aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon ↵Andreas Steffen2013-08-1566-10629/+0
| | | | plugins to libtnccs
* rapid PT-TLS AR/PDP prototypeAndreas Steffen2013-08-155-60/+254
|
* Add PT-TLS interface to strongSwan PDPAndreas Steffen2013-08-154-39/+68
|
* updown: remove description of unsupported PLUTO_ variablesMartin Willi2013-08-081-1/+0
| | | | These have been set by pluto, but are not by charons updown plugin.
* tnc-pdp: Initialize struct msghdr properly when reading RADIUS messages5.1.0Tobias Brunner2013-07-311-10/+10
| | | | | Before this e.g. msg_controllen was not initialized properly which could cause invalid reads.
* whitelist: Fix compilation on FreeBSDTobias Brunner2013-07-311-0/+2
|
* Callback job is not needed any moreAndreas Steffen2013-07-311-4/+0
|
* unity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributesTobias Brunner2013-07-291-50/+97
| | | | | | | Cisco devices seem to add 6 bytes of padding between each address/mask pair. Fixes #366.
* tnc-pdp now uses watcher_tAndreas Steffen2013-07-291-92/+63
|
* eap-radius: do RADIUS/IKE attribute forwarding in XAuth backendMartin Willi2013-07-292-1/+5
|
* eap-radius: support plain XAuth RADIUS authentication using User-PasswordMartin Willi2013-07-294-0/+253
|
* eap-radius: export function to build common attributes of Access-RequestMartin Willi2013-07-292-24/+39
|
* eap-radius: export function to process common attributes of Access-AcceptMartin Willi2013-07-292-31/+36
|
* socket-dynamic: Properly initialize IPv6 addressTobias Brunner2013-07-241-1/+1
|
* tnc-ifmap: Use proper cast for length when using %.*sTobias Brunner2013-07-241-5/+6
|
* coupling: Fix call to call_hook()Tobias Brunner2013-07-221-1/+1
|
* tnc-pdp: Fix reading port setting from strongswan.confTobias Brunner2013-07-221-1/+1
|
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-186-39/+2
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* certexpire: add an option to enforce exporting trustchains having a private keyMartin Willi2013-07-181-15/+83
|
* error-notify: catch and forward some alerts related to certificate validationMartin Willi2013-07-182-0/+25
|
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-182-1/+10
|
* lookip: double size of id field in messageMartin Willi2013-07-181-1/+1
|
* error-notify: increase size of string/identity fields in messagesMartin Willi2013-07-181-2/+2
|
* whitelist: use a read-copy when listing entriesMartin Willi2013-07-181-19/+44
| | | | | While this requires a little more overhead, we can free the lock should the stream block, allowing other threads to add/remove entries.
* whitelist: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
|
* lookip: fix error handling when creating the socket failsMartin Willi2013-07-181-1/+7
|
* error-notify: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
|
* eap-radius: use watcher instead of receiver thread on DAE socketMartin Willi2013-07-181-11/+7
|
* dhcp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-10/+8
|
* farp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-11/+6
|
* load-tester: use a stream service to dispatch control connectionsMartin Willi2013-07-182-93/+27
|
* whitelist: use a stream service to accept client connectionsMartin Willi2013-07-183-121/+106
| | | | | Use SOCK_STREAM, as we don't have SOCK_SEQPACKET on TCP. To have network transparency, the message now uses network byte order.
* lookip: use stream service with async I/O dispatchingMartin Willi2013-07-185-256/+294
| | | | | Now uses SOCK_STREAM, as SOCK_SEQPACKET is not available over TCP. To have network transparency, the message now uses network byte order.
* error-notify: use a stream service to accept client connectionsMartin Willi2013-07-184-122/+103
| | | | | As TCP does not have SOCK_SEQPACKET, we now use SOCK_STREAM for the error-notify socket. To have network transparency, the message now uses network byte order.
* duplicheck: use a stream service to accept client connectionsMartin Willi2013-07-184-105/+146
| | | | | | As we can't use SOCK_SEQPACKET over TCP, we now have to provide message boundaries ourselves. We do this by appending a 16-bit length header to each sent duplicate identity.
* stroke: use a stream service to handle stroke requestsMartin Willi2013-07-181-227/+48
|
* kernel-libipsec: Fail route installation if remote TS matches peerTobias Brunner2013-07-181-0/+9
|
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-1812-13/+16
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-1861-225/+346
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* eap-sim-pcsc: fix compiler warningMartin Willi2013-07-181-2/+1
|
* unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were ↵Tobias Brunner2013-07-171-11/+32
| | | | received
* unity: Allow UNITY_LOCAL_LAN to be longer than 8 bytesTobias Brunner2013-07-171-1/+1
|
* unity: Fix memory leak in providerTobias Brunner2013-07-171-0/+1
|
* child-sa: replace get_traffic_selectors() with create_ts_enumerator()Martin Willi2013-07-175-19/+46
| | | | | Not directly returning a linked list allows us to change the internals of the CHILD_SA transparently.
* kernel-libipsec: Log error if no local address is found when installing routesTobias Brunner2013-07-151-0/+5
|
* stroke: Add certificates extracted from PKCS#12 files to correct credential setTobias Brunner2013-07-151-4/+4
| | | | | Only keys and shared secrets are moved from the temporary credential set after loading all secrets.
* Use strpfx() helper where appropriateTobias Brunner2013-07-084-20/+19
|
* socket-default: Add options to disable address familiesTobias Brunner2013-07-051-0/+25
|
* net: Socket implementations report the address families they supportTobias Brunner2013-07-052-2/+28
|
* eap-radius: fix add_attribute/framed_ip method signaturesMartin Willi2013-07-011-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 17:13:09 +0000