ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
3,304 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

62 Commits

Author SHA1 Message Date
Tobias Brunner 69e9698b17 allow to globally disable DOS protection by setting charon.dos_protection to no. 2008-11-26 09:22:19 +00:00
Tobias Brunner ed6146ffbe performance optimization for the DOS protection. 
* half-open SAs per peer are tracked in a hash table
 * charon.dos_protection setting replaced with charon.cookie_threshold and charon.block_threshold
 * chunk_hash function added
 2008-11-25 13:16:05 +00:00
Martin Willi addfea95df moved the IPV6_IPSEC_POLICY definition to the ipsec plugins, fixes uClibc build 2008-11-24 08:22:05 +00:00
Martin Willi bbbe605fe3 updated API doc for socket.h 2008-11-13 07:48:27 +00:00
Martin Willi 8120943583 ported socket enumerator to raw-socket.c 
some cleanups in socket.c
 2008-11-13 07:15:45 +00:00
Tobias Brunner ea625fabf9 merging kernel_klips plugin back into trunk 2008-11-11 09:22:00 +00:00
Martin Willi 465fe85ee1 fixed sender destruction order 2008-11-05 12:24:36 +00:00
Martin Willi 3ac5a0db8c replaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant 2008-11-05 11:29:56 +00:00
Tobias Brunner 507f26f685 merging modularized kernel interface back to trunk 2008-09-25 07:56:58 +00:00
Martin Willi 21632b76e0 added strongswan.conf option "charon.dos_protection" to disable cookies/aggressiveness check 2008-07-30 08:27:08 +00:00
Andreas Steffen 0005cee527 fixed typo 2008-05-21 21:52:59 +00:00
Martin Willi 5e6bbf4f77 added _GNU_SOURCE and limits.h to build against glibc-2.8 2008-04-24 13:49:20 +00:00
Martin Willi 6a365f0740 added API for random number generators, served through credential factory 
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
 2008-04-15 05:56:35 +00:00
Tobias Brunner 8e91a36314 thread locking for sender and processor optimized 2008-04-03 09:19:12 +00:00
Martin Willi 552cc11b1f merged the modularization branch (credentials) back to trunk 2008-03-13 14:14:44 +00:00
Martin Willi 733f336ad3 socket_t implementation withouth raw sockets 
--disable-raw-socket configure option
  prevents charon/pluto to run in parallel
 2007-11-26 11:20:00 +00:00
Tobias Brunner 183ddc20a9 typo 2007-10-02 13:56:58 +00:00
Martin Willi 9fe1a1ca76 introduced callback_job: 
simple asynchronous method invocation
  use daemons thread pool for all threads
  proper cancellation and cleanups
  cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
 2007-06-11 10:57:19 +00:00
Martin Willi 76042f8471 proper thread cancellation when using the charon->interfaces 2007-05-23 09:08:13 +00:00
Andreas Steffen 8a664830d0 cosmetics 2007-05-15 19:03:23 +00:00
Martin Willi a6a039aa10 simplified capability dropping 2007-05-09 13:12:06 +00:00
Martin Willi 6874bf698c changing UID/GID after startup of pluto/charon 
added --with-uid/--with-gid configure option
 2007-05-07 12:38:46 +00:00
Martin Willi 66560f4267 reducing capabilities of the threads to a minimum 
proper flush of pending packets on daemon shutdown
adding local address as gateway address in dynamic route
 2007-05-03 14:21:22 +00:00
Martin Willi 594e830eb7 forcing proper autoload of af_key kernel module in charon 2007-04-27 07:43:42 +00:00
Martin Willi db97fd8298 not using %m printf handler, as late errno interpration over bus may be problematic 2007-04-12 08:52:36 +00:00
Martin Willi 3b138b8422 cleaned up apidoc 
added some comments
removed configuration.[ch], as it does not make sense like it is
 2007-04-11 07:20:39 +00:00
Martin Willi e0fe765152 restructured file layout 
new configuration structure:
  peer_cfg: configuration related to a peer (authenitcation, ...=
  ike_cfg: config to use for IKE setup (proposals)
  child_Cfg: config for CHILD_SA (proposals, traffic selectors)
