Andreas Steffen
ba53c2ef0d
add PID/Program Name to netstat output
2011-07-07 09:22:27 +02:00
Andreas Steffen
52ba840d5c
adapted tnc scenarios to new imcvs library path
2011-07-06 21:55:17 +02:00
Andreas Steffen
19db8e9eff
install IMC and IMV dynamic libraries in imcvs directory
2011-07-06 21:53:40 +02:00
Tobias Brunner
93095183dd
Added news about policy history.
2011-07-06 13:03:45 +02:00
Tobias Brunner
17927ca615
Record usage history of policies in PF_KEY kernel interface.
...
The implementation is nearly the same as in the Netlink kernel interface.
2011-07-06 12:56:34 +02:00
Tobias Brunner
4e9e4372f5
Simplified destruction of policy_sa_t objects in Netlink interface.
2011-07-06 12:49:54 +02:00
Tobias Brunner
0c2ce1905a
Adapted shunt manager to changed kernel interface (reqid in del_policy).
2011-07-06 12:48:26 +02:00
Tobias Brunner
674bc34322
Some code cleanup in Netlink kernel interface.
2011-07-06 09:43:46 +02:00
Tobias Brunner
108357b106
Some code cleanup in PF_KEY kernel interface.
2011-07-06 09:43:46 +02:00
Tobias Brunner
9f49464d56
Reduce memory usage of policy history caching.
...
Only cache data as needed (e.g. traffic selectors only for forward
policies) and at most once for each IPsec SA.
2011-07-06 09:43:46 +02:00
Tobias Brunner
a07568cf6a
Use has_more in decrypt_payloads instead of calling enumerate twice.
2011-07-06 09:43:46 +02:00
Tobias Brunner
1142726ba0
Added linked_list_t.has_more which checks if any elements follow an enumerator's current position.
2011-07-06 09:43:46 +02:00
Tobias Brunner
2bf9d39da6
Make sure the enumerator stops after all items have been enumerated.
...
This also changes how insert_before behaves, before enumeration items
are inserted first, after enumeration last.
2011-07-06 09:43:46 +02:00
Tobias Brunner
c225f9b558
Keep the mutex locked as long as possible when deleting policies.
...
This change tries to prevent a race condition where a thread tries to
install the same policy another thread is currently deleting. If the
second thread releases the mutex in del_policy too early the first
thread could assume the policy does not exist (as it is not cached
anymore) but would not be able to actually install it if the second
thread was not yet able to delete it.
2011-07-06 09:43:46 +02:00
Tobias Brunner
bd4f7dab75
Properly unlock the policy if no change in the kernel is required.
2011-07-06 09:43:46 +02:00
Tobias Brunner
32fbad4ec2
Make sure access to policy is thread-safe during installation of route.
2011-07-06 09:43:46 +02:00
Martin Willi
75fc9d3136
Linked list style cleanups
2011-07-06 09:43:46 +02:00
Tobias Brunner
629fd2f4f6
Finally removed deprecated iterator_t.
2011-07-06 09:43:46 +02:00
Tobias Brunner
203497d80e
Removed unneeded and confusing insert_after method from linked_list_t.
2011-07-06 09:43:46 +02:00
Tobias Brunner
47daa0e6fe
Replaced more complex iterator usages.
2011-07-06 09:43:45 +02:00
Tobias Brunner
67405ce808
Added a function to reset the enumerator of a linked list.
2011-07-06 09:43:45 +02:00
Tobias Brunner
572abc6cbd
Replaced ike_sa_t.create_additional_address_iterator with enumerator.
2011-07-06 09:43:45 +02:00
Tobias Brunner
4bbce1ef37
Replaced ike_sa_t.create_child_sa_iterator with enumerator.
...
This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.
2011-07-06 09:43:45 +02:00
Tobias Brunner
4f9c691adb
Replaced pkcs7_t.create_certificate_iterator with enumerator.
...
The method is currently not used.
