aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/network
Commit message (Collapse)AuthorAgeFilesLines
* receiver: Restrict init limit to half-open SAs as responderThomas Egerer2017-05-231-4/+2
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Use standard unsigned integer typesAndreas Steffen2016-03-244-20/+20
|
* libhydra: Move kernel interface to libcharonTobias Brunner2016-03-031-4/+2
| | | | This moves hydra->kernel_interface to charon->kernel.
* ike: Only consider number of half-open SAs as responder when deciding ↵Tobias Brunner2015-08-271-5/+7
| | | | whether COOKIEs are sent
* ikev2: Drop IKE_SA_INIT messages that don't have the initiator flag setTobias Brunner2015-08-201-1/+3
| | | | | | | | | | | While this doesn't really create any problems it is not 100% correct to accept such messages because, of course, the sender of an IKE_SA_INIT request is always the original initiator of an IKE_SA. We currently don't check the flag later, so we wouldn't notice if the peer doesn't set it in later messages (ike_sa_id_t.equals doesn't compare it anymore since we added support for IKEv1, in particular since 17ec1c74de).
* utils: Use chunk_equals_const() for all cryptographic purposesMartin Willi2015-04-141-1/+1
|
* receiver: Send a single INVALID_MAJOR_VERSION notify for IKE version > 2Martin Willi2014-07-171-3/+1
| | | | | | | | | We sent both a notify using IKEv1 and IKEv2. This is a little more aggressive than required, RFC 5996 says we "SHOULD send an unauthenticated Notify message of type INVALID_MAJOR_VERSION containing the highest (closest) version number it supports". Fixes #657.
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-041-1/+1
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-122-14/+14
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-111-1/+1
| | | | for IKEv2 anyway
* receiver: Avoid cloning packet data when verifying COOKIE payloadsTobias Brunner2013-07-291-5/+1
| | | | | | | Besides being more efficient this removes a memory leak that occurred when a COOKIE payload was successfully verified. Fixes #369.
* net: Socket implementations report the address families they supportTobias Brunner2013-07-053-9/+63
|
* Added charon.initiator_only option which causes charon to ignore IKE ↵Andreas Steffen2013-04-141-2/+10
| | | | initiation requests by peers
* Avoid returning COOKIEs right after system bootTobias Brunner2013-03-191-1/+1
| | | | | | | | | | | When the monotonic timer is initialized to 0 right after the system is booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s). Since the COOKIE verification code actually produces an overflow for COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs. Checking for last_cookie makes sense anyway as that condition must only apply if we actually sent a COOKIE before.
* Log message size for in- and outbound IKE messagesTobias Brunner2012-12-241-2/+4
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-242-2/+2
|
* Moved packet_t and tun_device_t to networking folderTobias Brunner2012-10-244-4/+4
|
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-241-1/+1
|
* Raise a bus alert when IKE message header parsing failsMartin Willi2012-10-241-0/+1
|
* Don't check interface of inbound message if interfaces are not filteredTobias Brunner2012-09-241-2/+3
| | | | | We don't have a proper kernel-net interface on Android yet, so the check for a usable interface does not work there.
* Drop packets received on ignored interfacesTobias Brunner2012-09-211-2/+12
|
* Apply send delay before adding non-ESP markerTobias Brunner2012-08-241-16/+16
| | | | | Otherwise the packet header could not be parsed correctly when NAT-T is used.
* Remove unused src/dst variables in send_no_marker()Martin Willi2012-08-211-5/+0
|
* Moved packet_t to libstrongswanTobias Brunner2012-08-086-280/+4
|
* Only log the sending of regular packets in sender_tTobias Brunner2012-08-081-1/+2
| | | | | | | | When sender_t is used to send ESP packets this would otherwise cause an extreme amount of debug messages. With this change all messages sent via sender_t.send_no_marker() cause no extra DBG1 log message, but for debugging purposes the socket plugins do log the same message again with DBG2 for all packets.
* Added get_port() method to socket_t to learn the listening port.Tobias Brunner2012-08-083-3/+33
|
* Use send_no_marker to send NAT keepalives.Tobias Brunner2012-08-081-8/+3
|
* Avoid double-free when prepending Non-ESP marker.Tobias Brunner2012-08-081-1/+1
|
* Function added to send packets without Non-ESP marker.Tobias Brunner2012-08-082-20/+36
|
* Avoid unnecessary copy of packet data when removing Non-ESP marker.Tobias Brunner2012-08-081-2/+1
|
* Added packet_t.skip_bytes method to skip bytes at the start of a packet.Tobias Brunner2012-08-082-3/+26
|
* Improved how NAT-T keepalives are handled in sockets/receiver.Tobias Brunner2012-08-081-3/+14
|
* Callback for ESP packets added to receiver.Tobias Brunner2012-08-082-6/+86
|
* Add Non-ESP marker in sender and not individual socket plugins.Tobias Brunner2012-08-082-1/+20
|
* Handle Non-ESP marker in receiver and not individual socket plugins.Tobias Brunner2012-08-081-1/+24
|
* Add a return value to hasher_t.get_hash()Martin Willi2012-07-161-7/+17
|
* Check rng return value when generating COOKIE secret in receiverTobias Brunner2012-07-161-8/+22
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-252-23/+6
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Use proper getter for settings in sender and receiver.Tobias Brunner2012-05-032-2/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-032-13/+14
| | | | Also fixes several whitespace errors.
* Merge branch 'ikev1'Martin Willi2012-05-021-33/+84
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Send correct INVALID_MAJOR_VERSION when receiving packet with unsupported ↵Martin Willi2012-03-201-39/+62
| | | | | | | | protocol
| * Drop IKEv1 main/aggressive modes if peer to aggressiveMartin Willi2012-03-201-4/+17
| |
| * Don't accept IKEv2 packets if IKEv2 disabledMartin Willi2012-03-201-0/+2
| |
| * Add a payload.get_header_length() method, remove header length definitionsMartin Willi2012-03-201-0/+2
| |
| * Allow creation of message_t objects for IKEv1 packets.Tobias Brunner2012-03-201-1/+1
| |
| * Accept and process IKEv1 messages in receiverMartin Willi2012-03-201-7/+18
| |
| * Extended IKE header for IKEv1 supportMartin Willi2012-03-201-1/+1
| |
* | Added a dedicated sender flush method, delay sender destruction until users goneMartin Willi2012-05-022-2/+15
| |
* | Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a ↵Martin Willi2012-04-171-5/+43
|/ | | | | | | | | | | few secs Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as initiator, we can't know if the completing IKE_SA_INIT message is to our first request or the one with the COOKIE. If the responder just enabled/disabled COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE behavior toggling improves the situation, but does not solve the problem during the initial COOKIE activation.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 18:24:39 +0000