Tobias Brunner
69e9698b17
allow to globally disable DOS protection by setting charon.dos_protection to no.
2008-11-26 09:22:19 +00:00
Tobias Brunner
ed6146ffbe
performance optimization for the DOS protection.
...
* half-open SAs per peer are tracked in a hash table
* charon.dos_protection setting replaced with charon.cookie_threshold and charon.block_threshold
* chunk_hash function added
2008-11-25 13:16:05 +00:00
Martin Willi
addfea95df
moved the IPV6_IPSEC_POLICY definition to the ipsec plugins, fixes uClibc build
2008-11-24 08:22:05 +00:00
Martin Willi
bbbe605fe3
updated API doc for socket.h
2008-11-13 07:48:27 +00:00
Martin Willi
8120943583
ported socket enumerator to raw-socket.c
...
some cleanups in socket.c
2008-11-13 07:15:45 +00:00
Tobias Brunner
ea625fabf9
merging kernel_klips plugin back into trunk
2008-11-11 09:22:00 +00:00
Martin Willi
465fe85ee1
fixed sender destruction order
2008-11-05 12:24:36 +00:00
Martin Willi
3ac5a0db8c
replaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant
2008-11-05 11:29:56 +00:00
Tobias Brunner
507f26f685
merging modularized kernel interface back to trunk
2008-09-25 07:56:58 +00:00
Martin Willi
21632b76e0
added strongswan.conf option "charon.dos_protection" to disable cookies/aggressiveness check
2008-07-30 08:27:08 +00:00
Andreas Steffen
0005cee527
fixed typo
2008-05-21 21:52:59 +00:00
Martin Willi
5e6bbf4f77
added _GNU_SOURCE and limits.h to build against glibc-2.8
2008-04-24 13:49:20 +00:00
Martin Willi
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
Tobias Brunner
8e91a36314
thread locking for sender and processor optimized
2008-04-03 09:19:12 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Martin Willi
733f336ad3
socket_t implementation withouth raw sockets
...
--disable-raw-socket configure option
prevents charon/pluto to run in parallel
2007-11-26 11:20:00 +00:00
Tobias Brunner
183ddc20a9
typo
2007-10-02 13:56:58 +00:00
Martin Willi
9fe1a1ca76
introduced callback_job:
...
simple asynchronous method invocation
use daemons thread pool for all threads
proper cancellation and cleanups
cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
2007-06-11 10:57:19 +00:00
Martin Willi
76042f8471
proper thread cancellation when using the charon->interfaces
2007-05-23 09:08:13 +00:00
Andreas Steffen
8a664830d0
cosmetics
2007-05-15 19:03:23 +00:00
Martin Willi
a6a039aa10
simplified capability dropping
2007-05-09 13:12:06 +00:00
Martin Willi
6874bf698c
changing UID/GID after startup of pluto/charon
...
added --with-uid/--with-gid configure option
2007-05-07 12:38:46 +00:00
Martin Willi
66560f4267
reducing capabilities of the threads to a minimum
...
proper flush of pending packets on daemon shutdown
adding local address as gateway address in dynamic route
2007-05-03 14:21:22 +00:00
Martin Willi
594e830eb7
forcing proper autoload of af_key kernel module in charon
2007-04-27 07:43:42 +00:00
Martin Willi
db97fd8298
not using %m printf handler, as late errno interpration over bus may be problematic
2007-04-12 08:52:36 +00:00
Martin Willi
3b138b8422
cleaned up apidoc
...
added some comments
removed configuration.[ch], as it does not make sense like it is
2007-04-11 07:20:39 +00:00
Martin Willi
e0fe765152
restructured file layout
...
new configuration structure:
peer_cfg: configuration related to a peer (authenitcation, ...=
ike_cfg: config to use for IKE setup (proposals)
child_Cfg: config for CHILD_SA (proposals, traffic selectors)
a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
2007-04-10 06:01:03 +00:00
Martin Willi
73390cce24
removed unneded includes
2007-03-30 12:24:31 +00:00
Martin Willi
373b8a607f
fixed netlink socket receiver code
...
