| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | | Fall back to local address as IKEv1 identity if nothing else is configured | Tobias Brunner | 2012-08-24 | 1 | -2/+14 | |
| |/ | ||||||
| * | Remove the unused second IKE_SA entry match function argument | Martin Willi | 2012-08-20 | 1 | -4/+4 | |
| | | | | | LLVMs clang complains about this parameter, so remove it. | |||||
| * | Add keymat_t constructor registration function | Adrian-Ken Rueegsegger | 2012-08-20 | 2 | -3/+45 | |
| | | | | | | | Using the register_constructor function enables custom keymat_t implementations per IKE version. If no constructor is registered the default behavior is preserved. | |||||
| * | Merge branch 'android-app' | Tobias Brunner | 2012-08-13 | 3 | -2/+3 | |
| |\ | | | | | | | | | | | | | | | This branch introduces a userland IPsec implementation (libipsec) and an Android App which targets the VpnService API that is provided by Android 4+. The implementation is based on the bachelor thesis 'Userland IPsec for Android 4' by Giuliano Grassi and Ralf Sager. | |||||
| | * | Moved packet_t to libstrongswan | Tobias Brunner | 2012-08-08 | 2 | -1/+2 | |
| | | | ||||||
| | * | Increase log verbosity when sending NAT keep-alives | Tobias Brunner | 2012-08-08 | 1 | -1/+1 | |
| | | | ||||||
| * | | Merge branch 'android-ndk' | Tobias Brunner | 2012-08-13 | 3 | -10/+18 | |
| |\| | | | | | | | | | | | | | | | | | | | | | | | This branch comes with some preliminary changes for the user-land IPsec implementation and the Android App. One important change is that the UDP ports used by the socket-default plugin were made configurable (either via ./configure or strongswan.conf). Also, the plugin does randomly allocate a port if it is configured to 0, which is useful for client implementations. A consequence of these changes is that the local UDP port used when creating ike_cfg_t objects has to be fetched from the socket. | |||||
| | * | Replaced usages of CHARON_*_PORT with calls to get_port(). | Tobias Brunner | 2012-08-08 | 3 | -7/+15 | |
| | | | ||||||
| | * | Use send_no_marker to send NAT keepalives. | Tobias Brunner | 2012-08-08 | 1 | -1/+1 | |
| | | | ||||||
| | * | Make the UDP ports charon listens for packets on (and uses as source ports) ↵ | Tobias Brunner | 2012-08-08 | 3 | -10/+10 | |
| | | | | | | | | | configurable. | |||||
| * | | Use actual daemon name to enable XAuth/PSK with aggressive mode | Martin Willi | 2012-08-10 | 1 | -2/+3 | |
| |/ | ||||||
| * | Remove queued IKEv1 message before processing it | Martin Willi | 2012-08-08 | 1 | -3/+5 | |
| | | | | | | Avoids destruction or processing of a queued message in recursive process_message() call. | |||||
| * | Include src address in hash of initial message for Main Mode | Tobias Brunner | 2012-08-08 | 1 | -5/+31 | |
| | | | | | | | | If two initiators use the same SPI and also use the same SA proposal the hash for the initial message would be exactly the same. For IKEv2 and Aggressive Mode that's not a problem as these messages include random data (Ni, KEi payloads). | |||||
| * | Block XAuth transaction on established IKE_SAs, but allow Mode Config | Martin Willi | 2012-08-03 | 2 | -2/+1 | |
| | | ||||||
| * | Reject initial exchange messages early once IKE_SA is established | Martin Willi | 2012-08-02 | 1 | -0/+18 | |
| | | ||||||
| * | Lookup IKEv1 PSK even if the peer identity is not known | Martin Willi | 2012-07-31 | 1 | -1/+1 | |
| | | ||||||
| * | Don't include acquiring packet traffic selectors in IKEv1 | Martin Willi | 2012-07-26 | 1 | -0/+5 | |
| | | | | | | | | | As we only can negotiate a single TS in IKEv1, don't prepend the triggering packet TS, as we do in IKEv2. Otherwise we don't establish the TS of the configuration, but only that of the triggering packet. Fixes #207. | |||||
| * | Implement late peer config switching after XAuth authentication | Martin Willi | 2012-07-26 | 1 | -15/+80 | |
