aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-libipsec: Use poll(2) instead of selectMartin Willi2014-11-211-54/+56
|
* socket-default: Use round-robin selection of sockets to read fromMartin Willi2014-11-211-5/+13
| | | | | If multiple sockets are ready, we previously preferred the IPv4 non-NAT socket over others. To handle all with equal priority, use a round-robin selection.
* socket-default: Use poll(2) instead of selectMartin Willi2014-11-211-46/+20
| | | | | It is not only simpler, but also allows the use of arbitrary high fd numbers, which silently fails with select().
* vici: Add support for address range definitions of poolsTobias Brunner2014-10-301-5/+35
|
* stroke: Add support for address range definitions of in-memory poolsTobias Brunner2014-10-301-7/+33
|
* updown: Explicitly pass caller PATH to updown scriptMartin Willi2014-10-221-0/+1
| | | | | | | | | When invoking /bin/sh, its default PATH is used. On some systems, that does not include the PATH where the ipsec script is installed, as charon is invoked with a custom PATH. Explicitly setting the PATH of charon should fix this case, properly invoking the (default) updown script. Fixes #745.
* vici: Return default value for get_int() if message value is empty stringMartin Willi2014-10-142-1/+5
| | | | | This is the behavior of some strtol() implementations, and it makes sense, so force it.
* vici: Add vici.gemspec.in and vici.rb to distributionTobias Brunner2014-10-141-0/+2
|
* vici: Cancel processor before calling library_deinit()Martin Willi2014-10-101-0/+1
| | | | | For non-direct libstrongswan users, the deinitialization segfaults because of the missing worker thread cancellation.
* vici: Reduce debug level during thread spawningMartin Willi2014-10-101-0/+2
| | | | We want to avoid libvici users to get a cluttered stderr for no real error.
* vici: Don't include-depend on libstrongswan for boolean typesMartin Willi2014-10-102-4/+2
| | | | | | | | As we want to avoid the libstrongswan include dependencies for libvici, avoid the use of the bool type. Unfortunately this change may break the ABI for vici_dump(). As this function is mostly for debugging purposes, we do it nonetheless; my apologies if somebody already relies on the ABI stability of that function.
* vici: Document the ruby gem and add some simple examplesMartin Willi2014-10-101-0/+58
|
* vici: Add some simple libvici examples to the READMEMartin Willi2014-10-101-2/+116
|
* vici: Document the available vici command and event messagesMartin Willi2014-10-101-1/+509
|
* vici: Use "gem"-assisted vici ruby gem building and installationMartin Willi2014-10-104-1/+29
|
* vici: Add a ruby gem providing a native vici interfaceMartin Willi2014-10-103-0/+586
|
* vici: Return a success result for the clear-creds commandMartin Willi2014-10-101-4/+1
| | | | | Even if the command actually can't fail, this looks more aligned to similar commands.
* vici: Fix message encoding type values in documentationMartin Willi2014-10-101-6/+6
|
* eap-radius: Add option to set interval for interim accounting updatesTobias Brunner2014-10-101-0/+10
| | | | | | Any interval returned by the RADIUS server in the Access-Accept message overrides the configured interval. But it might be useful if RADIUS is only used for accounting.
* packet: Define a global default maximum size for IKE packetsTobias Brunner2014-10-103-12/+3
|
* ext-auth: Add an ext-auth plugin invoking an external authorization scriptMartin Willi2014-10-065-0/+485
| | | | Original patch courtesy of Vyronas Tsingaras.
* updown: Use process abstraction to invoke updown scriptMartin Willi2014-10-061-246/+215
|
* stroke: Allow specifying the ipsec.secrets location in strongswan.confShea Levy2014-10-021-2/+10
|
* vici: Add a command to reload strongswan.confMartin Willi2014-09-221-0/+12
|
* eap-radius: Forward Cisco and Microsoft specific DNS/NBNS attributesTobias Brunner2014-09-091-0/+50
| | | | Fixes #677.
