aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/kernel_libipsec
Commit message (Collapse)AuthorAgeFilesLines
* linked-list: Change return value of find_first() and signature of its callbackTobias Brunner2017-05-261-19/+16
| | | | This avoids the unportable five pointer hack.
* kernel-net: Let get_nexthop() return an optional interface nameTobias Brunner2016-06-101-2/+3
| | | | | The returned name should be the interface over which the destination address/net is reachable.
* kernel: Use structs to pass information to the kernel-ipsec interfaceTobias Brunner2016-04-091-42/+38
|
* Use standard unsigned integer typesAndreas Steffen2016-03-241-17/+17
|
* libhydra: Remove empty unused libraryTobias Brunner2016-03-031-1/+0
|
* libhydra: Move kernel interface to libcharonTobias Brunner2016-03-032-38/+28
| | | | This moves hydra->kernel_interface to charon->kernel.
* libipsec: Pass the same data to del_policy() as to add_policy()Tobias Brunner2016-02-041-2/+2
| | | | | | We already do this for the other kernel interfaces. Fixes e1e88d5adde0 ("libipsec: Don't attempt deletion of any non-IPsec policies")
* kernel-interface: Pass the same data to del_policy() that was passed to ↵Tobias Brunner2015-11-101-3/+4
| | | | | | | add_policy() The additional data can be helpful to identify the exact policy to delete.
* libipsec: Pass separate inbound/update flags to the IPsec SA managerMartin Willi2015-03-091-1/+2
| | | | | Similar to other kernel interfaces, the libipsec backends uses the flag for different purposes, and therefore should get separate flags.
* kernel-interface: Add a separate "update" flag to add_sa()Martin Willi2015-03-091-1/+1
| | | | | | | | | | | The current "inbound" flag is used for two purposes: To define the actual direction of the SA, but also to determine the operation used for SA installation. If an SPI has been allocated, an update operation is required instead of an add. While the inbound flag normally defines the kind of operation required, this is not necessarily true in all cases. On the HA passive node, we install inbound SAs without prior SPI allocation.
* kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqidMartin Willi2015-02-201-3/+3
|
* kernel-interface: Pass full list of traffic selectors to add_sa()Martin Willi2015-02-201-1/+1
| | | | | | While we can handle the first selector only in BEET mode in kernel-netlink, passing the full list gives the backend more flexibility how to handle this information.
* libipsec: Remove unused src/dst_ts parameters from ipsec_sa_mgr_t.add_sa()Martin Willi2015-02-201-2/+1
|
* kernel-interface: Remove reqid parameter from get_spi/get_cpi() methodsMartin Willi2015-02-201-2/+2
| | | | | | | | | | The reqid is not strictly required, as we set the reqid with the update call when installing the negotiated SA. If we don't need a reqid at this stage, we can later allocate the reqid in the kernel backend once the SA parameters have been fully negotaited. This allows us to assign the same reqid for the same selectors to avoid conflicts on backends this is necessary.
* libipsec: Remove unused reqid parameter from ipsec_sa_mgr_t.get_spi()Martin Willi2015-02-191-1/+1
|
* kernel-libipsec: Use poll(2) instead of selectMartin Willi2014-11-211-54/+56
|
* kernel-interface: Add destination prefix to get_nexthop()Tobias Brunner2014-06-191-2/+2
| | | | | This allows to determine the next hop to reach a subnet, for instance, when installing routes for shunt policies.
* kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-171-2/+3
|
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-121-1/+1
|
* libhydra: Use lib->ns instead of hydra->daemonTobias Brunner2014-02-121-1/+1
|
* kernel-libipsec: Don't ignore policies of type != POLICY_IPSECTobias Brunner2013-10-111-5/+0
| | | | | | This actually broke rekeying due to the DROP policies that are temporarily added, which broke the refcount as the ignored policies were not ignored in del_policy() (the type is not known there).
* kernel-libipsec: Add an option to allow remote TS to match the IKE peerTobias Brunner2013-10-111-2/+9
| | | | | | | | Setting the fwmark options for the kernel-netlink and socket-default plugins allow this kind of setup. It is probably required to set net.ipv4.conf.all.rp_filter to 2 to make it work.
* kernel-libipsec: Support ESPv3 TFC paddingMartin Willi2013-10-111-1/+1
|
* kernel-libipsec: Support query_sa() to report usage statisticsMartin Willi2013-10-111-1/+2
|
* kernel: Use a time_t to report use time in query_policy()Martin Willi2013-10-111-1/+1
|
* kernel: Use a time_t to report use time in query_sa()Martin Willi2013-10-111-1/+1
|
* kernel-libipsec: Fail route installation if remote TS matches peerTobias Brunner2013-07-181-0/+9
|
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-181-1/+1
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-3/+4
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* kernel-libipsec: Log error if no local address is found when installing routesTobias Brunner2013-07-151-0/+5
|
* capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-251-0/+7
| | | | The daemon as such does not require this capability.
* kernel-libipsec: Ignore failures when installing routes for multicast or ↵Tobias Brunner2013-06-211-1/+23
| | | | broadcast policies
* kernel-libipsec: Add a feature to request UDP encapsulation of ESP packetsTobias Brunner2013-06-211-0/+7
|
* kernel-libipsec: Install a gateway for routes on platforms other than LinuxTobias Brunner2013-06-211-9/+26
| | | | This seems required e.g. on FreeBSD but doesn't work on Linux.
* kernel-libipsec: Router reads packets from multiple TUN devicesTobias Brunner2013-06-214-16/+268
| | | | These devices are collected via kernel_listener_t interface.
* kernel-libipsec: Use separate class to route packets between charon, ↵Tobias Brunner2013-06-214-74/+188
| | | | libipsec and TUN device
* kernel-libipsec: Track policies and automatically install routesTobias Brunner2013-06-211-5/+455
| | | | | | | | The routes direct traffic matching the remote traffic selector to the TUN device. If the remote traffic selector includes the IKE peer a very specific route is installed to allow IKE traffic.
* kernel-libipsec: Handle packets between charon socket, libipsec and TUN deviceTobias Brunner2013-06-211-0/+85
|
* kernel-libipsec: Create a TUN device and use it to install virtual IPsTobias Brunner2013-06-212-0/+40
|
* kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsecTobias Brunner2013-06-215-0/+385
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 08:21:21 +0000