aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/config/policies/policy.c
Commit message (Collapse)AuthorAgeFilesLines
* restructured file layoutMartin Willi2007-04-101-635/+0
| | | | | | | | | new configuration structure: peer_cfg: configuration related to a peer (authenitcation, ...= ike_cfg: config to use for IKE setup (proposals) child_Cfg: config for CHILD_SA (proposals, traffic selectors) a peer_cfg has one ike_cfg and multiple child_cfg's stroke now uses fixed count of threads
* fixed traffic selector redundancy removal code (not completely tested)Martin Willi2007-03-061-6/+15
|
* fixed double free bugMartin Willi2007-03-051-2/+22
|
* added support for 0.0.0.0/0 traffic selectorsMartin Willi2007-03-011-2/+2
| | | | fixed routing to make correct 0.0.0.0/0 routes
* merged tasking branch into trunkMartin Willi2007-02-281-11/+52
|
* merged EAP framework from branch into trunkMartin Willi2007-02-121-1/+16
| | | | | includes a lot of other modifications
* support for transport in create_child_saMartin Willi2007-01-081-0/+8
| | | | include TRANSPORT/TUNNEL information in statusall
* added support for transport mode and (experimental!) BEET modeMartin Willi2006-12-211-2/+16
| | | | | support for the type=transport/tunnel parameter in charon
* moved typedefs to beginning of files to solve some include problemsMartin Willi2006-10-301-7/+0
| | | | | | | splitted authenticator to have a separate implementation for each auth_method_t using va_copy to clone va_lists, should fix proplems on AMD64 some other cleanups
* added methods get_my_ca() and get_other_ca()Andreas Steffen2006-10-281-0/+18
|
* improved signal handling and emittingMartin Willi2006-10-261-3/+3
|
* removed deprecated iterator methods (has_next & current)Martin Willi2006-10-241-5/+2
| | | | added iterator hook to manipulate iterator the clean way
* linked list cleanupsMartin Willi2006-10-241-22/+3
| | | | | added list methods invoke(), destroy_offset(), destroy_function() simplified list destruction when destroying its items
* introduced new logging subsystem using bus:Martin Willi2006-10-181-31/+10
| | | | | | | passive listeners can register on the bus active listeners wait for signals actively multiplexing allows multiple listeners to receive debug signals a lot more...
* added hostaccess support; moved auth_method to policyAndreas Steffen2006-09-251-23/+73
|
* implemented handling of dpdaction and dpddelay ipsec.conf parametersMartin Willi2006-09-081-4/+21
|
* reuse reqid when a ROUTED child_sa gets INSTALLEDMartin Willi2006-09-051-1/+7
| | | | | | | | | fixed a bug in retransmission code added support for the "keyingtries" ipsec.conf parameter added support for the "dpddelay" ipsec.conf parameter done some work for "dpdaction" behavior some other cleanups and fixes
* implemented proper refcounting using atomic operationsMartin Willi2006-07-281-3/+3
|
* implemented IKE_SA rekeyingMartin Willi2006-07-271-2/+13
| | | | | | uses ikelifetime, rekeymargin and rekeyfuzz config settings no handling of simultaneus exchanges yet!
* introduced refcounting on policy and connectionsMartin Willi2006-07-201-174/+108
| | | | | | | | | aren't stored in the IKE_SA anymore, they are queried on the fly are immutable now, allows it to share them policy selection based on traffic selectors, leads to valid lookup results rekeying queries the policy based on its traffic selectors
* cleanups in kernel interface codeMartin Willi2006-07-181-21/+33
| | | | | | added proper traffic selector to string conversion some cleanups here & there
* updated copyright informationMartin Willi2006-07-071-1/+2
|
* redesigned IKE_SA using a transaction mechanism:Martin Willi2006-07-051-1/+1
| | | | | | | | | | | | removed old state machine reimplemented IKE_SA setup and delete implemented dead peer detection implemented keep-alives a lot of fixes no rekeying yet
* support of cert payloadsAndreas Steffen2006-07-031-0/+23
|
* debug and logging improvementsMartin Willi2006-06-131-0/+4
|
* workaround for peers rekeying at the same timeMartin Willi2006-06-121-7/+31
| | | | | loading lifetime policies from ipsec.conf
* old child_sa gets deleted after rekeyingMartin Willi2006-06-091-3/+3
| | | | | | rekeying almost complete, but: IKE_SA get in an invalid state when both initiate rekeying at the same time,
* fixed clone/destroy behavior when not using CAsMartin Willi2006-06-091-5/+17
|
* added support for leftsendcert= and left|rightca= parametersAndreas Steffen2006-06-091-2/+32
|
* fixed compile warnings when using -WallMartin Willi2006-06-081-2/+6
| | | | | | | | further CHILD_SA rekeying work done: creation of a new CHILD_SA on a expire from a kernel works delete of old CHILD_SA still missing some issues when both initiate rekeing
* further work for rekeying:Martin Willi2006-06-071-0/+18
| | | | | | | | | get liftimes from policy added new state initiation of rekeying done proposal redone: removed support for AH+ESP proposals
* - fixed some memleaks/freebugsMartin Willi2006-05-311-1/+0
| | | | | - leak detective works almost usable now (?!)
* - policies contain a connections name nowMartin Willi2006-05-291-40/+58
| | | | | | | | - used for initiate and delete - connections won't get initiated twice anymore - deleting of connections is now possible, which allows us to use ipsec update and ipsec reload
* (no commit message)Martin Willi2006-05-101-0/+397
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 14:14:41 +0000