Martin Willi
f8646dd65e
kernel-pfkey: check if we have a gateway before comparing them
2013-05-06 16:10:13 +02:00
Martin Willi
d4260c5f7f
kernel-pfkey: install route along with input, not forward policies
...
As forwarding policies are not available on all systems (OS X), using the
forward policy to attach the route is a bad pick. Using input policies allows
OS X to install routes.
2013-05-06 16:10:13 +02:00
Martin Willi
6e879a59fc
kernel-pfroute: rescan address list for an interface if its state changes
...
It seems that we don't get address notifications if the interface is down
on OS X.
2013-05-06 16:10:13 +02:00
Martin Willi
0fd409db77
kernel-pfroute: add newly appearing interfaces to the interface cache
2013-05-06 16:10:12 +02:00
Martin Willi
9bc342eae4
kernel-pfroute: implement get_nexthop()
2013-05-06 16:10:12 +02:00
Martin Willi
272bcac894
kernel-pfroute: install and uninstall routes
2013-05-06 16:10:12 +02:00
Martin Willi
3a7f4b5c8d
kernel-pfroute: collect replies received for our own queries
2013-05-06 16:10:12 +02:00
Martin Willi
b1c6b68e4c
kernel-pfroute: refactor PF_ROUTE message processing, use an enumerator
2013-05-06 16:10:12 +02:00
Martin Willi
889efae4cf
kernel-pfkey: use an int to set esp_port with a sysctl on OS X
2013-05-06 16:10:12 +02:00
Martin Willi
9650bf3cc7
kernel-pfroute: use INIT() macro for allocations
2013-05-06 16:10:12 +02:00
Martin Willi
0e107f03ac
kernel-pfroute: use only a single PF_ROUTE socket for both events and queries
2013-05-06 16:10:12 +02:00
Martin Willi
e8002956c9
kernel-pfroute: fix length check when receiving PF_ROUTE messages
2013-05-06 16:10:12 +02:00
Martin Willi
64f309e735
kernel-pfkey: remove obsolete pluto specific behavior
2013-05-06 16:10:12 +02:00
Martin Willi
bc6275d21c
kernel-netlink: remove obsolete pluto specific behavior
2013-05-06 16:10:11 +02:00
Tobias Brunner
37873f9994
kernel-netlink: Add an option to disable roam events
2013-05-03 15:11:19 +02:00
Tobias Brunner
0b9ce21b5e
kernel-netlink: Define defaults for routing table and prio
2013-05-03 15:11:19 +02:00
Tobias Brunner
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
Tobias Brunner
2ac772a5d0
Use proper address family when adding multiple addresses to SQL pool
2013-03-19 16:33:07 +01:00
Tobias Brunner
fe62707209
Ignore SQL-based IP address pools if their address family does not match
2013-03-19 16:33:07 +01:00
Tobias Brunner
deafaf51f1
Load arbitrary (non-host) attributes from strongswan.conf
...
This allows to e.g. load Cisco-specific attributes that contain FQDNs.
2013-03-19 15:21:30 +01:00
Martin Willi
d29246cabe
Merge branch 'radius-ext'
...
Bring some extensions to eap-radius, namely a virtual IP address provider based
on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting
updates and the reporting of sent/received packets.
2013-03-18 10:13:36 +01:00
Martin Willi
cb14ecb1d3
Merge branch 'netlink-align'
...
Fixes some Netlink alignment issues, and then refactors Netlink XFRM message
attribute handling.
2013-03-18 10:09:35 +01:00
Martin Willi
94163816fa
Use netlink_add_attribute() to copy over attributes during update_sa()
2013-03-15 16:02:01 +01:00
Martin Willi
0d9f31e1ed
Use a helper function to add XFRM_MARK attribute
2013-03-15 16:02:01 +01:00
Martin Willi
6dfc633927
Use netlink_reserve() helper function in XFRM to simplify message construction
2013-03-15 16:02:01 +01:00
Martin Willi
6359ab04f4
Add a Netlink utility function to add a RTA header and reserve space for data
2013-03-15 14:32:51 +01:00
Martin Willi
53c98f098f
Correctly check buffer length in netlink_add_attribute()
2013-03-15 14:32:25 +01:00
Martin Willi
6ac601f543
Avoid unneeded termination of netlink algorithm name arrays with END_OF_LIST
2013-03-15 14:01:15 +01:00
Martin Willi
6b35ab84da
Pass correclty sized pointer to lookup_algorithm() in PF_KEY
2013-03-14 14:20:54 +01:00
Martin Willi
7eeeb1c702
kernel_ipsec_t.query_sa() additionally returns the number of processed packets
2013-03-14 14:20:54 +01:00
Martin Willi
cf6a4ea005
strdup() iface passed to queue_route_reinstall(), fixing double-free
2013-03-11 15:17:50 +01:00
Martin Willi
0897cda33b
Add a constructor to create in-memory pools from an address range
2013-03-11 15:12:47 +01:00
Martin Willi
d3f5a05e29
When adding Netlink attributes, increase header length with potential alignment
...
