aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* eap-radius: Increase buffer for attributes sent in RADIUS accounting messagesTobias Brunner2013-09-271-1/+1
| | | | 64 bytes might be too short for user names/identities.
* load-tester: Fix crash if private key was not loaded successfullyTobias Brunner2013-09-241-1/+1
| | | | Fixes #417.
* Implemented TCG/PB-PDP_Referral messageAndreas Steffen2013-09-171-0/+12
|
* stroke: don't remove a matching peer config if used by other child configsMartin Willi2013-09-131-4/+3
| | | | | When configurations get merged during add, we should not remove peer configs if other connection entries use the same peer config.
* sockets: Initialize the whole ancillary data buffer not only the actual structTobias Brunner2013-09-102-4/+4
| | | | | | This avoids uninitialized bytes that Valgrind seems to notice otherwise. Fixes #395.
* Fixed double free causing swapped ends to crash5.1.1dr3Andreas Steffen2013-09-071-1/+0
|
* load-tester: support extended traffic selector syntax, as in leftsubnetMartin Willi2013-09-041-13/+168
| | | | | In addition the initiator may use %unique as port, using a distinct port for each connection, starting from 1025.
* load-tester: add an option to test transport/beet connectionsMartin Willi2013-09-041-1/+21
|
* ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-049-54/+85
| | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
* ike-cfg: remove the to be obsoleted allow any parameter in get_my/other_addrMartin Willi2013-09-043-7/+5
|
* stroke: ignore a leftsourceip if a rightsourceip is given as wellMartin Willi2013-09-041-1/+7
| | | | | | As we always negotiate virtual IPs in charon, having both left- and rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single configuration payload exchange only.
* stroke: re-enable modeconfig keywordMartin Willi2013-09-041-1/+1
|
* peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-048-10/+11
|
* xauth-generic: honor requested XAuth credential types as a clientMartin Willi2013-09-031-16/+51
| | | | Support requesting of XAuth PINs and print XAuth messages.
* eap-radius: support XAuth configuration profiles, defining multiple XAuth roundsMartin Willi2013-09-031-22/+157
|
* xauth: add a configuration string option to be passed to XAuth instancesMartin Willi2013-09-0311-13/+27
| | | | | | The configuration string is appended to the XAuth backend name, separated by a colon. The configuration string is passed untouched to the backend, where it can change the behavior of the XAuth module.
* Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp pluginAndreas Steffen2013-08-261-76/+95
|
* stroke: stop enumerating IKE_SAs in statusall if output stream gets closedMartin Willi2013-08-231-1/+1
| | | | | | | If the output stream is not interested in more information, it can close the the stream. Checking for stream errors avoids useless enumeration of IKE_SAs, saving resources. This allows to use "ipsec statusall | head" to monitor the daemon, or stop enumerating IKE_SAs after a specific entry has been found.
* Process PB-TNC batches received via PT-TLS asynchronouslyAndreas Steffen2013-08-191-4/+1
|
* Show host address of peer connecting to PT-TLS socketAndreas Steffen2013-08-151-1/+7
|
* enabled SASL PLAIN authenticationAndreas Steffen2013-08-151-2/+2
|
* PT-TLS connection is properly terminatedAndreas Steffen2013-08-151-3/+2
|
* moved tnc_imv plugin to libtnccs thanks to recommendation callback functionAndreas Steffen2013-08-1512-1887/+79
|
* Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon ↵Andreas Steffen2013-08-1566-10629/+0
| | | | plugins to libtnccs
* rapid PT-TLS AR/PDP prototypeAndreas Steffen2013-08-155-60/+254
|
* Add PT-TLS interface to strongSwan PDPAndreas Steffen2013-08-154-39/+68
|
* updown: remove description of unsupported PLUTO_ variablesMartin Willi2013-08-081-1/+0
| | | | These have been set by pluto, but are not by charons updown plugin.
* tnc-pdp: Initialize struct msghdr properly when reading RADIUS messages5.1.0Tobias Brunner2013-07-311-10/+10
| | | | | Before this e.g. msg_controllen was not initialized properly which could cause invalid reads.
* whitelist: Fix compilation on FreeBSDTobias Brunner2013-07-311-0/+2
|
* Callback job is not needed any moreAndreas Steffen2013-07-311-4/+0
|
* unity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributesTobias Brunner2013-07-291-50/+97
| | | | | | | Cisco devices seem to add 6 bytes of padding between each address/mask pair. Fixes #366.
* tnc-pdp now uses watcher_tAndreas Steffen2013-07-291-92/+63
|
* eap-radius: do RADIUS/IKE attribute forwarding in XAuth backendMartin Willi2013-07-292-1/+5
|
* eap-radius: support plain XAuth RADIUS authentication using User-PasswordMartin Willi2013-07-294-0/+253
|
* eap-radius: export function to build common attributes of Access-RequestMartin Willi2013-07-292-24/+39
|
* eap-radius: export function to process common attributes of Access-AcceptMartin Willi2013-07-292-31/+36
|
* socket-dynamic: Properly initialize IPv6 addressTobias Brunner2013-07-241-1/+1
|
* tnc-ifmap: Use proper cast for length when using %.*sTobias Brunner2013-07-241-5/+6
|
* coupling: Fix call to call_hook()Tobias Brunner2013-07-221-1/+1
|
* tnc-pdp: Fix reading port setting from strongswan.confTobias Brunner2013-07-221-1/+1
|
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-186-39/+2
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* certexpire: add an option to enforce exporting trustchains having a private keyMartin Willi2013-07-181-15/+83
|
* error-notify: catch and forward some alerts related to certificate validationMartin Willi2013-07-182-0/+25
|
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-182-1/+10
|
* lookip: double size of id field in messageMartin Willi2013-07-181-1/+1
|
* error-notify: increase size of string/identity fields in messagesMartin Willi2013-07-181-2/+2
|
* whitelist: use a read-copy when listing entriesMartin Willi2013-07-181-19/+44
| | | | | While this requires a little more overhead, we can free the lock should the stream block, allowing other threads to add/remove entries.
* whitelist: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
|
* lookip: fix error handling when creating the socket failsMartin Willi2013-07-181-1/+7
|
* error-notify: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 23:28:38 +0000