aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa/ike_sa.h
Commit message (Collapse)AuthorAgeFilesLines
* improved MOBIKE:Martin Willi2007-07-031-3/+20
| | | | | | | | prefer address family already used do not change address implicit when mobike supported handle multiple simultaneous roaming requests more properly proper enabling/disabling of UDP encapsulation
* simple roaming of the client works (not MOBIKE conform yet!)Martin Willi2007-06-261-0/+11
|
* further MOBIKE stuff:Martin Willi2007-06-211-29/+86
| | | | | | | | | kernel properly reports network reconfiguration and informs all IKE_SAs MOBIKE in IKE_AUTH: MOBIKE_SUPPORTED notify and address exchange reestablishment of IKE_SAs on network reconfiguration kinda works not stable yet!
* added extensions management to IKE_SAMartin Willi2007-06-181-1/+37
| | | | fixed NATD payload (port) when using route lookup
* proper reauthentication:Martin Willi2007-06-141-2/+3
| | | | | IKE_SA is closed completely before the new is initiated, resolves some issues when a dynamic IP is requested from a pool
* added set_other_ca() and get_other_ca()Andreas Steffen2007-05-171-2/+19
|
* routing/unrouting through interfaceMartin Willi2007-05-161-2/+3
|
* added support for EAP methods not establishing an MSKMartin Willi2007-04-191-5/+5
|
* removed IKE_SA (%K) and CHILD_SA (%P) printf handlers, 3 more to goMartin Willi2007-04-111-0/+7
|
* cleaned up apidocMartin Willi2007-04-111-1/+29
| | | | | | added some comments removed configuration.[ch], as it does not make sense like it is
* restructured file layoutMartin Willi2007-04-101-30/+25
| | | | | | | | | new configuration structure: peer_cfg: configuration related to a peer (authenitcation, ...= ike_cfg: config to use for IKE setup (proposals) child_Cfg: config for CHILD_SA (proposals, traffic selectors) a peer_cfg has one ike_cfg and multiple child_cfg's stroke now uses fixed count of threads
* fixed deferred CHILD_SA rekeying while IKE_SA rekeying in progressMartin Willi2007-03-271-1/+4
|
* merged tasking branch into trunkMartin Willi2007-02-281-103/+126
|
* implemented reauthentication using the new reauth=yes|no parameter Martin Willi2006-12-191-1/+13
|
* better split up of library files "types.h" & "definitions.h"Martin Willi2006-10-311-3/+1
| | | | | | | | | centralized all printf specifier character definitions reuse of arginfo handlers more cleanups fixed more AMD64 issues added DEBUG_LEVEL compile flag to exclude DBGn() statements
* moved typedefs to beginning of files to solve some include problemsMartin Willi2006-10-301-14/+10
| | | | | | | splitted authenticator to have a separate implementation for each auth_method_t using va_copy to clone va_lists, should fix proplems on AMD64 some other cleanups
* introduced new logging subsystem using bus:Martin Willi2006-10-181-18/+4
| | | | | | | passive listeners can register on the bus active listeners wait for signals actively multiplexing allows multiple listeners to receive debug signals a lot more...
* fixed retransmission policy for responderMartin Willi2006-09-251-3/+3
|
* fixed dpd for responderMartin Willi2006-09-251-0/+8
|
* implement proper handling of most simultaneous IKE_SA rekeying casesMartin Willi2006-08-231-22/+56
|
* implemented IKE_SA rekeyingMartin Willi2006-07-271-8/+63
| | | | | | uses ikelifetime, rekeymargin and rekeyfuzz config settings no handling of simultaneus exchanges yet!
* added possibility to route CHILD_SAs, without to set them upMartin Willi2006-07-211-5/+25
| | | | | | | support for auto=route parameter support for ipsec route and ipsec unroute initiating of CHILD and/or IKE_SAs based on kernel acquires
* introduced refcounting on policy and connectionsMartin Willi2006-07-201-34/+97
| | | | | | | | | aren't stored in the IKE_SA anymore, they are queried on the fly are immutable now, allows it to share them policy selection based on traffic selectors, leads to valid lookup results rekeying queries the policy based on its traffic selectors
* added CHILD_SA states, which allows us to detect further simultaneous ↵Martin Willi2006-07-131-4/+12
| | | | | | | transactions reimplemented the buggy message id handling
* updated some inline docsMartin Willi2006-07-121-1/+33
|
* updated copyright informationMartin Willi2006-07-071-1/+2
|
* reimplemented CHILD_SA rekeying & deleteMartin Willi2006-07-071-50/+56
| | | | | no simultanous transaction with CHILD_SAs yet!
* redesigned IKE_SA using a transaction mechanism:Martin Willi2006-07-051-426/+190
| | | | | | | | | | | | removed old state machine reimplemented IKE_SA setup and delete implemented dead peer detection implemented keep-alives a lot of fixes no rekeying yet
* support of cert payloadsAndreas Steffen2006-07-031-1/+8
|
* applied new changes from NATT teamMartin Willi2006-06-231-4/+12
| | | | | DPD only done when no IPsec and IKE traffic processed minor changes here and there
* first merge of NATT codeMartin Willi2006-06-221-0/+97
|
* old child_sa gets deleted after rekeyingMartin Willi2006-06-091-0/+18
| | | | | | rekeying almost complete, but: IKE_SA get in an invalid state when both initiate rekeying at the same time,
* further work for rekeying:Martin Willi2006-06-071-0/+28
| | | | | | | | | get liftimes from policy added new state initiation of rekeying done proposal redone: removed support for AH+ESP proposals
* job management:Martin Willi2006-05-311-1/+14
| | | | | | | | | | | | | moved job code from thread_pool to job, jobs have an "execute" method now added two new jobs: delete_child_sa & rekey_child_sa kernel interface: listens now for ACQUIRE & EXPIRE supports hard and soft lifetimes fires jobs for delete and rekey child sa ike sa manager: can checkout IKE SAs by requid of owned CHILD SAs we have now the infrastructure to do the rekeying... :-)
* - reimplemented proper IKE SA deletion using a seperate state,Martin Willi2006-05-231-11/+18
| | | | | should conform now to IKEv2
* - applied patch from the NAT-T team fixing several typosMartin Willi2006-05-191-1/+1
|
* (no commit message)Martin Willi2006-05-101-0/+462
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-01 09:07:44 +0000