aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
* Replaced ike_sa_t.create_child_sa_iterator with enumerator.Tobias Brunner2011-07-066-72/+97
| | | | | This required two new methods on ike_sa_t. One returns the number of CHILD_SAs and one allows to remove a CHILD_SA.
* Replaced simple iterator usages.Tobias Brunner2011-07-068-161/+162
|
* Add the reqid to kernel_ipsec_t.del_policy.Tobias Brunner2011-07-061-6/+12
|
* implemented PASS and DROP shunt policiesAndreas Steffen2011-06-282-0/+311
|
* Initialize trap_manager listener with INIT macro, tooMartin Willi2011-06-281-8/+9
|
* Migrated trap_manager_t to INIT/METHOD macrosAndreas Steffen2011-06-281-45/+32
|
* Check if colliding task has actually a CHILD, i.e. after a migrateMartin Willi2011-06-031-1/+4
|
* logging initial EAP Identifier in EAP Identity RequestAndreas Steffen2011-05-291-3/+5
|
* Added strongswan.conf option to override half open IKE_SA timeoutMartin Willi2011-05-161-1/+2
|
* Added a get_count() method to IKE_SA managerMartin Willi2011-05-162-3/+27
|
* Fixed identiation in private_ike_sa_managerMartin Willi2011-05-161-57/+57
|
* Added a non-blocking, skipping variant of IKE_SA enumeratorMartin Willi2011-05-162-6/+24
|
* Typo fixed.Tobias Brunner2011-04-281-1/+1
|
* Resolve and connect to RADIUS servers not before requiredMartin Willi2011-04-211-0/+1
|
* Remove superfluous test for peer_cfg on established IKE_SAsMartin Willi2011-04-201-1/+1
|
* Install ESN SAs if such a proposal has been negotiatedMartin Willi2011-04-201-1/+4
|
* Added an esn parameter to the kernel interface add_sa functionsMartin Willi2011-04-201-1/+1
|
* Clearly mark switch cases that fall through.Tobias Brunner2011-04-191-0/+1
|
* Neither rekey nor del can be NULL.Tobias Brunner2011-04-141-2/+2
|
* display EAP identifiers in HEX formatAndreas Steffen2011-04-061-4/+4
|
* log the EAP identifier also for vendor specific EAP methodsAndreas Steffen2011-04-051-2/+2
|
* log the initial value of the EAP identifierAndreas Steffen2011-04-051-5/+6
|
* added get_identifier() and set_identifier() methodsAndreas Steffen2011-04-051-3/+18
|
* Move establish/inherit of rekeyed IKE_SAs to delete messagesMartin Willi2011-03-155-58/+54
| | | | | | | | Having the inherit() function delayed to the IKE_SA establish procedure was problematic. The task destroy function was never a good place and results in locking/cleanup problems. After establishing the SA, it should be really checked in ASAP to avoid any triggered DPD checks to get lost.
* Wrap IKE delete after rekey into rekey task for responder, tooMartin Willi2011-03-151-1/+18
|
* Migrated ike_rekey task to INIT/METHOD macrosMartin Willi2011-03-151-59/+40
|
* Migrated sim_manager to INIT/METHOD macrosMartin Willi2011-03-081-150/+92
|
* Protect sim card/provider/hook (un-)registration with a rwlockMartin Willi2011-03-081-0/+58
|
* Splitted sim_manager.h header to sim_{card,provider,hooks}.hMartin Willi2011-03-084-226/+305
|
* Slightly change IKE_SA destruction order to inherit properly during ↵Martin Willi2011-02-282-3/+3
| | | | ike_rekey task destruction
* Report correct key size if a cipher is not supportedMartin Willi2011-02-071-1/+1
|
* Some typos fixed.Tobias Brunner2011-02-071-1/+1
|
* Invoke the per-round authorize() hook before purging current auth info on IKE_SAMartin Willi2011-02-031-10/+10
|
* Migrated ike_auth to INIT/METHOD macros, fixes missing initial_contact ↵Martin Willi2011-02-021-56/+34
| | | | initialization
* Do not use destroyed rng/hasher if IKE_SA has been flush()edMartin Willi2011-02-011-3/+9
|
* Do not log potentially hundreds of cert requests for unknown CAs at level 1Martin Willi2011-01-281-1/+8
|
* Revert "Send INITIAL_CONTACT even if we have a unique policy"Martin Willi2011-01-131-1/+2
| | | | | | | | It makes sense to omit INITIAL_CONTACT if don't have a unique policy, as a client might want to connect from different devices to the same account. This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c.
* Force port update as responder when initiator switches to 4500 in IKE_AUTHMartin Willi2011-01-123-5/+6
|
* Avoid variable name overloadingMartin Willi2011-01-121-7/+11
|
* Send INITIAL_CONTACT even if we have a unique policyMartin Willi2011-01-101-2/+1
|
* Fix nonce comparison in rekey collisions, lowest nonce losesMartin Willi2011-01-072-7/+7
|
* Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACTMartin Willi2011-01-053-4/+33
|
* Send INITIAL_CONTACT for the first IKE_SA if it has a unique policyMartin Willi2011-01-053-16/+66
|
* Migrated ike_sa_manager_t to INIT/METHOD macros, some cleanupsMartin Willi2011-01-051-189/+180
|
* Provide CRLs received in CERT payloads to trustchain verificationMartin Willi2011-01-051-1/+9
|
* Include the used reserved bytes from ID payloads in AUTH calculationMartin Willi2011-01-0511-39/+126
|
* Migrated psk/pubkey_authenticators to INIT/METHOD macrosMartin Willi2011-01-052-84/+70
|
* Moved check if packet already encoded to ike_sa, avoids message() hook ↵Martin Willi2011-01-051-0/+5
| | | | invocation twice
* Move critical bit checking to ike_sa, notify payload includes unsupported ↵Martin Willi2011-01-053-11/+61
| | | | payload type
* Handle all error notifies in CREATE_CHILD_SA exchangesMartin Willi2011-01-051-0/+14
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 00:01:19 +0000