1d7fdd3c9a6b870 (diff) |
ikev2: support sending requests from responder
Type: improvement
Ticket: VPP-1894
Change-Id: I5a24a48416bca2ffbd346cdaa813fb25801e6c9b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/ikev2/ikev2.c')
-rw-r--r-- | src/plugins/ikev2/ikev2.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index 3ce9114e358..05dfb604006 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -2352,7 +2352,7 @@ ikev2_generate_message (vlib_buffer_t * b, ikev2_sa_t * sa, { if (sa->del[0].protocol_id == IKEV2_PROTOCOL_IKE) { - if (sa->is_initiator) + if (ike_hdr_is_request (ike)) ikev2_payload_add_delete (chain, sa->del); /* The response to a request that deletes the IKE SA is an empty @@ -2446,16 +2446,14 @@ ikev2_generate_message (vlib_buffer_t * b, ikev2_sa_t * sa, ike->version = IKE_VERSION_2; ike->nextpayload = IKEV2_PAYLOAD_SK; tlen = sizeof (*ike); + if (sa->is_initiator) + ike->flags |= IKEV2_HDR_FLAG_INITIATOR; + + if (ike_hdr_is_request (ike)) { - ike->flags = IKEV2_HDR_FLAG_INITIATOR; sa->last_init_msg_id = clib_net_to_host_u32 (ike->msgid); } - else - { - ike->flags = IKEV2_HDR_FLAG_RESPONSE; - } - if (ike->exchange == IKEV2_EXCHANGE_SA_INIT) { @@ -2638,6 +2636,9 @@ ikev2_retransmit_sa_init (ike_header_t * ike, ip_address_t iaddr, static u32 ikev2_retransmit_resp (ikev2_sa_t * sa, ike_header_t * ike) { + if (ike_hdr_is_response (ike)) + return 0; + u32 msg_id = clib_net_to_host_u32 (ike->msgid); /* new req */ @@ -2852,7 +2853,7 @@ ikev2_node_internal (vlib_main_t * vm, sa0 = &sa; clib_memset (sa0, 0, sizeof (*sa0)); - if (ike0->flags & IKEV2_HDR_FLAG_INITIATOR) + if (ike_hdr_is_initiator (ike0)) { if (ike0->rspi == 0) { @@ -2898,6 +2899,7 @@ ikev2_node_internal (vlib_main_t * vm, if (sa0->state == IKEV2_STATE_SA_INIT || sa0->state == IKEV2_STATE_NOTIFY_AND_DELETE) { + ike0->flags = IKEV2_HDR_FLAG_RESPONSE; slen = ikev2_generate_message (b0, sa0, ike0, 0, udp0); if (~0 == slen) vlib_node_increment_counter (vm, node->node_index, @@ -2945,6 +2947,7 @@ ikev2_node_internal (vlib_main_t * vm, ikev2_complete_sa_data (sa0, sai); ikev2_calc_keys (sa0); ikev2_sa_auth_init (sa0); + ike0->flags = IKEV2_HDR_FLAG_INITIATOR; slen = ikev2_generate_message (b0, sa0, ike0, 0, udp0); if (~0 == slen) @@ -3086,9 +3089,9 @@ ikev2_node_internal (vlib_main_t * vm, } } } - if (!(ike0->flags & IKEV2_HDR_FLAG_RESPONSE)) + if (ike_hdr_is_request (ike0)) { - ike0->flags |= IKEV2_HDR_FLAG_RESPONSE; + ike0->flags = IKEV2_HDR_FLAG_RESPONSE; slen = ikev2_generate_message (b0, sa0, ike0, 0, udp0); if (~0 == slen) vlib_node_increment_counter (vm, node->node_index, @@ -3149,6 +3152,7 @@ ikev2_node_internal (vlib_main_t * vm, } else { + ike0->flags = IKEV2_HDR_FLAG_RESPONSE; slen = ikev2_generate_message (b0, sa0, ike0, 0, udp0); if (~0 == slen) vlib_node_increment_counter (vm, node->node_index, @@ -3615,7 +3619,7 @@ ikev2_initiate_delete_ike_sa_internal (vlib_main_t * vm, ike0->exchange = IKEV2_EXCHANGE_INFORMATIONAL; ike0->ispi = clib_host_to_net_u64 (sa->ispi); ike0->rspi = clib_host_to_net_u64 (sa->rspi); - + ike0->flags = 0; ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id + 1); sa->last_init_msg_id = clib_net_to_host_u32 (ike0->msgid); len = ikev2_generate_message (b0, sa, ike0, 0, 0); @@ -4269,6 +4273,7 @@ ikev2_delete_child_sa_internal (vlib_main_t * vm, ikev2_sa_t * sa, ike0->exchange = IKEV2_EXCHANGE_INFORMATIONAL; ike0->ispi = clib_host_to_net_u64 (sa->ispi); ike0->rspi = clib_host_to_net_u64 (sa->rspi); + ike0->flags = 0; vec_resize (sa->del, 1); sa->del->protocol_id = IKEV2_PROTOCOL_ESP; sa->del->spi = csa->i_proposals->spi; @@ -4837,6 +4842,7 @@ ikev2_send_informational_request (ikev2_sa_t * sa) ike0->ispi = clib_host_to_net_u64 (sa->ispi); ike0->rspi = clib_host_to_net_u64 (sa->rspi); ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id + 1); + ike0->flags = 0; sa->last_init_msg_id = clib_net_to_host_u32 (ike0->msgid); len = ikev2_generate_message (b0, sa, ike0, 0, 0); if (~0 == len) |