aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra
Commit message (Collapse)AuthorAgeFilesLines
...
* Route reinstallation in kernel_ipsec_t implementations is not needed anymore.Tobias Brunner2012-05-022-12/+2
|
* Reinstall routes in kernel-netlink plugin, if interfaces get reactivated or ↵Tobias Brunner2012-05-021-4/+206
| | | | IPs reappear.
* Keep track of installed source routes in kernel-netlink plugin.Tobias Brunner2012-05-021-8/+141
|
* Merge branch 'ikev1'Martin Willi2012-05-023-108/+57
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Use single DBG2 statements in kernel_netlink plugin (i.e. ignore mark.value).Tobias Brunner2012-03-271-86/+26
| |
| * Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqidMartin Willi2012-03-221-0/+5
| |
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-203-22/+26
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Be less verbose when deleting SAs triggered by a hard expireMartin Willi2012-03-202-22/+24
| | |
| | * Added not-yet used sa_payload parameters used in IKEv1Martin Willi2012-03-201-0/+2
| | |
* | | Make resolvconf interface prefix configurable.Tobias Brunner2012-03-271-2/+10
| | |
* | | Added support for the resolvconf framework in resolve plugin.Tobias Brunner2012-03-271-52/+149
|/ / | | | | | | | | If /sbin/resolvconf is found nameservers are not written directly to /etc/resolv.conf but instead resolvconf is invoked.
* | Be less verbose if we don't have a local address for a tunnelMartin Willi2012-03-061-1/+1
| |
* | Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.Tobias Brunner2012-02-271-3/+21
| | | | | | | | This requires a Linux kernel >= 2.6.33.
* | Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.Tobias Brunner2012-01-121-0/+2
| | | | | | | | | | | | | | Because all packages are now marked as optional executables that are to be installed on the final system have to be added to PRODUCT_PACKAGES in build/target/product/core.mk. Dependencies (such as libraries) are installed automatically.
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-122-2/+2
| |
* | Always unlock mutex for installed policies in kernel-netlink plugin.Thomas Egerer2011-12-141-1/+5
| |
* | Fix copy'n'paste error in libhydra's netlink interfaceThomas Jarosch2011-11-211-1/+1
| | | | | | | | Detected by cppcheck.
* | Fix network interface deletion handling in kernel-netlink plugin.Mirko Parthey2011-11-141-3/+7
|/ | | | | | | | | | | | | | | | | | When the kernel reports the deletion of an interface (RTM_DELLINK), the cached interface attributes, including ifindex, become invalid and must be forgotten. Interface link state changes ("up" and "down") show up as RTM_NEWLINK, so they will not cause a cached entry to be removed or prevent listening to address change notifications. Once an interface has been deleted, the kernel ought to stop sending notifications for it. If the interface gets recreated with the same name later, the kernel again reports RTM_NEWLINK, which causes a new cache entry to be created. There should be no reason to keep a stale cache entry around, as was claimed in the comment.
* Fix 'ipsec pool --status' for empty pools.Tobias Brunner2011-11-041-1/+7
|
* Memwipe request after sa update, tooThomas Egerer2011-11-041-0/+1
|
* Extend xfrm_attr_type_names by newly added enum valuesThomas Egerer2011-11-041-2/+6
|
* Silently install route again, even if it did not change.Tobias Brunner2011-11-042-2/+12
| | | | | Address/interface changes can cause the route to disappear. Afterwards the route might look the same but that does not mean it is still installed.
* Compile warning fixed in kernel interfaces.Tobias Brunner2011-11-042-2/+2
|
* The kernel-klips plugin does currently not support SAD/SPD flushing.Tobias Brunner2011-10-211-0/+2
|
* Implemented flushing of SAD and SPD entries via PF_KEY.Tobias Brunner2011-10-211-0/+68
|
* Implemented flushing of states and policies via XFRM.Tobias Brunner2011-10-211-0/+56
|
* Defined functions in the kernel interface to flush SAD and SPD entries.Tobias Brunner2011-10-213-0/+50
|
* Source files in Android.mk updated.Tobias Brunner2011-10-141-1/+1
|
* Add features support to kernel-klips pluginMartin Willi2011-10-141-5/+12
|
* Add features support to kernel-pfroute pluginMartin Willi2011-10-141-5/+12
|
* Add features support to kernel-pfkey pluginMartin Willi2011-10-141-5/+12
|
* Add features support to kernel-netlink pluginMartin Willi2011-10-141-9/+14
|
* Added kernel_ipsec/net plugin feature loading callbacksMartin Willi2011-10-145-1/+88
|
* Check for RTA_TABLE in configure.Tobias Brunner2011-10-041-0/+2
|
* Migrated attribute_manager to INIT/METHOD macrosAndreas Steffen2011-10-021-76/+48
|
* Migrated sql_attribute to INIT/METHOD macrosAndreas Steffen2011-09-291-29/+25
|
* Migrated netlink_socket to INIT/METHOD macrosAndreas Steffen2011-09-291-23/+18
|
* Migrated resolve_handler to INIT/METHOD macrosAndreas Steffen2011-09-291-33/+27
|
* Destroy kernel interface during deregistration, as the plugin goes afterwardsMartin Willi2011-09-121-2/+22
|
* shortened XAUTH and UNITY attribute short namesAndreas Steffen2011-08-161-21/+21
|
* Disable policy history for pluto.4.5.3Tobias Brunner2011-08-021-21/+46
| | | | pluto tracks usage of policies already in its own way.
* Allow routing table IDs > 255 when filtering them.Tobias Brunner2011-07-291-3/+10
|
* Install fallback drop policies to avoid transmitting unencrypted packets.Tobias Brunner2011-07-273-0/+8
| | | | | | | During the update of a CHILD_SA (e.g. caused by MOBIKE) the old policy is first uninstalled and then the new one is installed. In the short time in between, where no policy is available in the kernel, unencrypted packets could have been transmitted.
* Remove policies in kernel interfaces based on their priority.Tobias Brunner2011-07-276-51/+101
| | | | | | This allows to unroute a connection while the same connection is currently established. In this case both CHILD_SAs share the same reqid but the installed policies have different priorities.
* Fixed common misspellings.Tobias Brunner2011-07-203-3/+3
| | | | Mostly found by 'codespell'.
* removed stray codeAndreas Steffen2011-07-181-2/+1
|
* added log and status output for ESNAndreas Steffen2011-07-161-1/+5
|
* added HOME_AGENT_ADDRESS CP attribute typeAndreas Steffen2011-07-142-7/+10
|
* Record usage history of policies in PF_KEY kernel interface.Tobias Brunner2011-07-061-169/+457
| | | | The implementation is nearly the same as in the Netlink kernel interface.
* Simplified destruction of policy_sa_t objects in Netlink interface.Tobias Brunner2011-07-061-12/+7
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 03:52:44 +0000