aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
| * Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-1219-29/+67
| |
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-2423-28/+59
| |
| * Include source port in init hash for fragmented messagesTobias Brunner2012-12-241-1/+8
| |
| * Add an option to en-/disable IKE fragmentationTobias Brunner2012-12-242-5/+20
| | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled.
| * Split larger messages into fragments if IKE fragmentation is supported by peerTobias Brunner2012-12-241-14/+114
| |
| * Log message size for in- and outbound IKE messagesTobias Brunner2012-12-242-4/+7
| |
| * Add support to create IKE fragmentsTobias Brunner2012-12-242-0/+30
| | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing.
| * Log added NAT-T vendor IDsTobias Brunner2012-12-241-0/+1
| |
| * Detect a peer's support for IKE fragmentationTobias Brunner2012-12-242-0/+9
| | | | | | | | Fragments are accepted even if this vendor ID is not seen.
| * Map fragmented initial initial Main or Aggressive Mode messages to the same ↵Tobias Brunner2012-12-241-1/+17
| | | | | | | | IKE_SA
| * Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵Tobias Brunner2012-12-241-1/+2
| | | | | | | | | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
| * Don't handle fragmented messages larger than charon.max_packetTobias Brunner2012-12-241-4/+39
| |
| * Don't update an IKE_SA-entry's cached message ID when handling fragmentsTobias Brunner2012-12-241-1/+4
| |
| * Store inbound IKE fragments and reassemble the message when all fragments ↵Tobias Brunner2012-12-241-3/+166
| | | | | | | | are received
| * Add message rules to properly handle IKE fragmentsTobias Brunner2012-12-241-0/+8
| | | | | | | | | | These are sent in unencrypted messages and are the only payload contained in such messages.
| * Reset the encrypted flag when handling IKE messages that contain a fragmentTobias Brunner2012-12-241-0/+6
| | | | | | | | | | Racoon sets the encrypted bit for messages containing a fragment, but these messages are not really encrypted (the fragmented message is though).
| * Payload added to handle IKE fragmentsTobias Brunner2012-12-246-11/+314
| |
* | Don't use bio_writer_t.skip() to write length field when appending more dataMartin Willi2013-01-112-6/+9
| | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation.
* | Use raw opcodes for rdrand to build with older binutilsMartin Willi2013-01-111-6/+6
| |
* | Provide RNG_TRUE quality in rdrand by mixing reseeded outputs using AESMartin Willi2013-01-112-8/+108
| |
* | Provide RNG_STRONG quality in rdrand by forcing PRNG reseed after every sampleMartin Willi2013-01-112-1/+69
| |
* | Provide RNG_WEAK quality random generator in rdrandMartin Willi2013-01-114-2/+342
| |
* | Add a rdrand plugin stub detecting availability of RDRAND instructionsMartin Willi2013-01-114-0/+183
| |
* | Streamline debug output when receiving intermediate CA certificates in IKEv1Martin Willi2013-01-111-1/+1
| |
* | Refactored IKEv2 cert/certreq payload processing to multiple functionsMartin Willi2013-01-111-112/+141
| |
* | Refactored IKEv1 cert payload processing to multiple functionsMartin Willi2013-01-111-73/+102
| |
* | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-113-0/+96
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-114-6/+6
| |
* | Fixed some typos in Ukrainian translationPavel Kopchyk2013-01-091-15/+16
| |
* | conftest: Add support for time_format and ike_name options in log sectionsThomas Klute2013-01-081-1/+18
| | | | | | | | | | | | Both options are well supported for normal operation but were completely ignored by conftest, which used hard coded defaults. File options are still missing but could be added in a similar way.
* | conftest: Fix log level settings for stdoutThomas Klute2013-01-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | This patch fixes bug #272 ("conftest ignores log settings for stdout"). http://wiki.strongswan.org/issues/272 According to the documentation of add_logger in src/libcharon/bus/bus.h, the relevant log levels of a logger are registered with the logging subsystem when adding the logger. If the log levels change later, the logger must be re-added to propagate the new settings. In conftest.c, the stdout logger is initialized and added before reading the logging settings, but wasn't re-added after reading the settings.
* | conftest: Make outgoing sequence number set by reset_seq configurableThomas Klute2013-01-082-8/+70
| | | | | | | | | | | | | | | | This is useful for certain test cases. Passing the sequence number to the callback requires a new struct that contains both the number and the xfrm_usersa_id. The new configuration parameter is called oseq in accordance with the kernel name, see the comment in the reset_cb callback function for details.
* | Include opensslconf.h before checking its definesMartin Willi2013-01-031-0/+2
| |
* | Don't build OpenSSL PKCS#7 code if OPENSSL_NO_CMS definedMartin Willi2013-01-031-0/+4
| |
* | make pacman.sh run under cronAndreas Steffen2012-12-261-9/+13
| |
* | deleted newly constructed attributes in send_assessmentAndreas Steffen2012-12-243-21/+7
| |
* | Added Russian and Ukrainian strings for Android clientDmitry Korzhevin2012-12-244-0/+252
|/
* Add parantheses to avoid compiler warningMartin Willi2012-12-241-1/+1
|
* Send empty CDATA batch if TNC client has no data to sendAndreas Steffen2012-12-231-16/+28
|
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-2010-11/+11
|
* Raise an alert if IKE SA is keptAdrian-Ken Rueegsegger2012-12-202-0/+3
| | | | | This alert is raised when the establishment of a child SA fails but the IKE SA is kept.
* stroke: Drop unneeded [MY|OTHER]_NETBITSReto Buerki2012-12-191-2/+2
|
* stroke: Enable install_policy in add_connection()Reto Buerki2012-12-191-0/+1
|
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-1914-90/+311
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Add missing error_notify_msg.h to distribution tarballMartin Willi2012-12-191-1/+2
|
* Add an error-notify sample application to listen to error notificationsMartin Willi2012-12-193-0/+66
|
* Add an error-notify plugin to send catched alerts to listening applicationsMartin Willi2012-12-199-0/+743
|
* Raise an alert if half-open timeout limit reachedMartin Willi2012-12-192-0/+3
|
* Raise an alert if an authorize() hook failsMartin Willi2012-12-192-0/+6
|
* Raise an alert if allocating virtual IPs failsMartin Willi2012-12-192-0/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 19:15:56 +0000