aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa/ike_sa.c
Commit message (Collapse)AuthorAgeFilesLines
* properly delete IKE_SA if IKE_SA_INIT processing failedMartin Willi2009-05-151-0/+5
|
* fallback to family specific %any(6) if kernel lookup failsMartin Willi2009-03-161-0/+6
|
* printf hooks refactored to increase portability (i.e. support for platforms ↵Tobias Brunner2009-03-121-2/+1
| | | | without glibc-compatible customizable printf - the Vstr string library is currently required on such platforms).
* purge certificates after IKE_AUTH response has been builtMartin Willi2008-12-161-6/+8
|
* purge auth_info when IKE_SA is established, releases cert memoryMartin Willi2008-12-091-0/+6
|
* pass identity to release_address(), allows providers to do a lookup by idMartin Willi2008-12-051-1/+1
|
* some task queueing improvements:Martin Willi2008-12-011-20/+10
| | | | | | | | - do not pass CHILD_SAs to task constructor, might not be valid anymore during execution (late lookup) - use sub-tasks to delete CHILD/IKE_SA after rekeying, as we want to execute the delete before additional queued tasks
* schedule rekeying when activating passive IKE_SAsMartin Willi2008-11-281-1/+2
|
* added a PASSIVE IKE_SA state to manage it externallyMartin Willi2008-11-281-4/+20
|
* performance optimization for the DOS protection.Tobias Brunner2008-11-251-1/+1
| | | | | | * half-open SAs per peer are tracked in a hash table * charon.dos_protection setting replaced with charon.cookie_threshold and charon.block_threshold * chunk_hash function added
* fixed set_message_id() on IKE_SAMartin Willi2008-11-241-2/+2
| | | | | added missing bus->message() hook invocation whitespace cleanups
* set message IDs on IKE_SAsMartin Willi2008-11-241-1/+17
|
* refactored and cleaned up child_sa interfaceMartin Willi2008-11-191-3/+3
| | | | | | | replaced add/update calls by a install() call allocating SPIs always externally support installation of non-allocated CHILD_SAs some other cleanups
* setting default port of own address to have a proper fallback if src addr ↵Martin Willi2008-11-181-0/+1
| | | | lookup fails
* reset IKE_SA on bus during child_sa destructionMartin Willi2008-11-141-0/+2
|
* removed some obsolete includesMartin Willi2008-11-121-11/+0
|
* moved ike_initiator flag to IKE_SAs condition bitfieldMartin Willi2008-11-121-20/+4
|
* fixed compiler warnings issued by:Martin Willi2008-11-111-2/+2
| | | | | | gcc 4.3 curl.h gcc type-checking glibc with enabled FORTIFY_SOURCE checking
* fixing mediation extensionTobias Brunner2008-11-111-4/+8
|
* merging kernel_klips plugin back into trunkTobias Brunner2008-11-111-2/+9
|
* preliminary support of Mobile IPv6Andreas Steffen2008-11-111-17/+62
|
* got rid of deprecated create_iterator_locked()Martin Willi2008-11-051-0/+1
|
* %any is IP family neutralAndreas Steffen2008-11-051-2/+2
|
* added hooks for IKE and CHILD keymatMartin Willi2008-10-301-0/+26
|
* moved key derivation and management into keymat objectMartin Willi2008-10-281-320/+20
| | | | | | allows secured implementation of key management (e.g. in kernel or HW) only IKE keys for now
* store IKE proposal implicitly during derive_keysMartin Willi2008-10-281-16/+9
|
* use more generic stats getter, introducing new statsMartin Willi2008-10-271-65/+37
|
* more CHILD_SA refactoringsMartin Willi2008-10-241-14/+12
|
* moved updown script invocation to an optional pluginMartin Willi2008-10-161-3/+6
|
* passing chunks, not prf+, to kernel interfaceMartin Willi2008-10-141-10/+10
| | | | gives us better control of keymat in CHILD_SA
* reintegrated bus-refactoring branchMartin Willi2008-10-141-34/+28
|
* fixed MOBIKE roaming if clients address changesMartin Willi2008-10-091-5/+2
|
* mobike: try to keep existing source address before switching to anotherMartin Willi2008-10-081-13/+13
|
* userland support to process notifies for new NAT mappings detected in UDP ↵Martin Willi2008-10-071-6/+4
| | | | encapsulation
* use MOBIKE enabled DPD if we are NATedMartin Willi2008-10-061-2/+41
| | | | update SAs if we detect changes in NAT mappings
* time values in strongswan.conf can be optionally specified in days (d), ↵Andreas Steffen2008-09-041-1/+1
| | | | hours (h), minutes (m), or seconds (s)
* charon.keep_alive = 0 disables the sending of NAT keep alivesAndreas Steffen2008-09-031-1/+1
|
* configure NAT keep alive interval using the charon.keep_alive keyAndreas Steffen2008-09-031-2/+9
|
* ported parts of two-sim branchMartin Willi2008-08-221-0/+26
| | | | | | eap_identity parameter to exchange in eap_identity some auth_info/peer_cfg refactorings fixed some bugs, introduced new ones
* corrected typoAndreas Steffen2008-08-111-1/+1
|
* demoted IKE state change output to debug level 2Andreas Steffen2008-07-281-1/+1
|
* ignore AUTH_LIFETIME value if reauthentication has already been scheduled ↵Andreas Steffen2008-07-281-8/+13
| | | | earlier
* some more changes to IKE_SA and CHILD_SA loggingAndreas Steffen2008-07-221-3/+3
|
* consistent logging of IKE and CHILD SAsAndreas Steffen2008-07-211-3/+3
|
* introduced an additional bus->signal parameter for signal specific dataMartin Willi2008-07-181-21/+21
| | | | added SIG_IKE/SIG_CHD macros for signal emitting
* fixed potential segfault in resolve_hostsMartin Willi2008-07-171-1/+4
|
* fixed acquire-delay bug by:Martin Willi2008-07-161-1/+1
| | | | | installing policies before states updating policies if protocol has changed
* do a route lookup to allow routing of left=%any connections Martin Willi2008-07-091-5/+15
|
* flushing task_manager on shutdown while IKE_SA is usableMartin Willi2008-06-251-1/+2
|
* resolving hosts before routeMartin Willi2008-06-231-0/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-27 17:51:58 +0000