Tobias Brunner
e811cf152a
Properly handle thread cancelation in rwlock_condvar_t
2012-09-21 18:16:27 +02:00
Tobias Brunner
bdf36dac71
Use an rwlock in kernel-pfroute too
2012-09-21 18:16:27 +02:00
Tobias Brunner
a25d536eea
Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink plugin
2012-09-21 18:16:27 +02:00
Tobias Brunner
16d62305c2
Use a separate mutex for cached routes in kernel-netlink plugin
2012-09-21 18:16:27 +02:00
Tobias Brunner
60dc44648f
Added a condvar implementation that works with rwlock_t
2012-09-21 18:16:27 +02:00
Tobias Brunner
4134108c77
Use a lock to safely check and update the time for the next roam event
2012-09-21 18:16:27 +02:00
Tobias Brunner
e8e9048fee
Added an option to configure the interface on which virtual IP addresses are installed
2012-09-21 18:16:26 +02:00
Tobias Brunner
c6b401581a
Changed how kernel-netlink handles virtual IP addresses
...
Also tried to avoid the use of enumerators.
2012-09-21 18:16:26 +02:00
Tobias Brunner
4106aea8e4
Made IP address enumeration more flexible
...
Also added an option to enumerate addresses on ignored interfaces.
2012-09-21 18:16:26 +02:00
Tobias Brunner
308ec0b7df
Avoid calculating the hash if hashtable is empty
2012-09-21 18:16:26 +02:00
Tobias Brunner
1f97e1aaca
Use a hashtable to quickly check for usable IP addresses/interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
090c556ce8
Drop packets received on ignored interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
940e1b0f66
Filter ignored interfaces in kernel interfaces (for events, address enumeration, etc.)
2012-09-21 18:16:26 +02:00
Tobias Brunner
645d7a5ef3
%any is never on a local interface
2012-09-21 18:16:26 +02:00
Tobias Brunner
e9a7779003
Avoid memset in is_anyaddr()
2012-09-21 18:16:26 +02:00
Tobias Brunner
9ba36c0f7f
Make it easy to check if an address is locally usable via changed get_interface() method
2012-09-21 18:16:26 +02:00
Tobias Brunner
aed33805ce
Don't ignore loopback devices and allow addresses on them being enumerated
2012-09-21 18:16:26 +02:00
Tobias Brunner
9513225e6b
Added options and a lookup function that will allow filtering of network interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
a2a28d90ac
Make streq() and strcaseeq() static inline functions so they can be used as callbacks
2012-09-21 18:16:26 +02:00
Tobias Brunner
dad6d904ee
Use source address in get_nexthop() call
...
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
2012-09-21 18:16:25 +02:00
Tobias Brunner
662534657f
Source address lookup refactored
...
Routes matching the destination are now first parsed and sorted by network
prefix length. This list is then used to search for the best route with
a matching preferred source address (if one is specified). This makes sure
we really check all routes for that address.
2012-09-21 18:16:25 +02:00
Tobias Brunner
cef0a8118e
Check routes with equal prefix if preferred source is specified
2012-09-21 18:16:25 +02:00
Tobias Brunner
9d6b02d6c1
Try to find preferred source on interface if returned source does not match
2012-09-21 18:16:25 +02:00
Tobias Brunner
da6d86dd94
Try to keep the given source address when looking up routes
...
This allows to pin the local end of an IKE_SA to an address that is not the
physical address of an interface. Without this patch the local address would
change to the physical address when roam events occur.
2012-09-21 18:16:25 +02:00
Tobias Brunner
6676769e8c
Make sure we propose a dynamic TS if we don't have hosts to derive a TS from
...
7ee37114
removed this behavior.
2012-09-21 18:14:17 +02:00
Tobias Brunner
0d33f428d1
Move rw-eap-dynamic scenario to its proper location
2012-09-21 09:34:10 +02:00
Martin Willi
f0a2fef8a5
In mem_pool, check for an existing ID entry before creating a new one
2012-09-20 11:04:55 +02:00
Martin Willi
a69bc12a3a
Merge branch 'unity'
...
Add Cisco Unity extension support implemented in a dedicated plugin.
2012-09-18 17:22:47 +02:00
Martin Willi
995a9c8a0a
Add a simple test case for the unity plugin, featuring both includes and excludes
2012-09-18 17:20:47 +02:00
Martin Willi
f728ae590b
Build unity plugin in strongSwan test suite
2012-09-18 17:17:49 +02:00
Martin Willi
cc48f36084
Add unity plugin NEWS
2012-09-18 17:17:49 +02:00
Martin Willi
55f126fd55
Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity
2012-09-18 17:17:48 +02:00
Martin Willi
77c37ea5e0
As Unity responder, don't change the proposed TS at all, racoon doesn't like that
2012-09-18 17:17:48 +02:00
Martin Willi
336dd7a9c7
Don't complain about multiple TS in IKEv1, as it supported with Unity
2012-09-18 17:17:48 +02:00
Martin Willi
7a7deec283
As initiator, narrow received Unity attributes to configured TS
2012-09-18 17:17:48 +02:00
Martin Willi
b8db3775f3
When using Unity, bump up remote TS as initiator to 0.0.0.0/0, too
2012-09-18 17:17:48 +02:00
Martin Willi
284ed1b352
Enable Cisco Unity only if Unity vendor id received
2012-09-18 17:17:48 +02:00
Martin Willi
6e60807637
Exchange 0.0.0.0/0 traffic selectors with Unity, narrowing after exchange
2012-09-18 17:17:48 +02:00
Martin Willi
f2463f1bd6
Add a Unity attribute provider that adds Split-Includes for TS
2012-09-18 17:17:47 +02:00
Martin Willi
e39e697429
Check if subset calculation actually yields a TS in Unity narrowing
2012-09-18 17:17:47 +02:00
Martin Willi
92b5066705
Request Unity configuration attributes for IKEv1 only
2012-09-18 17:17:47 +02:00
Martin Willi
5ff012f717
Add Cisco Unity client support for Split-Include and Local-LAN
2012-09-18 17:17:47 +02:00
Martin Willi
56ea95195a
Add a road-warrior test case requesting both an IPv4 and an IPv6 virtual address
2012-09-18 17:11:03 +02:00
Martin Willi
7ee37114c9
Derive a dynamic TS to multiple virtual IPs
2012-09-18 17:11:03 +02:00
Martin Willi
abdb82fcc5
Use the vararg list constructor in quick mode task
2012-09-18 17:11:03 +02:00
Martin Willi
5f9d62fb91
Add a linked list constructor taking items from a vararg list
2012-09-18 17:11:02 +02:00
Tobias Brunner
8c19323c37
Make stroke user-creds work with XAuth configs
2012-09-18 16:56:17 +02:00
Tobias Brunner
4e16d2e864
Fix Doxygen comment for proposal_keywords_t
...
Two dots seem to mark the end of a list.
2012-09-18 16:13:23 +02:00
Tobias Brunner
4157a40b45
New Android release after fixing IDr problems
2012-09-18 15:29:29 +02:00
Tobias Brunner
af16b5afb0
Use random ports in NetworkManager backend
2012-09-18 14:57:05 +02:00