From 56d712533bc4de75b184e523c89573a9616c7d67 Mon Sep 17 00:00:00 2001 From: Filip Tehlar Date: Fri, 30 Oct 2020 05:52:19 +0000 Subject: [PATCH] ikev2: cli for disabling dead peer detection Type: feature Change-Id: I0db0a9b2f872753fa64d27335838cb34645a9ee8 Signed-off-by: Filip Tehlar (cherry picked from commit af4a414eb74d1456121023e6b3aa76af6c16f89a) --- src/plugins/ikev2/ikev2.c | 9 ++++++++- src/plugins/ikev2/ikev2_cli.c | 19 ++++++++++++++++++- src/plugins/ikev2/ikev2_priv.h | 4 ++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index 2281c91d44f..feaae1e492a 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -4873,6 +4873,13 @@ ikev2_send_informational_request (ikev2_sa_t * sa) sa->sw_if_index); } +void +ikev2_disable_dpd (void) +{ + ikev2_main_t *km = &ikev2_main; + km->dpd_disabled = 1; +} + static_always_inline int ikev2_mngr_process_responder_sas (ikev2_sa_t * sa) { @@ -4940,7 +4947,7 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, req_sent |= ikev2_mngr_process_child_sa(sa, c, del_old_ids); } - if (ikev2_mngr_process_responder_sas (sa)) + if (!km->dpd_disabled && ikev2_mngr_process_responder_sas (sa)) vec_add1 (to_be_deleted, sa - tkm->sas); })); /* *INDENT-ON* */ diff --git a/src/plugins/ikev2/ikev2_cli.c b/src/plugins/ikev2/ikev2_cli.c index c948578eb23..676ca7b0c21 100644 --- a/src/plugins/ikev2/ikev2_cli.c +++ b/src/plugins/ikev2/ikev2_cli.c @@ -249,6 +249,23 @@ VLIB_CLI_COMMAND (show_ikev2_sa_command, static) = { }; /* *INDENT-ON* */ +static clib_error_t * +ikev2_disable_dpd_command_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + ikev2_disable_dpd (); + return 0; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (ikev2_cli_disable_dpd_command, static) = { + .path = "ikev2 dpd disable", + .short_help = "ikev2 dpd disable", + .function = ikev2_disable_dpd_command_fn, +}; +/* *INDENT-ON* */ + static uword unformat_ikev2_token (unformat_input_t * input, va_list * va) { @@ -777,7 +794,7 @@ VLIB_CLI_COMMAND (ikev2_initiate_command, static) = { "ikev2 initiate sa-init \n" "ikev2 initiate del-child-sa \n" "ikev2 initiate del-sa \n" - "ikev2 initiate rekey-child-sa \n", + "ikev2 initiate rekey-child-sa \n", .function = ikev2_initiate_command_fn, }; /* *INDENT-ON* */ diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h index 2b89b66efa6..ae0c2a4bae3 100644 --- a/src/plugins/ikev2/ikev2_priv.h +++ b/src/plugins/ikev2/ikev2_priv.h @@ -496,6 +496,9 @@ typedef struct /* max number of retries before considering peer dead */ u32 liveness_max_retries; + + /* dead peer detection */ + u8 dpd_disabled; } ikev2_main_t; extern ikev2_main_t ikev2_main; @@ -571,6 +574,7 @@ ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep, u32 rlen); int ikev2_set_log_level (ikev2_log_level_t log_level); u8 *ikev2_find_ike_notify_payload (ike_header_t * ike, u32 msg_type); +void ikev2_disable_dpd (void); static_always_inline ikev2_main_per_thread_data_t * ikev2_get_per_thread_data ()