aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* child-sa: replace get_traffic_selectors() with create_ts_enumerator()Martin Willi2013-07-1712-78/+124
| | | | | Not directly returning a linked list allows us to change the internals of the CHILD_SA transparently.
* ikev2: replace linked lists by arrays in task managerMartin Willi2013-07-171-70/+76
| | | | Eliminates another three lists, 0.5KB per IKE_SA.
* proposal: use array to store proposal listMartin Willi2013-07-171-25/+18
| | | | Removes another two linked lists (0.5KB) of memory per IKE/CHILD_SA pair.
* proposal: use a single list to store all transformsMartin Willi2013-07-171-308/+174
| | | | | Beside that it makes the code actually simpler, it reduces the number of lists stored by each IKE_SA and each CHILD_SA by 4, which can be up to 1KB per SA.
* ike-sa: use arrays instead of linked lists in long lived collectionsMartin Willi2013-07-171-116/+98
| | | | This saves about 1.5KB of memory per IKE_SA.
* kernel-libipsec: Log error if no local address is found when installing routesTobias Brunner2013-07-151-0/+5
|
* stroke: Add certificates extracted from PKCS#12 files to correct credential setTobias Brunner2013-07-151-4/+4
| | | | | Only keys and shared secrets are moved from the temporary credential set after loading all secrets.
* Use strpfx() helper where appropriateTobias Brunner2013-07-084-20/+19
|
* android: Added support to build tnc-imc pluginTobias Brunner2013-07-081-3/+9
|
* android: Added support to build eap-tnc, tnc-tnccs and tnccs-20 pluginsTobias Brunner2013-07-081-2/+25
|
* socket-default: Add options to disable address familiesTobias Brunner2013-07-051-0/+25
|
* ike: Resolve hosts only for address families currently supportedTobias Brunner2013-07-051-3/+16
|
* net: Socket implementations report the address families they supportTobias Brunner2013-07-055-11/+91
|
* eap-radius: fix add_attribute/framed_ip method signaturesMartin Willi2013-07-011-2/+2
|
* Reuse reqid when restarting CHILD_SAs for dpd|closeaction=restartTobias Brunner2013-07-012-3/+4
|
* Reuse reqid for trap policies installed for dpd|closeaction=holdTobias Brunner2013-07-017-8/+11
|
* dhcp: Use chunk_hash_static() to calculate ID-based MAC addressesTobias Brunner2013-06-281-1/+1
|
* stroke: Changed how proto/port are specified in left|rightsubnetTobias Brunner2013-06-281-1/+8
| | | | Using a colon as separator conflicts with IPv6 addresses.
* plugin-loader: Removed unused path argument of load() methodTobias Brunner2013-06-281-1/+1
| | | | | Multiple additional search paths can be added with the add_path() method.
* tnc-pdp: Initialize TNC-PDP in plugin callback with proper dependenciesTobias Brunner2013-06-271-6/+25
|
* capabilities: CAP_CHOWN might be required by many plugins opening UNIX socketsTobias Brunner2013-06-258-0/+48
| | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
* farp: Require CAP_NET_RAW capability to open AF_PACKET socketTobias Brunner2013-06-251-0/+6
|
* dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind socketsTobias Brunner2013-06-251-0/+11
|
* socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-251-0/+12
| | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
* capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-252-10/+7
| | | | The daemon as such does not require this capability.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-2512-28/+20
|
* capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-252-5/+13
|
* ikev2: keep the CHILD_SA we delete as initiator in the list to destroyMartin Willi2013-06-251-6/+5
| | | | | If the responder not correctly send the correct protocol or SPI in the delete response, we should remove the CHILD_SA regardless.
* unit-tester: RSA test was removedTobias Brunner2013-06-241-1/+0
|
* Aligned AR Identity types to IF-IMV 1.4 R5 draftAndreas Steffen2013-06-242-3/+3
|
* Added soft dependency on database pluginAndreas Steffen2013-06-211-0/+1
|
* add overall recommendation to session database entryAndreas Steffen2013-06-211-0/+8
|
* used tnc_policy_update functions for default policyAndreas Steffen2013-06-211-47/+5
|
* osx-attr: add plugin installing config attributes using SystemConfigurationMartin Willi2013-06-216-0/+464
| | | | | Currently installs DNS servers only, by prepending IP addresses to the DNS configuration of the primary networking service.
* kernel-libipsec: Ignore failures when installing routes for multicast or ↵Tobias Brunner2013-06-211-1/+23
| | | | broadcast policies
* ike: Force NAT-T/UDP encapsulation if kernel interface requires itTobias Brunner2013-06-212-5/+32
|
* kernel-libipsec: Add a feature to request UDP encapsulation of ESP packetsTobias Brunner2013-06-211-0/+7
|
* kernel-libipsec: Install a gateway for routes on platforms other than LinuxTobias Brunner2013-06-211-9/+26
| | | | This seems required e.g. on FreeBSD but doesn't work on Linux.
* kernel-libipsec: Router reads packets from multiple TUN devicesTobias Brunner2013-06-214-16/+268
| | | | These devices are collected via kernel_listener_t interface.
* kernel-libipsec: Use separate class to route packets between charon, ↵Tobias Brunner2013-06-214-74/+188
| | | | libipsec and TUN device
* kernel-libipsec: Track policies and automatically install routesTobias Brunner2013-06-211-5/+455
| | | | | | | | The routes direct traffic matching the remote traffic selector to the TUN device. If the remote traffic selector includes the IKE peer a very specific route is installed to allow IKE traffic.
* kernel-libipsec: Handle packets between charon socket, libipsec and TUN deviceTobias Brunner2013-06-211-0/+85
|
* kernel-libipsec: Create a TUN device and use it to install virtual IPsTobias Brunner2013-06-212-0/+40
|
* kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsecTobias Brunner2013-06-216-0/+392
|
* plugin-loader: Add method to print loaded plugins on a given log levelTobias Brunner2013-06-211-2/+0
|
* Fix crash if the initiator has no suitable proposal availableTobias Brunner2013-06-211-0/+5
| | | | Could be triggered with a typo in the ike or esp options when ! is used.
* unit-tester: remove obsolete rsa_gen test, now covered in unit-testsMartin Willi2013-06-213-122/+0
|
* ikev2: use protocol of selected proposal to delete a failed CHILD_SAMartin Willi2013-06-201-2/+2
| | | | Depending on the failure, the protocol might not yet be set on the CHILD_SA.
* stroke: support %dynamic in left/rightsubnet for dynamic selectorsMartin Willi2013-06-191-2/+10
| | | | | | | This has the same meaning as omitting left/rightsubnet, i.e. replace it by the IKE address. Supporting %dynamic allows configurations with multiple dynamic selectors in a left/rightsubnet, each with potentially different proto/port selectors.
* stroke: support a specific proto/port for each net defined in left/rightsubnetMartin Willi2013-06-191-3/+105
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 12:06:48 +0000