| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | ike: Add an additional but separate AEAD proposal to CHILD config | Martin Willi | 2014-05-16 | 1 | -2/+10 | |
| | | | | | | | | This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless. | |||||
| * | ike: Add an additional but separate AEAD proposal to IKE config, if supported | Martin Willi | 2014-05-16 | 1 | -10/+25 | |
| | | ||||||
| * | enum: Return boolean result for enum_from_name() lookup | Martin Willi | 2014-05-16 | 1 | -2/+1 | |
| | | | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned. | |||||
| * | vici: Support the close_action keyword, as we have it documented | Martin Willi | 2014-05-14 | 1 | -1/+6 | |
| | | ||||||
| * | vici: Check if header has been received before processing an empty message | Martin Willi | 2014-05-07 | 1 | -1/+2 | |
| | | | | | | | If do_read() returns with EWOULDBLOCK, we must ensure that we actually have processed the full length header before checking the zero-initialized buffer length. | |||||
| * | vici: Properly filter by CHILD_SA name while undoing start actions | Martin Willi | 2014-05-07 | 1 | -2/+5 | |
| | | ||||||
| * | vici: Fallback to socket listening port if no explicit local port specified | Martin Willi | 2014-05-07 | 1 | -1/+4 | |
| | | ||||||
| * | vici: Support a "mtu" value for the tfc_padding option | Martin Willi | 2014-05-07 | 1 | -2/+16 | |
| | | ||||||
| * | vici: Handle the "trap" action as an alias for "route" | Martin Willi | 2014-05-07 | 1 | -0/+1 | |
| | | ||||||
| * | vici: Document errno values to expect from libvici API | Martin Willi | 2014-05-07 | 2 | -9/+24 | |
| | | ||||||
| * | vici: Log owners of a just loaded shared-secret | Martin Willi | 2014-05-07 | 1 | -2/+18 | |
| | | ||||||
| * | vici: Handle "xauth" as an alias for "eap" secrets | Martin Willi | 2014-05-07 | 1 | -1/+1 | |
| | | ||||||
| * | vici: Return number of matching and closed SAs in terminate command | Martin Willi | 2014-05-07 | 1 | -9/+12 | |
| | | ||||||
| * | vici: Complete libvici doxygen comments | Martin Willi | 2014-05-07 | 1 | -2/+17 | |
| | | ||||||
| * | vici: Ensure we have no active users before mangling event client registrations | Martin Willi | 2014-05-07 | 1 | -13/+35 | |
| | | ||||||
| * | vici: Properly skip raise_event() for unknown event names | Martin Willi | 2014-05-07 | 1 | -13/+13 | |
| | | ||||||
| * | vici: Increase vici message length header from 16 to 32 bits | Martin Willi | 2014-05-07 | 5 | -24/+43 | |
| | | | | | | | | | | While we currently have no need for messages larger than 65KB, we should design the protocol to be future-proof, as we plan to keep at least to lowest protocol layer stable. To avoid any allocation issues, we currently keep the message size limit at 512KB. | |||||
| * | vici: Have an explicit "relaxed" keyword for the default revocation policy | Martin Willi | 2014-05-07 | 1 | -1/+5 | |
| | | ||||||
| * | vici: Use a default child rekey time of 1 hour | Martin Willi | 2014-05-07 | 1 | -0/+6 | |
| | | ||||||
| * | vici: Use a default IKE rekey time of 4 hours | Martin Willi | 2014-05-07 | 1 | -0/+6 | |
| | | ||||||
| * | vici: Add low-level IPC protocol description | Martin Willi | 2014-05-07 | 2 | -0/+179 | |
| | | ||||||
| * | vici: Fix descending into non-matching sections during key find | Martin Willi | 2014-05-07 | 1 | -1/+1 | |
| | | ||||||
| * | vici: Add an IKE virtual IP and attribute backend | Martin Willi | 2014-05-07 | 4 | -0/+781 | |
| | | ||||||
| * | vici: Support referencing external named pools for peer configs | Martin Willi | 2014-05-07 | 1 | -0/+14 | |
| | | ||||||
| * | vici: Actually add configured virtual IPs to peer config | Martin Willi | 2014-05-07 | 1 | -0/+5 | |
