aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
* eap-radius: Add an option to exclude ports from Called/Calling-Station-IdMartin Willi2013-04-102-9/+37
|
* emit a single assig_vips bus message for all VIPsAndreas Steffen2013-04-068-62/+57
|
* ifmap plugin subscribes to assing_vip bus signalAndreas Steffen2013-04-067-2/+135
|
* unity: Check IKE_SA in only after enumerating virtual IPsTobias Brunner2013-04-051-2/+1
|
* cleaned up XML code in tnccs-11 pluginAndreas Steffen2013-04-048-80/+82
|
* duplicheck: track multiple IKE_SAs in checking state to avoid any racesMartin Willi2013-04-041-63/+123
| | | | | | When two consequent duplicates have been detected, track state of each checking IKE_SA separately, avoiding potential race conditions between the active SA and the different SAs in checking state.
* fixed memory leakAndreas Steffen2013-04-031-1/+1
|
* properly handle orphaned renewSession jobsAndreas Steffen2013-04-035-24/+102
|
* support chunked HTTP responsesAndreas Steffen2013-04-034-140/+370
|
* implemented periodic IF-MAP RenewSession requestAndreas Steffen2013-04-036-1/+181
|
* Refactor check_for_rekeyed_child() in quick_mode taskMartin Willi2013-04-031-18/+24
|
* Reuse reqid of an existing Quick Mode, even if it has been rekeyedMartin Willi2013-04-031-1/+2
| | | | | | If two peers rekey Quick Modes at the same time, the original Quick Mode is in REKEYING state and hence the requid is not reused. This is required though, as two identical policies won't work if they have different requids.
* List all stroke counters when "all" is given, and report if connection not knownMartin Willi2013-04-031-30/+88
|
* Defer CHILD_SA rekeying if allocating an SPI failsMartin Willi2013-04-032-12/+26
|
* allow retrieval of private keys from other credential setsAndreas Steffen2013-04-022-9/+26
|
* improve checking of sent and received http messagesAndreas Steffen2013-04-021-3/+7
|
* Load raw keys before possibly destroying the identityTobias Brunner2013-04-011-12/+11
| | | | | | | | If no identity (or %any) is configured the identification_t object is destroyed and an invalid object was associated with the created pubkey certificate. Actually using %any does not work as the certificate would not match when the client later provides an identity.
* ipseckey: Use proper daemon name for enable optionTobias Brunner2013-04-011-1/+1
|
* Properly handle situation if no resolver plugins are loadedTobias Brunner2013-04-011-3/+2
|
* fixed capability metadataAndreas Steffen2013-03-311-1/+2
|
* renamed tnc_ifmap2 plugin to tnc_ifmapAndreas Steffen2013-03-3111-180/+180
|
* removed obsoleted tnc_ifmap pluginAndreas Steffen2013-03-318-1344/+0
|
* implemented http basic authenticationAndreas Steffen2013-03-313-46/+80
|
* parse IF-MAP server URIAndreas Steffen2013-03-313-41/+105
|
* implemented publish_enforcement_report and endSession methodsAndreas Steffen2013-03-301-6/+58
|
* implemented publish_ike_sa methodAndreas Steffen2013-03-301-6/+252
|
* ifmap message type is knownAndreas Steffen2013-03-303-12/+7
|
* implemented publish_device_ip methodAndreas Steffen2013-03-301-13/+132
|
* added IF-MAP SOAP error handlingAndreas Steffen2013-03-301-9/+32
|
* created tnc_ifmap2_soap_msg classAndreas Steffen2013-03-294-220/+343
|
* implement NewSession and PurgePublisher messages using the libxml2 libraryAndreas Steffen2013-03-293-79/+265
|
* set up a new IF-MAP sessionAndreas Steffen2013-03-299-0/+884
|
* Fixed Doxygen comment in eap_radius pluginTobias Brunner2013-03-271-2/+3
|
* error-notify: Close file descriptors in case clients are still connectedTobias Brunner2013-03-251-0/+6
|
* ipseckey: NULL pointer dereference fixed in error caseTobias Brunner2013-03-251-0/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2013-03-252-3/+3
|
* enforce singular of packetsAndreas Steffen2013-03-221-4/+6
|
* asprintf(3) requires _GNU_SOURCE to be defined5.0.3rc1Tobias Brunner2013-03-221-0/+2
|
* Check return value of asprintf(3) when converting AR identityTobias Brunner2013-03-221-2/+4
| | | | | Using chunk_t.ptr as target was also not optimal as it resulted in a compiler warning.
* Switch encoding of AR Identity Value from binary to UTF-8Andreas Steffen2013-03-221-8/+7
|
* Add a load-tester option to keep allocated external address until shutdownMartin Willi2013-03-212-1/+50
|
* Allow up to 10 NAT-D payloads in IKEv1 messagesTobias Brunner2013-03-201-1/+1
|
* Avoid a race condition when reloading secrets from ipsec.secretsTobias Brunner2013-03-201-18/+25
| | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded.
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-201-3/+5
| | | | This avoids huge warnings when building the native code.
* Add an option to autobalance a HA cluster automaticallyMartin Willi2013-03-191-0/+59
|
* Check if for some reason we handle a HA segment on both nodesMartin Willi2013-03-191-1/+15
|
* Acquire HA segment lock while sending heartbeatMartin Willi2013-03-191-0/+2
|
* Removed unused variable 'id'Tobias Brunner2013-03-191-2/+1
|
* Avoid returning COOKIEs right after system bootTobias Brunner2013-03-191-1/+1
| | | | | | | | | | | When the monotonic timer is initialized to 0 right after the system is booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s). Since the COOKIE verification code actually produces an overflow for COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs. Checking for last_cookie makes sense anyway as that condition must only apply if we actually sent a COOKIE before.
* Fix scheduling of heartbeat sending in HA pluginMartin Willi2013-03-191-2/+11
| | | | | | e0efd7c1 switches to automated job rescheduling for HA heartbeat. However, send_status() is initially called directly, which will not reschedule the job as required.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 16:58:41 +0000