aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* ike: Resolve hosts only for address families currently supportedTobias Brunner2013-07-051-3/+16
|
* net: Socket implementations report the address families they supportTobias Brunner2013-07-055-11/+91
|
* eap-radius: fix add_attribute/framed_ip method signaturesMartin Willi2013-07-011-2/+2
|
* Reuse reqid when restarting CHILD_SAs for dpd|closeaction=restartTobias Brunner2013-07-012-3/+4
|
* Reuse reqid for trap policies installed for dpd|closeaction=holdTobias Brunner2013-07-017-8/+11
|
* dhcp: Use chunk_hash_static() to calculate ID-based MAC addressesTobias Brunner2013-06-281-1/+1
|
* stroke: Changed how proto/port are specified in left|rightsubnetTobias Brunner2013-06-281-1/+8
| | | | Using a colon as separator conflicts with IPv6 addresses.
* plugin-loader: Removed unused path argument of load() methodTobias Brunner2013-06-281-1/+1
| | | | | Multiple additional search paths can be added with the add_path() method.
* tnc-pdp: Initialize TNC-PDP in plugin callback with proper dependenciesTobias Brunner2013-06-271-6/+25
|
* capabilities: CAP_CHOWN might be required by many plugins opening UNIX socketsTobias Brunner2013-06-258-0/+48
| | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
* farp: Require CAP_NET_RAW capability to open AF_PACKET socketTobias Brunner2013-06-251-0/+6
|
* dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind socketsTobias Brunner2013-06-251-0/+11
|
* socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-251-0/+12
| | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
* capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-252-10/+7
| | | | The daemon as such does not require this capability.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-2512-28/+20
|
* capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-252-5/+13
|
* ikev2: keep the CHILD_SA we delete as initiator in the list to destroyMartin Willi2013-06-251-6/+5
| | | | | If the responder not correctly send the correct protocol or SPI in the delete response, we should remove the CHILD_SA regardless.
* unit-tester: RSA test was removedTobias Brunner2013-06-241-1/+0
|
* Aligned AR Identity types to IF-IMV 1.4 R5 draftAndreas Steffen2013-06-242-3/+3
|
* Added soft dependency on database pluginAndreas Steffen2013-06-211-0/+1
|
* add overall recommendation to session database entryAndreas Steffen2013-06-211-0/+8
|
* used tnc_policy_update functions for default policyAndreas Steffen2013-06-211-47/+5
|
* osx-attr: add plugin installing config attributes using SystemConfigurationMartin Willi2013-06-216-0/+464
| | | | | Currently installs DNS servers only, by prepending IP addresses to the DNS configuration of the primary networking service.
* kernel-libipsec: Ignore failures when installing routes for multicast or ↵Tobias Brunner2013-06-211-1/+23
| | | | broadcast policies
* ike: Force NAT-T/UDP encapsulation if kernel interface requires itTobias Brunner2013-06-212-5/+32
|
* kernel-libipsec: Add a feature to request UDP encapsulation of ESP packetsTobias Brunner2013-06-211-0/+7
|
* kernel-libipsec: Install a gateway for routes on platforms other than LinuxTobias Brunner2013-06-211-9/+26
| | | | This seems required e.g. on FreeBSD but doesn't work on Linux.
* kernel-libipsec: Router reads packets from multiple TUN devicesTobias Brunner2013-06-214-16/+268
| | | | These devices are collected via kernel_listener_t interface.
* kernel-libipsec: Use separate class to route packets between charon, ↵Tobias Brunner2013-06-214-74/+188
| | | | libipsec and TUN device
* kernel-libipsec: Track policies and automatically install routesTobias Brunner2013-06-211-5/+455
| | | | | | | | The routes direct traffic matching the remote traffic selector to the TUN device. If the remote traffic selector includes the IKE peer a very specific route is installed to allow IKE traffic.
* kernel-libipsec: Handle packets between charon socket, libipsec and TUN deviceTobias Brunner2013-06-211-0/+85
|
* kernel-libipsec: Create a TUN device and use it to install virtual IPsTobias Brunner2013-06-212-0/+40
|
* kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsecTobias Brunner2013-06-216-0/+392
|
* plugin-loader: Add method to print loaded plugins on a given log levelTobias Brunner2013-06-211-2/+0
|
* Fix crash if the initiator has no suitable proposal availableTobias Brunner2013-06-211-0/+5
| | | | Could be triggered with a typo in the ike or esp options when ! is used.
* unit-tester: remove obsolete rsa_gen test, now covered in unit-testsMartin Willi2013-06-213-122/+0
|
* ikev2: use protocol of selected proposal to delete a failed CHILD_SAMartin Willi2013-06-201-2/+2
| | | | Depending on the failure, the protocol might not yet be set on the CHILD_SA.
* stroke: support %dynamic in left/rightsubnet for dynamic selectorsMartin Willi2013-06-191-2/+10
| | | | | | | This has the same meaning as omitting left/rightsubnet, i.e. replace it by the IKE address. Supporting %dynamic allows configurations with multiple dynamic selectors in a left/rightsubnet, each with potentially different proto/port selectors.
* stroke: support a specific proto/port for each net defined in left/rightsubnetMartin Willi2013-06-191-3/+105
|
* ikev2: properly fall back to tunnel mode if transport/BEET mode not configuredMartin Willi2013-06-191-2/+8
|
* ikev2: support transport mode over NATMartin Willi2013-06-191-36/+150
|
* ike: reuse the reqid of an installed trap having the same configMartin Willi2013-06-191-1/+5
| | | | | | | When we have a trap installed, but a CHILD_SA gets established for the same config from the peer, we should reuse the same reqid. Otherwise we would have two identical policies using different reqids, what we can't handle in our kernel backend.
* trap-manager: add a method to find reqid for installed traps by configMartin Willi2013-06-192-2/+38
|
* trap-manager: don't check-in nonexisting IKE_SA if acquire failsMartin Willi2013-06-191-2/+1
|
* trap-manager: fix a memleak when installing a trap to %anyMartin Willi2013-06-191-0/+1
|
* stroke: add exportconn{cert,chain} commands in addition to exportx509Martin Willi2013-06-191-6/+65
| | | | | The new commands either export a single end entity certificate or the full trust chain for a specific connection name.
* Raise an alert if the responding peer narrowed traffic selectorsMartin Willi2013-06-192-7/+28
|
* dhcp: search for transactions only for connections having a poolname "dhcp"Martin Willi2013-06-181-1/+6
| | | | | | When a connection has a single pool that queries recursively the DHCP backend, we shouldn't return any attributes directly from DHCP when queried for that pool.
* socket-default: Make sure sockets are open when checking with FD_ISSETTobias Brunner2013-06-141-4/+4
|
* socket-default: Properly initialize NAT-T port if opening regular socket failedTobias Brunner2013-06-141-1/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 20:02:36 +0000