aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* vici: Move dumping to core message class, use it in libviciMartin Willi2014-05-074-56/+81
|
* vici: Add convenience value/string/integer getter to libviciMartin Willi2014-05-072-0/+76
|
* vici: Add some convenience getters on messageMartin Willi2014-05-073-1/+337
|
* vici: Raise events with an optional identifier for specific connectionsMartin Willi2014-05-074-9/+14
|
* vici: Invoke dispatcher outside of connection log, allowing events from commandsMartin Willi2014-05-071-4/+13
|
* vici: Add a query class, currently implementing a list-sas commandMartin Willi2014-05-074-1/+440
|
* vici: Add a libvici low-level client libraryMartin Willi2014-05-076-0/+1413
|
* vici: Provide a command dispatcher handling request and event registrationMartin Willi2014-05-079-128/+1105
|
* vici: Add a fully asynchronous IPC socket segmenting messages on/from streamMartin Willi2014-05-078-0/+1538
|
* vici: Add a test runner for pluginMartin Willi2014-05-074-0/+87
|
* vici: Add a plugin stub for the "Versatile IKE Control Interface" pluginMartin Willi2014-05-073-0/+145
|
* load-tester: Fix race condition issuing same SPIChristophe Gouault2014-04-241-2/+2
| | | | | | | | | | Due to an unprotected incrementation, two load-tester initiators occasionally use the same SPI under high load, and hence generate 2 IPsec SAs with the same identifier. The responder IPsec stack will refuse to configure the second SA. Use an atomic incrementation to avoid this race condition. Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
* load-tester: Fix race condition issuing same identityChristophe Gouault2014-04-241-2/+2
| | | | | | | | | | Due to an unprotected incrementation, two load-tester initiators occasionally use the same identifier under high load. The responder typically drops one of the connections. Use an atomic incrementation to avoid this race condition. Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
* ikev2: Add inherit_pre() to apply config and hosts before IKE_SA rekeyingMartin Willi2014-04-171-8/+2
|
* eap-mschapv2: Fix potential leaks in case of invalid messages from serversTobias Brunner2014-04-091-0/+4
|
* stroke: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* tls: Support a maximum TLS version to negotiate using TLS socket abstractionMartin Willi2014-04-011-1/+1
|
* tls: Support a null encryption flag on TLS socket abstractionMartin Willi2014-04-011-2/+2
|
* Properly hash pointers for hash tables where appropriateTobias Brunner2014-03-313-54/+5
| | | | | Simply using the pointer is not optimal for our hash table implementation, which simply masks the key to determine the bucket.
* eap-radius: Add option to not close IKE_SAs on timeouts during interim ↵Tobias Brunner2014-03-311-1/+6
| | | | | | accouting updates Fixes #528.
* x509: Replace fixed acert group string getter by a more dynamic group enumeratorMartin Willi2014-03-311-16/+68
|
* tnc-pdp: Fix monolithic buildTobias Brunner2014-03-201-1/+2
|
* tnc-ifmap: Get a reference to the client cert as it is also used in an auth ↵Tobias Brunner2014-03-101-1/+1
| | | | config
* stroke: Use thread-safe dirname(3)Tobias Brunner2014-02-241-6/+4
|
* stroke: Use dirname(3) correctlyTobias Brunner2014-02-241-5/+5
|
* stroke: Use proper modifiers to print size_t argumentsTobias Brunner2014-02-181-1/+1
|
* lookip: Properly return from disconnect callback jobTobias Brunner2014-02-181-1/+3
| | | | References #518.
* lookip: Disconnect asynchronously to avoid dead-locking watcher unregistrationMartin Willi2014-02-171-3/+30
| | | | | | | | | While it really would be desirable to allow stream destruction during on_read() callbacks, this does not work anymore since e49b2998. Until we have a proper solution for this issue, use asynchronous disconnects for the only user doing so. Fixes #518.
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-1258-205/+201
|
* libhydra: Use lib->ns instead of hydra->daemonTobias Brunner2014-02-121-1/+1
|
* pool: Install SQL schemas from src/poolTobias Brunner2014-02-123-567/+0
| | | | | This allows us to install the schemas if either the attr-sql or sql plugin is enabled, since both use the same schema (at least in parts).
* sql: Set default values for some fields in addresses tableTobias Brunner2014-02-122-6/+6
|
* sql: Install SQL schemas in /usr/share/strongswan/templates/databaseTobias Brunner2014-02-121-0/+3
|
* sql: Remove unused cred.sql snippetTobias Brunner2014-02-121-24/+0
|
* updown: Return an empty DNS server enumerator if no IKE_SA availableMartin Willi2014-02-061-1/+1
| | | | | The one existing caller does not handle a NULL return and always expects an enumerator; and returning FALSE does not make sense anyway.
* xauth-pam: Open/close a PAM session for each connected clientAndrea Bonomi2014-01-234-9/+265
| | | | Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
* xauth-pam: Sanitize XAuth attributes before passing them to PAMMartin Willi2014-01-231-1/+5
|
* stroke: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-30/+6
|
* radattr: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-40/+8
|
* chunk: Externalize error reporting in chunk_write()Martin Willi2014-01-231-1/+10
| | | | | This avoids passing that arbitrary label just for error messages, and gives greater flexibility in handling errors.
* unity: Send all traffic selectors in a single UNITY_SPLIT_INCLUDE attributeTobias Brunner2014-01-231-35/+47
| | | | Cisco clients only handle the first such attribute.
* unity: Change local TS to 0.0.0.0/0 as responderTobias Brunner2014-01-231-4/+7
| | | | | Cisco clients and Shrew expect a remote TS of 0.0.0.0/0 if Unity is used, otherwise Quick Mode fails.
* unity: Send UNITY_SPLIT_INCLUDE attributes with proper paddingTobias Brunner2014-01-231-11/+16
| | | | | | The additional 6 bytes are not actually padding but are parsed by the Cisco client as protocol and src and dst ports (each two bytes but strangely only the first two in network order).
* updown: Increase buffer size for script and environment variablesTobias Brunner2014-01-231-1/+1
|
* updown: Add PLUTO_IPCOMP to indicate if IPComp was negotiatedTobias Brunner2014-01-231-1/+7
|
* stroke: Ensure the buffer of strings in a stroke_msg_t is null-terminatedTobias Brunner2014-01-231-2/+5
| | | | | Otherwise a malicious user could send an unterminated string to cause unterminated reads.
* stroke: Add an option to prevent log level changes via stroke socketTobias Brunner2014-01-231-2/+15
|
* dhcp: Allow binding of socket to particular interfaceThomas Egerer2014-01-201-0/+34
| | | | | | | | | In certain situations it is desirable to bind the send/receive sockets for the DHCP address allocation to a particular interface. With this patch the strongswan.conf option charon.plugins.dhcp.interface can be used to restrict the DHCP communication to a configurable interface. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* stroke: Fix error message if parsing leftsourceip failsTobias Brunner2014-01-061-1/+1
|
* leak-detective: Use callback functions to report leaks and usage informationMartin Willi2013-11-061-1/+22
| | | | This is more flexible than printing reports to a FILE.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 21:46:13 +0000