aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon
Commit message (Collapse)AuthorAgeFilesLines
* fixed rekeying behavior when proposing an inacceptable DH group ↵4.0.3Martin Willi2006-08-232-35/+26
| | | | (INVALID_KE_PAYLOAD)
* implement proper handling of most simultaneous IKE_SA rekeying casesMartin Willi2006-08-238-57/+288
|
* implemented proper refcounting using atomic operationsMartin Willi2006-07-286-6/+15
|
* implemented IKE_SA rekeyingMartin Willi2006-07-2728-317/+1640
| | | | | | uses ikelifetime, rekeymargin and rekeyfuzz config settings no handling of simultaneus exchanges yet!
* added possibility to route CHILD_SAs, without to set them upMartin Willi2006-07-2120-135/+962
| | | | | | | support for auto=route parameter support for ipsec route and ipsec unroute initiating of CHILD and/or IKE_SAs based on kernel acquires
* reuse an existing IKE_SA to set up additional CHILD_SAsMartin Willi2006-07-2017-243/+324
|
* introduced refcounting on policy and connectionsMartin Willi2006-07-2027-894/+1055
| | | | | | | | | aren't stored in the IKE_SA anymore, they are queried on the fly are immutable now, allows it to share them policy selection based on traffic selectors, leads to valid lookup results rekeying queries the policy based on its traffic selectors
* cleanups in kernel interface codeMartin Willi2006-07-1819-528/+695
| | | | | | added proper traffic selector to string conversion some cleanups here & there
* fixed UDP decapsulation by adding inbound bypass policy for send socketMartin Willi2006-07-141-10/+17
|
* reenabled module tests for charonMartin Willi2006-07-144-25/+27
|
* fixed bug which erroneously detected KE payload when rekeyingMartin Willi2006-07-141-0/+1
|
* added IPsec bypass policy to receiving socket, allows incoming IKE traffic ↵Martin Willi2006-07-141-26/+29
| | | | on host2host tunnels when using NAT
* improved logging on verify errors for some payloadsMartin Willi2006-07-136-73/+59
| | | | | | enforcing IKE_SA shutdown, even when transactions are outstanding proper reject of CREATE_CHILD_SA message with KE payload
* fixed CREATE_CHILD_SA transaction dispatchingMartin Willi2006-07-131-37/+28
|
* added CHILD_SA states, which allows us to detect further simultaneous ↵Martin Willi2006-07-1318-132/+239
| | | | | | | transactions reimplemented the buggy message id handling
* updated some inline docsMartin Willi2006-07-124-4/+40
|
* fixed crypter/signer in/out to conform with standardMartin Willi2006-07-121-9/+9
|
* fixed payload orderMartin Willi2006-07-121-5/+4
|
* added message id loggingMartin Willi2006-07-121-2/+4
|
* added all currently known notify payload typesMartin Willi2006-07-122-1/+34
|
* added policy cache to kernel interfaceMartin Willi2006-07-127-568/+553
| | | | | | allows refcounting of multiple installed policies finally brings us stable simultaneous rekeying
* leak detective blanks memory on free & alloc, allows further membug detectionMartin Willi2006-07-121-1/+1
|
* identification_t.matches() supports multiple wildcard countsAndreas Steffen2006-07-112-31/+19
|
* further work done for simultaneous rekeying/deleteMartin Willi2006-07-1015-229/+312
| | | | | still some cases which cause trouble
* fixed compiler warnings in parser when using -O2Martin Willi2006-07-071-3/+3
|
* updated copyright informationMartin Willi2006-07-07160-170/+325
|
* reimplemented CHILD_SA rekeying & deleteMartin Willi2006-07-0721-294/+1582
| | | | | no simultanous transaction with CHILD_SAs yet!
* added support for leftprotoport and rightprotoportMartin Willi2006-07-053-11/+24
|
* improved CHILD_SA output for "ipsec statusall"Martin Willi2006-07-051-61/+106
|
* redesigned IKE_SA using a transaction mechanism:Martin Willi2006-07-0571-8081/+4767
| | | | | | | | | | | | removed old state machine reimplemented IKE_SA setup and delete implemented dead peer detection implemented keep-alives a lot of fixes no rekeying yet
* made thread ids unsigned again, to avoid negative thread ids on some systemsMartin Willi2006-07-044-4/+4
|
* fixed memleak when initiating a connection already upMartin Willi2006-07-041-0/+1
|
* applied latest NATT patch with some fixes and cleanupsMartin Willi2006-07-042-9/+16
|
* log entries start with lowcercase characterAndreas Steffen2006-07-042-25/+33
|
* fixed natd_hash memory leakAndreas Steffen2006-07-031-2/+7
|
* support of cert payloadsAndreas Steffen2006-07-0322-619/+959
|
* lowercase log entriesAndreas Steffen2006-07-031-1/+1
|
* added X.509 trust chain verificationAndreas Steffen2006-06-273-6/+265
|
* applied new changes from NATT teamMartin Willi2006-06-2317-69/+356
| | | | | DPD only done when no IPsec and IKE traffic processed minor changes here and there
* some message code cleanupsMartin Willi2006-06-233-38/+46
|
* cleaner error handling on UDP encapsultion sockopt failureMartin Willi2006-06-221-8/+7
|
* added mysterious UDP encapsulation socket option to get encapsulation workingMartin Willi2006-06-221-0/+20
|
* first merge of NATT codeMartin Willi2006-06-2243-758/+2867
|
* fixed testing build4.0.1Martin Willi2006-06-211-1/+1
|
* reworked function ignore mechanism to not-report whitelistMartin Willi2006-06-201-2/+2
| | | | rather than overriding functions
* fixed bug: usage of already freed memMartin Willi2006-06-201-1/+2
|
* readded local_credential_storeMartin Willi2006-06-2010-88/+256
| | | | | | added sendcert policy to connection some other cleanups
* implemented rereadcrls rereadcacertsAndreas Steffen2006-06-204-10/+702
|
* removed local_credential_storeAndreas Steffen2006-06-204-696/+8
|
* fixed SPI when acting as initiator of rekeyingMartin Willi2006-06-191-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 03:43:07 +0000