aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* implemented periodic IF-MAP RenewSession requestAndreas Steffen2013-04-036-1/+181
|
* Refactor check_for_rekeyed_child() in quick_mode taskMartin Willi2013-04-031-18/+24
|
* Reuse reqid of an existing Quick Mode, even if it has been rekeyedMartin Willi2013-04-031-1/+2
| | | | | | If two peers rekey Quick Modes at the same time, the original Quick Mode is in REKEYING state and hence the requid is not reused. This is required though, as two identical policies won't work if they have different requids.
* List all stroke counters when "all" is given, and report if connection not knownMartin Willi2013-04-031-30/+88
|
* Defer CHILD_SA rekeying if allocating an SPI failsMartin Willi2013-04-032-12/+26
|
* allow retrieval of private keys from other credential setsAndreas Steffen2013-04-022-9/+26
|
* improve checking of sent and received http messagesAndreas Steffen2013-04-021-3/+7
|
* Load raw keys before possibly destroying the identityTobias Brunner2013-04-011-12/+11
| | | | | | | | If no identity (or %any) is configured the identification_t object is destroyed and an invalid object was associated with the created pubkey certificate. Actually using %any does not work as the certificate would not match when the client later provides an identity.
* ipseckey: Use proper daemon name for enable optionTobias Brunner2013-04-011-1/+1
|
* Properly handle situation if no resolver plugins are loadedTobias Brunner2013-04-011-3/+2
|
* fixed capability metadataAndreas Steffen2013-03-311-1/+2
|
* renamed tnc_ifmap2 plugin to tnc_ifmapAndreas Steffen2013-03-3111-180/+180
|
* removed obsoleted tnc_ifmap pluginAndreas Steffen2013-03-318-1344/+0
|
* implemented http basic authenticationAndreas Steffen2013-03-313-46/+80
|
* parse IF-MAP server URIAndreas Steffen2013-03-313-41/+105
|
* implemented publish_enforcement_report and endSession methodsAndreas Steffen2013-03-301-6/+58
|
* implemented publish_ike_sa methodAndreas Steffen2013-03-301-6/+252
|
* ifmap message type is knownAndreas Steffen2013-03-303-12/+7
|
* implemented publish_device_ip methodAndreas Steffen2013-03-301-13/+132
|
* added IF-MAP SOAP error handlingAndreas Steffen2013-03-301-9/+32
|
* created tnc_ifmap2_soap_msg classAndreas Steffen2013-03-294-220/+343
|
* implement NewSession and PurgePublisher messages using the libxml2 libraryAndreas Steffen2013-03-293-79/+265
|
* set up a new IF-MAP sessionAndreas Steffen2013-03-299-0/+884
|
* Fixed Doxygen comment in eap_radius pluginTobias Brunner2013-03-271-2/+3
|
* error-notify: Close file descriptors in case clients are still connectedTobias Brunner2013-03-251-0/+6
|
* ipseckey: NULL pointer dereference fixed in error caseTobias Brunner2013-03-251-0/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2013-03-252-3/+3
|
* enforce singular of packetsAndreas Steffen2013-03-221-4/+6
|
* asprintf(3) requires _GNU_SOURCE to be defined5.0.3rc1Tobias Brunner2013-03-221-0/+2
|
* Check return value of asprintf(3) when converting AR identityTobias Brunner2013-03-221-2/+4
| | | | | Using chunk_t.ptr as target was also not optimal as it resulted in a compiler warning.
* Switch encoding of AR Identity Value from binary to UTF-8Andreas Steffen2013-03-221-8/+7
|
* Add a load-tester option to keep allocated external address until shutdownMartin Willi2013-03-212-1/+50
|
* Allow up to 10 NAT-D payloads in IKEv1 messagesTobias Brunner2013-03-201-1/+1
|
* Avoid a race condition when reloading secrets from ipsec.secretsTobias Brunner2013-03-201-18/+25
| | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded.
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-201-3/+5
| | | | This avoids huge warnings when building the native code.
* Add an option to autobalance a HA cluster automaticallyMartin Willi2013-03-191-0/+59
|
* Check if for some reason we handle a HA segment on both nodesMartin Willi2013-03-191-1/+15
|
* Acquire HA segment lock while sending heartbeatMartin Willi2013-03-191-0/+2
|
* Removed unused variable 'id'Tobias Brunner2013-03-191-2/+1
|
* Avoid returning COOKIEs right after system bootTobias Brunner2013-03-191-1/+1
| | | | | | | | | | | When the monotonic timer is initialized to 0 right after the system is booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s). Since the COOKIE verification code actually produces an overflow for COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs. Checking for last_cookie makes sense anyway as that condition must only apply if we actually sent a COOKIE before.
* Fix scheduling of heartbeat sending in HA pluginMartin Willi2013-03-191-2/+11
| | | | | | e0efd7c1 switches to automated job rescheduling for HA heartbeat. However, send_status() is initially called directly, which will not reschedule the job as required.
* Fix compiler warning in HA pluginMartin Willi2013-03-191-1/+1
|
* Don't try to mmap() empty ipsec.secret filesMartin Willi2013-03-191-1/+5
|
* Delete IKE_SAs if responder does not initiate XAuth exchange within a ↵Tobias Brunner2013-03-193-3/+27
| | | | certain time frame
* Make sure that xauth-noauth is not used accidentallyTobias Brunner2013-03-191-2/+5
| | | | It has to be selected explicitly with rightauth2=xauth-noauth.
* Added xauth-noauth pluginTobias Brunner2013-03-197-29/+305
| | | | | | | | This XAuth backend does not do any authentication of client credentials but simply sends a successful XAuth status to the client, thereby concluding the XAuth exchange. This can be useful to fallback to basic RSA authentication with clients that can not be configured without XAuth authentication.
* In stroke counters, check if we have an IKE_SA before getting the name from itMartin Willi2013-03-191-3/+6
| | | | | Fixes a segfault when receiving an invalid IKE SPI, where we don't have an IKE_SA for the raised alert.
* Add an "esp" load-tester option to configure custom CHILD_SA ESP proposalMartin Willi2013-03-181-3/+16
|
* Algorithms are not really specific to an IKE versionTobias Brunner2013-03-181-1/+1
| | | | | | But not all of them can be used with IKEv1. Fixes #314.
* Merge branch 'radius-ext'Martin Willi2013-03-1819-98/+1203
|\ | | | | | | | | | | Bring some extensions to eap-radius, namely a virtual IP address provider based on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting updates and the reporting of sent/received packets.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 09:26:16 +0000