Martin Willi
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
Tobias Brunner
5d91d8c469
Check rng return value when generating SPIs in ike_sa_manager_t
2012-07-16 14:53:35 +02:00
Martin Willi
0fbfcf2a3a
Use XAuth/EAP remote identity for uniqueness check
2012-06-25 10:18:34 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi
4837d2a981
Fix iteration through half-open IKE_SA table
2012-04-16 16:47:17 +02:00
Tobias Brunner
d112a7e1fe
Properly handle retransmitted initial IKE messages.
...
This change allows to properly handle retransmits of initial IKE
messages when we've already processed them (i.e. our response is now resent
immediately).
2012-03-20 17:31:41 +01:00
Tobias Brunner
de9357bb44
Implemented table of init hashes without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
6f0cca20d8
Implemented table of connected peers without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
3489370458
Implemented table of half open IKE_SAs without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
e49bb4e3e3
Don't use linked_list_t for buckets in main IKE_SA hash table.
2012-03-20 17:31:41 +01:00
Tobias Brunner
894c52cba2
Fixed deadlock if checkin_and_destroy is called during shutdown.
2012-03-20 17:31:40 +01:00
Tobias Brunner
4b2f428f40
Do not clone hashes of initial IKE messages when storing them in the hash table.
2012-03-20 17:31:40 +01:00
Tobias Brunner
20e3d5ea00
Store IKEv2 IKE_SAs by local SPI in the IKE_SA manager hash table.
...
For IKEv1 the previous behavior of always using the initiator's SPI as
key is maintained.
2012-03-20 17:31:40 +01:00
Tobias Brunner
71cf97871f
Added separate hashtable for hashes of initial IKE messages.
...
This does not require us to do a lookup for an SA by SPI first.
2012-03-20 17:31:40 +01:00
Tobias Brunner
1726795fa9
Store the major IKE version on ike_sa_id_t.
2012-03-20 17:31:40 +01:00
Martin Willi
aa3b53e716
Adopt children after syncing a rekeyed IKEv1 SA
2012-03-20 17:31:38 +01:00
Martin Willi
a46b8e16ad
Set thread specific SA on bus for each enumerated IKE_SA
2012-03-20 17:31:38 +01:00
Martin Willi
a0fa7a7f64
Clear initiator flag when checking out initial IKEv1 SA from message
2012-03-20 17:31:37 +01:00
Martin Willi
5b7fc76861
Don't invoke updown hook when flushing SAs for IKEv1, tasks will do it
2012-03-20 17:31:36 +01:00
Martin Willi
cb1a145ce2
Added an IKE_SA manager method to enumerate IKE_SA IDs filtered by identities
2012-03-20 17:31:33 +01:00
Martin Willi
f5a84055fe
Implemented responder retransmission, currently enabled for quick mode only
2012-03-20 17:31:30 +01:00
Martin Willi
8a395e889c
Fixed leak of a hash when checking out by hash
2012-03-20 17:31:30 +01:00
Martin Willi
3d54ae94d9
Handle initiation of not supported IKE versions properly
2012-03-20 17:31:30 +01:00
Martin Willi
3ba15819ed
Remove executable flag from source code files
2012-03-20 17:31:22 +01:00
Clavister OpenSource
a064eaa8a6
Handling of initial contact
2012-03-20 17:31:14 +01:00
Martin Willi
17ec1c74de
Don't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA constructor
2012-03-20 17:30:47 +01:00
Martin Willi
c311d22d0f
Don't clone chunk in message.get_packet_data
2012-03-20 17:30:44 +01:00
Tobias Brunner
0b611540ef
Store IKE version of an SA on ike_sa_t.
2012-03-20 17:30:43 +01:00
Tobias Brunner
3238faf8e6
Fix init message arrival check.
2012-03-20 17:30:41 +01:00
Martin Willi
2fc986182f
Handle IKEv1 messages in managers checkout_by_message
2012-03-20 17:30:39 +01:00
Tobias Brunner
4bbce1ef37
Replaced ike_sa_t.create_child_sa_iterator with enumerator.
...
This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.
2011-07-06 09:43:45 +02:00
Martin Willi
9a96ba4b6e
Added a get_count() method to IKE_SA manager
2011-05-16 15:24:15 +02:00
Martin Willi
a836cf8085
Fixed identiation in private_ike_sa_manager
2011-05-16 15:24:15 +02:00
Martin Willi
69c3eca0e9
Added a non-blocking, skipping variant of IKE_SA enumerator
2011-05-16 15:24:13 +02:00
Martin Willi
1d34612f07
Do not use destroyed rng/hasher if IKE_SA has been flush()ed
2011-02-01 09:25:55 +01:00
Martin Willi
6f5892f5c7
Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT
2011-01-05 16:46:08 +01:00
Martin Willi
a4a1e24d37
Send INITIAL_CONTACT for the first IKE_SA if it has a unique policy
2011-01-05 16:46:08 +01:00
Martin Willi
240bd7dbb7
Migrated ike_sa_manager_t to INIT/METHOD macros, some cleanups
2011-01-05 16:46:08 +01:00
Martin Willi
86993d6b90
Never register IKE_SA during checkout_new, as rekeying keeps it checked out
2010-12-07 16:30:38 +01:00
Thomas Egerer
76ce213c43
Guarantee entry->other is set when calling put_connected_peers
...
Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.
2010-12-06 10:56:57 +01:00
Thomas Egerer
8f927116be
Extend connected peers by peer family
...
This allows for simultanious IPv4 and IPv6 tunnel for same peers with
matching identities.
2010-11-12 16:28:04 +01:00
Martin Willi
65858b83f8
Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy
2010-08-04 09:26:21 +02:00
Thomas Egerer
03ffa88531
Add extra information in debug output for IKE_SA check{out, in}
...
This output helps tracing checkout and checkin of IKE_SAs when there is
more than one IKE_SAs with the same name. I also added the type of
in-air-exchange to the debug output issued by the task_manager in case
a task initiation is delayed, came in handy for me.
2010-06-07 15:12:13 +02:00
Tobias Brunner
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00