Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Change-Id: Id7f865f537c55d00a784eec51624ba28e903a083
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I5be19a4923b37e2636621d36155178ac348ee41c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a8af7cf253c4e8ab9ba1a2cfed50f6236fea3a62)
|
|
Type: fix
Change-Id: If44c807d188b3e88d819f4132d73e6a34402a525
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit 999395cd6644a297c01dd6de033cf1ffb4e9951b)
|
|
- make sure everything is freed on cleanup
- reuse already allocated vectors where possible
Type: fix
Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 730cec8c0697627cc1fb6a34acd094c77ba07622)
|
|
Type: fix
Change-Id: Ie3d24b3df02d08fbb74d97f4e5ab0d79c35b0c0d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Ticket: VPP-1897
Change-Id: I0245aceeb344efd29b1f9217c35889a8bbe1f744
Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I3eb51ea4f6c29005b0315cf488fcabb8543dfcd1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: refactor
Change-Id: I6b8dc68e5d4a452776fbaf5a69fbd7f53a8abb75
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I864d49a641b45337c0a45a0af7d996cad75f6629
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Ticket: VPP-1920
Change-Id: I6e30f3594cb30553f3ca5a35e0a4f679325aacec
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: refactor
Change-Id: Ic7ddad20088e069887f81721cceb21f4902e8907
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: refactor
Change-Id: I04af90b4d86c00092ce1732aeb3c0517af1808e0
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Signed-off-by: Jan Cavojsky <Jan.Cavojsky@pantheon.tech>
Change-Id: I84776a50b520134e8a3ca6ae41b4cc29009e6319
|
|
Tests for AES-GCM and AES-CBC with different key lengths
Type: test
Change-Id: Ie7eeebb0f7e8331a717866475cb4ee00042857ce
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Ib9c5dff6c825f495400a73869d429b9c2df670fc
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: test
Change-Id: I3e8e451c5deaf04f519a471369370c383d9cda3b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: docs
Change-Id: Ie7836543e52bee08d12c565fbb6238d3e82ea3ce
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I0893d7cd8b8ab9958f585ac564bd0638bc60e78a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Ticket: VPP-1890
Change-Id: I9441d5afc38df7dabf6cccaead69dd32646d2a9e
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Ticket: VPP-1905
Type: test
Change-Id: Ie66fbd8e37eb5e69bd61b701ed3449366bee8c84
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: If73b88b9478b9314df6d9163c3a13724d4253c80
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Anouncing DH group in esp transform proposals will enable PFS which is
not suppored now. This fixes issue during rekey when using strongswan as
responder.
Change-Id: Ib9f586113ae0ab9dc67e6ceadff43f8aac463820
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I3198461f3dfc13cd3cedf2b8611dc80bb6f959c8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: I99c2383dd0d30efd1837f3d10ff2e4cf3a784283
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
* initiator behind NAT supported
* tested with static NAT mappings
* works only with pre-configured tunnels
The pre-configured tunnel has to be defined as follows:
initiator (i) side: src=ip(i) dst=ip(r)
responder (r) side: src=ip(r) dst=ip(nat)
Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: If240bd8b3579678c0a6b5ea723946a35b53e5c31
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Idf9b0ffb4e3a0113bece80d1195192bdf46feb89
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
thus allowing NAT traversal,
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Change-Id: Ib73ce48552cfa9e825a6833f5594650783d82f3b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
key file name should be a string and not array of u8.
Change-Id: I7d280d2397030e73732b374ad9d3146fad0bb19f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I8e4a47bd16fa8475ef695c09e3487eabf08faabe
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Introduce new cli for setting liveness check period and max retries for
a peer to consider its partner dead.
ikev2 set liveness <period-in-seconds> <max-retires>
Type: improvement
Change-Id: Iadae1de245d34fe3ee85e09b570f9df8c401772b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Ia7b07b4ec9e5681946f3f5c01c230c1f814e2cf6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Fix crash when peer tries to build INFO req before key exchange which
results using NULL key pointers for crypto operations.
Type: fix
Change-Id: I20aaf1ce769e4bfb45235047c2dd38307b4e0b59
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This patch fixes 2 different crashes:
1) BN_bn2bin() returns bytes written, not actual key length. Use
BN_bn2binpad() instead which adds padding.
2) Initiator may receive multiple sa-init responses for the same ispi
which may result in crash. Remember first response and ignore any
subsequent ones.
Type: fix
Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ibc65d739583dc11735f993f4c7e7ee6d3c8f5b0a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I746b94f494d059d2db5f47638c9f4e6bc4eb4045
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: style
Change-Id: Ie81eb7e3d872923daaa8ae8dad060a4da85349c5
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Type: fix
Change-Id: Ic6457da31846721e334f144f15d404575eeb73e5
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I2c89accddf2307fa975b71e974d4091499f104ed
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: Id8fc6750e856862157917587234a6b7b03531b13
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
This patch makes configuring integration algorithm optional. This is
useful when using AEAD cipher (in fact when using such
cipher, integ algo is ignored anyway).
Change-Id: I5891db5c0433afb85ae2d9084d45b89ec1133178
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: I081dec2dc0c2bd0845dd4638b7b2f12806594112
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Idd679885f42de45429a1dcbf3b0af1037dc54d2b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type:fix
Change-Id: I01ac57f6186b20d8ab4070b7259a82a150f0ae9a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Change-Id: Ib474dabb745bc2034d8d60261c095e35a8fff277
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Ifb675c7783f03de4db8147858dd93d9687176f40
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I44e51bc37ff43999290d97fceb5f94b7c64041ec
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
|