aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
* wait until all IKE_SAs are in-house before destroying themMartin Willi2008-12-121-1/+1
|
* fixing checkout of IKE SAs with only the initiator SPITobias Brunner2008-12-101-1/+2
|
* increasing the performance of checkout_duplicate by using a hash table.Tobias Brunner2008-12-101-66/+244
|
* purge auth_info when IKE_SA is established, releases cert memoryMartin Willi2008-12-091-0/+6
|
* limit number of ADDITIONAL_IPV*_ADDR notifiesMartin Willi2008-12-091-4/+9
|
* pass identity to release_address(), allows providers to do a lookup by idMartin Willi2008-12-051-1/+1
|
* reset pointer for a clean destructionMartin Willi2008-12-041-0/+1
|
* some task queueing improvements:Martin Willi2008-12-018-63/+186
| | | | | | | | - do not pass CHILD_SAs to task constructor, might not be valid anymore during execution (late lookup) - use sub-tasks to delete CHILD/IKE_SA after rekeying, as we want to execute the delete before additional queued tasks
* schedule rekeying when activating passive IKE_SAsMartin Willi2008-11-281-1/+2
|
* added a PASSIVE IKE_SA state to manage it externallyMartin Willi2008-11-282-4/+25
|
* pass SKd to derive_ike_keys() to have a more interoperable APIMartin Willi2008-11-283-38/+93
|
* checkin of non-existing IKE_SAsMartin Willi2008-11-262-58/+44
| | | | removed unneeded checkin() return values
* performance optimization for the DOS protection.Tobias Brunner2008-11-252-24/+211
| | | | | | * half-open SAs per peer are tracked in a hash table * charon.dos_protection setting replaced with charon.cookie_threshold and charon.block_threshold * chunk_hash function added
* fixed crash due to missing function call parameterAndreas Steffen2008-11-251-1/+13
|
* fixed set_message_id() on IKE_SAMartin Willi2008-11-242-129/+132
| | | | | added missing bus->message() hook invocation whitespace cleanups
* set message IDs on IKE_SAsMartin Willi2008-11-244-9/+47
|
* optimized ike_sa_manager for concurrent access (default behavior is still as ↵Tobias Brunner2008-11-201-217/+493
| | | | before, needs configuration in strongswan.conf).
* refactored and cleaned up child_sa interfaceMartin Willi2008-11-195-443/+389
| | | | | | | replaced add/update calls by a install() call allocating SPIs always externally support installation of non-allocated CHILD_SAs some other cleanups
* setting default port of own address to have a proper fallback if src addr ↵Martin Willi2008-11-181-0/+1
| | | | lookup fails
* fixed virtual IP re-installation failure in MOBIKE scenarios introduced with ↵Andreas Steffen2008-11-171-13/+19
| | | | changeset 4662
* completed migration of MIPv6 connectionsAndreas Steffen2008-11-161-31/+40
|
* fallback to reauthentication if peer does not support CHILD_SA rekeyingMartin Willi2008-11-142-2/+27
|
* fall back to reauthentication if IKE rekeying fails with NO_ADDITIONAL_SASMartin Willi2008-11-141-1/+27
|
* reset IKE_SA on bus during child_sa destructionMartin Willi2008-11-141-0/+2
|
* BEET mode might want forwarding policiesMartin Willi2008-11-121-11/+11
|
* removed some obsolete includesMartin Willi2008-11-121-11/+0
|
* moved ike_initiator flag to IKE_SAs condition bitfieldMartin Willi2008-11-123-30/+12
|
* ported some hard-to-merge cherries back to trunk :-/Martin Willi2008-11-121-11/+9
| | | | | shame, svn, shame: this was ways to complicated we should consider a switch to git...
* fixing keylength bug at the right place:Martin Willi2008-11-121-1/+1
| | | | we usually don't touch output parameters if operations fails
* fixed compiler warnings issued by:Martin Willi2008-11-111-2/+2
| | | | | | gcc 4.3 curl.h gcc type-checking glibc with enabled FORTIFY_SOURCE checking
* fixing mediation extensionTobias Brunner2008-11-111-4/+8
|
* some typosTobias Brunner2008-11-111-3/+3
|
* merging kernel_klips plugin back into trunkTobias Brunner2008-11-116-84/+106
|
* deleted obsolete parameter descriptionsAndreas Steffen2008-11-111-2/+0
|
* preliminary support of Mobile IPv6Andreas Steffen2008-11-115-105/+248
|
* replaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variantMartin Willi2008-11-054-102/+103
|
* got rid of deprecated create_iterator_locked()Martin Willi2008-11-053-0/+4
|
* %any is IP family neutralAndreas Steffen2008-11-051-2/+2
|
* corrected typo2Andreas Steffen2008-11-051-2/+2
|
* replace tab by spacesAndreas Steffen2008-11-031-2/+3
|
* corrected captionsAndreas Steffen2008-11-021-1/+1
|
* added hooks for IKE and CHILD keymatMartin Willi2008-10-306-37/+61
|
* store plain skd, not the prfMartin Willi2008-10-302-23/+19
|
* moved CHILD_SA key derivation to keymat_tMartin Willi2008-10-296-403/+411
| | | | passing key chunks to CHILD_SA, not the PRF
* do not store DH redundant in keymatMartin Willi2008-10-293-52/+30
|
* moved key derivation and management into keymat objectMartin Willi2008-10-2811-579/+737
| | | | | | allows secured implementation of key management (e.g. in kernel or HW) only IKE keys for now
* store IKE proposal implicitly during derive_keysMartin Willi2008-10-283-44/+13
|
* use more generic stats getter, introducing new statsMartin Willi2008-10-273-77/+54
|
* fixed some compiler warningsMartin Willi2008-10-271-2/+0
|
* additional getters for ipcomp and UDP encapMartin Willi2008-10-242-0/+32
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 21:38:29 +0000