aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-pfkey: when installing a route for a virtual IP, use its interfaceMartin Willi2013-05-061-1/+10
| | | | | When installing a route over a tun device for a virtual IP, the route must be set over the tun, not the IKE interface.
* kernel-interface: get_address_by_ts() can tell if a returned IP is virtualMartin Willi2013-05-063-3/+3
|
* kernel-interface: support enumeration of virtual-only IPsMartin Willi2013-05-062-3/+14
|
* kernel-pfkey: refactor route installation to a dedicate functionMartin Willi2013-05-061-74/+81
|
* kernel-pfroute: split /0 routes to avoid conflict with default routeMartin Willi2013-05-061-0/+15
|
* kernel-pfkey: check if we have a gateway before comparing themMartin Willi2013-05-061-0/+1
|
* kernel-pfkey: install route along with input, not forward policiesMartin Willi2013-05-061-20/+20
| | | | | | As forwarding policies are not available on all systems (OS X), using the forward policy to attach the route is a bad pick. Using input policies allows OS X to install routes.
* kernel-pfroute: rescan address list for an interface if its state changesMartin Willi2013-05-061-0/+43
| | | | | It seems that we don't get address notifications if the interface is down on OS X.
* kernel-pfroute: add newly appearing interfaces to the interface cacheMartin Willi2013-05-061-1/+22
|
* kernel-pfroute: implement get_nexthop()Martin Willi2013-05-061-6/+73
|
* kernel-pfroute: install and uninstall routesMartin Willi2013-05-061-2/+129
|
* kernel-pfroute: collect replies received for our own queriesMartin Willi2013-05-061-4/+40
|
* kernel-pfroute: refactor PF_ROUTE message processing, use an enumeratorMartin Willi2013-05-061-35/+117
|
* kernel-pfkey: use an int to set esp_port with a sysctl on OS XMartin Willi2013-05-061-2/+4
|
* kernel-pfroute: use INIT() macro for allocationsMartin Willi2013-05-061-17/+21
|
* kernel-pfroute: use only a single PF_ROUTE socket for both events and queriesMartin Willi2013-05-061-27/+11
|
* kernel-pfroute: fix length check when receiving PF_ROUTE messagesMartin Willi2013-05-061-1/+1
|
* kernel-pfkey: remove obsolete pluto specific behaviorMartin Willi2013-05-061-5/+1
|
* kernel-netlink: remove obsolete pluto specific behaviorMartin Willi2013-05-061-7/+1
|
* kernel-netlink: Add an option to disable roam eventsTobias Brunner2013-05-031-1/+13
|
* kernel-netlink: Define defaults for routing table and prioTobias Brunner2013-05-031-0/+8
|
* Use proper address family when adding multiple addresses to SQL poolTobias Brunner2013-03-191-0/+15
|
* Ignore SQL-based IP address pools if their address family does not matchTobias Brunner2013-03-191-10/+21
|
* Load arbitrary (non-host) attributes from strongswan.confTobias Brunner2013-03-191-21/+32
| | | | This allows to e.g. load Cisco-specific attributes that contain FQDNs.
* Merge branch 'radius-ext'Martin Willi2013-03-183-7/+24
|\ | | | | | | | | | | Bring some extensions to eap-radius, namely a virtual IP address provider based on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting updates and the reporting of sent/received packets.
| * Pass correclty sized pointer to lookup_algorithm() in PF_KEYMartin Willi2013-03-141-1/+1
| |
| * kernel_ipsec_t.query_sa() additionally returns the number of processed packetsMartin Willi2013-03-143-6/+23
| |
* | Merge branch 'netlink-align'Martin Willi2013-03-183-268/+151
|\ \ | |/ |/| | | | | Fixes some Netlink alignment issues, and then refactors Netlink XFRM message attribute handling.
| * Use netlink_add_attribute() to copy over attributes during update_sa()Martin Willi2013-03-151-9/+6
| |
| * Use a helper function to add XFRM_MARK attributeMartin Willi2013-03-151-81/+37
| |
| * Use netlink_reserve() helper function in XFRM to simplify message constructionMartin Willi2013-03-151-175/+72
| |
| * Add a Netlink utility function to add a RTA header and reserve space for dataMartin Willi2013-03-152-0/+32
| |
| * Correctly check buffer length in netlink_add_attribute()Martin Willi2013-03-152-7/+9
| |
| * Avoid unneeded termination of netlink algorithm name arrays with END_OF_LISTMartin Willi2013-03-151-13/+14
| |
| * When adding Netlink attributes, increase header length with potential alignmentMartin Willi2013-03-111-32/+30
| | | | | | | | | | If the payload is unaligned, we must make sure the total netlink message length includes the added alignment for the first attribute.
* | strdup() iface passed to queue_route_reinstall(), fixing double-freeMartin Willi2013-03-111-1/+1
|/
* Merge branch 'ikev1-rekeying'Martin Willi2013-03-011-0/+4
|\ | | | | | | | | Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces the old Main Mode having a uniqueids=replace policy.
| * After IKEv1 reauthentication, reinstall VIP routes after migrating CHILD_SAsMartin Willi2013-02-201-0/+4
| | | | | | | | | | | | During IKEv1 reauthentication, the virtual IP gets removed, then reinstalled. The CHILD_SAs get migrated, but any associated route gets removed from the kernel. Reinstall routes after adding the virtual IP again.
* | Merge branch 'vip-shunts'Martin Willi2013-03-011-4/+13
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | Installs bypass policies for the physical address if a virtual address is assigned, and installs a proper source route to actually use the physical address for bypassed destinations. Conflicts: src/libcharon/plugins/unity/unity_handler.c
| * | Install a route for shunt policiesMartin Willi2013-02-201-5/+13
| |/ | | | | | | | | | | | | If we install a virtual IP, its source route would render the shunt policy useless, as locally generated traffic wouldn't match. Having a route for each shunt policy with higher priority chooses the correct source address for bypassed destinations.
* | Merge branch 'opaque-ports'Martin Willi2013-03-012-3/+3
|\ \ | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-212-4/+3
| |/
* / Indicate support for processing ESPv3 TFC padding in Netlink IPsec backendMartin Willi2013-03-011-1/+7
|/
* kernel-netlinks get_interface() considers virtual IPs, tooMartin Willi2012-12-171-0/+13
| | | | | | | When using load-tester, we can install tunnel outer addresses on demand. As these are installed as "virtual", we have to consider virtual IPs in the get_interface() lookup to install "real" virtual IPs to these dynamic external addresses.
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-292-3/+5
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-292-10/+4
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-292-8/+10
|
* Limit recursion when searching for source addressesTobias Brunner2012-11-131-5/+14
| | | | | This could be required if e.g. two default routes list gateways but the corresponding outbound interfaces do not have any IP addresses on them.
* Don't call get_route recursively if a route's gateway matches the destinationTobias Brunner2012-11-131-2/+5
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-2411-11/+11
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-10 16:13:28 +0000