aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* Log to a malloc()ed buffer if the on-stack buffer is not large enoughMartin Willi2012-07-131-3/+23
|
* Pass opaque data to printf hooks and print_in_hook()Martin Willi2012-07-132-15/+15
|
* Simplify NAT-D payload creation if UDP encapsulation is forcedTobias Brunner2012-07-131-2/+2
| | | | | We don't need any address lookups in that case as the content of the payload is generated randomly anyway.
* updated Copyright infoAndreas Steffen2012-07-136-6/+6
|
* restrict PA-TNC messages to maximum sizeAndreas Steffen2012-07-124-12/+43
|
* Avoid that any % characters (e.g. in %any) are evaluated when logging via strokeTobias Brunner2012-07-121-1/+1
|
* removed unused variablesAndreas Steffen2012-07-111-2/+0
|
* fixed logging of unsupported TNCCS versionAndreas Steffen2012-07-111-1/+1
|
* PB-TNC Client sends empty CLOSE batch only in DECIDED stateAndreas Steffen2012-07-111-10/+23
|
* have_recommendation() accepts NULL argumentsAndreas Steffen2012-07-111-4/+12
|
* send empty SDATA batch if no recommendation is available yet, but in order ↵Andreas Steffen2012-07-114-3/+58
| | | | to avoid loops only if no empty CDATA batch was received
* moved batch size calculation into pb_tnc_batch_tAndreas Steffen2012-07-114-31/+50
|
* make maximum PB-TNC batch size configurableAndreas Steffen2012-07-111-2/+11
|
* limit the size of a PB-TNC batch to the maximum EAP-TNC packet sizeAndreas Steffen2012-07-1110-88/+134
|
* eliminate message length field in EAP-TNCAndreas Steffen2012-07-112-2/+2
|
* due to single fragment, total length does not have to be includedAndreas Steffen2012-07-111-3/+1
|
* EAP-TNC does not support fragmentationAndreas Steffen2012-07-111-12/+14
|
* Send cert request based on peers configured authentication classMartin Willi2012-07-101-3/+30
|
* Don't send CERTREQs when initiating aggressive mode PSKMartin Willi2012-07-091-0/+4
|
* Refactored heavily #ifdefd capability code to its own libstrongswan classMartin Willi2012-07-0410-123/+19
|
* Use spin locks to update IKE_SAs in controller_tTobias Brunner2012-07-041-4/+38
| | | | | | This ensures the listeners don't miss any events after the SAs have been checked out in the asynchronously executed jobs. This is a matter of memory visibility and not primary a matter of exclusive access.
* Fixed job handling in controller_tTobias Brunner2012-07-041-110/+128
| | | | Also IKE_SAs are now checked out in the jobs and not before.
* As a responder, don't start a TRANSACTION request if we expect one from the ↵Martin Willi2012-06-292-2/+4
| | | | initiator
* IMCs and IMVs might depend on X.509 certificates or trusted public keysAndreas Steffen2012-06-282-0/+4
|
* Show some uname() info in "ipsec statusall"Martin Willi2012-06-281-3/+10
|
* libcharon also requires kernel interfaces and a socket implementationTobias Brunner2012-06-271-0/+3
|
* Defer quick mode initiation if we expect a mode config requestMartin Willi2012-06-271-1/+20
|
* Queue a mode config task as responder if we need a virtual IPMartin Willi2012-06-272-4/+16
|
* Add basic support for XAuth responder authenticationMartin Willi2012-06-272-8/+10
|
* Map XAuth responder authentication methods between IKEv1 and IKEv2Martin Willi2012-06-271-1/+13
|
* Show remote EAP/XAuth identity in "statusall" on a separate lineMartin Willi2012-06-271-1/+12
|
* Use static plugin features in libcharon to define essential dependenciesTobias Brunner2012-06-271-1/+10
|
* Ignore a received %any virtual IP for installationMartin Willi2012-06-261-1/+2
|
* Also build charon's IKEv1 implementation on AndroidTobias Brunner2012-06-261-0/+23
|
* Missing source file added to libcharon's Android.mkTobias Brunner2012-06-261-0/+1
|
* Make rescheduling a job more predictableTobias Brunner2012-06-252-12/+5
| | | | | | | | | | | | | This avoids race conditions between calls to cancel() and jobs that like to be rescheduled. If jobs were able to reschedule themselves it would theoretically be possible that two worker threads have the same job assigned (the one currently executing the job and the one executing the same but rescheduled job if it already is time to execute it), this means that cancel() could be called twice for that job. Creating a new job based on the current one and reschedule that is also OK, but rescheduling itself is more efficient for jobs that need to be executed often.
* Centralized thread cancellation in processor_tTobias Brunner2012-06-2518-182/+97
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Give processor_t more control over the lifecycle of a jobTobias Brunner2012-06-2520-64/+60
| | | | | | | | | | | Jobs are now destroyed by the processor, but they are allowed to reschedule themselves. That is, parts of the reschedule functionality already provided by callback_job_t is moved to the processor. Not yet fully supported is JOB_REQUEUE_DIRECT and canceling jobs. Note: job_t.destroy() is now called not only for queued jobs but also after execution or cancellation of jobs. job_t.status can be used to decide what to do in said method.
* support Cisco Unity VIDAndreas Steffen2012-06-252-3/+11
|
* Enforce uniqueids=keep based on XAuth identityMartin Willi2012-06-251-0/+6
|
* Don't send XAUTH_OK if a hook prevents SA to establishMartin Willi2012-06-251-4/+14
|
* Enforce uniqueids=keep only for non-XAuth Main/Agressive ModesMartin Willi2012-06-252-28/+28
|
* Show EAP/XAuth identity in "ipsec status", if availableMartin Willi2012-06-251-1/+1
|
* Use XAuth/EAP remote identity for uniqueness checkMartin Willi2012-06-253-4/+6
|
* Add missing XAuth name variable when complaining about missing XAuth backendMartin Willi2012-06-251-1/+1
|
* Fix SIGSEGV if kernel install fails during Quick Mode as responder.Tobias Brunner2012-06-221-4/+8
|
* Fixed compile error because of charon->name in certexpire plugin.Tobias Brunner2012-06-211-0/+1
|
* Select requested virtual IP family based on remote TS, if no local TS availableMartin Willi2012-06-201-1/+12
|
* Adopt children as XAuth initiator (which is IKE responder)Martin Willi2012-06-141-2/+2
|
* Show what kind of *Swan we run in "ipsec status"Martin Willi2012-06-141-3/+16
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 11:10:08 +0000