| | | | | | | | | If additional authentication constraints, such as group membership, is not fulfilled by an XAuth backend, we search for another peer configuration that fulfills all constraints, including those from phase1. | |||||
| * | Check if XAuth round complies to configured authentication round | Martin Willi | 2012-07-26 | 1 | -7/+18 | |
| | | ||||||
| * | Merge auth config items added from XAuth backends to IKE_SA | Martin Willi | 2012-07-26 | 1 | -0/+1 | |
| | | ||||||
| * | Release leaking child config after uninstalling shunt policy | Martin Willi | 2012-07-23 | 1 | -0/+1 | |
| | | ||||||
| * | Refactored error handling in keymat_v1_t | Martin Willi | 2012-07-16 | 1 | -25/+27 | |
| | | ||||||
| * | Clean up error handling in keymat_v2_t | Martin Willi | 2012-07-16 | 1 | -87/+65 | |
| | | ||||||
| * | Cleaned up memory management and return values for encryption payload | Martin Willi | 2012-07-16 | 1 | -1/+4 | |
| | | ||||||
| * | Add a return value to hasher_t.allocate_hash() | Martin Willi | 2012-07-16 | 6 | -20/+80 | |
| | | ||||||
| * | Add a return value to keymat_v1_t.{get,update,confirm}_iv | Martin Willi | 2012-07-16 | 2 | -13/+31 | |
| | | ||||||
| * | Add a return value to crypter_t.set_key() | Martin Willi | 2012-07-16 | 2 | -5/+22 | |
| | | ||||||
| * | Add a return value to crypter_t.decrypt() | Martin Willi | 2012-07-16 | 1 | -2/+1 | |
| | | ||||||
| * | Add a return value to crypter_t.encrypt | Martin Willi | 2012-07-16 | 1 | -2/+1 | |
| | | ||||||
| * | Check rng return value when generating ME CONNECT_ID and KEY | Tobias Brunner | 2012-07-16 | 1 | -2/+14 | |
| | | ||||||
| * | Check rng return value when generating IKEv1 message IDs | Tobias Brunner | 2012-07-16 | 1 | -8/+20 | |
| | | ||||||
| * | Check rng return value when generating COOKIE2 during MOBIKE | Tobias Brunner | 2012-07-16 | 1 | -6/+11 | |
| | | ||||||
| * | Check rng return value when generating fake NAT detection payloads | Tobias Brunner | 2012-07-16 | 2 | -4/+5 | |
| | | ||||||
| * | Check rng return value when generating SPIs in ike_sa_manager_t | Tobias Brunner | 2012-07-16 | 1 | -35/+67 | |
| | | ||||||
| * | Nonce: Let get_nonce, allocate_nonce return boolean | Reto Buerki | 2012-07-16 | 4 | -5/+31 | |
| | | ||||||
| * | Add a return value to prf_t.set_key() | Martin Willi | 2012-07-16 | 2 | -23/+41 | |
| | | ||||||
| * | Add a return value to prf_t.allocate_bytes() | Martin Willi | 2012-07-16 | 2 | -22/+71 | |
| | | ||||||
| * | Use a bool return value in keymat_v1_t.get_hash_phase2() | Martin Willi | 2012-07-16 | 2 | -27/+27 | |
| | | ||||||
| * | Add a return value to keymat_v1_t.get_hash() | Martin Willi | 2012-07-16 | 4 | -17/+35 | |
| | | ||||||
| * | Add a return value to keymat_v2_t.get_auth_octets() | Martin Willi | 2012-07-16 | 3 | -17/+24 | |
| | | ||||||
| * | Add a return value to keymat_v2_t.get_psk_sig() | Martin Willi | 2012-07-16 | 4 | -24/+39 | |
| | | ||||||
| * | Add a return value to prf_t.get_bytes() | Martin Willi | 2012-07-16 | 1 | -9/+19 | |
| | | ||||||
| * | prf_plus_create() can return NULL on failure | Martin Willi | 2012-07-16 | 2 | -0/+20 | |
| | | ||||||
| * | Add a return value to prf_plus_t.allocate_bytes() | Martin Willi | 2012-07-16 | 2 | -17/+76 | |
| | | ||||||
| * | Add a return value to signer_t.set_key() | Martin Willi | 2012-07-16 | 1 | -2/+14 | |
| | | ||||||
| * | Add a return value to aead_t.set_key() | Martin Willi | 2012-07-16 | 2 | -3/+12 | |
| | | ||||||
| * | Add a return value to aead_t.encrypt() | Martin Willi | 2012-07-16 | 1 | -1/+2 | |
| | | ||||||
| * | Simplify NAT-D payload creation if UDP encapsulation is forced | Tobias Brunner | 2012-07-13 | 1 | -2/+2 | |
| | | | | | | We don't need any address lookups in that case as the content of the payload is generated randomly anyway. | |||||
| * | Send cert request based on peers configured authentication class | Martin Willi | 2012-07-10 | 1 | -3/+30 | |
| | | ||||||
| * | Don't send CERTREQs when initiating aggressive mode PSK | Martin Willi | 2012-07-09 | 1 | -0/+4 | |
| | | ||||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |