| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Never register IKE_SA during checkout_new, as rekeying keeps it checked out | Martin Willi | 2010-12-07 | 2 | -18/+2 | |
| | | ||||||
| * | Guarantee entry->other is set when calling put_connected_peers | Thomas Egerer | 2010-12-06 | 1 | -1/+7 | |
| | | | | | | | | | | | | Given the original intent of entry->host, the check for DoS attacks, it can happen that this value remains NULL when an entry is created. This is particularly awkward if put_connected_peers is called to check if a connection to a given peer already exists, since it takes the address family into consideration (git commit b74219d0) which is gleaned from entry->host. This patch guarantees that entry->other is a clone of host before put_connected_peers is called. | |||||
| * | Do not checkin a previously destroyed SA | Thomas Egerer | 2010-11-16 | 1 | -1/+4 | |
| | | ||||||
| * | Extend connected peers by peer family | Thomas Egerer | 2010-11-12 | 1 | -5/+16 | |
| | | | | | | This allows for simultanious IPv4 and IPv6 tunnel for same peers with matching identities. | |||||
| * | Do not add additional addresses to MOBIKE path probing messages. | Tobias Brunner | 2010-10-12 | 1 | -10/+12 | |
| | | ||||||
| * | Change behavior of responder during roaming. | Tobias Brunner | 2010-10-12 | 1 | -16/+17 | |
| | | | | | | | If the current source address is not available anymore, the responder uses ike_mobike_t.roam, thus, uses multiple address combinations when trying to notify the initiator. | |||||
| * | Allow responder to use ike_mobike_t.roam. | Tobias Brunner | 2010-10-12 | 1 | -1/+7 | |
| | | | | | After getting a response the responder updates the IPsec SAs. | |||||
| * | Send list of additional addresses even if current path is still valid. | Tobias Brunner | 2010-10-12 | 1 | -0/+11 | |
| | | ||||||
| * | Extracted path checking in ike_sa_t.roam into separate functions. | Tobias Brunner | 2010-10-12 | 1 | -46/+68 | |
| | | ||||||
| * | Added support for responders to change their address via MOBIKE. | Tobias Brunner | 2010-10-12 | 1 | -0/+20 | |
| | | | | | | | | If the original responder updates its list of additional addresses we check if the remote endpoint changed and update the IPsec SAs if it did, as we assume the original address became unavailable and the responder already updated the SAs on its side. | |||||
| * | Explicitly configure MOBIKE tasks to update the list of additional addresses. | Tobias Brunner | 2010-10-12 | 3 | -2/+15 | |
| | | ||||||
| * | Improved check for first IKE_AUTH message in ike_mobike task. | Tobias Brunner | 2010-10-12 | 1 | -3/+6 | |
| | | | | | | If the original responder initiated a MOBIKE exchange, the previous check was not always correct. | |||||
| * | Migrated ike_mobike task to INIT/METHOD macros. | Tobias Brunner | 2010-10-12 | 1 | -67/+46 | |
| | | ||||||
| * | Simplified apply_port function in mobike task. | Tobias Brunner | 2010-10-12 | 1 | -16/+9 | |
| | | ||||||
| * | Do not update hosts based on retransmitted messages. | Tobias Brunner | 2010-10-12 | 2 | -15/+23 | |
| | | ||||||
| * | Do not update remote host if we are behind a NAT. | Tobias Brunner | 2010-10-12 | 1 | -4/+2 | |
| | | ||||||
| * | NOTIFY error message types include 16383 | Andreas Steffen | 2010-09-29 | 1 | -1/+1 | |
| | | ||||||
| * | Adapted child_sa_t to changed kernel interface. | Tobias Brunner | 2010-09-02 | 1 | -25/+49 | |
| | | ||||||
| * | Added an option to specify the type of a policy to kernel_ipsec.add_policy. | Tobias Brunner | 2010-09-02 | 1 | -18/+18 | |
| | | | | | | This will later allow us to support pluto's passthrough and drop policies in charon. | |||||
| * | Replaced the protocol argument in add_policy with an optional SPI for an AH SA. | Tobias Brunner | 2010-09-02 | 1 | -18/+37 | |
| | | ||||||
| * | Refer to scheduler and processor via lib and not hydra. | Tobias Brunner | 2010-09-02 | 8 | -36/+30 | |
| | | ||||||
