From 4117b24acb4241d7f2ef38248bc254f6a4a7b422 Mon Sep 17 00:00:00 2001 From: Arthur de Kerhor Date: Wed, 31 Aug 2022 19:13:03 +0200 Subject: ipsec: new api for sa ips and ports updates Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA without having to rekey. Could be done by deleting and re-adding the SA but it would not preserve the anti-replay window if there is one. Use case: a nat update/reboot between the 2 endpoints of the tunnel. Type: feature Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0 Signed-off-by: Arthur de Kerhor --- src/vnet/ipsec/ipsec_api.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'src/vnet/ipsec/ipsec_api.c') diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 378f493ec14..3994150d895 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -567,6 +567,31 @@ vl_api_ipsec_sad_entry_add_t_handler (vl_api_ipsec_sad_entry_add_t *mp) { rmp->stat_index = htonl (sa_index); }); } +static void +vl_api_ipsec_sad_entry_update_t_handler (vl_api_ipsec_sad_entry_update_t *mp) +{ + vl_api_ipsec_sad_entry_update_reply_t *rmp; + u32 id; + tunnel_t tun = { 0 }; + int rv; + + id = ntohl (mp->sad_id); + + if (mp->is_tun) + { + rv = tunnel_decode (&mp->tunnel, &tun); + + if (rv) + goto out; + } + + rv = ipsec_sa_update (id, htons (mp->udp_src_port), htons (mp->udp_dst_port), + &tun, mp->is_tun); + +out: + REPLY_MACRO (VL_API_IPSEC_SAD_ENTRY_UPDATE_REPLY); +} + static void send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg, u32 context) -- cgit 1.2.3-korg