aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/vici
Commit message (Collapse)AuthorAgeFilesLines
...
* vici: Replace dr with dev in version numbers for the Python eggTobias Brunner2016-05-101-5/+5
| | | | | | The versioning scheme used by Python (PEP 440) supports the rcN suffix but development releases have to be named devN, not drN, which are not supported and considered legacy versions.
* vici: Update setup.pyTobias Brunner2016-05-101-4/+5
|
* vici: Ensure we read exactly the specified amount of bytes from the socket ↵Tobias Brunner2016-05-101-2/+9
| | | | | | | in Python recv() will return less bytes than specified (as that's the buffer size) if not as many are ready to be read from the socket.
* vici list-conns sends reauthentication and rekeying time informationAndreas Steffen2016-05-043-15/+32
|
* Include manual policy priorities and restriction to interfaces in vici ↵Andreas Steffen2016-04-091-1/+14
| | | | list-conn command
* Implemented IPsec policies restricted to given network interfaceAndreas Steffen2016-04-091-0/+3
|
* Support manually-set IPsec policy prioritiesAndreas Steffen2016-04-091-0/+2
|
* peer-cfg: Use struct to pass data to constructorTobias Brunner2016-04-091-6/+17
|
* child-cfg: Use struct to pass data to constructorTobias Brunner2016-04-091-125/+117
|
* vici: Fix documentation of some dictionary keys of two request messagesCameron McCord2016-03-311-3/+3
| | | | Closes strongswan/strongswan#40.
* Use standard unsigned integer typesAndreas Steffen2016-03-249-59/+59
|
* vici: Don't hold write lock while running or undoing start actionsTobias Brunner2016-03-111-27/+63
| | | | | | | | | | | | | | Running or undoing start actions might require enumerating IKE_SAs, which in turn might have to enumerate peer configs concurrently, which requires acquiring a read lock. So if we keep holding the write lock while enumerating the SAs we provoke a deadlock. By preventing other threads from acquiring the write lock while handling actions, and thus preventing the modification of the configs, we largely maintain the current synchronous behavior. This way we also don't need to acquire additional refs for config objects as they won't get modified/removed. Fixes #1185.
* Initialize ts variableAndreas Steffen2016-03-111-1/+1
|
* Support of IP address ranges in traffic selectorsAndreas Steffen2016-03-101-1/+17
|
* vici: Replace child configs atomicallyTobias Brunner2016-03-081-14/+11
| | | | This also leaves unmodified configs as they are.
* vici: Order auth rounds by optional `round` parameter instead of by position ↵Tobias Brunner2016-03-081-40/+64
| | | | in the request
* vici: Correctly return IKE SPIs stored in network orderTobias Brunner2016-03-041-2/+4
|
* vici: Add support for pubkey constraints with EAP-TLSTobias Brunner2016-03-041-0/+8
| | | | This is a feature currently supported by stroke.
* auth-cfg: Make IKE signature schemes configurableTobias Brunner2016-03-041-2/+3
| | | | | | This also restores the charon.signature_authentication_constraints functionality, that is, if no explicit IKE signature schemes are configured we apply all regular signature constraints as IKE constraints.
* vici: Don't redirect all SAs if no selectors are givenTobias Brunner2016-03-041-1/+1
| | | | | This avoid confusion and redirecting all SAs can now easily be done explicitly (e.g. peer_ip=0.0.0.0/0).
* vici: Match subnets and ranges against peer IP in redirect commandTobias Brunner2016-03-042-12/+42
|
* vici: Match identity with wildcards against remote ID in redirect commandTobias Brunner2016-03-042-5/+9
|
* vici: Add redirect commandTobias Brunner2016-03-045-0/+150
| | | | | This allows redirecting IKE_SAs by multiple different selectors, if none are given all SAs are redirected.
* libhydra: Remove empty unused libraryTobias Brunner2016-03-031-1/+0
|
* libhydra: Move kernel interface to libcharonTobias Brunner2016-03-031-1/+0
| | | | This moves hydra->kernel_interface to charon->kernel.
