summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_sa.c
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2020-03-02 15:17:37 +0000
committerDamjan Marion <dmarion@me.com>2020-03-21 11:50:03 +0000
commite5d34919b4561a5ee11e41dec6b0184537b39696 (patch)
tree9ceae975f3ce8da4a5ef7da8922b1ab4781cb231 /src/vnet/ipsec/ipsec_sa.c
parent7f6d145accc6e63b150ab4efc282f19cbe996b57 (diff)
ikev2: add support for custom ipsec-over-udp port
Type: feature Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_sa.c')
-rw-r--r--src/vnet/ipsec/ipsec_sa.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 4401c2e3d74..0e1e63d0db4 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -135,7 +135,8 @@ ipsec_sa_add_and_lock (u32 id,
u32 tx_table_id,
u32 salt,
const ip46_address_t * tun_src,
- const ip46_address_t * tun_dst, u32 * sa_out_index)
+ const ip46_address_t * tun_dst, u32 * sa_out_index,
+ u16 dst_port)
{
vlib_main_t *vm = vlib_get_main ();
ipsec_main_t *im = &ipsec_main;
@@ -269,8 +270,16 @@ ipsec_sa_add_and_lock (u32 id,
if (ipsec_sa_is_set_UDP_ENCAP (sa))
{
- sa->udp_hdr.src_port = clib_host_to_net_u16 (UDP_DST_PORT_ipsec);
- sa->udp_hdr.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_ipsec);
+ if (dst_port == IPSEC_UDP_PORT_NONE)
+ {
+ sa->udp_hdr.src_port = clib_host_to_net_u16 (UDP_DST_PORT_ipsec);
+ sa->udp_hdr.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_ipsec);
+ }
+ else
+ {
+ sa->udp_hdr.src_port = clib_host_to_net_u16 (dst_port);
+ sa->udp_hdr.dst_port = clib_host_to_net_u16 (dst_port);
+ }
}
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);