aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/socket_default/socket_default_socket.c
Commit message (Collapse)AuthorAgeFilesLines
* socket-default: Add an option to force the sending interface via IP_PKTINFOMartin Willi2017-05-231-7/+48
| | | | | | | | | | | | | | | | | | | | | | | | | On Linux, setting the source address is insufficient to force a packet to be sent over a certain path. The kernel uses the best route to select the outgoing interface, even if we set a source address of a lower priority interface. This is not only true for interfaces attaching to the same subnet, but also for unrelated interfaces; the kernel (at least on 4.7) sends out the packet on whatever interface it sees fit, even if that network does not expect packets from the source address we force to. When a better interface becomes available, strongSwan sends its MOBIKE address list update using the old source address. But the kernel sends that packet over the new best interface. If that network drops packets having the unexpected source address from the old path, the MOBIKE update fails and the SA finally times out. To enforce a specific interface for our packet, we explicitly set the interface index from the interface where the source address is installed. According to ip(7), this overrules the specified source address to the primary interface address. As this could have side effects to installations using multiple addresses on a single interface, we disable the option by default for now. This also allows using IPv6 link-local addresses, which won't work if the outbound interface is not set explicitly.
* Use standard unsigned integer typesAndreas Steffen2016-03-241-16/+16
|
* libhydra: Move kernel interface to libcharonTobias Brunner2016-03-031-5/+3
| | | | This moves hydra->kernel_interface to charon->kernel.
* socket-default: Refactor setting source address when sending messagesTobias Brunner2015-11-091-46/+107
| | | | | | | | | | | This ensures we don't pass data (via msg_control) defined in a different scope to sendmsg(). Actually, some compilers (e.g. GCC 5.2.1) might optimize the memcpy() call away causing the packets not to get sent from the intended source address. It also makes the code clearer than with all these ifdefs. Fixes #1171.
* socket-default: Refactor retrieval of destination address of received packetsTobias Brunner2015-11-091-39/+89
| | | | This makes the code a bit clearer than with the interleaved ifdefs.
* Fixed some typos, courtesy of codespellTobias Brunner2014-12-151-1/+1
|
* socket-default: Use round-robin selection of sockets to read fromMartin Willi2014-11-211-5/+13
| | | | | If multiple sockets are ready, we previously preferred the IPv4 non-NAT socket over others. To handle all with equal priority, use a round-robin selection.
* socket-default: Use poll(2) instead of selectMartin Willi2014-11-211-46/+20
| | | | | It is not only simpler, but also allows the use of arbitrary high fd numbers, which silently fails with select().
* packet: Define a global default maximum size for IKE packetsTobias Brunner2014-10-101-4/+1
|
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-121-7/+7
|
* socket-default: Allow setting firewall mark on outbound packetsTobias Brunner2013-10-111-0/+18
|
* sockets: Initialize the whole ancillary data buffer not only the actual structTobias Brunner2013-09-101-2/+2
| | | | | | This avoids uninitialized bytes that Valgrind seems to notice otherwise. Fixes #395.
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-181-1/+1
|
* socket-default: Add options to disable address familiesTobias Brunner2013-07-051-0/+25
|
* net: Socket implementations report the address families they supportTobias Brunner2013-07-051-1/+18
|
* socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-251-0/+12
| | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
* socket-default: Make sure sockets are open when checking with FD_ISSETTobias Brunner2013-06-141-4/+4
|
* socket-default: Properly initialize NAT-T port if opening regular socket failedTobias Brunner2013-06-141-1/+2
|
* socket-default: to bind to one dynamic port on OS X, create v4 socket before v6Martin Willi2013-05-061-1/+7
| | | | | It seems that the order of binding sockets of different address families to the same dynamic port must be v6-before-v4 on Linux, but v4-before-v6 on OS X.
* socket-default: refactor socket pair opening to a functionMartin Willi2013-05-061-27/+23
|
* socket-default: Don't try to send packet if we haven't a socket for given familyMartin Willi2013-05-061-3/+4
|
* socket-default: Use -1 if socket is not available, as 0 is actually a valid fdMartin Willi2013-05-061-20/+23
|
* Set DSCP values when sending IP packets in socket-defaultMartin Willi2013-02-061-1/+65
|
* Don't send a packet in default socket if family is not IPv4 nor IPv6Martin Willi2013-02-061-12/+18
|
* Avoid extensive casting of sockaddr types in socket-default by using a unionMartin Willi2013-02-061-24/+16
| | | | Additionally fixes a strict-aliasing rule compiler warning with older gcc.
* Clarified error message if enabling UDP decapsulation failsTobias Brunner2012-09-271-1/+2
|
* Enable UDP decapsulation for both address familiesTobias Brunner2012-08-161-7/+9
| | | | | | | | Since the 3.5 Linux kernel both UDP implementations have a separate static flag to indicate whether ANY sockets enabled UDP decapsulation. As we only ever enabled it for one address family (in earlier versions IPv4 only, now for IPv6, if supported, and for IPv4 otherwise) UDP decapsulation wouldn't work anymore (at least for one address family).
* Added option to prevent socket-default from setting the source address on ↵Tobias Brunner2012-08-081-1/+9
| | | | outbound packets
* socket-default plugin allocates random ports if configured to 0.Tobias Brunner2012-08-081-36/+84
| | | | Also added strongswan.conf options to change the ports.
* Added get_port() method to socket_t to learn the listening port.Tobias Brunner2012-08-081-1/+8
|
* Improved how NAT-T keepalives are handled in sockets/receiver.Tobias Brunner2012-08-081-10/+0
|
* Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.Tobias Brunner2012-08-081-36/+6
|
* Add Non-ESP marker in sender and not individual socket plugins.Tobias Brunner2012-08-081-12/+1
|
* Handle Non-ESP marker in receiver and not individual socket plugins.Tobias Brunner2012-08-081-13/+4
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-13/+13
| | | | configurable.
* Use proper defines for IPV6_PKTINFO on Mac OS X Lion and newer.Tobias Brunner2012-06-131-0/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-031-1/+1
| | | | Also fixes several whitespace errors.
* Fix alignement compiler warningMartin Willi2011-06-031-5/+4
|
* Deferred instantiation of socket implmentations until registration.Tobias Brunner2010-10-151-3/+3
| | | | | | Instantiating the implementations on plugin load was problematic in case multiple socket plugins were loaded. Now, the first one registered is instantiated.
* Refer to kernel interface via hydra and not charon.Tobias Brunner2010-09-021-2/+3
|
* Win7 might send up to 7k of certificate requestsAndreas Steffen2010-08-271-1/+1
|
* Discard a packet that exceeds the receive bufferMartin Willi2010-08-111-0/+5
|
* Added a strongswan.conf option to change socket receive buffer sizeMartin Willi2010-08-111-8/+9
|
* Moving charon to libcharon.Tobias Brunner2010-03-191-0/+631
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 09:10:55 +0000