aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/processing/jobs
Commit message (Collapse)AuthorAgeFilesLines
* ikev1: Adopt virtual IPs on new IKE_SA during re-authenticationTobias Brunner2015-03-191-13/+45
| | | | | | | | | | | Some clients like iOS/Mac OS X don't do a mode config exchange on the new SA during re-authentication. If we don't adopt the previous virtual IP Quick Mode rekeying will later fail. If a client does do Mode Config we directly reassign the VIPs we migrated from the old SA, without querying the attributes framework. Fixes #807, #810.
* ikev2: Immediately initiate queued tasks after establishing rekeyed IKE_SAMartin Willi2015-03-182-0/+145
| | | | | | If additional tasks get queued before/while rekeying an IKE_SA, these get migrated to the new IKE_SA. We previously did not trigger initiation of these tasks, though, leaving the task unexecuted until a new task gets queued.
* ikev1: Don't handle DPD timeout job if IKE_SA got passiveMartin Willi2015-03-101-0/+6
| | | | | | While a passively installed IKE_SA does not queue a DPD timeout job, one that switches from active to passive might execute it. Ignore such a queued job if the IKE_SA is in passive state.
* migrate-job: Do CHILD_SA reqid lookup locallyMartin Willi2015-02-202-26/+21
|
* kernel-interface: Raise mapping event with a proto/SPI/dst tupleMartin Willi2015-02-202-11/+30
|
* inactivity-job: Schedule job by CHILD_SA unique ID instead of reqidMartin Willi2015-02-202-10/+10
|
* kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqidMartin Willi2015-02-204-39/+33
|
* ike: Maintain per-IKE_SA CHILD_SAs in the global CHILD_SA managerMartin Willi2015-02-201-4/+15
|
* ike: Remove redundant check for local NAT when handling changed NAT mappingsTobias Brunner2014-10-131-6/+1
|
* ikev1: Extend adopt_children_job by task queuing, executed after adoptionMartin Willi2014-08-252-0/+48
|
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-041-1/+1
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* ike: Delay actively initiated reauthentication when other exchanges in progressMartin Willi2014-04-171-2/+47
| | | | | If any other IKE or CHILD_SA operation takes places, we should not start initiating reauthentication to avoid any potential races.
* ike: Restart inactivity counter after doing a CHILD_SA rekeyMartin Willi2014-01-231-2/+3
| | | | | | | | | | | | When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity job is queued for a time unrelated to the rekey time, so it might happen that the inactivity job gets executed just after rekeying. If this happens, inactivity is detected even if we had traffic on the rekeyed CHILD_SA just before rekeying. This change implies that inactivity checks can't handle inactivity timeouts for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter than the rekey time to have any effect.
* ikev1: Don't log a reauthentication detection message if no children adoptedMartin Willi2013-09-301-2/+6
| | | | | When a replace unique policy is in place, the children get adopted during the uniqueness check. In this case the message is just misleading.
* Reuse reqid for trap policies installed for dpd|closeaction=holdTobias Brunner2013-07-011-1/+1
|
* Delete IKE_SAs if responder does not initiate XAuth exchange within a ↵Tobias Brunner2013-03-191-1/+11
| | | | certain time frame
* When IKEv1 DPD times out, raise missing SEND_RETRANSMIT_TIMOUT alertMartin Willi2013-03-141-0/+1
|
* child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-142-4/+3
| | | | packets
* Log message size for in- and outbound IKE messagesTobias Brunner2012-12-241-2/+3
|
* Raise an alert if half-open timeout limit reachedMartin Willi2012-12-191-0/+1
|
* Properly trigger ike_updown() event if IKEv1 DPD times outMartin Willi2012-12-041-0/+1
| | | | Fixes missing RADIUS Accounting Stop, #257.
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-242-2/+2
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-3/+12
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-1/+1
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-1/+1
| | | | configurable.
* Make rescheduling a job more predictableTobias Brunner2012-06-251-6/+4
| | | | | | | | | | | | | This avoids race conditions between calls to cancel() and jobs that like to be rescheduled. If jobs were able to reschedule themselves it would theoretically be possible that two worker threads have the same job assigned (the one currently executing the job and the one executing the same but rescheduled job if it already is time to execute it), this means that cancel() could be called twice for that job. Creating a new job based on the current one and reschedule that is also OK, but rescheduling itself is more efficient for jobs that need to be executed often.
* Give processor_t more control over the lifecycle of a jobTobias Brunner2012-06-2519-59/+51
| | | | | | | | | | | Jobs are now destroyed by the processor, but they are allowed to reschedule themselves. That is, parts of the reschedule functionality already provided by callback_job_t is moved to the processor. Not yet fully supported is JOB_REQUEUE_DIRECT and canceling jobs. Note: job_t.destroy() is now called not only for queued jobs but also after execution or cancellation of jobs. job_t.status can be used to decide what to do in said method.
* Use XAuth/EAP remote identity for uniqueness checkMartin Willi2012-06-251-2/+2
|
* Avoid queueing more than one retry initiate job.Tobias Brunner2012-05-301-1/+1
|
* Job added to re-initiate an IKE_SA.Tobias Brunner2012-05-302-0/+143
|
* Fix IKEv1 DPD clear, destroying IKE_SA even if reestablish not neededMartin Willi2012-05-211-9/+3
|
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-171-1/+1
|
* Consider inbound ESP as a sign of liveness for DPD timeoutMartin Willi2012-05-151-2/+15
|
* Schedule a DPD timeout job that enforces the IKE message timeout policyMartin Willi2012-05-152-0/+163
|
* Loggers specify what log messages they want to receive during registration.Tobias Brunner2012-05-021-1/+1
| | | | | | | This also allows us to generate the log message only once for all loggers that need it (avoids calls to custom printf specifier callbacks). To update the log levels loggers can simply be registered again.
* Adopt children after syncing a rekeyed IKEv1 SAMartin Willi2012-03-201-1/+2
|
* Invoke ike_updown hooks for reauthenticated IKEv1 SAsMartin Willi2012-03-201-0/+1
|
* Try to detect reauthentication as responder and adopt children to new SAMartin Willi2012-03-202-0/+224
|
* Do not query CHILD_SA during delete if they already expiredMartin Willi2012-03-203-6/+11
|
* Removed obsolete XAuth jobMartin Willi2012-03-202-133/+0
|
* Pass IKE version to peer config enumerator, filter configsMartin Willi2012-03-201-1/+1
|
* IKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, ↵Clavister OpenSource2012-03-201-2/+1
| | | | signalling whether or not to call the task_manager->initiate method after queueing the task.
* IKEv1 XAuth: Added a job to call the initiate_xauth method of ike_sa after ↵Clavister OpenSource2012-03-202-0/+134
| | | | the completion of the current set of tasks is complete.
* Do not ignore configs for IKEv1 in charon anymoreMartin Willi2012-03-201-5/+0
|
* Use enum to define IKE version on peer_cfg_t.Tobias Brunner2012-03-201-1/+1
| | | | Replaced all those magic numbers.
* Migrated initiate_mediation_job_t to INIT/METHOD macros.Tobias Brunner2011-10-031-30/+19
|
* Migrated mediation_job_t to INIT/METHOD macros.Tobias Brunner2011-10-031-28/+16
|
* Add missing semicolonMartin Willi2011-09-121-1/+1
|
* bus->listen() and the controller wrappers accept a timeout to wait for callbacksMartin Willi2011-08-262-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 15:57:38 +0000