Tobias Brunner
a566c5f837
receiver: Avoid cloning packet data when verifying COOKIE payloads
...
Besides being more efficient this removes a memory leak that occurred
when a COOKIE payload was successfully verified.
Fixes #369 .
2013-07-29 22:04:24 +02:00
Tobias Brunner
eafd7ee7e1
net: Socket implementations report the address families they support
2013-07-05 09:48:01 +02:00
Andreas Steffen
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
Tobias Brunner
68bfee4bc4
Avoid returning COOKIEs right after system boot
...
When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).
Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.
Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.
2013-03-19 16:19:11 +01:00
Tobias Brunner
c849305ad7
Log message size for in- and outbound IKE messages
2012-12-24 12:29:30 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
fdee6b5f5a
Moved packet_t and tun_device_t to networking folder
2012-10-24 15:06:18 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
2b95ab7620
Raise a bus alert when IKE message header parsing fails
2012-10-24 11:34:30 +02:00
Tobias Brunner
2e2feffb67
Don't check interface of inbound message if interfaces are not filtered
...
We don't have a proper kernel-net interface on Android yet, so the check
for a usable interface does not work there.
2012-09-24 17:12:18 +02:00
Tobias Brunner
090c556ce8
Drop packets received on ignored interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
20915d6fa7
Apply send delay before adding non-ESP marker
...
Otherwise the packet header could not be parsed correctly when NAT-T is
used.
2012-08-24 11:23:36 +02:00
Martin Willi
f26796deb5
Remove unused src/dst variables in send_no_marker()
2012-08-21 09:34:32 +02:00
Tobias Brunner
5764a9b355
Moved packet_t to libstrongswan
2012-08-08 15:41:02 +02:00
Tobias Brunner
6d11dd5770
Only log the sending of regular packets in sender_t
...
When sender_t is used to send ESP packets this would otherwise cause an extreme
amount of debug messages.
With this change all messages sent via sender_t.send_no_marker() cause no extra
DBG1 log message, but for debugging purposes the socket plugins do log the same
message again with DBG2 for all packets.
2012-08-08 15:41:02 +02:00
Tobias Brunner
a7babe25ee
Added get_port() method to socket_t to learn the listening port.
2012-08-08 15:12:25 +02:00
Tobias Brunner
75f8316332
Use send_no_marker to send NAT keepalives.
2012-08-08 15:12:25 +02:00
Tobias Brunner
30dc7dff4d
Avoid double-free when prepending Non-ESP marker.
2012-08-08 15:12:25 +02:00
Tobias Brunner
fb6c52adcd
Function added to send packets without Non-ESP marker.
2012-08-08 15:12:25 +02:00
Tobias Brunner
fe4a152b85
Avoid unnecessary copy of packet data when removing Non-ESP marker.
2012-08-08 15:12:25 +02:00
Tobias Brunner
73470cfe57
Added packet_t.skip_bytes method to skip bytes at the start of a packet.
2012-08-08 15:12:25 +02:00
Tobias Brunner
896941d365
Improved how NAT-T keepalives are handled in sockets/receiver.
2012-08-08 15:12:24 +02:00
Tobias Brunner
08b2ce7aa7
Callback for ESP packets added to receiver.
2012-08-08 15:12:24 +02:00
Tobias Brunner
064da8b96b
Add Non-ESP marker in sender and not individual socket plugins.
2012-08-08 15:12:24 +02:00
Tobias Brunner
65da43e2fc
Handle Non-ESP marker in receiver and not individual socket plugins.
2012-08-08 15:12:24 +02:00
Martin Willi
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
Tobias Brunner
0c096e9bb5
Check rng return value when generating COOKIE secret in receiver
2012-07-16 14:53:35 +02:00
Tobias Brunner
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Tobias Brunner
983c667481
Use proper getter for settings in sender and receiver.
2012-05-03 13:57:04 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Martin Willi
f99d8b10c9
Added a dedicated sender flush method, delay sender destruction until users gone
2012-05-02 10:22:59 +02:00
Martin Willi
1b7debcc04
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs
...
Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.
2012-04-17 10:02:21 +02:00
Martin Willi
53300baded
Send correct INVALID_MAJOR_VERSION when receiving packet with unsupported protocol
2012-03-20 17:31:28 +01:00
Martin Willi
be83ea7ebf
Drop IKEv1 main/aggressive modes if peer to aggressive
2012-03-20 17:31:28 +01:00
Martin Willi
38bb727c06
Don't accept IKEv2 packets if IKEv2 disabled
2012-03-20 17:31:28 +01:00
Martin Willi
38fb67fbf1
Add a payload.get_header_length() method, remove header length definitions
2012-03-20 17:30:42 +01:00
Tobias Brunner
4ed52db2bb
Allow creation of message_t objects for IKEv1 packets.
2012-03-20 17:30:40 +01:00
Martin Willi
867701bc6d
Accept and process IKEv1 messages in receiver
2012-03-20 17:30:39 +01:00
Martin Willi
526b5afb45
Extended IKE header for IKEv1 support
2012-03-20 17:30:39 +01:00
Martin Willi
8b6881cfc5
Added socket plugin feature loading callback
2011-10-14 10:05:48 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Martin Willi
14bf2f689d
Use CRITICAL job priority class for long running dispatcher jobs
2011-05-16 15:24:15 +02:00
Martin Willi
a2302d2322
Added init_limit_half_open and a init_limit_job_load (replacing job_threshold) options, some refactorings
2011-05-16 15:24:14 +02:00
Martin Willi
3f06403705
Added a job_threshold option to drop IKE_SA_INITs if a certain job load reached
2011-05-16 15:24:13 +02:00
Tobias Brunner
fa20849431
Deferred instantiation of socket implmentations until registration.
...
Instantiating the implementations on plugin load was problematic
in case multiple socket plugins were loaded. Now, the first one
registered is instantiated.
2010-10-15 17:30:21 +02:00
Tobias Brunner
c2fad1916a
Avoid recursive loop if no socket implementations are loaded.
2010-10-14 17:36:20 +02:00
Tobias Brunner
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
Tobias Brunner
61e8e73206
Refer to scheduler via hydra and not charon.
2010-09-02 19:01:24 +02:00
Tobias Brunner
c5f7146b17
Refer to processor via hydra and not charon.
2010-09-02 19:01:22 +02:00