87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
5d91d8c469
Check rng return value when generating SPIs in ike_sa_manager_t
2012-07-16 14:53:35 +02:00
0fbfcf2a3a
Use XAuth/EAP remote identity for uniqueness check
2012-06-25 10:18:34 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
4837d2a981
Fix iteration through half-open IKE_SA table
2012-04-16 16:47:17 +02:00
d112a7e1fe
Properly handle retransmitted initial IKE messages.
...
This change allows to properly handle retransmits of initial IKE
messages when we've already processed them (i.e. our response is now resent
immediately).
2012-03-20 17:31:41 +01:00
de9357bb44
Implemented table of init hashes without linked_list_t.
2012-03-20 17:31:41 +01:00
6f0cca20d8
Implemented table of connected peers without linked_list_t.
2012-03-20 17:31:41 +01:00
3489370458
Implemented table of half open IKE_SAs without linked_list_t.
2012-03-20 17:31:41 +01:00
e49bb4e3e3
Don't use linked_list_t for buckets in main IKE_SA hash table.
2012-03-20 17:31:41 +01:00
894c52cba2
Fixed deadlock if checkin_and_destroy is called during shutdown.
2012-03-20 17:31:40 +01:00
4b2f428f40
Do not clone hashes of initial IKE messages when storing them in the hash table.
2012-03-20 17:31:40 +01:00
20e3d5ea00
Store IKEv2 IKE_SAs by local SPI in the IKE_SA manager hash table.
...
For IKEv1 the previous behavior of always using the initiator's SPI as
key is maintained.
2012-03-20 17:31:40 +01:00
71cf97871f
Added separate hashtable for hashes of initial IKE messages.
...
This does not require us to do a lookup for an SA by SPI first.
2012-03-20 17:31:40 +01:00
1726795fa9
Store the major IKE version on ike_sa_id_t.
2012-03-20 17:31:40 +01:00
aa3b53e716
Adopt children after syncing a rekeyed IKEv1 SA
2012-03-20 17:31:38 +01:00
a46b8e16ad
Set thread specific SA on bus for each enumerated IKE_SA
2012-03-20 17:31:38 +01:00
a0fa7a7f64
Clear initiator flag when checking out initial IKEv1 SA from message
2012-03-20 17:31:37 +01:00
5b7fc76861
Don't invoke updown hook when flushing SAs for IKEv1, tasks will do it
2012-03-20 17:31:36 +01:00
cb1a145ce2
Added an IKE_SA manager method to enumerate IKE_SA IDs filtered by identities
2012-03-20 17:31:33 +01:00
f5a84055fe
Implemented responder retransmission, currently enabled for quick mode only
2012-03-20 17:31:30 +01:00
8a395e889c
Fixed leak of a hash when checking out by hash
2012-03-20 17:31:30 +01:00
3d54ae94d9
Handle initiation of not supported IKE versions properly
2012-03-20 17:31:30 +01:00
3ba15819ed
Remove executable flag from source code files
2012-03-20 17:31:22 +01:00
a064eaa8a6
Handling of initial contact
2012-03-20 17:31:14 +01:00
17ec1c74de
Don't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA constructor
2012-03-20 17:30:47 +01:00
c311d22d0f
Don't clone chunk in message.get_packet_data
2012-03-20 17:30:44 +01:00
0b611540ef
Store IKE version of an SA on ike_sa_t.
2012-03-20 17:30:43 +01:00
3238faf8e6
Fix init message arrival check.
2012-03-20 17:30:41 +01:00
2fc986182f
Handle IKEv1 messages in managers checkout_by_message
2012-03-20 17:30:39 +01:00
4bbce1ef37
Replaced ike_sa_t.create_child_sa_iterator with enumerator.
...
This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.
2011-07-06 09:43:45 +02:00
9a96ba4b6e
Added a get_count() method to IKE_SA manager
2011-05-16 15:24:15 +02:00
a836cf8085
Fixed identiation in private_ike_sa_manager
2011-05-16 15:24:15 +02:00
69c3eca0e9
Added a non-blocking, skipping variant of IKE_SA enumerator
2011-05-16 15:24:13 +02:00
1d34612f07
Do not use destroyed rng/hasher if IKE_SA has been flush()ed
2011-02-01 09:25:55 +01:00
6f5892f5c7
Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT
2011-01-05 16:46:08 +01:00
a4a1e24d37
Send INITIAL_CONTACT for the first IKE_SA if it has a unique policy
2011-01-05 16:46:08 +01:00
240bd7dbb7
Migrated ike_sa_manager_t to INIT/METHOD macros, some cleanups
2011-01-05 16:46:08 +01:00
86993d6b90
Never register IKE_SA during checkout_new, as rekeying keeps it checked out
2010-12-07 16:30:38 +01:00
76ce213c43
Guarantee entry->other is set when calling put_connected_peers
...
Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.
2010-12-06 10:56:57 +01:00
8f927116be
Extend connected peers by peer family
...
This allows for simultanious IPv4 and IPv6 tunnel for same peers with
matching identities.
2010-11-12 16:28:04 +01:00
65858b83f8
Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy
2010-08-04 09:26:21 +02:00
03ffa88531
Add extra information in debug output for IKE_SA check{out, in}
...
This output helps tracing checkout and checkin of IKE_SAs when there is
more than one IKE_SAs with the same name. I also added the type of
in-air-exchange to the debug output issued by the task_manager in case
a task initiation is delayed, came in handy for me.
2010-06-07 15:12:13 +02:00
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00
Martin Willi