| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Fix 'ipsec pool --status' for empty pools. | Tobias Brunner | 2011-11-04 | 1 | -1/+7 |
| | | |||||
| * | Memwipe request after sa update, too | Thomas Egerer | 2011-11-04 | 1 | -0/+1 |
| | | |||||
| * | Extend xfrm_attr_type_names by newly added enum values | Thomas Egerer | 2011-11-04 | 1 | -2/+6 |
| | | |||||
| * | Silently install route again, even if it did not change. | Tobias Brunner | 2011-11-04 | 2 | -2/+12 |
| | | | | | | Address/interface changes can cause the route to disappear. Afterwards the route might look the same but that does not mean it is still installed. | ||||
| * | Compile warning fixed in kernel interfaces. | Tobias Brunner | 2011-11-04 | 2 | -2/+2 |
| | | |||||
| * | The kernel-klips plugin does currently not support SAD/SPD flushing. | Tobias Brunner | 2011-10-21 | 1 | -0/+2 |
| | | |||||
| * | Implemented flushing of SAD and SPD entries via PF_KEY. | Tobias Brunner | 2011-10-21 | 1 | -0/+68 |
| | | |||||
| * | Implemented flushing of states and policies via XFRM. | Tobias Brunner | 2011-10-21 | 1 | -0/+56 |
| | | |||||
| * | Defined functions in the kernel interface to flush SAD and SPD entries. | Tobias Brunner | 2011-10-21 | 3 | -0/+50 |
| | | |||||
| * | Source files in Android.mk updated. | Tobias Brunner | 2011-10-14 | 1 | -1/+1 |
| | | |||||
| * | Add features support to kernel-klips plugin | Martin Willi | 2011-10-14 | 1 | -5/+12 |
| | | |||||
| * | Add features support to kernel-pfroute plugin | Martin Willi | 2011-10-14 | 1 | -5/+12 |
| | | |||||
| * | Add features support to kernel-pfkey plugin | Martin Willi | 2011-10-14 | 1 | -5/+12 |
| | | |||||
| * | Add features support to kernel-netlink plugin | Martin Willi | 2011-10-14 | 1 | -9/+14 |
| | | |||||
| * | Added kernel_ipsec/net plugin feature loading callbacks | Martin Willi | 2011-10-14 | 5 | -1/+88 |
| | | |||||
| * | Check for RTA_TABLE in configure. | Tobias Brunner | 2011-10-04 | 1 | -0/+2 |
| | | |||||
| * | Migrated attribute_manager to INIT/METHOD macros | Andreas Steffen | 2011-10-02 | 1 | -76/+48 |
| | | |||||
| * | Migrated sql_attribute to INIT/METHOD macros | Andreas Steffen | 2011-09-29 | 1 | -29/+25 |
| | | |||||
| * | Migrated netlink_socket to INIT/METHOD macros | Andreas Steffen | 2011-09-29 | 1 | -23/+18 |
| | | |||||
| * | Migrated resolve_handler to INIT/METHOD macros | Andreas Steffen | 2011-09-29 | 1 | -33/+27 |
| | | |||||
| * | Destroy kernel interface during deregistration, as the plugin goes afterwards | Martin Willi | 2011-09-12 | 1 | -2/+22 |
| | | |||||
| * | shortened XAUTH and UNITY attribute short names | Andreas Steffen | 2011-08-16 | 1 | -21/+21 |
| | | |||||
| * | Disable policy history for pluto.4.5.3 | Tobias Brunner | 2011-08-02 | 1 | -21/+46 |
| | | | | | pluto tracks usage of policies already in its own way. | ||||
| * | Allow routing table IDs > 255 when filtering them. | Tobias Brunner | 2011-07-29 | 1 | -3/+10 |
| | | |||||
| * | Install fallback drop policies to avoid transmitting unencrypted packets. | Tobias Brunner | 2011-07-27 | 3 | -0/+8 |
| | | | | | | | | During the update of a CHILD_SA (e.g. caused by MOBIKE) the old policy is first uninstalled and then the new one is installed. In the short time in between, where no policy is available in the kernel, unencrypted packets could have been transmitted. | ||||
| * | Remove policies in kernel interfaces based on their priority. | Tobias Brunner | 2011-07-27 | 6 | -51/+101 |
| | | | | | | | This allows to unroute a connection while the same connection is currently established. In this case both CHILD_SAs share the same reqid but the installed policies have different priorities. | ||||
| * | Fixed common misspellings. | Tobias Brunner | 2011-07-20 | 3 | -3/+3 |
