summaryrefslogtreecommitdiffstats
path: root/extras/libmemif
AgeCommit message (Expand)AuthorFilesLines
2021-03-15libmemif: fix the include for ssize_tAndrew Yourtchenko1-0/+1
2021-03-12libmemif: add an include of sys/types.h header fileAndrew Yourtchenko1-0/+1
2021-03-04libmemif: verify length of transmitted buffersJakub Grajciar1-3/+4
2021-03-04libmemif: socket filename length 108Jakub Grajciar2-27/+3
2021-02-08libmemif: fix insecure uses of strncpyAndrew Yourtchenko4-45/+67
2021-02-08libmemif: set data offset for memif bufferJakub Grajciar1-2/+25
2021-02-05libmemif: fix memif_refill_queueJakub Grajciar1-5/+6
2021-02-05libmemif: set next free bufferJakub Grajciar2-0/+41
2021-01-21libmemif: buffer enqueue refactorJakub Grajciar3-75/+121
2020-12-04libmemif: clean up typosPaul Vinciguerra10-46/+46
2020-09-09docs: Fix create memif cliNathan Skrzypczak3-4/+4
2020-05-18libmemif: cleanup typosPaul Vinciguerra7-42/+42
2020-05-08build: various improvementsDamjan Marion4-26/+91
2020-05-06docs: clean up make docs jobPaul Vinciguerra2-2/+2
2020-03-21libmemif: don't consume rx queue interrupt, if memif_rx_burst failsJan Cavojsky3-5/+16
2020-01-27libmemif: memif_control_fd_update always pass context from libmemif_mainJakub Grajciar3-17/+23
2019-11-05libmemif: reset number of queues on disconnectJakub Grajciar1-9/+6
2019-09-09libmemif: prevent crash in case of invalid connection handleJakub Grajciar1-9/+31
2019-08-21libmemif: introduce 'memif_per_thread_' namespaceJakub Grajciar9-113/+1314
2019-07-26libmemif: fix autoconnectJakub Grajciar1-4/+4
2019-07-25libmemif: fix chained buffer flagJakub Grajciar1-0/+1
2019-07-02libmemif: version 3.0Jakub Grajciar12-339/+423
2019-07-01libmemif: icmp-responder example buffer management fixJakub Grajciar1-5/+8
2019-06-07build: add -Wall and -fno-common, fix reported issuesBenoƮt Ganne8-45/+14
2019-04-08fixing typosJim Thompson1-1/+1
2019-03-04libmemif: Connection request APIsJakub Grajciar4-84/+147
2019-01-04libmemif: fix incorrect write leading to memory corruptionKoichiro Den1-3/+3
2018-12-18Remove autotools files from extras/libmemifMauro Sardara3-117/+0
2018-12-17libmemif: fix possible segfault on memif_get_detailsKoichiro Den1-31/+28
2018-12-17Added CMake building system for libmemifmsardara12-69/+367
2018-09-27libmemif: external region bugfixJakub Grajciar2-2/+5
2018-09-07libmemif: slave connecting bugfixJakub Grajciar3-48/+70
2018-08-30libmemif: external region supportJakub Grajciar9-123/+1460
2018-07-11memif: fix max number of ringsDamjan Marion1-1/+1
2018-06-28libmemif: fixing head/tail arithmetics & queue reallocationMilan Lenco2-11/+6
2018-04-26libmemif: fix build on ununtu 18.04 (VPP-1244)Damjan Marion1-0/+1
2018-04-24libmemif: fix implicit declaration of memfd_createJakub Grajciar1-0/+1
2018-04-12libmemif: fix clang compilation errors/warningsJakub Grajciar3-16/+15
2018-03-30libmemif: zero-copy-slave mode + header spaceJakub Grajciar10-72/+1696
2018-03-28Build libmemif as part of verify jobDamjan Marion4-7/+11
2018-03-28libmemif: add private header size fieldJakub Grajciar4-2/+10
2018-03-26libmemif: version 2Jakub Grajciar16-918/+620
2018-03-13libmemif: ubuntu 18.04 build fixJakub Grajciar4-15/+23
2018-02-07libmemif: cleanup queue info while memif connectingChun Li2-1/+5
2018-01-24docs: Clean up TOCDave Wallace1-2/+8
2017-11-21libmemif: unit test update, continue configure if check module missingJakub Grajciar3-8/+10
2017-11-16libmemif: unmask head/tail pointers fix, additional ring info in memif_queue_...Jakub Grajciar3-75/+109
2017-11-08memif: do not mask head and tail pointersDamjan Marion3-59/+61
2017-11-07libmmeif: Makefile fixJakub Grajciar1-1/+1
2017-11-07libmemif: add dep to MakefileJakub Grajciar1-2/+2
