aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
* Extracted path checking in ike_sa_t.roam into separate functions.Tobias Brunner2010-10-121-46/+68
|
* Added support for responders to change their address via MOBIKE.Tobias Brunner2010-10-121-0/+20
| | | | | | | If the original responder updates its list of additional addresses we check if the remote endpoint changed and update the IPsec SAs if it did, as we assume the original address became unavailable and the responder already updated the SAs on its side.
* Explicitly configure MOBIKE tasks to update the list of additional addresses.Tobias Brunner2010-10-123-2/+15
|
* Improved check for first IKE_AUTH message in ike_mobike task.Tobias Brunner2010-10-121-3/+6
| | | | | If the original responder initiated a MOBIKE exchange, the previous check was not always correct.
* Migrated ike_mobike task to INIT/METHOD macros.Tobias Brunner2010-10-121-67/+46
|
* Simplified apply_port function in mobike task.Tobias Brunner2010-10-121-16/+9
|
* Do not update hosts based on retransmitted messages.Tobias Brunner2010-10-122-15/+23
|
* Do not update remote host if we are behind a NAT.Tobias Brunner2010-10-121-4/+2
|
* NOTIFY error message types include 16383Andreas Steffen2010-09-291-1/+1
|
* Adapted child_sa_t to changed kernel interface.Tobias Brunner2010-09-021-25/+49
|
* Added an option to specify the type of a policy to kernel_ipsec.add_policy.Tobias Brunner2010-09-021-18/+18
| | | | | This will later allow us to support pluto's passthrough and drop policies in charon.
* Replaced the protocol argument in add_policy with an optional SPI for an AH SA.Tobias Brunner2010-09-021-18/+37
|
* Refer to scheduler and processor via lib and not hydra.Tobias Brunner2010-09-028-36/+30
|
* Refer to kernel interface via hydra and not charon.Tobias Brunner2010-09-026-58/+62
|
* Removed references to protocol_id_t from kernel interface.Tobias Brunner2010-09-021-37/+65
| | | | | Instead we use the actual IP protocol identifier (the conversion now happens in child_sa_t and kernel_handler_t).
* Migrated child_sa_t to INIT/METHOD macros.Tobias Brunner2010-09-021-202/+132
|
* Refer to scheduler via hydra and not charon.Tobias Brunner2010-09-026-21/+23
|
* Refer to processor via hydra and not charon.Tobias Brunner2010-09-026-9/+14
|
* Use the AAA Identity for EAP authentication, if givenMartin Willi2010-08-312-1/+14
|
* Moved EAP type/code definitions to a seprate header file in libstrongswanMartin Willi2010-08-312-35/+1
|
* Port floating patch partially reversed.Tobias Brunner2010-08-302-12/+8
| | | | | | If MOBIKE is enabled, we do have to switch to port 4500 with the IKE_AUTH request, that is, before we know whether the other peer actually supports MOBIKE or not.
* Slightly refactored port floating.Tobias Brunner2010-08-305-35/+39
| | | | In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
* Fixed ME after introduction of AEAD wrapper.Tobias Brunner2010-08-301-1/+1
|
* Migrated delete_payload to INIT/METHOD macros, replaced iteratorMartin Willi2010-08-251-9/+8
|
* Check if colliding rekey actually created an IKE_INITThomas Egerer2010-08-251-37/+42
| | | | | | In some cases (especially if a child is half-open) the colliding rekey-job might not have created the ike_init member. If so, the nonce check fails with SIGSEGV.
* Fixed crypter keymat derivation bugMartin Willi2010-08-191-3/+4
|
* Implemented IKEv2 keymat derivation for AEAD algorithmsMartin Willi2010-08-191-29/+58
|
* Use AEAD wrapper for encryption payload encryption/decryptionMartin Willi2010-08-194-118/+121
|
* Migrated keymat to INIT/METHOD macrosMartin Willi2010-08-191-72/+41
|
* Use a seperate section for each nested struct member in INIT macroMartin Willi2010-08-182-25/+15
|
* some simplifications using the INIT macroAndreas Steffen2010-08-171-7/+5
|
* Added support for Camellia cipher to xcbcMartin Willi2010-08-131-0/+3
|
* Migrated eap_authenticator to INIT/METHOD macrosAndreas Steffen2010-08-131-66/+60
|
* Migrated eap_manager to INIT/METHOD macrosAndreas Steffen2010-08-131-31/+23
|
* moved eap_from_string() fomr libcharon to libstrongswan to make it available ↵Andreas Steffen2010-08-132-43/+0
| | | | in starter
* recognize eap-ttls methodAndreas Steffen2010-08-121-0/+1
|
* Use bits instead of bytes for a private/public keyMartin Willi2010-08-101-3/+3
|
* fix error-type range in parsing of NOTIFY payloadsJiri Bohac2010-08-061-1/+1
|
* Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA ↵Tobias Brunner2010-08-041-3/+2
| | | | allocated an ID.
* Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone ↵Martin Willi2010-08-042-2/+5
| | | | in destroy
* Added EAP-TLS plugin stubMartin Willi2010-08-031-0/+1
|
* Do not touch child from collision if peer deleted itThomas Egerer2010-08-031-3/+24
|
* Pass the CREATE_CHILD_SA initiator flag to the child_keys parameterMartin Willi2010-07-261-2/+2
|
* Added log statement if peer requests EAP, but current config does not allow itMartin Willi2010-07-211-0/+1
|
* Support different encoding types in certificate.get_encoding()Martin Willi2010-07-131-1/+6
|
* Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵Martin Willi2010-07-131-1/+1
| | | | encoding
* Moved X509 ipAddrBlock checking to the addrblock pluginMartin Willi2010-07-131-60/+0
|
* Added a hook to narrow traffic selectors for CHILD_SAsMartin Willi2010-07-131-5/+38
|
* Moved credential manager to libstrongswanMartin Willi2010-07-139-115/+15
|
* Added support for named attribute groupsHeiko Hund2010-07-091-1/+1
| | | | | | Add the possibility to group attributes by a name and assign these groups to connections. This allows a more granular configuration of which client will receive what atrributes.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 11:50:24 +0000