| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | linked-list: Change return value of find_first() and signature of its callback | Tobias Brunner | 2017-05-26 | 1 | -3/+6 |
| | | | | | This avoids the unportable five pointer hack. | ||||
| * | child-cfg: Use flags for boolean options | Tobias Brunner | 2017-05-23 | 1 | -73/+18 |
| | | | | | Makes it potentially easier to add new flags. | ||||
| * | child-cfg: Always apply hosts to traffic selectors if proposing transport mode | Tobias Brunner | 2017-02-27 | 1 | -14/+19 |
| | | | | | | | | | | | | | | | Usually, %dynamic is used as traffic selector for transport mode SAs, however, if wildcard traps are used then the remote TS will be a subnet. With strongSwan at the remote end that usually works fine as the local %dynamic TS narrows the proposed TS appropriately. But some implementations reject non-host TS for transport mode SAs. Another problem could be if several distinct subnets are configured for a wildcard trap, as we'd then propose unrelated subnets on that transport mode SA, which might be problematic even for strongSwan (switch to tunnel mode and duplicate policies). Closes strongswan/strongswan#61. | ||||
| * | proposal: Copy SPI and proposal number from correct proposal in select() | Tobias Brunner | 2017-02-06 | 1 | -1/+1 |
| | | | | | | | | | If charon.prefer_configured_proposals is disabled select() is called on the received proposal. This incorrectly set the SPI to 0 as the configured proposal has no SPI set. Fixes #2190. | ||||
| * | child-cfg: Add setting that controls whether outbound FWD policies are installed | Tobias Brunner | 2016-09-28 | 1 | -0/+14 |
| | | |||||
| * | child-cfg: Add option to prefer supplied proposals over locally configured ones | Tobias Brunner | 2016-06-17 | 1 | -17/+30 |
| | | |||||
| * | vici list-conns sends reauthentication and rekeying time information | Andreas Steffen | 2016-05-04 | 1 | -1/+5 |
| | | |||||
| * | Implemented IPsec policies restricted to given network interface | Andreas Steffen | 2016-04-09 | 1 | -6/+18 |
| | | |||||
| * | Support manually-set IPsec policy priorities | Andreas Steffen | 2016-04-09 | 1 | -0/+15 |
| | | |||||
| * | child-cfg: Use struct to pass data to constructor | Tobias Brunner | 2016-04-09 | 1 | -39/+19 |
| | | |||||
| * | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -13/+13 |
| | | |||||
| * | child-cfg: Add equals() method | Tobias Brunner | 2016-03-08 | 1 | -1/+53 |
| | | |||||
| * | child-cfg: Ignore duplicate proposals | Tobias Brunner | 2014-09-12 | 1 | -0/+11 |
| | | | | | | If ESP proposals are added once with and once without DH groups duplicates result during IKE_AUTH when DH groups are stripped. | ||||
| * | child-cfg: Store connection specific replay window on CHILD_SA config | Martin Willi | 2014-06-17 | 1 | -0/+24 |
| | | |||||
| * | child-cfg: Allow passing NULL as proposal to add_proposal() | Martin Willi | 2014-05-16 | 1 | -1/+4 |
| | | | | | Making the API consistent to the one of ike_cfg. | ||||
| * | child-cfg: Fix removal of redundant traffic selectors | Tobias Brunner | 2014-04-25 | 1 | -1/+1 |
| | | | | | | | | We have to make sure we compare every selected traffic selector with every other in the list. Fixes #577. | ||||
| * | Raise an alert if the responding peer narrowed traffic selectors | Martin Willi | 2013-06-19 | 1 | -7/+24 |
| | | |||||
| * | proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all | Tobias Brunner | 2012-10-24 | 1 | -2/+2 |
| | | |||||
| * | Make sure we propose a dynamic TS if we don't have hosts to derive a TS from | Tobias Brunner | 2012-09-21 | 1 | -10/+8 |
| | | | | | 7ee37114 removed this behavior. | ||||
| * | Derive a dynamic TS to multiple virtual IPs | Martin Willi | 2012-09-18 | 1 | -36/+43 |
| | | |||||
| * | Ensure traffic selectors are dynamic before calling set_address() when ↵ | Tobias Brunner | 2012-09-12 | 1 | -2/+2 |
| | | | | | deriving them | ||||
| * | Log configured CHILD_SA proposals as initiator | Tobias Brunner | 2012-08-24 | 1 | -0/+2 |
| | | |||||
| * | Added a null-safe strdup variant | Martin Willi | 2011-01-05 | 1 | -1/+1 |
| | | |||||
| * | Added a TFC padding option to child_cfg | Martin Willi | 2010-12-20 | 1 | -1/+15 |
| | | |||||
| * | start and route connections defined in an SQL database via start_action ↵ | Andreas Steffen | 2010-11-28 | 1 | -3/+15 |
| | | | | | field and ipsec up %startall command | ||||
| * | Migrated child_cfg_t to INIT/METHOD macros | Andreas Steffen | 2010-11-26 | 1 | -145/+89 |
| | | |||||
| * | Moved ipsec_transform_t to kernel_ipsec.h in libhydra. | Tobias Brunner | 2010-09-02 | 1 | -9/+0 |
| | | | | | | Because of this libfreeswan, pluto, starter etc. now depend on that file (and libhydra). This resolved some duplicate declarations. | ||||
| * | configuration of different marks for inbound and outbound direction | Andreas Steffen | 2010-07-09 | 1 | -7/+12 |
| | | |||||
| * | support of xfrm marks for IKEv2 | Andreas Steffen | 2010-07-02 | 1 | -2/+36 |
| | | |||||
| * | Explicitly include stdint.h for UINT64_MAX. | Tobias Brunner | 2010-06-15 | 1 | -0/+2 |
| | | | | | This is required on FreeBSD 8. | ||||
| * | Add reqid field and getter function to child_cfg_t. | Reto Buerki | 2010-05-04 | 1 | -1/+16 |
| | | |||||
| * | Moving charon to libcharon. | Tobias Brunner | 2010-03-19 | 1 | -0/+552 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |