Skip to content

Commit

Permalink
ipsec: Allow to configure tunnel src & dst ports
Browse files Browse the repository at this point in the history 
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
  • Loading branch information
Milan Lenco committed Jul 21, 2020
1 parent faf9478 commit d9d463c
Show file tree
Hide file tree
Showing 3 changed files with 96 additions and 65 deletions.
13 changes: 11 additions & 2 deletions plugins/vpp/ipsecplugin/vppcalls/vpp2005/ipsec_vppcalls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,15 @@ func (h *IPSecVppHandler) sadAddDelEntry(sa *ipsec.SecurityAssociation, isAdd bo
return err
}
}
const undefinedPort = ^uint16(0)
udpSrcPort := undefinedPort
if sa.TunnelSrcPort != 0 {
udpSrcPort = uint16(sa.TunnelSrcPort)
}
udpDstPort := undefinedPort
if sa.TunnelDstPort != 0 {
udpDstPort = uint16(sa.TunnelDstPort)
}

req := &vpp_ipsec.IpsecSadEntryAddDel{
IsAdd: isAdd,
Expand All @@ -244,8 +253,8 @@ func (h *IPSecVppHandler) sadAddDelEntry(sa *ipsec.SecurityAssociation, isAdd bo
TunnelSrc: tunnelSrc,
TunnelDst: tunnelDst,
Flags: flags,
UDPSrcPort: ^uint16(0),
UDPDstPort: ^uint16(0),
UDPSrcPort: udpSrcPort,
UDPDstPort: udpDstPort,
},
}
reply := &vpp_ipsec.IpsecSadEntryAddDelReply{}
Expand Down
145 changes: 82 additions & 63 deletions proto/ligato/vpp/ipsec/ipsec.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions proto/ligato/vpp/ipsec/ipsec.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,9 @@ message SecurityAssociation {
string tunnel_dst_addr = 11;

bool enable_udp_encap = 12; /* Enable UDP encapsulation for NAT traversal */

uint32 tunnel_src_port = 13;
uint32 tunnel_dst_port = 14;
}

// TunnelProtection allows enabling IPSec tunnel protection on an existing interface
Expand Down

0 comments on commit d9d463c

Please sign in to comment.