* vici: Provide ports of local and remote IKE endpointsTobias Brunner2016-03-032-2/+9
|
* vici: Correctly document 'up' key for updown eventsTobias Brunner2016-03-011-4/+4
| | | | Instead of sending 'no' it is omitted when an SA goes down.
* vici: Support multiple named raw ublic keysAndreas Steffen2016-01-101-15/+19
|
* swanctl: Load pubkeys with load-credsAndreas Steffen2016-01-091-6/+7
|
* vici: list-cert sends subject, not-before and not-after attributes for pubkeysAndreas Steffen2016-01-092-1/+28
|
* vici: Support of raw public keysAndreas Steffen2016-01-095-9/+60
|
* vici: Enable transport encoding of CERT_TRUSTED_PUBKEY objectsAndreas Steffen2016-01-031-5/+8
|
* vici: Use correct constant when checking for integrity algorithmTobias Brunner2015-12-211-1/+1
| | | | Currently both have the value 1024 so no real harm done.
* vici: CHILD_SA proposals never contain a PRFTobias Brunner2015-12-211-5/+0
|
* vici: allow legacy shortcuts in cert queriesAndreas Steffen2015-12-191-10/+14
|
* Use 128 bit security in README.pod examplesAndreas Steffen2015-12-181-4/+4
|
* Improvements to the VICI Perl bindings by Andreas HofmeisterAndreas Hofmeister2015-12-184-189/+127
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Switch.pm, which was implemented as a source filter, has been deprecated in Perl 5.10 and was later removed from the core modules in Perl 5.14 or so. Unfortunately, its replacement, the given/when/default construct, has since been downgraded to "experimental" status because of problems with the underlying "smart-match" operator. Thus, as of Perl 5.22, Perl still has no actually usable "switch"-like construct. So just use boring, old and ugly "if/elsif/else" constructs instead, which are compatible with almost any Perl version. - None of the Perl modules here does anything that would require "AutoLoader". - "Exporter" can be used to export plain functions into another modules name space. But the things that were exported here are meant to be called as methods. In this case, it is neither necessary nor advisable to export those symbols. Just export nothing (the POD documentation already said so). - It is usually the calling script that enables (or does not enable) warnings globally. When a module says "use warnings;" however, the caller looses control over what warnings should be enabled in that module.
* Apply pubkey and signature constraints in vici pluginAndreas Steffen2015-12-171-1/+5
|
* Refactored certificate management for the vici and stroke interfaces5.4.0dr1Andreas Steffen2015-12-125-88/+64
|
* Modified vici_cert_info class for use with load_creds and vici_credAndreas Steffen2015-12-112-59/+31
|
* Removed VICI protocol versioningAndreas Steffen2015-12-115-88/+0
|
* Share vici_cert_info.c with vici_cred.cAndreas Steffen2015-12-113-37/+35
|
* Use VICI 2.0 protocol version for certificate queriesAndreas Steffen2015-12-114-52/+159
|
* Sort certificate types during enumerationAndreas Steffen2015-12-111-39/+205
|
* Define VICI protocol versionsAndreas Steffen2015-12-115-0/+88
|
* vici: Don't report memory usage via leak-detectiveTobias Brunner2015-12-111-17/+0
| | | | | This slowed down the `swanctl --stats` calls in the test scenarios significantly, with not much added value.
* vici: Fix documentation about the initiate/terminate timeoutMartin Willi2015-12-071-2/+2
|
* vici: Honor an optionally passed IKE configuration name in initiate/installMartin Willi2015-12-072-5/+13
| | | | | | | If two IKE configurations have CHILD configurations with the same name, we have no control about the CHILD_SA that actually gets controlled. The new "ike" parameter specifies the peer config name to find the "child" config under.
* vici: Support completely asynchronous initiating and terminationMartin Willi2015-12-072-5/+23
| | | | | | In some situations the vici client is not interested in waiting for a timeout at all, so don't register a logging callback if the timeout argument is negative.
* vici: Use an empty local auth round if none givenMartin Willi2015-12-071-3/+2
| | | | | While it hardly makes sense to use none for negotiated SAs, it actually does when installing shunt policies.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 09:12:33 +0000