="n">dst_mac) / sa.encrypt(IP(src=src_ip, dst=dst_ip) / ICMP(id=self.icmp_id_out, type='echo-request')) ] def verify_capture_plain(self, capture): for packet in capture: try: self.assert_packet_checksums_valid(packet) self.assert_equal(packet[IP].src, self.tun_if.remote_ip4, "decrypted packet source address") self.assert_equal(packet[IP].dst, self.pg1.remote_ip4, "decrypted packet destination address") if packet.haslayer(TCP): self.assertFalse( packet.haslayer(UDP), "unexpected UDP header in decrypted packet") self.assert_equal(packet[TCP].dport, self.tcp_port_in, "decrypted packet TCP destination port") elif packet.haslayer(UDP): if packet[UDP].payload: self.assertFalse( packet[UDP][1].haslayer(UDP), "unexpected UDP header in decrypted packet") self.assert_equal(packet[UDP].dport, self.udp_port_in, "decrypted packet UDP destination port") else: self.assertFalse( packet.haslayer(UDP), "unexpected UDP header in decrypted packet") self.assert_equal(packet[ICMP].id, self.icmp_id_in, "decrypted packet ICMP ID") except Exception: self.logger.error( ppp("Unexpected or invalid plain packet:", packet)) raise def verify_capture_encrypted(self, capture, sa): for packet in capture: try: copy = packet.__class__(scapy.compat.raw(packet)) del copy[UDP].len copy = packet.__class__(scapy.compat.raw(copy)) self.assert_equal(packet[UDP].len, copy[UDP].len, "UDP header length") self.assert_packet_checksums_valid(packet) self.assertIn(ESP, packet[IP]) decrypt_pkt = sa.decrypt(packet[IP]) self.assert_packet_checksums_valid(decrypt_pkt) self.assert_equal(decrypt_pkt[IP].src, self.pg1.remote_ip4, "encrypted packet source address") self.assert_equal(decrypt_pkt[IP].dst, self.tun_if.remote_ip4, "encrypted packet destination address") except Exception: self.logger.error( ppp("Unexpected or invalid encrypted packet:", packet)) raise def config_esp_tun(self, params): addr_type = params.addr_type scapy_tun_sa_id = params.scapy_tun_sa_id scapy_tun_spi = params.scapy_tun_spi vpp_tun_sa_id = params.vpp_tun_sa_id vpp_tun_spi = params.vpp_tun_spi auth_algo_vpp_id = params.auth_algo_vpp_id auth_key = params.auth_key crypt_algo_vpp_id = params.crypt_algo_vpp_id crypt_key = params.crypt_key addr_any = params.addr_any addr_bcast = params.addr_bcast flags = (VppEnum.vl_api_ipsec_sad_flags_t. IPSEC_API_SAD_FLAG_UDP_ENCAP) e = VppEnum.vl_api_ipsec_spd_action_t VppIpsecSA(self, scapy_tun_sa_id, scapy_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.pg1.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], flags=flags).add_vpp_config() VppIpsecSA(self, vpp_tun_sa_id, vpp_tun_spi, auth_algo_vpp_id, auth_key, crypt_algo_vpp_id, crypt_key, self.vpp_esp_protocol, self.tun_if.remote_addr[addr_type], self.pg1.remote_addr[addr_type], flags=flags).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_ESP).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_ESP, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_UDP, remote_port_start=4500, remote_port_stop=4500).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, addr_any, addr_bcast, addr_any, addr_bcast, socket.IPPROTO_UDP, remote_port_start=4500, remote_port_stop=4500, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, vpp_tun_sa_id, self.tun_if.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], 0, priority=10, policy=e.IPSEC_API_SPD_ACTION_PROTECT, is_outbound=0).add_vpp_config() VppIpsecSpdEntry(self, self.tun_spd, scapy_tun_sa_id, self.pg1.remote_addr[addr_type], self.pg1.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], self.tun_if.remote_addr[addr_type], 0, policy=e.IPSEC_API_SPD_ACTION_PROTECT, priority=10).add_vpp_config() def test_ipsec_nat_tun(self): """ IPSec/NAT tunnel test case """ p = self.ipv4_params scapy_tun_sa = SecurityAssociation(ESP, spi=p.scapy_tun_spi, crypt_algo=p.crypt_algo, crypt_key=p.crypt_key, auth_algo=p.auth_algo, auth_key=p.auth_key, tunnel_header=IP( src=self.pg1.remote_ip4, dst=self.tun_if.remote_ip4), nat_t_header=UDP( sport=4500, dport=4500)) # in2out - from private network to public pkts = self.create_stream_plain( self.pg1.remote_mac, self.pg1.local_mac, self.pg1.remote_ip4, self.tun_if.remote_ip4) self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() capture = self.tun_if.get_capture(len(pkts)) self.verify_capture_encrypted(capture, scapy_tun_sa) vpp_tun_sa = SecurityAssociation(ESP, spi=p.vpp_tun_spi, crypt_algo=p.crypt_algo, crypt_key=p.crypt_key, auth_algo=p.auth_algo, auth_key=p.auth_key, tunnel_header=IP( src=self.tun_if.remote_ip4, dst=self.pg1.remote_ip4), nat_t_header=UDP( sport=4500, dport=4500)) # out2in - from public network to private pkts = self.create_stream_encrypted( self.tun_if.remote_mac, self.tun_if.local_mac, self.tun_if.remote_ip4, self.pg1.remote_ip4, vpp_tun_sa) self.logger.info(ppc("Sending packets:", pkts)) self.tun_if.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() capture = self.pg1.get_capture(len(pkts)) self.verify_capture_plain(capture)