aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
* tnc-pdp: Initialize struct msghdr properly when reading RADIUS messages5.1.0Tobias Brunner2013-07-311-10/+10
| | | | | Before this e.g. msg_controllen was not initialized properly which could cause invalid reads.
* whitelist: Fix compilation on FreeBSDTobias Brunner2013-07-311-0/+2
|
* Callback job is not needed any moreAndreas Steffen2013-07-311-4/+0
|
* receiver: Avoid cloning packet data when verifying COOKIE payloadsTobias Brunner2013-07-291-5/+1
| | | | | | | Besides being more efficient this removes a memory leak that occurred when a COOKIE payload was successfully verified. Fixes #369.
* unity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributesTobias Brunner2013-07-291-50/+97
| | | | | | | Cisco devices seem to add 6 bytes of padding between each address/mask pair. Fixes #366.
* tnc-pdp now uses watcher_tAndreas Steffen2013-07-291-92/+63
|
* ikev2: Only schedule half-open-timeout delete job after successfully ↵Tobias Brunner2013-07-291-8/+16
| | | | | | | handling IKE_SA_INIT We want to avoid this allocation if the initial message is invalid (e.g. if the message ID is != 0).
* eap-radius: do RADIUS/IKE attribute forwarding in XAuth backendMartin Willi2013-07-292-1/+5
|
* eap-radius: support plain XAuth RADIUS authentication using User-PasswordMartin Willi2013-07-294-0/+253
|
* eap-radius: export function to build common attributes of Access-RequestMartin Willi2013-07-292-24/+39
|
* eap-radius: export function to process common attributes of Access-AcceptMartin Willi2013-07-292-31/+36
|
* ikev1: Always send ID payloads (traffic selectors) during Quick ModeTobias Brunner2013-07-251-26/+4
| | | | | | | Especially Windows 7 has problems if the peer does not send ID payloads for host-to-host connections (tunnel and transport mode). Fixes #319.
* socket-dynamic: Properly initialize IPv6 addressTobias Brunner2013-07-241-1/+1
|
* tnc-ifmap: Use proper cast for length when using %.*sTobias Brunner2013-07-241-5/+6
|
* coupling: Fix call to call_hook()Tobias Brunner2013-07-221-1/+1
|
* tnc-pdp: Fix reading port setting from strongswan.confTobias Brunner2013-07-221-1/+1
|
* proposal: correctly enumerate registered AEADs to build default IKE proposalMartin Willi2013-07-191-6/+22
| | | | AEADs are not returned (anymore) with the encryption enumerator.
* Fix various API doc issues and typosTobias Brunner2013-07-1810-26/+24
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-186-39/+2
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* certexpire: add an option to enforce exporting trustchains having a private keyMartin Willi2013-07-181-15/+83
|
* error-notify: catch and forward some alerts related to certificate validationMartin Willi2013-07-182-0/+25
|
* bus: raise certificate validation alerts using credential manager hookMartin Willi2013-07-182-0/+43
|
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-182-1/+10
|
* lookip: double size of id field in messageMartin Willi2013-07-181-1/+1
|
* error-notify: increase size of string/identity fields in messagesMartin Willi2013-07-181-2/+2
|
* whitelist: use a read-copy when listing entriesMartin Willi2013-07-181-19/+44
| | | | | While this requires a little more overhead, we can free the lock should the stream block, allowing other threads to add/remove entries.
* whitelist: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
|
* lookip: fix error handling when creating the socket failsMartin Willi2013-07-181-1/+7
|
* error-notify: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
|
* eap-radius: use watcher instead of receiver thread on DAE socketMartin Willi2013-07-181-11/+7
|
* dhcp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-10/+8
|
* farp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-11/+6
|
* load-tester: use a stream service to dispatch control connectionsMartin Willi2013-07-182-93/+27
|
* whitelist: use a stream service to accept client connectionsMartin Willi2013-07-183-121/+106
| | | | | Use SOCK_STREAM, as we don't have SOCK_SEQPACKET on TCP. To have network transparency, the message now uses network byte order.
* lookip: use stream service with async I/O dispatchingMartin Willi2013-07-185-256/+294
| | | | | Now uses SOCK_STREAM, as SOCK_SEQPACKET is not available over TCP. To have network transparency, the message now uses network byte order.
* error-notify: use a stream service to accept client connectionsMartin Willi2013-07-184-122/+103
| | | | | As TCP does not have SOCK_SEQPACKET, we now use SOCK_STREAM for the error-notify socket. To have network transparency, the message now uses network byte order.
* duplicheck: use a stream service to accept client connectionsMartin Willi2013-07-184-105/+146
| | | | | | As we can't use SOCK_SEQPACKET over TCP, we now have to provide message boundaries ourselves. We do this by appending a 16-bit length header to each sent duplicate identity.
* stroke: use a stream service to handle stroke requestsMartin Willi2013-07-181-227/+48
|
* kernel-libipsec: Fail route installation if remote TS matches peerTobias Brunner2013-07-181-0/+9
|
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-1812-13/+16
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-1862-229/+348
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* eap-sim-pcsc: fix compiler warningMartin Willi2013-07-181-2/+1
|
* syslog: setlogmask() to include LOG_INFOMartin Willi2013-07-181-0/+1
| | | | LOG_INFO seems to be excluded by default on some systems (OS X).
* ike: Fix reestablishing SAs if no child-creating tasks are queuedTobias Brunner2013-07-181-2/+5
|
* ike-sa: uninstall CHILD_SAs before removing virtual IPsMartin Willi2013-07-181-1/+8
| | | | | | a3854d83 changed cleanup order. But we should remove CHILD_SAs first, as routes for CHILD_SAs might get deleted while removing virtual IPs, resulting in an error when a CHILD_SA tries to uninstall its route.
* unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were ↵Tobias Brunner2013-07-171-11/+32
| | | | received
* unity: Allow UNITY_LOCAL_LAN to be longer than 8 bytesTobias Brunner2013-07-171-1/+1
|
* unity: Fix memory leak in providerTobias Brunner2013-07-171-0/+1
|
* ikev1: Reestablish IKE_SA/CHILD_SAs if it gets deleted by the peerTobias Brunner2013-07-171-0/+5
| | | | | We call ike_sa_t.reestablish() so the IKE_SA is only recreated if any CHILD_SA requires it.
* ike: Migrate queued CHILD_SA-creating tasks when reestablishing an IKE_SATobias Brunner2013-07-174-2/+115
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 21:45:05 +0000