aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* | Act on RADIUS DAE Disconnect requestsMartin Willi2012-03-051-1/+56
| |
* | Verify received RADIUS DAE requestsMartin Willi2012-03-051-9/+51
| |
* | Support verification of RADIUS request messagesMartin Willi2012-03-052-3/+10
| |
* | Rename RADIUS message constructors to handle both, requests and responsesMartin Willi2012-03-056-15/+15
| |
* | Enable RADIUS DAE listening if configuredMartin Willi2012-03-051-0/+13
| |
* | Added infrastructure to listen to RADIUS Dynamic Authorization Extension ↵Martin Willi2012-03-053-0/+228
| | | | | | | | requests
* | Added Dynamic Authorization Extension RADIUS message codesMartin Willi2012-03-052-1/+14
| |
* | Set IKE_SA lifetime based on RADIUS Session-Timeout attributeMartin Willi2012-03-051-0/+26
| |
* | Set hard timeouts when setting a lifetimeMartin Willi2012-03-051-7/+14
| |
* | Fix IKE_SA timeout debug output on 64bit platformsMartin Willi2012-03-051-3/+4
| |
* | Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.Tobias Brunner2012-02-271-0/+2
| | | | | | | | This requires a Linux kernel >= 2.6.33.
* | Encode IPv6 virtual IPs in a Framed-IPv6-Prefix attributeMartin Willi2012-02-241-1/+9
| |
* | Refactored construction of RADIUS accounting messagesMartin Willi2012-02-241-23/+21
| |
* | Include port numbers in Calling-Station-Id, tooMartin Willi2012-02-241-2/+2
| |
* | Use large enough buffers for IPv6 addresses in Calling-Station-IdMartin Willi2012-02-241-2/+2
| |
* | Send client external address as Calling-Station-Id in RADIUS accountingMartin Willi2012-02-241-6/+11
| |
* | Some Doxygen fixes.Tobias Brunner2012-02-072-2/+2
| |
* | Update usage for all children in RADIUS accounting just before sending StopMartin Willi2012-02-061-1/+12
| |
* | Check if ClusterIP directory could be opened before enumerating itMartin Willi2012-02-061-17/+26
| |
* | Trigger DPD not before IKE_SA state gets updatedMartin Willi2012-02-021-6/+8
| |
* | Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE stateMartin Willi2012-02-021-0/+26
| |
* | Added an option to load CA certificates without CA basic constraint.Tobias Brunner2012-02-011-4/+34
| | | | | | | | | | | | Enabling this option treats all certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA certificates even if they do not contain a CA basic constraint.
* | Support RADIUS accounting messages containing Framed-IP and ↵Martin Willi2012-01-304-0/+376
| | | | | | | | Inbound/Outbound-Octets
* | Open RADIUS accounting sockets to exchange accounting messagesMartin Willi2012-01-305-46/+91
| |
* | Support signing of RADIUS accounting messagesMartin Willi2012-01-303-10/+26
| |
* | RADIUS message constructor accepts a message code parameterMartin Willi2012-01-303-7/+8
| |
* | Cache list of plugin names to further simplify its usage.Tobias Brunner2012-01-192-19/+5
| | | | | | | | Also helpful for ipsec statusall to avoid having to enumerate plugins.
* | Simplified logging of list of loaded plugins.Tobias Brunner2012-01-192-23/+9
| |
* | Destroy active task list before queued tasksThomas Egerer2012-01-181-3/+3
| | | | | | | | | | | | | | Since active task's destruction might result in adopting tasks from a rekeyed ike sa it seems better to first destroy the active task list and then destroy all queued tasks. This way adoption is possible at all, while otherwise the queued task list would be empty.
* | Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.Tobias Brunner2012-01-121-0/+2
| | | | | | | | | | | | | | Because all packages are now marked as optional executables that are to be installed on the final system have to be added to PRODUCT_PACKAGES in build/target/product/core.mk. Dependencies (such as libraries) are installed automatically.
