aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* stroke: support %dynamic in left/rightsubnet for dynamic selectorsMartin Willi2013-06-191-2/+10
| | | | | | | This has the same meaning as omitting left/rightsubnet, i.e. replace it by the IKE address. Supporting %dynamic allows configurations with multiple dynamic selectors in a left/rightsubnet, each with potentially different proto/port selectors.
* stroke: support a specific proto/port for each net defined in left/rightsubnetMartin Willi2013-06-191-3/+105
|
* stroke: add exportconn{cert,chain} commands in addition to exportx509Martin Willi2013-06-191-6/+65
| | | | | The new commands either export a single end entity certificate or the full trust chain for a specific connection name.
* dhcp: search for transactions only for connections having a poolname "dhcp"Martin Willi2013-06-181-1/+6
| | | | | | When a connection has a single pool that queries recursively the DHCP backend, we shouldn't return any attributes directly from DHCP when queried for that pool.
* socket-default: Make sure sockets are open when checking with FD_ISSETTobias Brunner2013-06-141-4/+4
|
* socket-default: Properly initialize NAT-T port if opening regular socket failedTobias Brunner2013-06-141-1/+2
|
* ha: Fix CHILD_SA installation in ha_dispatcher after adding initiator flagTobias Brunner2013-06-131-4/+8
|
* kernel-interface: add an exchange initiator parameter to add_sa()Martin Willi2013-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new flag gives the kernel-interface a hint how it should priorize the use of newly installed SAs during rekeying. Consider the following rekey procedure in IKEv2: Initiator --- Responder I1 -------CREATE-------> R1 I2 <------CREATE-------- -------DELETE-------> R2 I3 <------DELETE-------- SAs are always handled as pairs, the following happens at the SA level: * Initiator starts the exchange at I1 * Responder installs new SA pair at R1 * Initiator installs new SA pair at I2 * Responder removes old SA pair at R2 * Initiator removes old SA pair at I3 This makes sure SAs get installed/removed overlapping during rekeying. However, to avoid any packet loss, it is crucial that the new outbound SA gets activated at the correct position: * as exchange initiator, in I2 * as exchange responder, in R2 This should guarantee that we don't use the new outbound SA before the peer could install its corresponding inbound SA. The new parameter allows the kernel backend to install the new SA with appropriate priorities, i.e. it should: * as exchange inititator, have the new outbound SA installed with higher priority than the old SA * as exchange responder, have the new outbound SA installed with lower priority than the old SA While we could split up the SA installation at the responder, this approach has another advantage: it allows the kernel backend to switch SAs based on other criteria, for example when receiving traffic on the new inbound SA.
* Removed stray *_plugin_create() declarations from header filesTobias Brunner2013-06-113-15/+0
|
* eap-radius: Do initialization in a plugin feature callbackTobias Brunner2013-06-111-28/+47
|
* Refactored plugin-loader with improved dependency resolutionTobias Brunner2013-06-111-0/+1
| | | | | | With the new implementation the plugins don't have to be listed in any special order, dependencies are properly resolved. The order only matters if two plugins provide the same feature.
* android-log: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* android-dns: Use plugin features to register attribute handlerTobias Brunner2013-06-111-5/+31
|
* maemo: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* medsrv: Use plugin features with dependency on database implementationTobias Brunner2013-06-111-31/+56
|
* medcli: Use plugin features with dependency on database implementationTobias Brunner2013-06-111-35/+60
|
* whitelist: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* updown: Use plugin features to register listener and attribute handlerTobias Brunner2013-06-111-20/+44
|
* unity: Use plugin features to register listener and attribute handler/providerTobias Brunner2013-06-111-10/+39
|
* unit-tester: Use plugin featuresTobias Brunner2013-06-111-4/+28
|
* uci: Use plugin features to register backend and credential setTobias Brunner2013-06-111-7/+32
|
* systime-fix: Use plugin features to register validatorTobias Brunner2013-06-111-24/+51
|
* smp: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* radattr: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* lookip: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* led: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* ipseckey: Allow en-/disabling at runtime using plugin reload featureTobias Brunner2013-06-111-12/+26
|
* ipseckey: Use plugin features and depend on RESOLVERTobias Brunner2013-06-112-28/+53
| | | | Also fixed a double-free of the resolver instance.
* ha: Use plugin features to register listeners and attribute providerTobias Brunner2013-06-111-9/+37
|
* farp: Use plugin features to register listenerTobias Brunner2013-06-111-5/+29
|
* error-notify: Use plugin features to register listenerTobias Brunner2013-06-111-3/+29
|
* duplicheck: Use plugin features to register listenerTobias Brunner2013-06-111-3/+29
|
* coupling: Use plugin features and soft depend on SHA1Tobias Brunner2013-06-111-12/+40
|
* certexpire: Use plugin features to register listenerTobias Brunner2013-06-111-4/+30
|
* addrblock: Use plugin features with soft dependency on X.509 decodingTobias Brunner2013-06-111-5/+34
|
* dhcp: Use plugin features with dependency to RNG implementationTobias Brunner2013-06-111-17/+45
|
* sql: Use plugin features with dependency to database backendTobias Brunner2013-06-111-33/+62
|
* Socket plugins soft depend on the kernel-ipsec plugin featureTobias Brunner2013-06-112-0/+2
| | | | | On most platforms calls to methods to bypass the IKE sockets and enabling UDP decapsulation are required.
* Converted test for recursive mutex_tTobias Brunner2013-06-113-102/+0
|
* Converted tests for chunk_tTobias Brunner2013-06-113-84/+0
|
* Converted and added tests for hashtable_tTobias Brunner2013-06-113-114/+1
|
* Converted tests for identification_tTobias Brunner2013-06-113-254/+0
|
* Remove obsolete enumerator/linked_list tests in unit_tester pluginTobias Brunner2013-06-113-312/+0
|
* updown: pass IKE_SA unique ID in PLUTO_UNIQUEIDEmanuil Hristov2013-05-161-1/+2
|
* stroke: Add second password if providedTobias Brunner2013-05-081-0/+13
|
* stroke: Fail silently if another builder calls PW callback after giving upTobias Brunner2013-05-081-9/+14
| | | | Also reduced the number of tries to 3.
* stroke: Cache passwords so the user is not prompted multiple times for the ↵Tobias Brunner2013-05-081-1/+13
| | | | | | | | | | same password To verify/decrypt a PKCS#12 container a password might be needed multiple times. If it was entered correctly we don't want to bother the user again with another password prompt. The passwords for MAC creation and encryption could be different so the user might be prompted multiple times after all.
* stroke: Fix prompt and error messages in passphrase callbackTobias Brunner2013-05-081-11/+13
|
* stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-081-15/+92
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-073-17/+17
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 15:18:00 +0000