summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_tun.h
AgeCommit message (Collapse)AuthorFilesLines
2020-04-14ipsec: validate number of input sasMatthew Smith1-1/+3
Type: fix There is a statically allocated array for inbound SAs which can hold 4 IDs. The input parameter containing the IDs of th inbound SAs is a vector and Its possible to pass a vector with more than 4 elements and write the memory past the end of the array. Fail if more than 4 SAs are passed in the vector. Change-Id: I0c9d321c902d6366b8aff816d04e343dcbd110eb Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-02-25vlib: Punt reason allocation listener enable/disable callbackNeale Ranns1-0/+3
Type: improvement allow clients that allocate punt reasons to pass a callback function that is invoked when the first/last client registers to use/listen on that punt reason. This allows the client to perform some necessary configs that might not otherwise be enabled. IPSec uses this callback to register the ESP proto and UDP handling nodes, that would not otherwise be enabled unless a tunnel was present. Change-Id: I9759349903f21ffeeb253d4271e619e6bf46054b Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-21ipsec: IPSec protection for multi-point tunnel interfacesNeale Ranns1-10/+29
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
2019-11-08ipsec: remove dedicated IPSec tunnelsNeale Ranns1-1/+36
APIs for dedicated IPSec tunnels will remain in this release and are used to programme the IPIP tunnel protect. APIs will be removed in a future release. see: https://wiki.fd.io/view/VPP/IPSec Type: feature Change-Id: I0f01f597946fdd15dfa5cae3643104d5a9c83089 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-12ipsec: Reference count the SAsNeale Ranns1-2/+2
- this remove the need to iterate through all state when deleting an SA - and ensures that if the SA is deleted by the client is remains for use in any state until that state is also removed. Type: feature Change-Id: I438cb67588cb65c701e49a7a9518f88641925419 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-18ipsec: ipsec-tun protectNeale Ranns1-0/+114
please consult the new tunnel proposal at: https://wiki.fd.io/view/VPP/IPSec Type: feature Change-Id: I52857fc92ae068b85f59be08bdbea1bd5932e291 Signed-off-by: Neale Ranns <nranns@cisco.com>