If the payload is unaligned, we must make sure the total netlink message
length includes the added alignment for the first attribute.
2013-03-11 12:32:21 +01:00
Tobias Brunner
292ee515db
Fix maximum size of a mem_pool_t
2013-03-07 18:21:02 +01:00
Martin Willi
ad9af9e2d8
Fix some apidoc in mem_pool.h
2013-03-06 10:26:52 +01:00
Martin Willi
b611d8ba48
Merge branch 'ikev1-rekeying'
...
Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces
the old Main Mode having a uniqueids=replace policy.
2013-03-01 11:32:02 +01:00
Martin Willi
ec1b4e6638
Merge branch 'vip-shunts'
...
Installs bypass policies for the physical address if a virtual address is
assigned, and installs a proper source route to actually use the physical
address for bypassed destinations.
Conflicts:
src/libcharon/plugins/unity/unity_handler.c
2013-03-01 11:30:13 +01:00
Martin Willi
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
Martin Willi
53e62f5d0c
Indicate support for processing ESPv3 TFC padding in Netlink IPsec backend
2013-03-01 11:11:51 +01:00
Martin Willi
76f7d80e80
Introduce "features" for the kernel backends returning kernel capabilities
2013-03-01 11:11:24 +01:00
Martin Willi
a1db77de7c
Use a complete port range in traffic_selector_create_from_{subnet,cidr}
2013-02-21 11:52:33 +01:00
Martin Willi
a2fd08dd26
Install a route for shunt policies
...
If we install a virtual IP, its source route would render the shunt policy
useless, as locally generated traffic wouldn't match. Having a route for each
shunt policy with higher priority chooses the correct source address for
bypassed destinations.
2013-02-20 16:32:24 +01:00
Martin Willi
3dc9d427c9
After IKEv1 reauthentication, reinstall VIP routes after migrating CHILD_SAs
...
During IKEv1 reauthentication, the virtual IP gets removed, then reinstalled.
The CHILD_SAs get migrated, but any associated route gets removed from the
kernel. Reinstall routes after adding the virtual IP again.
2013-02-20 09:16:00 +01:00
Martin Willi
544c2e3d7b
kernel-netlinks get_interface() considers virtual IPs, too
...
When using load-tester, we can install tunnel outer addresses on
demand. As these are installed as "virtual", we have to consider
virtual IPs in the get_interface() lookup to install "real" virtual
IPs to these dynamic external addresses.
2012-12-17 14:23:44 +01:00
Martin Willi
d88597f0dd
Don't wait while removing external IPs used for load testing
2012-11-29 10:22:51 +01:00
Martin Willi
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
Martin Willi
50bd755871
Add an optional kernel-interface parameter to install IPs with a custom prefix
2012-11-29 10:22:51 +01:00
Martin Willi
8edb6248f8
libhydra can be initialized more than once
2012-11-14 10:14:34 +01:00
Tobias Brunner
cbd52e7ddc
Limit recursion when searching for source addresses
...
This could be required if e.g. two default routes list gateways but the
corresponding outbound interfaces do not have any IP addresses on them.
