Noel Kuntze
09f4bccfea
kernel-netlink: Implement passthrough type routes and use them on Linux
...
Enables us to ignore any future kernel features for routes unless
we actually need to consider them for the source IP routes.
Also enables us to actually really skip IPsec processing for those networks
(because even the routes don't touch those packets). It's more what
users expect.
Co-authored-by: Tobias Brunner <tobias@strongswan.org>
2020-03-10 10:20:58 +01:00
Tobias Brunner
4958acc0c2
kernel-interface: Reallocate previously used reqids
...
This is mainly an issue on FreeBSD where the current kernel still only
allows the daemon to use reqids < IPSEC_MANUAL_REQID_MAX (0x3fff = 16383).
Fixes #2315 .
2020-03-09 15:27:03 +01:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
f99bd2a5a6
kernel-interface: Consider interface ID when allocating reqids
2019-04-03 12:00:08 +02:00
Tobias Brunner
b32c3ce8fe
kernel-netlink: Make interface ID configurable on SAs and policies
2019-04-03 12:00:08 +02:00
Tobias Brunner
9cee688f78
kernel-netlink: Add support for setting mark/mask an SA should apply to processed traffic
2018-08-31 12:24:30 +02:00
Tobias Brunner
c993eaf9d1
kernel: Add option to control DS field behavior
2018-08-29 11:36:04 +02:00
Tobias Brunner
dc8b015d78
kernel: Add options to control DF and ECN header bits/fields via XFRM
...
The options control whether the DF and ECN header bits/fields are copied
from the unencrypted packets to the encrypted packets in tunnel mode (DF only
for IPv4), and for ECN whether the same is done for inbound packets.
Note: This implementation only works with Linux/Netlink/XFRM.
Based on a patch by Markus Sattler.
2018-08-29 11:36:04 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Adi Nissim
8ced1570ab
child-cfg: Make HW offload auto mode configurable
...
Until now the configuration available to user for HW offload were:
hw_offload = no
hw_offload = yes
With this commit users will be able to configure auto mode using:
hw_offload = auto
Signed-off-by: Adi Nissim <adin@mellanox.com>
Reviewed-by: Aviv Heller <avivh@mellanox.com>
2018-03-21 10:32:02 +01:00
Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Tobias Brunner
527b3f0ca5
Fixed some typos, courtesy of codespell
2017-11-15 10:21:13 +01:00
Tobias Brunner
a46d233c0e
kernel-interface: Not all kernel interfaces support SPIs on policies
2017-08-07 10:44:05 +02:00
Tobias Brunner
2e4d110d1e
linked-list: Change return value of find_first() and signature of its callback
...
This avoids the unportable five pointer hack.
2017-05-26 13:56:44 +02:00
Tobias Brunner
35a53d6491
kernel-ipsec: Add flag to enable hardware offloading for an IPsec SA
2017-05-23 16:51:03 +02:00
Tobias Brunner
6d86d0f516
kernel: Make range of SPIs for IPsec SAs configurable
2017-03-02 08:52:56 +01:00
Tobias Brunner
46c21e3cc3
kernel-interface: Add interface name to local subnet enumerator
2017-02-08 10:38:28 +01:00
Tobias Brunner
324fc2cb52
kernel-interface: Add method to enumerate locally attached subnets
2017-02-08 10:38:28 +01:00
Tobias Brunner
99a57aa5ee
kernel-net: Let get_nexthop() return an optional interface name
...
The returned name should be the interface over which the destination
address/net is reachable.
2016-06-10 13:54:18 +02:00
Tobias Brunner
436f64d5bc
kernel-interface: Always set `vip` if get_address_by_ts() returns successfully
2016-06-10 13:52:30 +02:00
Andreas Steffen
c26e4330e7
Implemented IPsec policies restricted to given network interface
2016-04-09 16:51:02 +02:00
Andreas Steffen
7f57c4f9fb
Support manually-set IPsec policy priorities
2016-04-09 16:51:01 +02:00
Tobias Brunner
89da06ace9
kernel: Use structs to pass information to the kernel-ipsec interface
2016-04-09 16:50:59 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
8394ea2a42
libhydra: Move kernel interface to libcharon
...
This moves hydra->kernel_interface to charon->kernel.
2016-03-03 17:36:11 +01:00
Tobias Brunner
f30be6a92f
kernel-handler: Log new endpoint if NAT mapping changed
2015-03-19 09:54:10 +01:00
Martin Willi
b125839a1a
kernel-interface: Raise mapping event with a proto/SPI/dst tuple
2015-02-20 13:34:51 +01:00
Martin Willi
f81a949748
kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqid
2015-02-20 13:34:50 +01:00
Martin Willi
44e6aa4fb7
kernel-handler: Whitespace cleanups
2013-10-11 10:15:21 +02:00
Martin Willi
3a925f74ab
Do not query CHILD_SA during delete if they already expired
2012-03-20 17:31:31 +01:00
Tobias Brunner
446ff101c2
Added a log message when roam jobs get created.
2011-07-21 19:44:42 +02:00
Tobias Brunner
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
Tobias Brunner
f6659688ab
Refer to kernel interface via hydra and not charon.
2010-09-02 19:01:25 +02:00
Tobias Brunner
6f449d2efd
Moved kernel interface to libhydra.
2010-09-02 19:01:25 +02:00
Tobias Brunner
9f166d9ac2
Removed references to protocol_id_t from kernel interface.
...
Instead we use the actual IP protocol identifier (the conversion now happens in
child_sa_t and kernel_handler_t).
2010-09-02 19:01:25 +02:00
Tobias Brunner
ba26508d05
Moved roam job creation to kernel event handler.
2010-09-02 19:01:25 +02:00
Tobias Brunner
4e258e63c3
Moved migrate job creation to kernel event handler.
2010-09-02 19:01:24 +02:00
Tobias Brunner
01563352e8
Moved update SA job creation to kernel event handler.
2010-09-02 19:01:24 +02:00
Tobias Brunner
a22853b302
Moved delete/rekey CHILD_SA job creation to kernel event handler.
2010-09-02 19:01:24 +02:00
Tobias Brunner
81f6ec276b
Moved acquire job creation to kernel event handler.
2010-09-02 19:01:23 +02:00
Tobias Brunner
09ae31f13a
Added kernel event handler stub.
2010-09-02 19:01:23 +02:00
Tobias Brunner
f7f3d87ed7
All kernel listener hooks are optional.
2010-09-02 19:01:23 +02:00
Tobias Brunner
c560ddeb25
Added listener handling to kernel interface.
2010-09-02 19:01:23 +02:00
Tobias Brunner
bd50254ca9
Added an interface for kernel event listeners.
2010-09-02 19:01:23 +02:00
Tobias Brunner
211943be23
Some whitespace and code style fixes.
2010-09-02 19:01:23 +02:00
Andreas Steffen
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
Tobias Brunner
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00