aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2.c
AgeCommit message (Collapse)AuthorFilesLines
2020-02-27ikev2: fix non-matching SPIs during rekeyFilip Tehlar1-0/+2
Type:fix Change-Id: I01ac57f6186b20d8ab4070b7259a82a150f0ae9a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-25ikev2: add retry logic for session initiationFilip Tehlar1-0/+27
Type: improvement Change-Id: Ib474dabb745bc2034d8d60261c095e35a8fff277 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-24ikev2: proper cleanup of SAs during rekeyFilip Tehlar1-11/+110
Type: fix Change-Id: Ifb675c7783f03de4db8147858dd93d9687176f40 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-21ikev2: cleanup tunnels after subsequent sa-initFilip Tehlar1-0/+5
Type: fix Change-Id: I44e51bc37ff43999290d97fceb5f94b7c64041ec Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-21ipsec: IPSec protection for multi-point tunnel interfacesNeale Ranns1-2/+2
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
2020-02-20ikev2: fix logging initFilip Tehlar1-3/+2
Type: fix Change-Id: I76bed5ce2df897d0e8e822ee1244018b0e39494d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-17ikev2: IKE plugin manages the state of the protected tunnel interfaceNeale Ranns1-2/+8
Type: improvement IKE will bring the tunnel up ince the negociation is complete and bring it down when the session ends. It is the clinets responsibility to manage the state of the tunnel before and after these events. So to prevent any unencrpyted traffic egressing the tunnel before the session is negpciated, the tunnel should be in the down state when it a associated with the IKE session. Change-Id: I8aee593c79ca006d6ab08f9fa560fbbf6f8dcc16 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-13ikev2: Responder honours the protected tunnel configNeale Ranns1-0/+7
Type: feature Change-Id: Iee84f94c617c53658f13c5430b945568c5e06ce9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-11ikev2: Configure a profile with an existing interfaceNeale Ranns1-30/+77
Type: feature ... rather than always creating a new interface. Change-Id: If8a22ad5a8a3a4e511bea7cab7d8bbf7e6af9433 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-10ikev2: better loggingFilip Tehlar1-117/+93
Type: refactor Change-Id: Iedcb24684c54f4d78583ab3aa3db1097e73df248 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-01-27ipip: Multi-point interfaceNeale Ranns1-1/+1
Type: feature plus fixes for gre Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
2020-01-27tunnel: Common types for IP tunnelsNeale Ranns1-1/+2
Type: refactor Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I18dcdb7af3e327f6cacdbcb1e52b89f13d6ba6e2
2019-12-12ikev2: fix crash during SA rekeyFilip Tehlar1-0/+24
Type: fix Change-Id: Ib00ab9b2f28c0f4d85e96bf95697f61b8e415f37 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-12-03ipip: Tunnel flags controlling copying data to/from payload/encapNeale Ranns1-1/+2
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9467f11775936754406892b8e9e275f989ac9b30
2019-11-22ikev2: install/remove ipsec tunnels from main threadFilip Tehlar1-65/+155
Type: fix Change-Id: I5ad27b05c34494c5a2ea28706130612b547aaf67 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-11-20ikev2: fix memory leak in child SAFilip Tehlar1-16/+15
traffic selector vector isn't freed when freeing child SA Type: fix Change-Id: Icf6c240db5093f45d141451bad6f6627a61821cf Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-11-04ikev2: fix traffic selector matchFilip Tehlar1-2/+2
Type: fix Change-Id: I81ab3dcd03f397b3d275da6cfa094e048ad92f95 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-10-22ikev2: fix GCM cipherFilip Tehlar1-104/+155
Type: fix Change-Id: I382499061ff4b1c2cc1b70ebbf9725ff0e1be325 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-10-09ikev2: fix dangling pointerFilip Tehlar1-13/+26
Type: fix Change-Id: I8aa9029e0a5cf21aa24a90b39eb2787653f65abb Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-10-03ipsec: initialize msgid and allow no dh in child saChristian E. Hopps1-14/+18
- set msgid to 0 not random. - allow for no DH in ESP child SA Ticket: VPP-1781 Type: fix Signed-off-by: Christian E. Hopps <chopps@chopps.org> Change-Id: Ibe26009d38f444eeaec5b042097f145d161c7672
2019-09-19ikev2: add support for GCM cipherFilip Tehlar1-0/+20
Type: feature Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-09-06ikev2: fix crash during IKE SA Init exchangeFilip Tehlar1-6/+1
Type: fix Change-Id: If827fe348fe35d1221d29f91b7e6ea1624d13999 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-05-16init / exit function orderingDave Barach1-9/+9
The vlib init function subsystem now supports a mix of procedural and formally-specified ordering constraints. We should eliminate procedural knowledge wherever possible. The following schemes are *roughly* equivalent: static clib_error_t *init_runs_first (vlib_main_t *vm) { clib_error_t *error; ... do some stuff... if ((error = vlib_call_init_function (init_runs_next))) return error; ... } VLIB_INIT_FUNCTION (init_runs_first); and static clib_error_t *init_runs_first (vlib_main_t *vm) { ... do some stuff... } VLIB_INIT_FUNCTION (init_runs_first) = { .runs_before = VLIB_INITS("init_runs_next"), }; The first form will [most likely] call "init_runs_next" on the spot. The second form means that "init_runs_first" runs before "init_runs_next," possibly much earlier in the sequence. Please DO NOT construct sets of init functions where A before B actually means A *right before* B. It's not necessary - simply combine A and B - and it leads to hugely annoying debugging exercises when trying to switch from ad-hoc procedural ordering constraints to formal ordering constraints. Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-03plugins: clean up plugin descriptionsDave Wallace1-1/+1
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-02-25IKEv2 to pluginNeale Ranns1-0/+3487
for easy integration with ptoducts running their own Ike stack. Without the VPP IKE plugin loaded, the product is free to handle IKE packets as it pleases. Change-Id: Id0839f4d58b797f4c2da0382eb499fc08b05f66f Signed-off-by: Neale Ranns <nranns@cisco.com>