Nikos Mavrogiannopoulos
8b65df1ce3
remove the CLONE_NEWNET isolation option as it's performance cost is too high
2015-01-14 21:05:19 +01:00
Nikos Mavrogiannopoulos
8989be49ef
typo fix
2015-01-14 17:47:44 +01:00
Nikos Mavrogiannopoulos
35d609cfc8
tests: remove all error file references from haproxy.cfg
...
These files don't exist in Fedora.
2015-01-14 17:08:01 +01:00
Nikos Mavrogiannopoulos
180a3f468c
doc update
2015-01-14 17:08:01 +01:00
Nikos Mavrogiannopoulos
4dee583e29
In linux run the server in it's own container with separate IPC and PID namespace
2015-01-14 17:08:01 +01:00
Nikos Mavrogiannopoulos
1740a3aaf0
tests: attempt to use lockfile-create if it exists
2015-01-14 17:08:01 +01:00
Nikos Mavrogiannopoulos
b124f68f12
do not allow the processes to be traced in linux
...
That would prevent a worker process tracing one
from another user.
2015-01-13 22:44:08 +01:00
Nikos Mavrogiannopoulos
a02dbb1fb2
removed unneeded variable
2015-01-12 10:53:47 +01:00
Nikos Mavrogiannopoulos
9f619b3a79
corrected check for non-empty pull buffer
2015-01-12 10:50:10 +01:00
Nikos Mavrogiannopoulos
4a56dd95c9
prevent a memory leak when multiple fds are received in short time
2015-01-12 10:45:37 +01:00
Nikos Mavrogiannopoulos
8c24dd8dd7
occtl: re-arranged user-agent and MTU printing
2015-01-11 12:42:08 +01:00
Nikos Mavrogiannopoulos
9477340b86
added more precise match of version
2015-01-11 12:40:04 +01:00
Nikos Mavrogiannopoulos
406c171069
avoid repeating username in logs
2015-01-11 12:28:01 +01:00
Nikos Mavrogiannopoulos
2f3d520c85
do not enforce PFS on default strings
...
That allows legacy clients connect.
2015-01-11 12:22:27 +01:00
Nikos Mavrogiannopoulos
c3417f0830
simplified DTLS fd handling and dtls_pull()
2015-01-11 11:40:22 +01:00
Nikos Mavrogiannopoulos
a04599afc8
always forward the first message when forwarding fd
2015-01-11 11:33:44 +01:00
Nikos Mavrogiannopoulos
41d61c4225
cleanups
2015-01-11 11:27:06 +01:00
Nikos Mavrogiannopoulos
286ea8ff7b
only set IPV6_RECVPKTINFO on IPv6 sockets
2015-01-11 10:57:02 +01:00
Nikos Mavrogiannopoulos
a4c2967e02
simplified forward_udp_to_owner() by introducing oc_recvfrom_at()
2015-01-11 10:53:29 +01:00
Nikos Mavrogiannopoulos
04ec372f4f
save MTU in main, and report it to occtl
2015-01-11 10:34:13 +01:00
Nikos Mavrogiannopoulos
730c95e30e
doc update
2015-01-11 00:47:32 +01:00
Nikos Mavrogiannopoulos
3d7ac2c98c
bind to the address we received UDP on
...
That in addition allocates a new UDP socket per client,
and forwards the initial client hello to the worker
process as auxillary data. That, eliminates the need to
re-open the main server's UDP socket per client connection.
2015-01-11 00:46:34 +01:00
Nikos Mavrogiannopoulos
cb56984e8d
when compiling with gnutls 3.3.5 or later use the zero copy recv API
2015-01-07 22:33:12 +01:00
Nikos Mavrogiannopoulos
efe61fa48e
radius: added safety checks in the parsing of Framed-IPv6-Prefix
2015-01-06 10:58:05 +01:00
Nikos Mavrogiannopoulos
a530330873
radius: use separate types for ipv4 and ipv6
2015-01-06 10:56:24 +01:00
Nikos Mavrogiannopoulos
e042e3edf9
configure: set seccomp as enabled by default
2015-01-06 10:38:09 +01:00
Nikos Mavrogiannopoulos
b097d8a3ff
radius: handle Framed-IPv6-Prefix as routes to add
2015-01-01 01:22:32 +02:00
Nikos Mavrogiannopoulos
a1abcdbeae
Allow prefixes in specifying the IPv4 network
2014-12-30 17:22:02 +02:00
Nikos Mavrogiannopoulos
674a690301
Disable route and DNS assignment in IPv6 for non-openconnect clients
...
