aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/vici/vici_control.c
Commit message (Collapse)AuthorAgeFilesLines
* vici: Don't fall back to uninstalling traps if a matching shunt was foundTobias Brunner2017-03-231-3/+7
| | | | | | | This is different if `ike` and `child` are provided and uninstall() fails as we call that without knowing whether a matching shunt exists. But if `ike` is not provided we explicitly search for a matching shunt and if found don't need to look for a trap policy.
* vici: Add command to initiate SA rekeyingTobias Brunner2017-02-161-2/+100
|
* vici: Explicitly use peer name when uninstalling trap and shunt policiesTobias Brunner2017-02-161-5/+29
| | | | Also adds an `ike` parameter to the `uninstall` command.
* shunt-manager: Add an optional namespace for each shuntTobias Brunner2017-02-161-2/+2
| | | | | This will allow us to reuse the names of child configs e.g. when they are defined in different connections.
* vici: Reload loggers after reloading strongswan.conf via reload-setting commandTobias Brunner2017-01-251-0/+1
|
* Use standard unsigned integer typesAndreas Steffen2016-03-241-3/+3
|
* vici: Don't redirect all SAs if no selectors are givenTobias Brunner2016-03-041-1/+1
| | | | | This avoid confusion and redirecting all SAs can now easily be done explicitly (e.g. peer_ip=0.0.0.0/0).
* vici: Match subnets and ranges against peer IP in redirect commandTobias Brunner2016-03-041-11/+40
|
* vici: Match identity with wildcards against remote ID in redirect commandTobias Brunner2016-03-041-4/+7
|
* vici: Add redirect commandTobias Brunner2016-03-041-0/+117
| | | | | This allows redirecting IKE_SAs by multiple different selectors, if none are given all SAs are redirected.
* vici: Honor an optionally passed IKE configuration name in initiate/installMartin Willi2015-12-071-5/+11
| | | | | | | If two IKE configurations have CHILD configurations with the same name, we have no control about the CHILD_SA that actually gets controlled. The new "ike" parameter specifies the peer config name to find the "child" config under.
* vici: Support completely asynchronous initiating and terminationMartin Willi2015-12-071-5/+17
| | | | | | In some situations the vici client is not interested in waiting for a timeout at all, so don't register a logging callback if the timeout argument is negative.
* vici: Optionally check limits when initiating connectionsTobias Brunner2015-08-211-1/+6
| | | | | If the init-limits parameter is set (disabled by default) init limits will be checked and might prevent new SAs from getting initiated.
* controller: Optionally adhere to init limits also when initiating IKE_SAsTobias Brunner2015-08-211-2/+2
|
* Initialize variables that some compilers seem to warn aboutTobias Brunner2015-08-131-1/+1
|
* controller: Use the CHILD_SA unique_id to terminate CHILD_SAsMartin Willi2015-02-201-2/+2
|
* vici: Add a command to reload strongswan.confMartin Willi2014-09-221-0/+12
|
* vici: Return number of matching and closed SAs in terminate commandMartin Willi2014-05-071-9/+12
|
* vici: Be less verbose about client connectionsMartin Willi2014-05-071-0/+26
| | | | Instead, log the explicit commands at a higher level.
* vici: Add install/uninstall commands to manage trap and shunt policiesMartin Willi2014-05-071-0/+112
|
* vici: Extract CHILD_SA config lookup methodMartin Willi2014-05-071-14/+26
|
* vici: Avoid recursive control log invocationsMartin Willi2014-05-071-18/+24
|
* vici: Implement a terminate command to close IKE or CHILD_SAsMartin Willi2014-05-071-0/+118
|
* vici: Add a control backend, currently to initiate connections by nameMartin Willi2014-05-071-0/+219
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 01:32:56 +0000