aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_netlink
Commit message (Collapse)AuthorAgeFilesLines
...
| * Use netlink_reserve() helper function in XFRM to simplify message constructionMartin Willi2013-03-151-175/+72
| |
| * Add a Netlink utility function to add a RTA header and reserve space for dataMartin Willi2013-03-152-0/+32
| |
| * Correctly check buffer length in netlink_add_attribute()Martin Willi2013-03-152-7/+9
| |
| * Avoid unneeded termination of netlink algorithm name arrays with END_OF_LISTMartin Willi2013-03-151-13/+14
| |
| * When adding Netlink attributes, increase header length with potential alignmentMartin Willi2013-03-111-32/+30
| | | | | | | | | | If the payload is unaligned, we must make sure the total netlink message length includes the added alignment for the first attribute.
* | strdup() iface passed to queue_route_reinstall(), fixing double-freeMartin Willi2013-03-111-1/+1
|/
* Merge branch 'ikev1-rekeying'Martin Willi2013-03-011-0/+4
|\ | | | | | | | | Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces the old Main Mode having a uniqueids=replace policy.
| * After IKEv1 reauthentication, reinstall VIP routes after migrating CHILD_SAsMartin Willi2013-02-201-0/+4
| | | | | | | | | | | | During IKEv1 reauthentication, the virtual IP gets removed, then reinstalled. The CHILD_SAs get migrated, but any associated route gets removed from the kernel. Reinstall routes after adding the virtual IP again.
* | Merge branch 'vip-shunts'Martin Willi2013-03-011-4/+13
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | Installs bypass policies for the physical address if a virtual address is assigned, and installs a proper source route to actually use the physical address for bypassed destinations. Conflicts: src/libcharon/plugins/unity/unity_handler.c
| * | Install a route for shunt policiesMartin Willi2013-02-201-5/+13
| |/ | | | | | | | | | | | | If we install a virtual IP, its source route would render the shunt policy useless, as locally generated traffic wouldn't match. Having a route for each shunt policy with higher priority chooses the correct source address for bypassed destinations.
* | Merge branch 'opaque-ports'Martin Willi2013-03-011-1/+1
|\ \ | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-211-2/+1
| |/
* / Indicate support for processing ESPv3 TFC padding in Netlink IPsec backendMartin Willi2013-03-011-1/+7
|/
* kernel-netlinks get_interface() considers virtual IPs, tooMartin Willi2012-12-171-0/+13
| | | | | | | When using load-tester, we can install tunnel outer addresses on demand. As these are installed as "virtual", we have to consider virtual IPs in the get_interface() lookup to install "real" virtual IPs to these dynamic external addresses.
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-291-2/+3
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-9/+3
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-291-6/+7
|
* Limit recursion when searching for source addressesTobias Brunner2012-11-131-5/+14
| | | | | This could be required if e.g. two default routes list gateways but the corresponding outbound interfaces do not have any IP addresses on them.
* Don't call get_route recursively if a route's gateway matches the destinationTobias Brunner2012-11-131-2/+5
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-243-3/+3
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-242-4/+4
|
* Use a helper function to add milliseconds to timeval structsTobias Brunner2012-10-181-12/+2
|
* Use proper offset when adding mark attribute in kernel-netlink pluginTobias Brunner2012-10-151-1/+1
|
* Also add mark when querying current replay state in kernel-netlink pluginTobias Brunner2012-10-151-2/+21
|
* Fixed update_sa in kernel-netlink plugin if marks are usedTobias Brunner2012-10-111-0/+18
|
* Make sure we successfully opened xfrm_acq_expiresTobias Brunner2012-09-281-1/+1
|
* Clarified code when hashing/comparing cached policies in kernel-netlinkTobias Brunner2012-09-281-5/+4
|
* Use proper argument for sizeof when copying replay stateTobias Brunner2012-09-281-1/+1
|
* Algorithm names are not always static anymore, avoid string overflowsTobias Brunner2012-09-281-5/+10
|
* Allow replay windows smaller than the default of 32Tobias Brunner2012-09-271-4/+6
|
* Make sure the if_name member of cached route entries is initialized to NULLTobias Brunner2012-09-221-2/+5
|
* Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink pluginTobias Brunner2012-09-211-58/+55
|
* Use a separate mutex for cached routes in kernel-netlink pluginTobias Brunner2012-09-211-8/+15
|
* Use a lock to safely check and update the time for the next roam eventTobias Brunner2012-09-211-16/+28
|
* Added an option to configure the interface on which virtual IP addresses are ↵Tobias Brunner2012-09-211-19/+29
| | | | installed
* Changed how kernel-netlink handles virtual IP addressesTobias Brunner2012-09-211-248/+308
| | | | Also tried to avoid the use of enumerators.
* Made IP address enumeration more flexibleTobias Brunner2012-09-211-15/+8
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Use a hashtable to quickly check for usable IP addresses/interfacesTobias Brunner2012-09-211-42/+143
|
* Filter ignored interfaces in kernel interfaces (for events, address ↵Tobias Brunner2012-09-211-39/+79
| | | | enumeration, etc.)
* %any is never on a local interfaceTobias Brunner2012-09-211-0/+5
|
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-212-21/+24
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-211-5/+8
|
* Use source address in get_nexthop() callTobias Brunner2012-09-212-3/+4
| | | | | Otherwise the nexthop returned might belong to a different route than the one actually used with the current source address.
* Source address lookup refactoredTobias Brunner2012-09-211-146/+221
| | | | | | | Routes matching the destination are now first parsed and sorted by network prefix length. This list is then used to search for the best route with a matching preferred source address (if one is specified). This makes sure we really check all routes for that address.
* Check routes with equal prefix if preferred source is specifiedTobias Brunner2012-09-211-2/+4
|
* Try to find preferred source on interface if returned source does not matchTobias Brunner2012-09-211-10/+29
|
* Try to keep the given source address when looking up routesTobias Brunner2012-09-211-6/+32
| | | | | | This allows to pin the local end of an IKE_SA to an address that is not the physical address of an interface. Without this patch the local address would change to the physical address when roam events occur.
* Added algorithm lookup via kernel_interface_t to the various kernel interfacesTobias Brunner2012-09-131-8/+27
|
* Consistently log XFRM mark masks with 0 prefix in kernel-netlink pluginTobias Brunner2012-09-121-13/+13
|
* Increased log level when listing interfaces and IP addresses during startupTobias Brunner2012-08-161-3/+3
| | | | | This avoids confusing log messages in starter and ipsec statusall already lists the available addresses anyway.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 23:23:28 +0000