| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| | | * | Use task manager as generic interface, renamed implementation to _v2. | Martin Willi | 2012-03-20 | 5 | -24/+64 | |
| | | | | ||||||
| | | * | Fix unaligned aliasing warning in raw socket | Martin Willi | 2012-03-20 | 1 | -5/+4 | |
| | | | | ||||||
| | | * | Use enum to define IKE version on peer_cfg_t. | Tobias Brunner | 2012-03-20 | 16 | -40/+62 | |
| | | | | | | | | | | | | | Replaced all those magic numbers. | |||||
| | | * | Fix init message arrival check. | Tobias Brunner | 2012-03-20 | 1 | -21/+14 | |
| | | | | ||||||
| | | * | Compile error fixed. | Tobias Brunner | 2012-03-20 | 1 | -1/+2 | |
| | | | | ||||||
| | | * | Message parsing slightly refactored, allows parsing of unencrypted IKEv1 ↵ | Tobias Brunner | 2012-03-20 | 1 | -40/+52 | |
| | | | | | | | | | | | | | messages. | |||||
| | | * | Allow creation of message_t objects for IKEv1 packets. | Tobias Brunner | 2012-03-20 | 6 | -47/+60 | |
| | | | | ||||||
| | | * | Certificate request payloads can be sent in pretty much any IKEv1 message. | Tobias Brunner | 2012-03-20 | 1 | -5/+18 | |
| | | | | ||||||
| | | * | Implemented limited payload parsing for IKEv1 SA payloads | Martin Willi | 2012-03-20 | 7 | -176/+557 | |
| | | | | ||||||
| | | * | Added additional IKEv1 payload and encoding identifiers | Martin Willi | 2012-03-20 | 5 | -40/+83 | |
| | | | | ||||||
| | | * | Extend sa_payload for IKEv1 support | Martin Willi | 2012-03-20 | 8 | -34/+155 | |
| | | | | ||||||
| | | * | Message rules for IKEv1 INFORMATIONAL exchange added. | Tobias Brunner | 2012-03-20 | 1 | -0/+24 | |
| | | | | | | | | | | | | | | | | Since INFORMATIONAL "exchanges" are actually unidirectionally sent message we don't have any responder rules. | |||||
| | | * | Message rules for IKEv1 AGGRESSIVE exchange added. | Tobias Brunner | 2012-03-20 | 1 | -0/+72 | |
| | | | | | | | | | | | | | | | | These are basically the same as for ID_PROT but no payloads are expected to be encrypted (at least if using PSK or signatures for authentication). | |||||
| | | * | Message rules for IKEv1 ID_PROT exchange added. | Tobias Brunner | 2012-03-20 | 1 | -0/+77 | |
| | | | | | | | | | | | | | | | | These rules are quite broad and cover main mode with at least PSK and signature based authentication. | |||||
| | | * | Typo fixed. | Tobias Brunner | 2012-03-20 | 1 | -1/+1 | |
| | | | | ||||||
| | | * | Use vendor id payload for IKEv1 payloads, too | Martin Willi | 2012-03-20 | 4 | -10/+22 | |
| | | | | ||||||
| | | * | Added IKEv1 payload identifiers to "known" payload list | Martin Willi | 2012-03-20 | 1 | -2/+9 | |
| | | | | ||||||
| | | * | Handle IKEv1 messages in managers checkout_by_message | Martin Willi | 2012-03-20 | 1 | -9/+30 | |
| | | | | ||||||
| | | * | Added IKEv1 payload identifiers | Martin Willi | 2012-03-20 | 2 | -4/+97 | |
| | | | | ||||||
| | | * | Accept and process IKEv1 messages in receiver | Martin Willi | 2012-03-20 | 1 | -7/+18 | |
| | | | | ||||||
| | | * | Extended IKE header for IKEv1 support | Martin Willi | 2012-03-20 | 4 | -58/+236 | |
| | | | | ||||||
| * | | | Added a dedicated sender flush method, delay sender destruction until users gone | Martin Willi | 2012-05-02 | 3 | -3/+20 | |
| | | | | ||||||
| * | | | add AUTH_RULE_SUBJECT_CERT for raw public keys4.6.3 | Andreas Steffen | 2012-04-30 | 1 | -0/+4 | |
| | | | | ||||||
| * | | | Typo fixed. | Tobias Brunner | 2012-04-30 | 1 | -1/+1 | |
| | | | | ||||||
| * | | | output validity of raw public key if available | Andreas Steffen | 2012-04-30 | 1 | -2/+34 | |
| | | | | ||||||
| * | | | added support for raw RSA public keys to stroke | Andreas Steffen | 2012-04-30 | 5 | -1/+100 | |
| | | | | ||||||
| * | | | Fixed null-pointer dereference in smp plugin. | Tobias Brunner | 2012-04-26 | 1 | -3/+7 | |
| | | | | ||||||