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-122-3/+3
| |
* | Implemented TLS session resumption both as client and as serverMartin Willi2011-12-313-5/+7
| |
* | Make number of concurrently handled stroke messages configurable.Tobias Brunner2011-12-291-2/+9
| |
* | Limit the number of concurrently handled stroke messages.Tobias Brunner2011-12-291-18/+104
| | | | | | | | This avoids clogging the thread pool with potentially blocking jobs.
* | Fix deadlock in trap_manager_t during acquire.Tobias Brunner2011-12-231-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fixes a TOCTOU issue regarding the use of entry_t.pending. The deadlock was caused because the rwlock was being locked while waiting for an IKE_SA. Triggering the deadlock was a bit tricky, here is the description by Thomas Egerer (the reporter of this issue): " The deadlock occurs when the following happens (in the given order): a) an IKE_SA is built and a thread is processing the IKE_AUTH request, which can take a bit longer when a smartcard is involved. This causes the ike_sa_manager to lock a particular IKE_SA exclusively. b) an acquire is triggered which causes the rwlock in the trap_manager to be read-locked, the subsequent call to ike_sa_manager->checkout_by_config has to wait until a) unlocks it's ike_sa. c) a child_cfg contained in the peer_cfg belonging to the ike_sa a) has locked is routed causes the child_configs contained in the peer config to be locked by c) while the actual routing code within trap_manager tries to writelock it's rwlock. That's about it. As soon as a) finishes authentication of the peer and tries to find a matching child sa it will try to lock the child configs of the peer config which is not possible since it has been locked by c). Thread | Resource locked | Resource desired -------+--------------------------------+-------------------------------- (a) | ike_sa in ike_sa_manager | child_cfgs of peer_cfg | | (b) | rwlock in trap-manager (read) | ike_sa in ike_sa_manager | | (c) | child_cfgs of peer_cfg | rwlock in trap-manager (write) " With this patch thread (b) now does not hold the lock while waiting for the IKE_SA. Thus (c) can get the write lock, and (a) can subsequently lock the mutex in the peer_cfg which then finally allows (b) to checkout the IKE_SA.
* | Fixed flush() method of trap_manager_t.Tobias Brunner2011-12-231-3/+9
| | | | | | | | | | A segmentation fault could have happened during destruction of the trap manager after calling flush().
* | Make sure the certificate cache is flushed when plugins are unloaded.Tobias Brunner2011-12-151-0/+2
| | | | | | | | | | This avoids segmentation faults when plugins implementing cert_t are already unloaded when the cache is flushed during destruction.
* | Added missing libsimaka files to Android.mk.Tobias Brunner2011-12-141-0/+2
| |
* | Destroy mediation managers before unloading plugins.Tobias Brunner2011-12-141-4/+4
| |
* | implemented IMC/IMV ReceiveMessageLong functionsAndreas Steffen2011-12-091-0/+2
| |
* | added IMC/IMV support for send_message_long() and reserve_additional_id() ↵Andreas Steffen2011-12-093-10/+20
| | | | | | | | functions
* | implemented IF-IMC/IMV 1.3 attributesAndreas Steffen2011-12-083-20/+224
| |
* | added TNC_TNCC_GetAttribute() and TNC_TNCC_SetAttribute() functionsAndreas Steffen2011-12-083-8/+59
| |
* | added TNC_IMC_ReceiveMessageLong() and TNC_IMV_ReceiveMessageLong() supportAndreas Steffen2011-12-086-51/+100
| |
* | fixed typo in function nameAndreas Steffen2011-12-081-1/+1
| |
* | added TNC_TNCS_ReserveAdditionalIMVID() functionAndreas Steffen2011-12-073-4/+102
| |
* | return with TNC_RESULT_SUCCESSAndreas Steffen2011-12-071-4/+5
| |
* | added TNC_TNCC_ReserveAdditionalIMCID() functionAndreas Steffen2011-12-073-3/+99
| |
* | added TNC_TNCC_SendMessageLong() and TNC_TNCS_SendMessageLong() functionsAndreas Steffen2011-12-077-45/+102
| |
* | corrected function name in error messageAndreas Steffen2011-12-072-2/+2
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 11:18:18 +0000