Age | Commit message (Collapse) | Author | Files | Lines |
|
Introduced SA and child SA uptime.
Type: improvement
Change-Id: I28cf9f90d35ebe035a31ed0a985a5e462c8536a8
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
|
|
Type: refactor
Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ide4b45da99e3a67376281f6438997f3148be08e5
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
|
|
The following issues are fixed:
* in responder code: do lookup again as the old pointer could be
invalidated during the cleanup operation
* in initiar code: do the cleanup of session if there're no child SAs or
if there's no response from the responder during initial request (this
can easily happen if the response packet was lost/dropped/etc)
* print the state of ikev2 profile (for easier tshooting)
Type: fix
Change-Id: I853d9851c0cf131696585e3c98fa97e66789badd
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
- do not initialize resources if ikev2 is not used.
- process IKE packets only if we have profile(s) configured
Type: improvement
Change-Id: I57c95a888532eafd70989096c0555ebb1d7bef25
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Ticket: VPP-1901
Change-Id: I1ad222b54363fd35679d0132d458345a9a18362c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ic502d806410ea3c8f3f1eac70b694114ccb053bf
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
format_ip_address() to display {local,remote}_id does not work because
we do not store ip_address_t but ip{4,6}_address_t, hence we lack the
ip_address_family_t version field.
Update format_ikev2_id_type_and_data() to support all types and use it
instead.
Type: fix
Change-Id: I7a81beb0b22fcf1c5d1bf03a32a6cc4f030f4361
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: refactor
Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
Ticket: VPP-1935
Change-Id: I705f84047b112279377590157a1c7b4a34f693d2
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: I0db0a9b2f872753fa64d27335838cb34645a9ee8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id13f33843b230a1d169560742c4f7b2dc17d8718
|
|
Type: style
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I26a19e42076e031ec5399d5ca05cb49fd6fbe1cd
|
|
Ticket: VPP-1917
Type: feature
Change-Id: Ie9f22e7336aa7807b1967c48de9843df10fb575c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Ibdd83fa336427ec0c66224ecebb1b6bd36d1d1ba
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Ticket: VPP-1898
Type: improvement
Change-Id: I1c56df331965c733a2d0eae63a12d5a4ee5a2e41
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: refactor
Change-Id: I6b8dc68e5d4a452776fbaf5a69fbd7f53a8abb75
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Ticket: VPP-1920
Change-Id: I6e30f3594cb30553f3ca5a35e0a4f679325aacec
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Signed-off-by: Jan Cavojsky <Jan.Cavojsky@pantheon.tech>
Change-Id: I84776a50b520134e8a3ca6ae41b4cc29009e6319
|
|
Type: fix
Anouncing DH group in esp transform proposals will enable PFS which is
not suppored now. This fixes issue during rekey when using strongswan as
responder.
Change-Id: Ib9f586113ae0ab9dc67e6ceadff43f8aac463820
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
* initiator behind NAT supported
* tested with static NAT mappings
* works only with pre-configured tunnels
The pre-configured tunnel has to be defined as follows:
initiator (i) side: src=ip(i) dst=ip(r)
responder (r) side: src=ip(r) dst=ip(nat)
Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: If240bd8b3579678c0a6b5ea723946a35b53e5c31
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Introduce new cli for setting liveness check period and max retries for
a peer to consider its partner dead.
ikev2 set liveness <period-in-seconds> <max-retires>
Type: improvement
Change-Id: Iadae1de245d34fe3ee85e09b570f9df8c401772b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
This patch makes configuring integration algorithm optional. This is
useful when using AEAD cipher (in fact when using such
cipher, integ algo is ignored anyway).
Change-Id: I5891db5c0433afb85ae2d9084d45b89ec1133178
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: I081dec2dc0c2bd0845dd4638b7b2f12806594112
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Iee84f94c617c53658f13c5430b945568c5e06ce9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
... rather than always creating a new interface.
Change-Id: If8a22ad5a8a3a4e511bea7cab7d8bbf7e6af9433
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: refactor
Change-Id: Iedcb24684c54f4d78583ab3aa3db1097e73df248
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
The vlib init function subsystem now supports a mix of procedural and
formally-specified ordering constraints. We should eliminate procedural
knowledge wherever possible.
The following schemes are *roughly* equivalent:
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
clib_error_t *error;
... do some stuff...
if ((error = vlib_call_init_function (init_runs_next)))
return error;
...
}
VLIB_INIT_FUNCTION (init_runs_first);
and
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
... do some stuff...
}
VLIB_INIT_FUNCTION (init_runs_first) =
{
.runs_before = VLIB_INITS("init_runs_next"),
};
The first form will [most likely] call "init_runs_next" on the
spot. The second form means that "init_runs_first" runs before
"init_runs_next," possibly much earlier in the sequence.
Please DO NOT construct sets of init functions where A before B
actually means A *right before* B. It's not necessary - simply combine
A and B - and it leads to hugely annoying debugging exercises when
trying to switch from ad-hoc procedural ordering constraints to formal
ordering constraints.
Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
for easy integration with ptoducts running their own Ike stack.
Without the VPP IKE plugin loaded, the product is free to handle
IKE packets as it pleases.
Change-Id: Id0839f4d58b797f4c2da0382eb499fc08b05f66f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|