2012-11-13 09:06:02 +01:00
Tobias Brunner
5be88ca6bb
Don't call get_route recursively if a route's gateway matches the destination
2012-11-13 09:06:02 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
d5c143e5be
Moved enum_name_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
125b37af6d
Moved chunk_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Tobias Brunner
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
Tobias Brunner
8e2d3075aa
Use proper offset when adding mark attribute in kernel-netlink plugin
2012-10-15 11:11:29 +02:00
Tobias Brunner
ac24c4d323
Also add mark when querying current replay state in kernel-netlink plugin
2012-10-15 10:15:53 +02:00
Tobias Brunner
2925aa725e
Fixed update_sa in kernel-netlink plugin if marks are used
2012-10-11 19:08:47 +02:00
Tobias Brunner
9ff9c3d11b
Added missing break statements in NAT-T mapping handling in PF_KEY plugin
2012-09-28 18:57:56 +02:00
Tobias Brunner
a37ac3a47a
Make sure we successfully opened xfrm_acq_expires
2012-09-28 18:54:28 +02:00
Tobias Brunner
6ffb8f8634
Clarified code when hashing/comparing cached policies in kernel-netlink
2012-09-28 18:30:16 +02:00
Tobias Brunner
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
Tobias Brunner
53ab3c27cd
Ensure that pipe is closed when calling resolvconf(8)
2012-09-28 17:33:24 +02:00
Tobias Brunner
9a1ba213f4
Use proper argument for sizeof when copying replay state
2012-09-28 17:00:20 +02:00
Tobias Brunner
bef21bd330
Algorithm names are not always static anymore, avoid string overflows
2012-09-28 16:49:05 +02:00
Tobias Brunner
a79af394a0
Allow replay windows smaller than the default of 32
2012-09-27 12:43:39 +02:00
Tobias Brunner
9845391a95
Properly initialize cached address map in kernel-pfroute plugin
2012-09-27 12:43:36 +02:00
Tobias Brunner
bfd2cc1cd7
Fixed compilation of kernel-pfroute plugin
2012-09-27 09:23:58 +02:00
Tobias Brunner
2e2feffb67
Don't check interface of inbound message if interfaces are not filtered
...
We don't have a proper kernel-net interface on Android yet, so the check
for a usable interface does not work there.
2012-09-24 17:12:18 +02:00
Tobias Brunner
f65ec0aa90
Make sure the if_name member of cached route entries is initialized to NULL
2012-09-22 08:23:56 +02:00
Tobias Brunner
bdf36dac71
Use an rwlock in kernel-pfroute too
2012-09-21 18:16:27 +02:00
Tobias Brunner
a25d536eea
Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink plugin
2012-09-21 18:16:27 +02:00
Tobias Brunner
16d62305c2
Use a separate mutex for cached routes in kernel-netlink plugin
2012-09-21 18:16:27 +02:00
Tobias Brunner
4134108c77
Use a lock to safely check and update the time for the next roam event
2012-09-21 18:16:27 +02:00
Tobias Brunner
e8e9048fee
Added an option to configure the interface on which virtual IP addresses are installed
2012-09-21 18:16:26 +02:00
Tobias Brunner
c6b401581a
Changed how kernel-netlink handles virtual IP addresses
...
Also tried to avoid the use of enumerators.
2012-09-21 18:16:26 +02:00
Tobias Brunner
4106aea8e4
Made IP address enumeration more flexible
...
Also added an option to enumerate addresses on ignored interfaces.
2012-09-21 18:16:26 +02:00
Tobias Brunner
1f97e1aaca
Use a hashtable to quickly check for usable IP addresses/interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
940e1b0f66
Filter ignored interfaces in kernel interfaces (for events, address enumeration, etc.)
2012-09-21 18:16:26 +02:00
Tobias Brunner
645d7a5ef3
%any is never on a local interface
2012-09-21 18:16:26 +02:00
Tobias Brunner
9ba36c0f7f
Make it easy to check if an address is locally usable via changed get_interface() method
2012-09-21 18:16:26 +02:00
Tobias Brunner
aed33805ce
Don't ignore loopback devices and allow addresses on them being enumerated
2012-09-21 18:16:26 +02:00
Tobias Brunner
9513225e6b
Added options and a lookup function that will allow filtering of network interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
dad6d904ee
Use source address in get_nexthop() call
...
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
2012-09-21 18:16:25 +02:00
Tobias Brunner
662534657f
Source address lookup refactored
...
Routes matching the destination are now first parsed and sorted by network
prefix length. This list is then used to search for the best route with
a matching preferred source address (if one is specified). This makes sure
we really check all routes for that address.
2012-09-21 18:16:25 +02:00
Tobias Brunner
cef0a8118e
Check routes with equal prefix if preferred source is specified
2012-09-21 18:16:25 +02:00
Tobias Brunner
9d6b02d6c1
Try to find preferred source on interface if returned source does not match
2012-09-21 18:16:25 +02:00
Tobias Brunner
da6d86dd94
Try to keep the given source address when looking up routes
...
This allows to pin the local end of an IKE_SA to an address that is not the
physical address of an interface. Without this patch the local address would
change to the physical address when roam events occur.
