aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* capabilities: CAP_CHOWN might be required by many plugins opening UNIX socketsTobias Brunner2013-06-258-0/+48
| | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
* farp: Require CAP_NET_RAW capability to open AF_PACKET socketTobias Brunner2013-06-251-0/+6
|
* dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind socketsTobias Brunner2013-06-251-0/+11
|
* socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-251-0/+12
| | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
* capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-251-0/+7
| | | | The daemon as such does not require this capability.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-2510-19/+19
|
* capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-251-3/+7
|
* unit-tester: RSA test was removedTobias Brunner2013-06-241-1/+0
|
* Aligned AR Identity types to IF-IMV 1.4 R5 draftAndreas Steffen2013-06-242-3/+3
|
* Added soft dependency on database pluginAndreas Steffen2013-06-211-0/+1
|
* add overall recommendation to session database entryAndreas Steffen2013-06-211-0/+8
|
* used tnc_policy_update functions for default policyAndreas Steffen2013-06-211-47/+5
|
* osx-attr: add plugin installing config attributes using SystemConfigurationMartin Willi2013-06-215-0/+457
| | | | | Currently installs DNS servers only, by prepending IP addresses to the DNS configuration of the primary networking service.
* kernel-libipsec: Ignore failures when installing routes for multicast or ↵Tobias Brunner2013-06-211-1/+23
| | | | broadcast policies
* kernel-libipsec: Add a feature to request UDP encapsulation of ESP packetsTobias Brunner2013-06-211-0/+7
|
* kernel-libipsec: Install a gateway for routes on platforms other than LinuxTobias Brunner2013-06-211-9/+26
| | | | This seems required e.g. on FreeBSD but doesn't work on Linux.
* kernel-libipsec: Router reads packets from multiple TUN devicesTobias Brunner2013-06-214-16/+268
| | | | These devices are collected via kernel_listener_t interface.
* kernel-libipsec: Use separate class to route packets between charon, ↵Tobias Brunner2013-06-214-74/+188
| | | | libipsec and TUN device
* kernel-libipsec: Track policies and automatically install routesTobias Brunner2013-06-211-5/+455
| | | | | | | | The routes direct traffic matching the remote traffic selector to the TUN device. If the remote traffic selector includes the IKE peer a very specific route is installed to allow IKE traffic.
* kernel-libipsec: Handle packets between charon socket, libipsec and TUN deviceTobias Brunner2013-06-211-0/+85
|
* kernel-libipsec: Create a TUN device and use it to install virtual IPsTobias Brunner2013-06-212-0/+40
|
* kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsecTobias Brunner2013-06-215-0/+385
|
* unit-tester: remove obsolete rsa_gen test, now covered in unit-testsMartin Willi2013-06-213-122/+0
|
* stroke: support %dynamic in left/rightsubnet for dynamic selectorsMartin Willi2013-06-191-2/+10
| | | | | | | This has the same meaning as omitting left/rightsubnet, i.e. replace it by the IKE address. Supporting %dynamic allows configurations with multiple dynamic selectors in a left/rightsubnet, each with potentially different proto/port selectors.
* stroke: support a specific proto/port for each net defined in left/rightsubnetMartin Willi2013-06-191-3/+105
|
* stroke: add exportconn{cert,chain} commands in addition to exportx509Martin Willi2013-06-191-6/+65
| | | | | The new commands either export a single end entity certificate or the full trust chain for a specific connection name.
* dhcp: search for transactions only for connections having a poolname "dhcp"Martin Willi2013-06-181-1/+6
| | | | | | When a connection has a single pool that queries recursively the DHCP backend, we shouldn't return any attributes directly from DHCP when queried for that pool.
* socket-default: Make sure sockets are open when checking with FD_ISSETTobias Brunner2013-06-141-4/+4
|
* socket-default: Properly initialize NAT-T port if opening regular socket failedTobias Brunner2013-06-141-1/+2
|
* ha: Fix CHILD_SA installation in ha_dispatcher after adding initiator flagTobias Brunner2013-06-131-4/+8
|
* kernel-interface: add an exchange initiator parameter to add_sa()Martin Willi2013-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new flag gives the kernel-interface a hint how it should priorize the use of newly installed SAs during rekeying. Consider the following rekey procedure in IKEv2: Initiator --- Responder I1 -------CREATE-------> R1 I2 <------CREATE-------- -------DELETE-------> R2 I3 <------DELETE-------- SAs are always handled as pairs, the following happens at the SA level: * Initiator starts the exchange at I1 * Responder installs new SA pair at R1 * Initiator installs new SA pair at I2 * Responder removes old SA pair at R2 * Initiator removes old SA pair at I3 This makes sure SAs get installed/removed overlapping during rekeying. However, to avoid any packet loss, it is crucial that the new outbound SA gets activated at the correct position: * as exchange initiator, in I2 * as exchange responder, in R2 This should guarantee that we don't use the new outbound SA before the peer could install its corresponding inbound SA. The new parameter allows the kernel backend to install the new SA with appropriate priorities, i.e. it should: * as exchange inititator, have the new outbound SA installed with higher priority than the old SA * as exchange responder, have the new outbound SA installed with lower priority than the old SA While we could split up the SA installation at the responder, this approach has another advantage: it allows the kernel backend to switch SAs based on other criteria, for example when receiving traffic on the new inbound SA.
* Removed stray *_plugin_create() declarations from header filesTobias Brunner2013-06-113-15/+0
|
* eap-radius: Do initialization in a plugin feature callbackTobias Brunner2013-06-111-28/+47
|
* Refactored plugin-loader with improved dependency resolutionTobias Brunner2013-06-111-0/+1
| | | | | | With the new implementation the plugins don't have to be listed in any special order, dependencies are properly resolved. The order only matters if two plugins provide the same feature.
* android-log: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* android-dns: Use plugin features to register attribute handlerTobias Brunner2013-06-111-5/+31
|
* maemo: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* medsrv: Use plugin features with dependency on database implementationTobias Brunner2013-06-111-31/+56
|
* medcli: Use plugin features with dependency on database implementationTobias Brunner2013-06-111-35/+60
|
* whitelist: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* updown: Use plugin features to register listener and attribute handlerTobias Brunner2013-06-111-20/+44
|
* unity: Use plugin features to register listener and attribute handler/providerTobias Brunner2013-06-111-10/+39
|
* unit-tester: Use plugin featuresTobias Brunner2013-06-111-4/+28
|
* uci: Use plugin features to register backend and credential setTobias Brunner2013-06-111-7/+32
|
* systime-fix: Use plugin features to register validatorTobias Brunner2013-06-111-24/+51
|
* smp: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* radattr: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* lookip: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* led: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* ipseckey: Allow en-/disabling at runtime using plugin reload featureTobias Brunner2013-06-111-12/+26
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 06:33:00 +0000