aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
| * Add message rules to properly handle IKE fragmentsTobias Brunner2012-12-241-0/+8
| | | | | | | | | | These are sent in unencrypted messages and are the only payload contained in such messages.
| * Reset the encrypted flag when handling IKE messages that contain a fragmentTobias Brunner2012-12-241-0/+6
| | | | | | | | | | Racoon sets the encrypted bit for messages containing a fragment, but these messages are not really encrypted (the fragmented message is though).
| * Payload added to handle IKE fragmentsTobias Brunner2012-12-246-11/+314
| |
* | Don't use bio_writer_t.skip() to write length field when appending more dataMartin Willi2013-01-111-4/+4
| | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation.
* | Streamline debug output when receiving intermediate CA certificates in IKEv1Martin Willi2013-01-111-1/+1
| |
* | Refactored IKEv2 cert/certreq payload processing to multiple functionsMartin Willi2013-01-111-112/+141
| |
* | Refactored IKEv1 cert payload processing to multiple functionsMartin Willi2013-01-111-73/+102
| |
* | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-113-0/+96
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-114-6/+6
|/
* Add parantheses to avoid compiler warningMartin Willi2012-12-241-1/+1
|
* Send empty CDATA batch if TNC client has no data to sendAndreas Steffen2012-12-231-16/+28
|
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-207-7/+7
|
* Raise an alert if IKE SA is keptAdrian-Ken Rueegsegger2012-12-202-0/+3
| | | | | This alert is raised when the establishment of a child SA fails but the IKE SA is kept.
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-1914-90/+311
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Add missing error_notify_msg.h to distribution tarballMartin Willi2012-12-191-1/+2
|
* Add an error-notify sample application to listen to error notificationsMartin Willi2012-12-193-0/+66
|
* Add an error-notify plugin to send catched alerts to listening applicationsMartin Willi2012-12-199-0/+743
|
* Raise an alert if half-open timeout limit reachedMartin Willi2012-12-192-0/+3
|
* Raise an alert if an authorize() hook failsMartin Willi2012-12-192-0/+6
|
* Raise an alert if allocating virtual IPs failsMartin Willi2012-12-192-0/+4
|
* Raise an alert if kernel policy installation failsMartin Willi2012-12-192-0/+4
|
* Raise an alert if kernel SA installation failsMartin Willi2012-12-192-0/+4
|
* Raise an alert on traffic selector mismatchMartin Willi2012-12-192-0/+5
|
* Raise alerts when enforcing IKE_SA unique policyMartin Willi2012-12-194-0/+7
|
* Raise an alert if CHILD_SA proposals mismatchMartin Willi2012-12-192-0/+4
|
* Raise an alert if IKE proposals mismatchMartin Willi2012-12-192-0/+7
|
* Raise an alert of generating local authentication data failsMartin Willi2012-12-192-6/+12
|
* Fix deadlock in IMC/IMV managersTobias Brunner2012-12-182-8/+36
| | | | | | | | | Since reserve_id() might be called from e.g. notify_connection_change() using a write lock will not work as this can't be acquired while holding the read lock. Also, with the previous code it was possible that two IMCs/IMVs added by two threads at the same time would get the same ID assigned.
* Properly select IMC/IMV according to given primary ID in reserve_id()Tobias Brunner2012-12-182-2/+2
|
* If load-tester requests a virtual IP, use a dynamic local traffic selectorMartin Willi2012-12-171-2/+8
|
* Fix traffic selectors also as initiator in case of transport mode over NATTobias Brunner2012-12-131-1/+1
|
* Fix debug output if responder selected invalid traffic selectors during QMTobias Brunner2012-12-131-2/+2
|
* Migrate RADIUS accounting state while IKE_SA unique id changes during rekeyMartin Willi2012-12-111-0/+23
|
* Migrate cache and fire lookip events for unique_id change during IKE_SA rekeyMartin Willi2012-12-101-0/+13
|
* Inherit virtual IP and attributes from old to new, not from new to oldMartin Willi2012-12-101-5/+5
|
* optionally skip dlclose() of IMCs/IMVs in order to track memory leaksAndreas Steffen2012-12-092-2/+6
|
* Properly trigger ike_updown() event if IKEv1 DPD times outMartin Willi2012-12-041-0/+1
| | | | Fixes missing RADIUS Accounting Stop, #257.
* Fix GPL license header to properly "sed" itMartin Willi2012-11-301-1/+1
|
* Add locking to IMC/IMV managers to add/remove IMC/IMVs on the flyMartin Willi2012-11-302-7/+67
|
* Add wrappers to IMC/IMV managers loading IMC/IMVs from function pointersMartin Willi2012-11-302-1/+64
|
* If adding an IMC/IMV fails, terminate() it only if it has been initialize()dMartin Willi2012-11-302-25/+17
|
* Add an IMV constructor taking a set of custom TNC_IMV functionsMartin Willi2012-11-303-5/+78
|
* Add an IMC constructor taking a set of custom TNC_IMC functionsMartin Willi2012-11-302-3/+60
|
* Clean up memory management when loading IMC/IMVs from filesMartin Willi2012-11-304-52/+34
|
* Fix passing of IKE_SA unique_id over lookip socketMartin Willi2012-11-301-0/+1
|
* Store load-tester address leases in a hashtable for fast removalMartin Willi2012-11-291-24/+81
|
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-293-4/+5
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-293-36/+38
| | | | required
* load-tester can dynamically install a dedicated external IP for each IKE_SAMartin Willi2012-11-295-15/+220
| | | | | | | For consistency, the local/remote parameters have been replaced by the initiator/responder options. As initiator, the initiator option can be overriden by an addrs section taking key/value pairs with address pools to use on a specific interface.
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-292-6/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 19:34:37 +0000