Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Tobias Brunner
9ff9c3d11b
Added missing break statements in NAT-T mapping handling in PF_KEY plugin
2012-09-28 18:57:56 +02:00
Tobias Brunner
f65ec0aa90
Make sure the if_name member of cached route entries is initialized to NULL
2012-09-22 08:23:56 +02:00
Tobias Brunner
9ba36c0f7f
Make it easy to check if an address is locally usable via changed get_interface() method
2012-09-21 18:16:26 +02:00
Tobias Brunner
dad6d904ee
Use source address in get_nexthop() call
...
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
2012-09-21 18:16:25 +02:00
Tobias Brunner
08ad639f32
Added algorithm lookup via kernel_interface_t to the various kernel interfaces
2012-09-13 15:48:49 +02:00
Tobias Brunner
e49abcede0
Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.
2012-08-08 15:12:24 +02:00
Tobias Brunner
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Tobias Brunner
9896b6bd58
Don't compare ports when comparing cached routes.
...
At least src_ip has a port set sometimes.
2012-06-15 16:44:07 +02:00
Tobias Brunner
05ca56558c
Disabled listening for kernel events in starter.
2012-06-08 14:12:06 +02:00
Tobias Brunner
9041c074b3
Properly install policies with ports in PF_KEY kernel interface.
2012-06-07 14:37:00 +02:00
Tobias Brunner
bc798c9ce8
Route reinstallation in kernel_ipsec_t implementations is not needed anymore.
2012-05-02 15:24:47 +02:00
Tobias Brunner
051226d5c0
Silently install route again, even if it did not change.
...
Address/interface changes can cause the route to disappear. Afterwards
the route might look the same but that does not mean it is still installed.
2011-11-04 11:11:17 +01:00
Tobias Brunner
25d59e9e2d
Compile warning fixed in kernel interfaces.
2011-11-04 11:11:17 +01:00
Tobias Brunner
773572f9e0
Implemented flushing of SAD and SPD entries via PF_KEY.
2011-10-21 14:24:33 +02:00
Tobias Brunner
d7a59f1976
Install fallback drop policies to avoid transmitting unencrypted packets.
...
During the update of a CHILD_SA (e.g. caused by MOBIKE) the old policy
is first uninstalled and then the new one is installed. In the short
time in between, where no policy is available in the kernel, unencrypted
packets could have been transmitted.
2011-07-27 13:44:33 +02:00
Tobias Brunner
fbedc6a45b
Remove policies in kernel interfaces based on their priority.
...
This allows to unroute a connection while the same connection is
currently established. In this case both CHILD_SAs share the same
reqid but the installed policies have different priorities.
2011-07-27 13:41:35 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Tobias Brunner
17927ca615
Record usage history of policies in PF_KEY kernel interface.
...
The implementation is nearly the same as in the Netlink kernel interface.
2011-07-06 12:56:34 +02:00
Tobias Brunner
108357b106
Some code cleanup in PF_KEY kernel interface.
2011-07-06 09:43:46 +02:00
Tobias Brunner
328f22e1d3
Add the reqid to kernel_ipsec_t.del_policy.
2011-07-06 09:43:45 +02:00
Tobias Brunner
3ee8fed445
Cache the most recent reqid in the PF_KEY kernel interface.
...
This makes the PF_KEY kernel interface behave the same as the Netlink
kernel interface.
2011-07-06 09:43:45 +02:00
Andreas Steffen
06b5b61838
install PASS and DROP shunt policies via PFKEYv2 interface
2011-07-05 21:57:45 +02:00
Martin Willi
14bf2f689d
Use CRITICAL job priority class for long running dispatcher jobs
2011-05-16 15:24:15 +02:00
Martin Willi
4876d4f3b3
Added an esn parameter to the kernel interface add_sa functions
2011-04-20 12:26:57 +02:00
Andreas Steffen
e3504d6011
added missing tfc argument to kernel_pfkey_ipsec interface
2010-12-27 05:53:36 +01:00
Tobias Brunner
e6f42b0721
Include the destination net in the policy priority calculation.
...
The resulting priorities are as follows:
IPv6 IPv4
routed normal routed normal
max 4096(+3) 2048(+3) 4096(+3) 2048(+3)
min 3072 1024 3840 1792
Where min is for a policy between two single hosts and max is
for /0 on both ends (lower priorities are preferred by the kernel).
(+3) applies for cases where no protocol and no ports are defined.
2010-12-07 12:14:50 +01:00
Tobias Brunner
b8bf01ddee
Do not install routes for pluto.
...
There are some incompatibilities with e.g. passthrough policies.
Pluto installs required source routes via updown script.
2010-09-02 19:04:24 +02:00
Tobias Brunner
06cdeac25f
Charon specific strongswan.conf options generalized.
2010-09-02 19:04:22 +02:00
Tobias Brunner
34cf6def83
Fixing installation of trap policies (SPI=0) in kernel interface.
2010-09-02 19:04:21 +02:00
Tobias Brunner
bd7a2f3bfc
Added an option to specify the type of a policy to kernel_ipsec.add_policy.
...
This will later allow us to support pluto's passthrough and drop
policies in charon.
2010-09-02 19:04:19 +02:00
Tobias Brunner
b4872c1e09
Replaced the protocol argument in add_policy with an optional SPI for an AH SA.
2010-09-02 19:04:19 +02:00
Tobias Brunner
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
Tobias Brunner
062a602216
Moved all kernel plugins to libhydra.
2010-09-02 19:01:26 +02:00