aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
* ike-sa-manager: Signal entries that we don't actually check outTobias Brunner2015-11-091-1/+8
| | | | | | | | | In some cases we call wait_for_entry() but don't actually check out the entry afterwards (e.g. because it doesn't match certain criteria). So there won't be a call to checkin() for such entries causing waiting threads to get signaled. Instead, such threads would be blocked until another thread properly checks out/in the entry (or does a blocking enumeration).
* ike-sa-manager: Signal waiting threads after check out/in for uniqueness checkTobias Brunner2015-11-091-0/+3
| | | | Fixes 758b1caa0e75 ("ikev1: Prevent deadlock when checking for duplicate IKEv1 SAs")
* ikev1: Fix calculation of DPD timeoutTobias Brunner2015-11-091-0/+2
| | | | | A DPD timeout job is queued whenever a DPD is sent, i.e. after the DPD delay already has elapsed, so we have to compensate for that.
* xauth: Call authorize() hook also when xauth-noauth is usedTobias Brunner2015-11-091-2/+8
| | | | Fixes #1138.
* ikev2: Fix size of key material for CAMELLIA-CTRTobias Brunner2015-10-301-0/+1
| | | | Like AES in CTR mode it includes a 4 byte nonce.
* ike-mobike: Send retransmits to the current local and remote addressesTobias Brunner2015-10-301-1/+5
| | | | | | These might have changed by a peer-initiated MOBIKE address update. Fixes #1125.
* ikev1: Handle queued INFORMATIONAL message after receiving the last AM requestTobias Brunner2015-10-301-0/+16
|
* ikev1: Queue INFORMATIONAL request if AM is not complete yetTobias Brunner2015-10-301-6/+13
|
* ikev1: Handle queued TRANSACTION messages only after processing repliesTobias Brunner2015-10-301-1/+2
|
* ikev1: Extract queueing of TRANSACTIONAL requests when MM is not complete yetTobias Brunner2015-10-301-17/+27
|
* ikev1: Drop TRANSACTION/QUICK_MODE requests until we received the last AM ↵Tobias Brunner2015-10-301-0/+32
| | | | message
* ikev1: Make maximum number of IKEv1 phase 2 exchanges we keep state about ↵Tobias Brunner2015-10-301-9/+11
| | | | | | configurable Fixes #1128.
* ikev1: Avoid fourth QM message if third QM messages of multiple exchanges ↵Tobias Brunner2015-10-292-2/+14
| | | | | | | | | | | | are handled delayed If we haven't received the third QM message for multiple exchanges the return value of NEED_MORE for passive tasks that are not responsible for a specific exchange would trigger a fourth empty QM message. Fixes: 4de361d92c54 ("ikev1: Fix handling of overlapping Quick Mode exchanges") References #1076.
* ikev1: Prevent deadlock when checking for duplicate IKEv1 SAsTobias Brunner2015-10-291-0/+16
| | | | | | | | | | | Previously, the current segment was held while checking for duplicate SAs, which requires acquiring all segments. If multiple threads did this concurrently this resulted in a deadlock as they couldn't acquire the segments held by the other threads attempting to do the same. With the default configuration only one segment is used, which prevents the problem as only one thread can check in an IKE SA concurrently. Fixes: a064eaa8a63a ("Handling of initial contact")
* shunt-manager: Resolve %dynamic to %any4/6 before installing policiesTobias Brunner2015-09-161-7/+22
| | | | | | | | left|rightsubnet default to %dynamic, which is basically 0.0.0.0/0 until an address is assigned to it. So if only one side was undefined and the other traffic selector was IPv6 an address family mismatch would occur. References #595.
* shunt-manager: Don't install policies in case of an address family or IP ↵Tobias Brunner2015-09-161-0/+20
| | | | | | protocol mismatch References #595.
* trap-manager: Cleanup local address in error casesTobias Brunner2015-08-271-0/+2
|
* ike: Fix half-open count for initiating SAs when initially checked inTobias Brunner2015-08-271-0/+6
|
* ike: Only consider number of half-open SAs as responder when deciding ↵Tobias Brunner2015-08-272-11/+35
| | | | whether COOKIEs are sent
* ike: Also track initiating IKE_SAs as half-openTobias Brunner2015-08-211-1/+0
|
* child-rekey: Don't add a REKEY_SA notify if the child-create task is ↵Tobias Brunner2015-08-211-6/+9
| | | | deleting the SA
* child-create: Cache proposed IPsec protocolTobias Brunner2015-08-211-10/+13
| | | | | This allows us to DELETE CHILD_SAs on failures that occur before we retrieved the selected proposal.
