ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ikev2: cli for disabling dead peer detection

Browse Source 
Type: feature

Change-Id: I0db0a9b2f872753fa64d27335838cb34645a9ee8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit af4a414eb74d1456121023e6b3aa76af6c16f89a)
This commit is contained in:
Filip Tehlar 2020-10-30 05:52:19 +00:00 committed by Andrew Yourtchenko
parent f7fd0e749b
commit 56d712533b
3 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/plugins/ikev2/ikev2.c
View File

@ -4873,6 +4873,13 @@ ikev2_send_informational_request (ikev2_sa_t * sa)
sa->sw_if_index);
}
void
ikev2_disable_dpd (void)
{
ikev2_main_t *km = &ikev2_main;
km->dpd_disabled = 1;
}
static_always_inline int
ikev2_mngr_process_responder_sas (ikev2_sa_t * sa)
{
@ -4940,7 +4947,7 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
req_sent |= ikev2_mngr_process_child_sa(sa, c, del_old_ids);
}
if (ikev2_mngr_process_responder_sas (sa))
if (!km->dpd_disabled && ikev2_mngr_process_responder_sas (sa))
vec_add1 (to_be_deleted, sa - tkm->sas);
}));
/* *INDENT-ON* */

19
src/plugins/ikev2/ikev2_cli.c
View File

@ -249,6 +249,23 @@ VLIB_CLI_COMMAND (show_ikev2_sa_command, static) = {
};
/* *INDENT-ON* */
static clib_error_t *
ikev2_disable_dpd_command_fn (vlib_main_t * vm,
unformat_input_t * input,
vlib_cli_command_t * cmd)
{
ikev2_disable_dpd ();
return 0;
}
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (ikev2_cli_disable_dpd_command, static) = {
.path = "ikev2 dpd disable",
.short_help = "ikev2 dpd disable",
.function = ikev2_disable_dpd_command_fn,
};
/* *INDENT-ON* */
static uword
unformat_ikev2_token (unformat_input_t * input, va_list * va)
{
@ -777,7 +794,7 @@ VLIB_CLI_COMMAND (ikev2_initiate_command, static) = {
"ikev2 initiate sa-init <profile id>\n"
"ikev2 initiate del-child-sa <child sa ispi>\n"
"ikev2 initiate del-sa <sa ispi>\n"
"ikev2 initiate rekey-child-sa <profile id> <child sa ispi>\n",
"ikev2 initiate rekey-child-sa <child sa ispi>\n",
.function = ikev2_initiate_command_fn,
};
/* *INDENT-ON* */

4
src/plugins/ikev2/ikev2_priv.h
View File

@ -496,6 +496,9 @@ typedef struct
/* max number of retries before considering peer dead */
u32 liveness_max_retries;
/* dead peer detection */
u8 dpd_disabled;
} ikev2_main_t;
extern ikev2_main_t ikev2_main;
@ -571,6 +574,7 @@ ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep,
u32 rlen);
int ikev2_set_log_level (ikev2_log_level_t log_level);
u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type);
void ikev2_disable_dpd (void);
static_always_inline ikev2_main_per_thread_data_t *
ikev2_get_per_thread_data ()