2011-07-06 09:43:45 +02:00
Tobias Brunner
e26304348c
Replaced simple iterator usages.
2011-07-06 09:43:45 +02:00
Tobias Brunner
28623fc538
"this" removed from comments.
2011-07-06 09:43:45 +02:00
Tobias Brunner
f0ba8ae042
Record the history of a policy installed in the kernel.
...
This allows to properly delete a policy e.g. if reauth=yes and
auto=route, because reqids are increased during reauthentication.
It also avoids overriding an installed policy with a trap policy.
2011-07-06 09:43:45 +02:00
Tobias Brunner
328f22e1d3
Add the reqid to kernel_ipsec_t.del_policy.
2011-07-06 09:43:45 +02:00
Tobias Brunner
0b6ff2a9fe
Added a replace function to linked_list_t.
2011-07-06 09:43:45 +02:00
Tobias Brunner
fbf014b0c1
Added an insert_after and insert_before function to linked_list_t.
2011-07-06 09:43:45 +02:00
Tobias Brunner
178760012c
Migrated linked_list_t to INIT/METHOD macros.
2011-07-06 09:43:45 +02:00
Tobias Brunner
3ee8fed445
Cache the most recent reqid in the PF_KEY kernel interface.
...
This makes the PF_KEY kernel interface behave the same as the Netlink
kernel interface.
2011-07-06 09:43:45 +02:00
Andreas Steffen
1f3b5c7778
corrected description of shunt-policies scenario
2011-07-05 22:07:42 +02:00
Andreas Steffen
06b5b61838
install PASS and DROP shunt policies via PFKEYv2 interface
2011-07-05 21:57:45 +02:00
Tobias Brunner
a7edbd219f
Added news about library dir change.
2011-07-05 15:26:50 +02:00
Tobias Brunner
60d62b9e5c
Don't install the libraries directly in lib/.
...
Instead use a subdirectory (prefix/lib/ipsec by default). Also moved the
plugins from libexec to a subdirectory of that dir.
2011-07-05 14:42:14 +02:00
Andreas Steffen
9b2b434fe7
ignore ports of IPv4 and IPv6 loopback interfaces
2011-07-05 09:16:01 +02:00
Andreas Steffen
7fd120d5b6
fixed UTF-8 representation of polish reason string
2011-07-05 07:44:46 +02:00
Andreas Steffen
7dc1ff73c1
version bump to 4.5.3dr8
2011-07-05 07:37:36 +02:00
Andreas Steffen
e1976a7120
delete orphan file
2011-07-04 23:02:06 +02:00
Andreas Steffen
d6e40a3b91
start and stop apache server on dave
2011-07-04 22:40:46 +02:00
Andreas Steffen
0b0f36cc1a
added ITA Scanner IMC/IMV pair to tnccs-11-radius-block scenario
2011-07-04 22:32:34 +02:00
Andreas Steffen
e760e0ad23
fixed debug statement
2011-07-04 22:27:46 +02:00
Andreas Steffen
31479712b5
added ITA Scanner IMC/IMV pair to tnccs-20 and tnccs-20-block scenarios
2011-07-04 21:44:22 +02:00
Andreas Steffen
d9cdab9249
added ITA Scanner IMC/IMV pair which detects open server ports on TNC clients
2011-07-04 21:40:25 +02:00
Andreas Steffen
956759533f
added support if the IETF port filter attribute
2011-07-01 18:10:33 +02:00
Andreas Steffen
294c25fa60
again a bitwise or is required
2011-06-30 22:26:36 +02:00
Andreas Steffen
d6b6a1615e
version bump to 4.5.3dr7
2011-06-29 16:51:33 +02:00
Andreas Steffen
c755c365d7
fixed sql/shunt-policies scenario
2011-06-29 08:23:58 +02:00
Andreas Steffen
f87991704e
implemented PASS and DROP shunt policies
2011-06-28 19:42:54 +02:00