aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1
Commit message (Collapse)AuthorAgeFilesLines
...
* Initiate quick mode rekeying with narrowed traffic selectorsMartin Willi2012-06-081-1/+18
|
* Use traffic selectors passed to quick mode constructor as initiatorMartin Willi2012-06-081-2/+10
|
* Instead of rekeying, delete a quick mode if we have a fresher instanceMartin Willi2012-06-081-6/+42
| | | | | | | | If both peers initiate quick mode rekeying simultaneously, we end up with duplicate SAs for a configuration. This can't be avoided, nor do the standards provide an appropriate solution. Instead of closing one SA immediately, we keep both. But once rekeying triggers, we don't refresh the SA with the shorter soft lifetime, but delete it.
* Added log message if peer does not accept/provide IPComp proposal.Tobias Brunner2012-05-241-2/+12
|
* Added support to negotiate IPComp during Quick Mode.Tobias Brunner2012-05-241-11/+91
|
* Added support for IKEv1 IPComp proposals in SA payload.Tobias Brunner2012-05-243-6/+6
|
* Fix memleak during Quick Mode in case no SPI can be allocated from kernel.Tobias Brunner2012-05-241-8/+8
|
* Apply IDir before deriving keys as aggressive initiatorMartin Willi2012-05-231-4/+4
|
* Use received identity to look up PSK as aggressive responderMartin Willi2012-05-231-2/+9
|
* Check if we actually have an initiating packet to free while processing ↵Martin Willi2012-05-231-1/+1
| | | | responses
* Switch to alternative peer config in IKEv1 Main and Aggressive Mode.Tobias Brunner2012-05-214-24/+85
|
* Cancel pending retransmits when flushing active task queueMartin Willi2012-05-211-0/+4
|
* Cancel active quick mode task when receiving INFORMATIONAL errorMartin Willi2012-05-211-0/+30
|
* Flush task queues explicitly, not implicitly if task returns ALREADY_DONEMartin Willi2012-05-215-10/+18
|
* Make task managers flush_queue() method publicMartin Willi2012-05-211-11/+25
|
* Remove executable flag from source files.Tobias Brunner2012-05-1811-0/+0
|
* Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, ↵Tobias Brunner2012-05-1818-19/+19
| | | | tasks etc.).
* Use nonce_gen instead of rng to generate noncesAdrian-Ken Rueegsegger2012-05-182-12/+12
| | | | | Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
* Add create_nonce_gen function to keymat interfaceAdrian-Ken Rueegsegger2012-05-181-0/+7
| | | | This function returns a nonce generator object.
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-171-6/+14
|
* Moved IKEv1 DPD processing to task manager, fix sequence issuesMartin Willi2012-05-153-73/+72
|
* Schedule a DPD timeout job that enforces the IKE message timeout policyMartin Willi2012-05-151-0/+13
|
* Send unanswered follow up R_U_THERE messages with the same DPD seqMartin Willi2012-05-151-1/+7
|
* Do not send IKEv1 DPD retransmit, but create a new INFORMATIONALMartin Willi2012-05-151-11/+0
|
* allow private algorithmsAndreas Steffen2012-05-052-4/+16
|
* vendor ID cosmeticsAndreas Steffen2012-05-051-2/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-033-6/+7
| | | | Also fixes several whitespace errors.
* Added another bunch of commonly used IKEv1 NATT vendor IDsMartin Willi2012-04-041-1/+19
|
* Store authentication info of a XAUTH round on IKE_SAMartin Willi2012-03-221-0/+16
|
* Reply with received configuration payload identifier in Mode ConfigMartin Willi2012-03-201-0/+8
|
* Implemented handling of UNITY_LOAD_BALANCE as reauthentication.Tobias Brunner2012-03-202-3/+28
|
* Parse IKEv1 Cisco Load Balancing notify (can't act on it yet).Tobias Brunner2012-03-201-2/+19
|
* Compiler warning fixed.Tobias Brunner2012-03-201-2/+6
|
* Use correct enum values to detect three message tasks for retransmissionMartin Willi2012-03-201-2/+2
|
* Use UDP encapsulation even in non-NAT situation if initiator requests itMartin Willi2012-03-201-13/+14
|
* Support inactivity timeout in IKEv1 CHILD_SAsMartin Willi2012-03-201-1/+24
|
* Use a dedicated PRF for HASH/SIG payloads using ECDSA specific hasherMartin Willi2012-03-201-14/+37
|
* Select public key auth method by checking what key we haveMartin Willi2012-03-202-4/+99
|
* Support ECDSA signatures in IKEv1 pubkey authenticatorMartin Willi2012-03-202-17/+25
|
* Exchange certificates when using IKEv1 ECDSA authenticationMartin Willi2012-03-202-0/+6
|
* Setting message ID on task manager sets DPD sequence numbers in IKEv1Martin Willi2012-03-201-0/+8
|
* Invoke bus_t.message hook twice, once plain and parsed, once encoded and ↵Martin Willi2012-03-201-2/+4
| | | | encrypted
* Pass IKEv1 specific keymat to ike_keys hookMartin Willi2012-03-201-2/+2
|
* Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helperMartin Willi2012-03-204-21/+20
|
* Invoke bus_t.narrow hook in quick mode exchangeMartin Willi2012-03-201-7/+36
|
* Invoke authorization hooks for IKEv1 connectionsMartin Willi2012-03-203-25/+95
|
* Don't invoke a child_updown hook when a quick mode to delete has been rekeyedMartin Willi2012-03-201-1/+6
|
* Invoke child_rekey hook instead of child_updown when rekeying a quick modeMartin Willi2012-03-203-2/+36
|
* Fix "incoming" flag passed to bus_t.message() hookMartin Willi2012-03-201-1/+1
|
* Continue with next exchange after sending an INFORMATIONALMartin Willi2012-03-201-1/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-13 17:02:34 +0000