aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* sockets: Initialize the whole ancillary data buffer not only the actual structTobias Brunner2013-09-102-4/+4
| | | | | | This avoids uninitialized bytes that Valgrind seems to notice otherwise. Fixes #395.
* ikev1: For PFS prefer DH group from IKE_SA over first configuredThomas Egerer2013-09-101-18/+54
| | | | | | | | | | If PFS is configured for a CHILD_SA first try to create a list of proposals with using DH group negotiated during phase 1. If the resulting list is empty (i.e. the DH group(s) configured for PFS differ from the one(s) configured for the IKE_SA), fall back to the first configured DH group from the CHILD_SA. This modificiation is due to the fact that it is likely that the peer supports the same DH group for PFS it did already for the IKE_SA.
* Fixed double free causing swapped ends to crash5.1.1dr3Andreas Steffen2013-09-071-1/+0
|
* load-tester: support extended traffic selector syntax, as in leftsubnetMartin Willi2013-09-041-13/+168
| | | | | In addition the initiator may use %unique as port, using a distinct port for each connection, starting from 1025.
* load-tester: add an option to test transport/beet connectionsMartin Willi2013-09-041-1/+21
|
* ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-0411-100/+296
| | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
* ike-cfg: remove the to be obsoleted allow any parameter in get_my/other_addrMartin Willi2013-09-047-33/+18
|
* backends: use ike_cfg host matching functionsMartin Willi2013-09-041-38/+7
|
* ike-cfg: add methods to match a host against configured local/remote addressesMartin Willi2013-09-042-0/+62
|
* trap-manager: use ike_cfg resolver functionsMartin Willi2013-09-041-4/+2
|
* ike-sa: use ike_cfg resolver functionsMartin Willi2013-09-041-16/+12
|
* ike-cfg: add a method to resolve local/remote hosts with portMartin Willi2013-09-042-0/+30
|
* stroke: ignore a leftsourceip if a rightsourceip is given as wellMartin Willi2013-09-041-1/+7
| | | | | | As we always negotiate virtual IPs in charon, having both left- and rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single configuration payload exchange only.
* ikev1: implement mode config push modeMartin Willi2013-09-045-76/+363
|
* stroke: re-enable modeconfig keywordMartin Willi2013-09-041-1/+1
|
* peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-0410-14/+37
|
* xauth-generic: honor requested XAuth credential types as a clientMartin Willi2013-09-031-16/+51
| | | | Support requesting of XAuth PINs and print XAuth messages.
* message: print type of configuration payloadMartin Willi2013-09-031-1/+21
|
* message: print attributes for IKEv1 configuration payloads as wellMartin Willi2013-09-031-1/+2
|
* eap-radius: support XAuth configuration profiles, defining multiple XAuth roundsMartin Willi2013-09-031-22/+157
|
* xauth: add a configuration string option to be passed to XAuth instancesMartin Willi2013-09-0315-17/+52
| | | | | | The configuration string is appended to the XAuth backend name, separated by a colon. The configuration string is passed untouched to the backend, where it can change the behavior of the XAuth module.
* Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp pluginAndreas Steffen2013-08-261-76/+95
|
* stroke: stop enumerating IKE_SAs in statusall if output stream gets closedMartin Willi2013-08-231-1/+1
| | | | | | | If the output stream is not interested in more information, it can close the the stream. Checking for stream errors avoids useless enumeration of IKE_SAs, saving resources. This allows to use "ipsec statusall | head" to monitor the daemon, or stop enumerating IKE_SAs after a specific entry has been found.
* Process PB-TNC batches received via PT-TLS asynchronouslyAndreas Steffen2013-08-191-4/+1
|
* Show host address of peer connecting to PT-TLS socketAndreas Steffen2013-08-151-1/+7
|
* enabled SASL PLAIN authenticationAndreas Steffen2013-08-151-2/+2
|
* PT-TLS connection is properly terminatedAndreas Steffen2013-08-151-3/+2
|
* moved tnc_imv plugin to libtnccs thanks to recommendation callback functionAndreas Steffen2013-08-1513-1894/+79
|
* Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon ↵Andreas Steffen2013-08-1567-10664/+0
| | | | plugins to libtnccs
* rapid PT-TLS AR/PDP prototypeAndreas Steffen2013-08-155-60/+254
|
* Add PT-TLS interface to strongSwan PDPAndreas Steffen2013-08-154-39/+68
|
* ikev1: Fix calculation of the number of fragmentsTobias Brunner2013-08-151-1/+1
| | | | The old code resulted in too few fragments in some cases.
* ikev1: When sending fragments, use ports to decide if a non-ESP marker is addedTobias Brunner2013-08-151-6/+8
| | | | | This is same same logic used by sender and might apply in some cases (e.g. when initiating to port 4500).
* ikev2: Fix segfault when reestablishing CHILD_SAs due to ↵Tobias Brunner2013-08-131-3/+4
| | | | | | closeaction=restart|hold This regression was introduced with c949a4d5.
* updown: remove description of unsupported PLUTO_ variablesMartin Willi2013-08-081-1/+0
| | | | These have been set by pluto, but are not by charons updown plugin.
* tnc-pdp: Initialize struct msghdr properly when reading RADIUS messages5.1.0Tobias Brunner2013-07-311-10/+10
| | | | | Before this e.g. msg_controllen was not initialized properly which could cause invalid reads.
* whitelist: Fix compilation on FreeBSDTobias Brunner2013-07-311-0/+2
|
* Callback job is not needed any moreAndreas Steffen2013-07-311-4/+0
|
* receiver: Avoid cloning packet data when verifying COOKIE payloadsTobias Brunner2013-07-291-5/+1
| | | | | | | Besides being more efficient this removes a memory leak that occurred when a COOKIE payload was successfully verified. Fixes #369.
* unity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributesTobias Brunner2013-07-291-50/+97
| | | | | | | Cisco devices seem to add 6 bytes of padding between each address/mask pair. Fixes #366.
* tnc-pdp now uses watcher_tAndreas Steffen2013-07-291-92/+63
|
* ikev2: Only schedule half-open-timeout delete job after successfully ↵Tobias Brunner2013-07-291-8/+16
| | | | | | | handling IKE_SA_INIT We want to avoid this allocation if the initial message is invalid (e.g. if the message ID is != 0).
* eap-radius: do RADIUS/IKE attribute forwarding in XAuth backendMartin Willi2013-07-292-1/+5
|
* eap-radius: support plain XAuth RADIUS authentication using User-PasswordMartin Willi2013-07-294-0/+253
|
* eap-radius: export function to build common attributes of Access-RequestMartin Willi2013-07-292-24/+39
|
* eap-radius: export function to process common attributes of Access-AcceptMartin Willi2013-07-292-31/+36
|
* ikev1: Always send ID payloads (traffic selectors) during Quick ModeTobias Brunner2013-07-251-26/+4
| | | | | | | Especially Windows 7 has problems if the peer does not send ID payloads for host-to-host connections (tunnel and transport mode). Fixes #319.
* socket-dynamic: Properly initialize IPv6 addressTobias Brunner2013-07-241-1/+1
|
* tnc-ifmap: Use proper cast for length when using %.*sTobias Brunner2013-07-241-5/+6
|
* coupling: Fix call to call_hook()Tobias Brunner2013-07-221-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 08:35:21 +0000