aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
Commit message (Collapse)AuthorAgeFilesLines
* libhydra: Move all kernel plugins to libcharonTobias Brunner2016-03-031-2685/+0
|
* kernel-netlink: Avoid route dump if routing rule excludes traffic with a ↵Tobias Brunner2015-08-181-7/+33
| | | | | | | | | | | certain mark If the routing rule we use to direct traffic to our own routing table excludes traffic with a certain mark (fwmark = !<mark>) we can simplify the route lookup and avoid dumping all routes by passing the mark to the request. That way our own routes are ignored and we get the preferred route back without having to dump and analyze all routes, which is quite a burden on hosts with lots of routes.
* kernel-netlink: Ignore unusable routesTobias Brunner2015-05-211-0/+24
|
* kernel-netlink: Respect kernel routing priorities for IKE routesMartin Willi2015-03-031-2/+15
| | | | | | | | If a system uses routing metrics, we should honor them when doing (manual) routing lookups for IKE. When enumerating routes, the kernel reports priorities with the RTA_PRIORITY attribute, not RTA_METRICS. We prefer routes with a lower priority value, and fall back to longest prefix match priorities if the priority value is equal.
* kernel-netlink: Add options to enable parallel Netlink queries explicitlyMartin Willi2014-11-211-1/+3
| | | | | | As under vanilla Linux the kernel can't handle parallel dump queries and returns EBUSY, it makes not much sense to use them. Disable parallel queries by default to basically restore original behavior, improving performance.
* kernel-netlink: Release lock while doing Netlink NEW/DELADDR operationsMartin Willi2014-11-211-8/+17
| | | | | | | | Besides that it can improve throughput, it avoids a deadlock situation. If all threads are busy, watcher will invoke the FD notification for NEWADDR events itself. If the lock is held, it gets locked up. As watcher is not dispatching anymore, it can't signal Netlink socket send() completion, and the send() operation does not return and keeps the lock.
* kernel-netlink: Define and use rtnetlink message typesMartin Willi2014-09-241-1/+22
|
* kernel-netlink: Pass protocol specific enum names to socket constructorMartin Willi2014-09-241-1/+1
| | | | | This avoid the hard dependency on enum names, and makes kernel_netlink_shared independent of kernel_netlink_ipsec.
* kernel-netlink: Avoid casting the NLMSG_DATA() return valueMartin Willi2014-09-241-9/+9
| | | | There is really no need for doing so, and it makes the code just unreadable.
* kernel-netlink: Define netlink buffer as an union having a netlink headerMartin Willi2014-09-241-5/+5
| | | | | This allows us to streamline the netlink buffers, and avoid extensive casting.
* kernel-netlink: Add global option to configure MSS-clamping on installed routesTobias Brunner2014-09-121-6/+26
|
* kernel-netlink: Add global option to set MTU on installed routesTobias Brunner2014-09-121-0/+19
|
* kernel-netlink: Cast IPv6 address blobs to the proper typeTobias Brunner2014-06-241-3/+3
| | | | On Android these macros are defined as functions.
* kernel-netlink: Install virtual IPv6 addresses as deprecatedTobias Brunner2014-06-201-0/+11
| | | | | | | | This should prevent the kernel's IPv6 source address selection algorithm from using this address unless it is forced to by our source route. This is helpful if split tunneling is used. Fixes #598.
* kernel-netlink: Add support for destination prefix when determining next hopTobias Brunner2014-06-191-20/+35
|
* kernel-interface: Add destination prefix to get_nexthop()Tobias Brunner2014-06-191-1/+1
| | | | | This allows to determine the next hop to reach a subnet, for instance, when installing routes for shunt policies.
* kernel-netlink: Follow RFC 6724 when selecting IPv6 source addressesTobias Brunner2014-06-191-26/+170
| | | | | | | | Instead of using the first address we find on an interface we should consider properties like an address' scope or whether it is temporary or public. Fixes #543.
* libhydra: Use lib->ns instead of hydra->daemonTobias Brunner2014-02-121-9/+9
|
* kernel-netlink: Don't cache route entries if installation failsTobias Brunner2014-02-121-2/+5
| | | | Fixes #500.
* kernel-netlink: Check existence of linux/fib_rules.h, don't include it in ↵Tobias Brunner2013-10-181-1/+8
| | | | | | distribution This reverts commit b0761f1f0a5abd225edc291c8285f99a538e6a66.