* child-create: Don't attempt to delete the SA if we don't have all the ↵Tobias Brunner2015-08-211-8/+10
| | | | | | | information Since we only support single protocols we could probably guess it and always send a DELETE.
* child-rekey: Remove redundant migrate() call for child-create sub-taskTobias Brunner2015-08-211-2/+1
| | | | | | | When retrying due to a DH group mismatch this is already done by the child-create task itself. And in other cases where the task returns NEED_MORE we actually will need access to a possible proposal to properly delete it.
* child-create: Fix crash when retrying CHILD_SA rekeying due to a DH group ↵Tobias Brunner2015-08-211-0/+1
| | | | | | | | | | mismatch If the responder declines our KE payload during a CHILD_SA rekeying migrate() is called to reuse the child-create task. But the child-rekey task then calls the same method again. Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()")
* ikev1: Fix handling of overlapping Quick Mode exchangesTobias Brunner2015-08-203-2/+70
| | | | | | | | | | | | | In some cases the third message of a Quick Mode exchange might arrive after the first message of a subsequent Quick Mode exchange. Previously these messages were handled incorrectly and the second Quick Mode exchange failed. Some implementations might even try to establish multiple Quick Modes simultaneously, which is explicitly allowed in RFC 2409. We don't fully support that, though, in particular in case of retransmits. Fixes #1076.
* ikev2: Compare initiator flag again, partially reverts 17ec1c74deTobias Brunner2015-08-202-1/+5
| | | | | We should ignore messages that have the flag set incorrectly. This restores RFC compliance which was broken since the mentioned commit.
* ikev1: Pass current auth-cfg when looking for key to determine auth methodTobias Brunner2015-08-191-1/+1
| | | | | | | | | If multiple certificates use the same subjects we might choose the wrong one otherwise. This way we use the one referenced with leftcert and stored in the auth-cfg and we actually do the same thing later in the pubkey authenticator. Fixes #1077.
* ikev2: Store outer EAP method used to authenticate remote peer in auth-cfgTobias Brunner2015-08-191-0/+9
| | | | | | | This allows symmetric configuration of EAP methods (i.e. the same value in leftauth and rightauth) when mutual EAP-only authentication is used. Previously the client had to configure rightauth=eap or rightauth=any, which prevented it from using this same config as responder.
* ike: Use the original port when remote resolves to %anyTobias Brunner2015-08-191-1/+3
| | | | | | When reestablishing the IKE_SA we should still use the original port when right resolves to %any as some implementations might not like initial IKE messages on port 4500 (especially for IKEv1).
* trap-manager: Enable auto=route with right=%any for transport mode connectionsTobias Brunner2015-08-191-27/+118
| | | | Fixes #196.
* child-sa: Fix refcounting of allocated reqidsTobias Brunner2015-08-171-3/+12
| | | | | | | | | | | During a rekeying we want to reuse the current reqid, but if the new SA does not allocate it via kernel-interface the state there will disappear when the old SA is destroyed after the rekeying. When the IKE_SA is later reauthenticated with make-before-break reauthentication the new CHILD_SAs there will get new reqids as no existing state is found in the kernel-interface, breaking policy installation in the kernel. Fixes: a49393954f31 ("child-sa: Use any fixed reqid configured on the CHILD_SA config")
* plugin-feature: Add vendor specific EAP method registration macrosTobias Brunner2015-08-171-1/+2
| | | | | | | | | | | Vendor specific EAP methods may be registered with: PLUGIN_CALLBACK(eap_method_register, <constructor>), PLUGIN_PROVIDE(EAP_SERVER_VENDOR, <type>, <vendor>), Same for client implementations via EAP_PEER_VENDOR. References #969.
* Initialize variables that some compilers seem to warn aboutTobias Brunner2015-08-131-1/+1
|
* ike: Disable NAT keepalives in state PASSIVEThomas Egerer2015-08-041-3/+12
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* ike: Fix memory leak if remote address is keptTobias Brunner2015-07-271-0/+4
|
* ike-rekey: Fix cleanup() callTobias Brunner2015-07-271-2/+2
|
* ike-rekey: Reset IKE_SA on bus before sending CREATE_CHILD_SA responseTobias Brunner2015-07-271-1/+2
| | | | | Even when there is no error the CREATE_CHILD_SA response should be sent in the context of the existing IKE_SA.
* ike-rekey: Reset IKE_SA on the bus after destroying new IKE_SATobias Brunner2015-07-271-16/+15
| | | | | | | | | | | | | | | The destroy() method sets the IKE_SA on the bus to NULL, we reset it to the current IKE_SA so any events and log messages that follow happen in the correct context. A practical example where this is problematic is a DH group mismatch, which causes the first CREATE_CHILD_SA exchange to fail. Because the SA was not reset previously, the message() hook for the CREATE_CHILD_SA response, for instance, was triggered outside the context of an IKE_SA, that is, the ike_sa parameter was NULL, which is definitely not expected by several plugins. Fixes #862.
* shunt-manager: Add flush() method to properly uninstall shuntsTobias Brunner2015-07-272-4/+46
| | | | | This will allow us to uninstall shunts before unloading the kernel-interface plugins.
* shunt-manager: Remove stored entries if installation failsTobias Brunner2015-07-271-2/+11
|
* shunt-manager: Add a lock to safely access the list of shunt policiesTobias Brunner2015-07-271-3/+17
|
* trap-manager: Resolve race conditions between flush() and install()Tobias Brunner2015-07-271-0/+31
| | | | | | | | | | | | | When flush() is called there might be threads in install() waiting for trap policies to get installed (without holding the lock). We have to wait until they updated the entries with the respective CHILD_SAs before destroying the list. We also have to prevent further trap policy installations (and wait until threads in install() are really finished), otherwise we might end up destroying CHILD_SA objects after the kernel interface implementations have already been unloaded (avoiding this is the whole point of calling flush() before unloading the plugins).
* trap-manager: Changed how acquires we acted on are trackedTobias Brunner2015-07-271-36/+86
| | | | | | | | | This fixes potential race conditions in case complete() or flush() is executed before or concurrently with a thread that handles an acquire. It will also simplify tracking multiple acquires created for the same trap policy in the future. Also fixes the behavior in some error situations.
* trap-manager: Properly check-in IKE_SA if initiating failsTobias Brunner2015-07-271-2/+2
| | | | | | | | | This basically reverts f4e822c1b422 ("trap-manager: don't check-in nonexisting IKE_SA if acquire fails"). As checkout_by_config() could return an already existing and established IKE_SA we have to properly destroy it, for instance, in case other threads are waiting to check it out. checkin_and_destroy() should handle the case of a new SA properly (it produces a log message on level 1, though).
* ike: Fall back to the current remote IP if it resolves to %anyTobias Brunner2015-07-271-1/+6
| | | | | | | | | In some situations it might be valid for a host that configures right=%any to reestablish or reauthenticate an IKE_SA. Using %any would immediately abort the initiation causing the new SA to fail (which might already have the existing CHILD_SAs assigned). Fixes #1027.
* ike: Use address family of local address when resolving remote hostTobias Brunner2015-07-271-1/+14
| | | | | | | If static local addresses are configured we should use their address family as a hint when resolving the remote address. We don't do this if %any is configured as this might break existing configurations (%any4 and %any6 are however used as hint).
* ike-sa-manager: Safely access the RNG instance with an rwlockTobias Brunner2015-07-141-5/+16
| | | | | | | | | | | Threads might still be allocating SPIs (e.g. triggered by an acquire or an inbound message) while the main thread calls flush(). If there is a context switch right after such a thread successfully checked this->rng in get_spi() and the main thread destroys the RNG instance right then, that worker thread will cause a segmentation fault when it continues and attempts to call get_bytes(). Fixes #1014.
* ikev2: Derive additional 4 byte CHILD_SA nonce keymat for ChaCha20-Poly1305Martin Willi2015-06-291-0/+1
|
* ikev2: Use four byte salt for ChaCha20-Poly1305 AEADMartin Willi2015-06-291-0/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-10 06:07:21 +0000