2012-09-21 18:16:25 +02:00
Martin Willi
f0a2fef8a5
In mem_pool, check for an existing ID entry before creating a new one
2012-09-20 11:04:55 +02:00
Tobias Brunner
08ad639f32
Added algorithm lookup via kernel_interface_t to the various kernel interfaces
2012-09-13 15:48:49 +02:00
Tobias Brunner
524fb37ccd
Added possibility to register custom kernel algorithms to kernel interface
2012-09-13 15:44:47 +02:00
Tobias Brunner
fa96a350c2
Consistently log XFRM mark masks with 0 prefix in kernel-netlink plugin
2012-09-12 17:40:36 +02:00
Martin Willi
5b96503e13
Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != sizeof(int)
2012-09-12 13:19:52 +02:00
Martin Willi
1e04488f32
Check for an existing lease in all stroke pools before creating a new one
2012-09-11 16:18:28 +02:00
Martin Willi
28a3d5bfbd
Pass full pool list to release_address
2012-09-11 16:18:28 +02:00
Martin Willi
594c58e111
Pass the full list of pools to acquire_address, enumerate in providers
...
If the provider has access to the full pool list, it can enumerate
them twice, for example to search for existing leases first, and
only search for new leases in a second step.
Fixes lease enumeration in attr-sql using multiple pools.
2012-09-11 16:18:28 +02:00
Tobias Brunner
4065e2504c
Use the proper types for comma separated attributes read from strongswan.conf
...
Attributes of different address families previously were mapped to
the same attribute type (the one derived from the address family of the
first address).
2012-09-10 15:17:17 +02:00
Tobias Brunner
747fd544a7
Properly remove broadcast address from mem pools
2012-09-10 11:44:18 +02:00
Martin Willi
7f52f621c2
Be less verbose if IP allocation for a single pool fails
2012-08-30 16:43:44 +02:00
Martin Willi
40e9089889
Strictly enforce address family match while acquiring mem_pool IPs
2012-08-30 16:43:44 +02:00
Martin Willi
13f11ccf46
Don't parse comma separated pool names in attr-sql
...
We now handle multiple pools at a deeper level, making that special
handling obsolete. Comma separated pools are parsed in stroke.
2012-08-30 16:43:44 +02:00
Martin Willi
d55fe264d1
Pass all configured pool names to attribute provider enumerator
2012-08-30 16:43:43 +02:00
Martin Willi
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
d8eec395b2
Add a getter for the mem_pool_t base address
2012-08-24 11:19:07 +02:00
Tobias Brunner
31a0e24b0f
Increased log level when listing interfaces and IP addresses during startup
...
This avoids confusing log messages in starter and ipsec statusall
already lists the available addresses anyway.
2012-08-16 16:14:15 +02:00
Tobias Brunner
3a917ac77f
Validate netmask in mem_pool_create
2012-08-13 13:54:28 +02:00
Tobias Brunner
156f7e9b85
Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswan
...
This avoids a dependency of libipsec to libhydra.
2012-08-08 15:41:02 +02:00
Tobias Brunner
e49abcede0
Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.
2012-08-08 15:12:24 +02:00
Martin Willi
3b7468b245
Support Unity split-include/exclude options in attr plugin
2012-07-20 17:36:27 +02:00
Tobias Brunner
0159a54047
Check rng return value when generating SPIs in kernel-klips plugin
2012-07-16 14:53:36 +02:00
Tobias Brunner
63afd833b9
Avoid SIGSEGV during shutdown if charon is not started as root
2012-06-25 19:00:00 +02:00
Tobias Brunner
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Tobias Brunner
7beb31aae4
Fixed IPv6 source address lookup
...
Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for
IPv6 routes we didn't use NLM_F_DUMP to get all routes.
Still routes installed with policies are installed also for IPv6.
So since only one route is returned without DUMP, and we ignore
all routes from our own routing table, no source address was found
during roaming if DST of the installed route included the IKE peer.
With newer kernels we can now use DUMP as we did for IPv4 already,
for older kernels we do so if our own routes are installed in a
separate routing table, otherwise we still use GET.
2012-06-25 16:29:59 +02:00
Tobias Brunner
5c1332bf7c
NLM_F_DUMP includes NLM_F_ROOT.
2012-06-15 16:46:27 +02:00
Tobias Brunner
8ec51f83e5
Don't create roam jobs based on cached/cloned routes.
2012-06-15 16:44:18 +02:00
Tobias Brunner
9896b6bd58
Don't compare ports when comparing cached routes.
...
At least src_ip has a port set sometimes.
2012-06-15 16:44:07 +02:00
Tobias Brunner
05ca56558c
Disabled listening for kernel events in starter.
2012-06-08 14:12:06 +02:00
Tobias Brunner
9041c074b3
Properly install policies with ports in PF_KEY kernel interface.
2012-06-07 14:37:00 +02:00
Tobias Brunner
9e19cb912d
Destroy Netlink socket only after deleting remaining source routes.
