summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2021-01-04 14:03:53 +0000
committerBeno�t Ganne <bganne@cisco.com>2021-01-08 13:05:32 +0000
commited4b38e868c7cabb8e88cc0f1254c95a8f1c5939 (patch)
tree3aef7ce8bbbb78a25d385b449f34e68d7774e983 /src/plugins/ikev2
parenta5a9efd4d1995ef6d46dfab4e5b8aba9c5d114ef (diff)
ikev2: fix lookup in wrong ip table
In responder mode we need to remember interface index from which IKE session was initiated. Otherwise when sending keep alive packets to the initiator, the default ip table is always used for lookup instead of the one associated with the interface. Type: fix Change-Id: Iade3fc3a490b7ae83c3f6e9014d1f4204e476ac1 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/ikev2')
-rw-r--r--src/plugins/ikev2/ikev2.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 7aaf4f3e033..8d06bd3a382 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -716,9 +716,8 @@ ikev2_check_payload_length (const ike_payload_header_t * ikep, int rlen,
}
static int
-ikev2_process_sa_init_req (vlib_main_t * vm,
- ikev2_sa_t * sa, ike_header_t * ike,
- udp_header_t * udp, u32 len)
+ikev2_process_sa_init_req (vlib_main_t *vm, ikev2_sa_t *sa, ike_header_t *ike,
+ udp_header_t *udp, u32 len, u32 sw_if_index)
{
u8 nonce[IKEV2_NONCE_SIZE];
int p = 0;
@@ -733,6 +732,7 @@ ikev2_process_sa_init_req (vlib_main_t * vm,
ip_addr_version (&sa->iaddr) == AF_IP4);
sa->ispi = clib_net_to_host_u64 (ike->ispi);
+ sa->sw_if_index = sw_if_index;
/* store whole IKE payload - needed for PSK auth */
vec_reset_length (sa->last_sa_init_req_packet_data);
@@ -2958,7 +2958,9 @@ ikev2_node_internal (vlib_main_t * vm,
goto dispatch0;
}
- res = ikev2_process_sa_init_req (vm, sa0, ike0, udp0, rlen);
+ res = ikev2_process_sa_init_req (
+ vm, sa0, ike0, udp0, rlen,
+ vnet_buffer (b0)->sw_if_index[VLIB_RX]);
if (!res)
vlib_node_increment_counter (vm, node->node_index,
IKEV2_ERROR_MALFORMED_PACKET,