aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/processing
Commit message (Collapse)AuthorAgeFilesLines
* ikev1: Extend adopt_children_job by task queuing, executed after adoptionMartin Willi2014-08-252-0/+48
|
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-041-1/+1
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* ike: Delay actively initiated reauthentication when other exchanges in progressMartin Willi2014-04-171-2/+47
| | | | | If any other IKE or CHILD_SA operation takes places, we should not start initiating reauthentication to avoid any potential races.
* ike: Restart inactivity counter after doing a CHILD_SA rekeyMartin Willi2014-01-231-2/+3
| | | | | | | | | | | | When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity job is queued for a time unrelated to the rekey time, so it might happen that the inactivity job gets executed just after rekeying. If this happens, inactivity is detected even if we had traffic on the rekeyed CHILD_SA just before rekeying. This change implies that inactivity checks can't handle inactivity timeouts for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter than the rekey time to have any effect.
* ikev1: Don't log a reauthentication detection message if no children adoptedMartin Willi2013-09-301-2/+6
| | | | | When a replace unique policy is in place, the children get adopted during the uniqueness check. In this case the message is just misleading.
* Reuse reqid for trap policies installed for dpd|closeaction=holdTobias Brunner2013-07-011-1/+1
|
* Delete IKE_SAs if responder does not initiate XAuth exchange within a ↵Tobias Brunner2013-03-191-1/+11
| | | | certain time frame
* When IKEv1 DPD times out, raise missing SEND_RETRANSMIT_TIMOUT alertMartin Willi2013-03-141-0/+1
|
* child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-142-4/+3
| | | | packets
* Log message size for in- and outbound IKE messagesTobias Brunner2012-12-241-2/+3
|
* Raise an alert if half-open timeout limit reachedMartin Willi2012-12-191-0/+1
|
* Properly trigger ike_updown() event if IKEv1 DPD times outMartin Willi2012-12-041-0/+1
| | | | Fixes missing RADIUS Accounting Stop, #257.
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-242-2/+2
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-3/+12
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-1/+1
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-1/+1
| | | | configurable.
* Make rescheduling a job more predictableTobias Brunner2012-06-251-6/+4
| | | | | | | | | | | | | This avoids race conditions between calls to cancel() and jobs that like to be rescheduled. If jobs were able to reschedule themselves it would theoretically be possible that two worker threads have the same job assigned (the one currently executing the job and the one executing the same but rescheduled job if it already is time to execute it), this means that cancel() could be called twice for that job. Creating a new job based on the current one and reschedule that is also OK, but rescheduling itself is more efficient for jobs that need to be executed often.
* Give processor_t more control over the lifecycle of a jobTobias Brunner2012-06-2519-59/+51
| | | | | | | | | | | Jobs are now destroyed by the processor, but they are allowed to reschedule themselves. That is, parts of the reschedule functionality already provided by callback_job_t is moved to the processor. Not yet fully supported is JOB_REQUEUE_DIRECT and canceling jobs. Note: job_t.destroy() is now called not only for queued jobs but also after execution or cancellation of jobs. job_t.status can be used to decide what to do in said method.
* Use XAuth/EAP remote identity for uniqueness checkMartin Willi2012-06-251-2/+2
|
* Avoid queueing more than one retry initiate job.Tobias Brunner2012-05-301-1/+1
|
* Job added to re-initiate an IKE_SA.Tobias Brunner2012-05-302-0/+143
|
* Fix IKEv1 DPD clear, destroying IKE_SA even if reestablish not neededMartin Willi2012-05-211-9/+3
|
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-171-1/+1
|
* Consider inbound ESP as a sign of liveness for DPD timeoutMartin Willi2012-05-151-2/+15
|
* Schedule a DPD timeout job that enforces the IKE message timeout policyMartin Willi2012-05-152-0/+163
|
* Loggers specify what log messages they want to receive during registration.Tobias Brunner2012-05-021-1/+1
| | | | | | | This also allows us to generate the log message only once for all loggers that need it (avoids calls to custom printf specifier callbacks). To update the log levels loggers can simply be registered again.
* Adopt children after syncing a rekeyed IKEv1 SAMartin Willi2012-03-201-1/+2
|
* Invoke ike_updown hooks for reauthenticated IKEv1 SAsMartin Willi2012-03-201-0/+1
|
* Try to detect reauthentication as responder and adopt children to new SAMartin Willi2012-03-202-0/+224
|
* Do not query CHILD_SA during delete if they already expiredMartin Willi2012-03-203-6/+11
|
* Removed obsolete XAuth jobMartin Willi2012-03-202-133/+0
|
* Pass IKE version to peer config enumerator, filter configsMartin Willi2012-03-201-1/+1
|
* IKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, ↵Clavister OpenSource2012-03-201-2/+1
| | | | signalling whether or not to call the task_manager->initiate method after queueing the task.
* IKEv1 XAuth: Added a job to call the initiate_xauth method of ike_sa after ↵Clavister OpenSource2012-03-202-0/+134
| | | | the completion of the current set of tasks is complete.
* Do not ignore configs for IKEv1 in charon anymoreMartin Willi2012-03-201-5/+0
|
* Use enum to define IKE version on peer_cfg_t.Tobias Brunner2012-03-201-1/+1
| | | | Replaced all those magic numbers.
* Migrated initiate_mediation_job_t to INIT/METHOD macros.Tobias Brunner2011-10-031-30/+19
|
* Migrated mediation_job_t to INIT/METHOD macros.Tobias Brunner2011-10-031-28/+16
|
* Add missing semicolonMartin Willi2011-09-121-1/+1
|
* bus->listen() and the controller wrappers accept a timeout to wait for callbacksMartin Willi2011-08-262-2/+2
|
* Replaced ike_sa_t.create_child_sa_iterator with enumerator.Tobias Brunner2011-07-062-7/+7
| | | | | This required two new methods on ike_sa_t. One returns the number of CHILD_SAs and one allows to remove a CHILD_SA.
* implemented PASS and DROP shunt policiesAndreas Steffen2011-06-281-1/+11
|
* Added a non-blocking, skipping variant of IKE_SA enumeratorMartin Willi2011-05-161-1/+2
|
* Use high priority for retransmit/dpd/keepalive jobsMartin Willi2011-05-163-3/+3
|
* Use job priorities in process_message job based on exchange typesMartin Willi2011-05-161-1/+16
|
* Introduce priority classes for jobsMartin Willi2011-05-1616-1/+117
|
* Invert check to delete unestablished IKE_SAs to not delete them once establishedMartin Willi2011-02-281-2/+2
|
* Migrated update_sa_job_t to INIT/METHOD macrosAndreas Steffen2011-02-101-15/+16
|
* Migrated send_keepalive_job_t to INIT/METHOD macrosAndreas Steffen2011-02-101-15/+14
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 00:53:31 +0000