| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Remove superfluous test for peer_cfg on established IKE_SAs | Martin Willi | 2011-04-20 | 1 | -1/+1 |
| | | |||||
| * | Clearly mark switch cases that fall through. | Tobias Brunner | 2011-04-19 | 1 | -0/+1 |
| | | |||||
| * | Neither rekey nor del can be NULL. | Tobias Brunner | 2011-04-14 | 1 | -2/+2 |
| | | |||||
| * | Move establish/inherit of rekeyed IKE_SAs to delete messages | Martin Willi | 2011-03-15 | 2 | -48/+40 |
| | | | | | | | | | Having the inherit() function delayed to the IKE_SA establish procedure was problematic. The task destroy function was never a good place and results in locking/cleanup problems. After establishing the SA, it should be really checked in ASAP to avoid any triggered DPD checks to get lost. | ||||
| * | Wrap IKE delete after rekey into rekey task for responder, too | Martin Willi | 2011-03-15 | 1 | -1/+18 |
| | | |||||
| * | Migrated ike_rekey task to INIT/METHOD macros | Martin Willi | 2011-03-15 | 1 | -59/+40 |
| | | |||||
| * | Some typos fixed. | Tobias Brunner | 2011-02-07 | 1 | -1/+1 |
| | | |||||
| * | Invoke the per-round authorize() hook before purging current auth info on IKE_SA | Martin Willi | 2011-02-03 | 1 | -10/+10 |
| | | |||||
| * | Migrated ike_auth to INIT/METHOD macros, fixes missing initial_contact ↵ | Martin Willi | 2011-02-02 | 1 | -56/+34 |
| | | | | | initialization | ||||
| * | Do not log potentially hundreds of cert requests for unknown CAs at level 1 | Martin Willi | 2011-01-28 | 1 | -1/+8 |
| | | |||||
| * | Revert "Send INITIAL_CONTACT even if we have a unique policy" | Martin Willi | 2011-01-13 | 1 | -1/+2 |
| | | | | | | | | | It makes sense to omit INITIAL_CONTACT if don't have a unique policy, as a client might want to connect from different devices to the same account. This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c. | ||||
| * | Send INITIAL_CONTACT even if we have a unique policy | Martin Willi | 2011-01-10 | 1 | -2/+1 |
| | | |||||
| * | Fix nonce comparison in rekey collisions, lowest nonce loses | Martin Willi | 2011-01-07 | 2 | -7/+7 |
| | | |||||
| * | Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT | Martin Willi | 2011-01-05 | 1 | -1/+21 |
| | | |||||
| * | Send INITIAL_CONTACT for the first IKE_SA if it has a unique policy | Martin Willi | 2011-01-05 | 1 | -9/+22 |
| | | |||||
| * | Provide CRLs received in CERT payloads to trustchain verification | Martin Willi | 2011-01-05 | 1 | -1/+9 |
| | | |||||
| * | Include the used reserved bytes from ID payloads in AUTH calculation | Martin Willi | 2011-01-05 | 1 | -4/+35 |
| | | |||||
| * | Handle all error notifies in CREATE_CHILD_SA exchanges | Martin Willi | 2011-01-05 | 1 | -0/+14 |
| | | |||||
| * | eliminated whitespace | Andreas Steffen | 2010-12-21 | 1 | -1/+1 |
| | | |||||
| * | Migrated child_create_t to INIT/METHOD macros | Andreas Steffen | 2010-12-21 | 1 | -83/+55 |
| | | |||||
| * | Do not use TFC padding if peer does not support ESPv3 | Martin Willi | 2010-12-20 | 1 | -8/+24 |
| | | |||||
| * | Do not add additional addresses to MOBIKE path probing messages. | Tobias Brunner | 2010-10-12 | 1 | -10/+12 |
| | | |||||
| * | Allow responder to use ike_mobike_t.roam. | Tobias Brunner | 2010-10-12 | 1 | -1/+7 |
| | | | | | After getting a response the responder updates the IPsec SAs. | ||||
| * | Added support for responders to change their address via MOBIKE. | Tobias Brunner | 2010-10-12 | 1 | -0/+20 |
| | | | | | | | | If the original responder updates its list of additional addresses we check if the remote endpoint changed and update the IPsec SAs if it did, as we assume the original address became unavailable and the responder already updated the SAs on its side. | ||||
