a566c5f837
receiver: Avoid cloning packet data when verifying COOKIE payloads
...
Besides being more efficient this removes a memory leak that occurred
when a COOKIE payload was successfully verified.
Fixes #369 .
2013-07-29 22:04:24 +02:00
eafd7ee7e1
net: Socket implementations report the address families they support
2013-07-05 09:48:01 +02:00
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
68bfee4bc4
Avoid returning COOKIEs right after system boot
...
When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).
Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.
Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.
2013-03-19 16:19:11 +01:00
c849305ad7
Log message size for in- and outbound IKE messages
2012-12-24 12:29:30 +01:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
fdee6b5f5a
Moved packet_t and tun_device_t to networking folder
2012-10-24 15:06:18 +02:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
2b95ab7620
Raise a bus alert when IKE message header parsing fails
2012-10-24 11:34:30 +02:00
2e2feffb67
Don't check interface of inbound message if interfaces are not filtered
...
We don't have a proper kernel-net interface on Android yet, so the check
for a usable interface does not work there.
2012-09-24 17:12:18 +02:00
090c556ce8
Drop packets received on ignored interfaces
2012-09-21 18:16:26 +02:00
20915d6fa7
Apply send delay before adding non-ESP marker
...
Otherwise the packet header could not be parsed correctly when NAT-T is
used.
2012-08-24 11:23:36 +02:00
f26796deb5
Remove unused src/dst variables in send_no_marker()
2012-08-21 09:34:32 +02:00
5764a9b355
Moved packet_t to libstrongswan
2012-08-08 15:41:02 +02:00
6d11dd5770
Only log the sending of regular packets in sender_t
...
When sender_t is used to send ESP packets this would otherwise cause an extreme
amount of debug messages.
With this change all messages sent via sender_t.send_no_marker() cause no extra
DBG1 log message, but for debugging purposes the socket plugins do log the same
message again with DBG2 for all packets.
2012-08-08 15:41:02 +02:00
a7babe25ee
Added get_port() method to socket_t to learn the listening port.
2012-08-08 15:12:25 +02:00
75f8316332
Use send_no_marker to send NAT keepalives.
2012-08-08 15:12:25 +02:00
30dc7dff4d
Avoid double-free when prepending Non-ESP marker.
2012-08-08 15:12:25 +02:00
fb6c52adcd
Function added to send packets without Non-ESP marker.
2012-08-08 15:12:25 +02:00
fe4a152b85
Avoid unnecessary copy of packet data when removing Non-ESP marker.
2012-08-08 15:12:25 +02:00
73470cfe57
Added packet_t.skip_bytes method to skip bytes at the start of a packet.
2012-08-08 15:12:25 +02:00
896941d365
Improved how NAT-T keepalives are handled in sockets/receiver.
2012-08-08 15:12:24 +02:00
08b2ce7aa7
Callback for ESP packets added to receiver.
2012-08-08 15:12:24 +02:00
064da8b96b
Add Non-ESP marker in sender and not individual socket plugins.
2012-08-08 15:12:24 +02:00
65da43e2fc
Handle Non-ESP marker in receiver and not individual socket plugins.
2012-08-08 15:12:24 +02:00
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
0c096e9bb5
Check rng return value when generating COOKIE secret in receiver
2012-07-16 14:53:35 +02:00
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
983c667481
Use proper getter for settings in sender and receiver.
2012-05-03 13:57:04 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
f99d8b10c9
Added a dedicated sender flush method, delay sender destruction until users gone
2012-05-02 10:22:59 +02:00
1b7debcc04
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs
...
Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.
2012-04-17 10:02:21 +02:00
53300baded
Send correct INVALID_MAJOR_VERSION when receiving packet with unsupported protocol
2012-03-20 17:31:28 +01:00
be83ea7ebf
Drop IKEv1 main/aggressive modes if peer to aggressive
2012-03-20 17:31:28 +01:00
38bb727c06
Don't accept IKEv2 packets if IKEv2 disabled
2012-03-20 17:31:28 +01:00
38fb67fbf1
Add a payload.get_header_length() method, remove header length definitions
2012-03-20 17:30:42 +01:00
4ed52db2bb
Allow creation of message_t objects for IKEv1 packets.
2012-03-20 17:30:40 +01:00
867701bc6d
Accept and process IKEv1 messages in receiver
2012-03-20 17:30:39 +01:00
526b5afb45
Extended IKE header for IKEv1 support
2012-03-20 17:30:39 +01:00
8b6881cfc5
Added socket plugin feature loading callback
2011-10-14 10:05:48 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
14bf2f689d
Use CRITICAL job priority class for long running dispatcher jobs
2011-05-16 15:24:15 +02:00
a2302d2322
Added init_limit_half_open and a init_limit_job_load (replacing job_threshold) options, some refactorings
2011-05-16 15:24:14 +02:00
3f06403705
Added a job_threshold option to drop IKE_SA_INITs if a certain job load reached
2011-05-16 15:24:13 +02:00
fa20849431
Deferred instantiation of socket implmentations until registration.
...
Instantiating the implementations on plugin load was problematic
in case multiple socket plugins were loaded. Now, the first one
registered is instantiated.
2010-10-15 17:30:21 +02:00
c2fad1916a
Avoid recursive loop if no socket implementations are loaded.
2010-10-14 17:36:20 +02:00
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
61e8e73206
Refer to scheduler via hydra and not charon.
2010-09-02 19:01:24 +02:00
c5f7146b17
Refer to processor via hydra and not charon.
2010-09-02 19:01:22 +02:00
Tobias Brunner