Martin Willi
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
Martin Willi
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
Martin Willi
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
Martin Willi
8dfbe71b34
introduced refcounting on policy and connections
...
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
2006-07-20 10:09:32 +00:00
Martin Willi
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
Martin Willi
bcb95ced3d
added CHILD_SA states, which allows us to detect further simultaneous transactions
...
reimplemented the buggy message id handling
2006-07-13 08:26:54 +00:00
Martin Willi
abba7ecb9d
further work done for simultaneous rekeying/delete
...
still some cases which cause trouble
2006-07-10 14:24:04 +00:00
Martin Willi
c71d53ba4e
updated copyright information
2006-07-07 08:49:06 +00:00
Martin Willi
698d774918
reimplemented CHILD_SA rekeying & delete
...
no simultanous transaction with CHILD_SAs yet!
2006-07-07 07:04:07 +00:00
Martin Willi
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
Martin Willi
2f89902d07
applied new changes from NATT team
...
DPD only done when no IPsec and IKE traffic processed
minor changes here and there
2006-06-23 14:02:30 +00:00
Martin Willi
2891590b05
some message code cleanups
2006-06-23 14:00:15 +00:00
Martin Willi
1396815afb
first merge of NATT code
2006-06-22 06:36:28 +00:00
Martin Willi
695723d4e8
old child_sa gets deleted after rekeying
...
rekeying almost complete, but:
IKE_SA get in an invalid state when both initiate rekeying at the same time,
2006-06-09 15:12:43 +00:00
Martin Willi
5238c9afef
fixed compile warnings when using -Wall
...
further CHILD_SA rekeying work done:
creation of a new CHILD_SA on a expire from a kernel works
delete of old CHILD_SA still missing
some issues when both initiate rekeing
2006-06-08 14:20:05 +00:00
Martin Willi
8d77eddec2
further work for rekeying:
...
get liftimes from policy
added new state
initiation of rekeying done
proposal redone:
removed support for AH+ESP proposals
2006-06-07 13:26:23 +00:00
Martin Willi
32b6500fbf
job management:
...
moved job code from thread_pool to job, jobs have an "execute" method now
added two new jobs: delete_child_sa & rekey_child_sa
kernel interface:
listens now for ACQUIRE & EXPIRE
supports hard and soft lifetimes
fires jobs for delete and rekey child sa
ike sa manager:
can checkout IKE SAs by requid of owned CHILD SAs
we have now the infrastructure to do the rekeying... :-)
2006-05-31 14:23:15 +00:00
Martin Willi
2d6c3bce06
2006-05-30 14:56:12 +00:00
Martin Willi
b93782903f
- fixed event queue for events >36min
2006-05-30 13:22:46 +00:00
Martin Willi
f2c2d395ff
- introduced autotools
...
- first working version
- make dist should work
- things to do:
- UML testing!
- more cleanups
2006-05-16 14:24:03 +00:00
Martin Willi
b8577029d1
2006-05-10 08:02:49 +00:00