aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
* vici: Cancel processor before calling library_deinit()Martin Willi2014-10-101-0/+1
| | | | | For non-direct libstrongswan users, the deinitialization segfaults because of the missing worker thread cancellation.
* vici: Reduce debug level during thread spawningMartin Willi2014-10-101-0/+2
| | | | We want to avoid libvici users to get a cluttered stderr for no real error.
* vici: Don't include-depend on libstrongswan for boolean typesMartin Willi2014-10-102-4/+2
| | | | | | | | As we want to avoid the libstrongswan include dependencies for libvici, avoid the use of the bool type. Unfortunately this change may break the ABI for vici_dump(). As this function is mostly for debugging purposes, we do it nonetheless; my apologies if somebody already relies on the ABI stability of that function.
* vici: Document the ruby gem and add some simple examplesMartin Willi2014-10-101-0/+58
|
* vici: Add some simple libvici examples to the READMEMartin Willi2014-10-101-2/+116
|
* vici: Document the available vici command and event messagesMartin Willi2014-10-101-1/+509
|
* vici: Use "gem"-assisted vici ruby gem building and installationMartin Willi2014-10-104-1/+29
|
* vici: Add a ruby gem providing a native vici interfaceMartin Willi2014-10-103-0/+586
|
* vici: Return a success result for the clear-creds commandMartin Willi2014-10-101-4/+1
| | | | | Even if the command actually can't fail, this looks more aligned to similar commands.
* vici: Fix message encoding type values in documentationMartin Willi2014-10-101-6/+6
|
* eap-radius: Add option to set interval for interim accounting updatesTobias Brunner2014-10-101-0/+10
| | | | | | Any interval returned by the RADIUS server in the Access-Accept message overrides the configured interval. But it might be useful if RADIUS is only used for accounting.
* packet: Define a global default maximum size for IKE packetsTobias Brunner2014-10-103-12/+3
|
* ext-auth: Add an ext-auth plugin invoking an external authorization scriptMartin Willi2014-10-065-0/+485
| | | | Original patch courtesy of Vyronas Tsingaras.
* updown: Use process abstraction to invoke updown scriptMartin Willi2014-10-061-246/+215
|
* stroke: Allow specifying the ipsec.secrets location in strongswan.confShea Levy2014-10-021-2/+10
|
* vici: Add a command to reload strongswan.confMartin Willi2014-09-221-0/+12
|
* eap-radius: Forward Cisco and Microsoft specific DNS/NBNS attributesTobias Brunner2014-09-091-0/+50
| | | | Fixes #677.
* ha: Don't adopt IKEv1 children when building without IKEv1 supportMartin Willi2014-08-281-0/+2
| | | | | | | The adopt_children_job_create() function is not available when IKEv1 support is disabled. Fixes uncommon builds using --enable-ha --disable-ikev1. Fixes #690.
* unity: Do not bump TS to 0.0.0.0/0 as initiator when no Split-Include receivedMartin Willi2014-08-251-1/+21
| | | | | | | When having the unity plugin enabled and both peers send the Unity Vendor ID, we proposed 0.0.0.0/0 as traffic selector, even if no Split-Include has been received on the SA. This can break compatibility with some responders, as they don't narrow the TS themselves, but expect the configured TS.
* unity: Handle narrowing according to roles in the IKE_SATobias Brunner2014-08-251-16/+33
| | | | | | Since the narrow hook types reflect the roles in the Quick Mode exchange the plugin behaved incorrectly if the server initiated the CHILD_SA rekeying.
* xauth-pam: Add workaround for null-terminated passwordsTobias Brunner2014-07-071-1/+6
| | | | Fixes #631.
* stroke: Don't log unspecified options of conn and ca sectionsTobias Brunner2014-06-301-37/+50
|
* libvici: Add missing argument to Doxygen commentTobias Brunner2014-06-301-0/+1
|
* Fixed some typosTobias Brunner2014-06-302-2/+2
|
* updown: Force subnet address to be numericTobias Brunner2014-06-251-2/+2
|
* eap-radius: Increase buffer for accounting attributes to maximum attribute sizeMartin Willi2014-06-251-1/+1
| | | | Fixes #624.
* vici: Install libvici in ipseclibdir like we do with other librariesTobias Brunner2014-06-191-1/+1
|
* kernel-interface: Add destination prefix to get_nexthop()Tobias Brunner2014-06-193-4/+4
| | | | | This allows to determine the next hop to reach a subnet, for instance, when installing routes for shunt policies.
* load-tester: Add a crl option to include a CRL uri in generated certificatesMartin Willi2014-06-191-1/+21
|
* vici: Support memory stats without leak-detective on WindowsMartin Willi2014-06-171-0/+53
|
* vici: Add a stats command returning various daemon infos and statisticsMartin Willi2014-06-171-0/+104
|
* vici: Support a replay_window CHILD_SA optionMartin Willi2014-06-171-0/+16
|
* starter: Add a replay_window connection optionMartin Willi2014-06-171-0/+4
|
* kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-173-6/+9
|
* socket-win: Use non-overlapped I/O and socket event selectionMartin Willi2014-06-171-31/+13
| | | | | | | | The use of overlapped I/O was incorrect, as we passed stack based buffers, but did not cancel/wait for pending completion on all sockets. Our receive-from-all socket interface is actually tricky to implement using overlapped I/O. Switch to WSAEventSelect() event management, which can be canceled properly while working in a select()-like way.
* Split swanctl --raw mode into single-line and --pretty modeAndreas Steffen2014-06-144-31/+70
|
* windows: Use WINAPI call convention for Windows API callbacksMartin Willi2014-06-063-10/+13
| | | | | For x86_64 it does not actually matter, but for i686 builds the call convention is different with WINAPI.
* kernel-wfp: Include Windows header patch for MinGW 4.8.1Martin Willi2014-06-042-0/+29
|
* kernel-wfp: Clone acquire traffic selectors only if they existMartin Willi2014-06-041-1/+3
|
* kernel-wfp: Install routes for trap policiesMartin Willi2014-06-041-3/+21
|
* kernel-wfp: Refactor route management to separate functionMartin Willi2014-06-041-39/+47
|
* kernel-wfp: Install tunnel mode policies to appropriate sub-layersMartin Willi2014-06-042-6/+22
| | | | | While it is unclear if this has any effect at all, we prefer specific sublayers to install policies as suggested.
* kernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW buildsMartin Willi2014-06-041-0/+89
|
* kernel-wfp: Support multiple traffic selectors on tunnel mode SAsMartin Willi2014-06-041-36/+80
|
* kernel-iph: Implicitly enable IP forwarding when installing routesMartin Willi2014-06-041-0/+26
|
* kernel-wfp: Show a warning for packets the kernel drops in its IPsec layersMartin Willi2014-06-041-0/+6
|
* kernel-wfp: Set flag to get UDP encapsulation with tunnel mode workingMartin Willi2014-06-042-0/+22
| | | | | | Having this flag set fixes connections initiated by the Windows host, but unfortunately does not yet fix incoming connections. Connection state issue? We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
* kernel-wfp: Install tunnel and trap forward policiesMartin Willi2014-06-043-136/+275
|
* kernel-wfp: Manually create a ProviderContext to attach individual filtersMartin Willi2014-06-044-79/+73
| | | | | | This gives us more flexibility than using the intransparent FwpmIPsecTunnelAdd, and fixes the issues we have seen with trap policies. Forward filters are still missing, but required for site-to-site tunnels.
* kernel-wfp: Print filter weight in "ipsecdump filters"Martin Willi2014-06-041-0/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 17:22:28 +0000