Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: improvement
There's no need for the user to set the TUNNEL_V6 flag, it can be
derived from the tunnel's address type.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
|
|
Type: feature
This feautre only applies to ESP not AH SAs.
As well as the gobal switch for ayncs mode, allow individual SAs to be
async.
If global async is on, all SAs are async. If global async mode is off,
then if then an SA can be individually set to async. This preserves the
global switch behaviour.
the stratergy in the esp encrypt.decrypt nodes is to separate the frame
into, 1) sync buffers, 2) async buffers and 3) no-op buffers.
Sync buffer will undergo a cyrpto/ath operation, no-op will not, they
are dropped or handed-off.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifc15b10b870b19413ad030ce7f92ed56275d6791
|
|
support
Type: feature
attmpet 2. this includes changes in ah_encrypt that don't use
uninitialised memory when doing tunnel mode fixups.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
|
|
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f.
Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged.
Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
support
Type: feature
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6d4a9b187daa725d4b2cbb66e11616802d44d2d3
|
|
Type: feature
- use tunnel_encap_decap_flags to control the copying of DSCP/ECN/etc
during IPSEC tunnel mode encap.
- use DSCP value to have fixed encap value.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: If4f51fd4c1dcbb0422aac9bd078e5c14af5bf11f
|
|
Type: feature
thus allowing NAT traversal,
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Use consistent API types.
Change vl_api_ipsec_proto_t to iana values:
ESP 50,
AH 51,
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I2becefb343246e0233f290fefbfdd172d8237325
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
External IKE daemons need to be able to flag an SA as inbound (just as
the included ike plugin does). This commit adds this flag to the API.
This change is backward bug-compatible as not setting the flag (old
clients) continues to mean all SAs are created as outbound and fib nodes
are created for them. The addition of this flag inhibits this forwarding
node creation as well as properly flagging the SA as inbound.
Ticket: VPP-1845
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I195e32c430e51155fac2d9f33671e06ef42a3f7f
|
|
This reverts commit 666ece35cd2625bbd8b6ddadb6e87444a617df4d.
Reason for revert: Awaiting CSIT CRC job to catch up
Type: fix
Change-Id: Ib38bbd5879ff761496a6819186f1af1dbee48590
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Use consistent API types.
Change vl_api_ipsec_proto_t to iana values:
ESP 50,
AH 51,
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ic961130ffa519d1c904d872c34f9a7461b1be77e
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Type: fix
Signed-off-by: Prashant Maheshwari <pmahesh2@cisco.com>
Change-Id: I81b937fc8cfec36f8fb5de711ffbb02f23f3664e
Signed-off-by: Prashant Maheshwari <pmahesh2@cisco.com>
|