ba53c2ef0d
add PID/Program Name to netstat output
2011-07-07 09:22:27 +02:00
52ba840d5c
adapted tnc scenarios to new imcvs library path
2011-07-06 21:55:17 +02:00
19db8e9eff
install IMC and IMV dynamic libraries in imcvs directory
2011-07-06 21:53:40 +02:00
93095183dd
Added news about policy history.
2011-07-06 13:03:45 +02:00
17927ca615
Record usage history of policies in PF_KEY kernel interface.
...
The implementation is nearly the same as in the Netlink kernel interface.
2011-07-06 12:56:34 +02:00
4e9e4372f5
Simplified destruction of policy_sa_t objects in Netlink interface.
2011-07-06 12:49:54 +02:00
0c2ce1905a
Adapted shunt manager to changed kernel interface (reqid in del_policy).
2011-07-06 12:48:26 +02:00
674bc34322
Some code cleanup in Netlink kernel interface.
2011-07-06 09:43:46 +02:00
108357b106
Some code cleanup in PF_KEY kernel interface.
2011-07-06 09:43:46 +02:00
9f49464d56
Reduce memory usage of policy history caching.
...
Only cache data as needed (e.g. traffic selectors only for forward
policies) and at most once for each IPsec SA.
2011-07-06 09:43:46 +02:00
a07568cf6a
Use has_more in decrypt_payloads instead of calling enumerate twice.
2011-07-06 09:43:46 +02:00
1142726ba0
Added linked_list_t.has_more which checks if any elements follow an enumerator's current position.
2011-07-06 09:43:46 +02:00
2bf9d39da6
Make sure the enumerator stops after all items have been enumerated.
...
This also changes how insert_before behaves, before enumeration items
are inserted first, after enumeration last.
2011-07-06 09:43:46 +02:00
c225f9b558
Keep the mutex locked as long as possible when deleting policies.
...
This change tries to prevent a race condition where a thread tries to
install the same policy another thread is currently deleting. If the
second thread releases the mutex in del_policy too early the first
thread could assume the policy does not exist (as it is not cached
anymore) but would not be able to actually install it if the second
thread was not yet able to delete it.
2011-07-06 09:43:46 +02:00
bd4f7dab75
Properly unlock the policy if no change in the kernel is required.
2011-07-06 09:43:46 +02:00
32fbad4ec2
Make sure access to policy is thread-safe during installation of route.
2011-07-06 09:43:46 +02:00
75fc9d3136
Linked list style cleanups
2011-07-06 09:43:46 +02:00
629fd2f4f6
Finally removed deprecated iterator_t.
2011-07-06 09:43:46 +02:00
203497d80e
Removed unneeded and confusing insert_after method from linked_list_t.
2011-07-06 09:43:46 +02:00
47daa0e6fe
Replaced more complex iterator usages.
2011-07-06 09:43:45 +02:00
67405ce808
Added a function to reset the enumerator of a linked list.
2011-07-06 09:43:45 +02:00
572abc6cbd
Replaced ike_sa_t.create_additional_address_iterator with enumerator.
2011-07-06 09:43:45 +02:00
4bbce1ef37
Replaced ike_sa_t.create_child_sa_iterator with enumerator.
...
This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.
2011-07-06 09:43:45 +02:00
4f9c691adb
Replaced pkcs7_t.create_certificate_iterator with enumerator.
...
The method is currently not used.
2011-07-06 09:43:45 +02:00
e26304348c
Replaced simple iterator usages.
2011-07-06 09:43:45 +02:00
28623fc538
"this" removed from comments.
2011-07-06 09:43:45 +02:00
f0ba8ae042
Record the history of a policy installed in the kernel.
...
This allows to properly delete a policy e.g. if reauth=yes and
auto=route, because reqids are increased during reauthentication.
It also avoids overriding an installed policy with a trap policy.
2011-07-06 09:43:45 +02:00
328f22e1d3
Add the reqid to kernel_ipsec_t.del_policy.
2011-07-06 09:43:45 +02:00
0b6ff2a9fe
Added a replace function to linked_list_t.
2011-07-06 09:43:45 +02:00
fbf014b0c1
Added an insert_after and insert_before function to linked_list_t.
2011-07-06 09:43:45 +02:00
178760012c
Migrated linked_list_t to INIT/METHOD macros.
2011-07-06 09:43:45 +02:00
3ee8fed445
Cache the most recent reqid in the PF_KEY kernel interface.
...
This makes the PF_KEY kernel interface behave the same as the Netlink
kernel interface.
2011-07-06 09:43:45 +02:00
1f3b5c7778
corrected description of shunt-policies scenario
2011-07-05 22:07:42 +02:00
06b5b61838
install PASS and DROP shunt policies via PFKEYv2 interface
2011-07-05 21:57:45 +02:00
a7edbd219f
Added news about library dir change.
2011-07-05 15:26:50 +02:00
60d62b9e5c
Don't install the libraries directly in lib/.
...
Instead use a subdirectory (prefix/lib/ipsec by default). Also moved the
plugins from libexec to a subdirectory of that dir.
2011-07-05 14:42:14 +02:00
9b2b434fe7
ignore ports of IPv4 and IPv6 loopback interfaces
2011-07-05 09:16:01 +02:00
7fd120d5b6
fixed UTF-8 representation of polish reason string
2011-07-05 07:44:46 +02:00
7dc1ff73c1
version bump to 4.5.3dr8
2011-07-05 07:37:36 +02:00
e1976a7120
delete orphan file
2011-07-04 23:02:06 +02:00
d6e40a3b91
start and stop apache server on dave
2011-07-04 22:40:46 +02:00
0b0f36cc1a
added ITA Scanner IMC/IMV pair to tnccs-11-radius-block scenario
2011-07-04 22:32:34 +02:00
e760e0ad23
fixed debug statement
2011-07-04 22:27:46 +02:00
31479712b5
added ITA Scanner IMC/IMV pair to tnccs-20 and tnccs-20-block scenarios
2011-07-04 21:44:22 +02:00
d9cdab9249
added ITA Scanner IMC/IMV pair which detects open server ports on TNC clients
2011-07-04 21:40:25 +02:00
956759533f
added support if the IETF port filter attribute
2011-07-01 18:10:33 +02:00
294c25fa60
again a bitwise or is required
2011-06-30 22:26:36 +02:00
d6b6a1615e
version bump to 4.5.3dr7
2011-06-29 16:51:33 +02:00
c755c365d7
fixed sql/shunt-policies scenario
2011-06-29 08:23:58 +02:00
f87991704e
implemented PASS and DROP shunt policies
2011-06-28 19:42:54 +02:00
Andreas Steffen