ipsec: support UDP encap/decap for NAT traversal

Change-Id: I65c12617ad49e4d5ef242e53988782f0cefa5684 Signed-off-by: Klement Sekera <ksekera@cisco.com>
author: Klement Sekera <ksekera@cisco.com> 2018-04-17 18:04:57 +0200
committer: Damjan Marion <dmarion.lists@gmail.com> 2018-05-09 21:54:10 +0000
commit: 4b089f27b3eda69be2fc8a9ef9f74d39cd00fc7f (patch)
tree: 1cd816a7fcdc0b68d5471c7729c5f882f947d1e0 /src/vnet/ipsec/ipsec.c
parent: 8e43d04ca4f4496aaefc4f5e2b6e1c0951624099 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 4894022536b..928cafd5e25 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -19,12 +19,14 @@
 #include <vnet/api_errno.h>
 #include <vnet/ip/ip.h>
 #include <vnet/interface.h>
+#include <vnet/udp/udp.h>
 
 #include <vnet/ipsec/ipsec.h>
 #include <vnet/ipsec/ikev2.h>
 #include <vnet/ipsec/esp.h>
 #include <vnet/ipsec/ah.h>
 
+
 ipsec_main_t ipsec_main;
 
 u32
@@ -411,7 +413,8 @@ ipsec_is_sa_used (u32 sa_index)
 }
 
 int
-ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
+ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add,
+		  u8 udp_encap)
 {
   ipsec_main_t *im = &ipsec_main;
   ipsec_sa_t *sa = 0;
@@ -450,6 +453,7 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
       pool_get (im->sad, sa);
       clib_memcpy (sa, new_sa, sizeof (*sa));
       sa_index = sa - im->sad;
+      sa->udp_encap = udp_encap ? 1 : 0;
       hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
       if (im->cb.add_del_sa_sess_cb)
 	{
author	Klement Sekera <ksekera@cisco.com>	2018-04-17 18:04:57 +0200
committer	Damjan Marion <dmarion.lists@gmail.com>	2018-05-09 21:54:10 +0000
commit	4b089f27b3eda69be2fc8a9ef9f74d39cd00fc7f (patch)
tree	1cd816a7fcdc0b68d5471c7729c5f882f947d1e0 /src/vnet/ipsec/ipsec.c
parent	8e43d04ca4f4496aaefc4f5e2b6e1c0951624099 (diff)