aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa/ike_sa.c
Commit message (Collapse)AuthorAgeFilesLines
* fixing some memory leaksTobias Brunner2008-04-021-0/+1
|
* stopping connectivity checks on the responders side after receiving an ↵Tobias Brunner2008-04-011-3/+20
| | | | IKE_SA_INIT request with the proper ME_CONNECTID
* mediation extension adapted to the naming convention of the current version ↵Tobias Brunner2008-03-261-29/+29
| | | | of the draft. note: the external interface (config, autotools) has not yet been changed
* added equals() method to peer_cfg, ike_cfg, proposals, auth_infoMartin Willi2008-03-261-17/+14
| | | | | | allows easier merging of ipsec.conf connections replaced some iterators through enumerators made proposals algorithm_t private using enumerator
* merged the modularization branch (credentials) back to trunkMartin Willi2008-03-131-51/+71
|
* NAT-T conditions were not inherited during IKE_SA rekeyingAndreas Steffen2008-01-291-1/+8
|
* removed c++ style comments4.1.9Martin Willi2007-12-041-6/+7
| | | | | fixed compiler warnings
* moved AUTH_LIFETIME handling in its own task (cleaner separation, proper ↵Martin Willi2007-12-031-1/+17
| | | | payload order)
* implemented RFC4478 (repeated authentication)Martin Willi2007-11-201-38/+134
| | | | | changed %V printf handler to take a time delta, %#V now takes two arguments
* fixed NO_PROPOSAL_CHOSEN response on IKE_SA_INITMartin Willi2007-11-141-0/+2
|
* adding new virtual ip before deleting old one to keep IP on reauthenticationMartin Willi2007-10-251-7/+7
|
* experimental P2P-NAT-T for IKEv2 merged back from branchTobias Brunner2007-10-031-8/+155
|
* moved force_encap to ike_config, enables responder to enforce udp encapsulationMartin Willi2007-10-011-1/+1
| | | | fixed bugs in force_encap code
* implemented IKEv2 force_encap connection parameterMartin Willi2007-10-011-1/+7
| | | | | enforces UDP encapsulation by faking NAT detection payloads to hurdle restrictive firewalls
* improved MOBIKE roaming between interfacesMartin Willi2007-09-241-2/+2
|
* put IKE_SA and CHILD_SA names in single quotesAndreas Steffen2007-09-151-1/+1
|
* log name of IKE_SA in state changesAndreas Steffen2007-09-151-1/+2
|
* implemented routeability checks for mobike (experimental)Martin Willi2007-09-031-22/+8
|
* added mobike=yes|no connection optionMartin Willi2007-08-291-6/+15
| | | | | | | yes: include mobike support notifies as initiator no: only enable mobike as responder when initiator supports it default: yes
* rerouting CHILD_SA if its IKE_SA gets deletedMartin Willi2007-08-271-99/+149
|
* changed mobike behavior to NOT use additional responder addresses until we ↵Martin Willi2007-07-041-95/+3
| | | | have path discovery
* improved MOBIKE:Martin Willi2007-07-031-9/+73
| | | | | | | | prefer address family already used do not change address implicit when mobike supported handle multiple simultaneous roaming requests more properly proper enabling/disabling of UDP encapsulation
* fixed mobike address update from and to NATMartin Willi2007-07-021-1/+6
|
* proper update of IPsec SA when roaming a host-to-host tunnelMartin Willi2007-07-021-60/+91
| | | | roaming of IPsec SAs using virtual IPs
* fixed dpd=hold when using virtual IPsMartin Willi2007-06-291-6/+19
|
* fixed IKE_SA reestablishment after DPD using port 500Martin Willi2007-06-281-65/+71
|
* further mobike improvements, regarding to NAT-TMartin Willi2007-06-271-3/+10
|
* simple roaming of the client works (not MOBIKE conform yet!)Martin Willi2007-06-261-144/+144
|
* further fixed for mobike roamingMartin Willi2007-06-251-12/+21
|
* further MOBIKE stuff:Martin Willi2007-06-211-46/+180
| | | | | | | | | kernel properly reports network reconfiguration and informs all IKE_SAs MOBIKE in IKE_AUTH: MOBIKE_SUPPORTED notify and address exchange reestablishment of IKE_SAs on network reconfiguration kinda works not stable yet!
* added extensions management to IKE_SAMartin Willi2007-06-181-0/+24
| | | | fixed NATD payload (port) when using route lookup
* source address lookup in kernel interfaceMartin Willi2007-06-181-1/+1
| | | | | | use it for NAT detection if no source address known from config support for %any...%any connections
* fixed memleak when initiating to %anyMartin Willi2007-06-141-0/+1
|
* proper reauthentication:Martin Willi2007-06-141-71/+10
| | | | | IKE_SA is closed completely before the new is initiated, resolves some issues when a dynamic IP is requested from a pool
* introduced callback_job:Martin Willi2007-06-111-13/+13
| | | | | | | | | | | | simple asynchronous method invocation use daemons thread pool for all threads proper cancellation and cleanups cancellation mechanism to dynamically unload multithreaded code unified event_queue and scheduler => scheduler unified job_queue and thread_pool => processor removed job_type_t, not really needed fixes here, there and everywhere
* proper thread cancellation when using the charon->interfacesMartin Willi2007-05-231-0/+1
|
* added set_other_ca() and get_other_ca()Andreas Steffen2007-05-171-44/+68
|
* removed route_job, handled all in interface_managerMartin Willi2007-05-161-1/+0
|
* routing/unrouting through interfaceMartin Willi2007-05-161-3/+3
|
* properly implemented interface_managers initiate, terminte_[ike|child]Martin Willi2007-05-091-3/+0
| | | | | proper thread release when stroke is CTRL+C'ed fixed some permission issues
* restructuring of configuration backendsMartin Willi2007-04-271-2/+2
| | | | | | | | | added propotypes of new control interfaces (xml & dbus) introduced loadable: configuration backends control interfaces using pluggable modules as in EAP
* properly checking received IDr as initiatorMartin Willi2007-04-251-3/+4
|
* added support for EAP methods not establishing an MSKMartin Willi2007-04-191-33/+28
|
* not using %m printf handler, as late errno interpration over bus may be ↵Martin Willi2007-04-121-7/+12
| | | | problematic
* removed IKE_SA (%K) and CHILD_SA (%P) printf handlers, 3 more to goMartin Willi2007-04-111-48/+13
|
* cleaned up apidocMartin Willi2007-04-111-10/+7
| | | | | | added some comments removed configuration.[ch], as it does not make sense like it is
* fixed bug with roadwarrior and wildcard IDsAndreas Steffen2007-04-101-11/+19
|
* requesting the same virtual IP on reauthenticationMartin Willi2007-04-101-49/+54
|
* restructured file layoutMartin Willi2007-04-101-215/+161
| | | | | | | | | new configuration structure: peer_cfg: configuration related to a peer (authenitcation, ...= ike_cfg: config to use for IKE setup (proposals) child_Cfg: config for CHILD_SA (proposals, traffic selectors) a peer_cfg has one ike_cfg and multiple child_cfg's stroke now uses fixed count of threads
* added IKE_SA_INIT retransmission detectionMartin Willi2007-03-291-10/+4
| | | | fixed thread exhaustion when IKE_SA is blocked for a longer time
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-21 10:41:48 +0000