* ha: Don't adopt IKEv1 children when building without IKEv1 supportMartin Willi2014-08-281-0/+2
| | | | | | | The adopt_children_job_create() function is not available when IKEv1 support is disabled. Fixes uncommon builds using --enable-ha --disable-ikev1. Fixes #690.
* unity: Do not bump TS to 0.0.0.0/0 as initiator when no Split-Include receivedMartin Willi2014-08-251-1/+21
| | | | | | | When having the unity plugin enabled and both peers send the Unity Vendor ID, we proposed 0.0.0.0/0 as traffic selector, even if no Split-Include has been received on the SA. This can break compatibility with some responders, as they don't narrow the TS themselves, but expect the configured TS.
* unity: Handle narrowing according to roles in the IKE_SATobias Brunner2014-08-251-16/+33
| | | | | | Since the narrow hook types reflect the roles in the Quick Mode exchange the plugin behaved incorrectly if the server initiated the CHILD_SA rekeying.
* xauth-pam: Add workaround for null-terminated passwordsTobias Brunner2014-07-071-1/+6
| | | | Fixes #631.
* stroke: Don't log unspecified options of conn and ca sectionsTobias Brunner2014-06-301-37/+50
|
* libvici: Add missing argument to Doxygen commentTobias Brunner2014-06-301-0/+1
|
* Fixed some typosTobias Brunner2014-06-302-2/+2
|
* updown: Force subnet address to be numericTobias Brunner2014-06-251-2/+2
|
* eap-radius: Increase buffer for accounting attributes to maximum attribute sizeMartin Willi2014-06-251-1/+1
| | | | Fixes #624.
* vici: Install libvici in ipseclibdir like we do with other librariesTobias Brunner2014-06-191-1/+1
|
* kernel-interface: Add destination prefix to get_nexthop()Tobias Brunner2014-06-193-4/+4
| | | | | This allows to determine the next hop to reach a subnet, for instance, when installing routes for shunt policies.
* load-tester: Add a crl option to include a CRL uri in generated certificatesMartin Willi2014-06-191-1/+21
|
* vici: Support memory stats without leak-detective on WindowsMartin Willi2014-06-171-0/+53
|
* vici: Add a stats command returning various daemon infos and statisticsMartin Willi2014-06-171-0/+104
|
* vici: Support a replay_window CHILD_SA optionMartin Willi2014-06-171-0/+16
|
* starter: Add a replay_window connection optionMartin Willi2014-06-171-0/+4
|
* kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-173-6/+9
|
* socket-win: Use non-overlapped I/O and socket event selectionMartin Willi2014-06-171-31/+13
| | | | | | | | The use of overlapped I/O was incorrect, as we passed stack based buffers, but did not cancel/wait for pending completion on all sockets. Our receive-from-all socket interface is actually tricky to implement using overlapped I/O. Switch to WSAEventSelect() event management, which can be canceled properly while working in a select()-like way.
* Split swanctl --raw mode into single-line and --pretty modeAndreas Steffen2014-06-144-31/+70
|
* windows: Use WINAPI call convention for Windows API callbacksMartin Willi2014-06-063-10/+13
| | | | | For x86_64 it does not actually matter, but for i686 builds the call convention is different with WINAPI.
* kernel-wfp: Include Windows header patch for MinGW 4.8.1Martin Willi2014-06-042-0/+29
|
* kernel-wfp: Clone acquire traffic selectors only if they existMartin Willi2014-06-041-1/+3
|
* kernel-wfp: Install routes for trap policiesMartin Willi2014-06-041-3/+21
|
* kernel-wfp: Refactor route management to separate functionMartin Willi2014-06-041-39/+47
|
* kernel-wfp: Install tunnel mode policies to appropriate sub-layersMartin Willi2014-06-042-6/+22
| | | | | While it is unclear if this has any effect at all, we prefer specific sublayers to install policies as suggested.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 06:39:29 +0000