Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix crash if the initiator has no suitable proposal available | Tobias Brunner | 2013-06-21 | 1 | -0/+5 |
| | | | | Could be triggered with a typo in the ike or esp options when ! is used. | ||||
* | proposals: try next if IKEv2 algorithm could not be mapped to IKEv1 | Martin Willi | 2013-05-06 | 1 | -2/+4 |
| | |||||
* | Allow up to 10 NAT-D payloads in IKEv1 messages | Tobias Brunner | 2013-03-20 | 1 | -1/+1 |
| | |||||
* | added ERX_SUPPORTED IKEv2 Notify | Andreas Steffen | 2013-03-02 | 2 | -7/+11 |
| | |||||
* | Merge branch 'opaque-ports' | Martin Willi | 2013-03-01 | 1 | -1/+5 |
|\ | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends. | ||||
| * | Don't reject OPAQUE ports while verifying traffic selector substructure | Martin Willi | 2013-02-21 | 1 | -1/+5 |
| | | |||||
* | | Allow more than one CERTREQ payload for IKEv2 | Tobias Brunner | 2013-02-08 | 1 | -2/+2 |
|/ | | | | | | There is no reason not to do so (RFC 5996 explicitly mentions multiple CERTREQ payloads) and some implementations seem to use the same behavior as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload). | ||||
* | Merge branch 'ikev1-fragmentation' | Tobias Brunner | 2013-01-12 | 5 | -11/+356 |
|\ | | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS | ||||
| * | Add support to create IKE fragments | Tobias Brunner | 2012-12-24 | 2 | -0/+30 |
| | | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing. | ||||
| * | Add message rules to properly handle IKE fragments | Tobias Brunner | 2012-12-24 | 1 | -0/+8 |
| | | | | | | | | | | These are sent in unencrypted messages and are the only payload contained in such messages. | ||||
| * | Reset the encrypted flag when handling IKE messages that contain a fragment | Tobias Brunner | 2012-12-24 | 1 | -0/+6 |
| | | | | | | | | | | Racoon sets the encrypted bit for messages containing a fragment, but these messages are not really encrypted (the fragmented message is though). | ||||
| * | Payload added to handle IKE fragments | Tobias Brunner | 2012-12-24 | 4 | -11/+312 |
| | | |||||
* | | Don't use bio_writer_t.skip() to write length field when appending more data | Martin Willi | 2013-01-11 | 1 | -4/+4 |
| | | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation. | ||||
* | | IKEv1 support for PKCS#7 wrapped certificates | Volker Rümelin | 2013-01-11 | 2 | -0/+26 |
| | | |||||
* | | Fixed some typos in comments | Volker Rümelin | 2013-01-11 | 2 | -4/+4 |
|/ | |||||
* | Fixed some typos, courtesy of codespell | Tobias Brunner | 2012-12-20 | 1 | -1/+1 |
| | |||||
* | Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier | Volker Rümelin | 2012-12-19 | 8 | -54/+100 |
| | | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947. | ||||
* | Moved data structures to new collections subfolder | Tobias Brunner | 2012-10-24 | 17 | -17/+17 |
| | |||||
* | Moved packet_t and tun_device_t to networking folder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | |||||
* | Moved host_t and host_resolver_t to a new networking subfolder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | |||||
* | Increase the limit of acceptable IKEv1 CERTREQ payloads to 20 | Martin Willi | 2012-10-24 | 1 | -1/+1 |
| | |||||
* | Correctly initialize payload length of encrypted payload | Tobias Brunner | 2012-09-28 | 1 | -1/+1 |
| | |||||
* | Added method to enumerate EAP types contained in an EAP-Nak | Tobias Brunner | 2012-08-31 | 2 | -11/+79 |
| | |||||
