8d4ebb3ac4
peer-cfg: Use an rwlock instead of a mutex to safely access child-cfgs
...
If multiple threads want to enumerate child-cfgs and potentially lock
other locks (e.g. check out IKE_SAs) while doing so a deadlock could
be caused (as was the case with VICI configs with start_action=start).
It should also improve performance for roadwarrior connections and lots
of clients connecting concurrently.
Fixes #2374 .
2017-07-27 13:34:40 +02:00
95a63bf281
Migrate all enumerators to venumerate() interface change
2017-05-26 13:56:44 +02:00
ed96fe72cf
peer-cfg: Store mediated_by as name and not peer-cfg reference
...
This way updates to the mediation config are respected and the order in
which configs are configured/loaded does not matter.
The SQL plugin currently maintains the strong relationship between
mediated and mediation connection (we could theoretically change that to a
string too).
2017-02-16 19:24:09 +01:00
da1d5cd2e6
peer-cfg: Fix memory leak when replacing child configs
...
Fixes: 622c2b2c33
2016-11-11 15:34:33 +01:00
2ba5dadb12
peer-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
622c2b2c33
peer-cfg: Add method to atomically replace child configs
2016-03-08 10:21:58 +01:00
f6a5e6b6a9
peer-cfg: Use new method to compare linked lists in equals()
...
This also compares the complete lists not only the first two items.
2016-03-08 10:21:57 +01:00
b4ae9e81f5
peer-cfg: Set DPD timeout to at least DPD delay
...
If DPD timeout is set but to a value smaller than the DPD delay the code
in task_manager_v1.c:queue_liveliness_check will run into an integer
underrun.
2016-02-01 15:29:25 +01:00
ebeb8c87c5
traffic-selector: Don't end printf'ed list of traffic selectors with a space
2015-11-10 12:13:06 +01:00
b9dd46d8a9
peer-cfg: Add missing UNIQUE_NEVER to unique_policy_names
2014-05-19 18:05:51 +02:00
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
246e2bed1d
Use subset matching instead of is_contained_in() to select a child_cfg
...
If one selector has a wider IP range than the other, but the other has a
wider port/protocol selector than the first one, none is completely contained
in the other. The check for a match using is_contained_in() therefore would
fail. Using get_subset() can handle such cases, fixing configuration selection.
2013-06-13 13:37:50 +02:00
eba65182e4
Include 'aggressive' when comparing peer_cfg_t objects
2012-11-07 12:44:58 +01:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
cf62d073f1
Move ike_version_t definition from peer_cfg_t to ike_cfg_t
2012-10-24 10:17:36 +02:00
7ee37114c9
Derive a dynamic TS to multiple virtual IPs
2012-09-18 17:11:03 +02:00
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
5ce59d4c06
Added an aggressive mode peer_cfg option
2012-03-20 17:31:34 +01:00
986237603f
Fix ike_version_t enum names
2012-03-20 17:31:29 +01:00
ac009df132
Pass IKE version to peer config enumerator, filter configs
2012-03-20 17:31:25 +01:00
d08269c700
Added a get_rekey/reauth_time() jitter parameter to get time without randomization
2012-03-20 17:30:52 +01:00
f7a8fcedc0
Use enum to define IKE version on peer_cfg_t.
...
Replaced all those magic numbers.
2012-03-20 17:30:41 +01:00
6b444c5934
Migrated peer_cfg_t to INIT/METHOD macros.
2011-08-03 15:17:34 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
1038d9fee5
Added a null-safe strdup variant
2011-01-05 16:46:02 +01:00
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00
Tobias Brunner