aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-244-4/+4
|
* Use a helper function to add milliseconds to timeval structsTobias Brunner2012-10-182-18/+3
|
* Use proper offset when adding mark attribute in kernel-netlink pluginTobias Brunner2012-10-151-1/+1
|
* Also add mark when querying current replay state in kernel-netlink pluginTobias Brunner2012-10-151-2/+21
|
* Fixed update_sa in kernel-netlink plugin if marks are usedTobias Brunner2012-10-111-0/+18
|
* Added missing break statements in NAT-T mapping handling in PF_KEY pluginTobias Brunner2012-09-281-0/+2
|
* Make sure we successfully opened xfrm_acq_expiresTobias Brunner2012-09-281-1/+1
|
* Clarified code when hashing/comparing cached policies in kernel-netlinkTobias Brunner2012-09-281-5/+4
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-3/+3
|
* Ensure that pipe is closed when calling resolvconf(8)Tobias Brunner2012-09-281-2/+4
|
* Use proper argument for sizeof when copying replay stateTobias Brunner2012-09-281-1/+1
|
* Algorithm names are not always static anymore, avoid string overflowsTobias Brunner2012-09-281-5/+10
|
* Allow replay windows smaller than the default of 32Tobias Brunner2012-09-271-4/+6
|
* Properly initialize cached address map in kernel-pfroute pluginTobias Brunner2012-09-271-0/+1
|
* Fixed compilation of kernel-pfroute pluginTobias Brunner2012-09-271-4/+6
|
* Make sure the if_name member of cached route entries is initialized to NULLTobias Brunner2012-09-222-4/+10
|
* Use an rwlock in kernel-pfroute tooTobias Brunner2012-09-211-13/+14
|
* Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink pluginTobias Brunner2012-09-211-58/+55
|
* Use a separate mutex for cached routes in kernel-netlink pluginTobias Brunner2012-09-211-8/+15
|
* Use a lock to safely check and update the time for the next roam eventTobias Brunner2012-09-211-16/+28
|
* Added an option to configure the interface on which virtual IP addresses are ↵Tobias Brunner2012-09-211-19/+29
| | | | installed
* Changed how kernel-netlink handles virtual IP addressesTobias Brunner2012-09-211-248/+308
| | | | Also tried to avoid the use of enumerators.
* Made IP address enumeration more flexibleTobias Brunner2012-09-212-31/+17
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Use a hashtable to quickly check for usable IP addresses/interfacesTobias Brunner2012-09-212-85/+284
|
* Filter ignored interfaces in kernel interfaces (for events, address ↵Tobias Brunner2012-09-212-59/+130
| | | | enumeration, etc.)
* %any is never on a local interfaceTobias Brunner2012-09-212-0/+10
|
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-215-40/+44
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-212-16/+16
|
* Use source address in get_nexthop() callTobias Brunner2012-09-215-6/+8
| | | | | Otherwise the nexthop returned might belong to a different route than the one actually used with the current source address.
* Source address lookup refactoredTobias Brunner2012-09-211-146/+221
| | | | | | | Routes matching the destination are now first parsed and sorted by network prefix length. This list is then used to search for the best route with a matching preferred source address (if one is specified). This makes sure we really check all routes for that address.
* Check routes with equal prefix if preferred source is specifiedTobias Brunner2012-09-211-2/+4
|
* Try to find preferred source on interface if returned source does not matchTobias Brunner2012-09-211-10/+29
|
* Try to keep the given source address when looking up routesTobias Brunner2012-09-211-6/+32
| | | | | | This allows to pin the local end of an IKE_SA to an address that is not the physical address of an interface. Without this patch the local address would change to the physical address when roam events occur.
* Added algorithm lookup via kernel_interface_t to the various kernel interfacesTobias Brunner2012-09-133-16/+67
|
* Consistently log XFRM mark masks with 0 prefix in kernel-netlink pluginTobias Brunner2012-09-121-13/+13
|
* Pass full pool list to release_addressMartin Willi2012-09-111-12/+23
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-8/+33
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Use the proper types for comma separated attributes read from strongswan.confTobias Brunner2012-09-101-27/+25
| | | | | | Attributes of different address families previously were mapped to the same attribute type (the one derived from the address family of the first address).
* Don't parse comma separated pool names in attr-sqlMartin Willi2012-08-301-77/+26
| | | | | We now handle multiple pools at a deeper level, making that special handling obsolete. Comma separated pools are parsed in stroke.
* Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-302-9/+9
|
* Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-303-30/+55
|
* Increased log level when listing interfaces and IP addresses during startupTobias Brunner2012-08-162-6/+6
| | | | | This avoids confusing log messages in starter and ipsec statusall already lists the available addresses anyway.
* Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.Tobias Brunner2012-08-083-8/+74
|
* Support Unity split-include/exclude options in attr pluginMartin Willi2012-07-201-7/+9
|
* Check rng return value when generating SPIs in kernel-klips pluginTobias Brunner2012-07-161-3/+3
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-255-60/+19
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Fixed IPv6 source address lookupTobias Brunner2012-06-251-5/+43
| | | | | | | | | | | | | Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes we didn't use NLM_F_DUMP to get all routes. Still routes installed with policies are installed also for IPv6. So since only one route is returned without DUMP, and we ignore all routes from our own routing table, no source address was found during roaming if DST of the installed route included the IKE peer. With newer kernels we can now use DUMP as we did for IPv4 already, for older kernels we do so if our own routes are installed in a separate routing table, otherwise we still use GET.
* NLM_F_DUMP includes NLM_F_ROOT.Tobias Brunner2012-06-151-1/+1
|
* Don't create roam jobs based on cached/cloned routes.Tobias Brunner2012-06-151-0/+4
|
* Don't compare ports when comparing cached routes.Tobias Brunner2012-06-153-6/+6
| | | | At least src_ip has a port set sometimes.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 00:06:36 +0000