| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Merge branch 'ikev1-rekeying' | Martin Willi | 2013-03-01 | 1 | -0/+21 |
| |\ | | | | | | | | | Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces the old Main Mode having a uniqueids=replace policy. | ||||
| | * | When detecting a duplicate IKEv1 SA, adopt children, as it might be a rekeying | Martin Willi | 2013-02-20 | 1 | -0/+21 |
| | | | |||||
| * | | Merge branch 'ikev1-mm-retransmits' | Martin Willi | 2013-03-01 | 1 | -26/+28 |
| |\ \ | | | | | | | | | | | | | | | | Fixes retransmit of the last Main Mode or IKE_AUTH message, and correctly queues Main Mode messages when processing of the last message is still in progress. | ||||
| | * | | For IKEv1 Main Mode, use message hash to detect early retransmissions | Martin Willi | 2013-02-25 | 1 | -10/+23 |
| | | | | | | | | | | | | | | | | As the message ID is zero in all Main Mode messages, it can't be used to detect if we are already processing a given message. | ||||
| | * | | Use INIT macro to initialize IKE_SA manager entries | Martin Willi | 2013-02-25 | 1 | -17/+6 |
| | |/ | |||||
| * / | Trigger an updown event when destroying an IKE_SA based on INITIAL_CONTACT | Tobias Brunner | 2013-02-28 | 1 | -0/+1 |
| |/ | | | | | In other cases (i.e. when functions return DESTROY_ME) the event should already be triggered, but not in this forced situation. | ||||
| * | Include source port in init hash for fragmented messages | Tobias Brunner | 2012-12-24 | 1 | -1/+8 |
| | | |||||
| * | Map fragmented initial initial Main or Aggressive Mode messages to the same ↵ | Tobias Brunner | 2012-12-24 | 1 | -1/+17 |
| | | | | | IKE_SA | ||||
| * | Don't update an IKE_SA-entry's cached message ID when handling fragments | Tobias Brunner | 2012-12-24 | 1 | -1/+4 |
| | | |||||
| * | Raise alerts when enforcing IKE_SA unique policy | Martin Willi | 2012-12-19 | 1 | -0/+1 |
| | | |||||
| * | Add an ikesa_limit option to limit number of IKE_SAs as responder | Martin Willi | 2012-11-16 | 1 | -19/+39 |
| | | |||||
| * | Moved data structures to new collections subfolder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | | |||||
| * | Raise a bus alert when a received message contains unknown SPIs | Martin Willi | 2012-10-24 | 1 | -0/+4 |
| | | |||||
| * | Add uniqueids=never to ignore INITIAL_CONTACT notifies | Tobias Brunner | 2012-09-10 | 1 | -1/+1 |
| | | | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies. | ||||
| * | Remove the unused second IKE_SA entry match function argument | Martin Willi | 2012-08-20 | 1 | -4/+4 |
| | | | | | LLVMs clang complains about this parameter, so remove it. | ||||
| * | Include src address in hash of initial message for Main Mode | Tobias Brunner | 2012-08-08 | 1 | -5/+31 |
| | | | | | | | | If two initiators use the same SPI and also use the same SA proposal the hash for the initial message would be exactly the same. For IKEv2 and Aggressive Mode that's not a problem as these messages include random data (Ni, KEi payloads). | ||||
| * | Add a return value to hasher_t.allocate_hash() | Martin Willi | 2012-07-16 | 1 | -2/+7 |
| | | |||||
| * | Check rng return value when generating SPIs in ike_sa_manager_t | Tobias Brunner | 2012-07-16 | 1 | -35/+67 |
| | | |||||
| * | Use XAuth/EAP remote identity for uniqueness check | Martin Willi | 2012-06-25 | 1 | -2/+2 |
| | | |||||
| * | Use name from initialization to access settings in libcharon. | Tobias Brunner | 2012-05-03 | 1 | -5/+7 |
| | | | | | Also fixes several whitespace errors. | ||||
| * | Fix iteration through half-open IKE_SA table | Martin Willi | 2012-04-16 | 1 | -0/+1 |
| | | |||||
| * | Properly handle retransmitted initial IKE messages. | Tobias Brunner | 2012-03-20 | 1 | -58/+74 |
