aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev2
Commit message (Collapse)AuthorAgeFilesLines
...
* Don't use host address for dynamic TS in IKEv2 if a virtual IP was expectedMartin Willi2012-09-111-1/+33
|
* Send FAILED_CP_REQUIRED if a configuration payload was expected, but not ↵Martin Willi2012-09-111-0/+9
| | | | received
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-20/+6
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-111-1/+26
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-1/+2
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-061-5/+0
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-051-0/+4
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* Merge branch 'multi-vip'Martin Willi2012-08-313-88/+159
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Request and acquire multiple virtual IPs in IKEv2 configuration payloadMartin Willi2012-08-301-49/+67
| |
| * Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-301-2/+9
| |
| * Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-301-11/+36
| |
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-3/+11
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-303-55/+68
| |
* | Log the proper type for virtual EAP methodsTobias Brunner2012-08-311-1/+5
| |
* | Encode EAP-Naks in expanded format if we got an expanded type requestTobias Brunner2012-08-311-2/+2
| | | | | | | | | | Since methods defined by the IETF (vendor ID 0) could also be encoded in expanded type format the previous check was insufficient.
* | Allow clients to request a configured EAP method via EAP-NakTobias Brunner2012-08-311-4/+24
| |
* | Virtual EAP methods handle EAP-Naks themselvesTobias Brunner2012-08-311-5/+17
| |
* | Send EAP-Nak with supported types if requested type is unsupportedTobias Brunner2012-08-311-2/+4
|/
* Moved packet_t to libstrongswanTobias Brunner2012-08-081-1/+1
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-2/+6
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-5/+5
| | | | configurable.
* Clean up error handling in keymat_v2_tMartin Willi2012-07-161-87/+65
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-163-10/+42
|
* Add a return value to crypter_t.set_key()Martin Willi2012-07-161-2/+16
|
* Check rng return value when generating ME CONNECT_ID and KEYTobias Brunner2012-07-161-2/+14
|
* Check rng return value when generating COOKIE2 during MOBIKETobias Brunner2012-07-161-6/+11
|
* Check rng return value when generating fake NAT detection payloadsTobias Brunner2012-07-161-2/+2
|
* Nonce: Let get_nonce, allocate_nonce return booleanReto Buerki2012-07-162-3/+19
|
* Add a return value to prf_t.set_key()Martin Willi2012-07-161-13/+16
|
* Add a return value to prf_t.allocate_bytes()Martin Willi2012-07-161-11/+26
|
* Add a return value to keymat_v2_t.get_auth_octets()Martin Willi2012-07-163-17/+24
|
* Add a return value to keymat_v2_t.get_psk_sig()Martin Willi2012-07-164-24/+39
|
* prf_plus_create() can return NULL on failureMartin Willi2012-07-161-0/+10
|
* Add a return value to prf_plus_t.allocate_bytes()Martin Willi2012-07-161-13/+62
|
* Add a return value to signer_t.set_key()Martin Willi2012-07-161-2/+14
|
* Add a return value to aead_t.set_key()Martin Willi2012-07-161-2/+10
|
* Simplify NAT-D payload creation if UDP encapsulation is forcedTobias Brunner2012-07-131-2/+2
| | | | | We don't need any address lookups in that case as the content of the payload is generated randomly anyway.
* Ignore a received %any virtual IP for installationMartin Willi2012-06-261-1/+2
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-251-8/+19
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Try to rekey without KE exchange if peer returns INVALID_KE_PAYLOAD(NONE)Martin Willi2012-06-081-1/+8
| | | | | | According to RFC5996, implementations should just ignore the KE payload if they select a non-PFS proposals. Some implementations don't, but return MODP_NONE in INVALID_KE_PAYLOAD, hence we accept that, too.
* As responder, enforce the same configuration while rekeying CHILD_SAsMartin Willi2012-06-063-1/+19
|
* Fix MOBIKE address update if responder address changed.Tobias Brunner2012-05-251-2/+2
| | | | | Use the source address of the current MOBIKE message as peer address instead of assuming the address cached on the IKE_SA is still valid.
* Don't queue delete_ike_sa job when setting IKE_DELETING.Tobias Brunner2012-05-251-1/+1
| | | | | This avoids deleting IKE_SAs during reauthentication (without trying to reestablish them).
* Integrated main parts of IKE_REAUTH task into ike_sa_t.reestablish.Tobias Brunner2012-05-251-87/+3
|
* Make task managers flush_queue() method publicMartin Willi2012-05-211-9/+30
|
* Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, ↵Tobias Brunner2012-05-1824-25/+25
| | | | tasks etc.).
* Use nonce_gen instead of rng to generate noncesAdrian-Ken Rueegsegger2012-05-182-22/+22
| | | | | Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
* Add create_nonce_gen function to keymat interfaceAdrian-Ken Rueegsegger2012-05-181-0/+7
| | | | This function returns a nonce generator object.
* vendor ID cosmeticsAndreas Steffen2012-05-051-2/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-035-9/+11
| | | | Also fixes several whitespace errors.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 05:39:49 +0000