sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
13,041 Commits 101 Branches 327 Tags
Commit Graph

13041 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Willi
75afbeee21 kernel-wfp: Clone acquire traffic selectors only if they exist 2014-06-04 16:32:11 +02:00
Martin Willi
78bde29a7c kernel-wfp: Install routes for trap policies 2014-06-04 16:32:11 +02:00
Martin Willi
e36d1d4124 kernel-wfp: Refactor route management to separate function 2014-06-04 16:32:11 +02:00
Martin Willi
4a8ba369b6 kernel-wfp: Install tunnel mode policies to appropriate sub-layers 
While it is unclear if this has any effect at all, we prefer specific sublayers
to install policies as suggested.
 2014-06-04 16:32:11 +02:00
Martin Willi
be32be01a8 kernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW builds 2014-06-04 16:32:11 +02:00
Martin Willi
4b51280344 kernel-wfp: Support multiple traffic selectors on tunnel mode SAs 2014-06-04 16:32:11 +02:00
Martin Willi
4b09bd6c29 child-sa: Pass the number of total policies tied to an SA to the kernel 
This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.
 2014-06-04 16:32:11 +02:00
Martin Willi
5e6e214ab4 kernel-iph: Implicitly enable IP forwarding when installing routes 2014-06-04 16:32:11 +02:00
Martin Willi
c7d30c2ad1 kernel-wfp: Show a warning for packets the kernel drops in its IPsec layers 2014-06-04 16:32:10 +02:00
Martin Willi
a4f3b363da kernel-wfp: Set flag to get UDP encapsulation with tunnel mode working 
Having this flag set fixes connections initiated by the Windows host, but
unfortunately does not yet fix incoming connections. Connection state issue?
We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
 2014-06-04 16:32:10 +02:00
Martin Willi
6de788704b kernel-wfp: Install tunnel and trap forward policies 2014-06-04 16:32:10 +02:00
Martin Willi
1678f0a999 kernel-wfp: Manually create a ProviderContext to attach individual filters 
This gives us more flexibility than using the intransparent FwpmIPsecTunnelAdd,
and fixes the issues we have seen with trap policies. Forward filters are
still missing, but required for site-to-site tunnels.
 2014-06-04 16:32:10 +02:00
Martin Willi
1ca2b1615a kernel-wfp: Print filter weight in "ipsecdump filters" 2014-06-04 16:32:10 +02:00
Martin Willi
c6f189e448 kernel-wfp: Add support for trap policies and acquires 2014-06-04 16:32:10 +02:00
Martin Willi
11e7d0677c socket-win: Install IKE bypass policies using bypass_socket() 2014-06-04 16:32:10 +02:00
Martin Willi
f206e069f1 kernel-wfp: Implement bypass_socket() using dedicated filter rules 2014-06-04 16:32:09 +02:00
Martin Willi
2868314028 kernel-wfp: Register for WFP Net events 2014-06-04 16:32:09 +02:00
Martin Willi
6aaa432741 kernel-wfp: Add some missing IPv6 GUIDs, fix IPv6 host conversion 2014-06-04 16:32:09 +02:00
Martin Willi
288dc68596 kernel-wfp: Add an ipsecdump "filters" command to print IPsec related filters 2014-06-04 16:32:09 +02:00
Martin Willi
489a4f2192 kernel-wfp: Add an ipsecdump utility to show installed SAs/SPs on Windows 2014-06-04 16:32:09 +02:00
Martin Willi
9c974c329d kernel-wfp: Depend on used RNG plugin features 2014-06-04 16:32:09 +02:00
Martin Willi
5a5b9925f8 kernel-wfp: Implement update_sa() 2014-06-04 16:32:09 +02:00
Martin Willi
1987b70989 kernel-wfp: Configure ports for SAs using UDP encapsulation 2014-06-04 16:32:09 +02:00
Martin Willi
9b5c95648f kernel-wfp: Refactor SA context construction, and use IPsecSaContextCreate1() 2014-06-04 16:32:08 +02:00
