aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_netlink
Commit message (Collapse)AuthorAgeFilesLines
* kernel-netlinks get_interface() considers virtual IPs, tooMartin Willi2012-12-171-0/+13
| | | | | | | When using load-tester, we can install tunnel outer addresses on demand. As these are installed as "virtual", we have to consider virtual IPs in the get_interface() lookup to install "real" virtual IPs to these dynamic external addresses.
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-291-2/+3
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-9/+3
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-291-6/+7
|
* Limit recursion when searching for source addressesTobias Brunner2012-11-131-5/+14
| | | | | This could be required if e.g. two default routes list gateways but the corresponding outbound interfaces do not have any IP addresses on them.
* Don't call get_route recursively if a route's gateway matches the destinationTobias Brunner2012-11-131-2/+5
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-243-3/+3
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-242-4/+4
|
* Use a helper function to add milliseconds to timeval structsTobias Brunner2012-10-181-12/+2
|
* Use proper offset when adding mark attribute in kernel-netlink pluginTobias Brunner2012-10-151-1/+1
|
* Also add mark when querying current replay state in kernel-netlink pluginTobias Brunner2012-10-151-2/+21
|
* Fixed update_sa in kernel-netlink plugin if marks are usedTobias Brunner2012-10-111-0/+18
|
* Make sure we successfully opened xfrm_acq_expiresTobias Brunner2012-09-281-1/+1
|
* Clarified code when hashing/comparing cached policies in kernel-netlinkTobias Brunner2012-09-281-5/+4
|
* Use proper argument for sizeof when copying replay stateTobias Brunner2012-09-281-1/+1
|
* Algorithm names are not always static anymore, avoid string overflowsTobias Brunner2012-09-281-5/+10
|
* Allow replay windows smaller than the default of 32Tobias Brunner2012-09-271-4/+6
|
* Make sure the if_name member of cached route entries is initialized to NULLTobias Brunner2012-09-221-2/+5
|
* Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink pluginTobias Brunner2012-09-211-58/+55
|
* Use a separate mutex for cached routes in kernel-netlink pluginTobias Brunner2012-09-211-8/+15
|
* Use a lock to safely check and update the time for the next roam eventTobias Brunner2012-09-211-16/+28
|
* Added an option to configure the interface on which virtual IP addresses are ↵Tobias Brunner2012-09-211-19/+29
| | | | installed
* Changed how kernel-netlink handles virtual IP addressesTobias Brunner2012-09-211-248/+308
| | | | Also tried to avoid the use of enumerators.
* Made IP address enumeration more flexibleTobias Brunner2012-09-211-15/+8
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Use a hashtable to quickly check for usable IP addresses/interfacesTobias Brunner2012-09-211-42/+143
|
* Filter ignored interfaces in kernel interfaces (for events, address ↵Tobias Brunner2012-09-211-39/+79
| | | | enumeration, etc.)
* %any is never on a local interfaceTobias Brunner2012-09-211-0/+5
|
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-212-21/+24
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-211-5/+8
|
* Use source address in get_nexthop() callTobias Brunner2012-09-212-3/+4
| | | | | Otherwise the nexthop returned might belong to a different route than the one actually used with the current source address.
* Source address lookup refactoredTobias Brunner2012-09-211-146/+221
| | | | | | | Routes matching the destination are now first parsed and sorted by network prefix length. This list is then used to search for the best route with a matching preferred source address (if one is specified). This makes sure we really check all routes for that address.
* Check routes with equal prefix if preferred source is specifiedTobias Brunner2012-09-211-2/+4
|
* Try to find preferred source on interface if returned source does not matchTobias Brunner2012-09-211-10/+29
|
* Try to keep the given source address when looking up routesTobias Brunner2012-09-211-6/+32
| | | | | | This allows to pin the local end of an IKE_SA to an address that is not the physical address of an interface. Without this patch the local address would change to the physical address when roam events occur.
* Added algorithm lookup via kernel_interface_t to the various kernel interfacesTobias Brunner2012-09-131-8/+27
|
* Consistently log XFRM mark masks with 0 prefix in kernel-netlink pluginTobias Brunner2012-09-121-13/+13
|
* Increased log level when listing interfaces and IP addresses during startupTobias Brunner2012-08-161-3/+3
| | | | | This avoids confusing log messages in starter and ipsec statusall already lists the available addresses anyway.
* Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.Tobias Brunner2012-08-081-0/+28
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-252-24/+8
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Fixed IPv6 source address lookupTobias Brunner2012-06-251-5/+43
| | | | | | | | | | | | | Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes we didn't use NLM_F_DUMP to get all routes. Still routes installed with policies are installed also for IPv6. So since only one route is returned without DUMP, and we ignore all routes from our own routing table, no source address was found during roaming if DST of the installed route included the IKE peer. With newer kernels we can now use DUMP as we did for IPv4 already, for older kernels we do so if our own routes are installed in a separate routing table, otherwise we still use GET.
* NLM_F_DUMP includes NLM_F_ROOT.Tobias Brunner2012-06-151-1/+1
|
* Don't create roam jobs based on cached/cloned routes.Tobias Brunner2012-06-151-0/+4
|
* Don't compare ports when comparing cached routes.Tobias Brunner2012-06-152-4/+4
| | | | At least src_ip has a port set sometimes.
* Disabled listening for kernel events in starter.Tobias Brunner2012-06-082-45/+64
|
* Destroy Netlink socket only after deleting remaining source routes.Tobias Brunner2012-05-211-2/+1
|
* Fix route reinstallation if preferred source IP is not on outgoing interface.Tobias Brunner2012-05-071-30/+18
|
* Route reinstallation in kernel_ipsec_t implementations is not needed anymore.Tobias Brunner2012-05-021-6/+1
|
* Reinstall routes in kernel-netlink plugin, if interfaces get reactivated or ↵Tobias Brunner2012-05-021-4/+206
| | | | IPs reappear.
* Keep track of installed source routes in kernel-netlink plugin.Tobias Brunner2012-05-021-8/+141
|
* Use single DBG2 statements in kernel_netlink plugin (i.e. ignore mark.value).Tobias Brunner2012-03-271-86/+26
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 20:42:12 +0000