aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* android: Leak the private key reference on Jelly Bean to avoid a bug in the ↵Tobias Brunner2012-09-241-1/+10
| | | | | | | | | framework A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private key object returned from KeyChain.getPrivateKey is garbage collected. Leaking the global reference to that object prevents the garbage collection and thereby the crash.
* android: Added a global variable to check the current SDK versionTobias Brunner2012-09-242-1/+26
|
* Don't check interface of inbound message if interfaces are not filteredTobias Brunner2012-09-243-7/+19
| | | | | We don't have a proper kernel-net interface on Android yet, so the check for a usable interface does not work there.
* android: Load the private key and certificates separately in android_creds_tTobias Brunner2012-09-243-43/+36
|
* android: Added a method to get the user's private key via JNITobias Brunner2012-09-243-1/+61
|
* android: Added a JNI backed private key implementationTobias Brunner2012-09-243-0/+324
| | | | | This is required because private keys are provided by an OpenSSL engine in Jelly Bean, which makes them inaccessible directly via getEncoding.
* Documentation about some time values clarifiedTobias Brunner2012-09-242-3/+3
|
* removed ikev2/dynamic-responder scenarioAndreas Steffen2012-09-2214-214/+0
|
* Make sure the if_name member of cached route entries is initialized to NULLTobias Brunner2012-09-222-4/+10
|
* do not enable integrity and crypto tests in ikev1/rw-cert-unity scenarioAndreas Steffen2012-09-212-8/+0
|
* NEWS about kernel interface changesTobias Brunner2012-09-211-0/+11
|
* Properly handle thread cancelation in rwlock_condvar_tTobias Brunner2012-09-211-15/+20
|
* Use an rwlock in kernel-pfroute tooTobias Brunner2012-09-211-13/+14
|
* Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink pluginTobias Brunner2012-09-211-58/+55
|
* Use a separate mutex for cached routes in kernel-netlink pluginTobias Brunner2012-09-211-8/+15
|
* Added a condvar implementation that works with rwlock_tTobias Brunner2012-09-213-4/+220
|
* Use a lock to safely check and update the time for the next roam eventTobias Brunner2012-09-211-16/+28
|
* Added an option to configure the interface on which virtual IP addresses are ↵Tobias Brunner2012-09-212-19/+33
| | | | installed
* Changed how kernel-netlink handles virtual IP addressesTobias Brunner2012-09-211-248/+308
| | | | Also tried to avoid the use of enumerators.
* Made IP address enumeration more flexibleTobias Brunner2012-09-2110-53/+50
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Avoid calculating the hash if hashtable is emptyTobias Brunner2012-09-211-0/+5
|
* Use a hashtable to quickly check for usable IP addresses/interfacesTobias Brunner2012-09-212-85/+284
|
* Drop packets received on ignored interfacesTobias Brunner2012-09-211-2/+12
|
* Filter ignored interfaces in kernel interfaces (for events, address ↵Tobias Brunner2012-09-214-61/+134
| | | | enumeration, etc.)
* %any is never on a local interfaceTobias Brunner2012-09-212-0/+10
|
* Avoid memset in is_anyaddr()Tobias Brunner2012-09-211-6/+2
|
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-2110-65/+62
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-2110-31/+35
|
* Added options and a lookup function that will allow filtering of network ↵Tobias Brunner2012-09-214-4/+81
| | | | interfaces
* Make streq() and strcaseeq() static inline functions so they can be used as ↵Tobias Brunner2012-09-212-26/+32
| | | | callbacks
* Use source address in get_nexthop() callTobias Brunner2012-09-218-12/+19
| | | | | Otherwise the nexthop returned might belong to a different route than the one actually used with the current source address.
* Source address lookup refactoredTobias Brunner2012-09-211-146/+221
| | | | | | | Routes matching the destination are now first parsed and sorted by network prefix length. This list is then used to search for the best route with a matching preferred source address (if one is specified). This makes sure we really check all routes for that address.
* Check routes with equal prefix if preferred source is specifiedTobias Brunner2012-09-211-2/+4
|
* Try to find preferred source on interface if returned source does not matchTobias Brunner2012-09-211-10/+29
|
* Try to keep the given source address when looking up routesTobias Brunner2012-09-211-6/+32
| | | | | | This allows to pin the local end of an IKE_SA to an address that is not the physical address of an interface. Without this patch the local address would change to the physical address when roam events occur.
* Make sure we propose a dynamic TS if we don't have hosts to derive a TS fromTobias Brunner2012-09-211-10/+8
| | | | 7ee37114 removed this behavior.
* Move rw-eap-dynamic scenario to its proper locationTobias Brunner2012-09-2114-0/+0
|
* In mem_pool, check for an existing ID entry before creating a new oneMartin Willi2012-09-201-7/+10
|
* Merge branch 'unity'Martin Willi2012-09-1825-7/+1234
|\ | | | | | | Add Cisco Unity extension support implemented in a dedicated plugin.
| * Add a simple test case for the unity plugin, featuring both includes and ↵Martin Willi2012-09-189-0/+113
| | | | | | | | excludes
| * Build unity plugin in strongSwan test suiteMartin Willi2012-09-182-0/+6
| |
| * Add unity plugin NEWSMartin Willi2012-09-181-0/+7
| |
| * Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with UnityMartin Willi2012-09-181-2/+3
| |
| * As Unity responder, don't change the proposed TS at all, racoon doesn't like ↵Martin Willi2012-09-182-7/+8
| | | | | | | | that
| * Don't complain about multiple TS in IKEv1, as it supported with UnityMartin Willi2012-09-181-5/+0
| |
| * As initiator, narrow received Unity attributes to configured TSMartin Willi2012-09-181-4/+11
| |
| * When using Unity, bump up remote TS as initiator to 0.0.0.0/0, tooMartin Willi2012-09-181-5/+8
| |
| * Enable Cisco Unity only if Unity vendor id receivedMartin Willi2012-09-183-2/+5
| |
| * Exchange 0.0.0.0/0 traffic selectors with Unity, narrowing after exchangeMartin Willi2012-09-181-22/+87
| |
| * Add a Unity attribute provider that adds Split-Includes for TSMartin Willi2012-09-184-1/+232
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 08:13:27 +0000