2012-05-21 13:33:13 +02:00
Tobias Brunner
c732e22019
Fix route reinstallation if preferred source IP is not on outgoing interface.
2012-05-07 19:00:47 +02:00
Tobias Brunner
bc798c9ce8
Route reinstallation in kernel_ipsec_t implementations is not needed anymore.
2012-05-02 15:24:47 +02:00
Tobias Brunner
f834249c59
Reinstall routes in kernel-netlink plugin, if interfaces get reactivated or IPs reappear.
2012-05-02 15:24:47 +02:00
Tobias Brunner
74ba22c992
Keep track of installed source routes in kernel-netlink plugin.
2012-05-02 14:56:08 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Tobias Brunner
ed2cab08d2
Make resolvconf interface prefix configurable.
2012-03-27 10:44:21 +02:00
Tobias Brunner
caae5a5c0f
Added support for the resolvconf framework in resolve plugin.
...
If /sbin/resolvconf is found nameservers are not written directly to
/etc/resolv.conf but instead resolvconf is invoked.
2012-03-27 10:44:21 +02:00
Tobias Brunner
6e921f2017
Use single DBG2 statements in kernel_netlink plugin (i.e. ignore mark.value).
2012-03-27 10:37:56 +02:00
Martin Willi
3de54af7ec
Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid
2012-03-22 09:05:56 +01:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Martin Willi
07202a2bf1
Be less verbose when deleting SAs triggered by a hard expire
2012-03-20 17:31:31 +01:00
Martin Willi
e174e0d445
Added not-yet used sa_payload parameters used in IKEv1
2012-03-20 17:30:52 +01:00
Martin Willi
21796bac9a
Be less verbose if we don't have a local address for a tunnel
2012-03-06 16:05:58 +01:00
Tobias Brunner
686cfd4e34
Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
...
This requires a Linux kernel >= 2.6.33.
2012-02-27 14:31:19 +01:00
Tobias Brunner
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00
Tobias Brunner
35a1986142
Fixed additional typos in comments and log messages.
2012-01-12 11:42:42 +01:00
Thomas Egerer
64c4fd0a60
Always unlock mutex for installed policies in kernel-netlink plugin.
2011-12-14 18:17:49 +01:00
Thomas Jarosch
00b9e598f3
Fix copy'n'paste error in libhydra's netlink interface
...
Detected by cppcheck.
2011-11-21 09:00:39 +01:00
Mirko Parthey
7b21873668
Fix network interface deletion handling in kernel-netlink plugin.
...
When the kernel reports the deletion of an interface (RTM_DELLINK),
the cached interface attributes, including ifindex, become invalid
and must be forgotten.
Interface link state changes ("up" and "down") show up as RTM_NEWLINK,
so they will not cause a cached entry to be removed or
prevent listening to address change notifications.
Once an interface has been deleted, the kernel ought to stop sending
notifications for it. If the interface gets recreated with the same
name later, the kernel again reports RTM_NEWLINK, which causes a new
cache entry to be created.
There should be no reason to keep a stale cache entry around, as was
claimed in the comment.
2011-11-14 15:24:48 +01:00
Tobias Brunner
866858527d
Fix 'ipsec pool --status' for empty pools.
2011-11-04 15:07:54 +01:00
Thomas Egerer
c125d1ba13
Memwipe request after sa update, too
2011-11-04 11:11:17 +01:00
Thomas Egerer
dbfd1a63aa
Extend xfrm_attr_type_names by newly added enum values
2011-11-04 11:11:17 +01:00
Tobias Brunner
051226d5c0
Silently install route again, even if it did not change.
...
Address/interface changes can cause the route to disappear. Afterwards
the route might look the same but that does not mean it is still installed.
2011-11-04 11:11:17 +01:00
Tobias Brunner
25d59e9e2d
Compile warning fixed in kernel interfaces.
2011-11-04 11:11:17 +01:00
Tobias Brunner
0e6aafb5b6
The kernel-klips plugin does currently not support SAD/SPD flushing.
2011-10-21 14:24:33 +02:00
Tobias Brunner
773572f9e0
Implemented flushing of SAD and SPD entries via PF_KEY.
2011-10-21 14:24:33 +02:00
Tobias Brunner
99d23ddf45
Implemented flushing of states and policies via XFRM.
2011-10-21 14:18:53 +02:00
Tobias Brunner
0b0f466bbc
Defined functions in the kernel interface to flush SAD and SPD entries.
2011-10-21 14:18:23 +02:00
Tobias Brunner
cfa15a71d9
Source files in Android.mk updated.
2011-10-14 17:36:20 +02:00