aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-wfp: Open and close a WFP engineMartin Willi2014-06-041-1/+33
|
* kernel-wfp: Create userland state for SAs/policies to install in kernelMartin Willi2014-06-041-5/+364
|
* kernel-wfp: Add a stub for a Windows Filtering Platform based IPsec backendMartin Willi2014-06-046-0/+361
|
* socket-win: Implement a Windows socket plugin using Winsock2Martin Willi2014-06-046-0/+697
|
* vici: Add Windows supportMartin Willi2014-06-047-13/+54
|
* file-logger: Emulate setlinebuf() if not supported by using fflush()Martin Willi2014-06-041-0/+12
|
* bus: Build syslog logger depending on syslog() availabilityMartin Willi2014-06-041-3/+4
|
* libcharon: Link against Winsock2 on WindowsMartin Willi2014-06-041-0/+1
|
* filelog: Ignore flush_line option if setlinebuf() not supportedMartin Willi2014-06-041-0/+2
|
* controller: Remove unused <dlfcn.h> includeMartin Willi2014-06-041-1/+0
|
* charon: Don't use syslog() if not supportedMartin Willi2014-06-042-6/+29
|
* encoding: Don't explicitly include <arpa/inet.h>Martin Willi2014-06-042-2/+0
|
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-0490-873/+873
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-0456-56/+56
|
* Detect RADIUS packet retransmissionsAndreas Steffen2014-05-311-2/+89
|
* peer-cfg: Add missing UNIQUE_NEVER to unique_policy_namesMartin Willi2014-05-191-1/+2
|
* proposal: Don't return a default IKE proposal without encryption/AEAD algsMartin Willi2014-05-161-3/+23
|
* ike: Add an additional but separate AEAD proposal to CHILD configMartin Willi2014-05-166-2/+16
| | | | | | | This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless.
* ike: Add an additional but separate AEAD proposal to IKE config, if supportedMartin Willi2014-05-167-10/+32
|
* child-cfg: Allow passing NULL as proposal to add_proposal()Martin Willi2014-05-162-4/+7
| | | | Making the API consistent to the one of ike_cfg.
* ike-cfg: Allow passing NULL to add_proposal()Martin Willi2014-05-162-3/+7
| | | | | This simplifies adding default proposals with constructors potentially returning NULL.
* proposal: Use an additional "default" constructor specific to AEAD algorithmsMartin Willi2014-05-162-0/+31
| | | | | This allows a caller to create a separated proposal for supported AEAD algorithms, as required by RFC 5996.
* proposal: Don't include AEAD algorithms in the default proposalMartin Willi2014-05-161-61/+66
| | | | | | According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms. This was not clear in RFC 5282, hence we previously included both AEAD and non-AEAD algorithms in a single proposal.
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-165-11/+12
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* xauth-pam: Fix header include guardMartin Willi2014-05-161-1/+1
|
* eap-peap: Remove dead SoH code from PEAPMartin Willi2014-05-161-15/+0
| | | | clang complains about the unused variables.
* vici: Support the close_action keyword, as we have it documentedMartin Willi2014-05-141-1/+6
|
* ikev1: Fix debugging log when remote traffic selector selection failsMartin Willi2014-05-141-1/+1
|
* Implemented PT-EAP protocol (RFC 7171)Andreas Steffen2014-05-124-29/+91
|
* child-sa: Reclaim old state if SA updating is not supportedMartin Willi2014-05-091-0/+2
| | | | | If the state stays at UPDATING, the fallback using IKEv1 rekeying fails as the task manager refuses to rekey a CHILD_SA in non-INSTALLED state.
* libcharon: Execute scripts defined in strongswan.conf during startup/shutdownMartin Willi2014-05-071-0/+52
|
* vici: Check if header has been received before processing an empty messageMartin Willi2014-05-071-1/+2
| | | | | | If do_read() returns with EWOULDBLOCK, we must ensure that we actually have processed the full length header before checking the zero-initialized buffer length.
* vici: Properly filter by CHILD_SA name while undoing start actionsMartin Willi2014-05-071-2/+5
|
* vici: Fallback to socket listening port if no explicit local port specifiedMartin Willi2014-05-071-1/+4
|
* vici: Support a "mtu" value for the tfc_padding optionMartin Willi2014-05-071-2/+16
|
* vici: Handle the "trap" action as an alias for "route"Martin Willi2014-05-071-0/+1
|
* vici: Document errno values to expect from libvici APIMartin Willi2014-05-072-9/+24
|
* vici: Log owners of a just loaded shared-secretMartin Willi2014-05-071-2/+18
|
* vici: Handle "xauth" as an alias for "eap" secretsMartin Willi2014-05-071-1/+1
|
* vici: Return number of matching and closed SAs in terminate commandMartin Willi2014-05-071-9/+12
|
* vici: Complete libvici doxygen commentsMartin Willi2014-05-071-2/+17
|
* vici: Ensure we have no active users before mangling event client registrationsMartin Willi2014-05-071-13/+35
|
* vici: Properly skip raise_event() for unknown event namesMartin Willi2014-05-071-13/+13
|
* vici: Increase vici message length header from 16 to 32 bitsMartin Willi2014-05-075-24/+43
| | | | | | | | | While we currently have no need for messages larger than 65KB, we should design the protocol to be future-proof, as we plan to keep at least to lowest protocol layer stable. To avoid any allocation issues, we currently keep the message size limit at 512KB.
* vici: Have an explicit "relaxed" keyword for the default revocation policyMartin Willi2014-05-071-1/+5
|
* vici: Use a default child rekey time of 1 hourMartin Willi2014-05-071-0/+6
|
* vici: Use a default IKE rekey time of 4 hoursMartin Willi2014-05-071-0/+6
|
* vici: Add low-level IPC protocol descriptionMartin Willi2014-05-072-0/+179
|
* vici: Fix descending into non-matching sections during key findMartin Willi2014-05-071-1/+1
|
* vici: Add an IKE virtual IP and attribute backendMartin Willi2014-05-074-0/+781
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 13:45:35 +0000