That is because anyconnect clients can handle the assignment
of an IPv6 address, but cannot handle routes or DNS in IPv6.
So we disable IPv6 after an IP is assigned.
2014-12-30 14:14:22 +02:00
Nikos Mavrogiannopoulos
effc095f46
dockerfile: added missing haproxy
2014-12-29 20:22:07 +02:00
Nikos Mavrogiannopoulos
8de4a47e62
doc update
2014-12-29 20:18:01 +02:00
Nikos Mavrogiannopoulos
50f2fb88f6
simplify the input of IPv6 networks
...
The prefix is specified as part of the network.
2014-12-29 20:15:36 +02:00
Nikos Mavrogiannopoulos
90b0ac7932
radius: added support for Framed-IPv6-Prefix
2014-12-29 20:00:45 +02:00
Nikos Mavrogiannopoulos
73726d13a3
print IPv6 netmask only when in non-full mode
...
Also use the network address if available to print netmask.
2014-12-29 19:42:00 +02:00
Nikos Mavrogiannopoulos
27b9e91eb8
bail out if use-seccomp is set to true but there is no seccomp capability
2014-12-29 14:22:45 +02:00
Nikos Mavrogiannopoulos
c821a578a4
tests: enabled nuttcp when running in Fedora
2014-12-29 14:22:32 +02:00
Nikos Mavrogiannopoulos
e2192d546c
full-test, unix-test: modified to operate in Fedora as well
...
That also enables a check for ping in the IPv6 address.
2014-12-29 14:19:05 +02:00
Nikos Mavrogiannopoulos
3edc36c137
Added protobuf-c dependency
2014-12-29 12:03:00 +02:00
Nikos Mavrogiannopoulos
ecb59fdf3e
tests: separated the address ranges on full and unix tests and added IPv6 addresses
2014-12-29 11:56:32 +02:00
Nikos Mavrogiannopoulos
02734d8f54
send the Netmask when an IPv6 Address is assigned
2014-12-29 11:47:39 +02:00
Nikos Mavrogiannopoulos
0b47b5fb8f
IPv6 fixes in ip-lease
...
Issue discovered and fixed by sskaje.
2014-12-29 11:39:52 +02:00
Nikos Mavrogiannopoulos
0f1599a64a
use libsystemd instead of systemd-daemon
2014-12-28 09:57:06 +02:00
Nikos Mavrogiannopoulos
660311d74d
enable IPv6 in Anyconnect clients, and send the prefix
2014-12-28 09:55:35 +02:00
Nikos Mavrogiannopoulos
620c40fba3
doc update
2014-12-27 21:37:31 +02:00
Nikos Mavrogiannopoulos
33c45d73e0
doc update
2014-12-27 11:19:10 +02:00
Nikos Mavrogiannopoulos
071a8ae05f
Do print error when pam_authenticate or pam_acct_mgmt fail
2014-12-27 11:17:41 +02:00
Nikos Mavrogiannopoulos
496f563686
doc update
2014-12-27 11:11:06 +02:00
Nikos Mavrogiannopoulos
b38a1bb39a
override the default ipv6_prefix only if ipv6_prefix is set
2014-12-26 20:23:12 +02:00
Nikos Mavrogiannopoulos
80459cfbd5
the default strings will enforce PFS
2014-12-25 10:56:19 +02:00
Nikos Mavrogiannopoulos
6d331584c1
radius: optimize "parse" of route
2014-12-14 20:55:04 +01:00
