aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* eap-radius: use watcher instead of receiver thread on DAE socketMartin Willi2013-07-181-11/+7
|
* dhcp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-10/+8
|
* farp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-11/+6
|
* load-tester: use a stream service to dispatch control connectionsMartin Willi2013-07-182-93/+27
|
* whitelist: use a stream service to accept client connectionsMartin Willi2013-07-183-121/+106
| | | | | Use SOCK_STREAM, as we don't have SOCK_SEQPACKET on TCP. To have network transparency, the message now uses network byte order.
* lookip: use stream service with async I/O dispatchingMartin Willi2013-07-185-256/+294
| | | | | Now uses SOCK_STREAM, as SOCK_SEQPACKET is not available over TCP. To have network transparency, the message now uses network byte order.
* error-notify: use a stream service to accept client connectionsMartin Willi2013-07-184-122/+103
| | | | | As TCP does not have SOCK_SEQPACKET, we now use SOCK_STREAM for the error-notify socket. To have network transparency, the message now uses network byte order.
* duplicheck: use a stream service to accept client connectionsMartin Willi2013-07-184-105/+146
| | | | | | As we can't use SOCK_SEQPACKET over TCP, we now have to provide message boundaries ourselves. We do this by appending a 16-bit length header to each sent duplicate identity.
* stroke: use a stream service to handle stroke requestsMartin Willi2013-07-181-227/+48
|
* kernel-libipsec: Fail route installation if remote TS matches peerTobias Brunner2013-07-181-0/+9
|
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-1812-13/+16
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-1861-225/+346
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* eap-sim-pcsc: fix compiler warningMartin Willi2013-07-181-2/+1
|
* unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were ↵Tobias Brunner2013-07-171-11/+32
| | | | received
* unity: Allow UNITY_LOCAL_LAN to be longer than 8 bytesTobias Brunner2013-07-171-1/+1
|
* unity: Fix memory leak in providerTobias Brunner2013-07-171-0/+1
|
* child-sa: replace get_traffic_selectors() with create_ts_enumerator()Martin Willi2013-07-175-19/+46
| | | | | Not directly returning a linked list allows us to change the internals of the CHILD_SA transparently.
* kernel-libipsec: Log error if no local address is found when installing routesTobias Brunner2013-07-151-0/+5
|
* stroke: Add certificates extracted from PKCS#12 files to correct credential setTobias Brunner2013-07-151-4/+4
| | | | | Only keys and shared secrets are moved from the temporary credential set after loading all secrets.
* Use strpfx() helper where appropriateTobias Brunner2013-07-084-20/+19
|
* socket-default: Add options to disable address familiesTobias Brunner2013-07-051-0/+25
|
* net: Socket implementations report the address families they supportTobias Brunner2013-07-052-2/+28
|
* eap-radius: fix add_attribute/framed_ip method signaturesMartin Willi2013-07-011-2/+2
|
* Reuse reqid for trap policies installed for dpd|closeaction=holdTobias Brunner2013-07-012-2/+2
|
* dhcp: Use chunk_hash_static() to calculate ID-based MAC addressesTobias Brunner2013-06-281-1/+1
|
* stroke: Changed how proto/port are specified in left|rightsubnetTobias Brunner2013-06-281-1/+8
| | | | Using a colon as separator conflicts with IPv6 addresses.
* tnc-pdp: Initialize TNC-PDP in plugin callback with proper dependenciesTobias Brunner2013-06-271-6/+25
|
* capabilities: CAP_CHOWN might be required by many plugins opening UNIX socketsTobias Brunner2013-06-258-0/+48
| | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
* farp: Require CAP_NET_RAW capability to open AF_PACKET socketTobias Brunner2013-06-251-0/+6
|
* dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind socketsTobias Brunner2013-06-251-0/+11
|
* socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-251-0/+12
| | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
* capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-251-0/+7
| | | | The daemon as such does not require this capability.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-2510-19/+19
|
* capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-251-3/+7
|
* unit-tester: RSA test was removedTobias Brunner2013-06-241-1/+0
|
* Aligned AR Identity types to IF-IMV 1.4 R5 draftAndreas Steffen2013-06-242-3/+3
|
* Added soft dependency on database pluginAndreas Steffen2013-06-211-0/+1
|
* add overall recommendation to session database entryAndreas Steffen2013-06-211-0/+8
|
* used tnc_policy_update functions for default policyAndreas Steffen2013-06-211-47/+5
|
* osx-attr: add plugin installing config attributes using SystemConfigurationMartin Willi2013-06-215-0/+457
| | | | | Currently installs DNS servers only, by prepending IP addresses to the DNS configuration of the primary networking service.
* kernel-libipsec: Ignore failures when installing routes for multicast or ↵Tobias Brunner2013-06-211-1/+23
| | | | broadcast policies
* kernel-libipsec: Add a feature to request UDP encapsulation of ESP packetsTobias Brunner2013-06-211-0/+7
|
* kernel-libipsec: Install a gateway for routes on platforms other than LinuxTobias Brunner2013-06-211-9/+26
| | | | This seems required e.g. on FreeBSD but doesn't work on Linux.
* kernel-libipsec: Router reads packets from multiple TUN devicesTobias Brunner2013-06-214-16/+268
| | | | These devices are collected via kernel_listener_t interface.
* kernel-libipsec: Use separate class to route packets between charon, ↵Tobias Brunner2013-06-214-74/+188
| | | | libipsec and TUN device
* kernel-libipsec: Track policies and automatically install routesTobias Brunner2013-06-211-5/+455
| | | | | | | | The routes direct traffic matching the remote traffic selector to the TUN device. If the remote traffic selector includes the IKE peer a very specific route is installed to allow IKE traffic.
* kernel-libipsec: Handle packets between charon socket, libipsec and TUN deviceTobias Brunner2013-06-211-0/+85
|
* kernel-libipsec: Create a TUN device and use it to install virtual IPsTobias Brunner2013-06-212-0/+40
|
* kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsecTobias Brunner2013-06-215-0/+385
|
* unit-tester: remove obsolete rsa_gen test, now covered in unit-testsMartin Willi2013-06-213-122/+0
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 12:58:38 +0000