aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * xpc: send child_updown events over XPC channelMartin Willi2013-07-181-0/+43
| |
| * xpc: support termination of IKE_SAs using XPC RPC on connection channelMartin Willi2013-07-181-8/+102
| |
| * xpc: move XPC RPC reply creation to command dispatchingMartin Willi2013-07-181-24/+16
| |
| * xpc: terminate daemon when last XPC connection to App goneMartin Willi2013-07-181-0/+28
| |
| * xpc: fix some refcounting issues related to XPC connectionsMartin Willi2013-07-182-26/+15
| |
| * xpc: no need to clear channel table, they are bound to IKE_SA lifetimeMartin Willi2013-07-181-8/+0
| |
| * xpc: add support for logging over XPC channelsMartin Willi2013-07-184-1/+174
| |
| * xpc: don't warn about pointer signedness mismatch (-Wno-pointer-sign)Martin Willi2013-07-181-0/+2
| |
| * xpc: add a description of the basic XPC protocol to READMEMartin Willi2013-07-181-1/+48
| |
| * xpc: use the same XPC message "type" mechanism on Mach service as on channelsMartin Willi2013-07-181-11/+32
| |
| * xpc: ask App for passwords using connection specific channelMartin Willi2013-07-181-0/+90
| |
| * xpc: use IKE_SA specific XPC return channels for further communicationMartin Willi2013-07-184-12/+320
| |
| * xpc: don't send certificate requests, there are too many when using keychainMartin Willi2013-07-181-1/+1
| |
| * xpc: build with support for the keychain pluginMartin Willi2013-07-183-2/+4
| |
| * xpc: add support for initiate simple IKEv2 EAP connectionsMartin Willi2013-07-181-0/+126
| |
| * xpc: move dispatching to dedicated class, using dedicated threadMartin Willi2013-07-184-86/+304
| |
| * xpc: use non-inlining variant of vstr, compiler does not like itMartin Willi2013-07-181-0/+2
| |
| * xpc: add Xcode project for a charon controlled through XPCMartin Willi2013-07-186-0/+584
| |
| * syslog: setlogmask() to include LOG_INFOMartin Willi2013-07-181-0/+1
| | | | | | | | LOG_INFO seems to be excluded by default on some systems (OS X).
| * keychain: flush certificate cache after reloading System keychainMartin Willi2013-07-181-0/+2
| |
| * keychain: monitor changes in the system keychain, reload when necessaryMartin Willi2013-07-181-0/+65
| |
| * keychain: use SearchCopyNext keychain enumeration for System certs as wellMartin Willi2013-07-181-71/+12
| | | | | | | | | | | | | | SecItemCopyMatching seems to be problematic regarding memory management. And as there does not seem to be a good alternative to enumerate the System Roots keychain using the SecItemCopyMatching API, we stick to the deprecated enumeration functions for now.
| * keychain: load certificates from System Roots KeychainMartin Willi2013-07-181-0/+65
| |
| * keychain: load certificates only once during startup, improving performanceMartin Willi2013-07-183-111/+78
| |
| * keychain: support on-the-fly enumeration of trusted/untrusted certificatesMartin Willi2013-07-182-1/+118
| |
| * keychain: add a stub for a credential plugin using OS X Keychain ServicesMartin Willi2013-07-187-0/+258
| |
| * credmgr: stop querying for secrets once we get a perfect matchMartin Willi2013-07-181-0/+4
| |
| * credmgr: don't use pointers for id_match_t enum valuesMartin Willi2013-07-181-2/+2
| |
| * openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | | | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
| * openssl: show which critical X.509 extension is not supportedMartin Willi2013-07-181-1/+6
| |
| * hashtable: add common hashtable hash/equals functions for pointer/string keysMartin Willi2013-07-182-3/+68
| |
| * thread: implicitly create thread_t if an external thread calls thread_current()Martin Willi2013-07-181-1/+14
|/
* ike: Fix reestablishing SAs if no child-creating tasks are queuedTobias Brunner2013-07-181-2/+5
|
* ike-sa: uninstall CHILD_SAs before removing virtual IPsMartin Willi2013-07-181-1/+8
| | | | | | a3854d83 changed cleanup order. But we should remove CHILD_SAs first, as routes for CHILD_SAs might get deleted while removing virtual IPs, resulting in an error when a CHILD_SA tries to uninstall its route.
* unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were ↵Tobias Brunner2013-07-171-11/+32
| | | | received
* unity: Allow UNITY_LOCAL_LAN to be longer than 8 bytesTobias Brunner2013-07-171-1/+1
|
* unity: Fix memory leak in providerTobias Brunner2013-07-171-0/+1
|
* ipsec.conf.5: closeaction is now supported for IKEv1Tobias Brunner2013-07-171-2/+1
|
* ikev1: Reestablish IKE_SA/CHILD_SAs if it gets deleted by the peerTobias Brunner2013-07-171-0/+5
| | | | | We call ike_sa_t.reestablish() so the IKE_SA is only recreated if any CHILD_SA requires it.
* ike: Migrate queued CHILD_SA-creating tasks when reestablishing an IKE_SATobias Brunner2013-07-174-2/+115
|
* ikev1: Support closeaction of CHILD_SA.Oliver Smith2013-07-171-7/+49
| | | | | | When a CHILD_SA is closed in IKEv1, if it is not being rekeyed and closeaction has been set, we can now perform a restart or hold as is currently done for IKEv2.
* Merge branch 'kernel-pfroute-mobility'Tobias Brunner2013-07-174-49/+470
|\ | | | | | | | | | | This improves the behavior of the kernel-pfroute plugin (and sometimes the kernel-pfkey plugin) in case of mobility, mostly when used as as client but also as gateway, if clients are mobile.
| * kernel-pfroute: Ignore IP address changes if address is %anyTobias Brunner2013-07-171-1/+2
| |
| * kernel-pfroute: Properly enumerate sockaddrs in interface messagesTobias Brunner2013-07-171-9/+26
| | | | | | | | | | The ifa_msghdr and rt_msghdr structs are not compatible (at least not on FreeBSD).
| * kernel-pfroute: Provide name of interfaces on which virtual IPs are installedTobias Brunner2013-07-172-1/+23
| |
| * kernel-pfroute: Ignore virtual IPs in address mapTobias Brunner2013-07-171-13/+9
| | | | | | | | | | As the virtual flag is set after the address has been added to the map, we make sure we ignore virtual IPs when doing lookups.
| * kernel-pfroute: Make sure source addresses are not virtual and usableTobias Brunner2013-07-171-4/+20
| | | | | | | | | | | | | | It seems we sometimes get the virtual IP as source (with rightsubnet=0.0.0.0/0) even if the exclude route is already installed. Might be a timing issue because shortly afterwards the lookup seems to succeed.
| * kernel-pfroute: Don't report an error when trying to reinstall a routeTobias Brunner2013-07-171-0/+4
| |
| * kernel-pfkey: Provide interface name when installing exclude routeTobias Brunner2013-07-171-4/+15
| |
| * kernel-pfroute: Reinstall routes on interface/address changesTobias Brunner2013-07-171-7/+320
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 02:37:30 +0000