aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev2
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge branch 'multi-vip'Martin Willi2012-08-313-88/+159
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Request and acquire multiple virtual IPs in IKEv2 configuration payloadMartin Willi2012-08-301-49/+67
| |
| * Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-301-2/+9
| |
| * Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-301-11/+36
| |
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-3/+11
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-303-55/+68
| |
* | Log the proper type for virtual EAP methodsTobias Brunner2012-08-311-1/+5
| |
* | Encode EAP-Naks in expanded format if we got an expanded type requestTobias Brunner2012-08-311-2/+2
| | | | | | | | | | Since methods defined by the IETF (vendor ID 0) could also be encoded in expanded type format the previous check was insufficient.
* | Allow clients to request a configured EAP method via EAP-NakTobias Brunner2012-08-311-4/+24
| |
* | Virtual EAP methods handle EAP-Naks themselvesTobias Brunner2012-08-311-5/+17
| |
* | Send EAP-Nak with supported types if requested type is unsupportedTobias Brunner2012-08-311-2/+4
|/
* Moved packet_t to libstrongswanTobias Brunner2012-08-081-1/+1
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-2/+6
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-5/+5
| | | | configurable.
* Clean up error handling in keymat_v2_tMartin Willi2012-07-161-87/+65
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-163-10/+42
|
* Add a return value to crypter_t.set_key()Martin Willi2012-07-161-2/+16
|
* Check rng return value when generating ME CONNECT_ID and KEYTobias Brunner2012-07-161-2/+14
|
* Check rng return value when generating COOKIE2 during MOBIKETobias Brunner2012-07-161-6/+11
|
* Check rng return value when generating fake NAT detection payloadsTobias Brunner2012-07-161-2/+2
|
* Nonce: Let get_nonce, allocate_nonce return booleanReto Buerki2012-07-162-3/+19
|
* Add a return value to prf_t.set_key()Martin Willi2012-07-161-13/+16
|
* Add a return value to prf_t.allocate_bytes()Martin Willi2012-07-161-11/+26
|
* Add a return value to keymat_v2_t.get_auth_octets()Martin Willi2012-07-163-17/+24
|
* Add a return value to keymat_v2_t.get_psk_sig()Martin Willi2012-07-164-24/+39
|
* prf_plus_create() can return NULL on failureMartin Willi2012-07-161-0/+10
|
* Add a return value to prf_plus_t.allocate_bytes()Martin Willi2012-07-161-13/+62
|
* Add a return value to signer_t.set_key()Martin Willi2012-07-161-2/+14
|
* Add a return value to aead_t.set_key()Martin Willi2012-07-161-2/+10
|
* Simplify NAT-D payload creation if UDP encapsulation is forcedTobias Brunner2012-07-131-2/+2
| | | | | We don't need any address lookups in that case as the content of the payload is generated randomly anyway.
* Ignore a received %any virtual IP for installationMartin Willi2012-06-261-1/+2
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-251-8/+19
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Try to rekey without KE exchange if peer returns INVALID_KE_PAYLOAD(NONE)Martin Willi2012-06-081-1/+8
| | | | | | According to RFC5996, implementations should just ignore the KE payload if they select a non-PFS proposals. Some implementations don't, but return MODP_NONE in INVALID_KE_PAYLOAD, hence we accept that, too.
* As responder, enforce the same configuration while rekeying CHILD_SAsMartin Willi2012-06-063-1/+19
|
* Fix MOBIKE address update if responder address changed.Tobias Brunner2012-05-251-2/+2
| | | | | Use the source address of the current MOBIKE message as peer address instead of assuming the address cached on the IKE_SA is still valid.
* Don't queue delete_ike_sa job when setting IKE_DELETING.Tobias Brunner2012-05-251-1/+1
| | | | | This avoids deleting IKE_SAs during reauthentication (without trying to reestablish them).
* Integrated main parts of IKE_REAUTH task into ike_sa_t.reestablish.Tobias Brunner2012-05-251-87/+3
|
* Make task managers flush_queue() method publicMartin Willi2012-05-211-9/+30
|
* Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, ↵Tobias Brunner2012-05-1824-25/+25
| | | | tasks etc.).
* Use nonce_gen instead of rng to generate noncesAdrian-Ken Rueegsegger2012-05-182-22/+22
| | | | | Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
* Add create_nonce_gen function to keymat interfaceAdrian-Ken Rueegsegger2012-05-181-0/+7
| | | | This function returns a nonce generator object.
* vendor ID cosmeticsAndreas Steffen2012-05-051-2/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-035-9/+11
| | | | Also fixes several whitespace errors.
* Merge branch 'ikev1'Martin Willi2012-05-024-27/+34
| | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-203-22/+23
| | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
* Store the major IKE version on ike_sa_id_t.Tobias Brunner2012-03-201-1/+2
|
* Check if we actually have a packet before retransmitting itMartin Willi2012-03-201-1/+1
|
* Invoke bus_t.message hook twice, once plain and parsed, once encoded and ↵Martin Willi2012-03-201-2/+3
| | | | encrypted
* Pass IKEv1 specific keymat to ike_keys hookMartin Willi2012-03-201-2/+2
|
* Get a reference for the child_cfg passed to child_create_create()Martin Willi2012-03-201-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 05:47:13 +0000