aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ike_sa.c
Commit message (Collapse)AuthorAgeFilesLines
* ike: Fix reestablishing SAs if no child-creating tasks are queuedTobias Brunner2013-07-181-2/+5
|
* ike-sa: uninstall CHILD_SAs before removing virtual IPsMartin Willi2013-07-181-1/+8
| | | | | | a3854d83 changed cleanup order. But we should remove CHILD_SAs first, as routes for CHILD_SAs might get deleted while removing virtual IPs, resulting in an error when a CHILD_SA tries to uninstall its route.
* ike: Migrate queued CHILD_SA-creating tasks when reestablishing an IKE_SATobias Brunner2013-07-171-1/+39
|
* ike-sa: use arrays instead of linked lists in long lived collectionsMartin Willi2013-07-171-116/+98
| | | | This saves about 1.5KB of memory per IKE_SA.
* ike: Resolve hosts only for address families currently supportedTobias Brunner2013-07-051-3/+16
|
* Reuse reqid when restarting CHILD_SAs for dpd|closeaction=restartTobias Brunner2013-07-011-1/+2
|
* Reuse reqid for trap policies installed for dpd|closeaction=holdTobias Brunner2013-07-011-1/+2
|
* Use ref_get() to make sure IKE_SA unique IDs are uniqueMartin Willi2013-06-111-2/+2
|
* Don't unset IKE_SA on bus before we released virtual IPs and attributesMartin Willi2013-05-061-10/+8
|
* emit a single assig_vips bus message for all VIPsAndreas Steffen2013-04-061-6/+8
|
* ifmap plugin subscribes to assing_vip bus signalAndreas Steffen2013-04-061-0/+6
|
* Raise an alert if an IKE_SA could not have been reauthenticated and expiresMartin Willi2013-03-141-0/+4
|
* child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-141-1/+1
| | | | packets
* Without MOBIKE, update remote host only if it is behind NATMartin Willi2013-03-011-2/+3
|
* Move initial message dropping to task managerMartin Willi2013-02-251-18/+0
| | | | | | | When the last request message of the initial tunnel setup is retransmitted, we must retransmit the response instead of ignoring the request. Fixes #295.
* Set configured DSCP value while generating IKE packetsMartin Willi2013-02-061-1/+26
|
* Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵Tobias Brunner2012-12-241-1/+2
| | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
* Inherit virtual IP and attributes from old to new, not from new to oldMartin Willi2012-12-101-5/+5
|
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-291-2/+3
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-5/+16
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-291-4/+4
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Added a new alert that is raised if peer does not respond to initial IKE messageTobias Brunner2012-10-161-0/+2
|
* IKE_AUTH_LIFETIME task is not defined if IKEv2 is disabledTobias Brunner2012-09-251-1/+4
| | | | Fixes #229.
* Pass full pool list to release_addressMartin Willi2012-09-111-13/+8
|
* Only initiate an exchange from send_dpd() if a task was actually queuedTobias Brunner2012-09-071-2/+8
| | | | | Otherwise, the initiator would prematurely initiate Quick Mode if it has DPD enabled and XAuth is used.
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-061-0/+4
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* Add ike_reestablish() event that is triggered when an IKE_SA is reestablishedTobias Brunner2012-09-061-0/+1
| | | | | This is particularly useful during reauthentication to get the new IKE_SA.
* Add a new condition to mark IKE_SAs that are currently being reauthenticatedTobias Brunner2012-09-061-9/+4
|
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-051-0/+18
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-4/+14
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-45/+39
|
* Increase log verbosity when sending NAT keep-alivesTobias Brunner2012-08-081-1/+1
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-4/+7
|
* Use send_no_marker to send NAT keepalives.Tobias Brunner2012-08-081-1/+1
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-4/+4
| | | | configurable.
* Block XAuth transaction on established IKE_SAs, but allow Mode ConfigMartin Willi2012-08-031-1/+0
|
* Reject initial exchange messages early once IKE_SA is establishedMartin Willi2012-08-021-0/+18
|
* implemented the right|leftallowany featureAndreas Steffen2012-06-081-8/+13
|
* Avoid queueing more than one retry initiate job.Tobias Brunner2012-05-301-3/+25
|
* Retry IKE_SA initiation if DNS resolution failed.Tobias Brunner2012-05-301-4/+39
| | | | | This is disabled by default and can be enabled with the charon.retry_initiate_interval option in strongswan.conf.
* Resolve hosts before reauthenticating due to address change.Tobias Brunner2012-05-251-0/+2
|
* Don't queue delete_ike_sa job when setting IKE_DELETING.Tobias Brunner2012-05-251-8/+0
| | | | | This avoids deleting IKE_SAs during reauthentication (without trying to reestablish them).
* During reauthentication reestablish IKE_SA even if deleting the old one fails.Tobias Brunner2012-05-251-0/+6
|
* Integrated main parts of IKE_REAUTH task into ike_sa_t.reestablish.Tobias Brunner2012-05-251-28/+74
|
* Fixed route lookup in case MOBIKE is not enabled.Tobias Brunner2012-05-251-3/+9
|
* Wrap task managers flush_queue() in IKE_SAMartin Willi2012-05-211-0/+7
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-031-2/+2
| | | | Also fixes several whitespace errors.
* Merge branch 'ikev1'Martin Willi2012-05-021-309/+142
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-309/+142
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 22:43:12 +0000