| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Cache the most recent reqid in the PF_KEY kernel interface. | Tobias Brunner | 2011-07-06 | 1 | -1/+2 | |
| | | | | | | This makes the PF_KEY kernel interface behave the same as the Netlink kernel interface. | |||||
| * | install PASS and DROP shunt policies via PFKEYv2 interface | Andreas Steffen | 2011-07-05 | 1 | -1/+12 | |
| | | ||||||
| * | Don't install the libraries directly in lib/. | Tobias Brunner | 2011-07-05 | 1 | -1/+1 | |
| | | | | | | Instead use a subdirectory (prefix/lib/ipsec by default). Also moved the plugins from libexec to a subdirectory of that dir. | |||||
| * | implemented PASS and DROP shunt policies | Andreas Steffen | 2011-06-28 | 2 | -1/+7 | |
| | | ||||||
| * | Use CRITICAL job priority class for long running dispatcher jobs | Martin Willi | 2011-05-16 | 5 | -10/+10 | |
| | | ||||||
| * | Return correct status code in kernel_netlink_ipsec_t.query_sa. | Tobias Brunner | 2011-05-10 | 1 | -1/+1 | |
| | | ||||||
| * | Wipe memory after using key material (incomplete, to be continued) | Martin Willi | 2011-05-09 | 1 | -19/+29 | |
| | | ||||||
| * | Removed superfluous parameter missed in e5e5bcc92f. | Tobias Brunner | 2011-05-02 | 1 | -1/+1 | |
| | | ||||||
| * | Fixed two typos in kernel-pfroute plugin. | Tobias Brunner | 2011-04-26 | 1 | -2/+2 | |
| | | ||||||
| * | Revert alloc_str changes | Martin Willi | 2011-04-21 | 2 | -5/+3 | |
| | | | | | | | This reverts commit fdead26ffe1da8501a6ff5e0639a6f44c723e763. This reverts commit 3e2419ebe32de72d824864eb2e0e677a7c197af1. This reverts commit 17ce69b47a1efd6234960cf7d1f50712aee61db5. | |||||
| * | Use thread save settings alloc_str function where appropriate | Martin Willi | 2011-04-21 | 2 | -3/+5 | |
| | | ||||||
| * | Cast size_t len arguments to %.*s to int | Martin Willi | 2011-04-20 | 1 | -12/+12 | |
| | | ||||||
| * | Copy ESN enabled replay state during update_sa, if supported | Martin Willi | 2011-04-20 | 1 | -48/+77 | |
| | | ||||||
| * | Add ESN support to kernel netlink plugin, including custom replay windows | Martin Willi | 2011-04-20 | 1 | -3/+47 | |
| | | ||||||
| * | Added an esn parameter to the kernel interface add_sa functions | Martin Willi | 2011-04-20 | 6 | -9/+11 | |
| | | ||||||
| * | pool: Proper cleanup in error cases when adding addresses from a file. | Tobias Brunner | 2011-04-19 | 1 | -0/+6 | |
| | | ||||||
| * | pool: Proper handling of address family when adding addresses. | Tobias Brunner | 2011-04-19 | 1 | -2/+6 | |
| | | ||||||
| * | Added missing break statement. | Tobias Brunner | 2011-04-19 | 1 | -0/+1 | |
| | | ||||||
| * | Properly copy interface name if unknown. | Tobias Brunner | 2011-04-19 | 1 | -1/+1 | |
| | | | | | | We use a static string if the interface name is unknown, so using memcpy with IFNAMSIZ is incorrect as that would overrun the static string. | |||||
| * | Add reload support to attr plugin | Martin Willi | 2011-04-15 | 3 | -19/+64 | |
| | | ||||||
| * | Migrated attr plugin to INIT/METHOD macros | Martin Willi | 2011-04-15 | 1 | -17/+16 | |
| | | ||||||
| * | Added a (not yet implemented) plugin_t method to reload plugin configuration | Martin Willi | 2011-04-15 | 7 | -0/+7 | |
| | | ||||||
| * | Added a get_name() function to plugin_t, create_plugin_enumerator enumerates ↵ | Martin Willi | 2011-04-15 | 7 | -1/+49 | |
| | | | | | over plugin_t | |||||
| * | Removed superfluous parameter to printf. | Tobias Brunner | 2011-04-14 | 1 | -1/+1 | |
| | | ||||||
| * | Fixed potential memory leak when processing routes from the kernel. | Tobias Brunner | 2011-04-14 | 1 | -0/+1 | |
| | | ||||||
| * | Removed unused variables. | Tobias Brunner | 2011-04-12 | 1 | -2/+2 | |
| | | ||||||
| * | Align netlink attributes properly if rta_len not a multiple of RTA_ALIGNTO | Martin Willi | 2011-03-02 | 1 | -16/+16 | |
| | | ||||||
| * | Migrated kernel_pfroute_net to INIT/METHOD macros | Martin Willi | 2011-02-17 | 1 | -69/+52 | |
