aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-pfroute: add a feature flag requesting "exclude" routesMartin Willi2013-05-062-0/+9
| | | | | | | | If routes installed along with policies covering the peer address affect local IKE/ESP packets, they won't get routed correctly. To work around this issue, the kernel interface can install "exclude" routes for the IKE peer. Not all networking backends require this workaround, hence we export a flag for it if it is required.
* kernel-pfroute: remove unused interface address refcountingMartin Willi2013-05-061-11/+0
|
* kernel-pfroute: mark IPs installed on tun device as virtualMartin Willi2013-05-061-1/+24
|
* kernel-pfroute: install virtual IPs using dedicated tun devicesMartin Willi2013-05-061-5/+91
|
* kernel-pfkey: when installing a route for a virtual IP, use its interfaceMartin Willi2013-05-061-1/+10
| | | | | When installing a route over a tun device for a virtual IP, the route must be set over the tun, not the IKE interface.
* kernel-interface: get_address_by_ts() can tell if a returned IP is virtualMartin Willi2013-05-065-6/+31
|
* kernel-interface: support enumeration of virtual-only IPsMartin Willi2013-05-063-9/+20
|
* kernel-pfkey: refactor route installation to a dedicate functionMartin Willi2013-05-061-74/+81
|
* kernel-pfroute: split /0 routes to avoid conflict with default routeMartin Willi2013-05-061-0/+15
|
* kernel-pfkey: check if we have a gateway before comparing themMartin Willi2013-05-061-0/+1
|
* kernel-pfkey: install route along with input, not forward policiesMartin Willi2013-05-061-20/+20
| | | | | | As forwarding policies are not available on all systems (OS X), using the forward policy to attach the route is a bad pick. Using input policies allows OS X to install routes.
* kernel-pfroute: rescan address list for an interface if its state changesMartin Willi2013-05-061-0/+43
| | | | | It seems that we don't get address notifications if the interface is down on OS X.
* kernel-pfroute: add newly appearing interfaces to the interface cacheMartin Willi2013-05-061-1/+22
|
* kernel-pfroute: implement get_nexthop()Martin Willi2013-05-061-6/+73
|
* kernel-pfroute: install and uninstall routesMartin Willi2013-05-061-2/+129
|
* kernel-pfroute: collect replies received for our own queriesMartin Willi2013-05-061-4/+40
|
* kernel-pfroute: refactor PF_ROUTE message processing, use an enumeratorMartin Willi2013-05-061-35/+117
|
* kernel-pfkey: use an int to set esp_port with a sysctl on OS XMartin Willi2013-05-061-2/+4
|
* kernel-pfroute: use INIT() macro for allocationsMartin Willi2013-05-061-17/+21
|
* kernel-pfroute: use only a single PF_ROUTE socket for both events and queriesMartin Willi2013-05-061-27/+11
|
* kernel-pfroute: fix length check when receiving PF_ROUTE messagesMartin Willi2013-05-061-1/+1
|
* kernel-pfkey: remove obsolete pluto specific behaviorMartin Willi2013-05-061-5/+1
|
* kernel-netlink: remove obsolete pluto specific behaviorMartin Willi2013-05-061-7/+1
|
* kernel-netlink: Add an option to disable roam eventsTobias Brunner2013-05-031-1/+13
|
* kernel-netlink: Define defaults for routing table and prioTobias Brunner2013-05-031-0/+8
|
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-201-1/+3
| | | | This avoids huge warnings when building the native code.
* Use proper address family when adding multiple addresses to SQL poolTobias Brunner2013-03-191-0/+15
|
* Ignore SQL-based IP address pools if their address family does not matchTobias Brunner2013-03-191-10/+21
|
* Load arbitrary (non-host) attributes from strongswan.confTobias Brunner2013-03-191-21/+32
| | | | This allows to e.g. load Cisco-specific attributes that contain FQDNs.
* Merge branch 'radius-ext'Martin Willi2013-03-186-11/+32
|\ | | | | | | | | | | Bring some extensions to eap-radius, namely a virtual IP address provider based on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting updates and the reporting of sent/received packets.
| * Pass correclty sized pointer to lookup_algorithm() in PF_KEYMartin Willi2013-03-141-1/+1
| |
| * kernel_ipsec_t.query_sa() additionally returns the number of processed packetsMartin Willi2013-03-146-10/+31
| |
* | Merge branch 'netlink-align'Martin Willi2013-03-183-268/+151
|\ \ | |/ |/| | | | | Fixes some Netlink alignment issues, and then refactors Netlink XFRM message attribute handling.
| * Use netlink_add_attribute() to copy over attributes during update_sa()Martin Willi2013-03-151-9/+6
| |
| * Use a helper function to add XFRM_MARK attributeMartin Willi2013-03-151-81/+37
| |
| * Use netlink_reserve() helper function in XFRM to simplify message constructionMartin Willi2013-03-151-175/+72
| |
| * Add a Netlink utility function to add a RTA header and reserve space for dataMartin Willi2013-03-152-0/+32
| |
| * Correctly check buffer length in netlink_add_attribute()Martin Willi2013-03-152-7/+9
| |
| * Avoid unneeded termination of netlink algorithm name arrays with END_OF_LISTMartin Willi2013-03-151-13/+14
| |
| * When adding Netlink attributes, increase header length with potential alignmentMartin Willi2013-03-111-32/+30
| | | | | | | | | | If the payload is unaligned, we must make sure the total netlink message length includes the added alignment for the first attribute.
* | strdup() iface passed to queue_route_reinstall(), fixing double-freeMartin Willi2013-03-111-1/+1
| |
* | Add a constructor to create in-memory pools from an address rangeMartin Willi2013-03-112-3/+58
|/
* Fix maximum size of a mem_pool_tTobias Brunner2013-03-071-2/+2
|
* Fix some apidoc in mem_pool.hMartin Willi2013-03-061-3/+3
|
* Merge branch 'ikev1-rekeying'Martin Willi2013-03-011-0/+4
|\ | | | | | | | | Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces the old Main Mode having a uniqueids=replace policy.
| * After IKEv1 reauthentication, reinstall VIP routes after migrating CHILD_SAsMartin Willi2013-02-201-0/+4
| | | | | | | | | | | | During IKEv1 reauthentication, the virtual IP gets removed, then reinstalled. The CHILD_SAs get migrated, but any associated route gets removed from the kernel. Reinstall routes after adding the virtual IP again.
* | Merge branch 'vip-shunts'Martin Willi2013-03-011-4/+13
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | Installs bypass policies for the physical address if a virtual address is assigned, and installs a proper source route to actually use the physical address for bypassed destinations. Conflicts: src/libcharon/plugins/unity/unity_handler.c
| * | Install a route for shunt policiesMartin Willi2013-02-201-5/+13
| |/ | | | | | | | | | | | | If we install a virtual IP, its source route would render the shunt policy useless, as locally generated traffic wouldn't match. Having a route for each shunt policy with higher priority chooses the correct source address for bypassed destinations.
* | Merge branch 'opaque-ports'Martin Willi2013-03-012-3/+3
|\ \ | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-212-4/+3
| |/
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 19:01:14 +0000