aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
Commit message (Collapse)AuthorAgeFilesLines
* eap-radius: Optionally send Class attributes in RADIUS accounting messagesTobias Brunner2017-11-021-2/+46
| | | | | | | If enabled, add the RADIUS Class attributes received in Access-Accept messages to RADIUS accounting messages as suggested by RFC 2865 section 5.25. Fixes #2451.
* Fixed some typos, courtesy of codespellTobias Brunner2017-08-071-1/+1
|
* Use standard unsigned integer typesAndreas Steffen2016-03-241-14/+14
|
* eap-radius: Use Framed-IPv6-Address attributes to send IPv6 VIPs in ↵Tobias Brunner2015-08-171-4/+2
| | | | | | | | | accounting messages This attribute is more appropriate for single IPv6 virtual IPs than the Framed-IPv6-Prefix attribute. Fixes #1001.
* eap-radius: Don't send RADIUS Accounting Start messages twiceTobias Brunner2015-08-061-0/+5
| | | | | | | | If a client does Mode Config during reauthentication the assign_vips() event might be triggered twice, we should not send another Start message in that case. Fixes #937.
* eap-radius: Change trigger for Accounting Start messages for IKEv1Tobias Brunner2015-08-061-5/+12
| | | | | | | | | | | | | | | | | | | | | Some clients won't do Mode Config or XAuth during reauthentication. Because Start messages previously were triggered by TRANSACTION exchanges none were sent for new SAs of such clients, while Stop messages were still sent for the old SAs when they were destroyed. This resulted in an incorrect state on the RADIUS server. Since 31be582399 the assign_vips() event is also triggered during reauthentication if the client does not do a Mode Config exchange. So instead of waiting for a TRANSACTION exchange we trigger the Start message when a virtual IP is assigned to a client. With this the charon.plugins.eap-radius.accounting_requires_vip option would not have any effect for IKEv1 anymore. However, it previously also only worked if the client did an XAuth exchange, which is probably rarely used without virtual IPs, so this might not be much of a regression. Fixes #937.
* eap-radius: Keep track of stats for SAs migrated during IKEv1 reauthenticationTobias Brunner2015-05-211-88/+229
|
* eap-radius: Remove cache entries for expired SAs during ike/child_rekeyTobias Brunner2015-05-211-0/+53
|
* eap-radius: Add cache for usage stats of expired/rekeyed SAsTobias Brunner2015-05-211-6/+102
| | | | | | | | | | | | | There are several situations that the previous code didn't handle that well, for example, interim updates during rekeying (until the rekeyed SA was deleted the numbers were too high, then suddenly dropped afterwards), or rekeying for IKEv1 in general because rekeyed IPsec SAs stay installed until they expire (so if they were still around when the IKE_SA was terminated, the reported numbers in the Stop message were too high). If intermediate updates are not used the cache entries for rekeyed CHILD_SA will accumulate, we can't clean them up as we don't get child_updown() events for them.
* eap-radius: Increase Acct-Session-ID string bufferMartin Willi2015-03-131-1/+1
| | | | | | | | As the startup timestamp needs 10 characters, we only have left 4 characters for the IKE_SA unique identifier. This is insufficient when having 10000 IKE_SAs or more established, resulting in non-unique session identifiers. Fixes #889.
* eap-radius: Add option to set interval for interim accounting updatesTobias Brunner2014-10-101-0/+10
| | | | | | Any interval returned by the RADIUS server in the Access-Accept message overrides the configured interval. But it might be useful if RADIUS is only used for accounting.
* eap-radius: Increase buffer for accounting attributes to maximum attribute sizeMartin Willi2014-06-251-1/+1
| | | | Fixes #624.
* eap-radius: Add option to not close IKE_SAs on timeouts during interim ↵Tobias Brunner2014-03-311-1/+6
| | | | | | accouting updates Fixes #528.
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-121-3/+3
|
* eap-radius: Increase buffer for attributes sent in RADIUS accounting messagesTobias Brunner2013-09-271-1/+1
| | | | 64 bytes might be too short for user names/identities.
* eap-radius: add an option to disable accounting for tunnels without virtual IPMartin Willi2013-05-061-0/+30
|
* eap-radius: Add an option to exclude ports from Called/Calling-Station-IdMartin Willi2013-04-101-7/+21
|
* Removed unused variable 'id'Tobias Brunner2013-03-191-2/+1
|
* Don't create interim update entries if RADIUS accounting is disabledMartin Willi2013-03-141-1/+7
|
* Add support for RADIUS Interim accounting updatesMartin Willi2013-03-141-32/+250
|
* Add an option to delete any established IKE_SA if RADIUS server is not ↵Martin Willi2013-03-141-5/+8
| | | | responding
* Send Acct-Terminate-Cause based on some alerts catched on the busMartin Willi2013-03-141-0/+62
| | | | | Currently supported are user disconnects, session timeouts and if the peer does not respond on IKE packets or DPDs.
* Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Accounting-RequestsMartin Willi2013-03-141-4/+33
|
* Support RADIUS accounting of sent/received packetsMartin Willi2013-03-141-13/+23
|
* child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-141-2/+2
| | | | packets
* Migrate RADIUS accounting state while IKE_SA unique id changes during rekeyMartin Willi2012-12-111-0/+23
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Avoid memory leak when sending RADIUS accounting start message failedTobias Brunner2012-09-281-1/+1
|
* Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radiusMartin Willi2012-09-111-2/+10
|
* Fix leak while enumerating RADIUS Framed-IPs from IKE_SAMartin Willi2012-09-111-0/+1
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-10/+19
|
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-2/+2
| | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
* Moved generic RADIUS protocol support to a dedicated libradiusMartin Willi2012-03-051-3/+4
|
* Removed libcharon dependencies from generic RADIUS protocol supportMartin Willi2012-03-051-0/+4
|
* Rename RADIUS message constructors to handle both, requests and responsesMartin Willi2012-03-051-2/+2
|
* Encode IPv6 virtual IPs in a Framed-IPv6-Prefix attributeMartin Willi2012-02-241-1/+9
|
* Refactored construction of RADIUS accounting messagesMartin Willi2012-02-241-23/+21
|
* Include port numbers in Calling-Station-Id, tooMartin Willi2012-02-241-2/+2
|
* Use large enough buffers for IPv6 addresses in Calling-Station-IdMartin Willi2012-02-241-2/+2
|
* Send client external address as Calling-Station-Id in RADIUS accountingMartin Willi2012-02-241-6/+11
|
* Update usage for all children in RADIUS accounting just before sending StopMartin Willi2012-02-061-1/+12
|
* Support RADIUS accounting messages containing Framed-IP and ↵Martin Willi2012-01-301-0/+312
Inbound/Outbound-Octets
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-31 14:20:59 +0000