| | | | | | | | This change allows to properly handle retransmits of initial IKE messages when we've already processed them (i.e. our response is now resent immediately). | ||||
| * | Implemented table of init hashes without linked_list_t. | Tobias Brunner | 2012-03-20 | 1 | -30/+30 |
| | | |||||
| * | Implemented table of connected peers without linked_list_t. | Tobias Brunner | 2012-03-20 | 1 | -63/+75 |
| | | |||||
| * | Implemented table of half open IKE_SAs without linked_list_t. | Tobias Brunner | 2012-03-20 | 1 | -52/+47 |
| | | |||||
| * | Don't use linked_list_t for buckets in main IKE_SA hash table. | Tobias Brunner | 2012-03-20 | 1 | -57/+82 |
| | | |||||
| * | Fixed deadlock if checkin_and_destroy is called during shutdown. | Tobias Brunner | 2012-03-20 | 1 | -0/+10 |
| | | |||||
| * | Do not clone hashes of initial IKE messages when storing them in the hash table. | Tobias Brunner | 2012-03-20 | 1 | -7/+6 |
| | | |||||
| * | Store IKEv2 IKE_SAs by local SPI in the IKE_SA manager hash table. | Tobias Brunner | 2012-03-20 | 1 | -2/+13 |
| | | | | | | For IKEv1 the previous behavior of always using the initiator's SPI as key is maintained. | ||||
| * | Added separate hashtable for hashes of initial IKE messages. | Tobias Brunner | 2012-03-20 | 1 | -64/+139 |
| | | | | | This does not require us to do a lookup for an SA by SPI first. | ||||
| * | Store the major IKE version on ike_sa_id_t. | Tobias Brunner | 2012-03-20 | 1 | -3/+6 |
| | | |||||
| * | Adopt children after syncing a rekeyed IKEv1 SA | Martin Willi | 2012-03-20 | 1 | -1/+2 |
| | | |||||
| * | Set thread specific SA on bus for each enumerated IKE_SA | Martin Willi | 2012-03-20 | 1 | -1/+11 |
| | | |||||
| * | Clear initiator flag when checking out initial IKEv1 SA from message | Martin Willi | 2012-03-20 | 1 | -0/+4 |
| | | |||||
| * | Don't invoke updown hook when flushing SAs for IKEv1, tasks will do it | Martin Willi | 2012-03-20 | 1 | -10/+12 |
| | | |||||
| * | Added an IKE_SA manager method to enumerate IKE_SA IDs filtered by identities | Martin Willi | 2012-03-20 | 1 | -34/+47 |
| | | |||||
| * | Implemented responder retransmission, currently enabled for quick mode only | Martin Willi | 2012-03-20 | 1 | -1/+1 |
| | | |||||
| * | Fixed leak of a hash when checking out by hash | Martin Willi | 2012-03-20 | 1 | -0/+1 |
| | | |||||
| * | Handle initiation of not supported IKE versions properly | Martin Willi | 2012-03-20 | 1 | -16/+21 |
| | | |||||
| * | Remove executable flag from source code files | Martin Willi | 2012-03-20 | 1 | -0/+0 |
| | | |||||
| * | Handling of initial contact | Clavister OpenSource | 2012-03-20 | 1 | -0/+11 |
| | | |||||
| * | Don't compare initiator flag in IKE_SA manager, pass initiator parameter to ↵ | Martin Willi | 2012-03-20 | 1 | -4/+3 |
| | | | | | IKE_SA constructor | ||||
| * | Don't clone chunk in message.get_packet_data | Martin Willi | 2012-03-20 | 1 | -4/+3 |
| | | |||||
| * | Store IKE version of an SA on ike_sa_t. | Tobias Brunner | 2012-03-20 | 1 | -5/+8 |
| | | |||||
| * | Fix init message arrival check. | Tobias Brunner | 2012-03-20 | 1 | -21/+14 |
| | | |||||
| * | Handle IKEv1 messages in managers checkout_by_message | Martin Willi | 2012-03-20 | 1 | -9/+30 |
| | | |||||
| * | Replaced ike_sa_t.create_child_sa_iterator with enumerator. | Tobias Brunner | 2011-07-06 | 1 | -8/+6 |
| | | | | | | This required two new methods on ike_sa_t. One returns the number of CHILD_SAs and one allows to remove a CHILD_SA. | ||||
| * | Added a get_count() method to IKE_SA manager | Martin Willi | 2011-05-16 | 1 | -2/+19 |
| | | |||||
| * | Fixed identiation in private_ike_sa_manager | Martin Willi | 2011-05-16 | 1 | -57/+57 |
| | | |||||
| * | Added a non-blocking, skipping variant of IKE_SA enumerator | Martin Willi | 2011-05-16 | 1 | -5/+22 |
| | | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |