aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* shunt-manager: Install passthrough policies with highest priorityTobias Brunner2014-06-191-9/+34
| | | | | | This avoids conflicts with regular IPsec policies. Similarly, use the lowest priority for drop policies.
* load-tester: Add a crl option to include a CRL uri in generated certificatesMartin Willi2014-06-191-1/+21
|
* bus: Properly va_copy() argument list before passing it to printf() functionsMartin Willi2014-06-191-1/+3
| | | | | | | | As we later potentially use args again, we can't consume it with printf functions without copying it first. Clone list before passing it to any consuming function. Fixes #621.
* child-sa: Set replay window on both inbound and outbound SAMartin Willi2014-06-181-6/+2
| | | | | | | | While the outbound SA actually does not need a replay window, the kernel rejects zero replay windows on SAs using ESN. The ESN flag is required to use the full sequence number in ICV calculation, hence we set the replay window. This restores the behavior we had before 30c009c2.
* ikev1: Allow late connection switching based on XAuth usernameTobias Brunner2014-06-181-6/+0
|
* vici: Support memory stats without leak-detective on WindowsMartin Willi2014-06-171-0/+53
|
* vici: Add a stats command returning various daemon infos and statisticsMartin Willi2014-06-171-0/+104
|
* vici: Support a replay_window CHILD_SA optionMartin Willi2014-06-171-0/+16
|
* starter: Add a replay_window connection optionMartin Willi2014-06-171-0/+4
|
* kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-174-8/+15
|
* child-cfg: Store connection specific replay window on CHILD_SA configMartin Willi2014-06-172-0/+38
|
* socket-win: Use non-overlapped I/O and socket event selectionMartin Willi2014-06-171-31/+13
| | | | | | | | The use of overlapped I/O was incorrect, as we passed stack based buffers, but did not cancel/wait for pending completion on all sockets. Our receive-from-all socket interface is actually tricky to implement using overlapped I/O. Switch to WSAEventSelect() event management, which can be canceled properly while working in a select()-like way.
* bus: Add a handle_vips() hook invoked after handling configuration attributesMartin Willi2014-06-176-0/+53
| | | | | | | | | Similar to assign_vips() used by a peer assigning virtual IPs to the other peer, the handle_vips() hook gets invoked on a peers after receiving attributes. On release of the same attributes the hook gets invoked again. This is useful to inspect handled attributes, as the ike_updown() hook is invoked after authentication, when attributes have not been handled yet.
* ikev1: Invoke the assign_vips() bus hook for IKEv1 as wellMartin Willi2014-06-162-3/+7
|
* ike: Create an enumerator for (un-)handled configuration attributes on IKE_SAMartin Willi2014-06-162-0/+32
|
* ike: Store unhandled attributes on IKE_SA as wellMartin Willi2014-06-164-12/+12
|
* Split swanctl --raw mode into single-line and --pretty modeAndreas Steffen2014-06-144-31/+70
|
* windows: Use WINAPI call convention for Windows API callbacksMartin Willi2014-06-063-10/+13
| | | | | For x86_64 it does not actually matter, but for i686 builds the call convention is different with WINAPI.
* kernel-wfp: Include Windows header patch for MinGW 4.8.1Martin Willi2014-06-042-0/+29
|
* kernel-wfp: Clone acquire traffic selectors only if they existMartin Willi2014-06-041-1/+3
|
* kernel-wfp: Install routes for trap policiesMartin Willi2014-06-041-3/+21
|
* kernel-wfp: Refactor route management to separate functionMartin Willi2014-06-041-39/+47
|
* kernel-wfp: Install tunnel mode policies to appropriate sub-layersMartin Willi2014-06-042-6/+22
| | | | | While it is unclear if this has any effect at all, we prefer specific sublayers to install policies as suggested.
* kernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW buildsMartin Willi2014-06-041-0/+89
|
* kernel-wfp: Support multiple traffic selectors on tunnel mode SAsMartin Willi2014-06-041-36/+80
|
* child-sa: Pass the number of total policies tied to an SA to the kernelMartin Willi2014-06-041-0/+8
| | | | | This will be useful if the kernel backend has to know how many policies follow an SA install, for example if it must install all policies concurrently.
* kernel-iph: Implicitly enable IP forwarding when installing routesMartin Willi2014-06-041-0/+26
|
* kernel-wfp: Show a warning for packets the kernel drops in its IPsec layersMartin Willi2014-06-041-0/+6
|
* kernel-wfp: Set flag to get UDP encapsulation with tunnel mode workingMartin Willi2014-06-042-0/+22
| | | | | | Having this flag set fixes connections initiated by the Windows host, but unfortunately does not yet fix incoming connections. Connection state issue? We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
* kernel-wfp: Install tunnel and trap forward policiesMartin Willi2014-06-043-136/+275
|
* kernel-wfp: Manually create a ProviderContext to attach individual filtersMartin Willi2014-06-044-79/+73
| | | | | | This gives us more flexibility than using the intransparent FwpmIPsecTunnelAdd, and fixes the issues we have seen with trap policies. Forward filters are still missing, but required for site-to-site tunnels.
* kernel-wfp: Print filter weight in "ipsecdump filters"Martin Willi2014-06-041-0/+4
|
* kernel-wfp: Add support for trap policies and acquiresMartin Willi2014-06-042-1/+304
|
* socket-win: Install IKE bypass policies using bypass_socket()Martin Willi2014-06-042-0/+12
|
* kernel-wfp: Implement bypass_socket() using dedicated filter rulesMartin Willi2014-06-041-2/+117
|
* kernel-wfp: Register for WFP Net eventsMartin Willi2014-06-042-0/+48
|
* kernel-wfp: Add some missing IPv6 GUIDs, fix IPv6 host conversionMartin Willi2014-06-042-2/+29
|
* kernel-wfp: Add an ipsecdump "filters" command to print IPsec related filtersMartin Willi2014-06-041-1/+282
|
* kernel-wfp: Add an ipsecdump utility to show installed SAs/SPs on WindowsMartin Willi2014-06-043-0/+432
|
* kernel-wfp: Depend on used RNG plugin featuresMartin Willi2014-06-041-0/+2
|
* kernel-wfp: Implement update_sa()Martin Willi2014-06-043-1/+114
|
* kernel-wfp: Configure ports for SAs using UDP encapsulationMartin Willi2014-06-041-0/+31
|
* kernel-wfp: Refactor SA context construction, and use IPsecSaContextCreate1()Martin Willi2014-06-041-19/+32
|
* kernel-iph: Fire roam events for detected address changesMartin Willi2014-06-041-0/+60
|
* kernel-wfp: Allocate SPIs pseudo-randomly using a 0xc prefixMartin Willi2014-06-041-2/+59
|
* kernel-wfp: Install appropriate routes for tunnel mode policiesMartin Willi2014-06-041-1/+208
|
* kernel-iph: Implement add/del_route()Martin Willi2014-06-041-6/+80
|
* kernel-iph: Implement get_nexthop()Martin Willi2014-06-041-0/+32
|
* kernel-iph: Implement get_source_addr()Martin Willi2014-06-041-1/+23
|
* kernel-iph: Implement address enumerationMartin Willi2014-06-041-1/+79
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 16:28:24 +0000