diff options
author | Neale Ranns <nranns@cisco.com> | 2020-04-01 09:45:23 +0000 |
---|---|---|
committer | Paul Vinciguerra <pvinci@vinciconsulting.com> | 2020-05-05 18:36:33 +0000 |
commit | abc5660c61698fa29252dc202358002a97f2608c (patch) | |
tree | 969edc7dc2145e40e3fb96c470df917f2053abfe /src/vnet/ipsec/ipsec_cli.c | |
parent | 6fdd7a5f77301a3398c4445bfef202b123ce90d8 (diff) |
ipsec: User can choose the UDP source port
Type: feature
thus allowing NAT traversal,
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_cli.c')
-rw-r--r-- | src/vnet/ipsec/ipsec_cli.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 13f9efdf566..695e5f01c74 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -86,7 +86,8 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, clib_error_t *error; ipsec_key_t ck = { 0 }; ipsec_key_t ik = { 0 }; - u32 id, spi, salt; + u32 id, spi, salt, sai; + u16 udp_src, udp_dst; int is_add, rv; salt = 0; @@ -96,6 +97,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, proto = IPSEC_PROTOCOL_ESP; integ_alg = IPSEC_INTEG_ALG_NONE; crypto_alg = IPSEC_CRYPTO_ALG_NONE; + udp_src = udp_dst = IPSEC_UDP_PORT_NONE; if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -149,8 +151,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg, &ck, integ_alg, &ik, flags, 0, clib_host_to_net_u32 (salt), - &tun_src, &tun_dst, NULL, - IPSEC_UDP_PORT_NONE); + &tun_src, &tun_dst, &sai, udp_src, udp_dst); else rv = ipsec_sa_unlock_id (id); @@ -856,14 +857,16 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm, local_spi, IPSEC_PROTOCOL_ESP, crypto_alg, &lck, integ_alg, &lik, flags, table_id, clib_host_to_net_u32 (salt), &local_ip, - &remote_ip, NULL, IPSEC_UDP_PORT_NONE); + &remote_ip, NULL, IPSEC_UDP_PORT_NONE, + IPSEC_UDP_PORT_NONE); rv |= ipsec_sa_add_and_lock (ipsec_tun_mk_remote_sa_id (sw_if_index), remote_spi, IPSEC_PROTOCOL_ESP, crypto_alg, &rck, integ_alg, &rik, (flags | IPSEC_SA_FLAG_IS_INBOUND), table_id, clib_host_to_net_u32 (salt), &remote_ip, - &local_ip, NULL, IPSEC_UDP_PORT_NONE); + &local_ip, NULL, IPSEC_UDP_PORT_NONE, + IPSEC_UDP_PORT_NONE); rv |= ipsec_tun_protect_update_one (sw_if_index, &nh, ipsec_tun_mk_local_sa_id (sw_if_index), |