aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
* treat IF-M and IF-TNCCS remediation instructions/parameters in an equal wayAndreas Steffen2013-02-193-97/+198
|
* Streamlined log messages in ipseckey pluginAndreas Steffen2013-02-192-58/+30
|
* ipseckey: Report IPSECKEYs with invalid DNSSEC security stateReto Guadagnini2013-02-191-2/+12
|
* ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.confReto Guadagnini2013-02-191-3/+16
|
* Added ipseckey plugin, which provides support for public keys in IPSECKEY RRsReto Guadagnini2013-02-198-0/+859
|
* added missing return statementAndreas Steffen2013-02-191-0/+1
|
* reject PB-Experimental messages with NOSKIP flag setAndreas Steffen2013-02-191-0/+7
|
* Add a timeout to clean up PDP RADIUS connectionsMartin Willi2013-02-141-0/+51
|
* Keep the PDP connections lock while accessing its objectsMartin Willi2013-02-143-7/+34
| | | | | | When we introduce connection timeouts, the state may disappear at any time. This change prevents that, but is not very clear. We probably have to refactor connection handling.
* Add locking to TNC-PDP connectionsMartin Willi2013-02-141-7/+23
|
* Add a global return_success() method implementationMartin Willi2013-02-141-8/+2
|
* Merge branch 'ike-dscp'Martin Willi2013-02-1413-59/+163
|\
| * Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-061-1/+1
| |
| * Set configured DSCP value while generating IKE packetsMartin Willi2013-02-061-1/+26
| |
| * Add a DSCP configuration value to IKE configsMartin Willi2013-02-0611-21/+38
| |
| * Set DSCP values when sending IP packets in socket-defaultMartin Willi2013-02-061-1/+65
| |
| * Don't send a packet in default socket if family is not IPv4 nor IPv6Martin Willi2013-02-061-12/+18
| |
| * Avoid extensive casting of sockaddr types in socket-default by using a unionMartin Willi2013-02-061-24/+16
| | | | | | | | Additionally fixes a strict-aliasing rule compiler warning with older gcc.
* | Check if recommendations is set before applying language preferenceMartin Willi2013-02-141-3/+6
| |
* | Merge branch 'pt-tls'Martin Willi2013-02-143-9/+0
|\ \
| * | TNCCS plugins don't depend on EAP-TNC, but can be used by other transports, tooMartin Willi2013-01-153-9/+0
| | |
* | | Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
| | | | | | | | | | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* | | treat EAP identities as user IDsAndreas Steffen2013-02-121-3/+3
| | |
* | | make TNC client authentication type available to IMVsAndreas Steffen2013-02-129-27/+204
| | |
* | | determine underlying IF-T transport protocolAndreas Steffen2013-02-1210-62/+184
| | |
* | | make AR identities available to IMVs via IF-IMV 1.4 draftAndreas Steffen2013-02-115-0/+146
| | |
* | | Make IKE/EAP IDs available to TNC server/clientAndreas Steffen2013-02-118-24/+81
| | |
* | | Allow more than one CERTREQ payload for IKEv2Tobias Brunner2013-02-081-2/+2
| |/ |/| | | | | | | | | There is no reason not to do so (RFC 5996 explicitly mentions multiple CERTREQ payloads) and some implementations seem to use the same behavior as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
* | Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
| |
* | Removed unused command name when printing usage info for lookipTobias Brunner2013-01-241-1/+1
| |
* | Fix check-in of IKE_SA when IKE_SA_INIT fails and hash table is enabledTobias Brunner2013-01-241-2/+13
| | | | | | | | | | | | | | Setting the responder SPI to 0 can only be done while generating the response, otherwise we'd fail to check in the IKE_SA again in case the hash table is enabled. That's because we use the responder SPI as hash value since 5.0.0.
* | Avoid a deadlock when installing a trap policy failedTobias Brunner2013-01-231-1/+5
| |
* | Fix IKE SA inherit API docAdrian-Ken Rueegsegger2013-01-221-2/+1
| |
* | Filter TS list for Split-Includes before printing them to debug logMartin Willi2013-01-211-10/+34
|/
* Properly send IKEv1 packets if no ike_cfg is known yetTobias Brunner2013-01-141-2/+5
| | | | This applies for error notifies.
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-1225-55/+832
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Added an option to configure the maximum size of a fragmentTobias Brunner2013-01-121-3/+10
| |
| * Properly detect fragmentation capabilitiesTobias Brunner2013-01-121-3/+27
| | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately.
| * Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-1212-19/+43
| |
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-2413-25/+47
| |
| * Include source port in init hash for fragmented messagesTobias Brunner2012-12-241-1/+8
| |
| * Add an option to en-/disable IKE fragmentationTobias Brunner2012-12-242-5/+20
| | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled.
| * Split larger messages into fragments if IKE fragmentation is supported by peerTobias Brunner2012-12-241-14/+114
| |
| * Log message size for in- and outbound IKE messagesTobias Brunner2012-12-242-4/+7
| |
| * Add support to create IKE fragmentsTobias Brunner2012-12-242-0/+30
| | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing.
| * Log added NAT-T vendor IDsTobias Brunner2012-12-241-0/+1
| |
| * Detect a peer's support for IKE fragmentationTobias Brunner2012-12-242-0/+9
| | | | | | | | Fragments are accepted even if this vendor ID is not seen.
| * Map fragmented initial initial Main or Aggressive Mode messages to the same ↵Tobias Brunner2012-12-241-1/+17
| | | | | | | | IKE_SA
| * Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵Tobias Brunner2012-12-241-1/+2
| | | | | | | | | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-31 16:46:15 +0000