aboutsummaryrefslogtreecommitdiffstats
path: root/extras/strongswan/vpp_sswan/kernel_vpp_ipsec.c
AgeCommit message (Collapse)AuthorFilesLines
2023-09-15vpp-swan: fix configuration of policiesGabriel Oginski1-15/+16
This patch fixes configuration of priority, port and type of protocol for inbound and outbound policies in policy-based IPsec of this plugin. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I01ddc2e13ebbe87380e66a525aac1b615f619604
2023-07-19vpp-swan: change flow in function for add routeGabriel Oginski1-8/+0
This patch addresses the issue when the list of available interfaces is not up to date. Due to this issue adding a new route fails and finally the connection is not established. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I3a63c0dd99ebc28ea149b4b23867440937682761
2023-07-19vpp-swan: fix function to get sw_if_indexGabriel Oginski1-6/+23
In the current implementation there is a bug in the function responsible for getting software interface index by the name of the interface. Incorrect function is used to send the API message, also the handler with replied message is incorrect. The fix changes function to send dump message and also adds handler with replied message in the correct way. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Id1a3ba2ce7e92d216907f344431b9e2acb1d5572
2023-04-25vpp-swan: assign src/dst port in udp encapGabriel Oginski1-1/+3
This patch add in missing src/dst port assignment in SA for udp port if encap. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I84219c016c5a32590aba0371c01ad8d44cbf4c5c
2023-03-02vpp-swan: fix memory leaksGabriel Oginski1-65/+205
This patch fix the memory leaks discovered in the current implementation, inlcuding expired data, spd dump, and host names. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53
2023-02-27vpp-swan: fix segmentation fault in arp functionGabriel Oginski1-5/+22
This patch adds a missing file descriptor free handler to prevent invalid dereferencing in the future Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
2023-02-14vpp-swan: removed adding the same rule in SPDGabriel Oginski1-0/+61
The current implementation of vpp-swan plugin adds the same policy rule in SPD twice, and it is not necessary to have two the same rules in inbound-protect database. This patch fixes an issue that prevents the addition of a second identical policy rule in SPD. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
2023-02-03vpp-swan: allow SAs to be used to the route-based IPsecAtzm Watanabe1-1/+17
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa" key into strongswan.conf. If this is turned off, SAs will be installed without tunnel information and can be used to "ipsec tunnel protect". For the route-based IPsec, it will be used with turning "policies" off in swanctl.conf. Type: feature Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
2022-09-28vpp-swan: Add plugin for vpp-swanGabriel Oginski1-0/+1751
Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893