summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2_priv.h
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2020-10-30 04:47:44 +0000
committerFilip Tehlar <ftehlar@cisco.com>2020-10-31 02:58:24 +0000
commitd7fc12f07313f9147159f2562f6fcc928af7a963 (patch)
treeb890f17a30d8fde4faca0efdedb1e81bb55e8bd1 /src/plugins/ikev2/ikev2_priv.h
parent68ad6258374201ba8f0dc052e6f44d6250555249 (diff)
ikev2: add option to disable NAT traversal
Type: feature Ticket: VPP-1935 Change-Id: I705f84047b112279377590157a1c7b4a34f693d2 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/ikev2/ikev2_priv.h')
-rw-r--r--src/plugins/ikev2/ikev2_priv.h19
1 files changed, 18 insertions, 1 deletions
diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index ae0c2a4bae3..fa302dcf21a 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -347,8 +347,24 @@ typedef struct
u32 tun_itf;
u8 udp_encap;
+ u8 natt_disabled;
} ikev2_profile_t;
+typedef enum
+{
+ /* SA will switch to port 4500 when NAT is detected.
+ * This is the default. */
+ IKEV2_NATT_ENABLED,
+
+ /* Do nothing when NAT is detected */
+ IKEV2_NATT_DISABLED,
+
+ /* NAT was detected and port switched to 4500 */
+ IKEV2_NATT_ACTIVE,
+} ikev2_natt_state_t;
+
+#define ikev2_natt_active(_sa) ((_sa)->natt_state == IKEV2_NATT_ACTIVE)
+
typedef struct
{
ikev2_state_t state;
@@ -428,7 +444,7 @@ typedef struct
u32 sw_if_index;
/* is NAT traversal mode */
- u8 natt;
+ ikev2_natt_state_t natt_state;
u8 keys_generated;
} ikev2_sa_t;
@@ -575,6 +591,7 @@ ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep,
int ikev2_set_log_level (ikev2_log_level_t log_level);
u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type);
void ikev2_disable_dpd (void);
+clib_error_t *ikev2_profile_natt_disable (u8 * name);
static_always_inline ikev2_main_per_thread_data_t *
ikev2_get_per_thread_data ()