aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa/ike_sa.c
Commit message (Collapse)AuthorAgeFilesLines
* improved logging on verify errors for some payloadsMartin Willi2006-07-131-0/+7
| | | | | | enforcing IKE_SA shutdown, even when transactions are outstanding proper reject of CREATE_CHILD_SA message with KE payload
* added CHILD_SA states, which allows us to detect further simultaneous ↵Martin Willi2006-07-131-36/+26
| | | | | | | transactions reimplemented the buggy message id handling
* fixed crypter/signer in/out to conform with standardMartin Willi2006-07-121-9/+9
|
* updated copyright informationMartin Willi2006-07-071-1/+2
|
* reimplemented CHILD_SA rekeying & deleteMartin Willi2006-07-071-138/+66
| | | | | no simultanous transaction with CHILD_SAs yet!
* redesigned IKE_SA using a transaction mechanism:Martin Willi2006-07-051-1049/+874
| | | | | | | | | | | | removed old state machine reimplemented IKE_SA setup and delete implemented dead peer detection implemented keep-alives a lot of fixes no rekeying yet
* support of cert payloadsAndreas Steffen2006-07-031-93/+117
|
* applied new changes from NATT teamMartin Willi2006-06-231-20/+95
| | | | | DPD only done when no IPsec and IKE traffic processed minor changes here and there
* first merge of NATT codeMartin Willi2006-06-221-16/+273
|
* fixed SPI when acting as initiator of rekeyingMartin Willi2006-06-191-2/+2
|
* fixed SPI when rekeying and deleting CHILD_SAsMartin Willi2006-06-191-3/+3
|
* fixed aes code, we support now aes128, aes192, aes256 in IKEMartin Willi2006-06-151-6/+6
|
* added support for "ike" and "esp" keywordsMartin Willi2006-06-151-8/+5
| | | | | | | fixed bugs in proposal code algorithm selection for charon works now with ipsec.conf a lot of other fixes
* using same reqid if a child sa rekeys an existing oneMartin Willi2006-06-121-1/+2
|
* old child_sa gets deleted after rekeyingMartin Willi2006-06-091-7/+93
| | | | | | rekeying almost complete, but: IKE_SA get in an invalid state when both initiate rekeying at the same time,
* specifying keysize in bits, as it is required in IKEv2Martin Willi2006-06-091-2/+2
| | | | | | added generic kernel SA algorithm handling, which brings us: aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
* fixed compile warnings when using -WallMartin Willi2006-06-081-139/+20
| | | | | | | | further CHILD_SA rekeying work done: creation of a new CHILD_SA on a expire from a kernel works delete of old CHILD_SA still missing some issues when both initiate rekeing
* further work for rekeying:Martin Willi2006-06-071-205/+389
| | | | | | | | | get liftimes from policy added new state initiation of rekeying done proposal redone: removed support for AH+ESP proposals
* job management:Martin Willi2006-05-311-5/+29
| | | | | | | | | | | | | moved job code from thread_pool to job, jobs have an "execute" method now added two new jobs: delete_child_sa & rekey_child_sa kernel interface: listens now for ACQUIRE & EXPIRE supports hard and soft lifetimes fires jobs for delete and rekey child sa ike sa manager: can checkout IKE SAs by requid of owned CHILD SAs we have now the infrastructure to do the rekeying... :-)
* use of streqAndreas Steffen2006-05-301-1/+1
|
* - policies contain a connections name nowMartin Willi2006-05-291-12/+24
| | | | | | | | - used for initiate and delete - connections won't get initiated twice anymore - deleting of connections is now possible, which allows us to use ipsec update and ipsec reload
* - some logging improvements and cosmeticsMartin Willi2006-05-241-1/+3
|
* - show connection templates in status & statusallMartin Willi2006-05-231-2/+2
| | | | | - don't complain on termination of IKEv1 connections
* - reimplemented proper IKE SA deletion using a seperate state,Martin Willi2006-05-231-133/+113
| | | | | should conform now to IKEv2
* - applied patch from the NAT-T team fixing several typosMartin Willi2006-05-191-6/+6
|
* (no commit message)Martin Willi2006-05-101-0/+1199
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-20 06:48:09 +0000