implemented interface enumeration code with netlink: no getifaddrs reqired anymore
2007-03-03 14:56:24 +00:00
Martin Willi
c60c7694d2
merged tasking branch into trunk
2007-02-28 14:04:36 +00:00
Martin Willi
2c6584c0d2
respecting source address when sending packets
2007-02-15 11:35:10 +00:00
Martin Willi
61dd20f9e3
added address listing without getifaddrs for uclibc (only IPv4 yet)
2007-02-02 09:58:59 +00:00
Martin Willi
d3032a9a82
renamed all static clone() functions to avoid naming conflicts with uclibc
2007-02-01 15:24:10 +00:00
Martin Willi
4986554f1a
fixed more uClibc issues
...
should compile against a uClibc > 0.9.28 (untested)
2006-12-15 14:22:56 +00:00
Martin Willi
db7ef62494
better split up of library files "types.h" & "definitions.h"
...
centralized all printf specifier character definitions
reuse of arginfo handlers
more cleanups
fixed more AMD64 issues
added DEBUG_LEVEL compile flag to exclude DBGn() statements
2006-10-31 12:27:59 +00:00
Martin Willi
382b481795
moved typedefs to beginning of files to solve some include problems
...
splitted authenticator to have a separate implementation for each auth_method_t
using va_copy to clone va_lists, should fix proplems on AMD64
some other cleanups
2006-10-30 14:07:05 +00:00
Martin Willi
b83806d83d
improved signal handling and emitting
2006-10-26 09:46:56 +00:00
Martin Willi
60356f3375
introduced new logging subsystem using bus:
...
passive listeners can register on the bus
active listeners wait for signals actively
multiplexing allows multiple listeners to receive debug signals
a lot more...
2006-10-18 11:46:13 +00:00
Martin Willi
c701e73dc1
fixed auxillary message data parsing for IPV6 socket
...
using SOL_* constants for socket level
2006-10-09 12:28:43 +00:00
Martin Willi
a3a1b565da
fixed IPV6_PKTINFO setsockopt() to work with most kernel headers
...
replaced strerror(errno) with %m printf specifier
2006-10-09 12:14:56 +00:00
Martin Willi
47f5027807
introduced printf() specifiers for:
...
host_t (%H)
identification_t (%D)
chunk pointers (%B)
memory pointer/length (%b)
added a signaling bus:
receives event and debug messages, sends them to its listeners
stream_logger, sys_logger, file_logger added, listen to bus
some other tweaks here and there
2006-09-27 14:14:44 +00:00
Martin Willi
a7371600b0
proper error handling for socket creation
2006-09-18 06:44:38 +00:00
Martin Willi
d7934d0cfc
implemented updown script to handle firewalling
2006-09-12 13:50:14 +00:00
Martin Willi
c705698293
added raw socket filter for IPv6
2006-08-31 06:18:15 +00:00
Martin Willi
48d9883a3e
initial support for IPv6 (more testing needed)
...
socket works (without v6 filter)
traffic selector handle IPv4/v4 cleanly
improvements in traffic selector code
kernel interface accepts v6 traffic selectors and hosts
host_t class has full IPv6 support
2006-08-30 17:12:56 +00:00
Martin Willi
4c23a8c9ec
moved interface enumeration code to socket, where it belongs
...
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
2006-08-28 08:45:22 +00:00
Martin Willi
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
Martin Willi
e6cfe0eecc
fixed UDP decapsulation by adding inbound bypass policy for send socket
2006-07-14 12:53:06 +00:00
Martin Willi
e3109c02ac
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT
2006-07-14 08:08:55 +00:00
Martin Willi
abba7ecb9d
further work done for simultaneous rekeying/delete
...
still some cases which cause trouble
2006-07-10 14:24:04 +00:00