From 4362baa33c00b93d07f6648c87c064c96900f4df Mon Sep 17 00:00:00 2001
From: Filip Tehlar <ftehlar@cisco.com>
Date: Thu, 2 Apr 2020 13:13:39 +0000
Subject: ikev2: add support for NAT traversal

Type: feature

* initiator behind NAT supported
* tested with static NAT mappings
* works only with pre-configured tunnels

The pre-configured tunnel has to be defined as follows:

initiator (i) side: src=ip(i) dst=ip(r)
responder (r) side: src=ip(r) dst=ip(nat)

Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
---
 src/plugins/ikev2/ikev2_priv.h | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/plugins/ikev2/ikev2_priv.h')

diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index a344e716a89..7f4cb03c373 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -358,7 +358,7 @@ typedef struct
   u64 lifetime_maxdata;
   u32 lifetime_jitter;
   u32 handover;
-  u16 dst_port;
+  u16 ipsec_over_udp_port;
 
   u32 tun_itf;
   u8 udp_encap;
@@ -425,7 +425,7 @@ typedef struct
   u8 is_tun_itf_set;
   u32 tun_itf;
   u8 udp_encap;
-  u16 dst_port;
+  u16 ipsec_over_udp_port;
 
   f64 old_id_expiration;
   u32 current_remote_id_mask;
@@ -437,6 +437,12 @@ typedef struct
 
   u8 liveness_retries;
   f64 liveness_period_check;
+
+  u16 dst_port;
+  u32 sw_if_index;
+
+  /* is NAT traversal mode */
+  u8 natt;
 } ikev2_sa_t;
 
 
-- 
cgit 1.2.3-korg