Tobias Brunner
ae8ac58c45
Fix detection and use of netinet/ip6.h on FreeBSD
2013-03-27 09:56:48 +01:00
Tobias Brunner
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
Tobias Brunner
c994ec3b70
ipsec: Increased log level for message in case no outbound policy is found
...
This might happen on Android if sockets are bound to the physical IP
address but packets are still routed via TUN device. Since it seems to
happen quite often (or for stuff that requires regular traffic) this
hides these messages from the default log.
2013-03-20 15:24:26 +01:00
Martin Willi
1116689944
Add a DSCP value with getter/setter on packet_t
2013-02-06 15:20:32 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
fdee6b5f5a
Moved packet_t and tun_device_t to networking folder
2012-10-24 15:06:18 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Tobias Brunner
488b1cad13
Log IP addresses for discarded inbound IPsec packets
2012-10-16 14:16:17 +02:00
Tobias Brunner
51823c1f31
Use pointers for lookups in IPsec SA manager
2012-10-16 14:16:17 +02:00
Tobias Brunner
4785fbbc9c
IPsec SA manager implements update_sa()
2012-10-16 14:16:17 +02:00
Tobias Brunner
7622c5e97e
Setter for src and destination address of ipsec_sa_t added
2012-10-16 14:16:17 +02:00
Tobias Brunner
43e0cb6519
Fix parsing of IPv6 headers in ip_packet_t
2012-09-28 15:15:07 +02:00
Tobias Brunner
39e9af9666
struct iphdr is Linux specific use struct ip instead
2012-08-29 15:32:26 +02:00
Tobias Brunner
55e05aa226
Include stdint.h for UINT32_MAX on FreeBSD
2012-08-29 15:32:26 +02:00
Tobias Brunner
b6a071514a
Fixed ip_packet_t if IPv6 is not available
2012-08-08 15:41:03 +02:00
Tobias Brunner
a113d7f29b
Added IPsec processor which is responsible for handling in- and outbound packets
...
Two callbacks can be registered that get called when new inbound plaintext and
outbound ESP packets have been processed. Inbound ESP and outbound plaintext
packets can be queued for processing with two other methods.
2012-08-08 15:41:03 +02:00
Tobias Brunner
b37758c41e
Represent the payload of an ESP packet as ip_packet_t instead of a chunk_t
2012-08-08 15:41:03 +02:00
Tobias Brunner
2e1a19136d
IPsec policies can be looked up based on an IP packet
2012-08-08 15:41:03 +02:00
Tobias Brunner
2dd47c2442
ip_packet_t parses the header of IP packets
2012-08-08 15:41:03 +02:00
Tobias Brunner
ed1f0c234f
Order IPsec policies by a pseudo-priority based on the traffic selectors
...
This allows a simple lookup, i.e. just use the first policy that matches
a given IP packet.
2012-08-08 15:41:03 +02:00
Tobias Brunner
f1b4238311
Implemented a checkout/checkin mechanism for IPsec SAs
...
SAs can only be checked out by a single thread and all other threads
block until the SA is checked in again.
2012-08-08 15:41:03 +02:00
Tobias Brunner
7000cf11b1
IPsec policy manager added
...
This version only provides the very simplest management functions.
2012-08-08 15:41:03 +02:00
Tobias Brunner
3b8276b405
Method added to easily compare IPsec policies
2012-08-08 15:41:03 +02:00
Tobias Brunner
9a11bc09bd
Class representing an IPsec policy added
2012-08-08 15:41:03 +02:00
Tobias Brunner
e6cfd527df
Schedule and relay expiration events for created IPsec SAs
2012-08-08 15:41:03 +02:00
Tobias Brunner
b50f56f326
Added class to relay IPsec events (like expiration) to listeners
...
Currently, only expiration of IPsec SAs is supported. Later other events
for e.g. acquires or changed NAT endpoints could be added.
2012-08-08 15:41:03 +02:00
Tobias Brunner
914479370e
Added IPsec SA manager
2012-08-08 15:41:03 +02:00
Tobias Brunner
9f7e1899a9
Add methods to easily compare IPsec SAs
2012-08-08 15:41:02 +02:00
Tobias Brunner
f9b0c05475
Class representing an IPsec SA added
...
The IPsec SA also manages the respective ESP context.
2012-08-08 15:41:02 +02:00
Tobias Brunner
156f7e9b85
Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswan
...
This avoids a dependency of libipsec to libhydra.
2012-08-08 15:41:02 +02:00
Tobias Brunner
05a2a7950c
esp_packet_t implements packet_t interface
...
This should allow to avoid unnecessary cloning of packet data.
2012-08-08 15:41:02 +02:00
Tobias Brunner
3320b87a62
Headers from libhydra (kernel interface related) are required in libipsec
2012-08-08 15:41:02 +02:00
Tobias Brunner
47eb8943b2
ESP packet wrapper added, handles encryption/decryption/verification etc.
2012-08-08 15:41:02 +02:00
Tobias Brunner
64004973e3
Adding class to manage ESP context (crypto, sequence numbers)
2012-08-08 15:41:02 +02:00
Tobias Brunner
b70139fbfd
Stub library for user space IPsec implementation added.
2012-08-08 15:09:31 +02:00