aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
* Add a global return_success() method implementationMartin Willi2013-02-141-8/+2
|
* Merge branch 'ike-dscp'Martin Willi2013-02-141-1/+26
|\
| * Set configured DSCP value while generating IKE packetsMartin Willi2013-02-061-1/+26
| |
* | make TNC client authentication type available to IMVsAndreas Steffen2013-02-121-0/+57
|/
* Fix check-in of IKE_SA when IKE_SA_INIT fails and hash table is enabledTobias Brunner2013-01-241-2/+13
| | | | | | | Setting the responder SPI to 0 can only be done while generating the response, otherwise we'd fail to check in the IKE_SA again in case the hash table is enabled. That's because we use the responder SPI as hash value since 5.0.0.
* Avoid a deadlock when installing a trap policy failedTobias Brunner2013-01-231-1/+5
|
* Fix IKE SA inherit API docAdrian-Ken Rueegsegger2013-01-221-2/+1
|
* Properly send IKEv1 packets if no ike_cfg is known yetTobias Brunner2013-01-141-2/+5
| | | | This applies for error notifies.
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-125-25/+406
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Added an option to configure the maximum size of a fragmentTobias Brunner2013-01-121-3/+10
| |
| * Properly detect fragmentation capabilitiesTobias Brunner2013-01-121-3/+27
| | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately.
| * Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-122-3/+6
| |
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-242-10/+7
| |
| * Include source port in init hash for fragmented messagesTobias Brunner2012-12-241-1/+8
| |
| * Add an option to en-/disable IKE fragmentationTobias Brunner2012-12-242-5/+20
| | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled.
| * Split larger messages into fragments if IKE fragmentation is supported by peerTobias Brunner2012-12-241-14/+114
| |
| * Log added NAT-T vendor IDsTobias Brunner2012-12-241-0/+1
| |
| * Detect a peer's support for IKE fragmentationTobias Brunner2012-12-242-0/+9
| | | | | | | | Fragments are accepted even if this vendor ID is not seen.
| * Map fragmented initial initial Main or Aggressive Mode messages to the same ↵Tobias Brunner2012-12-241-1/+17
| | | | | | | | IKE_SA
| * Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵Tobias Brunner2012-12-241-1/+2
| | | | | | | | | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
| * Don't handle fragmented messages larger than charon.max_packetTobias Brunner2012-12-241-4/+39
| |
| * Don't update an IKE_SA-entry's cached message ID when handling fragmentsTobias Brunner2012-12-241-1/+4
| |
| * Store inbound IKE fragments and reassemble the message when all fragments ↵Tobias Brunner2012-12-241-3/+166
| | | | | | | | are received
* | Streamline debug output when receiving intermediate CA certificates in IKEv1Martin Willi2013-01-111-1/+1
| |
* | Refactored IKEv2 cert/certreq payload processing to multiple functionsMartin Willi2013-01-111-112/+141
| |
* | Refactored IKEv1 cert payload processing to multiple functionsMartin Willi2013-01-111-73/+102
| |
* | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-111-0/+70
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-111-1/+1
|/
* Add parantheses to avoid compiler warningMartin Willi2012-12-241-1/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-203-3/+3
|
* Raise an alert if IKE SA is keptAdrian-Ken Rueegsegger2012-12-201-0/+1
| | | | | This alert is raised when the establishment of a child SA fails but the IKE SA is kept.
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-196-36/+211
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Raise an alert if allocating virtual IPs failsMartin Willi2012-12-191-0/+2
|
* Raise an alert if kernel policy installation failsMartin Willi2012-12-191-0/+2
|
* Raise an alert if kernel SA installation failsMartin Willi2012-12-191-0/+2
|
* Raise an alert on traffic selector mismatchMartin Willi2012-12-191-0/+2
|
* Raise alerts when enforcing IKE_SA unique policyMartin Willi2012-12-192-0/+2
|
* Raise an alert if CHILD_SA proposals mismatchMartin Willi2012-12-191-0/+2
|
* Raise an alert if IKE proposals mismatchMartin Willi2012-12-191-0/+5
|
* Raise an alert of generating local authentication data failsMartin Willi2012-12-191-6/+10
|
* Fix traffic selectors also as initiator in case of transport mode over NATTobias Brunner2012-12-131-1/+1
|
* Fix debug output if responder selected invalid traffic selectors during QMTobias Brunner2012-12-131-2/+2
|
* Inherit virtual IP and attributes from old to new, not from new to oldMartin Willi2012-12-101-5/+5
|
* Fix GPL license header to properly "sed" itMartin Willi2012-11-301-1/+1
|
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-292-3/+4
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-292-7/+25
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-292-6/+6
|
* Add alerts for sent/received message retransmissions and timeoutMartin Willi2012-11-292-0/+8
|
* Add an ikesa_limit option to limit number of IKE_SAs as responderMartin Willi2012-11-161-19/+39
|
* Log sent vendor IDs for IKEv1Tobias Brunner2012-11-021-0/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 01:56:12 +0000