aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Add connection name specific stroke countersMartin Willi2013-03-153-11/+148
| | |
* | | Merge branch 'stroke-timeout'Martin Willi2013-03-181-18/+82
|\ \ \ | |_|/ |/| | | | | Add a strongswan.conf timeout option for stroke control commands.
| * | Add a stroke command timeout option, and report status of completed commandMartin Willi2013-03-071-18/+82
| |/
* | Support mutliple subnets and ranges as external load-tester addressesMartin Willi2013-03-111-15/+59
| |
* | instead of cloning use extract_buf() methodAndreas Steffen2013-03-041-1/+1
| |
* | Fixed Doxygen comments after scanning complete src directoryTobias Brunner2013-03-024-5/+5
| |
* | Removed backend for old Android frontend patchTobias Brunner2013-03-0210-917/+77
| | | | | | | | Moved the remaining DNS handler to a new plugin.
* | Merge branch 'multi-cert'Martin Willi2013-03-011-15/+32
|\ \ | | | | | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * | Load multiple comma seperarated certificates in the leftcert optionMartin Willi2013-01-181-15/+32
| | |
* | | Merge branch 'systime'Martin Willi2013-03-015-0/+445
|\ \ \ | | | | | | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | | systime-fix disables certificate lifetime validation if system time not syncedMartin Willi2013-02-194-0/+326
| | | | | | | | | | | | | | | | | | | | | | | | The system time can be periodically checked. If it gets valid, certificates get rechecked with the current lifetime. If certificates are invalid, associated IKE_SAs can be closed or reauthenticated.
| * | | Add a stub for systime-fix, a plugin handling certificate lifetimes gracefullyMartin Willi2013-02-193-0/+119
| | |/ | |/|
* | | Merge branch 'vip-shunts'Martin Willi2013-03-011-11/+6
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Installs bypass policies for the physical address if a virtual address is assigned, and installs a proper source route to actually use the physical address for bypassed destinations. Conflicts: src/libcharon/plugins/unity/unity_handler.c
| * | | Include local address for Unity Split-Exclude shunt policiesMartin Willi2013-02-201-10/+5
| | | | | | | | | | | | | | | | | | | | If we use a virtual IP, having a shunt policy for just that wouldn't work, as we want a shunt bypass using the local address.
* | | | Merge branch 'opaque-ports'Martin Willi2013-03-015-9/+11
|\ \ \ \ | |/ / / |/| | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-211-14/+4
| | | |
| * | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-215-12/+22
| |/ /
* | | treat IF-M and IF-TNCCS remediation instructions/parameters in an equal wayAndreas Steffen2013-02-193-97/+198
| | |
* | | Streamlined log messages in ipseckey pluginAndreas Steffen2013-02-192-58/+30
| | |
* | | ipseckey: Report IPSECKEYs with invalid DNSSEC security stateReto Guadagnini2013-02-191-2/+12
| | |
* | | ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.confReto Guadagnini2013-02-191-3/+16
| | |
* | | Added ipseckey plugin, which provides support for public keys in IPSECKEY RRsReto Guadagnini2013-02-197-0/+852
| | |
* | | added missing return statementAndreas Steffen2013-02-191-0/+1
| | |
* | | reject PB-Experimental messages with NOSKIP flag setAndreas Steffen2013-02-191-0/+7
| | |
* | | Add a timeout to clean up PDP RADIUS connectionsMartin Willi2013-02-141-0/+51
| | |
* | | Keep the PDP connections lock while accessing its objectsMartin Willi2013-02-143-7/+34
| | | | | | | | | | | | | | | | | | When we introduce connection timeouts, the state may disappear at any time. This change prevents that, but is not very clear. We probably have to refactor connection handling.
* | | Add locking to TNC-PDP connectionsMartin Willi2013-02-141-7/+23
| | |
* | | Merge branch 'ike-dscp'Martin Willi2013-02-1410-56/+114
|\ \ \
| * | | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-061-1/+1
| | | |
| * | | Add a DSCP configuration value to IKE configsMartin Willi2013-02-069-19/+15
| | | |
| * | | Set DSCP values when sending IP packets in socket-defaultMartin Willi2013-02-061-1/+65
| | | |
| * | | Don't send a packet in default socket if family is not IPv4 nor IPv6Martin Willi2013-02-061-12/+18
| | | |
| * | | Avoid extensive casting of sockaddr types in socket-default by using a unionMartin Willi2013-02-061-24/+16
| |/ / | | | | | | | | | Additionally fixes a strict-aliasing rule compiler warning with older gcc.
* | | Check if recommendations is set before applying language preferenceMartin Willi2013-02-141-3/+6
| | |
* | | Merge branch 'pt-tls'Martin Willi2013-02-143-9/+0
|\ \ \
| * | | TNCCS plugins don't depend on EAP-TNC, but can be used by other transports, tooMartin Willi2013-01-153-9/+0
| | |/ | |/|
* | | Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
| | | | | | | | | | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* | | treat EAP identities as user IDsAndreas Steffen2013-02-121-3/+3
| | |
* | | make TNC client authentication type available to IMVsAndreas Steffen2013-02-127-26/+146
| | |
* | | determine underlying IF-T transport protocolAndreas Steffen2013-02-1210-62/+184
| | |
* | | make AR identities available to IMVs via IF-IMV 1.4 draftAndreas Steffen2013-02-115-0/+146
| | |
* | | Make IKE/EAP IDs available to TNC server/clientAndreas Steffen2013-02-118-24/+81
| |/ |/|
* | Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
| |
* | Removed unused command name when printing usage info for lookipTobias Brunner2013-01-241-1/+1
| |
* | Filter TS list for Split-Includes before printing them to debug logMartin Willi2013-01-211-10/+34
|/
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-129-12/+20
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-128-11/+18
| |
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-249-12/+13
| |
* | Fixed some typos in commentsVolker RĂ¼melin2013-01-111-1/+1
|/
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 23:35:44 +0000