Age | Commit message (Collapse) | Author | Files | Lines |
|
When looking for existing SA connection to clean up search all per
thread data, not only current one.
Type: fix
Change-Id: I59312e08a07ca1f474b6389999e59320c5128e7d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Iee96b3ea3e71ec248c3c3c98d153a08372b5faf0
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I93529b069925fcef32cdb22e27975b802b4c3b97
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: style
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
|
|
Ticket: VPP-1917
Type: feature
Change-Id: Ie9f22e7336aa7807b1967c48de9843df10fb575c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
.. when associated profile is deleted.
Type: fix
Change-Id: Ib05831d79b3b58664ee0a930960513fd465373bf
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I0e615d5089587992012a0f280ee902b2906f21c2
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: refactor
Change-Id: I65acbd5d9724c500a24699de973df08016d9d8d6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Ticket: VPP-1918
Type: improvement
Change-Id: I2bc3e30121697404dcd54f1c2127bd85ccc1029e
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Id7f865f537c55d00a784eec51624ba28e903a083
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I5be19a4923b37e2636621d36155178ac348ee41c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: If44c807d188b3e88d819f4132d73e6a34402a525
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
- make sure everything is freed on cleanup
- reuse already allocated vectors where possible
Type: fix
Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: Ie3d24b3df02d08fbb74d97f4e5ab0d79c35b0c0d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I3eb51ea4f6c29005b0315cf488fcabb8543dfcd1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: refactor
Change-Id: I6b8dc68e5d4a452776fbaf5a69fbd7f53a8abb75
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I864d49a641b45337c0a45a0af7d996cad75f6629
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Ticket: VPP-1920
Change-Id: I6e30f3594cb30553f3ca5a35e0a4f679325aacec
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: refactor
Change-Id: I04af90b4d86c00092ce1732aeb3c0517af1808e0
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Ib9c5dff6c825f495400a73869d429b9c2df670fc
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: test
Change-Id: I3e8e451c5deaf04f519a471369370c383d9cda3b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Ticket: VPP-1890
Change-Id: I9441d5afc38df7dabf6cccaead69dd32646d2a9e
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: If73b88b9478b9314df6d9163c3a13724d4253c80
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Anouncing DH group in esp transform proposals will enable PFS which is
not suppored now. This fixes issue during rekey when using strongswan as
responder.
Change-Id: Ib9f586113ae0ab9dc67e6ceadff43f8aac463820
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I3198461f3dfc13cd3cedf2b8611dc80bb6f959c8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: I99c2383dd0d30efd1837f3d10ff2e4cf3a784283
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
* initiator behind NAT supported
* tested with static NAT mappings
* works only with pre-configured tunnels
The pre-configured tunnel has to be defined as follows:
initiator (i) side: src=ip(i) dst=ip(r)
responder (r) side: src=ip(r) dst=ip(nat)
Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Idf9b0ffb4e3a0113bece80d1195192bdf46feb89
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
thus allowing NAT traversal,
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Change-Id: Ib73ce48552cfa9e825a6833f5594650783d82f3b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I8e4a47bd16fa8475ef695c09e3487eabf08faabe
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Introduce new cli for setting liveness check period and max retries for
a peer to consider its partner dead.
ikev2 set liveness <period-in-seconds> <max-retires>
Type: improvement
Change-Id: Iadae1de245d34fe3ee85e09b570f9df8c401772b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Ia7b07b4ec9e5681946f3f5c01c230c1f814e2cf6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Fix crash when peer tries to build INFO req before key exchange which
results using NULL key pointers for crypto operations.
Type: fix
Change-Id: I20aaf1ce769e4bfb45235047c2dd38307b4e0b59
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This patch fixes 2 different crashes:
1) BN_bn2bin() returns bytes written, not actual key length. Use
BN_bn2binpad() instead which adds padding.
2) Initiator may receive multiple sa-init responses for the same ispi
which may result in crash. Remember first response and ignore any
subsequent ones.
Type: fix
Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ibc65d739583dc11735f993f4c7e7ee6d3c8f5b0a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I746b94f494d059d2db5f47638c9f4e6bc4eb4045
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Ic6457da31846721e334f144f15d404575eeb73e5
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I2c89accddf2307fa975b71e974d4091499f104ed
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: Id8fc6750e856862157917587234a6b7b03531b13
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
This patch makes configuring integration algorithm optional. This is
useful when using AEAD cipher (in fact when using such
cipher, integ algo is ignored anyway).
Change-Id: I5891db5c0433afb85ae2d9084d45b89ec1133178
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: I081dec2dc0c2bd0845dd4638b7b2f12806594112
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type:fix
Change-Id: I01ac57f6186b20d8ab4070b7259a82a150f0ae9a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: Ib474dabb745bc2034d8d60261c095e35a8fff277
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Ifb675c7783f03de4db8147858dd93d9687176f40
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I44e51bc37ff43999290d97fceb5f94b7c64041ec
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
|
|
Type: fix
Change-Id: I76bed5ce2df897d0e8e822ee1244018b0e39494d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
IKE will bring the tunnel up ince the negociation is complete and bring
it down when the session ends. It is the clinets responsibility to
manage the state of the tunnel before and after these events. So to
prevent any unencrpyted traffic egressing the tunnel before the session
is negpciated, the tunnel should be in the down state when it a
associated with the IKE session.
Change-Id: I8aee593c79ca006d6ab08f9fa560fbbf6f8dcc16
Signed-off-by: Neale Ranns <nranns@cisco.com>
|