summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/esp_encrypt.c
AgeCommit message (Expand)AuthorFilesLines
2019-05-01esp_encrypt: remove unnecessary codeZhiyong Yang1-1/+1
2019-04-26crypto, ipsec: change GCM IV handlingDamjan Marion1-3/+20
2019-04-25crypto: improve key handlingDamjan Marion1-3/+2
2019-04-19IPSEC: IPv6 ESP transport mode incorrect packet length and checksum (VPP-1654)Neale Ranns1-7/+14
2019-04-19IPSEC: ESP IPv6 transport mode payload length incorrect (VPP-1653)Neale Ranns1-1/+3
2019-04-16IPSEC: support GCM in ESPNeale Ranns1-0/+15
2019-04-11IPSEC: ESP with ESN tests and fixesNeale Ranns1-1/+1
2019-04-11IPSEC-MB: Use random & non-repeating IV (VPP-1642)Neale Ranns1-2/+0
2019-04-10crypto: Intel IPSEC-MB engineNeale Ranns1-0/+2
2019-04-07crypto: add support for AEAD and AES-GCMDamjan Marion1-7/+6
2019-04-04ipsec: trunc_size -> icv_sizeDamjan Marion1-1/+1
2019-04-02IPSEC: remove pointless feature orderingNeale Ranns1-4/+2
2019-03-29IPSEC: tunnel fragmentationNeale Ranns1-0/+10
2019-03-28crypto: add vnet_crypto_op_init (...)Damjan Marion1-3/+2
2019-03-28ipsec: USE_EXTENDED_SEQ_NUM -> USE_ESNDamjan Marion1-1/+1
2019-03-28IPSEC: 4o6 and 6o4 for tunnel interfacesNeale Ranns1-2/+4
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns1-6/+75
2019-03-27ipsec: compress ipsec_sa_t so data used by dataplane code fits in cachelineDamjan Marion1-6/+6
2019-03-26ipsec: esp-encrypt reworkDamjan Marion1-241/+337
2019-03-20ipsec: keep crypto data inside SADamjan Marion1-17/+9
2019-03-19crypto: introduce crypto infraDamjan Marion1-31/+22
2019-03-06ipsec: esp-encrypt and esp-decrypt cleanupDamjan Marion1-283/+240
2019-03-05ipsec: cleanup, remove unnecessary code,Kingwel Xie1-4/+0
2019-02-18IPSEC: move SA counters into the stats segmentNeale Ranns1-2/+6
2019-02-14Add -fno-common compile optionBenoît Ganne1-0/+2
2019-02-07IPSEC: no second lookup after tunnel encapNeale Ranns1-13/+17
2018-12-11Add IPSec interface FIB index for TX packetPierre Pfister1-2/+2
2018-12-11Fix [csit-dev] CSIT IPv6 IPSec transport mode tests are failingjackiechen19851-1/+9
2018-12-07Fix VPP-1515 IPSec receive packet error in transport mode with udp encapjackiechen19851-1/+1
2018-12-04ipsec: simplify bumping counters - cosmetic changeKlement Sekera1-22/+7
2018-11-14Remove c-11 memcpy checks from perf-critical codeDave Barach1-5/+5
2018-11-13ipsec: fix typoKlement Sekera1-1/+1
2018-10-29migrate ipsec to new multiarch infraKlement Sekera1-11/+6
2018-10-22ipsec: split ipsec nodes into ip4/ip6 nodesKlement Sekera1-26/+69
2018-07-11avoid using thread local storage for thread indexDamjan Marion1-4/+4
2018-07-04fix VPP-1312 Invalid UDP packet length in ipsecKlement Sekera1-1/+2
2018-05-09ipsec: support UDP encap/decap for NAT traversalKlement Sekera1-24/+50
2017-11-29DES-CBC/3DES-CBC support for VPP IPSec Core“mukeshyadav1984”1-13/+19
2017-11-28IPSec AH protocol enhancement in VPP native core“mukeshyadav1984”1-4/+5
2017-11-10Allow Openssl 1.1.0Marco Varlese1-0/+4
2017-10-24Add extern to *_main global variable declarations in header files.Dave Wallace1-0/+1
2017-04-06Use thread local storage for thread indexDamjan Marion1-6/+7
2017-02-17Implemented IKEv2 initiator features:Radu Nicolau1-0/+2
2016-12-28Reorganize source tree to use single autotools instanceDamjan Marion1-0/+425
return (-1, -1) count -= 1; if count == 0 and found: return (count, index) return (count, -1) def parse(self, filename): # Strip the current directory off the start of the # filename for brevity if filename[0:len(self.input_prefix)] == self.input_prefix: filename = filename[len(self.input_prefix):] if filename[0] == "/": filename = filename[1:] # Work out the abbreviated directory name directory = os.path.dirname(filename) if directory[0:2] == "./": directory = directory[2:] elif directory[0:len(self.input_prefix)] == self.input_prefix: directory = directory[len(self.input_prefix):] if directory[0] == "/": directory = directory[1:] # Open the file and explore its contents... self.log.info("Siphoning from %s." % filename) directives = {} with open(filename) as fd: siphon = None close_siphon = None siphon_block = "" in_block = False line_num = 0 siphon_line = 0 for line in fd: line_num += 1 str = line[:-1] # filter \n """See if there is a block directive and if so extract it""" def process_block_directive(str, directives): m = self.siphon_block_directive.search(str) if m is not None: k = m.group(2) v = m.group(3).strip() directives[k] = v # Return only the parts we did not match return str[0:m.start(1)] + str[m.end(4):] return str def process_block_prefix(str): if str.startswith(" * "): str = str[3:] elif str == " *": str = "" return str if not in_block: # See if the line contains the start of a siphon doc block m = self.siphon_block_start.search(str) if m is not None: in_block = True t = m.group(1) # Now check if the block closes on the same line m = self.siphon_block_stop.search(t) if m is not None: t = m.group(1) in_block = False # Check for directives t = process_block_directive(t, directives) # Filter for normal comment prefixes t = process_block_prefix(t) # Add what is left siphon_block += t # Skip to next line continue else: # Check to see if we have an end block marker m = self.siphon_block_stop.search(str) if m is not None: in_block = False t = m.group(1) else: t = str # Check for directives t = process_block_directive(t, directives) # Filter for normal comment prefixes t = process_block_prefix(t) # Add what is left siphon_block += t + "\n" # Skip to next line continue if siphon is None: # Look for blocks we need to siphon for p in siphon_patterns: if p[0].match(str): siphon = [ p[1], str + "\n", 0 ] siphon_line = line_num # see if we have an initializer m = self.siphon_initializer.search(str) if m is not None: # count the braces on this line (count, index) = \ self.count_braces(str[m.start():]) siphon[2] = count # TODO - it's possible we have the # initializer all on the first line # we should check for it, but also # account for the possibility that # the open brace is on the next line #if count == 0: # # braces balanced # close_siphon = siphon # siphon = None else: # no initializer: close the siphon right now close_siphon = siphon siphon = None else: # See if we should end the siphon here - do we have # balanced braces? (count, index) = self.count_braces(str, count=siphon[2], found=True) if count == 0: # braces balanced - add the substring and # close the siphon siphon[1] += str[:index+1] + ";\n" close_siphon = siphon siphon = None else: # add the whole string, move on siphon[2] = count siphon[1] += str + "\n" if close_siphon is not None: # Write the siphoned contents to the right place siphon_name = close_siphon[0] # Copy directives for the file details = {} for key in directives: if ":" in key: (sn, label) = key.split(":") if sn == siphon_name: details[label] = directives[key] else: details[key] = directives[key] # Copy details for this block details['file'] = filename details['directory'] = directory details['line_start'] = siphon_line details['line_end'] = line_num details['siphon_block'] = siphon_block.strip() details["block"] = close_siphon[1] # Store the item self.output[siphon_name]['items'].append(details) # All done close_siphon = None siphon_block = "" # Update globals for key in directives.keys(): if ':' not in key: continue if filename.endswith("/dir.dox"): # very special! use the parent directory name l = directory else: l = filename (sn, label) = key.split(":") if sn not in self.output: self.output[sn] = {} if 'global' not in self.output[sn]: self.output[sn]['global'] = {} if l not in self.output[sn]['global']: self.output[sn]['global'][l] = {} self.output[sn]['global'][l][label] = directives[key] def deliver(self): # Write out the data for siphon in self.output.keys(): self.log.info("Saving siphon data %s." % siphon) s = self.output[siphon] with open(s['file'], "a") as fp: json.dump(s, fp, separators=(',', ': '), indent=4, sort_keys=True)