No functional changes, just make it to respect original make binary
name used to start building
Type: improvement
Change-Id: Ic8568237fbb39c6a0d3b7405a9670e9410aeb752
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
This patch changes config to run containers on Ubuntu 22.04.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3be48099cb48d2c4a04526c15780244614bef3d4
This patch fixes configuration of priority, port and type of protocol
for inbound and outbound policies in policy-based IPsec of this plugin.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I01ddc2e13ebbe87380e66a525aac1b615f619604
In the current implementation there is a bug related to the incorrect
message handling due to the wrong id.
The fix changes logic responsible for handling incoming API messages
by correcting their ids.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iea29506053c9fd2e1d01bce83e7f4a6e1de39321
This patch addresses the issue when the list of available interfaces
is not up to date. Due to this issue adding a new route fails
and finally the connection is not established.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3a63c0dd99ebc28ea149b4b23867440937682761
This patch addresses the issue where the message ID registration
in the register_event function is incorrect. Due to this incorrect
registration, the lookup for the corresponding callback on received
messages fails, eventually leading to a segmentation fault
and double-free memory space.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If95182f972f64adb44d514e18c831cc9627d8f0f
In the current implementation there is a bug in the function
responsible for getting software interface index by the name of the
interface. Incorrect function is used to send the API message, also
the handler with replied message is incorrect.
The fix changes function to send dump message and also adds handler
with replied message in the correct way.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id1a3ba2ce7e92d216907f344431b9e2acb1d5572
This patch add in missing src/dst port assignment in SA for udp port
if encap.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I84219c016c5a32590aba0371c01ad8d44cbf4c5c
This patch fix the memory leaks discovered in the current
implementation, inlcuding expired data, spd dump, and host names.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53
Type: improvement
Since VPP-SWAN does not really need StrongSwan to be compiled,
this patch refines the Makefile to reflect the change.
In addition README is updated.
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4
This patch adds a missing file descriptor free handler to prevent
invalid dereferencing in the future
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
The current implementation of vpp-swan plugin adds the same policy rule
in SPD twice, and it is not necessary to have two the same rules in
inbound-protect database.
This patch fixes an issue that prevents the addition of a second
identical policy rule in SPD.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa"
key into strongswan.conf. If this is turned off, SAs will be
installed without tunnel information and can be used to
"ipsec tunnel protect". For the route-based IPsec, it will be
used with turning "policies" off in swanctl.conf.
Type: feature
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
In order to loop over the list of `vl_api_ip_address_details_t`,
increment the pointer by one instead of `i`.
Type: fix
Change-Id: I8554d1388d67bb95e029eddf444d383fb85ecac7
Signed-off-by: Timur Celik <mail@timurcelik.de>
Since vpp_sswan plugin already merged in /vpp/extras/strongswan,
no need to provide additional vpp_sswan source files for docker image.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I35bad22b1046e0dddbcf39e1af38d589d1438239
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Due to refactor keeping api common code in vlibapi, changes order
linked library to this plugin.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id94c0b78cbce4954d34a82123506a76370b12b23
Added scripts to reparing setups for testing
To prepare and run containers:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers
To prepare setups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh config
To clean-up settups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean
To deleted all containers and images in Docker:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted
Type: feature
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12
Added plugin vpp-swan is a plugin that helps offloading
Strongswan IPsec ESP process from Linux Kernel to VPP.
Type: feature
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893
