aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Use a hashtable to quickly check for usable IP addresses/interfacesTobias Brunner2012-09-212-85/+284
|
* Filter ignored interfaces in kernel interfaces (for events, address ↵Tobias Brunner2012-09-212-59/+130
| | | | enumeration, etc.)
* %any is never on a local interfaceTobias Brunner2012-09-212-0/+10
|
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-215-40/+44
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-212-16/+16
|
* Use source address in get_nexthop() callTobias Brunner2012-09-215-6/+8
| | | | | Otherwise the nexthop returned might belong to a different route than the one actually used with the current source address.
* Source address lookup refactoredTobias Brunner2012-09-211-146/+221
| | | | | | | Routes matching the destination are now first parsed and sorted by network prefix length. This list is then used to search for the best route with a matching preferred source address (if one is specified). This makes sure we really check all routes for that address.
* Check routes with equal prefix if preferred source is specifiedTobias Brunner2012-09-211-2/+4
|
* Try to find preferred source on interface if returned source does not matchTobias Brunner2012-09-211-10/+29
|
* Try to keep the given source address when looking up routesTobias Brunner2012-09-211-6/+32
| | | | | | This allows to pin the local end of an IKE_SA to an address that is not the physical address of an interface. Without this patch the local address would change to the physical address when roam events occur.
* Added algorithm lookup via kernel_interface_t to the various kernel interfacesTobias Brunner2012-09-133-16/+67
|
* Consistently log XFRM mark masks with 0 prefix in kernel-netlink pluginTobias Brunner2012-09-121-13/+13
|
* Pass full pool list to release_addressMartin Willi2012-09-111-12/+23
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-8/+33
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Use the proper types for comma separated attributes read from strongswan.confTobias Brunner2012-09-101-27/+25
| | | | | | Attributes of different address families previously were mapped to the same attribute type (the one derived from the address family of the first address).
* Don't parse comma separated pool names in attr-sqlMartin Willi2012-08-301-77/+26
| | | | | We now handle multiple pools at a deeper level, making that special handling obsolete. Comma separated pools are parsed in stroke.
* Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-302-9/+9
|
* Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-303-30/+55
|
* Increased log level when listing interfaces and IP addresses during startupTobias Brunner2012-08-162-6/+6
| | | | | This avoids confusing log messages in starter and ipsec statusall already lists the available addresses anyway.
* Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.Tobias Brunner2012-08-083-8/+74
|
* Support Unity split-include/exclude options in attr pluginMartin Willi2012-07-201-7/+9
|
* Check rng return value when generating SPIs in kernel-klips pluginTobias Brunner2012-07-161-3/+3
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-255-60/+19
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Fixed IPv6 source address lookupTobias Brunner2012-06-251-5/+43
| | | | | | | | | | | | | Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes we didn't use NLM_F_DUMP to get all routes. Still routes installed with policies are installed also for IPv6. So since only one route is returned without DUMP, and we ignore all routes from our own routing table, no source address was found during roaming if DST of the installed route included the IKE peer. With newer kernels we can now use DUMP as we did for IPv4 already, for older kernels we do so if our own routes are installed in a separate routing table, otherwise we still use GET.
* NLM_F_DUMP includes NLM_F_ROOT.Tobias Brunner2012-06-151-1/+1
|
* Don't create roam jobs based on cached/cloned routes.Tobias Brunner2012-06-151-0/+4
|
* Don't compare ports when comparing cached routes.Tobias Brunner2012-06-153-6/+6
| | | | At least src_ip has a port set sometimes.
* Disabled listening for kernel events in starter.Tobias Brunner2012-06-084-74/+110
|
* Properly install policies with ports in PF_KEY kernel interface.Tobias Brunner2012-06-071-27/+28
|
* Destroy Netlink socket only after deleting remaining source routes.Tobias Brunner2012-05-211-2/+1
|
* Fix route reinstallation if preferred source IP is not on outgoing interface.Tobias Brunner2012-05-071-30/+18
|
* Route reinstallation in kernel_ipsec_t implementations is not needed anymore.Tobias Brunner2012-05-022-12/+2
|
* Reinstall routes in kernel-netlink plugin, if interfaces get reactivated or ↵Tobias Brunner2012-05-021-4/+206
| | | | IPs reappear.
* Keep track of installed source routes in kernel-netlink plugin.Tobias Brunner2012-05-021-8/+141
|
* Merge branch 'ikev1'Martin Willi2012-05-022-108/+50
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Use single DBG2 statements in kernel_netlink plugin (i.e. ignore mark.value).Tobias Brunner2012-03-271-86/+26
| |
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-202-22/+24
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Be less verbose when deleting SAs triggered by a hard expireMartin Willi2012-03-202-22/+24
| | |
* | | Make resolvconf interface prefix configurable.Tobias Brunner2012-03-271-2/+10
| | |
* | | Added support for the resolvconf framework in resolve plugin.Tobias Brunner2012-03-271-52/+149
|/ / | | | | | | | | If /sbin/resolvconf is found nameservers are not written directly to /etc/resolv.conf but instead resolvconf is invoked.
* | Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.Tobias Brunner2012-02-271-3/+21
| | | | | | | | This requires a Linux kernel >= 2.6.33.
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-122-2/+2
| |
* | Always unlock mutex for installed policies in kernel-netlink plugin.Thomas Egerer2011-12-141-1/+5
| |
* | Fix copy'n'paste error in libhydra's netlink interfaceThomas Jarosch2011-11-211-1/+1
| | | | | | | | Detected by cppcheck.
* | Fix network interface deletion handling in kernel-netlink plugin.Mirko Parthey2011-11-141-3/+7
|/ | | | | | | | | | | | | | | | | | When the kernel reports the deletion of an interface (RTM_DELLINK), the cached interface attributes, including ifindex, become invalid and must be forgotten. Interface link state changes ("up" and "down") show up as RTM_NEWLINK, so they will not cause a cached entry to be removed or prevent listening to address change notifications. Once an interface has been deleted, the kernel ought to stop sending notifications for it. If the interface gets recreated with the same name later, the kernel again reports RTM_NEWLINK, which causes a new cache entry to be created. There should be no reason to keep a stale cache entry around, as was claimed in the comment.
* Fix 'ipsec pool --status' for empty pools.Tobias Brunner2011-11-041-1/+7
|
* Memwipe request after sa update, tooThomas Egerer2011-11-041-0/+1
|
* Extend xfrm_attr_type_names by newly added enum valuesThomas Egerer2011-11-041-2/+6
|
* Silently install route again, even if it did not change.Tobias Brunner2011-11-042-2/+12
| | | | | Address/interface changes can cause the route to disappear. Afterwards the route might look the same but that does not mean it is still installed.
* Compile warning fixed in kernel interfaces.Tobias Brunner2011-11-042-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 12:58:36 +0000