summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_cli.c
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2020-04-01 09:45:23 +0000
committerPaul Vinciguerra <pvinci@vinciconsulting.com>2020-05-05 18:36:33 +0000
commitabc5660c61698fa29252dc202358002a97f2608c (patch)
tree969edc7dc2145e40e3fb96c470df917f2053abfe /src/vnet/ipsec/ipsec_cli.c
parent6fdd7a5f77301a3398c4445bfef202b123ce90d8 (diff)
ipsec: User can choose the UDP source port
Type: feature thus allowing NAT traversal, Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_cli.c')
-rw-r--r--src/vnet/ipsec/ipsec_cli.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 13f9efdf566..695e5f01c74 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -86,7 +86,8 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
clib_error_t *error;
ipsec_key_t ck = { 0 };
ipsec_key_t ik = { 0 };
- u32 id, spi, salt;
+ u32 id, spi, salt, sai;
+ u16 udp_src, udp_dst;
int is_add, rv;
salt = 0;
@@ -96,6 +97,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
proto = IPSEC_PROTOCOL_ESP;
integ_alg = IPSEC_INTEG_ALG_NONE;
crypto_alg = IPSEC_CRYPTO_ALG_NONE;
+ udp_src = udp_dst = IPSEC_UDP_PORT_NONE;
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -149,8 +151,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg,
&ck, integ_alg, &ik, flags,
0, clib_host_to_net_u32 (salt),
- &tun_src, &tun_dst, NULL,
- IPSEC_UDP_PORT_NONE);
+ &tun_src, &tun_dst, &sai, udp_src, udp_dst);
else
rv = ipsec_sa_unlock_id (id);
@@ -856,14 +857,16 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
&lck, integ_alg, &lik, flags, table_id,
clib_host_to_net_u32 (salt), &local_ip,
- &remote_ip, NULL, IPSEC_UDP_PORT_NONE);
+ &remote_ip, NULL, IPSEC_UDP_PORT_NONE,
+ IPSEC_UDP_PORT_NONE);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_remote_sa_id (sw_if_index),
remote_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
&rck, integ_alg, &rik,
(flags | IPSEC_SA_FLAG_IS_INBOUND), table_id,
clib_host_to_net_u32 (salt), &remote_ip,
- &local_ip, NULL, IPSEC_UDP_PORT_NONE);
+ &local_ip, NULL, IPSEC_UDP_PORT_NONE,
+ IPSEC_UDP_PORT_NONE);
rv |=
ipsec_tun_protect_update_one (sw_if_index, &nh,
ipsec_tun_mk_local_sa_id (sw_if_index),