aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/stroke
Commit message (Collapse)AuthorAgeFilesLines
...
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-073-17/+17
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-12/+22
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* Try to load raw keys from ipsec.conf as PKCS#1 blob firstTobias Brunner2013-05-071-5/+12
| | | | | The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before.
* List all stroke counters when "all" is given, and report if connection not knownMartin Willi2013-04-031-30/+88
|
* Load raw keys before possibly destroying the identityTobias Brunner2013-04-011-12/+11
| | | | | | | | If no identity (or %any) is configured the identification_t object is destroyed and an invalid object was associated with the created pubkey certificate. Actually using %any does not work as the certificate would not match when the client later provides an identity.
* enforce singular of packetsAndreas Steffen2013-03-221-4/+6
|
* Avoid a race condition when reloading secrets from ipsec.secretsTobias Brunner2013-03-201-18/+25
| | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded.
* Don't try to mmap() empty ipsec.secret filesMartin Willi2013-03-191-1/+5
|
* In stroke counters, check if we have an IKE_SA before getting the name from itMartin Willi2013-03-191-3/+6
| | | | | Fixes a segfault when receiving an invalid IKE SPI, where we don't have an IKE_SA for the raised alert.
* Algorithms are not really specific to an IKE versionTobias Brunner2013-03-181-1/+1
| | | | | | But not all of them can be used with IKEv1. Fixes #314.
* Merge branch 'radius-ext'Martin Willi2013-03-181-6/+9
|\ | | | | | | | | | | Bring some extensions to eap-radius, namely a virtual IP address provider based on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting updates and the reporting of sent/received packets.
| * Report the number of processed packets in "ipsec statusall"Martin Willi2013-03-141-5/+9
| |
| * child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-141-3/+2
| | | | | | | | packets
* | Merge branch 'stroke-counters'Martin Willi2013-03-183-11/+185
|\ \ | | | | | | | | | | | | Extend stroke counters functionality by connection specific counters, and a resetcounters command to reset the global or connection counters.
| * | Add a "resetcounters" command to ipsec, clearing global or connection countersMartin Willi2013-03-153-1/+38
| | |
| * | Add connection name specific stroke countersMartin Willi2013-03-153-11/+148
| | |
* | | Merge branch 'stroke-timeout'Martin Willi2013-03-181-18/+82
|\ \ \ | |_|/ |/| | | | | Add a strongswan.conf timeout option for stroke control commands.
| * | Add a stroke command timeout option, and report status of completed commandMartin Willi2013-03-071-18/+82
| |/
* | Merge branch 'multi-cert'Martin Willi2013-03-011-15/+32
|\ \ | | | | | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * | Load multiple comma seperarated certificates in the leftcert optionMartin Willi2013-01-181-15/+32
| | |
* | | Merge branch 'opaque-ports'Martin Willi2013-03-011-4/+4
|\ \ \ | | | | | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-211-14/+4
| | | |
| * | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-211-5/+15
| | |/ | |/|
* | | Merge branch 'ike-dscp'Martin Willi2013-02-141-1/+2
|\ \ \
| * | | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-061-1/+1
| | | |
| * | | Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-1/+2
| |/ /
* / / Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
|/ / | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* / Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
|/
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-121-1/+2
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-1/+2
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-111-1/+1
|/
* Moved data structures to new collections subfolderTobias Brunner2012-10-247-7/+7
|
* Make use of new CIDR string ts constructor where appropriateMartin Willi2012-10-241-26/+11
|
* Use explicit, larger buffer sizes for smartcard keyids and modulesMartin Willi2012-10-241-8/+8
|
* Support loading cacert certificates in ipsec.conf ca sections from smartcardMartin Willi2012-10-241-19/+37
|
* Refactored stroke smartcard token parsing, support module and slot in ↵Martin Willi2012-10-241-62/+101
| | | | leftcert option
* Load ipsec.conf %smartcard leftcerts with pkcs11 builderMartin Willi2012-10-241-8/+20
|
* Add a "ipsec listcounters" command to strokeMartin Willi2012-10-242-0/+6
|
* Add a print method for stroke countersMartin Willi2012-10-242-0/+29
|
* Add stroke message type countersMartin Willi2012-10-241-0/+75
|
* Add stroke counters for invalid IKE messagesMartin Willi2012-10-241-0/+27
|
* Add stroke CHILD_SA rekeying counterMartin Willi2012-10-241-0/+12
|
* Add stroke IKE rekey countersMartin Willi2012-10-241-0/+26
|
* Define stroke counter types to implementMartin Willi2012-10-242-0/+86
|
* Add a stub for IKE event counters in strokeMartin Willi2012-10-244-0/+112
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-241-2/+1
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-241-1/+2
|
* Reload logger configuration on SIGHUPTobias Brunner2012-10-181-18/+1
| | | | | | Besides changing the configuration this allows to easily rotate log files. Also moved logger initialization back to daemon_t.
* Fix leak of PINs from ipsec.secretsMartin Willi2012-10-091-1/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-30 05:20:46 +0000