aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/tasks
Commit message (Collapse)AuthorAgeFilesLines
...
* Migrated ike_me to INIT/METHOD macrosAndreas Steffen2011-10-031-88/+61
|
* Migrated ike_natd to INIT/METHOD macrosAndreas Steffen2011-10-031-55/+38
|
* Migrated ike_reauth to INIT/METHOD macrosAndreas Steffen2011-10-031-30/+25
|
* log entry for outbound hash-and-urlAndreas Steffen2011-08-241-0/+1
|
* Try to detect Windows Clients by looking for INTERNAL_IP4/6_SERVER attributeMartin Willi2011-08-191-0/+5
|
* fix double delete of old IKE_SA during reauthenticationAndreas Steffen2011-08-161-2/+2
|
* some more typosAndreas Steffen2011-08-157-7/+7
|
* typos: initator->initiator, authenticaion->authentication.Tobias Brunner2011-08-157-7/+7
|
* If we close a duplicate SA, it is also no authentication failure.Tobias Brunner2011-08-121-2/+4
|
* If local authentication fails, it is not really a peer auth failure.Tobias Brunner2011-08-121-1/+1
|
* Throw an alert if authentication of the peer fails (not only for initiator).Tobias Brunner2011-08-121-34/+27
|
* Throw an alert via bus_t when remote authentication fails.Tobias Brunner2011-08-121-9/+14
|
* Fixed common misspellings.Tobias Brunner2011-07-203-5/+5
| | | | Mostly found by 'codespell'.
* Replaced ike_sa_t.create_additional_address_iterator with enumerator.Tobias Brunner2011-07-061-24/+6
|
* Replaced ike_sa_t.create_child_sa_iterator with enumerator.Tobias Brunner2011-07-063-17/+16
| | | | | This required two new methods on ike_sa_t. One returns the number of CHILD_SAs and one allows to remove a CHILD_SA.
* Replaced simple iterator usages.Tobias Brunner2011-07-064-23/+23
|
* Check if colliding task has actually a CHILD, i.e. after a migrateMartin Willi2011-06-031-1/+4
|
* Remove superfluous test for peer_cfg on established IKE_SAsMartin Willi2011-04-201-1/+1
|
* Clearly mark switch cases that fall through.Tobias Brunner2011-04-191-0/+1
|
* Neither rekey nor del can be NULL.Tobias Brunner2011-04-141-2/+2
|
* Move establish/inherit of rekeyed IKE_SAs to delete messagesMartin Willi2011-03-152-48/+40
| | | | | | | | Having the inherit() function delayed to the IKE_SA establish procedure was problematic. The task destroy function was never a good place and results in locking/cleanup problems. After establishing the SA, it should be really checked in ASAP to avoid any triggered DPD checks to get lost.
* Wrap IKE delete after rekey into rekey task for responder, tooMartin Willi2011-03-151-1/+18
|
* Migrated ike_rekey task to INIT/METHOD macrosMartin Willi2011-03-151-59/+40
|
* Some typos fixed.Tobias Brunner2011-02-071-1/+1
|
* Invoke the per-round authorize() hook before purging current auth info on IKE_SAMartin Willi2011-02-031-10/+10
|
* Migrated ike_auth to INIT/METHOD macros, fixes missing initial_contact ↵Martin Willi2011-02-021-56/+34
| | | | initialization
* Do not log potentially hundreds of cert requests for unknown CAs at level 1Martin Willi2011-01-281-1/+8
|
* Revert "Send INITIAL_CONTACT even if we have a unique policy"Martin Willi2011-01-131-1/+2
| | | | | | | | It makes sense to omit INITIAL_CONTACT if don't have a unique policy, as a client might want to connect from different devices to the same account. This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c.
* Send INITIAL_CONTACT even if we have a unique policyMartin Willi2011-01-101-2/+1
|
* Fix nonce comparison in rekey collisions, lowest nonce losesMartin Willi2011-01-072-7/+7
|
* Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACTMartin Willi2011-01-051-1/+21
|
* Send INITIAL_CONTACT for the first IKE_SA if it has a unique policyMartin Willi2011-01-051-9/+22
|
* Provide CRLs received in CERT payloads to trustchain verificationMartin Willi2011-01-051-1/+9
|
* Include the used reserved bytes from ID payloads in AUTH calculationMartin Willi2011-01-051-4/+35
|
* Handle all error notifies in CREATE_CHILD_SA exchangesMartin Willi2011-01-051-0/+14
|
* eliminated whitespaceAndreas Steffen2010-12-211-1/+1
|
* Migrated child_create_t to INIT/METHOD macrosAndreas Steffen2010-12-211-83/+55
|
* Do not use TFC padding if peer does not support ESPv3Martin Willi2010-12-201-8/+24
|
* Do not add additional addresses to MOBIKE path probing messages.Tobias Brunner2010-10-121-10/+12
|
* Allow responder to use ike_mobike_t.roam.Tobias Brunner2010-10-121-1/+7
| | | | After getting a response the responder updates the IPsec SAs.
* Added support for responders to change their address via MOBIKE.Tobias Brunner2010-10-121-0/+20
| | | | | | | If the original responder updates its list of additional addresses we check if the remote endpoint changed and update the IPsec SAs if it did, as we assume the original address became unavailable and the responder already updated the SAs on its side.
* Explicitly configure MOBIKE tasks to update the list of additional addresses.Tobias Brunner2010-10-122-2/+14
|
* Improved check for first IKE_AUTH message in ike_mobike task.Tobias Brunner2010-10-121-3/+6
| | | | | If the original responder initiated a MOBIKE exchange, the previous check was not always correct.
* Migrated ike_mobike task to INIT/METHOD macros.Tobias Brunner2010-10-121-67/+46
|
* Simplified apply_port function in mobike task.Tobias Brunner2010-10-121-16/+9
|
* NOTIFY error message types include 16383Andreas Steffen2010-09-291-1/+1
|
* Refer to scheduler and processor via lib and not hydra.Tobias Brunner2010-09-024-11/+8
|
* Refer to kernel interface via hydra and not charon.Tobias Brunner2010-09-023-12/+14
|
* Refer to scheduler via hydra and not charon.Tobias Brunner2010-09-023-5/+6
|
* Refer to processor via hydra and not charon.Tobias Brunner2010-09-023-3/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 04:28:25 +0000