ikev2: add option to disable NAT traversal

Type: feature
Ticket: VPP-1935

Change-Id: I705f84047b112279377590157a1c7b4a34f693d2
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>

1 files changed, 23 insertions, 1 deletions

diff --git a/src/plugins/ikev2/ikev2_api.c b/src/plugins/ikev2/ikev2_api.c
index 33ff0853832..63d8760b043 100644
--- a/src/plugins/ikev2/ikev2_api.c
+++ b/src/plugins/ikev2/ikev2_api.c
@@ -163,7 +163,7 @@ send_profile (ikev2_profile_t * profile, vl_api_registration_t * reg,
 
   rmp->profile.udp_encap = profile->udp_encap;
   rmp->profile.tun_itf = profile->tun_itf;
-
+  rmp->profile.natt_disabled = profile->natt_disabled;
   rmp->profile.ipsec_over_udp_port = profile->ipsec_over_udp_port;
 
   rmp->profile.lifetime = profile->lifetime;
@@ -858,6 +858,28 @@ static void
 }
 
 static void
+  vl_api_ikev2_profile_disable_natt_t_handler
+  (vl_api_ikev2_profile_disable_natt_t * mp)
+{
+  vl_api_ikev2_profile_disable_natt_reply_t *rmp;
+  int rv = 0;
+
+#if WITH_LIBSSL > 0
+  clib_error_t *error;
+
+  u8 *tmp = format (0, "%s", mp->name);
+  error = ikev2_profile_natt_disable (tmp);
+  vec_free (tmp);
+  if (error)
+    rv = VNET_API_ERROR_UNSPECIFIED;
+#else
+  rv = VNET_API_ERROR_UNIMPLEMENTED;
+#endif
+
+  REPLY_MACRO (VL_API_IKEV2_PROFILE_DISABLE_NATT_REPLY);
+}
+
+static void
   vl_api_ikev2_initiate_rekey_child_sa_t_handler
   (vl_api_ikev2_initiate_rekey_child_sa_t * mp)
 {