aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/tasks
Commit message (Collapse)AuthorAgeFilesLines
* Do not add additional addresses to MOBIKE path probing messages.Tobias Brunner2010-10-121-10/+12
|
* Allow responder to use ike_mobike_t.roam.Tobias Brunner2010-10-121-1/+7
| | | | After getting a response the responder updates the IPsec SAs.
* Added support for responders to change their address via MOBIKE.Tobias Brunner2010-10-121-0/+20
| | | | | | | If the original responder updates its list of additional addresses we check if the remote endpoint changed and update the IPsec SAs if it did, as we assume the original address became unavailable and the responder already updated the SAs on its side.
* Explicitly configure MOBIKE tasks to update the list of additional addresses.Tobias Brunner2010-10-122-2/+14
|
* Improved check for first IKE_AUTH message in ike_mobike task.Tobias Brunner2010-10-121-3/+6
| | | | | If the original responder initiated a MOBIKE exchange, the previous check was not always correct.
* Migrated ike_mobike task to INIT/METHOD macros.Tobias Brunner2010-10-121-67/+46
|
* Simplified apply_port function in mobike task.Tobias Brunner2010-10-121-16/+9
|
* NOTIFY error message types include 16383Andreas Steffen2010-09-291-1/+1
|
* Refer to scheduler and processor via lib and not hydra.Tobias Brunner2010-09-024-11/+8
|
* Refer to kernel interface via hydra and not charon.Tobias Brunner2010-09-023-12/+14
|
* Refer to scheduler via hydra and not charon.Tobias Brunner2010-09-023-5/+6
|
* Refer to processor via hydra and not charon.Tobias Brunner2010-09-023-3/+6
|
* Use the AAA Identity for EAP authentication, if givenMartin Willi2010-08-311-0/+5
|
* Port floating patch partially reversed.Tobias Brunner2010-08-302-12/+8
| | | | | | If MOBIKE is enabled, we do have to switch to port 4500 with the IKE_AUTH request, that is, before we know whether the other peer actually supports MOBIKE or not.
* Slightly refactored port floating.Tobias Brunner2010-08-303-35/+16
| | | | In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
* Migrated delete_payload to INIT/METHOD macros, replaced iteratorMartin Willi2010-08-251-9/+8
|
* Check if colliding rekey actually created an IKE_INITThomas Egerer2010-08-251-37/+42
| | | | | | In some cases (especially if a child is half-open) the colliding rekey-job might not have created the ike_init member. If so, the nonce check fails with SIGSEGV.
* Use a seperate section for each nested struct member in INIT macroMartin Willi2010-08-181-6/+8
|
* fix error-type range in parsing of NOTIFY payloadsJiri Bohac2010-08-061-1/+1
|
* Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA ↵Tobias Brunner2010-08-041-3/+2
| | | | allocated an ID.
* Do not touch child from collision if peer deleted itThomas Egerer2010-08-031-3/+24
|
* Pass the CREATE_CHILD_SA initiator flag to the child_keys parameterMartin Willi2010-07-261-2/+2
|
* Added log statement if peer requests EAP, but current config does not allow itMartin Willi2010-07-211-0/+1
|
* Support different encoding types in certificate.get_encoding()Martin Willi2010-07-131-1/+6
|
* Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵Martin Willi2010-07-131-1/+1
| | | | encoding
* Moved X509 ipAddrBlock checking to the addrblock pluginMartin Willi2010-07-131-60/+0
|
* Added a hook to narrow traffic selectors for CHILD_SAsMartin Willi2010-07-131-5/+38
|
* Moved credential manager to libstrongswanMartin Willi2010-07-132-8/+7
|
* Added support for named attribute groupsHeiko Hund2010-07-091-1/+1
| | | | | | Add the possibility to group attributes by a name and assign these groups to connections. This allows a more granular configuration of which client will receive what atrributes.
* Print identity to a lease address on the same line for simpler grepingMartin Willi2010-07-081-1/+1
|
* Copy EAP specific attributes to auth config onlyMartin Willi2010-07-051-1/+10
|
* Correct check of traffic selectors before destructionThomas Egerer2010-06-291-2/+2
|
* Reacquire keymat from new IKE_SA during task migrationMartin Willi2010-06-071-0/+1
|
* Disable close action for a redundant CHILD_SA resulting from a rekey collisionMartin Willi2010-06-021-0/+5
| | | | | | | | If a rekey collision is detected, the winning peer of the nonce compare will delete the redundant CHILD_SA. The other peer should not enforce the close action on this CHILD, as it would reestablish the redundat CHILD_SA. Thanks to Thomas Egerer from secunet for pointing this out and the initial patchset.
* Use wrapped getters for close/dpd actionMartin Willi2010-06-021-1/+3
|
* Handle collisions between rekey and the following delete properlyMartin Willi2010-05-181-27/+63
|
* Ignore DH exchange in CHILD_SA rekeying if the selected proposal contains no ↵Martin Willi2010-04-211-5/+5
| | | | DH group
* Release virtual IPs with the same identity as we acquired itMartin Willi2010-03-251-33/+1
|
* Changed all usages of lib->attributes to hydra->attributes.Tobias Brunner2010-03-241-5/+6
|
* Moving charon to libcharon.Tobias Brunner2010-03-1936-0/+9579
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 09:09:53 +0000