<feed xmlns='http://www.w3.org/2005/Atom'>
<title>tteras/strongswan/src/libhydra/plugins/kernel_netlink, branch master</title>
<subtitle>tteras' strongSwan tree
</subtitle>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/'/>
<entry>
<title>libhydra: Move all kernel plugins to libcharon</title>
<updated>2016-03-03T16:36:11+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2016-02-12T14:21:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=dec9e1957feb56c854bc24a657a6a378d74317f6'/>
<id>dec9e1957feb56c854bc24a657a6a378d74317f6</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-netlink: Allow Netlink send buffer size to be configured via compile option</title>
<updated>2016-02-12T14:08:34+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2016-02-12T14:08:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=70934d94367d485cb599071671941b5d0c5c19fb'/>
<id>70934d94367d485cb599071671941b5d0c5c19fb</id>
<content type='text'>
The receive buffer size can already be changed via strongswan.conf if
necessary.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The receive buffer size can already be changed via strongswan.conf if
necessary.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-netlink: Allow IPsec policies to replace shunt policies</title>
<updated>2015-11-10T15:42:53+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-10-05T12:36:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=4aff44520295bcc547e729d1df33212496758227'/>
<id>4aff44520295bcc547e729d1df33212496758227</id>
<content type='text'>
Shunt policies don't have a reqid set, so we allow unequal reqids in
this particular case (i.e. if one of the reqids is 0).
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Shunt policies don't have a reqid set, so we allow unequal reqids in
this particular case (i.e. if one of the reqids is 0).
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-netlink: Make absolutely sure we always delete the right policy cache entry</title>
<updated>2015-11-10T15:42:53+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-09-16T15:01:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=33400876d403de2e0e970a875d5af92a18708866'/>
<id>33400876d403de2e0e970a875d5af92a18708866</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-interface: Pass the same data to del_policy() that was passed to add_policy()</title>
<updated>2015-11-10T15:42:52+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-09-16T14:44:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=a6e0f14fd2bf8b23fbfd808acc595e97d5e23a49'/>
<id>a6e0f14fd2bf8b23fbfd808acc595e97d5e23a49</id>
<content type='text'>
The additional data can be helpful to identify the exact policy to
delete.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The additional data can be helpful to identify the exact policy to
delete.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-netlink: Remove the unused policy_history flag</title>
<updated>2015-11-10T14:42:16+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-09-16T13:05:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=e2658390931608dd26390afec08e595a2feeed8b'/>
<id>e2658390931608dd26390afec08e595a2feeed8b</id>
<content type='text'>
This was used with pluto, which had its own policy tracking.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This was used with pluto, which had its own policy tracking.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-netlink: Properly set port mask for ICMP type/code if only set on one side</title>
<updated>2015-08-31T13:30:57+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-08-26T15:46:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=7b20ab0a9403c9cbeb7009a5cf77d7f3f6d3f5dd'/>
<id>7b20ab0a9403c9cbeb7009a5cf77d7f3f6d3f5dd</id>
<content type='text'>
If only one traffic selector had a port (type/code) the other side had
the port mask set to 0, which canceled out the applied type/code.

It also fixes the installation of ICMP type/code on big-endian hosts.

Fixes #1091.
References #595.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If only one traffic selector had a port (type/code) the other side had
the port mask set to 0, which canceled out the applied type/code.

It also fixes the installation of ICMP type/code on big-endian hosts.

Fixes #1091.
References #595.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-netlink: Only flush SAs of types we actually manage</title>
<updated>2015-08-21T16:27:05+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-08-13T08:34:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=82b5d1c01832a79c65b002b1677aac7ed015cb52'/>
<id>82b5d1c01832a79c65b002b1677aac7ed015cb52</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-netlink: Avoid route dump if routing rule excludes traffic with a certain mark</title>
<updated>2015-08-18T10:06:08+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-08-05T14:51:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=6bd1216e7a8a41eb6c103c27a05f50871e1aef99'/>
<id>6bd1216e7a8a41eb6c103c27a05f50871e1aef99</id>
<content type='text'>
If the routing rule we use to direct traffic to our own routing table
excludes traffic with a certain mark (fwmark = !&lt;mark&gt;) we can simplify
the route lookup and avoid dumping all routes by passing the mark to the
request.  That way our own routes are ignored and we get the preferred
route back without having to dump and analyze all routes, which is quite a
burden on hosts with lots of routes.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If the routing rule we use to direct traffic to our own routing table
excludes traffic with a certain mark (fwmark = !&lt;mark&gt;) we can simplify
the route lookup and avoid dumping all routes by passing the mark to the
request.  That way our own routes are ignored and we get the preferred
route back without having to dump and analyze all routes, which is quite a
burden on hosts with lots of routes.
</pre>
</div>
</content>
</entry>
<entry>
<title>kernel-netlink: When adding a policy do an update if it already exists</title>
<updated>2015-08-13T08:49:16+00:00</updated>
<author>
<name>Tobias Brunner</name>
<email>tobias@strongswan.org</email>
</author>
<published>2015-06-03T15:31:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git-old.alpinelinux.org/user/tteras/strongswan/commit/?id=dc2fa791e4b914a0099469749648483acdef6fbb'/>
<id>dc2fa791e4b914a0099469749648483acdef6fbb</id>
<content type='text'>
This may be the case when SAs are reestablished after a crash of the
IKE daemon.

We could actually always do updates.  The kernel doesn't care, the only
difference is the possible EEXIST if XFRM_MSG_NEWPOLICY is used.  The
advantage of not doing this, though, is that we get a warning in the log
if a policy already exists, as that should usually not be the case.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This may be the case when SAs are reestablished after a crash of the
IKE daemon.

We could actually always do updates.  The kernel doesn't care, the only
difference is the possible EEXIST if XFRM_MSG_NEWPOLICY is used.  The
advantage of not doing this, though, is that we get a warning in the log
if a policy already exists, as that should usually not be the case.
</pre>
</div>
</content>
</entry>
</feed>
