aboutsummaryrefslogtreecommitdiffstats
path: root/src/frontends/android/jni/libandroidbridge
Commit message (Collapse)AuthorAgeFilesLines
* libipsec: Pass separate inbound/update flags to the IPsec SA managerMartin Willi2015-03-091-2/+3
| | | | | Similar to other kernel interfaces, the libipsec backends uses the flag for different purposes, and therefore should get separate flags.
* attribute-handler: Pass full IKE_SA to handler backendsMartin Willi2015-02-201-4/+3
|
* attributes: Move the configuration attributes framework to libcharonMartin Willi2015-02-201-4/+4
|
* ike: Consistently log CHILD_SAs with their unique_id instead of their reqidMartin Willi2015-02-201-1/+1
|
* ike-sa-manager: Remove IKE_SA checkout by CHILD_SA reqidMartin Willi2015-02-201-2/+1
|
* kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqidMartin Willi2015-02-201-3/+3
|
* kernel-interface: Pass full list of traffic selectors to add_sa()Martin Willi2015-02-201-1/+1
| | | | | | While we can handle the first selector only in BEET mode in kernel-netlink, passing the full list gives the backend more flexibility how to handle this information.
* libipsec: Remove unused src/dst_ts parameters from ipsec_sa_mgr_t.add_sa()Martin Willi2015-02-201-2/+1
|
* kernel-interface: Remove reqid parameter from get_spi/get_cpi() methodsMartin Willi2015-02-201-2/+2
| | | | | | | | | | The reqid is not strictly required, as we set the reqid with the update call when installing the negotiated SA. If we don't need a reqid at this stage, we can later allocate the reqid in the kernel backend once the SA parameters have been fully negotaited. This allows us to assign the same reqid for the same selectors to avoid conflicts on backends this is necessary.
* libipsec: Remove unused reqid parameter from ipsec_sa_mgr_t.get_spi()Martin Willi2015-02-191-1/+1
|
* android: Increase fragment sizeTobias Brunner2014-11-061-0/+3
| | | | We use the same value we use as MTU on TUN devices.
* android: Enable IKEv2 fragmentationTobias Brunner2014-11-061-1/+1
|
* android: Use %any as AAA identity, but disable EAP-only authenticationTobias Brunner2014-11-061-5/+3
| | | | | | | Without verification of the identity we can't prevent a malicious user with a valid certificate from impersonating the AAA server and thus the VPN gateway. So unless we make the AAA identity configurable we have to prevent EAP-only authentication.
* android: Add support for signature schemes used by EAP-TLSTobias Brunner2014-11-061-19/+34
|
* android: Allow enumeration of untrusted certificatesTobias Brunner2014-11-061-1/+1
|
* android: Handle EAP-TLS in Android serviceTobias Brunner2014-11-061-6/+19
|
* android: Fix PA-TNC construction based on data passed via JNITobias Brunner2014-10-151-3/+2
|
* android: Implement get_contracts() method in IMC state objectTobias Brunner2014-10-141-0/+14
|
* android: Update receive_message() to new imc_msg_t.receive() signatureTobias Brunner2014-10-131-2/+4
|
* android: Remove references to libptsTobias Brunner2014-10-132-6/+1
|
* plugin-loader: Support a reload() callback for static featuresMartin Willi2014-09-221-2/+2
|
* android: Reduce CHILD_SA lifetimeTobias Brunner2014-09-121-2/+2
|
* android: Add DH groups to ESP proposalsTobias Brunner2014-09-121-2/+12
|
* android: Reestablish IKE_SA if CHILD_SA rekeying failedTobias Brunner2014-09-121-3/+36
|
* android: Report error if CHILD_SA rekeying failsTobias Brunner2014-09-121-0/+6
|
* android: Add support for querying use stats of a CHILD_SATobias Brunner2014-09-091-1/+2
|
* dns-proxy: Don't use proxy socket if we fail to bypass itTobias Brunner2014-07-301-0/+2
| | | | | | | | | This will result in an infinite loop as packets sent over that socket will again pass through the TUN device and the DNS proxy. Apparently, bypassing fails when airplane mode is enabled. Fixes #662.
