e811cf152a
Properly handle thread cancelation in rwlock_condvar_t
2012-09-21 18:16:27 +02:00
bdf36dac71
Use an rwlock in kernel-pfroute too
2012-09-21 18:16:27 +02:00
a25d536eea
Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink plugin
2012-09-21 18:16:27 +02:00
16d62305c2
Use a separate mutex for cached routes in kernel-netlink plugin
2012-09-21 18:16:27 +02:00
60dc44648f
Added a condvar implementation that works with rwlock_t
2012-09-21 18:16:27 +02:00
4134108c77
Use a lock to safely check and update the time for the next roam event
2012-09-21 18:16:27 +02:00
e8e9048fee
Added an option to configure the interface on which virtual IP addresses are installed
2012-09-21 18:16:26 +02:00
c6b401581a
Changed how kernel-netlink handles virtual IP addresses
...
Also tried to avoid the use of enumerators.
2012-09-21 18:16:26 +02:00
4106aea8e4
Made IP address enumeration more flexible
...
Also added an option to enumerate addresses on ignored interfaces.
2012-09-21 18:16:26 +02:00
308ec0b7df
Avoid calculating the hash if hashtable is empty
2012-09-21 18:16:26 +02:00
1f97e1aaca
Use a hashtable to quickly check for usable IP addresses/interfaces
2012-09-21 18:16:26 +02:00
090c556ce8
Drop packets received on ignored interfaces
2012-09-21 18:16:26 +02:00
940e1b0f66
Filter ignored interfaces in kernel interfaces (for events, address enumeration, etc.)
2012-09-21 18:16:26 +02:00
645d7a5ef3
%any is never on a local interface
2012-09-21 18:16:26 +02:00
e9a7779003
Avoid memset in is_anyaddr()
2012-09-21 18:16:26 +02:00
9ba36c0f7f
Make it easy to check if an address is locally usable via changed get_interface() method
2012-09-21 18:16:26 +02:00
aed33805ce
Don't ignore loopback devices and allow addresses on them being enumerated
2012-09-21 18:16:26 +02:00
9513225e6b
Added options and a lookup function that will allow filtering of network interfaces
2012-09-21 18:16:26 +02:00
a2a28d90ac
Make streq() and strcaseeq() static inline functions so they can be used as callbacks
2012-09-21 18:16:26 +02:00
dad6d904ee
Use source address in get_nexthop() call
...
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
2012-09-21 18:16:25 +02:00
662534657f
Source address lookup refactored
...
Routes matching the destination are now first parsed and sorted by network
prefix length. This list is then used to search for the best route with
a matching preferred source address (if one is specified). This makes sure
we really check all routes for that address.
2012-09-21 18:16:25 +02:00
cef0a8118e
Check routes with equal prefix if preferred source is specified
2012-09-21 18:16:25 +02:00
9d6b02d6c1
Try to find preferred source on interface if returned source does not match
2012-09-21 18:16:25 +02:00
da6d86dd94
Try to keep the given source address when looking up routes
...
This allows to pin the local end of an IKE_SA to an address that is not the
physical address of an interface. Without this patch the local address would
change to the physical address when roam events occur.
2012-09-21 18:16:25 +02:00
6676769e8c
Make sure we propose a dynamic TS if we don't have hosts to derive a TS from
...
7ee37114
2012-09-21 18:14:17 +02:00
0d33f428d1
Move rw-eap-dynamic scenario to its proper location
2012-09-21 09:34:10 +02:00
f0a2fef8a5
In mem_pool, check for an existing ID entry before creating a new one
2012-09-20 11:04:55 +02:00
a69bc12a3a
Merge branch 'unity'
...
Add Cisco Unity extension support implemented in a dedicated plugin.
2012-09-18 17:22:47 +02:00
995a9c8a0a
Add a simple test case for the unity plugin, featuring both includes and excludes
2012-09-18 17:20:47 +02:00
f728ae590b
Build unity plugin in strongSwan test suite
2012-09-18 17:17:49 +02:00
cc48f36084
Add unity plugin NEWS
2012-09-18 17:17:49 +02:00
55f126fd55
Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity
2012-09-18 17:17:48 +02:00
77c37ea5e0
As Unity responder, don't change the proposed TS at all, racoon doesn't like that
2012-09-18 17:17:48 +02:00
336dd7a9c7
Don't complain about multiple TS in IKEv1, as it supported with Unity
2012-09-18 17:17:48 +02:00
7a7deec283
As initiator, narrow received Unity attributes to configured TS
2012-09-18 17:17:48 +02:00
b8db3775f3
When using Unity, bump up remote TS as initiator to 0.0.0.0/0, too
2012-09-18 17:17:48 +02:00
284ed1b352
Enable Cisco Unity only if Unity vendor id received
2012-09-18 17:17:48 +02:00
6e60807637
Exchange 0.0.0.0/0 traffic selectors with Unity, narrowing after exchange
2012-09-18 17:17:48 +02:00
f2463f1bd6
Add a Unity attribute provider that adds Split-Includes for TS
2012-09-18 17:17:47 +02:00
e39e697429
Check if subset calculation actually yields a TS in Unity narrowing
2012-09-18 17:17:47 +02:00
92b5066705
Request Unity configuration attributes for IKEv1 only
2012-09-18 17:17:47 +02:00
5ff012f717
Add Cisco Unity client support for Split-Include and Local-LAN
2012-09-18 17:17:47 +02:00
56ea95195a
Add a road-warrior test case requesting both an IPv4 and an IPv6 virtual address
2012-09-18 17:11:03 +02:00
7ee37114c9
Derive a dynamic TS to multiple virtual IPs
2012-09-18 17:11:03 +02:00
abdb82fcc5
Use the vararg list constructor in quick mode task
2012-09-18 17:11:03 +02:00
5f9d62fb91
Add a linked list constructor taking items from a vararg list
2012-09-18 17:11:02 +02:00
8c19323c37
Make stroke user-creds work with XAuth configs
2012-09-18 16:56:17 +02:00
4e16d2e864
Fix Doxygen comment for proposal_keywords_t
...
Two dots seem to mark the end of a list.
2012-09-18 16:13:23 +02:00
4157a40b45
New Android release after fixing IDr problems
2012-09-18 15:29:29 +02:00
af16b5afb0
Use random ports in NetworkManager backend
2012-09-18 14:57:05 +02:00
Tobias Brunner