summaryrefslogtreecommitdiffstats
path: root/extras/strongswan
AgeCommit message (Collapse)AuthorFilesLines
2023-04-25vpp-swan: assign src/dst port in udp encapGabriel Oginski1-1/+3
This patch add in missing src/dst port assignment in SA for udp port if encap. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I84219c016c5a32590aba0371c01ad8d44cbf4c5c
2023-03-02vpp-swan: fix memory leaksGabriel Oginski2-65/+213
This patch fix the memory leaks discovered in the current implementation, inlcuding expired data, spd dump, and host names. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53
2023-03-01vpp-swan: improve MakefileFan Zhang2-40/+90
Type: improvement Since VPP-SWAN does not really need StrongSwan to be compiled, this patch refines the Makefile to reflect the change. In addition README is updated. Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com> Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4
2023-02-27vpp-swan: fix segmentation fault in arp functionGabriel Oginski1-5/+22
This patch adds a missing file descriptor free handler to prevent invalid dereferencing in the future Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
2023-02-14vpp-swan: removed adding the same rule in SPDGabriel Oginski1-0/+61
The current implementation of vpp-swan plugin adds the same policy rule in SPD twice, and it is not necessary to have two the same rules in inbound-protect database. This patch fixes an issue that prevents the addition of a second identical policy rule in SPD. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
2023-02-03vpp-swan: allow SAs to be used to the route-based IPsecAtzm Watanabe1-1/+17
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa" key into strongswan.conf. If this is turned off, SAs will be installed without tunnel information and can be used to "ipsec tunnel protect". For the route-based IPsec, it will be used with turning "policies" off in swanctl.conf. Type: feature Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
2022-11-23vpp-swan: Fix segfault for multiple addressesTimur Celik1-2/+2
In order to loop over the list of `vl_api_ip_address_details_t`, increment the pointer by one instead of `i`. Type: fix Change-Id: I8554d1388d67bb95e029eddf444d383fb85ecac7 Signed-off-by: Timur Celik <mail@timurcelik.de>
2022-11-01vpp-swan: remove step to copy vpp_sswan source for docker imageYulong Pei6-6/+4
Since vpp_sswan plugin already merged in /vpp/extras/strongswan, no need to provide additional vpp_sswan source files for docker image. Type: fix Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: I35bad22b1046e0dddbcf39e1af38d589d1438239 Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2022-10-12vpp-swan: fix linked library to pluginGabriel Oginski1-2/+2
Due to refactor keeping api common code in vlibapi, changes order linked library to this plugin. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Id94c0b78cbce4954d34a82123506a76370b12b23
2022-09-28vpp-swan: Add scripts for testingGabriel Oginski12-0/+409
Added scripts to reparing setups for testing To prepare and run containers: sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers To prepare setups: sudo ./extras/strongswan/vpp_sswan/docker/run.sh config To clean-up settups: sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean To deleted all containers and images in Docker: sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12
2022-09-28vpp-swan: Add plugin for vpp-swanGabriel Oginski12-0/+3707
Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893
2022-05-18misc: update config script in IKEv2 testFilip Tehlar1-1/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Iba82f8e0f18f3e1e4da57f4c23ba9272e87afd93
2021-10-13docs: convert extras doc md->rstNathan Skrzypczak2-23/+31
Type: improvement Change-Id: Ie3b25a86b99098d2b3a21a11fc73234c8ed589d6 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-05-21doxygen: fix doxygen tagsDave Wallace1-1/+1
- Missing tags mess up doxygen TOC heirarchy Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I012d55c0ae90aecc665b56903f4212ddc0643943
2021-03-04misc: add ikev2 tests usecasesFilip Tehlar26-0/+640
Type: test Ticket: VPP-1893 Change-Id: Ib6ffd00e73f7110bf9e702f4a0fd5c68395d6786 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>