summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_punt.h
AgeCommit message (Collapse)AuthorFilesLines
2022-08-19ipsec: enable UDP encap for IPv6 ESP tun protectMatthew Smith1-1/+2
Type: improvement If an SA protecting an IPv6 tunnel interface has UDP encapsulation enabled, the code in esp_encrypt_inline() inserts a UDP header but does not set the next protocol or the UDP payload length, so the peer that receives the packet drops it. Set the next protocol field and the UDP payload length correctly. The port(s) for UDP encapsulation of IPsec was not registered for IPv6. Add this registration for IPv6 SAs when UDP encapsulation is enabled. Add punt handling for IPv6 IKE on NAT-T port. Add registration of linux-cp for the new punt reason. Add unit tests of IPv6 ESP w/ UDP encapsulation on tun protect Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: Ibb28e423ab8c7bcea2c1964782a788a0f4da5268
2021-03-14ip: extend punt CLI for exception packetsMohammed Hawari1-5/+5
Change-Id: I20e48a5ac8068eccb8d998346d35227c4802bb68 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: feature
2019-07-12ip ipsec: Remove IPSec SPI-0 punt reasonNeale Ranns1-2/+0
Type: fix There's no call for an SPI-0 punt reason with UDP encap, since it's only with UDP encap that the ambiguity between IKE or IPSEC occurs (and SPI=0 determines IKE). Enhance the punt API to dum ponly the reason requested, so a client can use this as a get-ID API Change-Id: I5c6d72b03885e88c489117677e72f1ef5da90dfc Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-28Punt: socket register for exception dispatched/punted packets based on reasonNeale Ranns1-5/+5
- add to the Punt API to allow different descriptions of the desired packets: UDP or exceptions - move the punt nodes into punt_node.c - improve tests (test that the correct packets are punted to the registered socket) Change-Id: I1a133dec88106874993cba1f5a439cd26b2fef72 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-05IPSEC: punt reasons; SPI=0, no-tunnelNeale Ranns1-0/+47
Change-Id: If76992e283a27fa193a6865257ab3aa764066e48 Signed-off-by: Neale Ranns <nranns@cisco.com>