aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ike_sa_manager.c
Commit message (Collapse)AuthorAgeFilesLines
...
* Add an ikesa_limit option to limit number of IKE_SAs as responderMartin Willi2012-11-161-19/+39
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Raise a bus alert when a received message contains unknown SPIsMartin Willi2012-10-241-0/+4
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-1/+1
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Remove the unused second IKE_SA entry match function argumentMartin Willi2012-08-201-4/+4
| | | | LLVMs clang complains about this parameter, so remove it.
* Include src address in hash of initial message for Main ModeTobias Brunner2012-08-081-5/+31
| | | | | | | If two initiators use the same SPI and also use the same SA proposal the hash for the initial message would be exactly the same. For IKEv2 and Aggressive Mode that's not a problem as these messages include random data (Ni, KEi payloads).
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-161-2/+7
|
* Check rng return value when generating SPIs in ike_sa_manager_tTobias Brunner2012-07-161-35/+67
|
* Use XAuth/EAP remote identity for uniqueness checkMartin Willi2012-06-251-2/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-031-5/+7
| | | | Also fixes several whitespace errors.
* Fix iteration through half-open IKE_SA tableMartin Willi2012-04-161-0/+1
|
* Properly handle retransmitted initial IKE messages.Tobias Brunner2012-03-201-58/+74
| | | | | | This change allows to properly handle retransmits of initial IKE messages when we've already processed them (i.e. our response is now resent immediately).
* Implemented table of init hashes without linked_list_t.Tobias Brunner2012-03-201-30/+30
|
* Implemented table of connected peers without linked_list_t.Tobias Brunner2012-03-201-63/+75
|
* Implemented table of half open IKE_SAs without linked_list_t.Tobias Brunner2012-03-201-52/+47
|
* Don't use linked_list_t for buckets in main IKE_SA hash table.Tobias Brunner2012-03-201-57/+82
|
* Fixed deadlock if checkin_and_destroy is called during shutdown.Tobias Brunner2012-03-201-0/+10
|
* Do not clone hashes of initial IKE messages when storing them in the hash table.Tobias Brunner2012-03-201-7/+6
|
* Store IKEv2 IKE_SAs by local SPI in the IKE_SA manager hash table.Tobias Brunner2012-03-201-2/+13
| | | | | For IKEv1 the previous behavior of always using the initiator's SPI as key is maintained.
* Added separate hashtable for hashes of initial IKE messages.Tobias Brunner2012-03-201-64/+139
| | | | This does not require us to do a lookup for an SA by SPI first.
* Store the major IKE version on ike_sa_id_t.Tobias Brunner2012-03-201-3/+6
|
* Adopt children after syncing a rekeyed IKEv1 SAMartin Willi2012-03-201-1/+2
|
* Set thread specific SA on bus for each enumerated IKE_SAMartin Willi2012-03-201-1/+11
|
* Clear initiator flag when checking out initial IKEv1 SA from messageMartin Willi2012-03-201-0/+4
|
* Don't invoke updown hook when flushing SAs for IKEv1, tasks will do itMartin Willi2012-03-201-10/+12
|
* Added an IKE_SA manager method to enumerate IKE_SA IDs filtered by identitiesMartin Willi2012-03-201-34/+47
|
* Implemented responder retransmission, currently enabled for quick mode onlyMartin Willi2012-03-201-1/+1
|
* Fixed leak of a hash when checking out by hashMartin Willi2012-03-201-0/+1
|
* Handle initiation of not supported IKE versions properlyMartin Willi2012-03-201-16/+21
|
* Remove executable flag from source code filesMartin Willi2012-03-201-0/+0
|
* Handling of initial contactClavister OpenSource2012-03-201-0/+11
|
* Don't compare initiator flag in IKE_SA manager, pass initiator parameter to ↵Martin Willi2012-03-201-4/+3
| | | | IKE_SA constructor
* Don't clone chunk in message.get_packet_dataMartin Willi2012-03-201-4/+3
|
* Store IKE version of an SA on ike_sa_t.Tobias Brunner2012-03-201-5/+8
|
* Fix init message arrival check.Tobias Brunner2012-03-201-21/+14
|
* Handle IKEv1 messages in managers checkout_by_messageMartin Willi2012-03-201-9/+30
|
* Replaced ike_sa_t.create_child_sa_iterator with enumerator.Tobias Brunner2011-07-061-8/+6
| | | | | This required two new methods on ike_sa_t. One returns the number of CHILD_SAs and one allows to remove a CHILD_SA.
* Added a get_count() method to IKE_SA managerMartin Willi2011-05-161-2/+19
|
* Fixed identiation in private_ike_sa_managerMartin Willi2011-05-161-57/+57
|
* Added a non-blocking, skipping variant of IKE_SA enumeratorMartin Willi2011-05-161-5/+22
|
* Do not use destroyed rng/hasher if IKE_SA has been flush()edMartin Willi2011-02-011-3/+9
|
* Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACTMartin Willi2011-01-051-2/+9
|
* Send INITIAL_CONTACT for the first IKE_SA if it has a unique policyMartin Willi2011-01-051-7/+33
|
* Migrated ike_sa_manager_t to INIT/METHOD macros, some cleanupsMartin Willi2011-01-051-189/+180
|
* Never register IKE_SA during checkout_new, as rekeying keeps it checked outMartin Willi2010-12-071-15/+2
|
* Guarantee entry->other is set when calling put_connected_peersThomas Egerer2010-12-061-1/+7
| | | | | | | | | | | Given the original intent of entry->host, the check for DoS attacks, it can happen that this value remains NULL when an entry is created. This is particularly awkward if put_connected_peers is called to check if a connection to a given peer already exists, since it takes the address family into consideration (git commit b74219d0) which is gleaned from entry->host. This patch guarantees that entry->other is a clone of host before put_connected_peers is called.
* Extend connected peers by peer familyThomas Egerer2010-11-121-5/+16
| | | | | This allows for simultanious IPv4 and IPv6 tunnel for same peers with matching identities.
* Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone ↵Martin Willi2010-08-041-2/+3
| | | | in destroy
* Add extra information in debug output for IKE_SA check{out, in}Thomas Egerer2010-06-071-9/+25
| | | | | | | This output helps tracing checkout and checkin of IKE_SAs when there is more than one IKE_SAs with the same name. I also added the type of in-air-exchange to the debug output issued by the task_manager in case a task initiation is delayed, came in handy for me.
* Moving charon to libcharon.Tobias Brunner2010-03-191-0/+1741
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 01:07:49 +0000