| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -3/+3 |
| | | |||||
| * | libhydra: Move kernel interface to libcharon | Tobias Brunner | 2016-03-03 | 1 | -5/+4 |
| | | | | | This moves hydra->kernel_interface to charon->kernel. | ||||
| * | ike-natd: Create fake NAT-D payloads in a more static way | Tobias Brunner | 2015-11-09 | 1 | -20/+8 |
| | | | | | | | | | | | | | | | | In some scenarios an IKE_SA might get restarted multiple times (e.g. due to retransmits and delayed INVALID_KE_PAYLOAD notifies) so that two IKE_SA_INIT messages might be sent that only differ in the previously randomly generated NAT_DETECTION_SOURCE_IP payload. This could cause an authentication failure on the responder if the two peers don't use the same IKE_SA_INIT message in their InitiatorSignedOctets. While the payload is generated in a reproducible way it will still change when the daemon is restarted, which should make detecting the payloads as fake a bit harder (compared to e.g. just using 0.0.0.0:0 as address). Fixes #1131. | ||||
| * | payload: Use common prefixes for all payload type identifiers | Martin Willi | 2014-06-04 | 1 | -3/+3 |
| | | | | | | The old identifiers did not use a proper namespace and often clashed with other defines. | ||||
| * | ike: Force NAT-T/UDP encapsulation if kernel interface requires it | Tobias Brunner | 2013-06-21 | 1 | -3/+16 |
| | | |||||
| * | Made IP address enumeration more flexible | Tobias Brunner | 2012-09-21 | 1 | -1/+1 |
| | | | | | Also added an option to enumerate addresses on ignored interfaces. | ||||
| * | Don't ignore loopback devices and allow addresses on them being enumerated | Tobias Brunner | 2012-09-21 | 1 | -1/+1 |
| | | |||||
| * | Add a return value to hasher_t.allocate_hash() | Martin Willi | 2012-07-16 | 1 | -8/+32 |
| | | |||||
| * | Check rng return value when generating fake NAT detection payloads | Tobias Brunner | 2012-07-16 | 1 | -2/+2 |
| | | |||||
| * | Simplify NAT-D payload creation if UDP encapsulation is forced | Tobias Brunner | 2012-07-13 | 1 | -2/+2 |
| | | | | | | We don't need any address lookups in that case as the content of the payload is generated randomly anyway. | ||||
| * | Separated libcharon/sa directory with ikev1 and ikev2 subfolders | Martin Willi | 2012-03-20 | 1 | -0/+448 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |