aboutsummaryrefslogtreecommitdiffstats
path: root/src/frontends/android/jni
Commit message (Collapse)AuthorAgeFilesLines
...
* android: Build libpts and init/deinit libpts in BYOD IMCTobias Brunner2013-07-083-2/+9
|
* android: Added a sample IMC that sends some dummy OS dataTobias Brunner2013-07-087-3/+657
|
* android: Build option added to load BYOD related plugins and libraries in ↵Tobias Brunner2013-07-081-8/+29
| | | | the Android app
* android: Disable listening on IPv6Tobias Brunner2013-07-051-0/+4
| | | | | As we have to use UDP encapsulation and the Linux kernel currently does not support that this avoids issues with dual-stack gateways.
* plugin-loader: Add method to print loaded plugins on a given log levelTobias Brunner2013-06-211-0/+1
|
* android: Forward initiator flag to libipsec when adding IPsec SATobias Brunner2013-06-131-2/+2
|
* kernel-interface: add an exchange initiator parameter to add_sa()Martin Willi2013-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new flag gives the kernel-interface a hint how it should priorize the use of newly installed SAs during rekeying. Consider the following rekey procedure in IKEv2: Initiator --- Responder I1 -------CREATE-------> R1 I2 <------CREATE-------- -------DELETE-------> R2 I3 <------DELETE-------- SAs are always handled as pairs, the following happens at the SA level: * Initiator starts the exchange at I1 * Responder installs new SA pair at R1 * Initiator installs new SA pair at I2 * Responder removes old SA pair at R2 * Initiator removes old SA pair at I3 This makes sure SAs get installed/removed overlapping during rekeying. However, to avoid any packet loss, it is crucial that the new outbound SA gets activated at the correct position: * as exchange initiator, in I2 * as exchange responder, in R2 This should guarantee that we don't use the new outbound SA before the peer could install its corresponding inbound SA. The new parameter allows the kernel backend to install the new SA with appropriate priorities, i.e. it should: * as exchange inititator, have the new outbound SA installed with higher priority than the old SA * as exchange responder, have the new outbound SA installed with lower priority than the old SA While we could split up the SA installation at the responder, this approach has another advantage: it allows the kernel backend to switch SAs based on other criteria, for example when receiving traffic on the new inbound SA.
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-061-1/+1
|
* android: Use stronger ESP proposal including AES-GCMTobias Brunner2013-05-031-0/+6
|
* android: Remove unused methods on NetworkManager/network_manager_tTobias Brunner2013-05-032-94/+1
|
* android: Ignore interface 'lo'Tobias Brunner2013-05-031-2/+4
| | | | | Android adds a default route via 'lo' if no connectivity is available causing charon to send packets via lo and triggering DPD.
* android: Repurpose android-net to simply handle connectivity eventsTobias Brunner2013-05-033-59/+34
| | | | | | Using the events by NetworkManager/ConnectivityManager to trigger roam events instead of the events generated by the kernel-netlink plugin the noise level is much lower.
* android: Replace android-net plugin with kernel-netlinkTobias Brunner2013-05-032-3/+8
| | | | | Virtual IPs are not handled by the kernel-netlink plugin and tun devices are ignored.
* android: Set strongswan.conf options before initializing other librariesTobias Brunner2013-05-031-36/+44
|
* android: No need to disable CMS explicitlyTobias Brunner2013-03-201-1/+0
| | | | The version check introduced with 0d237763 should take care of it.
* android: Build native libraries also for x86Tobias Brunner2013-03-203-2/+5
| | | | Requires an updated build script for Vstr.
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-201-10/+10
| | | | This avoids huge warnings when building the native code.
* android: Request and install an IPv6 DNS serverTobias Brunner2013-03-202-9/+17
|
* android: Also request a virtual IPv6 address and propose IPv6 TSTobias Brunner2013-03-203-23/+25
| | | | | This allows IPv6 over IPv4 but falls back nicely if we don't get a virtual IPv6 (or IPv4) address.
* kernel_ipsec_t.query_sa() additionally returns the number of processed packetsMartin Willi2013-03-141-1/+2
|
* android: Add support for combined certificate and EAP authenticationTobias Brunner2013-03-071-27/+50
| | | | | | This uses RFC 4739 multiple authentication rounds to first authenticate the client with a certificate followed by an EAP authentication round with username and password.
* Fixed Doxygen comments after scanning complete src directoryTobias Brunner2013-03-024-4/+4
|
* android: Mitigate race condition on reauthenticationTobias Brunner2013-03-011-0/+4
| | | | | | | | If the TUN device gets recreated while another thread in handle_plain() has not yet called select(2) but already stored the file descriptor of the old TUN device in its FD set, select() will fail with EBADF. Fixes #301.
* Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-1/+1
|
* android: Implement kernel_net_t.get_interface via JNITobias Brunner2013-01-143-5/+62
| | | | | | This is now required to properly accept/install a virtual IP address. Fixes #275.
* android: Moved chunk_from_byte_array and byte_array_from_chunk helper functionsTobias Brunner2013-01-142-24/+32
|
* android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h ↵Tobias Brunner2013-01-141-0/+1
| | | | on Android
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-121-1/+2
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-1/+1
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-1/+1
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-291-1/+2
|
* android: Properly handle exceptions when loading keys/certificatesTobias Brunner2012-11-211-3/+3
|
* android: Private key bug has been fixed with Android 4.2Tobias Brunner2012-11-191-1/+1
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-246-6/+6
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-242-2/+2
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-241-1/+1
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-241-1/+1
|
* android: Enable ECC in the app as our custom built libcrypto supports itTobias Brunner2012-10-231-3/+0
|
* Reload logger configuration on SIGHUPTobias Brunner2012-10-181-22/+14
| | | | | | Besides changing the configuration this allows to easily rotate log files. Also moved logger initialization back to daemon_t.
* Make syslog and file loggers configurable at runtimeTobias Brunner2012-10-181-13/+3
|
* Use a helper function to add milliseconds to timeval structsTobias Brunner2012-10-181-6/+1
|
* android: Ignore if peer is unreachable when reestablishing an SATobias Brunner2012-10-181-2/+7
|
* android: Use a shorter timeout for retransmitsTobias Brunner2012-10-181-1/+1
|
* android: Use keyingtries=%forever and dpd|closeaction=restartTobias Brunner2012-10-181-3/+3
| | | | | | | We also ignore the CHILD_SA_DOWN event. This should allow us to keep the connection up as long as the user does not manually disconnect.
* android: Handle unreachable peers via alertTobias Brunner2012-10-161-17/+5
|
* android: Use 0.0.0.0/0 as local traffic selectorTobias Brunner2012-10-161-1/+2
| | | | | This is helpful if the responder also wants to tunnel e.g. multicast packages.
* android: Bypass/protect previously bypassed sockets if connectivity changesTobias Brunner2012-10-163-4/+30
|
* android: Support for IPsec SA update addedTobias Brunner2012-10-161-1/+2
|
* android: Trigger roam events in case connectivity changesTobias Brunner2012-10-161-0/+63
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 04:54:30 +0000