| * | Refer to kernel interface via hydra and not charon. | Tobias Brunner | 2010-09-02 | 6 | -58/+62 | |
| | | ||||||
| * | Removed references to protocol_id_t from kernel interface. | Tobias Brunner | 2010-09-02 | 1 | -37/+65 | |
| | | | | | | Instead we use the actual IP protocol identifier (the conversion now happens in child_sa_t and kernel_handler_t). | |||||
| * | Migrated child_sa_t to INIT/METHOD macros. | Tobias Brunner | 2010-09-02 | 1 | -202/+132 | |
| | | ||||||
| * | Refer to scheduler via hydra and not charon. | Tobias Brunner | 2010-09-02 | 6 | -21/+23 | |
| | | ||||||
| * | Refer to processor via hydra and not charon. | Tobias Brunner | 2010-09-02 | 6 | -9/+14 | |
| | | ||||||
| * | Use the AAA Identity for EAP authentication, if given | Martin Willi | 2010-08-31 | 2 | -1/+14 | |
| | | ||||||
| * | Moved EAP type/code definitions to a seprate header file in libstrongswan | Martin Willi | 2010-08-31 | 2 | -35/+1 | |
| | | ||||||
| * | Port floating patch partially reversed. | Tobias Brunner | 2010-08-30 | 2 | -12/+8 | |
| | | | | | | | If MOBIKE is enabled, we do have to switch to port 4500 with the IKE_AUTH request, that is, before we know whether the other peer actually supports MOBIKE or not. | |||||
| * | Slightly refactored port floating. | Tobias Brunner | 2010-08-30 | 5 | -35/+39 | |
| | | | | | In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE. | |||||
| * | Fixed ME after introduction of AEAD wrapper. | Tobias Brunner | 2010-08-30 | 1 | -1/+1 | |
| | | ||||||
| * | Migrated delete_payload to INIT/METHOD macros, replaced iterator | Martin Willi | 2010-08-25 | 1 | -9/+8 | |
| | | ||||||
| * | Check if colliding rekey actually created an IKE_INIT | Thomas Egerer | 2010-08-25 | 1 | -37/+42 | |
| | | | | | | | In some cases (especially if a child is half-open) the colliding rekey-job might not have created the ike_init member. If so, the nonce check fails with SIGSEGV. | |||||
| * | Fixed crypter keymat derivation bug | Martin Willi | 2010-08-19 | 1 | -3/+4 | |
| | | ||||||
| * | Implemented IKEv2 keymat derivation for AEAD algorithms | Martin Willi | 2010-08-19 | 1 | -29/+58 | |
| | | ||||||
| * | Use AEAD wrapper for encryption payload encryption/decryption | Martin Willi | 2010-08-19 | 4 | -118/+121 | |
| | | ||||||
| * | Migrated keymat to INIT/METHOD macros | Martin Willi | 2010-08-19 | 1 | -72/+41 | |
| | | ||||||
| * | Use a seperate section for each nested struct member in INIT macro | Martin Willi | 2010-08-18 | 2 | -25/+15 | |
| | | ||||||
| * | some simplifications using the INIT macro | Andreas Steffen | 2010-08-17 | 1 | -7/+5 | |
| | | ||||||
| * | Added support for Camellia cipher to xcbc | Martin Willi | 2010-08-13 | 1 | -0/+3 | |
| | | ||||||
| * | Migrated eap_authenticator to INIT/METHOD macros | Andreas Steffen | 2010-08-13 | 1 | -66/+60 | |
| | | ||||||
| * | Migrated eap_manager to INIT/METHOD macros | Andreas Steffen | 2010-08-13 | 1 | -31/+23 | |
| | | ||||||
| * | moved eap_from_string() fomr libcharon to libstrongswan to make it available ↵ | Andreas Steffen | 2010-08-13 | 2 | -43/+0 | |
| | | | | | in starter | |||||
| * | recognize eap-ttls method | Andreas Steffen | 2010-08-12 | 1 | -0/+1 | |
| | | ||||||
| * | Use bits instead of bytes for a private/public key | Martin Willi | 2010-08-10 | 1 | -3/+3 | |
| | | ||||||
| * | fix error-type range in parsing of NOTIFY payloads | Jiri Bohac | 2010-08-06 | 1 | -1/+1 | |
| | | ||||||
| * | Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA ↵ | Tobias Brunner | 2010-08-04 | 1 | -3/+2 | |
| | | | | | allocated an ID. | |||||
| * | Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone ↵ | Martin Willi | 2010-08-04 | 2 | -2/+5 | |
| | | | | | in destroy | |||||
| * | Added EAP-TLS plugin stub | Martin Willi | 2010-08-03 | 1 | -0/+1 | |
| | | ||||||
| * | Do not touch child from collision if peer deleted it | Thomas Egerer | 2010-08-03 | 1 | -3/+24 | |
| | | ||||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |