aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/stroke
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'ike-dscp'Martin Willi2013-02-141-1/+2
|\
| * Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-061-1/+1
| |
| * Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-1/+2
| |
* | Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
|/ | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
|
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-121-1/+2
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-1/+2
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-111-1/+1
|/
* Moved data structures to new collections subfolderTobias Brunner2012-10-247-7/+7
|
* Make use of new CIDR string ts constructor where appropriateMartin Willi2012-10-241-26/+11
|
* Use explicit, larger buffer sizes for smartcard keyids and modulesMartin Willi2012-10-241-8/+8
|
* Support loading cacert certificates in ipsec.conf ca sections from smartcardMartin Willi2012-10-241-19/+37
|
* Refactored stroke smartcard token parsing, support module and slot in ↵Martin Willi2012-10-241-62/+101
| | | | leftcert option
* Load ipsec.conf %smartcard leftcerts with pkcs11 builderMartin Willi2012-10-241-8/+20
|
* Add a "ipsec listcounters" command to strokeMartin Willi2012-10-242-0/+6
|
* Add a print method for stroke countersMartin Willi2012-10-242-0/+29
|
* Add stroke message type countersMartin Willi2012-10-241-0/+75
|
* Add stroke counters for invalid IKE messagesMartin Willi2012-10-241-0/+27
|
* Add stroke CHILD_SA rekeying counterMartin Willi2012-10-241-0/+12
|
* Add stroke IKE rekey countersMartin Willi2012-10-241-0/+26
|
* Define stroke counter types to implementMartin Willi2012-10-242-0/+86
|
* Add a stub for IKE event counters in strokeMartin Willi2012-10-244-0/+112
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-241-2/+1
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-241-1/+2
|
* Reload logger configuration on SIGHUPTobias Brunner2012-10-181-18/+1
| | | | | | Besides changing the configuration this allows to easily rotate log files. Also moved logger initialization back to daemon_t.
* Fix leak of PINs from ipsec.secretsMartin Willi2012-10-091-1/+2
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-1/+1
|
* Made IP address enumeration more flexibleTobias Brunner2012-09-211-1/+1
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-211-15/+7
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-211-1/+1
|
* Make stroke user-creds work with XAuth configsTobias Brunner2012-09-181-9/+18
|
* Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>Tobias Brunner2012-09-181-0/+10
|
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-111-7/+31
|
* Pass full pool list to release_addressMartin Willi2012-09-111-4/+16
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-4/+16
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-0/+3
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Print the name of mem pools instead of the confusing <base>/<size>Tobias Brunner2012-09-101-2/+4
|
* Merge branch 'multi-vip'Martin Willi2012-08-319-115/+664
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-301-2/+2
| |
| * Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-302-2/+3
| |
| * Support multiple addresses/pools in left/rightsourceipMartin Willi2012-08-305-100/+189
| |
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-2/+8
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-302-22/+33
| |
| * Add a stroke attribute_handler requesting DNS servers given with leftdnsMartin Willi2012-08-214-0/+307
| |
| * Serve ipsec.conf rightdns servers through stroke attribute providerMartin Willi2012-08-211-10/+143
| |
| * Add a left/rightdns keyword to configure connection specific DNS attributesMartin Willi2012-08-211-0/+2
| |
* | Use eap_vendor_type_from_string() in strokeTobias Brunner2012-08-311-38/+7
|/
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-1/+2
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-1/+4
| | | | configurable.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 03:43:24 +0000