Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: db41776) | patch
Allow IPsec interface to have SAs reset 94/8794/5
authorMatthew Smith <mgsmith@netgate.com>
Thu, 12 Oct 2017 17:06:59 +0000 (12:06 -0500)
committerSergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Thu, 26 Oct 2017 13:48:54 +0000 (13:48 +0000)
commitca514fda1125573d513215cb6ea7f22057a82d6b
treec40b3964b2f295e541cb7fffc3feea378c66f24dtree | snapshot
parentdb41776a92e3e13178d7a565b7700a2a05336f04commit | diff
Allow IPsec interface to have SAs reset

Make it easier to integrate with external IKE daemon.
IPsec interfaces can have one or both SAs replaced after
creation. This allows for the possibility of setting a
new child SA on an interface when rekeying occurs. It also
allows for the possibility of creating an interface ahead
of time and updating the SA when parameters that are
negotiated during IKE exchange become known.

Change-Id: I0a31afdcc2bdff7098a924a51abbc58bdab2bd08
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
src/vat/api_format.c diff | blob | history
src/vnet/ipsec/ipsec.api diff | blob | history
src/vnet/ipsec/ipsec.c diff | blob | history
src/vnet/ipsec/ipsec.h diff | blob | history
src/vnet/ipsec/ipsec_api.c diff | blob | history
src/vnet/ipsec/ipsec_if.c diff | blob | history
Vector Packet Processing