aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | Without MOBIKE, update remote host only if it is behind NATMartin Willi2013-03-011-2/+3
| | | | |
* | | | | Merge branch 'ikev1-mm-retransmits'Martin Willi2013-03-014-45/+55
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes retransmit of the last Main Mode or IKE_AUTH message, and correctly queues Main Mode messages when processing of the last message is still in progress.
| * | | | | For IKEv1 Main Mode, use message hash to detect early retransmissionsMartin Willi2013-02-251-10/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As the message ID is zero in all Main Mode messages, it can't be used to detect if we are already processing a given message.
| * | | | | Move initial message dropping to task managerMartin Willi2013-02-253-19/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the last request message of the initial tunnel setup is retransmitted, we must retransmit the response instead of ignoring the request. Fixes #295.
| * | | | | Use INIT macro to initialize IKE_SA manager entriesMartin Willi2013-02-251-17/+6
| | | | | |
* | | | | | Merge branch 'tfc-notify'Martin Willi2013-03-016-2/+68
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduces kernel backend features, sends ESP_TFC_PADDING_NOT_SUPPORTED if kernel does not support it.
| * | | | | | Send ESP_TFC_PADDING_NOT_SUPPORTED if the used kernel doesn't support itMartin Willi2013-03-011-0/+9
| | | | | | |
| * | | | | | Indicate support for processing ESPv3 TFC padding in Netlink IPsec backendMartin Willi2013-03-011-1/+7
| | | | | | |
| * | | | | | Introduce "features" for the kernel backends returning kernel capabilitiesMartin Willi2013-03-014-1/+52
| | |/ / / / | |/| | | |
* | | | | | openssl: Provide AES-GCM implementationTobias Brunner2013-02-284-1/+312
| | | | | |
* | | | | | Fix cleanup in crypto_tester if AEAD implementation failsTobias Brunner2013-02-281-1/+4
| | | | | |
* | | | | | Order of arguments in Doxygen comment fixedTobias Brunner2013-02-282-2/+2
| | | | | |
* | | | | | Fix auth_cfg_t.clone() for single-valued auth rulesTobias Brunner2013-02-281-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By using the default list enumerator and adding the rules with the public add() method, clones of auth_cfg_t objects would return the values for single-valued auth rules in the wrong order (i.e. the oldest instead of the newest value was returned). Using the internal enumerator (which the comment already suggested) fixes this, but the clone will not be a full clone as it does not contain any old values for single-valued auth rules. Since these will never be used anyway, this should be fine.
* | | | | | Trigger an updown event when destroying an IKE_SA based on INITIAL_CONTACTTobias Brunner2013-02-281-0/+1
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | In other cases (i.e. when functions return DESTROY_ME) the event should already be triggered, but not in this forced situation.
* | | | | Use SIGUSR2 for SIG_CANCEL on AndroidTobias Brunner2013-02-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SIGRTMIN is defined as 32 while sigset_t is defined as unsigned long (i.e. holds 32 signals). Hence, the signal could never be blocked. Sending the signal still canceled threads, but sometimes in situations where they shouldn't have been canceled (e.g. while holding a lock). Fixes #298.
* | | | | Android.mk updated to latest MakefilesTobias Brunner2013-02-263-1/+3
| |/ / / |/| | | | | | | | | | | Fixes #300.
* | | | openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8gTobias Brunner2013-02-202-1/+5
| |/ / |/| | | | | | | | Fixes #292.
* | | treat IF-M and IF-TNCCS remediation instructions/parameters in an equal wayAndreas Steffen2013-02-194-107/+204
| | |
* | | Streamlined log messages in ipseckey pluginAndreas Steffen2013-02-192-58/+30
| | |
* | | Encode RSA public keys in RFC 3110 DNSKEY formatAndreas Steffen2013-02-198-3/+155
| | |
* | | Moved configuration from resolver manager to unbound pluginAndreas Steffen2013-02-196-52/+41
| | | | | | | | | | | | Also streamlined log messages in unbound plugin.
* | | ipseckey: Report IPSECKEYs with invalid DNSSEC security stateReto Guadagnini2013-02-191-2/+12
| | |
* | | ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.confReto Guadagnini2013-02-191-3/+16
| | |
* | | Added ipseckey plugin, which provides support for public keys in IPSECKEY RRsReto Guadagnini2013-02-198-0/+859
| | |
* | | unbound: Implementation of query method of unbound_resolver_tReto Guadagnini2013-02-192-7/+64
| | |
* | | unbound: Implemented resolver_response_t as unbound_response_tReto Guadagnini2013-02-193-1/+316
| | |
* | | Implemented rr_set_t interfaceReto Guadagnini2013-02-193-1/+113
| | |
* | | unbound: Implemented rr_t as unbound_rr_tReto Guadagnini2013-02-193-1/+215
| | |
* | | Added unbound plugin implementing the resolver interface using libunboundReto Guadagnini2013-02-196-0/+234
| | |
* | | Added manager for DNS resolversReto Guadagnini2013-02-195-1/+181
| | |
* | | Added interface for DNS resolversReto Guadagnini2013-02-196-0/+548
| | |
* | | added missing return statementAndreas Steffen2013-02-191-0/+1
| | |
* | | Fix encoding of issuerAndSubject while handling SCEP pending stateMartin Willi2013-02-191-1/+1
| | |
* | | reject PB-Experimental messages with NOSKIP flag setAndreas Steffen2013-02-191-0/+7
| | |
* | | added parameter descriptionsAndreas Steffen2013-02-191-1/+8
| | |
* | | removed superfluous debug outputAndreas Steffen2013-02-152-4/+0
| | |
* | | Add a timeout to clean up PDP RADIUS connectionsMartin Willi2013-02-141-0/+51
| | |
* | | Keep the PDP connections lock while accessing its objectsMartin Willi2013-02-143-7/+34
| | | | | | | | | | | | | | | | | | When we introduce connection timeouts, the state may disappear at any time. This change prevents that, but is not very clear. We probably have to refactor connection handling.
* | | Add locking to TNC-PDP connectionsMartin Willi2013-02-141-7/+23
| | |
* | | Add IF-M message subtype getter to IMC/IMV messagesMartin Willi2013-02-144-1/+28
| | |
* | | Use a generic constructor to create PA-TNC error attributesMartin Willi2013-02-141-62/+32
| | |
* | | Add a global return_success() method implementationMartin Willi2013-02-143-8/+15
| | |
* | | Add a convenience method to check pen_type_t for vendor and typeMartin Willi2013-02-141-0/+14
| | |
* | | Add a comparison function for pen_type_tMartin Willi2013-02-141-0/+12
| | |
* | | Whitespace and comment cleanups in pen.[ch]Martin Willi2013-02-142-20/+28
| | |
* | | resolve dependency on libtlsAndreas Steffen2013-02-141-0/+1
| | |
* | | Merge branch 'ike-dscp'Martin Willi2013-02-1426-68/+237
|\ \ \
| * | | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-067-4/+23
| | | |
| * | | Set configured DSCP value while generating IKE packetsMartin Willi2013-02-061-1/+26
| | | |
| * | | Add a DSCP configuration value to IKE configsMartin Willi2013-02-0614-25/+41
| | | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 06:11:24 +0000