aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
* stroke: Properly parse bliss key strength in public key constraintTobias Brunner2015-03-251-1/+1
|
* eap-tnc: Free eap-tnc object if IKE_SA not found to get IPsTobias Brunner2015-03-251-0/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2015-03-251-1/+1
|
* child-sa: Add a new state to track rekeyed IKEv1 CHILD_SAsTobias Brunner2015-03-252-2/+4
| | | | | | This is needed to handle DELETEs properly, which was previously done via CHILD_REKEYING, which we don't use anymore since 5c6a62ceb6 as it prevents reauthentication.
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-1/+2
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-233-5/+9
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-234-6/+6
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* load-tester: Migrate NULL DH implementation to INIT/METHOD macrosMartin Willi2015-03-231-21/+26
|
* attr-sql: Rename sql_attribute_t to attr_sql_provider_tMartin Willi2015-03-195-32/+32
| | | | | | As the plugin has its origins in the sql plugin, it still uses the naming scheme for the attribute provider implementation. Rename the class to better match the naming scheme we use in any other plugin
* vici: Add support for python 3Björn Schuberg2015-03-185-8/+29
|
* vici: Execute python tests during "check" if py.test is availableMartin Willi2015-03-181-0/+4
|
* vici: Add test of Packet layer in python libraryBjörn Schuberg2015-03-181-1/+47
|
* vici: Add test of Message (de)serialization in python libraryBjörn Schuberg2015-03-183-0/+100
|
* vici: Evaluate Python streamed command results, and raise CommandExceptionMartin Willi2015-03-181-1/+10
|
* vici: Catch Python GeneratorExit to properly cancel streamed event iterationMartin Willi2015-03-182-1/+12
|
* vici: Fall back to heap buffer when vararg printing on stack failsMartin Willi2015-03-181-21/+44
| | | | This avoids failures when building log event messages including larger hexdumps.
* vici: Return a Python generator instead of a list for streamed responsesMartin Willi2015-03-182-47/+25
| | | | | | | In addition that it may reduce memory usage and improve performance for large responses, it returns immediate results. This is important for longer lasting commands, such as initiate/terminate, where immediate log feedback is preferable when interactively calling such commands.
* vici: Raise a Python CommandException instead of returning a CommandResultMartin Willi2015-03-182-82/+42
|
* vici: Add initial Python egg documentation to READMEMartin Willi2015-03-181-0/+65
|
* vici: Use OrderedDict to handle vici responses in Python libraryMartin Willi2015-03-181-2/+3
| | | | | The default Python dictionaries are unordered, but order is important for some vici trees (for example the order of authentication rounds).
* vici: Return authentication rounds with unique namesMartin Willi2015-03-181-1/+4
| | | | | | To simplify handling of authentication rounds in dictionaries/hashtables on the client side, we assign unique names to each authentication round when listing connection.
* vici: Rebuild ruby gem on source file changesMartin Willi2015-03-181-1/+1
|
* vici: Use default Unix vici socket if none passed to ruby constructorMartin Willi2015-03-182-4/+7
| | | | | While we currently have a static path instead of one generated with Autotools, this at least is congruent to what we have in the Python library.
* vici: Support non-Unix sockets for vici connections using PythonMartin Willi2015-03-182-7/+9
|
* vici: Add python egg setuptools building and installation using easy_installMartin Willi2015-03-181-0/+15
| | | | | | An uninstall target is currently not supported, as there is no trivial way with either plain setuptools or with easy_install. pip would probably be the best choice, but we currently don't depend on it.
* vici: Generate a version specific setup.py for setuptools installationMartin Willi2015-03-183-0/+41
|
* vici: Include python package in distributionMartin Willi2015-03-182-0/+9
|
* vici: Add python package MIT licenseBjörn Schuberg2015-03-182-0/+20
|
* vici: Expose Session as a top-level symbol in python packageBjörn Schuberg2015-03-181-0/+1
|
* vici: Introduce main API Session class in python packageBjörn Schuberg2015-03-181-1/+244
|
* vici: Add a python vici command execution handlerBjörn Schuberg2015-03-182-1/+134
|
* vici: Add vici python protocol handlerBjörn Schuberg2015-03-184-0/+199
|
* vici: Use %u to print stats returned by mallinfo(3)Tobias Brunner2015-03-131-4/+4
| | | | Fixes #886.
* stroke: Use %u to print stats returned by mallinfo(3)Tobias Brunner2015-03-131-1/+1
| | | | References #886.
* eap-radius: Increase Acct-Session-ID string bufferMartin Willi2015-03-131-1/+1
| | | | | | | | As the startup timestamp needs 10 characters, we only have left 4 characters for the IKE_SA unique identifier. This is insufficient when having 10000 IKE_SAs or more established, resulting in non-unique session identifiers. Fixes #889.
* ha: Destroy synced IKE_SA if no configuration is found during updateMartin Willi2015-03-101-0/+3
|
* libipsec: Pass separate inbound/update flags to the IPsec SA managerMartin Willi2015-03-091-1/+2
| | | | | Similar to other kernel interfaces, the libipsec backends uses the flag for different purposes, and therefore should get separate flags.
* kernel-interface: Add a separate "update" flag to add_sa()Martin Willi2015-03-093-3/+3
| | | | | | | | | | | The current "inbound" flag is used for two purposes: To define the actual direction of the SA, but also to determine the operation used for SA installation. If an SPI has been allocated, an update operation is required instead of an add. While the inbound flag normally defines the kind of operation required, this is not necessarily true in all cases. On the HA passive node, we install inbound SAs without prior SPI allocation.
* Revert "ha: Always install the CHILD_SAs with the inbound flag set to FALSE"Martin Willi2015-03-091-2/+2
| | | | | | | | While this change results in the correct add/update flag during installation, it exchanges all other values in the child_sa->install() call. We should pass the correct flag, but determine the add/update flag by other means. This reverts commit e722ee5d.
* Make access requestor IP address available to TNC serverAndreas Steffen2015-03-082-12/+39
|
* stroke: Enable BLISS-based public key constraintsTobias Brunner2015-03-041-4/+19
|
* stroke: Support public key constraints for EAP methodsMartin Willi2015-03-031-1/+8
|
* eap-ttls: Support EAP auth information getter in EAP-TTLSMartin Willi2015-03-031-0/+7
|
* eap-tls: Support EAP auth information getter in EAP-TLSMartin Willi2015-03-031-0/+7
|
* stroke: Serve ca section CA certificates directly, not over central CA setMartin Willi2015-03-033-5/+85
| | | | | | | This makes these CA certificates independent from the purge issued by reread commands. Certificates loaded by CA sections can be removed through ipsec.conf update/reread, while CA certificates loaded implicitly from ipsec.d/cacerts can individually be reread using ipsec rereadcacerts.
* stroke: Purge existing CA/AA certificates during rereadMartin Willi2015-03-031-0/+4
|
* stroke: Use separate credential sets for CA/AA certificatesMartin Willi2015-03-031-3/+21
|
* stroke: Refactor load_certdir functionMartin Willi2015-03-031-108/+158
|
* vici: Don't use a default rand_time larger than half of rekey/reauth_timeMartin Willi2015-03-031-3/+11
|
* vici: If a IKE reauth_time is configured, disable the default rekey_timeMartin Willi2015-03-031-1/+16
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 03:10:59 +0000