aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
* moved CHILD_SA key derivation to keymat_tMartin Willi2008-10-296-403/+411
| | | | passing key chunks to CHILD_SA, not the PRF
* do not store DH redundant in keymatMartin Willi2008-10-293-52/+30
|
* moved key derivation and management into keymat objectMartin Willi2008-10-2811-579/+737
| | | | | | allows secured implementation of key management (e.g. in kernel or HW) only IKE keys for now
* store IKE proposal implicitly during derive_keysMartin Willi2008-10-283-44/+13
|
* use more generic stats getter, introducing new statsMartin Willi2008-10-273-77/+54
|
* fixed some compiler warningsMartin Willi2008-10-271-2/+0
|
* additional getters for ipcomp and UDP encapMartin Willi2008-10-242-0/+32
|
* more CHILD_SA refactoringsMartin Willi2008-10-243-123/+127
|
* fixed enumeration of CHILD_SA traffic selectorsMartin Willi2008-10-211-24/+25
|
* reset threads IKE_SA after checking other IKE_SAsMartin Willi2008-10-203-0/+14
| | | | invoke updown script only if we have valid IKE_SA
* re-established all previous AUD level messagesAndreas Steffen2008-10-173-6/+7
|
* moved updown script invocation to an optional pluginMartin Willi2008-10-166-243/+43
|
* cache keys for in and outbound ESP SAsMartin Willi2008-10-152-191/+236
| | | | | removed redundant storing of traffic selectors in CHILD_SA (sa_policy_t) creating TS pairs dynamically using create_policy_enumerator()
* store ESP keys in CHILD_SAMartin Willi2008-10-152-36/+47
|
* passing chunks, not prf+, to kernel interfaceMartin Willi2008-10-142-28/+117
| | | | gives us better control of keymat in CHILD_SA
* typosTobias Brunner2008-10-141-6/+6
|
* reintegrated bus-refactoring branchMartin Willi2008-10-1414-236/+210
|
* reintegrated two-sim branch providing SIM card plugin APIMartin Willi2008-10-102-0/+261
|
* fixed MOBIKE roaming if clients address changesMartin Willi2008-10-092-5/+20
|
* mobike: try to keep existing source address before switching to anotherMartin Willi2008-10-083-18/+17
|
* userland support to process notifies for new NAT mappings detected in UDP ↵Martin Willi2008-10-071-6/+4
| | | | encapsulation
* use MOBIKE enabled DPD if we are NATedMartin Willi2008-10-066-4/+113
| | | | update SAs if we detect changes in NAT mappings
* do not run CHILD_SA delete action if rekeyingMartin Willi2008-10-031-1/+13
|
* also respect the mobike=no setting as responderMartin Willi2008-09-301-2/+13
|
* merging renaming of mode_t to ipsec_mode_t back to trunkTobias Brunner2008-09-253-15/+15
|
* merging modularized kernel interface back to trunkTobias Brunner2008-09-253-15/+15
|
* time values in strongswan.conf can be optionally specified in days (d), ↵Andreas Steffen2008-09-041-1/+1
| | | | hours (h), minutes (m), or seconds (s)
* charon.keep_alive = 0 disables the sending of NAT keep alivesAndreas Steffen2008-09-031-1/+1
|
* configure NAT keep alive interval using the charon.keep_alive keyAndreas Steffen2008-09-031-2/+9
|
* handle INFORMATIONAL exchanges with NATD payloads in mobike taskMartin Willi2008-09-021-0/+2
|
* cosmeticsAndreas Steffen2008-08-261-1/+1
|
* completed support of AUTHZ_CA_CERT and AUTHZ_CA_CERT_NAME attributesAndreas Steffen2008-08-261-7/+24
|
* ported parts of two-sim branchMartin Willi2008-08-229-80/+326
| | | | | | eap_identity parameter to exchange in eap_identity some auth_info/peer_cfg refactorings fixed some bugs, introduced new ones
* a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAMMartin Willi2008-08-212-6/+6
|
* corrected typoAndreas Steffen2008-08-111-1/+1
|
* initiator sends contents of rightca= if present as a certificate request ↵Andreas Steffen2008-08-051-9/+15
| | | | without searching for further CA certificates
* using a entry cache for duplicate checks, avoids deadlocksMartin Willi2008-07-301-4/+37
|
* demoted IKE state change output to debug level 2Andreas Steffen2008-07-281-1/+1
|
* ignore AUTH_LIFETIME value if reauthentication has already been scheduled ↵Andreas Steffen2008-07-281-8/+13
| | | | earlier
* completed IKE_SA logging at the AUDIT levelAndreas Steffen2008-07-233-8/+43
|
* IKE_SA rekeying inherits other_host from old IKE_SAAndreas Steffen2008-07-231-0/+3
|
* cosmeticsAndreas Steffen2008-07-231-1/+1
|
* some more changes to IKE_SA and CHILD_SA loggingAndreas Steffen2008-07-226-22/+46
|
* cosmeticsAndreas Steffen2008-07-221-1/+1
|
* ipsec status lists IPCOMP CPIsAndreas Steffen2008-07-223-6/+31
|
* own CPI was not deleted due to copy-and-paste errorAndreas Steffen2008-07-221-1/+1
|
* consistent logging of SPIs and CPIsAndreas Steffen2008-07-221-2/+2
|
* consistent logging of IKE and CHILD SAsAndreas Steffen2008-07-214-23/+39
|
* introduced an additional bus->signal parameter for signal specific dataMartin Willi2008-07-188-94/+100
| | | | added SIG_IKE/SIG_CHD macros for signal emitting
* fixed potential segfault in resolve_hostsMartin Willi2008-07-171-1/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 09:34:32 +0000