aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-048-10/+11
|
* xauth-generic: honor requested XAuth credential types as a clientMartin Willi2013-09-031-16/+51
| | | | Support requesting of XAuth PINs and print XAuth messages.
* eap-radius: support XAuth configuration profiles, defining multiple XAuth roundsMartin Willi2013-09-031-22/+157
|
* xauth: add a configuration string option to be passed to XAuth instancesMartin Willi2013-09-0311-13/+27
| | | | | | The configuration string is appended to the XAuth backend name, separated by a colon. The configuration string is passed untouched to the backend, where it can change the behavior of the XAuth module.
* Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp pluginAndreas Steffen2013-08-261-76/+95
|
* stroke: stop enumerating IKE_SAs in statusall if output stream gets closedMartin Willi2013-08-231-1/+1
| | | | | | | If the output stream is not interested in more information, it can close the the stream. Checking for stream errors avoids useless enumeration of IKE_SAs, saving resources. This allows to use "ipsec statusall | head" to monitor the daemon, or stop enumerating IKE_SAs after a specific entry has been found.
* Process PB-TNC batches received via PT-TLS asynchronouslyAndreas Steffen2013-08-191-4/+1
|
* Show host address of peer connecting to PT-TLS socketAndreas Steffen2013-08-151-1/+7
|
* enabled SASL PLAIN authenticationAndreas Steffen2013-08-151-2/+2
|
* PT-TLS connection is properly terminatedAndreas Steffen2013-08-151-3/+2
|
* moved tnc_imv plugin to libtnccs thanks to recommendation callback functionAndreas Steffen2013-08-1512-1887/+79
|
* Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon ↵Andreas Steffen2013-08-1566-10629/+0
| | | | plugins to libtnccs
* rapid PT-TLS AR/PDP prototypeAndreas Steffen2013-08-155-60/+254
|
* Add PT-TLS interface to strongSwan PDPAndreas Steffen2013-08-154-39/+68
|
* updown: remove description of unsupported PLUTO_ variablesMartin Willi2013-08-081-1/+0
| | | | These have been set by pluto, but are not by charons updown plugin.
* tnc-pdp: Initialize struct msghdr properly when reading RADIUS messages5.1.0Tobias Brunner2013-07-311-10/+10
| | | | | Before this e.g. msg_controllen was not initialized properly which could cause invalid reads.
* whitelist: Fix compilation on FreeBSDTobias Brunner2013-07-311-0/+2
|
* Callback job is not needed any moreAndreas Steffen2013-07-311-4/+0
|
* unity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributesTobias Brunner2013-07-291-50/+97
| | | | | | | Cisco devices seem to add 6 bytes of padding between each address/mask pair. Fixes #366.
* tnc-pdp now uses watcher_tAndreas Steffen2013-07-291-92/+63
|
* eap-radius: do RADIUS/IKE attribute forwarding in XAuth backendMartin Willi2013-07-292-1/+5
|
* eap-radius: support plain XAuth RADIUS authentication using User-PasswordMartin Willi2013-07-294-0/+253
|
* eap-radius: export function to build common attributes of Access-RequestMartin Willi2013-07-292-24/+39
|
* eap-radius: export function to process common attributes of Access-AcceptMartin Willi2013-07-292-31/+36
|
* socket-dynamic: Properly initialize IPv6 addressTobias Brunner2013-07-241-1/+1
|
* tnc-ifmap: Use proper cast for length when using %.*sTobias Brunner2013-07-241-5/+6
|
* coupling: Fix call to call_hook()Tobias Brunner2013-07-221-1/+1
|
* tnc-pdp: Fix reading port setting from strongswan.confTobias Brunner2013-07-221-1/+1
|
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-186-39/+2
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* certexpire: add an option to enforce exporting trustchains having a private keyMartin Willi2013-07-181-15/+83
|
* error-notify: catch and forward some alerts related to certificate validationMartin Willi2013-07-182-0/+25
|
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-182-1/+10
|
* lookip: double size of id field in messageMartin Willi2013-07-181-1/+1
|
* error-notify: increase size of string/identity fields in messagesMartin Willi2013-07-181-2/+2
|
* whitelist: use a read-copy when listing entriesMartin Willi2013-07-181-19/+44
| | | | | While this requires a little more overhead, we can free the lock should the stream block, allowing other threads to add/remove entries.
* whitelist: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
|
* lookip: fix error handling when creating the socket failsMartin Willi2013-07-181-1/+7
|
* error-notify: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
|
* eap-radius: use watcher instead of receiver thread on DAE socketMartin Willi2013-07-181-11/+7
|
* dhcp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-10/+8
|
* farp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-11/+6
|
* load-tester: use a stream service to dispatch control connectionsMartin Willi2013-07-182-93/+27
|
* whitelist: use a stream service to accept client connectionsMartin Willi2013-07-183-121/+106
| | | | | Use SOCK_STREAM, as we don't have SOCK_SEQPACKET on TCP. To have network transparency, the message now uses network byte order.
* lookip: use stream service with async I/O dispatchingMartin Willi2013-07-185-256/+294
| | | | | Now uses SOCK_STREAM, as SOCK_SEQPACKET is not available over TCP. To have network transparency, the message now uses network byte order.
* error-notify: use a stream service to accept client connectionsMartin Willi2013-07-184-122/+103
| | | | | As TCP does not have SOCK_SEQPACKET, we now use SOCK_STREAM for the error-notify socket. To have network transparency, the message now uses network byte order.
* duplicheck: use a stream service to accept client connectionsMartin Willi2013-07-184-105/+146
| | | | | | As we can't use SOCK_SEQPACKET over TCP, we now have to provide message boundaries ourselves. We do this by appending a 16-bit length header to each sent duplicate identity.
* stroke: use a stream service to handle stroke requestsMartin Willi2013-07-181-227/+48
|
* kernel-libipsec: Fail route installation if remote TS matches peerTobias Brunner2013-07-181-0/+9
|
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-1812-13/+16
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-1861-225/+346
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-13 10:03:36 +0000