aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/ha
Commit message (Collapse)AuthorAgeFilesLines
* ha: Don't adopt IKEv1 children when building without IKEv1 supportMartin Willi2014-08-281-0/+2
| | | | | | | The adopt_children_job_create() function is not available when IKEv1 support is disabled. Fixes uncommon builds using --enable-ha --disable-ikev1. Fixes #690.
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* ike: Add an additional but separate AEAD proposal to CHILD configMartin Willi2014-05-161-0/+1
| | | | | | | This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless.
* ike: Add an additional but separate AEAD proposal to IKE config, if supportedMartin Willi2014-05-161-0/+1
|
* ikev2: Add inherit_pre() to apply config and hosts before IKE_SA rekeyingMartin Willi2014-04-171-8/+2
|
* Properly hash pointers for hash tables where appropriateTobias Brunner2014-03-311-17/+1
| | | | | Simply using the pointer is not optimal for our hash table implementation, which simply masks the key to determine the bucket.
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-123-11/+11
|
* Use exact mask when calling umask(2)Tobias Brunner2013-10-291-1/+1
| | | | | | Due to the previous negation the high bits of the mask were set, which at least some versions of the Android build system prevent with a compile-time check.
* ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-041-2/+2
| | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
* peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-041-2/+2
|
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-181-1/+2
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-5/+7
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* child-sa: replace get_traffic_selectors() with create_ts_enumerator()Martin Willi2013-07-171-5/+11
| | | | | Not directly returning a linked list allows us to change the internals of the CHILD_SA transparently.
* Reuse reqid for trap policies installed for dpd|closeaction=holdTobias Brunner2013-07-011-1/+1
|
* capabilities: CAP_CHOWN might be required by many plugins opening UNIX socketsTobias Brunner2013-06-251-0/+6
| | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-252-4/+4
|
* ha: Fix CHILD_SA installation in ha_dispatcher after adding initiator flagTobias Brunner2013-06-131-4/+8
|
* ha: Use plugin features to register listeners and attribute providerTobias Brunner2013-06-111-9/+37
|
* Add an option to autobalance a HA cluster automaticallyMartin Willi2013-03-191-0/+59
|
* Check if for some reason we handle a HA segment on both nodesMartin Willi2013-03-191-1/+15
|
* Acquire HA segment lock while sending heartbeatMartin Willi2013-03-191-0/+2
|
* Fix scheduling of heartbeat sending in HA pluginMartin Willi2013-03-191-2/+11
| | | | | | e0efd7c1 switches to automated job rescheduling for HA heartbeat. However, send_status() is initially called directly, which will not reschedule the job as required.
* Fix compiler warning in HA pluginMartin Willi2013-03-191-1/+1
|
* Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-2/+1
|
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-121-1/+1
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-244-5/+5
|
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-242-2/+2
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-241-1/+1
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-241-1/+1
|
* Added missing continue statement in ha socket error handlingTobias Brunner2012-09-281-0/+1
|
* Pass full pool list to release_addressMartin Willi2012-09-111-3/+17
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-5/+13
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-051-1/+10
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* Check address family in HA virtual IP backendMartin Willi2012-08-301-0/+6
|
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-302-7/+8
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-303-28/+41
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-1/+2
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-1/+1
| | | | configurable.
* Cleaned up memory management and return values for encryption payloadMartin Willi2012-07-161-1/+0
|
* Add a return value to keymat_v1_t.{get,update,confirm}_ivMartin Willi2012-07-162-9/+13
|
* Refactored heavily #ifdefd capability code to its own libstrongswan classMartin Willi2012-07-042-2/+4
|
* Make rescheduling a job more predictableTobias Brunner2012-06-251-6/+1
| | | | | | | | | | | | | This avoids race conditions between calls to cancel() and jobs that like to be rescheduled. If jobs were able to reschedule themselves it would theoretically be possible that two worker threads have the same job assigned (the one currently executing the job and the one executing the same but rescheduled job if it already is time to execute it), this means that cancel() could be called twice for that job. Creating a new job based on the current one and reschedule that is also OK, but rescheduling itself is more efficient for jobs that need to be executed often.
* Centralized thread cancellation in processor_tTobias Brunner2012-06-253-34/+19
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* implemented the right|leftallowany featureAndreas Steffen2012-06-081-2/+2
|
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-171-1/+1
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-033-10/+12
| | | | Also fixes several whitespace errors.
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-206-59/+365
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| * Store the major IKE version on ike_sa_id_t.Tobias Brunner2012-03-202-3/+6
| |
| * Adopt children after syncing a rekeyed IKEv1 SAMartin Willi2012-03-201-0/+6
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-01 21:24:37 +0000