aboutsummaryrefslogtreecommitdiffstats
path: root/src/frontends/android/jni
Commit message (Collapse)AuthorAgeFilesLines
* plugin-loader: Support a reload() callback for static featuresMartin Willi2014-09-221-2/+2
|
* android: Reduce CHILD_SA lifetimeTobias Brunner2014-09-121-2/+2
|
* android: Add DH groups to ESP proposalsTobias Brunner2014-09-121-2/+12
|
* android: Reestablish IKE_SA if CHILD_SA rekeying failedTobias Brunner2014-09-121-3/+36
|
* android: Report error if CHILD_SA rekeying failsTobias Brunner2014-09-121-0/+6
|
* android: Add support for querying use stats of a CHILD_SATobias Brunner2014-09-091-1/+2
|
* dns-proxy: Don't use proxy socket if we fail to bypass itTobias Brunner2014-07-301-0/+2
| | | | | | | | | This will result in an infinite loop as packets sent over that socket will again pass through the TUN device and the DNS proxy. Apparently, bypassing fails when airplane mode is enabled. Fixes #662.
* android: For keyingtries > 0 notify the GUI if the limit is reached when ↵Tobias Brunner2014-07-221-0/+17
| | | | | | | | | | reestablishing The IKE_SA is destroyed anyway, so letting the GUI remain in "connecting" state would be incorrect. We still use keyingtries=0 for now, though. And we still abort after the first failed attempt initially, in case there is a configuration error.
* android: Terminate IKE_SA if initial IKE_SA_INIT failsTobias Brunner2014-07-221-1/+23
| | | | | | | | | | Since VpnStateService.disconnect() is now not called until the error dialog is dismissed the daemon would continue to try connecting. So while the error dialog is shown the connection might actually be successfully established in the background, which is not intended. This way the IKE_SA is destroyed right after sending the IKE_SA_INIT of the second connection attempt (due to keyingtries=0).
* android: Only allow DNS queries for the configured hostnameTobias Brunner2014-07-221-0/+2
|
* android: Add optional filter functionality to DNS proxyTobias Brunner2014-07-222-3/+119
| | | | | If specified only queries for a list of allowed host names will be proxied.
* android: Recreate the TUN device without DNS when reestablishing IKE_SAsTobias Brunner2014-07-221-0/+38
| | | | | This enables DNS resolution while reestablishing if the VPN gateway pushed DNS servers to the client that are only reachable via VPN.
* android: Add method to BuilderAdapter to re-establish without DNS-related dataTobias Brunner2014-07-222-5/+27
| | | | | | Non-DNS data is cached in the BuilderAdapter so the TUN device can be recreated easily (since the CHILD_SA is gone we couldn't actually gather that information).
* android: Use DNS proxy when reestablishing IKE_SAsTobias Brunner2014-07-221-4/+44
|
* bus: Add ike_reestablish_pre hook, called before DNS resolutionTobias Brunner2014-07-221-4/+5
| | | | | The old hook is renamed to ike_reestablish_post and is now also called when the initiation of the new IKE_SA failed.
* android: Add DNS proxy implementationTobias Brunner2014-07-223-0/+388
| | | | | | | This class proxies DNS requests over VPN-protected UDP sockets. It is not really Android specific and might be useful for kernel-libipsec or libipsec in general too, so we could maybe move it later to libipsec (might need some portability work).
* android: Set CHILD_STATE_DOWN when the IKE_SA gets reestablishedTobias Brunner2014-07-221-1/+7
|
* android: Set CHILD_STATE_DOWN whenever the CHILD_SA goes downTobias Brunner2014-07-221-6/+0
| | | | | | No matter what triggers it. We also don't close the TUN device, but we might handle that differently in the future to allow reestablishing the IKE_SA if host names have to be re-resolved via DNS.
* android: Add support for ECDSA private keysTobias Brunner2014-07-221-24/+99
| | | | With 4.4.4 these work fine now.
* android: Remove unused hash argument from getTrustedCertificates()Tobias Brunner2014-07-221-2/+2
|
* android: Define HAVE_DLADDR as plugin loader checks for itTobias Brunner2014-06-241-0/+1
|
* kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-171-2/+3
|
* ike: Add an additional but separate AEAD proposal to IKE config, if supportedMartin Willi2014-05-161-0/+1
|
* android: Don't limit number to packets during EAP-TTLSTobias Brunner2014-02-181-0/+2
|
* libcharon: Remove unused charon->nameTobias Brunner2014-02-121-1/+1
|
* libhydra: Remove unused hydra->daemonTobias Brunner2014-02-121-1/+1
|
* lib: Add global config namespaceTobias Brunner2014-02-121-1/+1
|
* android: Remove dependency on libvstrTobias Brunner2013-11-135-18/+1
|
* kernel: Use a time_t to report use time in query_policy()Martin Willi2013-10-111-1/+1
|
* kernel: Use a time_t to report use time in query_sa()Martin Willi2013-10-111-1/+1
|
* android: Properly handle failures while initializing charonTobias Brunner2013-09-231-6/+7
|
* android: Fix compilation after PTS header files were movedTobias Brunner2013-09-041-4/+4
|
* ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-041-2/+2
| | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
* peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-041-1/+1
|
* android: Add device ID in BeginHandshakeTobias Brunner2013-07-081-0/+2
|
* android: Add new VpnType to enable BYOD featuresTobias Brunner2013-07-081-3/+9
|
* android: Use a different set of plugins if BYOD features are enabledTobias Brunner2013-07-083-9/+25
|
* android: Handle and store IETF remediation instructionsTobias Brunner2013-07-083-0/+59
|
* android: Add state of IMC to VpnStateService and update it via JNITobias Brunner2013-07-083-1/+74
|
* android: Handle TCG file measurement related attributes using PTSTobias Brunner2013-07-081-5/+119
|
* android: Android IMC state provides a Platform Trust Service (PTS) instanceTobias Brunner2013-07-082-0/+20
|
* android: Provide a public interface for Android IMC stateTobias Brunner2013-07-082-25/+40
|
* android: Define IMC functions static and with lower-case namesTobias Brunner2013-07-081-32/+32
|
* android: Add measurement collector for ITA SettingsTobias Brunner2013-07-081-1/+4
|
* android: Handle ITA PA-TNC attributesTobias Brunner2013-07-081-0/+18
|
* android: Overload for getMeasurement() that takes a String array as argumentTobias Brunner2013-07-081-10/+70
|
* android: Add measurement collector for Port FilterTobias Brunner2013-07-081-1/+2
| | | | This collector reports all listening TCP and UDP sockets/ports.
* android: Add a generic handler for PA-TNC attribute requestsTobias Brunner2013-07-081-62/+90
| | | | | The idea is that the Android IMC will return attributes in their binary encoding. This keeps the JNI interface to the IMC pretty simple.
* android: Added a Java part to the Android IMCTobias Brunner2013-07-082-12/+70
|
* android: Don't attempt loading IMCs from /etc/tnc_configTobias Brunner2013-07-081-0/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 00:48:34 +0000