Hi guys, I am testing ipsec in vpp. Does VPP support configuring the 16 mask in tunnel mode?
When I set the protect range with mask 16 in tunnel mode ,the memory out of bounds will occure。 I've found two places that cause memory out of bounds: 1. the place Evp encryption fill alignment (EVP_EncryptFinal_ex) in esp_encrypt_aes_cbc; 2. the place hmac info is added to the trailing of the message in esp_encrypt_node_fn; Is that a mistake? My configuration is shown below: ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58 tunnel-src 192.168.153.134 tunnel-dst 192.168.190.141 ipsec sa add 20 spi 1002 esp crypto-alg aes-cbc-128 crypto-key 5a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 5339314b55523947594d6d3547666b45764e6a58 tunnel-src 192.168.190.141 tunnel-dst 192.168.153.134 ipsec spd add 1 set interface ipsec spd host-eth1 1 ipsec policy add spd 1 priority 10 inbound action protect sa 10 local-ip-range 192.168.0.0 - 192.168.255.255 remote-ip-range 192.168.0.0 - 192.168.255.255 ipsec policy add spd 1 priority 10 outbound action protect sa 20 local-ip-range 192.168.0.0 - 192.168.255.255 remote-ip-range 192.168.0.0 - 192.168.255.255 ipsec policy add spd 1 priority 5 inbound action bypass ipsec policy add spd 1 priority 5 outbound action bypass Is there anything wrong with my configuration? Thanks, xyxue
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
