aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/stroke
Commit message (Collapse)AuthorAgeFilesLines
...
| * child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-141-3/+2
| | | | | | | | packets
* | Merge branch 'stroke-counters'Martin Willi2013-03-183-11/+185
|\ \ | | | | | | | | | | | | Extend stroke counters functionality by connection specific counters, and a resetcounters command to reset the global or connection counters.
| * | Add a "resetcounters" command to ipsec, clearing global or connection countersMartin Willi2013-03-153-1/+38
| | |
| * | Add connection name specific stroke countersMartin Willi2013-03-153-11/+148
| | |
* | | Merge branch 'stroke-timeout'Martin Willi2013-03-181-18/+82
|\ \ \ | |_|/ |/| | | | | Add a strongswan.conf timeout option for stroke control commands.
| * | Add a stroke command timeout option, and report status of completed commandMartin Willi2013-03-071-18/+82
| |/
* | Merge branch 'multi-cert'Martin Willi2013-03-011-15/+32
|\ \ | | | | | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * | Load multiple comma seperarated certificates in the leftcert optionMartin Willi2013-01-181-15/+32
| | |
* | | Merge branch 'opaque-ports'Martin Willi2013-03-011-4/+4
|\ \ \ | | | | | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-211-14/+4
| | | |
| * | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-211-5/+15
| | |/ | |/|
* | | Merge branch 'ike-dscp'Martin Willi2013-02-141-1/+2
|\ \ \
| * | | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-061-1/+1
| | | |
| * | | Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-1/+2
| |/ /
* / / Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
|/ / | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* / Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
|/
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-121-1/+2
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-1/+2
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-111-1/+1
|/
* Moved data structures to new collections subfolderTobias Brunner2012-10-247-7/+7
|
* Make use of new CIDR string ts constructor where appropriateMartin Willi2012-10-241-26/+11
|
* Use explicit, larger buffer sizes for smartcard keyids and modulesMartin Willi2012-10-241-8/+8
|
* Support loading cacert certificates in ipsec.conf ca sections from smartcardMartin Willi2012-10-241-19/+37
|
* Refactored stroke smartcard token parsing, support module and slot in ↵Martin Willi2012-10-241-62/+101
| | | | leftcert option
* Load ipsec.conf %smartcard leftcerts with pkcs11 builderMartin Willi2012-10-241-8/+20
|
* Add a "ipsec listcounters" command to strokeMartin Willi2012-10-242-0/+6
|
* Add a print method for stroke countersMartin Willi2012-10-242-0/+29
|
* Add stroke message type countersMartin Willi2012-10-241-0/+75
|
* Add stroke counters for invalid IKE messagesMartin Willi2012-10-241-0/+27
|
* Add stroke CHILD_SA rekeying counterMartin Willi2012-10-241-0/+12
|
* Add stroke IKE rekey countersMartin Willi2012-10-241-0/+26
|
* Define stroke counter types to implementMartin Willi2012-10-242-0/+86
|
* Add a stub for IKE event counters in strokeMartin Willi2012-10-244-0/+112
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-241-2/+1
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-241-1/+2
|
* Reload logger configuration on SIGHUPTobias Brunner2012-10-181-18/+1
| | | | | | Besides changing the configuration this allows to easily rotate log files. Also moved logger initialization back to daemon_t.
* Fix leak of PINs from ipsec.secretsMartin Willi2012-10-091-1/+2
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-1/+1
|
* Made IP address enumeration more flexibleTobias Brunner2012-09-211-1/+1
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-211-15/+7
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-211-1/+1
|
* Make stroke user-creds work with XAuth configsTobias Brunner2012-09-181-9/+18
|
* Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>Tobias Brunner2012-09-181-0/+10
|
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-111-7/+31
|
* Pass full pool list to release_addressMartin Willi2012-09-111-4/+16
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-4/+16
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-0/+3
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Print the name of mem pools instead of the confusing <base>/<size>Tobias Brunner2012-09-101-2/+4
|
* Merge branch 'multi-vip'Martin Willi2012-08-319-115/+664
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 21:57:28 +0000