| | | | | | Mostly found by 'codespell'. | ||||
| * | removed stray code | Andreas Steffen | 2011-07-18 | 1 | -2/+1 |
| | | |||||
| * | added log and status output for ESN | Andreas Steffen | 2011-07-16 | 1 | -1/+5 |
| | | |||||
| * | added HOME_AGENT_ADDRESS CP attribute type | Andreas Steffen | 2011-07-14 | 2 | -7/+10 |
| | | |||||
| * | Record usage history of policies in PF_KEY kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -169/+457 |
| | | | | | The implementation is nearly the same as in the Netlink kernel interface. | ||||
| * | Simplified destruction of policy_sa_t objects in Netlink interface. | Tobias Brunner | 2011-07-06 | 1 | -12/+7 |
| | | |||||
| * | Some code cleanup in Netlink kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -108/+119 |
| | | |||||
| * | Some code cleanup in PF_KEY kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -118/+142 |
| | | |||||
| * | Reduce memory usage of policy history caching. | Tobias Brunner | 2011-07-06 | 1 | -131/+270 |
| | | | | | | Only cache data as needed (e.g. traffic selectors only for forward policies) and at most once for each IPsec SA. | ||||
| * | Keep the mutex locked as long as possible when deleting policies. | Tobias Brunner | 2011-07-06 | 1 | -61/+57 |
| | | | | | | | | | | This change tries to prevent a race condition where a thread tries to install the same policy another thread is currently deleting. If the second thread releases the mutex in del_policy too early the first thread could assume the policy does not exist (as it is not cached anymore) but would not be able to actually install it if the second thread was not yet able to delete it. | ||||
| * | Properly unlock the policy if no change in the kernel is required. | Tobias Brunner | 2011-07-06 | 1 | -0/+1 |
| | | |||||
| * | Make sure access to policy is thread-safe during installation of route. | Tobias Brunner | 2011-07-06 | 1 | -2/+17 |
| | | |||||
| * | Replaced simple iterator usages. | Tobias Brunner | 2011-07-06 | 1 | -5/+5 |
| | | |||||
| * | Record the history of a policy installed in the kernel. | Tobias Brunner | 2011-07-06 | 1 | -141/+317 |
| | | | | | | | | This allows to properly delete a policy e.g. if reauth=yes and auto=route, because reqids are increased during reauthentication. It also avoids overriding an installed policy with a trap policy. | ||||
| * | Add the reqid to kernel_ipsec_t.del_policy. | Tobias Brunner | 2011-07-06 | 6 | -16/+18 |
| | | |||||
| * | Cache the most recent reqid in the PF_KEY kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -1/+2 |
| | | | | | | This makes the PF_KEY kernel interface behave the same as the Netlink kernel interface. | ||||
| * | install PASS and DROP shunt policies via PFKEYv2 interface | Andreas Steffen | 2011-07-05 | 1 | -1/+12 |
| | | |||||
| * | Don't install the libraries directly in lib/. | Tobias Brunner | 2011-07-05 | 1 | -1/+1 |
| | | | | | | Instead use a subdirectory (prefix/lib/ipsec by default). Also moved the plugins from libexec to a subdirectory of that dir. | ||||
| * | implemented PASS and DROP shunt policies | Andreas Steffen | 2011-06-28 | 2 | -1/+7 |
| | | |||||
| * | Use CRITICAL job priority class for long running dispatcher jobs | Martin Willi | 2011-05-16 | 5 | -10/+10 |
| | | |||||
| * | Return correct status code in kernel_netlink_ipsec_t.query_sa. | Tobias Brunner | 2011-05-10 | 1 | -1/+1 |
| | | |||||
| * | Wipe memory after using key material (incomplete, to be continued) | Martin Willi | 2011-05-09 | 1 | -19/+29 |
| | | |||||
| * | Removed superfluous parameter missed in e5e5bcc92f. | Tobias Brunner | 2011-05-02 | 1 | -1/+1 |
| | | |||||
| * | Fixed two typos in kernel-pfroute plugin. | Tobias Brunner | 2011-04-26 | 1 | -2/+2 |
| | | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |