vpp - Vector Packet Processing

Age	Commit message (Collapse)	Author	Files	Lines
2020-10-13	ikev2: fix initial contact cleanup	Filip Tehlar	1	-88/+122
	When looking for existing SA connection to clean up search all per thread data, not only current one. Type: fix Change-Id: I59312e08a07ca1f474b6389999e59320c5128e7d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-10-13	ikev2: fix coverity warning	Filip Tehlar	1	-5/+21
	Type: fix Change-Id: Iee96b3ea3e71ec248c3c3c98d153a08372b5faf0 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-10-13	ikev2: fix memory leak in auth routine	Filip Tehlar	1	-0/+4
	Type: fix Change-Id: I93529b069925fcef32cdb22e27975b802b4c3b97 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-10-07	misc: Purge unused pg includes	Neale Ranns	1	-1/+0
	Type: style Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
2020-10-05	ikev2: support ipv6 traffic selectors & overlay	Filip Tehlar	1	-170/+358
	Ticket: VPP-1917 Type: feature Change-Id: Ie9f22e7336aa7807b1967c48de9843df10fb575c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-10-02	ikev2: fix leaking pending INIT requests	Filip Tehlar	1	-0/+16
	.. when associated profile is deleted. Type: fix Change-Id: Ib05831d79b3b58664ee0a930960513fd465373bf Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-30	ikev2: fix issue when decrypting packet with no keys	Filip Tehlar	1	-1/+1
	Type: fix Change-Id: I0e615d5089587992012a0f280ee902b2906f21c2 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-10-01	ikev2: refactor ikev2 node	Filip Tehlar	1	-407/+359
	Type: refactor Change-Id: I65acbd5d9724c500a24699de973df08016d9d8d6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-30	ikev2: better packet parsing functions	Filip Tehlar	1	-170/+372
	Ticket: VPP-1918 Type: improvement Change-Id: I2bc3e30121697404dcd54f1c2127bd85ccc1029e Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-29	ikev2: fix false positive NAT detection	Filip Tehlar	1	-18/+13
	Type: fix Change-Id: Id7f865f537c55d00a784eec51624ba28e903a083 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-28	ikev2: fix memory leaks	Benoît Ganne	1	-3/+20
	Type: fix Change-Id: I5be19a4923b37e2636621d36155178ac348ee41c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-10	ikev2: fix copy-paste error when freeing memory	Filip Tehlar	1	-1/+1
	Type: fix Change-Id: If44c807d188b3e88d819f4132d73e6a34402a525 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-11	ikev2: fix memory leaks	Benoît Ganne	1	-7/+20
	- make sure everything is freed on cleanup - reuse already allocated vectors where possible Type: fix Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-28	ikev2: fix session re-initiate after SA expires	Filip Tehlar	1	-1/+2
	Type: fix Change-Id: Ie3d24b3df02d08fbb74d97f4e5ab0d79c35b0c0d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-23	ikev2: add global message length check	Benoît Ganne	1	-96/+89
	Type: fix Change-Id: I3eb51ea4f6c29005b0315cf488fcabb8543dfcd1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-20	ikev2: refactor and test profile dump API	Filip Tehlar	1	-2/+0
	Type: refactor Change-Id: I6b8dc68e5d4a452776fbaf5a69fbd7f53a8abb75 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-16	ikev2: fix race condition in child_sa update	Benoît Ganne	1	-0/+3
	Type: fix Change-Id: I864d49a641b45337c0a45a0af7d996cad75f6629 Signed-off-by: Benoît Ganne <bganne@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-15	ikev2: add support for AES-GCM cipher in IKE	Filip Tehlar	1	-36/+83
	Type: feature Ticket: VPP-1920 Change-Id: I6e30f3594cb30553f3ca5a35e0a4f679325aacec Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-07	ikev2: per thread usage of openssl context	Filip Tehlar	1	-4/+16
	Type: refactor Change-Id: I04af90b4d86c00092ce1732aeb3c0517af1808e0 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-02	ikev2: use remote proposals when installing tunnel	Filip Tehlar	1	-2/+2
	Change-Id: Ib9c5dff6c825f495400a73869d429b9c2df670fc Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-30	tests: ikev2: add nat traversal & cert based auth test	Filip Tehlar	1	-2/+2
	Type: test Change-Id: I3e8e451c5deaf04f519a471369370c383d9cda3b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-18	ikev2: use both local and remote ID for profile lookup	Filip Tehlar	1	-15/+39
	Type: fix Ticket: VPP-1890 Change-Id: I9441d5afc38df7dabf6cccaead69dd32646d2a9e Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-15	ikev2: announce both 'ESN' and 'No ESN'	Filip Tehlar	1	-1/+0
	Type: fix Change-Id: If73b88b9478b9314df6d9163c3a13724d4253c80 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-11	ikev2: don't add DH group in ESP transform proposals	Filip Tehlar	1	-1/+1
	Type: fix Anouncing DH group in esp transform proposals will enable PFS which is not suppored now. This fixes issue during rekey when using strongswan as responder. Change-Id: Ib9f586113ae0ab9dc67e6ceadff43f8aac463820 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-04	ikev2: session cleanup after profile is deleted	Filip Tehlar	1	-51/+119
	Type: fix Change-Id: I3198461f3dfc13cd3cedf2b8611dc80bb6f959c8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-02	ikev2: remove unused hash computation	Filip Tehlar	1	-4/+1
	Type: improvement Change-Id: I99c2383dd0d30efd1837f3d10ff2e4cf3a784283 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-15	ikev2: add support for NAT traversal	Filip Tehlar	1	-77/+272
	Type: feature * initiator behind NAT supported * tested with static NAT mappings * works only with pre-configured tunnels The pre-configured tunnel has to be defined as follows: initiator (i) side: src=ip(i) dst=ip(r) responder (r) side: src=ip(r) dst=ip(nat) Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-13	ikev2: fix removing of expired SAs	Filip Tehlar	1	-1/+1
	Type: fix Change-Id: Idf9b0ffb4e3a0113bece80d1195192bdf46feb89 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-05	ipsec: User can choose the UDP source port	Neale Ranns	1	-2/+2
	Type: feature thus allowing NAT traversal, Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05	ikev2: remove sa from main thread	Filip Tehlar	1	-17/+29
	Type: fix Change-Id: Ib73ce48552cfa9e825a6833f5594650783d82f3b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-04-30	ikev2: use thread local vlib_main in vlib_time_now	Filip Tehlar	1	-13/+9
	Type: fix Change-Id: I8e4a47bd16fa8475ef695c09e3487eabf08faabe Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-04-07	ikev2: make liveness params configurable	Filip Tehlar	1	-4/+19
	Introduce new cli for setting liveness check period and max retries for a peer to consider its partner dead. ikev2 set liveness <period-in-seconds> <max-retires> Type: improvement Change-Id: Iadae1de245d34fe3ee85e09b570f9df8c401772b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-04-06	ikev2: fix wrong index computation	Filip Tehlar	1	-1/+1
	Type: fix Change-Id: Ia7b07b4ec9e5681946f3f5c01c230c1f814e2cf6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-31	ikev2: fix crash during peer live check	Filip Tehlar	1	-1/+8
	Fix crash when peer tries to build INFO req before key exchange which results using NULL key pointers for crypto operations. Type: fix Change-Id: I20aaf1ce769e4bfb45235047c2dd38307b4e0b59 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26	ikev2: fix wrong usage of BN_bn2bin()	Filip Tehlar	1	-4/+16
	This patch fixes 2 different crashes: 1) BN_bn2bin() returns bytes written, not actual key length. Use BN_bn2binpad() instead which adds padding. 2) Initiator may receive multiple sa-init responses for the same ispi which may result in crash. Remember first response and ignore any subsequent ones. Type: fix Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26	ikev2: dead peer detection	Filip Tehlar	1	-4/+92
	Type: feature Change-Id: Ibc65d739583dc11735f993f4c7e7ee6d3c8f5b0a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25	ikev2: fix gcm in ike protocol	Filip Tehlar	1	-1/+1
	Type: fix Change-Id: I746b94f494d059d2db5f47638c9f4e6bc4eb4045 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-21	ikev2: fix l2 interface	Filip Tehlar	1	-2/+4
	Type: fix Change-Id: Ic6457da31846721e334f144f15d404575eeb73e5 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-21	ikev2: add support for custom ipsec-over-udp port	Filip Tehlar	1	-4/+99
	Type: feature Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-12	ikev2: fix udp encap	Filip Tehlar	1	-3/+3
	Type: fix Change-Id: I2c89accddf2307fa975b71e974d4091499f104ed Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-06	ikev2: align per thread data to cache line	Filip Tehlar	1	-1/+2
	Type: improvement Change-Id: Id8fc6750e856862157917587234a6b7b03531b13 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-04	ikev2: make integ algo optional	Filip Tehlar	1	-16/+19
	Type: improvement This patch makes configuring integration algorithm optional. This is useful when using AEAD cipher (in fact when using such cipher, integ algo is ignored anyway). Change-Id: I5891db5c0433afb85ae2d9084d45b89ec1133178 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-02	ikev2: make UDP encap flag configurable	Filip Tehlar	1	-0/+24
	Type: improvement Change-Id: I081dec2dc0c2bd0845dd4638b7b2f12806594112 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-27	ikev2: fix non-matching SPIs during rekey	Filip Tehlar	1	-0/+2
	Type:fix Change-Id: I01ac57f6186b20d8ab4070b7259a82a150f0ae9a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-25	ikev2: add retry logic for session initiation	Filip Tehlar	1	-0/+27
	Type: improvement Change-Id: Ib474dabb745bc2034d8d60261c095e35a8fff277 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-24	ikev2: proper cleanup of SAs during rekey	Filip Tehlar	1	-11/+110
	Type: fix Change-Id: Ifb675c7783f03de4db8147858dd93d9687176f40 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-21	ikev2: cleanup tunnels after subsequent sa-init	Filip Tehlar	1	-0/+5
	Type: fix Change-Id: I44e51bc37ff43999290d97fceb5f94b7c64041ec Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-21	ipsec: IPSec protection for multi-point tunnel interfaces	Neale Ranns	1	-2/+2
	Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
2020-02-20	ikev2: fix logging init	Filip Tehlar	1	-3/+2
	Type: fix Change-Id: I76bed5ce2df897d0e8e822ee1244018b0e39494d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-17	ikev2: IKE plugin manages the state of the protected tunnel interface	Neale Ranns	1	-2/+8
	Type: improvement IKE will bring the tunnel up ince the negociation is complete and bring it down when the session ends. It is the clinets responsibility to manage the state of the tunnel before and after these events. So to prevent any unencrpyted traffic egressing the tunnel before the session is negpciated, the tunnel should be in the down state when it a associated with the IKE session. Change-Id: I8aee593c79ca006d6ab08f9fa560fbbf6f8dcc16 Signed-off-by: Neale Ranns <nranns@cisco.com>