| * | Explicitly configure MOBIKE tasks to update the list of additional addresses. | Tobias Brunner | 2010-10-12 | 2 | -2/+14 |
| | | |||||
| * | Improved check for first IKE_AUTH message in ike_mobike task. | Tobias Brunner | 2010-10-12 | 1 | -3/+6 |
| | | | | | | If the original responder initiated a MOBIKE exchange, the previous check was not always correct. | ||||
| * | Migrated ike_mobike task to INIT/METHOD macros. | Tobias Brunner | 2010-10-12 | 1 | -67/+46 |
| | | |||||
| * | Simplified apply_port function in mobike task. | Tobias Brunner | 2010-10-12 | 1 | -16/+9 |
| | | |||||
| * | NOTIFY error message types include 16383 | Andreas Steffen | 2010-09-29 | 1 | -1/+1 |
| | | |||||
| * | Refer to scheduler and processor via lib and not hydra. | Tobias Brunner | 2010-09-02 | 4 | -11/+8 |
| | | |||||
| * | Refer to kernel interface via hydra and not charon. | Tobias Brunner | 2010-09-02 | 3 | -12/+14 |
| | | |||||
| * | Refer to scheduler via hydra and not charon. | Tobias Brunner | 2010-09-02 | 3 | -5/+6 |
| | | |||||
| * | Refer to processor via hydra and not charon. | Tobias Brunner | 2010-09-02 | 3 | -3/+6 |
| | | |||||
| * | Use the AAA Identity for EAP authentication, if given | Martin Willi | 2010-08-31 | 1 | -0/+5 |
| | | |||||
| * | Port floating patch partially reversed. | Tobias Brunner | 2010-08-30 | 2 | -12/+8 |
| | | | | | | | If MOBIKE is enabled, we do have to switch to port 4500 with the IKE_AUTH request, that is, before we know whether the other peer actually supports MOBIKE or not. | ||||
| * | Slightly refactored port floating. | Tobias Brunner | 2010-08-30 | 3 | -35/+16 |
| | | | | | In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE. | ||||
| * | Migrated delete_payload to INIT/METHOD macros, replaced iterator | Martin Willi | 2010-08-25 | 1 | -9/+8 |
| | | |||||
| * | Check if colliding rekey actually created an IKE_INIT | Thomas Egerer | 2010-08-25 | 1 | -37/+42 |
| | | | | | | | In some cases (especially if a child is half-open) the colliding rekey-job might not have created the ike_init member. If so, the nonce check fails with SIGSEGV. | ||||
| * | Use a seperate section for each nested struct member in INIT macro | Martin Willi | 2010-08-18 | 1 | -6/+8 |
| | | |||||
| * | fix error-type range in parsing of NOTIFY payloads | Jiri Bohac | 2010-08-06 | 1 | -1/+1 |
| | | |||||
| * | Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA ↵ | Tobias Brunner | 2010-08-04 | 1 | -3/+2 |
| | | | | | allocated an ID. | ||||
| * | Do not touch child from collision if peer deleted it | Thomas Egerer | 2010-08-03 | 1 | -3/+24 |
| | | |||||
| * | Pass the CREATE_CHILD_SA initiator flag to the child_keys parameter | Martin Willi | 2010-07-26 | 1 | -2/+2 |
| | | |||||
| * | Added log statement if peer requests EAP, but current config does not allow it | Martin Willi | 2010-07-21 | 1 | -0/+1 |
| | | |||||
| * | Support different encoding types in certificate.get_encoding() | Martin Willi | 2010-07-13 | 1 | -1/+6 |
| | | |||||
| * | Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵ | Martin Willi | 2010-07-13 | 1 | -1/+1 |
| | | | | | encoding | ||||
| * | Moved X509 ipAddrBlock checking to the addrblock plugin | Martin Willi | 2010-07-13 | 1 | -60/+0 |
| | | |||||
| * | Added a hook to narrow traffic selectors for CHILD_SAs | Martin Willi | 2010-07-13 | 1 | -5/+38 |
| | | |||||
| * | Moved credential manager to libstrongswan | Martin Willi | 2010-07-13 | 2 | -8/+7 |
| | | |||||
| * | Added support for named attribute groups | Heiko Hund | 2010-07-09 | 1 | -1/+1 |
| | | | | | | | Add the possibility to group attributes by a name and assign these groups to connections. This allows a more granular configuration of which client will receive what atrributes. | ||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |