| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| | | * | Added limiting encoding of IKEv1 SA payloads | Martin Willi | 2012-03-20 | 6 | -82/+231 | |
| | | | | ||||||
| | | * | Added SA payload IKEv1 encoding types to generator | Martin Willi | 2012-03-20 | 1 | -0/+3 | |
| | | | | ||||||
| | | * | Don't set IKEv2 only header flags when using IKEv1 | Martin Willi | 2012-03-20 | 1 | -3/+6 | |
| | | | | ||||||
| | | * | Set default IKE header initiator flag in IKEv2 only | Martin Willi | 2012-03-20 | 1 | -2/+5 | |
| | | | | ||||||
| | | * | Added an IKEv1 main mode task stub | Martin Willi | 2012-03-20 | 5 | -24/+191 | |
| | | | | ||||||
| | | * | Added a stub for a IKEv1 task manager | Martin Willi | 2012-03-20 | 3 | -1/+517 | |
| | | | | ||||||
| | | * | Use task manager as generic interface, renamed implementation to _v2. | Martin Willi | 2012-03-20 | 5 | -24/+64 | |
| | | | | ||||||
| | | * | Fix unaligned aliasing warning in raw socket | Martin Willi | 2012-03-20 | 1 | -5/+4 | |
| | | | | ||||||
| | | * | Use enum to define IKE version on peer_cfg_t. | Tobias Brunner | 2012-03-20 | 17 | -41/+63 | |
| | | | | | | | | | | | | | Replaced all those magic numbers. | |||||
| | | * | Fix init message arrival check. | Tobias Brunner | 2012-03-20 | 1 | -21/+14 | |
| | | | | ||||||
| | | * | Compile error fixed. | Tobias Brunner | 2012-03-20 | 1 | -1/+2 | |
| | | | | ||||||
| | | * | Message parsing slightly refactored, allows parsing of unencrypted IKEv1 ↵ | Tobias Brunner | 2012-03-20 | 1 | -40/+52 | |
| | | | | | | | | | | | | | messages. | |||||
| | | * | Allow creation of message_t objects for IKEv1 packets. | Tobias Brunner | 2012-03-20 | 8 | -49/+62 | |
| | | | | ||||||
| | | * | Certificate request payloads can be sent in pretty much any IKEv1 message. | Tobias Brunner | 2012-03-20 | 1 | -5/+18 | |
| | | | | ||||||
| | | * | Implemented limited payload parsing for IKEv1 SA payloads | Martin Willi | 2012-03-20 | 7 | -176/+557 | |
| | | | | ||||||
| | | * | Added additional IKEv1 payload and encoding identifiers | Martin Willi | 2012-03-20 | 5 | -40/+83 | |
| | | | | ||||||
| | | * | Extend sa_payload for IKEv1 support | Martin Willi | 2012-03-20 | 11 | -37/+160 | |
| | | | | ||||||
| | | * | Message rules for IKEv1 INFORMATIONAL exchange added. | Tobias Brunner | 2012-03-20 | 1 | -0/+24 | |
| | | | | | | | | | | | | | | | | Since INFORMATIONAL "exchanges" are actually unidirectionally sent message we don't have any responder rules. | |||||
| | | * | Message rules for IKEv1 AGGRESSIVE exchange added. | Tobias Brunner | 2012-03-20 | 1 | -0/+72 | |
| | | | | | | | | | | | | | | | | These are basically the same as for ID_PROT but no payloads are expected to be encrypted (at least if using PSK or signatures for authentication). | |||||
| | | * | Message rules for IKEv1 ID_PROT exchange added. | Tobias Brunner | 2012-03-20 | 1 | -0/+77 | |
| | | | | | | | | | | | | | | | | These rules are quite broad and cover main mode with at least PSK and signature based authentication. | |||||
| | | * | Typo fixed. | Tobias Brunner | 2012-03-20 | 1 | -1/+1 | |
| | | | | ||||||
| | | * | Use vendor id payload for IKEv1 payloads, too | Martin Willi | 2012-03-20 | 4 | -10/+22 | |
| | | | | ||||||
| | | * | Added IKEv1 payload identifiers to "known" payload list | Martin Willi | 2012-03-20 | 1 | -2/+9 | |
| | | | | ||||||
| | | * | Handle IKEv1 messages in managers checkout_by_message | Martin Willi | 2012-03-20 | 1 | -9/+30 | |
| | | | | ||||||
| | | * | Added IKEv1 payload identifiers | Martin Willi | 2012-03-20 | 2 | -4/+97 | |
| | | | | ||||||
| | | * | Accept and process IKEv1 messages in receiver | Martin Willi | 2012-03-20 | 1 | -7/+18 | |
| | | | | ||||||
| | | * | Extended IKE header for IKEv1 support | Martin Willi | 2012-03-20 | 4 | -58/+236 | |
| | | | | ||||||