| | | ||||||
| * | vici: Use a default rand_time of the difference between hard and soft lifetimes | Martin Willi | 2014-05-07 | 1 | -0/+26 | |
| | | ||||||
| * | vici: Use a default hard lifetime of 110% of the soft lifetime | Martin Willi | 2014-05-07 | 1 | -0/+37 | |
| | | ||||||
| * | vici: Make unit-tests independent from libcharon and libhydra | Martin Willi | 2014-05-07 | 3 | -11/+1 | |
| | | | | | Fixes monolithic build, as we can't depend on the not yet built libcharon. | |||||
| * | vici: Don't compare unsigned certificate_type_t to -1 | Martin Willi | 2014-05-07 | 1 | -1/+1 | |
| | | ||||||
| * | vici: Use non-blocking first read when receiving message during client on_read() | Martin Willi | 2014-05-07 | 1 | -1/+15 | |
| | | | | | | | As select() and finally the watcher may signal an FD even if it does not actually have data, we must make a non-block read to avoid hanging in the read callback. | |||||
| * | vici: Perform specified start_action on connection load, undo it on unload | Martin Willi | 2014-05-07 | 1 | -2/+185 | |
| | | ||||||
| * | vici: Add a generic log event to raise events for log messages | Martin Willi | 2014-05-07 | 4 | -0/+195 | |
| | | ||||||
| * | vici: Be less verbose about client connections | Martin Willi | 2014-05-07 | 2 | -5/+31 | |
| | | | | | Instead, log the explicit commands at a higher level. | |||||
| * | vici: Add a list-certs command to query different certificate types | Martin Willi | 2014-05-07 | 1 | -0/+102 | |
| | | ||||||
| * | vici: Support pinning end entity and CA certificates to connections | Martin Willi | 2014-05-07 | 2 | -0/+62 | |
| | | ||||||
| * | vici: Support missing groups option in auth config | Martin Willi | 2014-05-07 | 2 | -1/+36 | |
| | | ||||||
| * | vici: Add a load-shared command to load shared IKE and EAP secrets | Martin Willi | 2014-05-07 | 1 | -0/+68 | |
| | | ||||||
| * | vici: Add a load-key command to load private keys | Martin Willi | 2014-05-07 | 1 | -0/+50 | |
| | | ||||||
| * | vici: Support loading of different certificate types | Martin Willi | 2014-05-07 | 1 | -0/+93 | |
| | | ||||||
| * | vici: Add a credential backend | Martin Willi | 2014-05-07 | 4 | -0/+159 | |
| | | ||||||
| * | vici: Add a command listing all or specific loaded connections using events | Martin Willi | 2014-05-07 | 1 | -0/+167 | |
| | | ||||||
| * | vici: Add unload-conn and get-conns commands to manage loaded connections | Martin Willi | 2014-05-07 | 1 | -0/+62 | |
| | | ||||||
| * | vici: Make dispatcher a little more verbose | Martin Willi | 2014-05-07 | 1 | -0/+10 | |
| | | ||||||
| * | vici: Add backend providing in-memory connections | Martin Willi | 2014-05-07 | 4 | -0/+1607 | |
| | | ||||||
| * | vici: Add generic callback based vici message parsing | Martin Willi | 2014-05-07 | 2 | -0/+139 | |
| | | ||||||
| * | vici: Add a list-policy command to query trap and shunt policies | Martin Willi | 2014-05-07 | 1 | -0/+147 | |
| | | ||||||
| * | vici: Add install/uninstall commands to manage trap and shunt policies | Martin Willi | 2014-05-07 | 1 | -0/+112 | |
| | | ||||||
| * | vici: Extract CHILD_SA config lookup method | Martin Willi | 2014-05-07 | 1 | -14/+26 | |
| | | ||||||
| * | vici: Refactor socket to clean up locking | Martin Willi | 2014-05-07 | 1 | -87/+233 | |
| | | | | | | | | Uses separate locks for socket read and write operations. While holding the socket reader lock, a different thread can still claim the socket write lock. This allows to asynchronously send event messages while holding the read lock. | |||||
| * | vici: Fix dispatcher leak when handling unknown request | Martin Willi | 2014-05-07 | 1 | -10/+11 | |
| | | ||||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |