ipsec: support UDP encap/decap for NAT traversal

Change-Id: I65c12617ad49e4d5ef242e53988782f0cefa5684 Signed-off-by: Klement Sekera <ksekera@cisco.com>
author: Klement Sekera <ksekera@cisco.com> 2018-04-17 18:04:57 +0200
committer: Damjan Marion <dmarion.lists@gmail.com> 2018-05-09 21:54:10 +0000
commit: 4b089f27b3eda69be2fc8a9ef9f74d39cd00fc7f (patch)
tree: 1cd816a7fcdc0b68d5471c7729c5f882f947d1e0 /src/vnet/ipsec/ipsec_cli.c
parent: 8e43d04ca4f4496aaefc4f5e2b6e1c0951624099 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index ef57d52ef67..238ef9774e1 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -176,7 +176,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
 	goto done;
     }
 
-  ipsec_add_del_sa (vm, &sa, is_add);
+  ipsec_add_del_sa (vm, &sa, is_add, 0 /* enable nat traversal */ );
 
 done:
   unformat_free (line_input);
@@ -451,9 +451,10 @@ show_ipsec_command_fn (vlib_main_t * vm,
   /* *INDENT-OFF* */
   pool_foreach (sa, im->sad, ({
     if (sa->id) {
-      vlib_cli_output(vm, "sa %u spi %u mode %s protocol %s", sa->id, sa->spi,
+      vlib_cli_output(vm, "sa %u spi %u mode %s protocol %s%s", sa->id, sa->spi,
                       sa->is_tunnel ? "tunnel" : "transport",
-                      sa->protocol ? "esp" : "ah");
+                      sa->protocol ? "esp" : "ah",
+		      sa->udp_encap ? " udp-encap-enabled" : "");
       if (sa->protocol == IPSEC_PROTOCOL_ESP) {
         vlib_cli_output(vm, "  crypto alg %U%s%U integrity alg %U%s%U",
                         format_ipsec_crypto_alg, sa->crypto_alg,
author	Klement Sekera <ksekera@cisco.com>	2018-04-17 18:04:57 +0200
committer	Damjan Marion <dmarion.lists@gmail.com>	2018-05-09 21:54:10 +0000
commit	4b089f27b3eda69be2fc8a9ef9f74d39cd00fc7f (patch)
tree	1cd816a7fcdc0b68d5471c7729c5f882f947d1e0 /src/vnet/ipsec/ipsec_cli.c
parent	8e43d04ca4f4496aaefc4f5e2b6e1c0951624099 (diff)