aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra
Commit message (Collapse)AuthorAgeFilesLines
...
* Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != ↵Martin Willi2012-09-121-3/+2
| | | | sizeof(int)
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-112-76/+149
|
* Pass full pool list to release_addressMartin Willi2012-09-114-18/+31
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-114-15/+40
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Use the proper types for comma separated attributes read from strongswan.confTobias Brunner2012-09-101-27/+25
| | | | | | Attributes of different address families previously were mapped to the same attribute type (the one derived from the address family of the first address).
* Properly remove broadcast address from mem poolsTobias Brunner2012-09-101-1/+1
|
* Be less verbose if IP allocation for a single pool failsMartin Willi2012-08-301-4/+0
|
* Strictly enforce address family match while acquiring mem_pool IPsMartin Willi2012-08-301-3/+1
|
* Don't parse comma separated pool names in attr-sqlMartin Willi2012-08-301-77/+26
| | | | | We now handle multiple pools at a deeper level, making that special handling obsolete. Comma separated pools are parsed in stroke.
* Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-305-19/+21
|
* Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-307-60/+90
|
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-302-6/+4
|
* Add a getter for the mem_pool_t base addressMartin Willi2012-08-242-0/+14
|
* Increased log level when listing interfaces and IP addresses during startupTobias Brunner2012-08-162-6/+6
| | | | | This avoids confusing log messages in starter and ipsec statusall already lists the available addresses anyway.
* Validate netmask in mem_pool_createTobias Brunner2012-08-131-0/+1
|
* Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswanTobias Brunner2012-08-082-168/+1
| | | | This avoids a dependency of libipsec to libhydra.
* Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.Tobias Brunner2012-08-086-12/+112
|
* Support Unity split-include/exclude options in attr pluginMartin Willi2012-07-201-7/+9
|
* Check rng return value when generating SPIs in kernel-klips pluginTobias Brunner2012-07-161-3/+3
|
* Avoid SIGSEGV during shutdown if charon is not started as rootTobias Brunner2012-06-251-2/+2
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-255-60/+19
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Fixed IPv6 source address lookupTobias Brunner2012-06-251-5/+43
| | | | | | | | | | | | | Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes we didn't use NLM_F_DUMP to get all routes. Still routes installed with policies are installed also for IPv6. So since only one route is returned without DUMP, and we ignore all routes from our own routing table, no source address was found during roaming if DST of the installed route included the IKE peer. With newer kernels we can now use DUMP as we did for IPv4 already, for older kernels we do so if our own routes are installed in a separate routing table, otherwise we still use GET.
* NLM_F_DUMP includes NLM_F_ROOT.Tobias Brunner2012-06-151-1/+1
|
* Don't create roam jobs based on cached/cloned routes.Tobias Brunner2012-06-151-0/+4
|
* Don't compare ports when comparing cached routes.Tobias Brunner2012-06-153-6/+6
| | | | At least src_ip has a port set sometimes.
* Disabled listening for kernel events in starter.Tobias Brunner2012-06-084-74/+110
|
* Properly install policies with ports in PF_KEY kernel interface.Tobias Brunner2012-06-071-27/+28
|
* Destroy Netlink socket only after deleting remaining source routes.Tobias Brunner2012-05-211-2/+1
|
* Fix route reinstallation if preferred source IP is not on outgoing interface.Tobias Brunner2012-05-071-30/+18
|
* Route reinstallation in kernel_ipsec_t implementations is not needed anymore.Tobias Brunner2012-05-022-12/+2
|
* Reinstall routes in kernel-netlink plugin, if interfaces get reactivated or ↵Tobias Brunner2012-05-021-4/+206
| | | | IPs reappear.
* Keep track of installed source routes in kernel-netlink plugin.Tobias Brunner2012-05-021-8/+141
|
* Merge branch 'ikev1'Martin Willi2012-05-023-108/+57
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Use single DBG2 statements in kernel_netlink plugin (i.e. ignore mark.value).Tobias Brunner2012-03-271-86/+26
| |
| * Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqidMartin Willi2012-03-221-0/+5
| |
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-203-22/+26
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Be less verbose when deleting SAs triggered by a hard expireMartin Willi2012-03-202-22/+24
| | |
| | * Added not-yet used sa_payload parameters used in IKEv1Martin Willi2012-03-201-0/+2
| | |
* | | Make resolvconf interface prefix configurable.Tobias Brunner2012-03-271-2/+10
| | |
* | | Added support for the resolvconf framework in resolve plugin.Tobias Brunner2012-03-271-52/+149
|/ / | | | | | | | | If /sbin/resolvconf is found nameservers are not written directly to /etc/resolv.conf but instead resolvconf is invoked.
* | Be less verbose if we don't have a local address for a tunnelMartin Willi2012-03-061-1/+1
| |
* | Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.Tobias Brunner2012-02-271-3/+21
| | | | | | | | This requires a Linux kernel >= 2.6.33.
* | Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.Tobias Brunner2012-01-121-0/+2
| | | | | | | | | | | | | | Because all packages are now marked as optional executables that are to be installed on the final system have to be added to PRODUCT_PACKAGES in build/target/product/core.mk. Dependencies (such as libraries) are installed automatically.
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-122-2/+2
| |
* | Always unlock mutex for installed policies in kernel-netlink plugin.Thomas Egerer2011-12-141-1/+5
| |
* | Fix copy'n'paste error in libhydra's netlink interfaceThomas Jarosch2011-11-211-1/+1
| | | | | | | | Detected by cppcheck.
* | Fix network interface deletion handling in kernel-netlink plugin.Mirko Parthey2011-11-141-3/+7
|/ | | | | | | | | | | | | | | | | | When the kernel reports the deletion of an interface (RTM_DELLINK), the cached interface attributes, including ifindex, become invalid and must be forgotten. Interface link state changes ("up" and "down") show up as RTM_NEWLINK, so they will not cause a cached entry to be removed or prevent listening to address change notifications. Once an interface has been deleted, the kernel ought to stop sending notifications for it. If the interface gets recreated with the same name later, the kernel again reports RTM_NEWLINK, which causes a new cache entry to be created. There should be no reason to keep a stale cache entry around, as was claimed in the comment.
* Fix 'ipsec pool --status' for empty pools.Tobias Brunner2011-11-041-1/+7
|
* Memwipe request after sa update, tooThomas Egerer2011-11-041-0/+1
|
* Extend xfrm_attr_type_names by newly added enum valuesThomas Egerer2011-11-041-2/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 17:35:21 +0000