From 4b089f27b3eda69be2fc8a9ef9f74d39cd00fc7f Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Tue, 17 Apr 2018 18:04:57 +0200
Subject: ipsec: support UDP encap/decap for NAT traversal

Change-Id: I65c12617ad49e4d5ef242e53988782f0cefa5684
Signed-off-by: Klement Sekera <ksekera@cisco.com>
---
 src/vnet/ipsec/ipsec_cli.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/vnet/ipsec/ipsec_cli.c')

diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index ef57d52ef67..238ef9774e1 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -176,7 +176,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
 	goto done;
     }
 
-  ipsec_add_del_sa (vm, &sa, is_add);
+  ipsec_add_del_sa (vm, &sa, is_add, 0 /* enable nat traversal */ );
 
 done:
   unformat_free (line_input);
@@ -451,9 +451,10 @@ show_ipsec_command_fn (vlib_main_t * vm,
   /* *INDENT-OFF* */
   pool_foreach (sa, im->sad, ({
     if (sa->id) {
-      vlib_cli_output(vm, "sa %u spi %u mode %s protocol %s", sa->id, sa->spi,
+      vlib_cli_output(vm, "sa %u spi %u mode %s protocol %s%s", sa->id, sa->spi,
                       sa->is_tunnel ? "tunnel" : "transport",
-                      sa->protocol ? "esp" : "ah");
+                      sa->protocol ? "esp" : "ah",
+		      sa->udp_encap ? " udp-encap-enabled" : "");
       if (sa->protocol == IPSEC_PROTOCOL_ESP) {
         vlib_cli_output(vm, "  crypto alg %U%s%U integrity alg %U%s%U",
                         format_ipsec_crypto_alg, sa->crypto_alg,
-- 
cgit 1.2.3-korg