  a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
 2007-04-10 06:01:03 +00:00
Martin Willi 73390cce24 removed unneded includes 2007-03-30 12:24:31 +00:00
Martin Willi 373b8a607f fixed netlink socket receiver code 
implemented interface enumeration code with netlink: no getifaddrs reqired anymore
 2007-03-03 14:56:24 +00:00
Martin Willi c60c7694d2 merged tasking branch into trunk 2007-02-28 14:04:36 +00:00
Martin Willi 2c6584c0d2 respecting source address when sending packets 2007-02-15 11:35:10 +00:00
Martin Willi 61dd20f9e3 added address listing without getifaddrs for uclibc (only IPv4 yet) 2007-02-02 09:58:59 +00:00
Martin Willi d3032a9a82 renamed all static clone() functions to avoid naming conflicts with uclibc 2007-02-01 15:24:10 +00:00
Martin Willi 4986554f1a fixed more uClibc issues 
should compile against a uClibc > 0.9.28 (untested)
 2006-12-15 14:22:56 +00:00
Martin Willi db7ef62494 better split up of library files "types.h" & "definitions.h" 
centralized all printf specifier character definitions
reuse of arginfo handlers
more cleanups
fixed more AMD64 issues
added DEBUG_LEVEL compile flag to exclude DBGn() statements
 2006-10-31 12:27:59 +00:00
Martin Willi 382b481795 moved typedefs to beginning of files to solve some include problems 
splitted authenticator to have a separate implementation for each auth_method_t
using va_copy to clone va_lists, should fix proplems on AMD64
some other cleanups
 2006-10-30 14:07:05 +00:00
Martin Willi b83806d83d improved signal handling and emitting 2006-10-26 09:46:56 +00:00
Martin Willi 60356f3375 introduced new logging subsystem using bus: 
passive listeners can register on the bus
  active listeners wait for signals actively
  multiplexing allows multiple listeners to receive debug signals
  a lot more...
 2006-10-18 11:46:13 +00:00
Martin Willi c701e73dc1 fixed auxillary message data parsing for IPV6 socket 
using SOL_* constants for socket level
 2006-10-09 12:28:43 +00:00
Martin Willi a3a1b565da fixed IPV6_PKTINFO setsockopt() to work with most kernel headers 
replaced strerror(errno) with %m printf specifier
 2006-10-09 12:14:56 +00:00
Martin Willi 47f5027807 introduced printf() specifiers for: 
host_t (%H)
  identification_t (%D)
  chunk pointers (%B)
  memory pointer/length (%b)
added a signaling bus:
  receives event and debug messages, sends them to its listeners
  stream_logger, sys_logger, file_logger added, listen to bus
some other tweaks here and there
 2006-09-27 14:14:44 +00:00
Martin Willi a7371600b0 proper error handling for socket creation 2006-09-18 06:44:38 +00:00
Martin Willi d7934d0cfc implemented updown script to handle firewalling 2006-09-12 13:50:14 +00:00
Martin Willi c705698293 added raw socket filter for IPv6 2006-08-31 06:18:15 +00:00
Martin Willi 48d9883a3e initial support for IPv6 (more testing needed) 
socket works (without v6 filter)
  traffic selector handle IPv4/v4 cleanly
    improvements in traffic selector code
  kernel interface accepts v6 traffic selectors and hosts
  host_t class has full IPv6 support
 2006-08-30 17:12:56 +00:00
Martin Willi 4c23a8c9ec moved interface enumeration code to socket, where it belongs 
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
 2006-08-28 08:45:22 +00:00
Martin Willi 92ee45a0ee cleanups in kernel interface code 
added proper traffic selector to string conversion
some cleanups here & there
 2006-07-18 12:53:54 +00:00
Martin Willi e6cfe0eecc fixed UDP decapsulation by adding inbound bypass policy for send socket 2006-07-14 12:53:06 +00:00
Martin Willi e3109c02ac added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT 2006-07-14 08:08:55 +00:00
Martin Willi abba7ecb9d further work done for simultaneous rekeying/delete 
still some cases which cause trouble
 2006-07-10 14:24:04 +00:00