tteras/strongswan/src/libcharon/plugins/ha, branch master tteras' strongSwan tree Migrate all enumerators to venumerate() interface change 2017-05-26T11:56:44+00:00 Tobias Brunner tobias@strongswan.org 2017-05-11T07:17:02+00:00 95a63bf2813cd6ecad912237688526bbcc3481ee 






child-sa: Change API used to set/install policies
2017-05-23T16:41:31+00:00

Tobias Brunner
tobias@strongswan.org

2017-03-01T13:40:15+00:00

4989aba8225f6d710ee69e56a98b90d13c37319a

This way we only have to pass the traffic selectors once.





This way we only have to pass the traffic selectors once.







ha: Fix assignment of IP addresses if multiple pools are defined
2017-01-25T11:28:34+00:00

Tobias Brunner
tobias@strongswan.org

2016-10-13T16:39:09+00:00

4e382f5ffcb8590b30f8953640eb1e111bf1ced9

Fixes #2146.





Fixes #2146.







ha: Delete passive IKE_SA on other node after half-open timeout
2017-01-25T11:27:21+00:00

Tobias Brunner
tobias@strongswan.org

2016-08-30T12:30:19+00:00

0e3c8cc4a27bd0010a671c6f2f985bdc91f8381b

Fixes #1192.





Fixes #1192.







peer-cfg: Use struct to pass data to constructor
2016-04-09T14:51:01+00:00

Tobias Brunner
tobias@strongswan.org

2016-04-04T16:41:17+00:00

2ba5dadb12dd95c9ba5ff99e619fb33388582661












child-cfg: Use struct to pass data to constructor
2016-04-09T14:51:01+00:00

Tobias Brunner
tobias@strongswan.org

2016-04-04T14:09:23+00:00

8a00a8452ddb36ec07038242c029a214b0417ae8












Use standard unsigned integer types
2016-03-24T17:52:48+00:00

Andreas Steffen
andreas.steffen@strongswan.org

2016-03-22T12:22:01+00:00

b12c53ce77beb8e04b044d0c0dc9249ddba72200












ha: Delete cache entry inside the locked mutex
2016-03-23T09:34:24+00:00

Thomas Egerer
thomas.egerer@secunet.com

2016-03-21T13:46:11+00:00

90a7a68488e25e59b4b3cbccd189ed66b5804894

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>





Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>







libhydra: Remove empty unused library
2016-03-03T16:36:11+00:00

Tobias Brunner
tobias@strongswan.org

2016-02-12T15:35:54+00:00

28649f6d91971e0fe50078aec2937010e8c61cd8












ha: Properly sync IKEv1 IV if gateway is initiator
2016-02-01T09:51:02+00:00

Tobias Brunner
tobias@strongswan.org

2016-01-26T10:13:13+00:00

9c773f8d112d7374e77ee804e89f5b6b5da84f16

To handle Phase 2 exchanges on the other HA host we need to sync the last
block of the last Phase 1 message (or the last expected IV).  If the
gateway is the initiator of a Main Mode SA the last message is an
inbound message.  When handling such messages the expected IV is not
updated until it is successfully decrypted so we can't sync the IV
when processing the still encrypted (!plain) message.  However, as responder,
i.e. if the last message is an outbound message, the reverse applies, that
is, we get the next IV after successfully encrypting the message, not
while handling the plain message.

Fixes #1267.





To handle Phase 2 exchanges on the other HA host we need to sync the last
block of the last Phase 1 message (or the last expected IV).  If the
gateway is the initiator of a Main Mode SA the last message is an
inbound message.  When handling such messages the expected IV is not
updated until it is successfully decrypted so we can't sync the IV
when processing the still encrypted (!plain) message.  However, as responder,
i.e. if the last message is an outbound message, the reverse applies, that
is, we get the next IV after successfully encrypting the message, not
while handling the plain message.

Fixes #1267.