aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
* Added an option to specify the type of a policy to kernel_ipsec.add_policy.Tobias Brunner2010-09-021-18/+18
| | | | | This will later allow us to support pluto's passthrough and drop policies in charon.
* Replaced the protocol argument in add_policy with an optional SPI for an AH SA.Tobias Brunner2010-09-021-18/+37
|
* Refer to scheduler and processor via lib and not hydra.Tobias Brunner2010-09-028-36/+30
|
* Refer to kernel interface via hydra and not charon.Tobias Brunner2010-09-026-58/+62
|
* Removed references to protocol_id_t from kernel interface.Tobias Brunner2010-09-021-37/+65
| | | | | Instead we use the actual IP protocol identifier (the conversion now happens in child_sa_t and kernel_handler_t).
* Migrated child_sa_t to INIT/METHOD macros.Tobias Brunner2010-09-021-202/+132
|
* Refer to scheduler via hydra and not charon.Tobias Brunner2010-09-026-21/+23
|
* Refer to processor via hydra and not charon.Tobias Brunner2010-09-026-9/+14
|
* Use the AAA Identity for EAP authentication, if givenMartin Willi2010-08-312-1/+14
|
* Moved EAP type/code definitions to a seprate header file in libstrongswanMartin Willi2010-08-312-35/+1
|
* Port floating patch partially reversed.Tobias Brunner2010-08-302-12/+8
| | | | | | If MOBIKE is enabled, we do have to switch to port 4500 with the IKE_AUTH request, that is, before we know whether the other peer actually supports MOBIKE or not.
* Slightly refactored port floating.Tobias Brunner2010-08-305-35/+39
| | | | In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
* Fixed ME after introduction of AEAD wrapper.Tobias Brunner2010-08-301-1/+1
|
* Migrated delete_payload to INIT/METHOD macros, replaced iteratorMartin Willi2010-08-251-9/+8
|
* Check if colliding rekey actually created an IKE_INITThomas Egerer2010-08-251-37/+42
| | | | | | In some cases (especially if a child is half-open) the colliding rekey-job might not have created the ike_init member. If so, the nonce check fails with SIGSEGV.
* Fixed crypter keymat derivation bugMartin Willi2010-08-191-3/+4
|
* Implemented IKEv2 keymat derivation for AEAD algorithmsMartin Willi2010-08-191-29/+58
|
* Use AEAD wrapper for encryption payload encryption/decryptionMartin Willi2010-08-194-118/+121
|
* Migrated keymat to INIT/METHOD macrosMartin Willi2010-08-191-72/+41
|
* Use a seperate section for each nested struct member in INIT macroMartin Willi2010-08-182-25/+15
|
* some simplifications using the INIT macroAndreas Steffen2010-08-171-7/+5
|
* Added support for Camellia cipher to xcbcMartin Willi2010-08-131-0/+3
|
* Migrated eap_authenticator to INIT/METHOD macrosAndreas Steffen2010-08-131-66/+60
|
* Migrated eap_manager to INIT/METHOD macrosAndreas Steffen2010-08-131-31/+23
|
* moved eap_from_string() fomr libcharon to libstrongswan to make it available ↵Andreas Steffen2010-08-132-43/+0
| | | | in starter
* recognize eap-ttls methodAndreas Steffen2010-08-121-0/+1
|
* Use bits instead of bytes for a private/public keyMartin Willi2010-08-101-3/+3
|
* fix error-type range in parsing of NOTIFY payloadsJiri Bohac2010-08-061-1/+1
|
* Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA ↵Tobias Brunner2010-08-041-3/+2
| | | | allocated an ID.
* Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone ↵Martin Willi2010-08-042-2/+5
| | | | in destroy
* Added EAP-TLS plugin stubMartin Willi2010-08-031-0/+1
|
* Do not touch child from collision if peer deleted itThomas Egerer2010-08-031-3/+24
|
* Pass the CREATE_CHILD_SA initiator flag to the child_keys parameterMartin Willi2010-07-261-2/+2
|
* Added log statement if peer requests EAP, but current config does not allow itMartin Willi2010-07-211-0/+1
|
* Support different encoding types in certificate.get_encoding()Martin Willi2010-07-131-1/+6
|
* Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵Martin Willi2010-07-131-1/+1
| | | | encoding
* Moved X509 ipAddrBlock checking to the addrblock pluginMartin Willi2010-07-131-60/+0
|
* Added a hook to narrow traffic selectors for CHILD_SAsMartin Willi2010-07-131-5/+38
|
* Moved credential manager to libstrongswanMartin Willi2010-07-139-115/+15
|
* Added support for named attribute groupsHeiko Hund2010-07-091-1/+1
| | | | | | Add the possibility to group attributes by a name and assign these groups to connections. This allows a more granular configuration of which client will receive what atrributes.
* Print identity to a lease address on the same line for simpler grepingMartin Willi2010-07-081-1/+1
|
* Use the responder side configured EAP-Identity directly, if givenMartin Willi2010-07-051-7/+16
|
* Copy EAP specific attributes to auth config onlyMartin Willi2010-07-052-8/+10
|
* support of xfrm marks for IKEv2Andreas Steffen2010-07-021-34/+48
|
* Recreate IKE_SA_INIT related tasks only if they have completedMartin Willi2010-06-301-11/+35
|
* Use enumerator for queued_tasks migration to avoid infinite loopThomas Egerer2010-06-301-3/+5
|
* Correct check of traffic selectors before destructionThomas Egerer2010-06-291-2/+2
|
* Migrate queued_tasks tasks, to avoid dangling pointersThomas Egerer2010-06-291-0/+7
|
* Add extra information in debug output for IKE_SA check{out, in}Thomas Egerer2010-06-072-10/+27
| | | | | | | This output helps tracing checkout and checkin of IKE_SAs when there is more than one IKE_SAs with the same name. I also added the type of in-air-exchange to the debug output issued by the task_manager in case a task initiation is delayed, came in handy for me.
* Flush auth configs, create new keymat during SA resetMartin Willi2010-06-071-12/+16
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-22 20:20:11 +0000