* kernel-netlink: Allow setting firewall marks on routing ruleTobias Brunner2013-10-111-0/+20
|
* kernel-netlink: increase buffer size for RT netlink messagesAnsis Atteka2013-09-101-1/+1
| | | | | | | | | | | | | | | | | | | | Commit 940e1b0f66dc04b0853414c1f4c45fa3f6e33bdd "Filter ignored interfaces in kernel interfaces (for events, address enumeration, etc.)" made charon to ignore routes with unusable interfaces. Unusable interface is one where charon has not seen RTM_NEWLINK message from the kernel. Sometime RTM_NEWLINK message can be 1048 bytes large. This is 24 bytes more than currently allocated buffer of 1024 bytes. If kernel sends such a large message, then it would be silently ignored by charon and corresponding interface would never become usable. Hence strongSwan might resolve invalid source IP address in get_route() function. This would prevent IPsec tunnel to be established. To reproduce create a VLAN interface with following command: vconfig add eth1 12
* kernel-netlink,pfroute: Properly update address flag within ROAM_DELAYTobias Brunner2013-08-121-1/+1
| | | | | | | 77d4a02 and 55da01f only updated the address flag when a job was created, which obviously had the same limitation as the old code. Fixes #374.
* kernel-netlink: Ensure address changes are not missed in roam eventsTobias Brunner2013-08-121-4/+15
| | | | | | | | | | | | | | | | If multiple roam events are triggered within ROAM_DELAY, only one job is created. The old code set the address flag to the value of the last triggering call. So if a route change followed an address change within ROAM_DELAY the address change was missed by the upper layers, e.g. causing it not to update the list of addresses via MOBIKE. The new code now keeps the state of the address flag until the job is actually executed, which still has some issues. For instance, if an address disappears and reappears within ROAM_RELAY, the flag would not have to be set to TRUE. So address updates might occasionally get triggered where none would actually be required. Fixes #374.
* kernel-netlink: use watcher to receive kernel events for net/ipsecMartin Willi2013-07-181-17/+12
|
* kernel-pfroute: Provide name of interfaces on which virtual IPs are installedTobias Brunner2013-07-171-1/+1
|
* kernel-netlink: Routes don't require a gateway/nexthopTobias Brunner2013-06-211-5/+9
|
* kernel-interface: support enumeration of virtual-only IPsMartin Willi2013-05-061-3/+10
|
* kernel-netlink: Add an option to disable roam eventsTobias Brunner2013-05-031-1/+13
|
* kernel-netlink: Define defaults for routing table and prioTobias Brunner2013-05-031-0/+8
|
* strdup() iface passed to queue_route_reinstall(), fixing double-freeMartin Willi2013-03-111-1/+1
|
* After IKEv1 reauthentication, reinstall VIP routes after migrating CHILD_SAsMartin Willi2013-02-201-0/+4
| | | | | | During IKEv1 reauthentication, the virtual IP gets removed, then reinstalled. The CHILD_SAs get migrated, but any associated route gets removed from the kernel. Reinstall routes after adding the virtual IP again.
* kernel-netlinks get_interface() considers virtual IPs, tooMartin Willi2012-12-171-0/+13
| | | | | | | When using load-tester, we can install tunnel outer addresses on demand. As these are installed as "virtual", we have to consider virtual IPs in the get_interface() lookup to install "real" virtual IPs to these dynamic external addresses.
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-291-2/+3
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-9/+3
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-291-6/+7
|
* Limit recursion when searching for source addressesTobias Brunner2012-11-131-5/+14
| | | | | This could be required if e.g. two default routes list gateways but the corresponding outbound interfaces do not have any IP addresses on them.
* Don't call get_route recursively if a route's gateway matches the destinationTobias Brunner2012-11-131-2/+5
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-2/+2
|
* Use a helper function to add milliseconds to timeval structsTobias Brunner2012-10-181-12/+2
|
* Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink pluginTobias Brunner2012-09-211-58/+55
|
* Use a separate mutex for cached routes in kernel-netlink pluginTobias Brunner2012-09-211-8/+15
|
* Use a lock to safely check and update the time for the next roam eventTobias Brunner2012-09-211-16/+28
|
* Added an option to configure the interface on which virtual IP addresses are ↵Tobias Brunner2012-09-211-19/+29
| | | | installed
* Changed how kernel-netlink handles virtual IP addressesTobias Brunner2012-09-211-248/+308
| | | | Also tried to avoid the use of enumerators.
* Made IP address enumeration more flexibleTobias Brunner2012-09-211-15/+8
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Use a hashtable to quickly check for usable IP addresses/interfacesTobias Brunner2012-09-211-42/+143
|
* Filter ignored interfaces in kernel interfaces (for events, address ↵Tobias Brunner2012-09-211-39/+79
| | | | enumeration, etc.)
* %any is never on a local interfaceTobias Brunner2012-09-211-0/+5
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 04:31:09 +0000