09f4bccfea
kernel-netlink: Implement passthrough type routes and use them on Linux
...
Enables us to ignore any future kernel features for routes unless
we actually need to consider them for the source IP routes.
Also enables us to actually really skip IPsec processing for those networks
(because even the routes don't touch those packets). It's more what
users expect.
Co-authored-by: Tobias Brunner <tobias@strongswan.org>
2020-03-10 10:20:58 +01:00
4958acc0c2
kernel-interface: Reallocate previously used reqids
...
This is mainly an issue on FreeBSD where the current kernel still only
allows the daemon to use reqids < IPSEC_MANUAL_REQID_MAX (0x3fff = 16383).
Fixes #2315 .
2020-03-09 15:27:03 +01:00
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
f99bd2a5a6
kernel-interface: Consider interface ID when allocating reqids
2019-04-03 12:00:08 +02:00
b32c3ce8fe
kernel-netlink: Make interface ID configurable on SAs and policies
2019-04-03 12:00:08 +02:00
9cee688f78
kernel-netlink: Add support for setting mark/mask an SA should apply to processed traffic
2018-08-31 12:24:30 +02:00
c993eaf9d1
kernel: Add option to control DS field behavior
2018-08-29 11:36:04 +02:00
dc8b015d78
kernel: Add options to control DF and ECN header bits/fields via XFRM
...
The options control whether the DF and ECN header bits/fields are copied
from the unencrypted packets to the encrypted packets in tunnel mode (DF only
for IPv4), and for ECN whether the same is done for inbound packets.
Note: This implementation only works with Linux/Netlink/XFRM.
Based on a patch by Markus Sattler.
2018-08-29 11:36:04 +02:00
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
8ced1570ab
child-cfg: Make HW offload auto mode configurable
...
Until now the configuration available to user for HW offload were:
hw_offload = no
hw_offload = yes
With this commit users will be able to configure auto mode using:
hw_offload = auto
Signed-off-by: Adi Nissim <adin@mellanox.com>
Reviewed-by: Aviv Heller <avivh@mellanox.com>
2018-03-21 10:32:02 +01:00
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
527b3f0ca5
Fixed some typos, courtesy of codespell
2017-11-15 10:21:13 +01:00
a46d233c0e
kernel-interface: Not all kernel interfaces support SPIs on policies
2017-08-07 10:44:05 +02:00
2e4d110d1e
linked-list: Change return value of find_first() and signature of its callback
...
This avoids the unportable five pointer hack.
2017-05-26 13:56:44 +02:00
35a53d6491
kernel-ipsec: Add flag to enable hardware offloading for an IPsec SA
2017-05-23 16:51:03 +02:00
6d86d0f516
kernel: Make range of SPIs for IPsec SAs configurable
2017-03-02 08:52:56 +01:00
46c21e3cc3
kernel-interface: Add interface name to local subnet enumerator
2017-02-08 10:38:28 +01:00
324fc2cb52
kernel-interface: Add method to enumerate locally attached subnets
2017-02-08 10:38:28 +01:00
99a57aa5ee
kernel-net: Let get_nexthop() return an optional interface name
...
The returned name should be the interface over which the destination
address/net is reachable.
2016-06-10 13:54:18 +02:00
436f64d5bc
kernel-interface: Always set `vip` if get_address_by_ts() returns successfully
2016-06-10 13:52:30 +02:00
c26e4330e7
Implemented IPsec policies restricted to given network interface
2016-04-09 16:51:02 +02:00
7f57c4f9fb
Support manually-set IPsec policy priorities
2016-04-09 16:51:01 +02:00
89da06ace9
kernel: Use structs to pass information to the kernel-ipsec interface
2016-04-09 16:50:59 +02:00
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
8394ea2a42
libhydra: Move kernel interface to libcharon
...
This moves hydra->kernel_interface to charon->kernel.
2016-03-03 17:36:11 +01:00
f30be6a92f
kernel-handler: Log new endpoint if NAT mapping changed
2015-03-19 09:54:10 +01:00
b125839a1a
kernel-interface: Raise mapping event with a proto/SPI/dst tuple
2015-02-20 13:34:51 +01:00
f81a949748
kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqid
2015-02-20 13:34:50 +01:00
44e6aa4fb7
kernel-handler: Whitespace cleanups
2013-10-11 10:15:21 +02:00
3a925f74ab
Do not query CHILD_SA during delete if they already expired
2012-03-20 17:31:31 +01:00
446ff101c2
Added a log message when roam jobs get created.
2011-07-21 19:44:42 +02:00
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
f6659688ab
Refer to kernel interface via hydra and not charon.
2010-09-02 19:01:25 +02:00
6f449d2efd
Moved kernel interface to libhydra.
2010-09-02 19:01:25 +02:00
9f166d9ac2
Removed references to protocol_id_t from kernel interface.
...
Instead we use the actual IP protocol identifier (the conversion now happens in
child_sa_t and kernel_handler_t).
2010-09-02 19:01:25 +02:00
ba26508d05
Moved roam job creation to kernel event handler.
2010-09-02 19:01:25 +02:00
4e258e63c3
Moved migrate job creation to kernel event handler.
2010-09-02 19:01:24 +02:00
01563352e8
Moved update SA job creation to kernel event handler.
2010-09-02 19:01:24 +02:00
a22853b302
Moved delete/rekey CHILD_SA job creation to kernel event handler.
2010-09-02 19:01:24 +02:00
81f6ec276b
Moved acquire job creation to kernel event handler.
2010-09-02 19:01:23 +02:00
09ae31f13a
Added kernel event handler stub.
2010-09-02 19:01:23 +02:00
f7f3d87ed7
All kernel listener hooks are optional.
2010-09-02 19:01:23 +02:00
c560ddeb25
Added listener handling to kernel interface.
2010-09-02 19:01:23 +02:00
bd50254ca9
Added an interface for kernel event listeners.
2010-09-02 19:01:23 +02:00
211943be23
Some whitespace and code style fixes.
2010-09-02 19:01:23 +02:00
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00
Noel Kuntze