aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
* Check if colliding rekey actually created an IKE_INITThomas Egerer2010-08-251-37/+42
| | | | | | In some cases (especially if a child is half-open) the colliding rekey-job might not have created the ike_init member. If so, the nonce check fails with SIGSEGV.
* Fixed crypter keymat derivation bugMartin Willi2010-08-191-3/+4
|
* Implemented IKEv2 keymat derivation for AEAD algorithmsMartin Willi2010-08-191-29/+58
|
* Use AEAD wrapper for encryption payload encryption/decryptionMartin Willi2010-08-194-118/+121
|
* Migrated keymat to INIT/METHOD macrosMartin Willi2010-08-191-72/+41
|
* Use a seperate section for each nested struct member in INIT macroMartin Willi2010-08-182-25/+15
|
* some simplifications using the INIT macroAndreas Steffen2010-08-171-7/+5
|
* Added support for Camellia cipher to xcbcMartin Willi2010-08-131-0/+3
|
* Migrated eap_authenticator to INIT/METHOD macrosAndreas Steffen2010-08-131-66/+60
|
* Migrated eap_manager to INIT/METHOD macrosAndreas Steffen2010-08-131-31/+23
|
* moved eap_from_string() fomr libcharon to libstrongswan to make it available ↵Andreas Steffen2010-08-132-43/+0
| | | | in starter
* recognize eap-ttls methodAndreas Steffen2010-08-121-0/+1
|
* Use bits instead of bytes for a private/public keyMartin Willi2010-08-101-3/+3
|
* fix error-type range in parsing of NOTIFY payloadsJiri Bohac2010-08-061-1/+1
|
* Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA ↵Tobias Brunner2010-08-041-3/+2
| | | | allocated an ID.
* Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone ↵Martin Willi2010-08-042-2/+5
| | | | in destroy
* Added EAP-TLS plugin stubMartin Willi2010-08-031-0/+1
|
* Do not touch child from collision if peer deleted itThomas Egerer2010-08-031-3/+24
|
* Pass the CREATE_CHILD_SA initiator flag to the child_keys parameterMartin Willi2010-07-261-2/+2
|
* Added log statement if peer requests EAP, but current config does not allow itMartin Willi2010-07-211-0/+1
|
* Support different encoding types in certificate.get_encoding()Martin Willi2010-07-131-1/+6
|
* Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵Martin Willi2010-07-131-1/+1
| | | | encoding
* Moved X509 ipAddrBlock checking to the addrblock pluginMartin Willi2010-07-131-60/+0
|
* Added a hook to narrow traffic selectors for CHILD_SAsMartin Willi2010-07-131-5/+38
|
* Moved credential manager to libstrongswanMartin Willi2010-07-139-115/+15
|
* Added support for named attribute groupsHeiko Hund2010-07-091-1/+1
| | | | | | Add the possibility to group attributes by a name and assign these groups to connections. This allows a more granular configuration of which client will receive what atrributes.
* Print identity to a lease address on the same line for simpler grepingMartin Willi2010-07-081-1/+1
|
* Use the responder side configured EAP-Identity directly, if givenMartin Willi2010-07-051-7/+16
|
* Copy EAP specific attributes to auth config onlyMartin Willi2010-07-052-8/+10
|
* support of xfrm marks for IKEv2Andreas Steffen2010-07-021-34/+48
|
* Recreate IKE_SA_INIT related tasks only if they have completedMartin Willi2010-06-301-11/+35
|
* Use enumerator for queued_tasks migration to avoid infinite loopThomas Egerer2010-06-301-3/+5
|
* Correct check of traffic selectors before destructionThomas Egerer2010-06-291-2/+2
|
* Migrate queued_tasks tasks, to avoid dangling pointersThomas Egerer2010-06-291-0/+7
|
* Add extra information in debug output for IKE_SA check{out, in}Thomas Egerer2010-06-072-10/+27
| | | | | | | This output helps tracing checkout and checkin of IKE_SAs when there is more than one IKE_SAs with the same name. I also added the type of in-air-exchange to the debug output issued by the task_manager in case a task initiation is delayed, came in handy for me.
* Flush auth configs, create new keymat during SA resetMartin Willi2010-06-071-12/+16
|
* Recreate IKE_INIT/IKE_NATD/IKE_VENDOR tasks if we reset SA during IKE_AUTHMartin Willi2010-06-071-0/+11
|
* Reacquire keymat from new IKE_SA during task migrationMartin Willi2010-06-071-0/+1
|
* Wrap task enumerator in ike_saMartin Willi2010-06-072-1/+16
|
* Migrated ike_sa_t to INIT/METHOD macrosMartin Willi2010-06-071-407/+239
|
* Added support for task enumeration in task_manager_tMartin Willi2010-06-072-0/+38
|
* Migrated task_manager_t to INIT/METHOD macrosMartin Willi2010-06-071-65/+45
|
* Disable close action for a redundant CHILD_SA resulting from a rekey collisionMartin Willi2010-06-021-0/+5
| | | | | | | | If a rekey collision is detected, the winning peer of the nonce compare will delete the redundant CHILD_SA. The other peer should not enforce the close action on this CHILD, as it would reestablish the redundat CHILD_SA. Thanks to Thomas Egerer from secunet for pointing this out and the initial patchset.
* Use wrapped getters for close/dpd actionMartin Willi2010-06-022-8/+10
|
* Wrap getters for dpd/close action into CHILD_SA, allows us to override themMartin Willi2010-06-022-0/+76
|
* Do not install trap policy if remote host is %any.Tobias Brunner2010-05-281-1/+1
|
* Handle collisions between rekey and the following delete properlyMartin Willi2010-05-181-27/+63
|
* Use reqid from connection config if present.Reto Buerki2010-05-041-2/+6
|
* Ignore DH exchange in CHILD_SA rekeying if the selected proposal contains no ↵Martin Willi2010-04-211-5/+5
| | | | DH group
* manage synced SAs in IKE_SA Manager, tag them with IKE_PASSIVE stateMartin Willi2010-04-071-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 17:53:11 +0000