aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2_test.c
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2020-10-30 04:47:44 +0000
committerFilip Tehlar <ftehlar@cisco.com>2020-10-31 02:58:24 +0000
commitd7fc12f07313f9147159f2562f6fcc928af7a963 (patch)
treeb890f17a30d8fde4faca0efdedb1e81bb55e8bd1 /src/plugins/ikev2/ikev2_test.c
parent68ad6258374201ba8f0dc052e6f44d6250555249 (diff)
ikev2: add option to disable NAT traversal
Type: feature Ticket: VPP-1935 Change-Id: I705f84047b112279377590157a1c7b4a34f693d2 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/ikev2/ikev2_test.c')
-rw-r--r--src/plugins/ikev2/ikev2_test.c65
1 files changed, 45 insertions, 20 deletions
diff --git a/src/plugins/ikev2/ikev2_test.c b/src/plugins/ikev2/ikev2_test.c
index 81a222c0971..d9f5e2256b6 100644
--- a/src/plugins/ikev2/ikev2_test.c
+++ b/src/plugins/ikev2/ikev2_test.c
@@ -46,6 +46,7 @@ typedef struct
vat_main_t *vat_main;
} ikev2_test_main_t;
+static const char *valid_chars = "a-zA-Z0-9_";
ikev2_test_main_t ikev2_test_main;
uword
@@ -192,6 +193,47 @@ format_ikev2_sa_transform (u8 * s, va_list * args)
}
static int
+api_ikev2_profile_disable_natt (vat_main_t * vam)
+{
+ unformat_input_t *i = vam->input;
+ vl_api_ikev2_profile_disable_natt_t *mp;
+ u8 *name = 0;
+ int ret;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "%U", unformat_token, valid_chars, &name))
+ vec_add1 (name, 0);
+ else
+ {
+ errmsg ("parse error '%U'", format_unformat_error, i);
+ return -99;
+ }
+ }
+
+ if (!vec_len (name))
+ {
+ errmsg ("profile name must be specified");
+ return -99;
+ }
+
+ if (vec_len (name) > 64)
+ {
+ errmsg ("profile name too long");
+ return -99;
+ }
+
+ M (IKEV2_PROFILE_DISABLE_NATT, mp);
+
+ clib_memcpy (mp->name, name, vec_len (name));
+ vec_free (name);
+
+ S (mp);
+ W (ret);
+ return ret;
+}
+
+static int
api_ikev2_profile_dump (vat_main_t * vam)
{
ikev2_test_main_t *ik = &ikev2_test_main;
@@ -280,6 +322,9 @@ static void vl_api_ikev2_profile_details_t_handler
if (p->udp_encap)
fformat (vam->ofp, " udp-encap\n");
+ if (p->natt_disabled)
+ fformat (vam->ofp, " NAT-T disabled\n");
+
u32 ipsec_over_udp_port = clib_net_to_host_u16 (p->ipsec_over_udp_port);
if (ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
fformat (vam->ofp, " ipsec-over-udp port %d\n", ipsec_over_udp_port);
@@ -674,8 +719,6 @@ api_ikev2_profile_add_del (vat_main_t * vam)
u8 *name = 0;
int ret;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "del"))
@@ -723,8 +766,6 @@ api_ikev2_profile_set_auth (vat_main_t * vam)
u8 is_hex = 0;
int ret;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "name %U", unformat_token, valid_chars, &name))
@@ -794,8 +835,6 @@ api_ikev2_profile_set_id (vat_main_t * vam)
ip_address_t ip;
int ret;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "name %U", unformat_token, valid_chars, &name))
@@ -871,8 +910,6 @@ api_ikev2_profile_set_ts (vat_main_t * vam)
u32 proto = 0, start_port = 0, end_port = (u32) ~ 0;
ip_address_t start_addr, end_addr;
u8 start_addr_set = 0, end_addr_set = 0;
-
- const char *valid_chars = "a-zA-Z0-9_";
int ret;
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
@@ -984,8 +1021,6 @@ api_ikev2_profile_set_udp_encap (vat_main_t * vam)
int ret;
u8 *name = 0;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "%U udp-encap", unformat_token, valid_chars, &name))
@@ -1035,8 +1070,6 @@ api_ikev2_set_responder (vat_main_t * vam)
u32 sw_if_index = ~0;
ip_address_t address;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat
@@ -1084,8 +1117,6 @@ api_ikev2_set_ike_transforms (vat_main_t * vam)
u8 *name = 0;
u32 crypto_alg, crypto_key_size, integ_alg, dh_group;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "%U %d %d %d %d", unformat_token, valid_chars, &name,
@@ -1134,8 +1165,6 @@ api_ikev2_set_esp_transforms (vat_main_t * vam)
u8 *name = 0;
u32 crypto_alg, crypto_key_size, integ_alg;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "%U %d %d %d", unformat_token, valid_chars, &name,
@@ -1183,8 +1212,6 @@ api_ikev2_set_sa_lifetime (vat_main_t * vam)
u64 lifetime, lifetime_maxdata;
u32 lifetime_jitter, handover;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "%U %lu %u %u %lu", unformat_token, valid_chars, &name,
@@ -1232,8 +1259,6 @@ api_ikev2_initiate_sa_init (vat_main_t * vam)
int ret;
u8 *name = 0;
- const char *valid_chars = "a-zA-Z0-9_";
-
while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
{
if (unformat (i, "%U", unformat_token, valid_chars, &name))