Martin Willi
3551fdbbdf kernel-iph: Fire roam events for detected address changes 2014-06-04 16:32:08 +02:00
Martin Willi
bbe42a1fa5 kernel-wfp: Allocate SPIs pseudo-randomly using a 0xc prefix 2014-06-04 16:32:08 +02:00
Martin Willi
b714746ef0 kernel-wfp: Install appropriate routes for tunnel mode policies 2014-06-04 16:32:08 +02:00
Martin Willi
0ef0493b4a kernel-iph: Implement add/del_route() 2014-06-04 16:32:08 +02:00
Martin Willi
13e18cb2fc kernel-iph: Implement get_nexthop() 2014-06-04 16:32:08 +02:00
Martin Willi
0cefd94007 kernel-iph: Implement get_source_addr() 2014-06-04 16:32:08 +02:00
Martin Willi
f9e6200d06 kernel-iph: Implement address enumeration 2014-06-04 16:32:08 +02:00
Martin Willi
322c341f90 kernel-iph: Implement get_interface() method 2014-06-04 16:32:07 +02:00
Martin Willi
96f1978d0e kernel-iph: Create and maintain a cache of interfaces and associated addresses 2014-06-04 16:32:07 +02:00
Martin Willi
00780f0238 kernel-iph: Add a stub for a Windows IP Helper based networking backend 2014-06-04 16:32:07 +02:00
Martin Willi
b934929804 kernel-wfp: Disable IPsec policy updates 
It seems that WFP requires an update of the SA context only, but not for the
filters. This allows us to omit support for (fallback) drop policies.
 2014-06-04 16:32:07 +02:00
Martin Willi
7452adfad3 kernel-interface: Add a flag to indicate no policy updates required 2014-06-04 16:32:07 +02:00
Martin Willi
cd88f818fa kernel-wfp: Increment SPIs properly, that is while in host order 2014-06-04 16:32:07 +02:00
Martin Willi
af098b5008 kernel-wfp: Triggering expire events for SAs to rekey/delete 2014-06-04 16:32:07 +02:00
Martin Willi
b3f90915f9 kernel-wfp: Enforce hard lifetimes of SAs 2014-06-04 16:32:07 +02:00
Martin Willi
b50d486e78 kernel-wfp: Add some notes about query_sa/policy() support 2014-06-04 16:32:06 +02:00
Martin Willi
f351d9ef7d kernel-wfp: Reference SA/SP sets by SPI and destination, not reqid 
This allows us to have multiple CHILD_SAs for the same reqid, and brings
rekeying support.
 2014-06-04 16:32:06 +02:00
Martin Willi
4a8b85684f kernel-wfp: Add support for tunnel mode connections 2014-06-04 16:32:06 +02:00
Martin Willi
f5ddda7f57 kernel-wfp: Register a WFP provider to manage IPsec tunnels 2014-06-04 16:32:06 +02:00
Martin Willi
149fc48e03 kernel-wfp: Preliminary support for transport mode connections 2014-06-04 16:32:06 +02:00
Martin Willi
b1ba0a666c kernel-wfp: Fix/Complete some fwpuclnt functionality in MinGW 
While MinGW declares all the required symbols, some of them are missing in the
library files. We provide missing variables locally, functions get a stub
that call the GetProcAddress()ed function from the DLL.

Also some MinGW headers define some enum values incorrectly, we overload these
using defines.
 2014-06-04 16:32:06 +02:00
Martin Willi
ebb9362d85 kernel-wfp: Open and close a WFP engine 2014-06-04 16:32:06 +02:00
Martin Willi
96ab7a8022 kernel-wfp: Create userland state for SAs/policies to install in kernel 2014-06-04 16:32:06 +02:00
Martin Willi
8d91eee3fc kernel-wfp: Add a stub for a Windows Filtering Platform based IPsec backend 2014-06-04 16:32:05 +02:00
Martin Willi
893e8ceee3 Merge branch 'win-socket' 
Adds a socket-win plugin providing an IKE socket implementation for Windows
based on the native Winsock2 API.
 2014-06-04 16:31:18 +02:00
Martin Willi
9b7a2188d9 travis: Include socket backend in Windows build test 2014-06-04 16:31:09 +02:00