* android: For keyingtries > 0 notify the GUI if the limit is reached when ↵Tobias Brunner2014-07-221-0/+17
| | | | | | | | | | reestablishing The IKE_SA is destroyed anyway, so letting the GUI remain in "connecting" state would be incorrect. We still use keyingtries=0 for now, though. And we still abort after the first failed attempt initially, in case there is a configuration error.
* android: Terminate IKE_SA if initial IKE_SA_INIT failsTobias Brunner2014-07-221-1/+23
| | | | | | | | | | Since VpnStateService.disconnect() is now not called until the error dialog is dismissed the daemon would continue to try connecting. So while the error dialog is shown the connection might actually be successfully established in the background, which is not intended. This way the IKE_SA is destroyed right after sending the IKE_SA_INIT of the second connection attempt (due to keyingtries=0).
* android: Only allow DNS queries for the configured hostnameTobias Brunner2014-07-221-0/+2
|
* android: Add optional filter functionality to DNS proxyTobias Brunner2014-07-222-3/+119
| | | | | If specified only queries for a list of allowed host names will be proxied.
* android: Recreate the TUN device without DNS when reestablishing IKE_SAsTobias Brunner2014-07-221-0/+38
| | | | | This enables DNS resolution while reestablishing if the VPN gateway pushed DNS servers to the client that are only reachable via VPN.
* android: Add method to BuilderAdapter to re-establish without DNS-related dataTobias Brunner2014-07-222-5/+27
| | | | | | Non-DNS data is cached in the BuilderAdapter so the TUN device can be recreated easily (since the CHILD_SA is gone we couldn't actually gather that information).
* android: Use DNS proxy when reestablishing IKE_SAsTobias Brunner2014-07-221-4/+44
|
* bus: Add ike_reestablish_pre hook, called before DNS resolutionTobias Brunner2014-07-221-4/+5
| | | | | The old hook is renamed to ike_reestablish_post and is now also called when the initiation of the new IKE_SA failed.
* android: Add DNS proxy implementationTobias Brunner2014-07-223-0/+388
| | | | | | | This class proxies DNS requests over VPN-protected UDP sockets. It is not really Android specific and might be useful for kernel-libipsec or libipsec in general too, so we could maybe move it later to libipsec (might need some portability work).
* android: Set CHILD_STATE_DOWN when the IKE_SA gets reestablishedTobias Brunner2014-07-221-1/+7
|
* android: Set CHILD_STATE_DOWN whenever the CHILD_SA goes downTobias Brunner2014-07-221-6/+0
| | | | | | No matter what triggers it. We also don't close the TUN device, but we might handle that differently in the future to allow reestablishing the IKE_SA if host names have to be re-resolved via DNS.
* android: Add support for ECDSA private keysTobias Brunner2014-07-221-24/+99
| | | | With 4.4.4 these work fine now.
* android: Remove unused hash argument from getTrustedCertificates()Tobias Brunner2014-07-221-2/+2
|
* kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-171-2/+3
|
* ike: Add an additional but separate AEAD proposal to IKE config, if supportedMartin Willi2014-05-161-0/+1
|
* android: Don't limit number to packets during EAP-TTLSTobias Brunner2014-02-181-0/+2
|
* libcharon: Remove unused charon->nameTobias Brunner2014-02-121-1/+1
|
* libhydra: Remove unused hydra->daemonTobias Brunner2014-02-121-1/+1
|
* lib: Add global config namespaceTobias Brunner2014-02-121-1/+1
|
* android: Remove dependency on libvstrTobias Brunner2013-11-131-1/+0
|
* kernel: Use a time_t to report use time in query_policy()Martin Willi2013-10-111-1/+1
|
* kernel: Use a time_t to report use time in query_sa()Martin Willi2013-10-111-1/+1
|
* android: Properly handle failures while initializing charonTobias Brunner2013-09-231-6/+7
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 02:10:24 +0000