aboutsummaryrefslogtreecommitdiffstats
path: root/src/frontends/android/jni/libandroidbridge/kernel
Commit message (Collapse)AuthorAgeFilesLines
* android: Forward initiator flag to libipsec when adding IPsec SATobias Brunner2013-06-131-2/+2
|
* kernel-interface: add an exchange initiator parameter to add_sa()Martin Willi2013-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new flag gives the kernel-interface a hint how it should priorize the use of newly installed SAs during rekeying. Consider the following rekey procedure in IKEv2: Initiator --- Responder I1 -------CREATE-------> R1 I2 <------CREATE-------- -------DELETE-------> R2 I3 <------DELETE-------- SAs are always handled as pairs, the following happens at the SA level: * Initiator starts the exchange at I1 * Responder installs new SA pair at R1 * Initiator installs new SA pair at I2 * Responder removes old SA pair at R2 * Initiator removes old SA pair at I3 This makes sure SAs get installed/removed overlapping during rekeying. However, to avoid any packet loss, it is crucial that the new outbound SA gets activated at the correct position: * as exchange initiator, in I2 * as exchange responder, in R2 This should guarantee that we don't use the new outbound SA before the peer could install its corresponding inbound SA. The new parameter allows the kernel backend to install the new SA with appropriate priorities, i.e. it should: * as exchange inititator, have the new outbound SA installed with higher priority than the old SA * as exchange responder, have the new outbound SA installed with lower priority than the old SA While we could split up the SA installation at the responder, this approach has another advantage: it allows the kernel backend to switch SAs based on other criteria, for example when receiving traffic on the new inbound SA.
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-061-1/+1
|
* android: Remove unused methods on NetworkManager/network_manager_tTobias Brunner2013-05-032-94/+1
|
* android: Repurpose android-net to simply handle connectivity eventsTobias Brunner2013-05-032-58/+22
| | | | | | Using the events by NetworkManager/ConnectivityManager to trigger roam events instead of the events generated by the kernel-netlink plugin the noise level is much lower.
* kernel_ipsec_t.query_sa() additionally returns the number of processed packetsMartin Willi2013-03-141-1/+2
|
* Fixed Doxygen comments after scanning complete src directoryTobias Brunner2013-03-023-3/+3
|
* android: Implement kernel_net_t.get_interface via JNITobias Brunner2013-01-143-5/+62
| | | | | | This is now required to properly accept/install a virtual IP address. Fixes #275.
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-1/+1
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-291-1/+2
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-243-3/+3
|
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-241-1/+1
|
* Use a helper function to add milliseconds to timeval structsTobias Brunner2012-10-181-6/+1
|
* android: Bypass/protect previously bypassed sockets if connectivity changesTobias Brunner2012-10-161-0/+2
|
* android: Support for IPsec SA update addedTobias Brunner2012-10-161-1/+2
|
* android: Trigger roam events in case connectivity changesTobias Brunner2012-10-161-0/+63
|
* android: Register NetworkManager as BroadcastReceiver and relay events via JNITobias Brunner2012-10-162-5/+144
|
* android: Determine source address dynamicallyTobias Brunner2012-10-161-1/+16
|
* android: Added NetworkManager class which allows to retrieve a local IP addressTobias Brunner2012-10-162-0/+196
|
* Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()Tobias Brunner2012-08-131-1/+2
|
* Add an Android specific kernel_ipsec_t implementationTobias Brunner2012-08-132-0/+240
| | | | | This is pretty much a proxy class that delegates everything (that is currently supported) to libipsec.
* Add an Android specific kernel_net_t implementationTobias Brunner2012-08-132-0/+113
This currently provides only no-ops and is just added because a kernel-net implementation is required and kernel-netlink can't be used at the moment.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 13:38:21 +0000