| * | | | Added a dedicated sender flush method, delay sender destruction until users gone | Martin Willi | 2012-05-02 | 3 | -3/+20 | |
| | | | | ||||||
| * | | | add AUTH_RULE_SUBJECT_CERT for raw public keys4.6.3 | Andreas Steffen | 2012-04-30 | 1 | -0/+4 | |
| | | | | ||||||
| * | | | added missing whitespace | Andreas Steffen | 2012-04-30 | 2 | -1/+2 | |
| | | | | ||||||
| * | | | Properly initialize optional subject in PEM builder. | Tobias Brunner | 2012-04-30 | 1 | -1/+1 | |
| | | | | ||||||
| * | | | Typo fixed. | Tobias Brunner | 2012-04-30 | 1 | -1/+1 | |
| | | | | ||||||
| * | | | output validity of raw public key if available | Andreas Steffen | 2012-04-30 | 1 | -2/+34 | |
| | | | | ||||||
| * | | | added support for raw RSA public keys to stroke | Andreas Steffen | 2012-04-30 | 8 | -10/+126 | |
| | | | | ||||||
| * | | | Fixed null-pointer dereference in smp plugin. | Tobias Brunner | 2012-04-26 | 1 | -3/+7 | |
| | | | | ||||||
| * | | | CERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject information | Andreas Steffen | 2012-04-25 | 1 | -7/+41 | |
| | | | | ||||||
| * | | | pluto: Fix for null-terminated XAuth secrets (as sent by Android 4). | Tobias Brunner | 2012-04-24 | 1 | -0/+7 | |
| | | | | ||||||
| * | | | isolate a TNC client if an error occurs | Andreas Steffen | 2012-04-22 | 1 | -1/+1 | |
| | | | | ||||||
| * | | | exit if TBOOT dummy measurements are not defined | Andreas Steffen | 2012-04-22 | 1 | -0/+5 | |
| | | | | ||||||
| * | | | Option added to set identifier for syslog(3) logging. | Tobias Brunner | 2012-04-20 | 1 | -1/+7 | |
| | | | | | | | | | | | | | This identifier is added to each log message by syslog. | |||||
| * | | | Removed auth_cfg_t.replace_value() and replaced usages with add(). | Tobias Brunner | 2012-04-18 | 5 | -93/+39 | |
| | | | | | | | | | | | | | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient. | |||||
| * | | | Changed the order and semantics of rules we expect only once in auth_cfg_t. | Tobias Brunner | 2012-04-18 | 2 | -114/+212 | |
| | | | | | | | | | | | | | | | | | | | | | | These rules are now inserted at the front of the internal list, this allows to retrieve the rule added last with get(). For other rules the order in which they are added is maintained (this allows to properly enumerate them). | |||||
| * | | | Store password with remote ID to tie it stronger to a specific connection. | Tobias Brunner | 2012-04-18 | 1 | -12/+50 | |
| | | | | ||||||
| * | | | Added stroke user-creds command, to set username/password for a connection. | Tobias Brunner | 2012-04-17 | 7 | -2/+204 | |
| | | | | ||||||
| * | | | Added method to add additional shared secrets to stroke_cred_t. | Tobias Brunner | 2012-04-17 | 2 | -2/+20 | |
| | | | | ||||||
| * | | | Additional prompt keyword added to stroke. | Tobias Brunner | 2012-04-17 | 1 | -1/+3 | |
| | | | | ||||||
| * | | | Typo fixed. | Tobias Brunner | 2012-04-17 | 1 | -1/+1 | |
| | | | | ||||||
| * | | | Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a ↵ | Martin Willi | 2012-04-17 | 1 | -5/+43 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | few secs Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as initiator, we can't know if the completing IKE_SA_INIT message is to our first request or the one with the COOKIE. If the responder just enabled/disabled COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE behavior toggling improves the situation, but does not solve the problem during the initial COOKIE activation. | |||||
| * | | | Added a note about DH/keymat lifecycle for custom implementations | Martin Willi | 2012-04-17 | 1 | -1/+6 | |
| | | | | ||||||
| * | | | Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE | Martin Willi | 2012-04-17 | 1 | -2/+5 | |
| | | | | ||||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |