aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* Mark CHILD_SAs used for trap policies to uninstall them properly.Tobias Brunner2012-06-041-6/+13
| | | | | | | If the installation failed the state is not CHILD_ROUTED which means the wrong priority is used to uninstall the policies. This is a problem for kernel interfaces that keep track of installed policies as now the proper policy is not found (if the priority is considered).
* Avoid queueing more than one retry initiate job.Tobias Brunner2012-05-303-4/+35
|
* Retry IKE_SA initiation if DNS resolution failed.Tobias Brunner2012-05-301-4/+39
| | | | | This is disabled by default and can be enabled with the charon.retry_initiate_interval option in strongswan.conf.
* Job added to re-initiate an IKE_SA.Tobias Brunner2012-05-303-0/+144
|
* Fix MOBIKE address update if responder address changed.Tobias Brunner2012-05-251-2/+2
| | | | | Use the source address of the current MOBIKE message as peer address instead of assuming the address cached on the IKE_SA is still valid.
* Resolve hosts before reauthenticating due to address change.Tobias Brunner2012-05-251-0/+2
|
* Don't queue delete_ike_sa job when setting IKE_DELETING.Tobias Brunner2012-05-252-9/+1
| | | | | This avoids deleting IKE_SAs during reauthentication (without trying to reestablish them).
* During reauthentication reestablish IKE_SA even if deleting the old one fails.Tobias Brunner2012-05-251-0/+6
|
* Integrated main parts of IKE_REAUTH task into ike_sa_t.reestablish.Tobias Brunner2012-05-252-115/+77
|
* Fixed route lookup in case MOBIKE is not enabled.Tobias Brunner2012-05-251-3/+9
|
* Added encapsulation mode transform attribute to IPComp proposal.Tobias Brunner2012-05-253-5/+10
|
* Add an additional proposal without IPComp to SA payload.Tobias Brunner2012-05-241-17/+15
|
* Added log message if peer does not accept/provide IPComp proposal.Tobias Brunner2012-05-241-2/+12
|
* Added support to negotiate IPComp during Quick Mode.Tobias Brunner2012-05-241-11/+91
|
* Added support for IKEv1 IPComp proposals in SA payload.Tobias Brunner2012-05-245-14/+98
|
* Added support for IKEv1 IPComp proposals in proposal substructure.Tobias Brunner2012-05-244-10/+129
|
* Fix memleak during Quick Mode in case no SPI can be allocated from kernel.Tobias Brunner2012-05-241-8/+8
|
* Properly filter IKEv1 proposals consisting of multiple proposal payloads.Tobias Brunner2012-05-241-9/+15
| | | | | | | Since a proposal_t object is created for each transform contained in the proposal payload, it does not work to simply remove the last proposal_t object added to the list (there may be several other extracted from the previous proposal payload).
* Apply IDir before deriving keys as aggressive initiatorMartin Willi2012-05-231-4/+4
|
* Use received identity to look up PSK as aggressive responderMartin Willi2012-05-231-2/+9
|
* Check if we actually have an initiating packet to free while processing ↵Martin Willi2012-05-231-1/+1
| | | | responses
* list IKEv1 Aggressive Mode in ipsec statusallAndreas Steffen2012-05-231-2/+9
|
* Switch to alternative peer config in IKEv1 Main and Aggressive Mode.Tobias Brunner2012-05-214-24/+85
|
* Cancel pending retransmits when flushing active task queueMartin Willi2012-05-211-0/+4
|
* Cancel active quick mode task when receiving INFORMATIONAL errorMartin Willi2012-05-211-0/+30
|
* Flush task queues explicitly, not implicitly if task returns ALREADY_DONEMartin Willi2012-05-216-12/+20
|
* Wrap task managers flush_queue() in IKE_SAMartin Willi2012-05-212-0/+14
|
* Make task managers flush_queue() method publicMartin Willi2012-05-213-20/+62
|
* Fix IKEv1 DPD clear, destroying IKE_SA even if reestablish not neededMartin Willi2012-05-211-9/+3
|
* Remove executable flag from source files.Tobias Brunner2012-05-1813-0/+0
|
* Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, ↵Tobias Brunner2012-05-1845-49/+64
| | | | tasks etc.).
* Removed superfluous @param in bus.h.Tobias Brunner2012-05-181-1/+0
|
* whitelist: Make sure listed IDs are null-terminated.Tobias Brunner2012-05-181-0/+1
|
* List registered nonce generators in statusall output.Tobias Brunner2012-05-181-2/+18
|
* Use nonce_gen instead of rng to generate noncesAdrian-Ken Rueegsegger2012-05-184-34/+34
| | | | | Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
* Add create_nonce_gen function to keymat interfaceAdrian-Ken Rueegsegger2012-05-183-0/+24
| | | | This function returns a nonce generator object.
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-1714-22/+70
|
* Moved IKEv1 DPD processing to task manager, fix sequence issuesMartin Willi2012-05-153-73/+72
|
* Consider inbound ESP as a sign of liveness for DPD timeoutMartin Willi2012-05-151-2/+15
|
* Schedule a DPD timeout job that enforces the IKE message timeout policyMartin Willi2012-05-154-0/+177
|
* Send unanswered follow up R_U_THERE messages with the same DPD seqMartin Willi2012-05-151-1/+7
|
* Do not send IKEv1 DPD retransmit, but create a new INFORMATIONALMartin Willi2012-05-151-11/+0
|
* Free name of application using libcharon.Tobias Brunner2012-05-151-0/+1
|
* Register load-tester faked kernel interface before other kernel interfacesMartin Willi2012-05-141-8/+9
|
* Load tester can enforce a local IP to useMartin Willi2012-05-141-2/+9
|
* Add plugin features support to load-tester pluginMartin Willi2012-05-141-48/+76
|
* Fixed #include in tnc-ifmap plugin.Tobias Brunner2012-05-071-0/+1
|
* allow private algorithmsAndreas Steffen2012-05-052-4/+16
|
* fixed mapping of IKEv1 algorithmsAndreas Steffen2012-05-051-29/+184
|
* vendor ID cosmeticsAndreas Steffen2012-05-052-4/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-23 11:50:25 +0000