* | Encode EAP-Naks in expanded format if we got an expanded type request | Tobias Brunner | 2012-08-31 | 2 | -2/+15 |
| | | | | | Since methods defined by the IETF (vendor ID 0) could also be encoded in expanded type format the previous check was insufficient. | ||||
* | Allow clients to request a configured EAP method via EAP-Nak | Tobias Brunner | 2012-08-31 | 2 | -2/+11 |
| | |||||
* | Send EAP-Nak with supported types if requested type is unsupported | Tobias Brunner | 2012-08-31 | 2 | -6/+71 |
| | |||||
* | Moved packet_t to libstrongswan | Tobias Brunner | 2012-08-08 | 1 | -1/+1 |
| | |||||
* | Include stdint.h for UINTxx_MAX defines | Tobias Brunner | 2012-07-27 | 1 | -2/+3 |
| | | | | Fixes #205. | ||||
* | Don't print hexdumps on loglevel 1 if hash verification fails | Martin Willi | 2012-07-20 | 1 | -3/+3 |
| | |||||
* | Cleaned up memory management and return values for encryption payload | Martin Willi | 2012-07-16 | 3 | -33/+31 |
| | |||||
* | Add a return value to keymat_v1_t.{get,update,confirm}_iv | Martin Willi | 2012-07-16 | 1 | -9/+36 |
| | |||||
* | Check rng return value when encrypting encryption payload | Tobias Brunner | 2012-07-16 | 1 | -2/+8 |
| | |||||
* | Use a bool return value in keymat_v1_t.get_hash_phase2() | Martin Willi | 2012-07-16 | 1 | -4/+2 |
| | |||||
* | Add a return value to aead_t.encrypt() | Martin Willi | 2012-07-16 | 1 | -2/+10 |
| | |||||
* | Map XAuth responder authentication methods between IKEv1 and IKEv2 | Martin Willi | 2012-06-27 | 1 | -1/+13 |
| | |||||
* | Added encapsulation mode transform attribute to IPComp proposal. | Tobias Brunner | 2012-05-25 | 3 | -5/+10 |
| | |||||
* | Add an additional proposal without IPComp to SA payload. | Tobias Brunner | 2012-05-24 | 1 | -17/+15 |
| | |||||
* | Added support for IKEv1 IPComp proposals in SA payload. | Tobias Brunner | 2012-05-24 | 2 | -8/+92 |
| | |||||
* | Added support for IKEv1 IPComp proposals in proposal substructure. | Tobias Brunner | 2012-05-24 | 2 | -9/+126 |
| | |||||
* | Properly filter IKEv1 proposals consisting of multiple proposal payloads. | Tobias Brunner | 2012-05-24 | 1 | -9/+15 |
| | | | | | | | Since a proposal_t object is created for each transform contained in the proposal payload, it does not work to simply remove the last proposal_t object added to the list (there may be several other extracted from the previous proposal payload). | ||||
* | fixed mapping of IKEv1 algorithms | Andreas Steffen | 2012-05-05 | 1 | -29/+184 |
| | |||||
* | inserted space | Andreas Steffen | 2012-05-05 | 5 | -1/+1 |
| | |||||
* | Merge branch 'ikev1' | Martin Willi | 2012-05-02 | 54 | -1608/+4673 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c | ||||
| * | Merge branch 'ikev1-clean' into ikev1-master | Martin Willi | 2012-03-20 | 54 | -1604/+4673 |
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins. | ||||
| | * | Store the major IKE version on ike_sa_id_t. | Tobias Brunner | 2012-03-20 | 1 | -0/+1 |
| | | | |||||
| | * | Parse IKEv1 Cisco Load Balancing notify (can't act on it yet). | Tobias Brunner | 2012-03-20 | 2 | -2/+8 |
| | | | |||||
| | * | Fixed transform numbering in IKEv1 proposal. | Tobias Brunner | 2012-03-20 | 1 | -0/+1 |
| | | | |||||
| | * | Fix mapping of IKEv1 encapsulation mode | Martin Willi | 2012-03-20 | 1 | -1/+1 |
| | | | |||||
| | * | Support encoding of IKEv1 ECDSA proposals | Martin Willi | 2012-03-20 | 1 | -6/+16 |
| | | | |||||
| | * | Renamed CONFIGURATION_ATTRIBUTE_LENGTH to streamline it with other ATTRIBUTE ↵ | Martin Willi | 2012-03-20 | 5 | -10/+10 |
| | | | | | | | | | | | | rules |