| | | ||||||
| * | Migrated kernel_netlink_net to INIT/METHOD macros | Martin Willi | 2011-02-17 | 1 | -77/+64 | |
| | | ||||||
| * | Kernel interface updated for KLIPS plugin (TFC padding). | Tobias Brunner | 2011-02-10 | 1 | -1/+1 | |
| | | ||||||
| * | added missing tfc argument to kernel_pfkey_ipsec interface | Andreas Steffen | 2010-12-27 | 1 | -1/+1 | |
| | | ||||||
| * | Implemented Traffic Flow Confidentiality padding in kernel_interface | Martin Willi | 2010-12-20 | 4 | -8/+28 | |
| | | ||||||
| * | Install selectors on transport mode IPsec SAs. | Jiri Bohac | 2010-12-13 | 1 | -0/+1 | |
| | | | | | | | | | | | | | | | | | This fixes several test cases in IKEv2_Self_Test (part of the IPv6 Ready Logo Program) which is required for USGv6 certification, namely: - IKEv2.EN.I.1.1.7.1, IKEv2.EN.I.1.1.7.1: Narrowing the range of members of the set of traffic selectors - IKEv2.EN.R.1.1.7.3: Narrowing multiple traffic selector When traffic selectors of a triggered SA are narrowed by the responder, the installed policy and the broader trap policy share the same reqid. Without selectors on the IPsec SA packets matching the trap policy, but not the narrowed policy, would incorrectly be handled by that IPsec SA. Since only one selector can be specified per IPsec SA, there is currently no solution for tunnel mode SAs. | |||||
| * | Include the destination net in the policy priority calculation. | Tobias Brunner | 2010-12-07 | 2 | -12/+20 | |
| | | | | | | | | | | | | | | The resulting priorities are as follows: IPv6 IPv4 routed normal routed normal max 4096(+3) 2048(+3) 4096(+3) 2048(+3) min 3072 1024 3840 1792 Where min is for a policy between two single hosts and max is for /0 on both ends (lower priorities are preferred by the kernel). (+3) applies for cases where no protocol and no ports are defined. | |||||
| * | commas, commas, .. | Andreas Steffen | 2010-11-25 | 4 | -6/+6 | |
| | | ||||||
| * | Migrated resolve_plugin_t to INIT/METHOD macros | Andreas Steffen | 2010-11-25 | 1 | -7/+11 | |
| | | ||||||
| * | Migrated kernel_pfroute_plugin_t to INIT/METHOD macros | Andreas Steffen | 2010-11-25 | 1 | -8/+11 | |
| | | ||||||
| * | Migrated kernel_pfkey_plugin_t to INIT/METHOD macros | Andreas Steffen | 2010-11-25 | 1 | -8/+11 | |
| | | ||||||
| * | Migrated kernel_netlink_plugin_t to INIT/METHOD macros | Andreas Steffen | 2010-11-25 | 1 | -7/+10 | |
| | | ||||||
| * | INIT allocates memory | Andreas Steffen | 2010-11-25 | 1 | -1/+1 | |
| | | ||||||
| * | INIT allocates memory | Andreas Steffen | 2010-11-25 | 1 | -1/+1 | |
| | | ||||||
| * | Migrated kernel_klips_plugin_t to INIT/METHOD macros | Andreas Steffen | 2010-11-25 | 1 | -6/+9 | |
| | | ||||||
| * | Migrated attr_plugin_t to INIT/METHOD macros | Andreas Steffen | 2010-11-25 | 1 | -7/+10 | |
| | | ||||||
| * | Migrated attr_sql_plugin_t to INIT/METHOD macros | Andreas Steffen | 2010-11-25 | 1 | -10/+13 | |
| | | ||||||
| * | Print full source route on DBG2 that gets installed | Martin Willi | 2010-11-11 | 1 | -0/+2 | |
| | | ||||||
| * | Do not fire roam events based on local route changes. | Tobias Brunner | 2010-10-12 | 1 | -2/+3 | |
| | | | | | | These kernel events are triggered on address changes, which is problematic when deleting virtual IP addresses. | |||||
| * | If a changed route has no src, try to find it via interface. | Tobias Brunner | 2010-10-12 | 1 | -37/+48 | |
| | | ||||||
| * | Get source address from interface if the route does not provide one. | Tobias Brunner | 2010-10-12 | 1 | -2/+49 | |
| | | ||||||
| * | added non-standard SERPENT and TWOFISH support to kernel_netlink plugin | Andreas Steffen | 2010-09-08 | 1 | -0/+2 | |
| | | ||||||
| * | Do not install routes for pluto. | Tobias Brunner | 2010-09-02 | 2 | -0/+10 | |
| | | | | | | There are some incompatibilities with e.g. passthrough policies. Pluto installs required source routes via updown script. | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |