| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | | Fix check-in of IKE_SA when IKE_SA_INIT fails and hash table is enabled | Tobias Brunner | 2013-01-24 | 1 | -2/+13 | |
| | | | | | | | | | | | | | | | Setting the responder SPI to 0 can only be done while generating the response, otherwise we'd fail to check in the IKE_SA again in case the hash table is enabled. That's because we use the responder SPI as hash value since 5.0.0. | |||||
| * | | Avoid a deadlock when installing a trap policy failed | Tobias Brunner | 2013-01-23 | 1 | -1/+5 | |
| | | | ||||||
| * | | Fix IKE SA inherit API doc | Adrian-Ken Rueegsegger | 2013-01-22 | 1 | -2/+1 | |
| | | | ||||||
| * | | Filter TS list for Split-Includes before printing them to debug log | Martin Willi | 2013-01-21 | 1 | -10/+34 | |
| |/ | ||||||
| * | Properly send IKEv1 packets if no ike_cfg is known yet | Tobias Brunner | 2013-01-14 | 1 | -2/+5 | |
| | | | | | This applies for error notifies. | |||||
| * | Don't handle right=%any6 as "loose" identity, but as %any | Martin Willi | 2013-01-14 | 1 | -2/+1 | |
| | | ||||||
| * | Merge branch 'ikev1-fragmentation' | Tobias Brunner | 2013-01-12 | 25 | -55/+832 | |
| |\ | | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS | |||||
| | * | Added an option to configure the maximum size of a fragment | Tobias Brunner | 2013-01-12 | 1 | -3/+10 | |
| | | | ||||||
| | * | Properly detect fragmentation capabilities | Tobias Brunner | 2013-01-12 | 1 | -3/+27 | |
| | | | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately. | |||||
| | * | Added an option that allows to force IKEv1 fragmentation | Tobias Brunner | 2013-01-12 | 12 | -19/+43 | |
| | | | ||||||
| | * | Use a connection specific option to en-/disable IKEv1 fragmentation | Tobias Brunner | 2012-12-24 | 13 | -25/+47 | |
| | | | ||||||
| | * | Include source port in init hash for fragmented messages | Tobias Brunner | 2012-12-24 | 1 | -1/+8 | |
| | | | ||||||
| | * | Add an option to en-/disable IKE fragmentation | Tobias Brunner | 2012-12-24 | 2 | -5/+20 | |
| | | | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled. | |||||
| | * | Split larger messages into fragments if IKE fragmentation is supported by peer | Tobias Brunner | 2012-12-24 | 1 | -14/+114 | |
| | | | ||||||
| | * | Log message size for in- and outbound IKE messages | Tobias Brunner | 2012-12-24 | 2 | -4/+7 | |
| | | | ||||||
| | * | Add support to create IKE fragments | Tobias Brunner | 2012-12-24 | 2 | -0/+30 | |
| | | | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing. | |||||
| | * | Log added NAT-T vendor IDs | Tobias Brunner | 2012-12-24 | 1 | -0/+1 | |
| | | | ||||||
| | * | Detect a peer's support for IKE fragmentation | Tobias Brunner | 2012-12-24 | 2 | -0/+9 | |
| | | | | | | | | | Fragments are accepted even if this vendor ID is not seen. | |||||
| | * | Map fragmented initial initial Main or Aggressive Mode messages to the same ↵ | Tobias Brunner | 2012-12-24 | 1 | -1/+17 | |
| | | | | | | | | | IKE_SA | |||||
| | * | Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵ | Tobias Brunner | 2012-12-24 | 1 | -1/+2 | |
| | | | | | | | | | | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges. | |||||
| | * | Don't handle fragmented messages larger than charon.max_packet | Tobias Brunner | 2012-12-24 | 1 | -4/+39 | |
| | | | ||||||
| | * | Don't update an IKE_SA-entry's cached message ID when handling fragments | Tobias Brunner | 2012-12-24 | 1 | -1/+4 | |
| | | | ||||||
| | * | Store inbound IKE fragments and reassemble the message when all fragments ↵ | Tobias Brunner | 2012-12-24 | 1 | -3/+166 | |
| | | | | | | | | | are received | |||||
| | * | Add message rules to properly handle IKE fragments | Tobias Brunner | 2012-12-24 | 1 | -0/+8 | |
| | | | | | | | | | | | These are sent in unencrypted messages and are the only payload contained in such messages. | |||||
| | * | Reset the encrypted flag when handling IKE messages that contain a fragment | Tobias Brunner | 2012-12-24 | 1 | -0/+6 | |
| | | | | | | | | | | | Racoon sets the encrypted bit for messages containing a fragment, but these messages are not really encrypted (the fragmented message is though). | |||||
| | * | Payload added to handle IKE fragments | Tobias Brunner | 2012-12-24 | 6 | -11/+314 | |
| | | | ||||||
| * | | Don't use bio_writer_t.skip() to write length field when appending more data | Martin Willi | 2013-01-11 | 1 | -4/+4 | |
| | | | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation. | |||||
| * | | Streamline debug output when receiving intermediate CA certificates in IKEv1 | Martin Willi | 2013-01-11 | 1 | -1/+1 | |
| | | | ||||||
| * | | Refactored IKEv2 cert/certreq payload processing to multiple functions | Martin Willi | 2013-01-11 | 1 | -112/+141 | |
| | | | ||||||
| * | | Refactored IKEv1 cert payload processing to multiple functions | Martin Willi | 2013-01-11 | 1 | -73/+102 | |
| | | | ||||||
| * | | IKEv1 support for PKCS#7 wrapped certificates | Volker Rümelin | 2013-01-11 | 3 | -0/+96 | |
| | | | ||||||
| * | | Fixed some typos in comments | Volker Rümelin | 2013-01-11 | 4 | -6/+6 | |
| |/ | ||||||
| * | Add parantheses to avoid compiler warning | Martin Willi | 2012-12-24 | 1 | -1/+1 | |
| | | ||||||
| * | Send empty CDATA batch if TNC client has no data to send | Andreas Steffen | 2012-12-23 | 1 | -16/+28 | |
| | | ||||||
| * | Fixed some typos, courtesy of codespell | Tobias Brunner | 2012-12-20 | 7 | -7/+7 | |
| | | ||||||
| * | Raise an alert if IKE SA is kept | Adrian-Ken Rueegsegger | 2012-12-20 | 2 | -0/+3 | |
| | | | | | | This alert is raised when the establishment of a child SA fails but the IKE SA is kept. | |||||
| * | Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier | Volker Rümelin | 2012-12-19 | 14 | -90/+311 | |
| | | | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947. | |||||
| * | Add missing error_notify_msg.h to distribution tarball | Martin Willi | 2012-12-19 | 1 | -1/+2 | |
| | | ||||||
| * | Add an error-notify sample application to listen to error notifications | Martin Willi | 2012-12-19 | 3 | -0/+66 | |
| | | ||||||
| * | Add an error-notify plugin to send catched alerts to listening applications | Martin Willi | 2012-12-19 | 9 | -0/+743 | |
| | | ||||||
| * | Raise an alert if half-open timeout limit reached | Martin Willi | 2012-12-19 | 2 | -0/+3 | |
| | | ||||||
| * | Raise an alert if an authorize() hook fails | Martin Willi | 2012-12-19 | 2 | -0/+6 | |
| | | ||||||
| * | Raise an alert if allocating virtual IPs fails | Martin Willi | 2012-12-19 | 2 | -0/+4 | |
| | | ||||||
| * | Raise an alert if kernel policy installation fails | Martin Willi | 2012-12-19 | 2 | -0/+4 | |
| | | ||||||
| * | Raise an alert if kernel SA installation fails | Martin Willi | 2012-12-19 | 2 | -0/+4 | |
| | | ||||||
| * | Raise an alert on traffic selector mismatch | Martin Willi | 2012-12-19 | 2 | -0/+5 | |
| | | ||||||
| * | Raise alerts when enforcing IKE_SA unique policy | Martin Willi | 2012-12-19 | 4 | -0/+7 | |
| | | ||||||
| * | Raise an alert if CHILD_SA proposals mismatch | Martin Willi | 2012-12-19 | 2 | -0/+4 | |
| | | ||||||
| * | Raise an alert if IKE proposals mismatch | Martin Willi | 2012-12-19 | 2 | -0/+7 | |
| | | ||||||
| * | Raise an alert of generating local authentication data fails | Martin Willi | 2012-12-19 | 2 | -6/+12 | |
| | | ||||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |