1a2c5e916d91b6efe0d57595b7b783dfdc15ad7d |
|
10-Mar-2017 |
Robin Lee <rgl@google.com> |
Use NetdClient to exempt racoon sockets from VPN So that if we create a networkRejectNonSecureVpn rule, racoon doesn't get its connection shut down. This means we can drop the special-cased firewall code for racoon from Android, and just use the same set of VPN ip rules as for third-party apps. Later on it might be possible to protect the socket without depending on libnetd_client, see bug 34524989 Test: manual - enable always-on VPN with a legacy Ipsec PSK VPN on 464xlat network Bug: 33159037 Change-Id: I89740d110cff8e67eb661b0b3d191eb49aa1e9d8
/external/ipsec-tools/src/racoon/sockmisc.c
|
c91307af2622f6625525f3c1f9c954376df950ad |
|
26-Mar-2012 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: back-port 0.7.3 to Android. Lots of checks and features were added to ipsec-tools 0.8.0. However, they broke the compatibility with existing VPN servers. I was unable to fix all of them in 0.8.0, so I chose to port 0.7.3 back with the new VPN types we added in ICS release. Bug: 6191668 Change-Id: I86a7218f7f5146d4a9b129d46c89839a82b0008f
/external/ipsec-tools/src/racoon/sockmisc.c
|
a6239141a335940e5f665e3f0dc99c9c5cad8966 |
|
12-Jul-2011 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: revise helper functions for sockets. getlocaladdr() will return the address on the interface. setsockopt_bypass() will give warnings on failure instead of errors. Change-Id: I4d95633066d136bd0b9732dd62b2c43184daee4b
/external/ipsec-tools/src/racoon/sockmisc.c
|
f8a6a7636d53a5730c58ae041e4e09ae12e1657c |
|
05-Jul-2011 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: Update to 0.8.0. This change updates ipsec-tools to 0.8.0. However, a quick test reveals a regression in IPSec PSK sessions. The server rejects the first packet of phase 2 negotiation with INVALID-ID-INFORMATION error. After testing files one by one, it turns out that using the old ipsec_doi.c fixes the problem. Then the next error shows that identity check is failed. This can be fixed by marking few lines in isakmp_quick.c just like 0.7.3. This change adds ipsec_doi-0.7.3.c as a temporary fix. I will come back and see if I can find the real problem. IPSec RSA sessions will be covered in the next change. Change-Id: I48f0026c3be07f506b3901b59202081bf88f41c9
/external/ipsec-tools/src/racoon/sockmisc.c
|
c454954382b81262dc81ac54e147f4dc7fc0af75 |
|
22-Jul-2009 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: Some fixes for rekeying. Bind sockets to proper interface in order to avoid using host routes. Rewrite a part of sockmisc.c to work around the ipi_ifindex bug in linux kernel. Enable policy generating when responding to phase 2 negotiation. Reduce the executable size about 4KB by simplifying some functions.
/external/ipsec-tools/src/racoon/sockmisc.c
|
0a1907d434839af6a9cb6329bbde60b237bf53dc |
|
22-Apr-2009 |
Chung-yih Wang <cywang@google.com> |
Migrate from perforce repository.
/external/ipsec-tools/src/racoon/sockmisc.c
|