ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
10,018 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

34 Commits

Author SHA1 Message Date
Tobias Brunner 2e7cc07ecd Moved host_t and host_resolver_t to a new networking subfolder 2012-10-24 15:06:18 +02:00
Tobias Brunner 9ff9c3d11b Added missing break statements in NAT-T mapping handling in PF_KEY plugin 2012-09-28 18:57:56 +02:00
Tobias Brunner f65ec0aa90 Make sure the if_name member of cached route entries is initialized to NULL 2012-09-22 08:23:56 +02:00
Tobias Brunner 9ba36c0f7f Make it easy to check if an address is locally usable via changed get_interface() method 2012-09-21 18:16:26 +02:00
Tobias Brunner dad6d904ee Use source address in get_nexthop() call 
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
 2012-09-21 18:16:25 +02:00
Tobias Brunner 08ad639f32 Added algorithm lookup via kernel_interface_t to the various kernel interfaces 2012-09-13 15:48:49 +02:00
Tobias Brunner e49abcede0 Let kernel interfaces decide how to enable UDP decapsulation of ESP packets. 2012-08-08 15:12:24 +02:00
Tobias Brunner 26d77eb3e6 Centralized thread cancellation in processor_t 
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.

callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t.  The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
 2012-06-25 17:38:59 +02:00
Tobias Brunner 9896b6bd58 Don't compare ports when comparing cached routes. 
At least src_ip has a port set sometimes.
 2012-06-15 16:44:07 +02:00
Tobias Brunner 05ca56558c Disabled listening for kernel events in starter. 2012-06-08 14:12:06 +02:00
Tobias Brunner 9041c074b3 Properly install policies with ports in PF_KEY kernel interface. 2012-06-07 14:37:00 +02:00
Tobias Brunner bc798c9ce8 Route reinstallation in kernel_ipsec_t implementations is not needed anymore. 2012-05-02 15:24:47 +02:00
Tobias Brunner 051226d5c0 Silently install route again, even if it did not change. 
Address/interface changes can cause the route to disappear. Afterwards
the route might look the same but that does not mean it is still installed.
 2011-11-04 11:11:17 +01:00
Tobias Brunner 25d59e9e2d Compile warning fixed in kernel interfaces. 2011-11-04 11:11:17 +01:00
Tobias Brunner 773572f9e0 Implemented flushing of SAD and SPD entries via PF_KEY. 2011-10-21 14:24:33 +02:00
Tobias Brunner d7a59f1976 Install fallback drop policies to avoid transmitting unencrypted packets. 
During the update of a CHILD_SA (e.g. caused by MOBIKE) the old policy
is first uninstalled and then the new one is installed.  In the short
time in between, where no policy is available in the kernel, unencrypted
packets could have been transmitted.
 2011-07-27 13:44:33 +02:00
Tobias Brunner fbedc6a45b Remove policies in kernel interfaces based on their priority. 
This allows to unroute a connection while the same connection is
currently established.  In this case both CHILD_SAs share the same
reqid but the installed policies have different priorities.
 2011-07-27 13:41:35 +02:00
Tobias Brunner f3bb1bd039 Fixed common misspellings. 
Mostly found by 'codespell'.
 2011-07-20 16:14:10 +02:00
Tobias Brunner 17927ca615 Record usage history of policies in PF_KEY kernel interface. 
The implementation is nearly the same as in the Netlink kernel interface.
 2011-07-06 12:56:34 +02:00
Tobias Brunner 108357b106 Some code cleanup in PF_KEY kernel interface. 2011-07-06 09:43:46 +02:00
Tobias Brunner 328f22e1d3 Add the reqid to kernel_ipsec_t.del_policy. 2011-07-06 09:43:45 +02:00
Tobias Brunner 3ee8fed445 Cache the most recent reqid in the PF_KEY kernel interface. 
This makes the PF_KEY kernel interface behave the same as the Netlink
kernel interface.
 2011-07-06 09:43:45 +02:00
Andreas Steffen 06b5b61838 install PASS and DROP shunt policies via PFKEYv2 interface 2011-07-05 21:57:45 +02:00
Martin Willi 14bf2f689d Use CRITICAL job priority class for long running dispatcher jobs 2011-05-16 15:24:15 +02:00
Martin Willi 4876d4f3b3 Added an esn parameter to the kernel interface add_sa functions 2011-04-20 12:26:57 +02:00
Andreas Steffen e3504d6011 added missing tfc argument to kernel_pfkey_ipsec interface 2010-12-27 05:53:36 +01:00
Tobias Brunner e6f42b0721 Include the destination net in the policy priority calculation. 
The resulting priorities are as follows:

    IPv6               IPv4
    routed   normal    routed   normal
max 4096(+3) 2048(+3)  4096(+3) 2048(+3)
min 3072     1024      3840     1792

Where min is for a policy between two single hosts and max is
for /0 on both ends (lower priorities are preferred by the kernel).
(+3) applies for cases where no protocol and no ports are defined.
 2010-12-07 12:14:50 +01:00
Tobias Brunner b8bf01ddee Do not install routes for pluto. 
There are some incompatibilities with e.g. passthrough policies.
Pluto installs required source routes via updown script.
 2010-09-02 19:04:24 +02:00
Tobias Brunner 06cdeac25f Charon specific strongswan.conf options generalized. 2010-09-02 19:04:22 +02:00
Tobias Brunner 34cf6def83 Fixing installation of trap policies (SPI=0) in kernel interface. 2010-09-02 19:04:21 +02:00
Tobias Brunner bd7a2f3bfc Added an option to specify the type of a policy to kernel_ipsec.add_policy. 
This will later allow us to support pluto's passthrough and drop
policies in charon.
 2010-09-02 19:04:19 +02:00
Tobias Brunner b4872c1e09 Replaced the protocol argument in add_policy with an optional SPI for an AH SA. 2010-09-02 19:04:19 +02:00
Tobias Brunner bb381e26c6 Refer to scheduler and processor via lib and not hydra. 2010-09-02 19:04:18 +02:00
Tobias Brunner 062a602216 Moved all kernel plugins to libhydra. 2010-09-02 19:01:26 +02:00