From 685001f0abe26bafbc1f27da303019fcbc2cd4b2 Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Thu, 13 Feb 2020 10:10:30 +0000
Subject: ikev2: Responder honours the protected tunnel config

Type: feature

Change-Id: Iee84f94c617c53658f13c5430b945568c5e06ce9
Signed-off-by: Neale Ranns <nranns@cisco.com>
---
 src/plugins/ikev2/ikev2.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/plugins/ikev2/ikev2.c')

diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 4bbe5549c75..75b9dcbac61 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1409,6 +1409,12 @@ ikev2_sa_auth (ikev2_sa_t * sa)
 	  sa->childs[0].r_proposals =
 	    ikev2_select_proposal (sa->childs[0].i_proposals,
 				   IKEV2_PROTOCOL_ESP);
+
+	  if (~0 != sel_p->tun_itf)
+	    {
+	      sa->is_tun_itf_set = 1;
+	      sa->tun_itf = sel_p->tun_itf;
+	    }
 	}
     }
   else
@@ -2872,6 +2878,7 @@ ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add)
       clib_memset (p, 0, sizeof (*p));
       p->name = vec_dup (name);
       p->responder.sw_if_index = ~0;
+      p->tun_itf = ~0;
       uword index = p - km->profiles;
       mhash_set_mem (&km->profile_index_by_name, name, &index, 0);
     }
-- 
cgit 1.2.3-korg