aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * sqlite: Implement transaction handlingTobias Brunner2013-10-111-6/+83
| |
| * mysql: Implement transaction handlingTobias Brunner2013-10-111-7/+119
| |
| * database: Add interface to handle transactionsTobias Brunner2013-10-113-1/+76
| |
| * mysql: Ensure connections are properly released in multi-threaded environmentsTobias Brunner2013-10-111-14/+23
|/
* crypto-factory: Try next available RNG implementation if constructor failsTobias Brunner2013-10-111-13/+6
|
* crypto-factory: Order entries by algorithm identifier and (optionally) speedTobias Brunner2013-10-111-22/+18
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-119-26/+18
| | | | for IKEv2 anyway
* vstr: Forward actual field widthTobias Brunner2013-10-111-1/+1
| | | | | fmt_field_width is a flag that indicates if a field width is defined in obj_field_width.
* unit-tests: support testing when leak-detective has not been enabledMartin Willi2013-10-111-5/+14
|
* NEWS: Updates for the ah, libipsec-usestats and printf-hook mergesMartin Willi2013-10-111-0/+13
|
* Merge branch 'printf-hook'Martin Willi2013-10-1116-385/+2039
|\ | | | | | | | | | | Adds a custom printf hook implementation as a fallback if neither the glibc style hooks nor vstr is available. This can avoid the Vstr dependency on some systems at the cost of slower and less complete printf functions.
| * printf-hook-builtin: Print NaN/Infinity floating point values as suchMartin Willi2013-10-112-2/+36
| |
| * printf-hook-builtin: Correctly round up floating point valuesMartin Willi2013-10-112-9/+43
| |
| * printf-hook-builtin: Add some preliminary floating point supportMartin Willi2013-10-112-2/+223
| | | | | | | | | | This minimalistic implementation has no aspiration for completeness or accuracy, and just provides what we need.
| * printf-hook-builtin: Support GNU %m specifierMartin Willi2013-10-112-0/+21
| |
| * printf-hook-builtin: Add a new "builtin" backend using its own printf() routinesMartin Willi2013-10-115-2/+1032
| | | | | | | | | | | | Overloads printf C library functions by a self-contained implementation, based on klibc. Does not yet feature all the required default formatters, including those for floating point values.
| * printf-hook: Add some basic printf() string/integer test functionsMartin Willi2013-10-114-1/+112
| |
| * printf-hook: Move glibc/vstr printf hook backends to separate filesMartin Willi2013-10-119-383/+586
|/
* Merge branch 'libipsec-usestats'Martin Willi2013-10-1117-41/+216
|\ | | | | | | | | | | Brings SA usage statistics and volume based expiration to libipsec and the associated kernel-libipsec plugin. Additionally removes any ESPv3 style TFC padding found in incoming packets.
| * libipsec: Enforce byte/packet lifetimes on SAsMartin Willi2013-10-113-7/+77
| |
| * kernel-libipsec: Support ESPv3 TFC paddingMartin Willi2013-10-111-1/+1
| |
| * libipsec: remove extra RFC4303 TFC padding appended to inner payloadMartin Willi2013-10-111-0/+6
| |
| * kernel-libipsec: Support query_sa() to report usage statisticsMartin Willi2013-10-111-1/+2
| |
| * libipsec: Support usage statistics and query_sa() on IPsec SAsMartin Willi2013-10-115-4/+102
| |
| * kernel: Use a time_t to report use time in query_policy()Martin Willi2013-10-1111-13/+13
| |
| * kernel: Use a time_t to report use time in query_sa()Martin Willi2013-10-1111-15/+15
|/
* Merge branch 'ah'Martin Willi2013-10-1161-137/+691
|\ | | | | | | | | | | Brings support for Security Associations integrity protected by the Authentication Header protocol, both to IKEv1 and IKEv2. Currently only plain AH is supported, but no (now deprecated) RFC2401 style AH+ESP bundles.
| * ipsec.conf: Add a description for the new 'ah' keyword.Martin Willi2013-10-111-0/+41
| |
| * testing: Add an IKEv1 host2host AH transport mode test caseMartin Willi2013-10-119-0/+89
| |
| * testing: Add an IKEv1 net2net AH test caseMartin Willi2013-10-119-0/+102
| |
| * testing: Add an IKEv2 host2host AH transport mode test caseMartin Willi2013-10-119-0/+89
| |
| * testing: Add an IKEv2 net2net AH test caseMartin Willi2013-10-119-0/+101
| |
| * testing: Allow AH packets in default INPUT/OUTPUT chainsMartin Willi2013-10-111-0/+4
| |
| * updown: Install forwarding rules with the actually used protocolMartin Willi2013-10-111-1/+1
| |
| * updown: Add a PLUTO_PROTO variable set to 'ah' or 'esp'Martin Willi2013-10-112-1/+6
| |
| * starter: Reject connections having both 'ah' and 'esp' keywords setMartin Willi2013-10-111-0/+9
| | | | | | | | | | We currently don't support mixed proposals or bundles, so don't create the illusion we would.
| * ike: Define keylength for aescmac algorithmMartin Willi2013-10-111-0/+1
| |
| * ikev1: Support parsing of AH+IPComp proposalsMartin Willi2013-10-111-9/+11
| |
| * starter: Remove obsolete 'auth' optionMartin Willi2013-10-115-7/+0
| |
| * ikev1: Accept more than two certificate payloadsMartin Willi2013-10-111-2/+2
| |
| * ikev1: Support en-/decoding of SA payloads with AH algorithmsMartin Willi2013-10-111-31/+99
| |
| * kernel-handler: Whitespace cleanupsMartin Willi2013-10-111-42/+38
| |
| * stroke: List proposals in statusall without leading '/' in AH SAsMartin Willi2013-10-111-1/+7
| |
| * ikev1: Delete quick modes with the negotiated SA protocolMartin Willi2013-10-111-1/+1
| |
| * trap-manager: Install trap with SA protocol of the first configured proposalMartin Willi2013-10-111-4/+12
| |
| * child-sa: Save protocol during SPI allocationMartin Willi2013-10-111-6/+3
| | | | | | | | | | This allows us to properly delete the incomplete SA with the correct protocol should negotiation fail.
| * ikev1: Negotiate SPI with the first/negotiated proposal protocolMartin Willi2013-10-111-3/+18
| |
| * ikev2: Allocate SPI with the protocol of the first/negotiated proposalMartin Willi2013-10-111-2/+16
| |
| * proposal: Strip redundant integrity algos for ESP proposals onlyMartin Willi2013-10-111-16/+19
| |
| * stroke: Configure proposal with AH protocol if 'ah' option setMartin Willi2013-10-112-11/+16
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 11:57:23 +0000