| * | | | Removed auth_cfg_t.replace_value() and replaced usages with add(). | Tobias Brunner | 2012-04-18 | 3 | -17/+4 | |
| | | | | | | | | | | | | | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient. | |||||
| * | | | Store password with remote ID to tie it stronger to a specific connection. | Tobias Brunner | 2012-04-18 | 1 | -12/+50 | |
| | | | | ||||||
| * | | | Added stroke user-creds command, to set username/password for a connection. | Tobias Brunner | 2012-04-17 | 3 | -1/+166 | |
| | | | | ||||||
| * | | | Added method to add additional shared secrets to stroke_cred_t. | Tobias Brunner | 2012-04-17 | 2 | -2/+20 | |
| | | | | ||||||
| * | | | Typo fixed. | Tobias Brunner | 2012-04-17 | 1 | -1/+1 | |
| | | | | ||||||
| * | | | Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a ↵ | Martin Willi | 2012-04-17 | 1 | -5/+43 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | few secs Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as initiator, we can't know if the completing IKE_SA_INIT message is to our first request or the one with the COOKIE. If the responder just enabled/disabled COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE behavior toggling improves the situation, but does not solve the problem during the initial COOKIE activation. | |||||
| * | | | Added a note about DH/keymat lifecycle for custom implementations | Martin Willi | 2012-04-17 | 1 | -1/+6 | |
| | | | | ||||||
| * | | | Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE | Martin Willi | 2012-04-17 | 1 | -2/+5 | |
| | | | | ||||||
| * | | | Use IP address as ID as responder if not configured or no IDr received. | Tobias Brunner | 2012-04-16 | 1 | -3/+11 | |
| | | | | ||||||
| * | | | Fall back on IP address as IDi if none is configured at all. | Tobias Brunner | 2012-04-16 | 1 | -7/+7 | |
| | | | | ||||||
| * | | | Use auth_cfg_t.replace_value where appropriate. | Tobias Brunner | 2012-04-16 | 2 | -26/+5 | |
| | | | | ||||||
| * | | | Fixed IDi in case neither left nor leftid is configured. | Tobias Brunner | 2012-04-16 | 1 | -0/+21 | |
| | | | | ||||||
| * | | | Don't invoke child_updown hook twice as responder | Martin Willi | 2012-04-11 | 1 | -3/+8 | |
| | | | | ||||||
| * | | | Accept zero-length certificate request payloads | Martin Willi | 2012-04-11 | 1 | -2/+1 | |
| | | | | ||||||
| * | | | Properly initialize src in ike_sa_t.is_any_path_valid(). | Tobias Brunner | 2012-04-06 | 1 | -1/+1 | |
| | | | | ||||||
| * | | | remove leading zero in ASN.1 encoded serial numbers | Andreas Steffen | 2012-04-05 | 1 | -2/+2 | |
| | | | | ||||||
| * | | | Make AES-CMAC actually usable for IKEv2. | Tobias Brunner | 2012-04-04 | 1 | -0/+5 | |
| | | | | ||||||
| * | | | moved chunk_skip_zero to chunk.h | Andreas Steffen | 2012-04-03 | 1 | -2/+3 | |
| | | | | ||||||
| * | | | added IKEv2 Generic Secure Password Authentication Method | Andreas Steffen | 2012-04-03 | 2 | -3/+10 | |
| | | | | ||||||
| * | | | added IKEv2 Generic Secure Password Authentication Method | Andreas Steffen | 2012-04-03 | 2 | -6/+17 | |
| | | | | ||||||
| * | | | added GSPM IKEv2 payload | Andreas Steffen | 2012-04-03 | 2 | -8/+20 | |
| | | | | ||||||
| * | | | Doxygen fixes. | Tobias Brunner | 2012-04-03 | 2 | -2/+2 | |
| | | | | ||||||
| * | | | Don't cast second argument of mem_printf_hook (%b) to size_t. | Tobias Brunner | 2012-03-27 | 5 | -12/+17 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also treat the given number as unsigned int. Due to the printf hook registration the second argument of mem_printf_hook (if called via printf etc.) is always of type int*. Casting this to a size_t pointer and then dereferencing that as int does not work on big endian machines if int is smaller than size_t (e.g. on ppc64). In order to make this change work if the argument is of a type larger than int, size_t for instance, the second argument for %b has to be casted to (u_)int. | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |