| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | The kernel-klips plugin does currently not support SAD/SPD flushing. | Tobias Brunner | 2011-10-21 | 1 | -0/+2 | |
| | | ||||||
| * | Implemented flushing of SAD and SPD entries via PF_KEY. | Tobias Brunner | 2011-10-21 | 1 | -0/+68 | |
| | | ||||||
| * | Implemented flushing of states and policies via XFRM. | Tobias Brunner | 2011-10-21 | 1 | -0/+56 | |
| | | ||||||
| * | Add features support to kernel-klips plugin | Martin Willi | 2011-10-14 | 1 | -5/+12 | |
| | | ||||||
| * | Add features support to kernel-pfroute plugin | Martin Willi | 2011-10-14 | 1 | -5/+12 | |
| | | ||||||
| * | Add features support to kernel-pfkey plugin | Martin Willi | 2011-10-14 | 1 | -5/+12 | |
| | | ||||||
| * | Add features support to kernel-netlink plugin | Martin Willi | 2011-10-14 | 1 | -9/+14 | |
| | | ||||||
| * | Check for RTA_TABLE in configure. | Tobias Brunner | 2011-10-04 | 1 | -0/+2 | |
| | | ||||||
| * | Migrated sql_attribute to INIT/METHOD macros | Andreas Steffen | 2011-09-29 | 1 | -29/+25 | |
| | | ||||||
| * | Migrated netlink_socket to INIT/METHOD macros | Andreas Steffen | 2011-09-29 | 1 | -23/+18 | |
| | | ||||||
| * | Migrated resolve_handler to INIT/METHOD macros | Andreas Steffen | 2011-09-29 | 1 | -33/+27 | |
| | | ||||||
| * | Disable policy history for pluto.4.5.3 | Tobias Brunner | 2011-08-02 | 1 | -21/+46 | |
| | | | | | pluto tracks usage of policies already in its own way. | |||||
| * | Allow routing table IDs > 255 when filtering them. | Tobias Brunner | 2011-07-29 | 1 | -3/+10 | |
| | | ||||||
| * | Install fallback drop policies to avoid transmitting unencrypted packets. | Tobias Brunner | 2011-07-27 | 2 | -0/+6 | |
| | | | | | | | | During the update of a CHILD_SA (e.g. caused by MOBIKE) the old policy is first uninstalled and then the new one is installed. In the short time in between, where no policy is available in the kernel, unencrypted packets could have been transmitted. | |||||
| * | Remove policies in kernel interfaces based on their priority. | Tobias Brunner | 2011-07-27 | 3 | -39/+76 | |
| | | | | | | | This allows to unroute a connection while the same connection is currently established. In this case both CHILD_SAs share the same reqid but the installed policies have different priorities. | |||||
| * | Fixed common misspellings. | Tobias Brunner | 2011-07-20 | 2 | -2/+2 | |
| | | | | | Mostly found by 'codespell'. | |||||
| * | removed stray code | Andreas Steffen | 2011-07-18 | 1 | -2/+1 | |
| | | ||||||
| * | added log and status output for ESN | Andreas Steffen | 2011-07-16 | 1 | -1/+5 | |
| | | ||||||
| * | Record usage history of policies in PF_KEY kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -169/+457 | |
| | | | | | The implementation is nearly the same as in the Netlink kernel interface. | |||||
| * | Simplified destruction of policy_sa_t objects in Netlink interface. | Tobias Brunner | 2011-07-06 | 1 | -12/+7 | |
| | | ||||||
| * | Some code cleanup in Netlink kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -108/+119 | |
| | | ||||||
| * | Some code cleanup in PF_KEY kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -118/+142 | |
| | | ||||||
| * | Reduce memory usage of policy history caching. | Tobias Brunner | 2011-07-06 | 1 | -131/+270 | |
| | | | | | | Only cache data as needed (e.g. traffic selectors only for forward policies) and at most once for each IPsec SA. | |||||
| * | Keep the mutex locked as long as possible when deleting policies. | Tobias Brunner | 2011-07-06 | 1 | -61/+57 | |
| | | | | | | | | | | This change tries to prevent a race condition where a thread tries to install the same policy another thread is currently deleting. If the second thread releases the mutex in del_policy too early the first thread could assume the policy does not exist (as it is not cached anymore) but would not be able to actually install it if the second thread was not yet able to delete it. | |||||
| * | Properly unlock the policy if no change in the kernel is required. | Tobias Brunner | 2011-07-06 | 1 | -0/+1 | |
| | | ||||||
| * | Make sure access to policy is thread-safe during installation of route. | Tobias Brunner | 2011-07-06 | 1 | -2/+17 | |
| | | ||||||
| * | Replaced simple iterator usages. | Tobias Brunner | 2011-07-06 | 1 | -5/+5 | |
| | | ||||||
| * | Record the history of a policy installed in the kernel. | Tobias Brunner | 2011-07-06 | 1 | -141/+317 | |
| | | | | | | | | This allows to properly delete a policy e.g. if reauth=yes and auto=route, because reqids are increased during reauthentication. It also avoids overriding an installed policy with a trap policy. | |||||
| * | Add the reqid to kernel_ipsec_t.del_policy. | Tobias Brunner | 2011-07-06 | 3 | -6/+6 | |
| | | ||||||
| * | Cache the most recent reqid in the PF_KEY kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -1/+2 | |
| | | | | | | This makes the PF_KEY kernel interface behave the same as the Netlink kernel interface. | |||||
| * | install PASS and DROP shunt policies via PFKEYv2 interface | Andreas Steffen | 2011-07-05 | 1 | -1/+12 | |
| | | ||||||
| * | Use CRITICAL job priority class for long running dispatcher jobs | Martin Willi | 2011-05-16 | 5 | -10/+10 | |
| | | ||||||
| * | Return correct status code in kernel_netlink_ipsec_t.query_sa. | Tobias Brunner | 2011-05-10 | 1 | -1/+1 | |
| | | ||||||
| * | Wipe memory after using key material (incomplete, to be continued) | Martin Willi | 2011-05-09 | 1 | -19/+29 | |
| | | ||||||
| * | Removed superfluous parameter missed in e5e5bcc92f. | Tobias Brunner | 2011-05-02 | 1 | -1/+1 | |
| | | ||||||
| * | Fixed two typos in kernel-pfroute plugin. | Tobias Brunner | 2011-04-26 | 1 | -2/+2 | |
| | | ||||||
| * | Revert alloc_str changes | Martin Willi | 2011-04-21 | 2 | -5/+3 | |
| | | | | | | | This reverts commit fdead26ffe1da8501a6ff5e0639a6f44c723e763. This reverts commit 3e2419ebe32de72d824864eb2e0e677a7c197af1. This reverts commit 17ce69b47a1efd6234960cf7d1f50712aee61db5. | |||||
| * | Use thread save settings alloc_str function where appropriate | Martin Willi | 2011-04-21 | 2 | -3/+5 | |
| | | ||||||
| * | Cast size_t len arguments to %.*s to int | Martin Willi | 2011-04-20 | 1 | -12/+12 | |
| | | ||||||
| * | Copy ESN enabled replay state during update_sa, if supported | Martin Willi | 2011-04-20 | 1 | -48/+77 | |
| | | ||||||
| * | Add ESN support to kernel netlink plugin, including custom replay windows | Martin Willi | 2011-04-20 | 1 | -3/+47 | |
| | | ||||||
| * | Added an esn parameter to the kernel interface add_sa functions | Martin Willi | 2011-04-20 | 3 | -4/+4 | |
| | | ||||||
| * | pool: Proper cleanup in error cases when adding addresses from a file. | Tobias Brunner | 2011-04-19 | 1 | -0/+6 | |
| | | ||||||
| * | pool: Proper handling of address family when adding addresses. | Tobias Brunner | 2011-04-19 | 1 | -2/+6 | |
| | | ||||||
| * | Added missing break statement. | Tobias Brunner | 2011-04-19 | 1 | -0/+1 | |
| | | ||||||
| * | Properly copy interface name if unknown. | Tobias Brunner | 2011-04-19 | 1 | -1/+1 | |
| | | | | | | We use a static string if the interface name is unknown, so using memcpy with IFNAMSIZ is incorrect as that would overrun the static string. | |||||
| * | Add reload support to attr plugin | Martin Willi | 2011-04-15 | 3 | -19/+64 | |
| | | ||||||
| * | Migrated attr plugin to INIT/METHOD macros | Martin Willi | 2011-04-15 | 1 | -17/+16 | |
| | | ||||||
| * | Added a (not yet implemented) plugin_t method to reload plugin configuration | Martin Willi | 2011-04-15 | 7 | -0/+7 | |
| | | ||||||
| * | Added a get_name() function to plugin_t, create_plugin_enumerator enumerates ↵ | Martin Willi | 2011-04-15 | 7 | -1/+49 | |
| | | | | | over plugin_t | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |