summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_test.c
AgeCommit message (Collapse)AuthorFilesLines
2022-12-16ipsec: new api for sa ips and ports updatesArthur de Kerhor1-0/+6
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA without having to rekey. Could be done by deleting and re-adding the SA but it would not preserve the anti-replay window if there is one. Use case: a nat update/reboot between the 2 endpoints of the tunnel. Type: feature Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-06-28ipsec: change wildcard value for any protocol of spd policyPiotr Bronowski1-1/+103
Currently 0 has been used as the wildcard representing ANY type of protocol. However 0 is valid value of ip protocol (HOPOPT) and therefore it should not be used as a wildcard. Instead 255 is used which is guaranteed by IANA to be reserved and not used as a protocol id. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I2320bae6fe380cb999dc5a9187beb68fda2d31eb
2021-12-14api: verify message size on receiptKlement Sekera1-0/+4
When a message is received, verify that it's sufficiently large to accomodate any VLAs within message. To do that, we need a way to calculate message size including any VLAs. This patch adds such funcionality to vppapigen and necessary C code to use those to validate message size on receipt. Drop messages which are malformed. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
2021-10-22ipsec: add api test fileFilip Tehlar1-0/+597
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ib3fe4f306f23541a01246b74ad0f1a7074fa03bb