aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
Commit message (Collapse)AuthorAgeFilesLines
* kernel-pfkey: Support anti-replay windows > 2kTobias Brunner2017-11-081-1/+14
| | | | | | | FreeBSD 11.1 supports a new extension to configure larger anti-replay windows, now configured as number of packets. Fixes #2461.
* kernel-pfkey: Don't include keys in SADB_UPDATE message to update IPs on FreeBSDTobias Brunner2017-11-081-0/+3
| | | | | | The FreeBSD kernel explicitly rejects messages containing keys for mature SAs. Fixes #2457.
* linked-list: Change return value of find_first() and signature of its callbackTobias Brunner2017-05-261-25/+20
| | | | This avoids the unportable five pointer hack.
* linked-list: Change interface of callback for invoke_function()Tobias Brunner2017-05-261-9/+26
| | | | This avoids the unportable five pointer hack.
* kernel-pfkey: Update SA addresses if supported by the kernelTobias Brunner2017-05-231-21/+16
| | | | | | Upcoming FreeBSD kernels will support updating the addresses of existing SAs with new SADB_X_EXT_NEW_ADDRESS_SRC|DST extensions for the SADB_UPDATE message.
* kernel-pfkey: Use new encap flag on Mac OS X when updating SAsTobias Brunner2017-05-231-1/+1
|
* kernel: Make range of SPIs for IPsec SAs configurableTobias Brunner2017-03-021-3/+10
|
* kernel-pfkey: Use the same priority range for trap and regular policiesTobias Brunner2017-02-081-15/+15
| | | | Same as the change in the kernel-netlink plugin.
* kernel-pfkey: Set state to SADB_SASTATE_MATURE when adding/updating SAsTobias Brunner2017-01-251-0/+2
| | | | | | | Picky kernels might otherwise reject our messages as RFC 2367 explicitly mandates this. Fixes #2212.
* kernel-pfkey: Only set the replay window for inbound SAsTobias Brunner2016-06-171-3/+8
| | | | | It is not necessary for outbound SAs and might waste memory when large window sizes are used.
* kernel-pfkey: Install routes with OUT policiesTobias Brunner2016-06-101-31/+30
|
* kernel-pfkey: Don't install routes for drop policies and if protocol/ports ↵Tobias Brunner2016-06-101-3/+10
| | | | are in the selector
* kernel-pfkey: Also use interface returned by get_nexthop() for IPsec policiesTobias Brunner2016-06-101-1/+3
| | | | | An exception is if the local address is virtual, in which case we want the route to be via TUN device.
* kernel-pfkey: Use interface to next hop for shunt policiesTobias Brunner2016-06-101-2/+3
|
* kernel-net: Let get_nexthop() return an optional interface nameTobias Brunner2016-06-101-3/+3
| | | | | The returned name should be the interface over which the destination address/net is reachable.
* kernel-pfkey: Use ipsec_sa_cfg_equals()Tobias Brunner2016-06-081-1/+1
|
* kernel-pfkey: Add support for manual prioritiesTobias Brunner2016-04-151-7/+24
| | | | Also orders policies with equals priorities by their automatic priority.
* kernel-pfkey: Update priority calculation formula to the new one in ↵Tobias Brunner2016-04-151-14/+25
| | | | | | | kernel-netlink Since the selectors are not exactly the same (no port masks, no interface) some small tweaks have been applied.
* kernel-pfkey: Prefer policies with reqid over those withoutTobias Brunner2016-04-091-1/+7
|
* kernel-pfkey: Only install templates for regular IPsec policies with reqidTobias Brunner2016-04-091-32/+35
|
* kernel: Use structs to pass information to the kernel-ipsec interfaceTobias Brunner2016-04-091-167/+210
|
* Use standard unsigned integer typesAndreas Steffen2016-03-241-55/+55
|
* libhydra: Move kernel interface to libcharonTobias Brunner2016-03-031-39/+31
| | | | This moves hydra->kernel_interface to charon->kernel.
* libhydra: Move all kernel plugins to libcharonTobias Brunner2016-03-031-0/+3102
|
* Moved all kernel plugins to libhydra.Tobias Brunner2010-09-021-2172/+0
|
* Refer to kernel interface via hydra and not charon.Tobias Brunner2010-09-021-16/+16
|
* Removed references to protocol_id_t from kernel interface.Tobias Brunner2010-09-021-43/+27
| | | | | Instead we use the actual IP protocol identifier (the conversion now happens in child_sa_t and kernel_handler_t).
* Moved migrate job creation to kernel event handler.Tobias Brunner2010-09-021-7/+2
|
* Moved update SA job creation to kernel event handler.Tobias Brunner2010-09-021-7/+4
|
* Moved delete/rekey CHILD_SA job creation to kernel event handler.Tobias Brunner2010-09-021-15/+2
|
* Moved acquire job creation to kernel event handler.Tobias Brunner2010-09-021-8/+4
|
* Refer to processor via hydra and not charon.Tobias Brunner2010-09-021-5/+6
|
* Use a seperate section for each nested struct member in INIT macroMartin Willi2010-08-181-12/+14
|
* support of xfrm marks for IKEv2Andreas Steffen2010-07-021-11/+14
|
* Do not install routes in the PF_KEY kernel interface if interface lookup failed.Tobias Brunner2010-06-231-15/+23
|
* Fixing the PF_KEY kernel interface on Android.Tobias Brunner2010-06-221-0/+2
| | | | In Android's in.h IPPROTO_COMP is not #defined but just an enum member.
* Check for SADB_X_NAT_T_NEW_MAPPING in PF_KEY kernel interface.Tobias Brunner2010-06-151-4/+4
| | | | | FreeBSD 8 does not support SADB_X_NAT_T_NEW_MAPPING whereas Linux and the previous FreeBSD NAT-T patch both do.
* Set the ports of all hosts installed via the PF_KEY kernel interface to zero.Tobias Brunner2010-06-151-15/+37
|
* Moving charon to libcharon.Tobias Brunner2010-03-191-0/+2175
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-20 17:48:20 +0000