tteras/strongswan/src/libcharon/plugins/kernel_netlink, branch 5.6.0dr3 tteras' strongSwan tree linked-list: Change return value of find_first() and signature of its callback 2017-05-26T11:56:44+00:00 Tobias Brunner tobias@strongswan.org 2017-05-16T10:11:24+00:00 2e4d110d1e94a3be9da06894832492ff469eec37 This avoids the unportable five pointer hack. 
This avoids the unportable five pointer hack.
linked-list: Change interface of callback for invoke_function() 2017-05-26T11:56:44+00:00 Tobias Brunner tobias@strongswan.org 2017-05-15T15:51:19+00:00 8a2e4d4a8b87f5e8a5e5f663ee8eddd47988fa2c This avoids the unportable five pointer hack. 
This avoids the unportable five pointer hack.
Change interface for enumerator_create_filter() callback 2017-05-26T11:56:44+00:00 Tobias Brunner tobias@strongswan.org 2017-05-12T10:10:27+00:00 525cc46cabe3dbf17d9f63e76ea9aa974d3665fa This avoids the unportable 5 pointer hack, but requires enumerating in the callback. 
This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.
Migrate all enumerators to venumerate() interface change 2017-05-26T11:56:44+00:00 Tobias Brunner tobias@strongswan.org 2017-05-11T07:17:02+00:00 95a63bf2813cd6ecad912237688526bbcc3481ee 






kernel-netlink: Use total retransmit timeout as acquire timeout
2017-05-23T16:05:58+00:00

Tobias Brunner
tobias@strongswan.org

2017-03-13T11:15:25+00:00

70855696adb5bf363c0b91af0af9fe09db4a9e6c

By using the total retransmit timeout, modifications of timeout settings
automatically reflect on the value of xfrm_acq_expires.  If set, the
value of xfrm_acq_expires configured by the user takes precedence over
the calculated value.





By using the total retransmit timeout, modifications of timeout settings
automatically reflect on the value of xfrm_acq_expires.  If set, the
value of xfrm_acq_expires configured by the user takes precedence over
the calculated value.







kernel-netlink: Try to add new inbound SA if update fails
2017-05-23T15:58:51+00:00

Thomas Egerer
thomas.egerer@secunet.com

2017-03-09T17:26:35+00:00

d140b3bd3f7ff6f6b7bdc5202bd0dee7f39fa699

When establishing a traffic-triggered CHILD_SA involves the setup of an
IKE_SA more than one exchange is required. As a result the temporary
acquire state may have expired -- even if the acquire expiration
(xfrm_acq_expires) time is set properly (165 by default).  The expire
message sent by the kernel is not processed in charon since no trap can
be found by the trap manager.
A possible solution could be to track allocated SPIs.  But since this is
a corner case and the tracking introduces quite a bit of overhead, it
seems much more sensible to add a new state if the update of a state
fails with NOT_FOUND.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>





When establishing a traffic-triggered CHILD_SA involves the setup of an
IKE_SA more than one exchange is required. As a result the temporary
acquire state may have expired -- even if the acquire expiration
(xfrm_acq_expires) time is set properly (165 by default).  The expire
message sent by the kernel is not processed in charon since no trap can
be found by the trap manager.
A possible solution could be to track allocated SPIs.  But since this is
a corner case and the tracking introduces quite a bit of overhead, it
seems much more sensible to add a new state if the update of a state
fails with NOT_FOUND.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>







kernel-netlink: Update hardware offload attribute when SAs are updated
2017-05-23T14:58:06+00:00

Tobias Brunner
tobias@strongswan.org

2016-11-30T09:46:21+00:00

48ea65501668bbae49a0ab48001ee15fe95b657e












kernel-netlink: Base SA update on correct message in multi-message response
2017-05-23T14:58:06+00:00

Tobias Brunner
tobias@strongswan.org

2016-11-30T09:27:10+00:00

0b5dfaeb5c334c87fc5b27b1da0d8a1a384fac71












kernel-netlink: Enable hardware offloading if configured for an SA
2017-05-23T14:51:03+00:00

Tobias Brunner
tobias@strongswan.org

2016-06-20T13:14:40+00:00

d42948fc057e25624c547649425b19ae4ebfa1e4












kernel-netlink: Directly handle Netlink messages if thread pool is empty
2017-05-23T14:49:39+00:00

Tobias Brunner
tobias@strongswan.org

2017-04-12T13:18:45+00:00

7caec9e4a40142803f22ed195704cdd46b097db1

During initialization of the plugins the thread pool is not yet
initialized so there is no watcher thread that could handle the queued
Netlink message and the main thread will wait indefinitely for a
response.

Fixes #2199.





During initialization of the plugins the thread pool is not yet
initialized so there is no watcher thread that could handle the queued
Netlink message and the main thread will wait indefinitely for a
response.

Fixes #2199.