aboutsummaryrefslogtreecommitdiffstats
path: root/extras/strongswan
AgeCommit message (Collapse)AuthorFilesLines
2023-09-15vpp-swan: fix configuration of policiesGabriel Oginski1-15/+16
This patch fixes configuration of priority, port and type of protocol for inbound and outbound policies in policy-based IPsec of this plugin. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I01ddc2e13ebbe87380e66a525aac1b615f619604
2023-07-24vpp-swan: fix handler API messagesGabriel Oginski1-19/+26
In the current implementation there is a bug related to the incorrect message handling due to the wrong id. The fix changes logic responsible for handling incoming API messages by correcting their ids. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iea29506053c9fd2e1d01bce83e7f4a6e1de39321
2023-07-19vpp-swan: change flow in function for add routeGabriel Oginski3-16/+27
This patch addresses the issue when the list of available interfaces is not up to date. Due to this issue adding a new route fails and finally the connection is not established. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I3a63c0dd99ebc28ea149b4b23867440937682761
2023-07-19vpp-swan: fix incorrect msg ID in register_eventGabriel Oginski1-5/+7
This patch addresses the issue where the message ID registration in the register_event function is incorrect. Due to this incorrect registration, the lookup for the corresponding callback on received messages fails, eventually leading to a segmentation fault and double-free memory space. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: If95182f972f64adb44d514e18c831cc9627d8f0f
2023-07-19vpp-swan: fix function to get sw_if_indexGabriel Oginski1-6/+23
In the current implementation there is a bug in the function responsible for getting software interface index by the name of the interface. Incorrect function is used to send the API message, also the handler with replied message is incorrect. The fix changes function to send dump message and also adds handler with replied message in the correct way. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Id1a3ba2ce7e92d216907f344431b9e2acb1d5572
2023-04-25vpp-swan: assign src/dst port in udp encapGabriel Oginski1-1/+3
This patch add in missing src/dst port assignment in SA for udp port if encap. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I84219c016c5a32590aba0371c01ad8d44cbf4c5c
2023-03-02vpp-swan: fix memory leaksGabriel Oginski2-65/+213
This patch fix the memory leaks discovered in the current implementation, inlcuding expired data, spd dump, and host names. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53
2023-03-01vpp-swan: improve MakefileFan Zhang2-40/+90
Type: improvement Since VPP-SWAN does not really need StrongSwan to be compiled, this patch refines the Makefile to reflect the change. In addition README is updated. Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com> Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4
2023-02-27vpp-swan: fix segmentation fault in arp functionGabriel Oginski1-5/+22
This patch adds a missing file descriptor free handler to prevent invalid dereferencing in the future Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
2023-02-14vpp-swan: removed adding the same rule in SPDGabriel Oginski1-0/+61
The current implementation of vpp-swan plugin adds the same policy rule in SPD twice, and it is not necessary to have two the same rules in inbound-protect database. This patch fixes an issue that prevents the addition of a second identical policy rule in SPD. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
2023-02-03vpp-swan: allow SAs to be used to the route-based IPsecAtzm Watanabe1-1/+17
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa" key into strongswan.conf. If this is turned off, SAs will be installed without tunnel information and can be used to "ipsec tunnel protect". For the route-based IPsec, it will be used with turning "policies" off in swanctl.conf. Type: feature Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
2022-11-23vpp-swan: Fix segfault for multiple addressesTimur Celik1-2/+2
In order to loop over the list of `vl_api_ip_address_details_t`, increment the pointer by one instead of `i`. Type: fix Change-Id: I8554d1388d67bb95e029eddf444d383fb85ecac7 Signed-off-by: Timur Celik <mail@timurcelik.de>
2022-11-01vpp-swan: remove step to copy vpp_sswan source for docker imageYulong Pei6-6/+4
Since vpp_sswan plugin already merged in /vpp/extras/strongswan, no need to provide additional vpp_sswan source files for docker image. Type: fix Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: I35bad22b1046e0dddbcf39e1af38d589d1438239 Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2022-10-12vpp-swan: fix linked library to pluginGabriel Oginski1-2/+2
Due to refactor keeping api common code in vlibapi, changes order linked library to this plugin. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Id94c0b78cbce4954d34a82123506a76370b12b23
2022-09-28vpp-swan: Add scripts for testingGabriel Oginski12-0/+409
Added scripts to reparing setups for testing To prepare and run containers: sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers To prepare setups: sudo ./extras/strongswan/vpp_sswan/docker/run.sh config To clean-up settups: sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean To deleted all containers and images in Docker: sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12
2022-09-28vpp-swan: Add plugin for vpp-swanGabriel Oginski12-0/+3707
Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893
2022-05-18misc: update config script in IKEv2 testFilip Tehlar1-1/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Iba82f8e0f18f3e1e4da57f4c23ba9272e87afd93
2021-10-13docs: convert extras doc md->rstNathan Skrzypczak2-23/+31
Type: improvement Change-Id: Ie3b25a86b99098d2b3a21a11fc73234c8ed589d6 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-05-21doxygen: fix doxygen tagsDave Wallace1-1/+1
- Missing tags mess up doxygen TOC heirarchy Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I012d55c0ae90aecc665b56903f4212ddc0643943
2021-03-04misc: add ikev2 tests usecasesFilip Tehlar26-0/+640
Type: test Ticket: VPP-1893 Change-Id: Ib6ffd00e73f7110bf9e702f4a0fd5c68395d6786 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>