| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | child_sa_t.get_usestats() can additionally return the number of processed ↵ | Martin Willi | 2013-03-14 | 1 | -1/+6 |
| | | | | | packets | ||||
| * | kernel_ipsec_t.query_sa() additionally returns the number of processed packets | Martin Willi | 2013-03-14 | 1 | -3/+15 |
| | | |||||
| * | Don't wait while removing external IPs used for load testing | Martin Willi | 2012-11-29 | 1 | -1/+1 |
| | | |||||
| * | Install virtual IPs via interface name, and use an interface lookup where ↵ | Martin Willi | 2012-11-29 | 1 | -2/+9 |
| | | | | | required | ||||
| * | Add an optional kernel-interface parameter to install IPs with a custom prefix | Martin Willi | 2012-11-29 | 1 | -2/+2 |
| | | |||||
| * | Derive a dynamic TS to multiple virtual IPs | Martin Willi | 2012-09-18 | 1 | -3/+7 |
| | | |||||
| * | Support multiple virtual IPs on peer_cfg and ike_sa classes | Martin Willi | 2012-08-30 | 1 | -9/+12 |
| | | |||||
| * | Store shorter soft lifetime of in- and outbound SAs only | Martin Willi | 2012-06-08 | 1 | -1/+8 |
| | | |||||
| * | Mark CHILD_SAs used for trap policies to uninstall them properly. | Tobias Brunner | 2012-06-04 | 1 | -6/+13 |
| | | | | | | | | If the installation failed the state is not CHILD_ROUTED which means the wrong priority is used to uninstall the policies. This is a problem for kernel interfaces that keep track of installed policies as now the proper policy is not found (if the priority is considered). | ||||
| * | Added a getter for CHILD_SA marks | Martin Willi | 2012-03-22 | 1 | -0/+11 |
| | | |||||
| * | Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid | Martin Willi | 2012-03-22 | 1 | -0/+9 |
| | | |||||
| * | typos: initator->initiator, authenticaion->authentication. | Tobias Brunner | 2011-08-15 | 1 | -1/+1 |
| | | |||||
| * | Update fallback drop policies if required. | Tobias Brunner | 2011-07-29 | 1 | -2/+20 |
| | | |||||
| * | Install fallback drop policies for all three directions. | Tobias Brunner | 2011-07-28 | 1 | -65/+66 |
| | | |||||
| * | Install fallback drop policies to avoid transmitting unencrypted packets. | Tobias Brunner | 2011-07-27 | 1 | -0/+17 |
| | | | | | | | | During the update of a CHILD_SA (e.g. caused by MOBIKE) the old policy is first uninstalled and then the new one is installed. In the short time in between, where no policy is available in the kernel, unencrypted packets could have been transmitted. | ||||
| * | Remove policies in kernel interfaces based on their priority. | Tobias Brunner | 2011-07-27 | 1 | -15/+21 |
| | | | | | | | This allows to unroute a connection while the same connection is currently established. In this case both CHILD_SAs share the same reqid but the installed policies have different priorities. | ||||
| * | Add the reqid to kernel_ipsec_t.del_policy. | Tobias Brunner | 2011-07-06 | 1 | -6/+12 |
| | | |||||
| * | Install ESN SAs if such a proposal has been negotiated | Martin Willi | 2011-04-20 | 1 | -1/+4 |
| | | |||||
| * | Added an esn parameter to the kernel interface add_sa functions | Martin Willi | 2011-04-20 | 1 | -1/+1 |
| | | |||||
| * | Do not use TFC padding if peer does not support ESPv3 | Martin Willi | 2010-12-20 | 1 | -2/+5 |
| | | |||||
| * | Added a TFC padding option to child_cfg | Martin Willi | 2010-12-20 | 1 | -0/+2 |
| | | |||||
| * | Implemented Traffic Flow Confidentiality padding in kernel_interface | Martin Willi | 2010-12-20 | 1 | -1/+2 |
| | | |||||
| * | Install selectors on transport mode IPsec SAs. | Jiri Bohac | 2010-12-13 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | This fixes several test cases in IKEv2_Self_Test (part of the IPv6 Ready Logo Program) which is required for USGv6 certification, namely: - IKEv2.EN.I.1.1.7.1, IKEv2.EN.I.1.1.7.1: Narrowing the range of members of the set of traffic selectors - IKEv2.EN.R.1.1.7.3: Narrowing multiple traffic selector When traffic selectors of a triggered SA are narrowed by the responder, the installed policy and the broader trap policy share the same reqid. Without selectors on the IPsec SA packets matching the trap policy, but not the narrowed policy, would incorrectly be handled by that IPsec SA. Since only one selector can be specified per IPsec SA, there is currently no solution for tunnel mode SAs. | ||||
| * | Adapted child_sa_t to changed kernel interface. | Tobias Brunner | 2010-09-02 | 1 | -25/+49 |
| | | |||||
| * | Added an option to specify the type of a policy to kernel_ipsec.add_policy. | Tobias Brunner | 2010-09-02 | 1 | -18/+18 |
| | | | | | | This will later allow us to support pluto's passthrough and drop policies in charon. | ||||
| * | Replaced the protocol argument in add_policy with an optional SPI for an AH SA. | Tobias Brunner | 2010-09-02 | 1 | -18/+37 |
| | | |||||
| * | Refer to kernel interface via hydra and not charon. | Tobias Brunner | 2010-09-02 | 1 | -31/+32 |
| | | |||||
| * | Removed references to protocol_id_t from kernel interface. | Tobias Brunner | 2010-09-02 | 1 | -37/+65 |
| | | | | | | Instead we use the actual IP protocol identifier (the conversion now happens in child_sa_t and kernel_handler_t). | ||||
| * | Migrated child_sa_t to INIT/METHOD macros. | Tobias Brunner | 2010-09-02 | 1 | -202/+132 |
| | | |||||
| * | support of xfrm marks for IKEv2 | Andreas Steffen | 2010-07-02 | 1 | -34/+48 |
| | | |||||
| * | Wrap getters for dpd/close action into CHILD_SA, allows us to override them | Martin Willi | 2010-06-02 | 1 | -0/+48 |
| | | |||||
| * | Use reqid from connection config if present. | Reto Buerki | 2010-05-04 | 1 | -2/+6 |
| | | |||||
| * | Moving charon to libcharon. | Tobias Brunner | 2010-03-19 | 1 | -0/+1015 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |