From d7fc12f07313f9147159f2562f6fcc928af7a963 Mon Sep 17 00:00:00 2001
From: Filip Tehlar <ftehlar@cisco.com>
Date: Fri, 30 Oct 2020 04:47:44 +0000
Subject: ikev2: add option to disable NAT traversal

Type: feature
Ticket: VPP-1935

Change-Id: I705f84047b112279377590157a1c7b4a34f693d2
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
---
 src/plugins/ikev2/test/test_ikev2.py | 6 ++++++
 src/plugins/ikev2/test/vpp_ikev2.py  | 7 +++++++
 2 files changed, 13 insertions(+)

(limited to 'src/plugins/ikev2/test')

diff --git a/src/plugins/ikev2/test/test_ikev2.py b/src/plugins/ikev2/test/test_ikev2.py
index 91cec8e9a62..d065d46e8eb 100644
--- a/src/plugins/ikev2/test/test_ikev2.py
+++ b/src/plugins/ikev2/test/test_ikev2.py
@@ -1393,6 +1393,8 @@ class TestApi(VppTestCase):
             p.set_lifetime_data(cfg['lifetime_data'])
         if 'tun_itf' in cfg:
             p.set_tunnel_interface(cfg['tun_itf'])
+        if 'natt_disabled' in cfg and cfg['natt_disabled']:
+            p.disable_natt()
         p.add_vpp_config()
         return p
 
@@ -1431,6 +1433,7 @@ class TestApi(VppTestCase):
         conf = {
             'p1': {
                 'name': 'p1',
+                'natt_disabled': True,
                 'loc_id': ('fqdn', b'vpp.home'),
                 'rem_id': ('fqdn', b'roadwarrior.example.com'),
                 'loc_ts': loc_ts4,
@@ -1534,6 +1537,9 @@ class TestApi(VppTestCase):
         self.verify_ike_transforms(ap.ike_ts, cp['ike_ts'])
         self.verify_esp_transforms(ap.esp_ts, cp['esp_ts'])
         self.verify_auth(ap.auth, cp['auth'])
+        natt_dis = False if 'natt_disabled' not in cp else cp['natt_disabled']
+        self.assertTrue(natt_dis == ap.natt_disabled)
+
         if 'lifetime_data' in cp:
             self.verify_lifetime_data(ap, cp['lifetime_data'])
         self.assertEqual(ap.ipsec_over_udp_port, cp['ipsec_over_udp_port'])
diff --git a/src/plugins/ikev2/test/vpp_ikev2.py b/src/plugins/ikev2/test/vpp_ikev2.py
index 6ae30201450..dd1c3fc986e 100644
--- a/src/plugins/ikev2/test/vpp_ikev2.py
+++ b/src/plugins/ikev2/test/vpp_ikev2.py
@@ -27,6 +27,10 @@ class Profile(VppObject):
         self.vapi = test.vapi
         self.profile_name = profile_name
         self.udp_encap = False
+        self.natt = True
+
+    def disable_natt(self):
+        self.natt = False
 
     def add_auth(self, method, data, is_hex=False):
         if isinstance(method, int):
@@ -156,6 +160,9 @@ class Profile(VppObject):
             self.vapi.ikev2_set_tunnel_interface(name=self.profile_name,
                                                  sw_if_index=self.tun_itf)
 
+        if not self.natt:
+            self.vapi.ikev2_profile_disable_natt(name=self.profile_name)
+
     def query_vpp_config(self):
         res = self.vapi.ikev2_profile_dump()
         for r in res:
-- 
cgit 1.2.3-korg