| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
This might not be the case if e.g. an address appeared but the old one
is still available but not actually usable. Without this the MOBIKE
task would eventually time out even though we might be able to switch
to a working address.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
In case we have no usable path to the other peer there is no point in
initiating any other tasks (like rekeying).
|
| |
|
|
|
| |
This will probably never be more than 1 since we only have one task queued
at a time and we don't migrate running tasks.
|
| |
|
|
|
|
|
|
| |
Because we only queue one MOBIKE task at a time, but destroy superfluous
ones only after we already increased the counter for pending MOBIKE updates,
we have to reduce the counter when such tasks are destroyed. Otherwise, the
queued task would assume another task is queued when it is running and
ignore any successful response.
|
| | |
|
| | |
|
| |
|
|
|
| |
If ESP proposals are added once with and once without DH groups
duplicates result during IKE_AUTH when DH groups are stripped.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
authentication rounds
Due to the issue described in c641974, purge() inadvertently destroyed
CA certificates that should have been kept (while the pointer to these
objects remained in the array). This lead to incorrect reference counts
and after a few reauthentications with multiple authentication rounds,
which cause calls to purge(TRUE), to crashes.
|
| |
|
|
| |
For ARRAY_TAIL we most often want to call remove_tail() not remove_head().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because enumerate() for value based arrays returns a pointer directly to
the internal array elements and because array_remove_at() or rather the
called array_remove() may move elements over the element at the currently
enumerated position, the pointer passed to enumerate() will point to a
different array element after the array_remove_at() call. The caller
will thus operate on the wrong element if that pointer is accessed again
before calling enumerate().
For performance reasons we currently don't change the implementation to copy
each array element during enumeration to a private member of the enumerator and
return a pointer to that. Similarly, due to the danger of subtle bugs we don't
remember the pointer passed to enumerate() to later redirect it to a copy
created during the array_remove_at() call.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
In the previous implementation queued jobs could prevent a service from
getting destroyed. This could have lead to a deadlock when the
processor is cancelled. Now destroy() still blocks, but waits only for
actually running tasks. The service instance is reference counted so that
queued jobs can safely be destroyed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Calling on_accept() sometimes lead to deadlocks when service->destroy()
was called concurrently. That is, two threads waiting in on_accept() but
the last worker would only wake one due to the call to signal(). Calling
broadcast() wouldn't help either as that could lead to crashes if the thread
that called destroy() is woken first.
This is also more efficient as a constant pool of concurrent workers can
be maintained, otherwise peaks at the limit were followed by only a single
worker being active.
|
| | |
|
| |
|
|
| |
Fixes #677.
|
| |
|
|
| |
References #557.
|
| |
|
|
|
|
|
|
| |
Due to how reauthentication works for IKEv1 we could get a second
IKE_SA, which might cause problems, when connectivity problems arise
when the connection is initially established.
Fixes #670.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We actually never deleted cached interfaces. So if the kernel reuses
interface indices events for newly created interfaces could have been
associated with interface objects of deactivated and deleted interfaces.
Since we also didn't update the interface name when such an interface
got reactivated we ended up using the old name e.g. to install routes.
A trigger for this was the deletion and recreation of TUN devices during
reauthentication of SAs that use virtual IPs.
|
| | |
|
| |
|
|
|
|
| |
Seems that packet counts can be retrieved after all. At least the Linux
and FreeBSD kernels treat the number of allocations as number of packets.
We actually installed packet limits in that field already.
|
| | |
|
| |
|
|
|
|
|
|
| |
Because this->thread is also read by threads that don't hold the
mutex the previous implementation was problematic (especially since
pthread_t is an opaque type of unknown length).
Fixes #654.
|
| |
|
|
| |
It seems libcurl does not always return an error message.
|
| |
|
|
|
| |
Listing test suites in TESTS_SUITES_EXCLUDE allows excluding specific
test suites from running.
|
| |
|
|
| |
Fixes #688.
|
| |
|
|
|
|
|
|
|
| |
This won't hurt as long as sets and validators are of the same class.
But as soon as one of the object's class is changed this will cause
either a compile error (best option), or result (most likely) in a
crash.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
|
|
|
| |
The adopt_children_job_create() function is not available when IKEv1 support
is disabled. Fixes uncommon builds using --enable-ha --disable-ikev1.
Fixes #690.
|
| |
|
|
|
|
|
| |
When having the unity plugin enabled and both peers send the Unity Vendor ID,
we proposed 0.0.0.0/0 as traffic selector, even if no Split-Include has been
received on the SA. This can break compatibility with some responders, as
they don't narrow the TS themselves, but expect the configured TS.
|
| |
|
|
|
|
| |
Since the narrow hook types reflect the roles in the Quick Mode exchange
the plugin behaved incorrectly if the server initiated the CHILD_SA
rekeying.
|
| | |
|
| |
|
|
|
|
|
|
| |
When an initiator starts reauthentication on a connection that uses push
mode to assign a virtual IP, we can't execute the Mode Config before releasing
the virtual IP. Otherwise we would request a new and different lease, which
the client probably can't handle. Defer Mode Config execution, so the same IP
gets first released then reassigned during reauthentication.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
If a peer immediately sends DELETE messages when completing Quick Mode rekeying,
the third Quick Mode message and the DELETE are sent simultaneously. This
implies that DELETE messages may arrive before the completing third Quick Mode
message.
Handle this case by ignoring the DELETE INFORMATIONAL in Quick Mode and let
the delete task handle it.
|
| |
|
|
| |
This should avoid errors such as the one fixed with 118b2879.
|
| |
|
|
|
| |
These are useful to assert constants during build time. We evaluate the
expression to 0 when valid, so we can safely use the evaluated value.
|
| |
|
|
|
|
|
|
| |
As we use libstrongswan and expect that it still works after the fork, we
can't just closefrom() all file descriptors. Watcher, for example, uses
a pipe to notify FDSET changes, which must be kept open.
Reverts 652ddf5ce2fad08f6569096dd56a821500cc5ba4.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To check if a received IKE_SA_INIT request is a new request or a
retransmit, charon maintains hashes of the pending IKE_SA_INIT
exchanges.
However, the hash calculation is not reentrant because a single hasher
is used for the whole IKE SA manager. It leads to bogus calculations
under high load and hence dropped messages on responder
(IkeInInvalidSpi incremented).
Don't share a single hasher in the IKE SA manager, create a transient
one whenever a message must be hashed.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
|
| |
|
|
|
|
|
|
| |
To avoid any race conditions when multiple threads call and initialize
diffie_hellman_get_params(), explicitly examine the optimum DH exponent size
during library initialization.
Fixes #655.
|
