aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev2/tasks
Commit message (Collapse)AuthorAgeFilesLines
* Add a global return_success() method implementationMartin Willi2013-02-141-8/+2
|
* Refactored IKEv2 cert/certreq payload processing to multiple functionsMartin Willi2013-01-111-112/+141
|
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-202-2/+2
|
* Raise an alert if IKE SA is keptAdrian-Ken Rueegsegger2012-12-201-0/+1
| | | | | This alert is raised when the establishment of a child SA fails but the IKE SA is kept.
* Raise an alert if allocating virtual IPs failsMartin Willi2012-12-191-0/+2
|
* Raise an alert if kernel policy installation failsMartin Willi2012-12-191-0/+2
|
* Raise an alert if kernel SA installation failsMartin Willi2012-12-191-0/+2
|
* Raise an alert on traffic selector mismatchMartin Willi2012-12-191-0/+2
|
* Raise alerts when enforcing IKE_SA unique policyMartin Willi2012-12-191-0/+1
|
* Raise an alert if CHILD_SA proposals mismatchMartin Willi2012-12-191-0/+2
|
* Raise an alert if IKE proposals mismatchMartin Willi2012-12-191-0/+5
|
* Raise an alert of generating local authentication data failsMartin Willi2012-12-191-6/+10
|
* Fix GPL license header to properly "sed" itMartin Willi2012-11-301-1/+1
|
* Moved packet_t and tun_device_t to networking folderTobias Brunner2012-10-241-1/+1
|
* Made IP address enumeration more flexibleTobias Brunner2012-09-213-3/+3
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-213-3/+3
|
* Derive a dynamic TS to multiple virtual IPsMartin Willi2012-09-181-39/+61
|
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-181-1/+2
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Don't use host address for dynamic TS in IKEv2 if a virtual IP was expectedMartin Willi2012-09-111-1/+33
|
* Send FAILED_CP_REQUIRED if a configuration payload was expected, but not ↵Martin Willi2012-09-111-0/+9
| | | | received
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-20/+6
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-111-1/+26
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-1/+2
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-051-0/+4
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* Request and acquire multiple virtual IPs in IKEv2 configuration payloadMartin Willi2012-08-301-49/+67
|
* Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-301-2/+9
|
* Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-301-11/+36
|
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-3/+11
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-303-55/+68
|
* Moved packet_t to libstrongswanTobias Brunner2012-08-081-1/+1
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-2/+6
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-5/+5
| | | | configurable.
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-162-9/+38
|
* Check rng return value when generating ME CONNECT_ID and KEYTobias Brunner2012-07-161-2/+14
|
* Check rng return value when generating COOKIE2 during MOBIKETobias Brunner2012-07-161-6/+11
|
* Check rng return value when generating fake NAT detection payloadsTobias Brunner2012-07-161-2/+2
|
* Nonce: Let get_nonce, allocate_nonce return booleanReto Buerki2012-07-162-3/+19
|
* Simplify NAT-D payload creation if UDP encapsulation is forcedTobias Brunner2012-07-131-2/+2
| | | | | We don't need any address lookups in that case as the content of the payload is generated randomly anyway.
* Ignore a received %any virtual IP for installationMartin Willi2012-06-261-1/+2
|
* Try to rekey without KE exchange if peer returns INVALID_KE_PAYLOAD(NONE)Martin Willi2012-06-081-1/+8
| | | | | | According to RFC5996, implementations should just ignore the KE payload if they select a non-PFS proposals. Some implementations don't, but return MODP_NONE in INVALID_KE_PAYLOAD, hence we accept that, too.
* As responder, enforce the same configuration while rekeying CHILD_SAsMartin Willi2012-06-063-1/+19
|
* Fix MOBIKE address update if responder address changed.Tobias Brunner2012-05-251-2/+2
| | | | | Use the source address of the current MOBIKE message as peer address instead of assuming the address cached on the IKE_SA is still valid.
* Don't queue delete_ike_sa job when setting IKE_DELETING.Tobias Brunner2012-05-251-1/+1
| | | | | This avoids deleting IKE_SAs during reauthentication (without trying to reestablish them).
* Integrated main parts of IKE_REAUTH task into ike_sa_t.reestablish.Tobias Brunner2012-05-251-87/+3
|
* Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, ↵Tobias Brunner2012-05-1817-18/+18
| | | | tasks etc.).
* Use nonce_gen instead of rng to generate noncesAdrian-Ken Rueegsegger2012-05-182-22/+22
| | | | | Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
* vendor ID cosmeticsAndreas Steffen2012-05-051-2/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-034-5/+6
| | | | Also fixes several whitespace errors.
* Merge branch 'ikev1'Martin Willi2012-05-022-10/+23
| | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-202-16/+13
| | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 23:04:06 +0000