Age | Commit message (Collapse) | Author | Files | Lines |
|
hard code IV and key lengths based on cipher.
Init IV from random data, use AES instruction to rotate.
Change-Id: I13a6507d12267b823c528660a903787baeba47a0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
A plugin to use Intel IPSec MB library as a VPP crypto engine
This changes uses concepts from:
https://gerrit.fd.io/r/#/c/17301/
hence that author's work is acknowledge below
Change-Id: I2bf3beeb10f3c9706fa5efbdc9bc023e310f5a92
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
refactor the IPSEC tests a bit so we can parameterise
the setup.
Change-Id: I777e5eb8f29ca1dce3dd273ebd05dae5846790af
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I8c03c4aa90fb0056e11e0f234999c25d7839d759
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I925aa5bf9472e81f98072d63df499b19e6ddf43d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If76992e283a27fa193a6865257ab3aa764066e48
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Idb661261c2191adda963a7815822fd7a27a9e7a0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Idfc05cd0e09b50a26eaf747b7c49f720b009159a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I48a4b0a16f71cbab04dd0955d3ec4001074b57ed
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0b47590400aebea09aa1b27de753be638e1ba870
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic1b657794d23cb4d1664fc749ad2468339e376df
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Icdcbac7453baa837a9c0c4a2401dff4a6aa6cba0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I2018d8367bb010e1ab30d9c7c23d9501fc38a2e5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ib828ea5106f3ae280e4ce233f2462dee363580b7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ib73352d6be26d639a7f9d47ca0570a1248bff04a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I4d3ba18ab5205317219989de55b6e50d3b1d8a79
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iec7da9adc970d005cd7d3d42839b5e51b0b5f5c3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I517a7bdae03abfea58451819e7854974397d77f8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ibe7f806b9d600994e83c9f1be526fdb0a1ef1833
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Icdf51b094c34725c079d2e4acbb955744434302d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iad6c4b867961ec8036110a4e15a829ddb93193ed
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I27f24095309082363ba0d0ba4bd69e2c0741dc1c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Id546c56a4904d13d4278055f3c5a5e4548e2efd0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6a76907dc7bed2a81282b63669bea2219d6903c9
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
This reverts commit 785368e559dbdf50676f74f43f13423c817abb52.
Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
p is overwritten by hash_unset so an incorrect value is passed to
ipsec_sa_del
Change-Id: I97300dd4421c62d7cfa47b8e7e9789becb2370e9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ie8986bd3652d25c4befe681cea77df95aba37ebc
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
ipsec_tunnel_if_init might be called before ipsec_init
this memset in ipsec-init therefore zero the memory
allocated by ipsec_tunnel_if_init
Change-Id: Ie889f1bf624c76842ef77e5a51ed1d41fed4758d
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I4bfde738f9585b045cb5ba62cf51b141d639b1b2
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5e981f12ff44243623cfd18d5e0ae06a7dfd1eb8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ifd34aed8692d5acaa370d4976d974ac573e43705
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I9c45f390a6454c114f12f9c46c3a93fcecffa73f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1. fix wrong assignemnt of lik/rik
2. keys initialized to 0, to avoid using random data
in stack. could cause memory overlapped then crash
3. show sa->id in hex format
Change-Id: Id0430aa49bb55c27cee4f97f8c0e4ec87515dcd2
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
1. changed to vlib_buffer_enqueue_to_next
2. error counter fixes; stats added to last_sw_if_index
when interface changed
3. udp-encap support
Change-Id: I70b0814aa37181fea4d70fa3c96c608adb5afe49
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
Change-Id: I1e431aa36a282ca7565c6618a940d591674b8cd2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
baseline:
ipsec0-tx 1.27e1
ipsec-if-input 8.19e1
this change:
ipsec0-tx 6.17e0
ipsec-if-input 6.39e1
this also fixes the double tunnel TX counts by removing the duplicate
from the TX node.
Change-Id: Ie4608acda08dc653b6fb9e2c85185d83625efd40
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
ipsec_proto_main moved to ipsec.c
fix missing '\0' of backend name
Change-Id: I90760b3045973a46792c2f098d9b0b1b3d209ad0
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
Change-Id: I262a9412951b5df616920a8fad16c61eae96d0cc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
also fix the stats to include all the data in the tunnel.
And don't load the SA.
Change-Id: I7cd2e8d879f19683175fd0de78a606a2836e6da2
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5ef8b3f4be40a7a0b0f1cb90dc0e15a4711e8664
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
for easy integration with ptoducts running their own Ike stack.
Without the VPP IKE plugin loaded, the product is free to handle
IKE packets as it pleases.
Change-Id: Id0839f4d58b797f4c2da0382eb499fc08b05f66f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I7d48a4e236c6e7b11b0c9750a30fb68e829d64a5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: If884a3840f34090e33ce7808d38e50f919290d9f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1) stats are accessed via the stat segment which is more condusive to
monitoring
2) stats are accurate in the presence of multiple threads. There's no
guarantee that an SA is access from only one worker.
Change-Id: Id5e217ea253ddfc9480aaedb0d008dea031b1148
Signed-off-by: Neale Ranns <nranns@cisco.com>
|