aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* | Encode IETF Numeric Version Service Pack Version with two byte wordsMartin Willi2013-01-221-3/+2
| |
* | starter: Add --attach-gdb option to usage textAdrian-Ken Rueegsegger2013-01-221-1/+2
| |
* | Fix IKE SA inherit API docAdrian-Ken Rueegsegger2013-01-221-2/+1
| |
* | Filter TS list for Split-Includes before printing them to debug logMartin Willi2013-01-211-10/+34
| |
* | Add the ability to use a named pool for conftest configsTobias Brunner2013-01-212-4/+10
|/
* Reseed rdrand after every 128bit sample onlyMartin Willi2013-01-151-2/+2
|
* android: Properly escape apostrophes in Ukrainian translation5.0.2dr4Tobias Brunner2013-01-141-8/+8
|
* android: Implement kernel_net_t.get_interface via JNITobias Brunner2013-01-144-6/+92
| | | | | | This is now required to properly accept/install a virtual IP address. Fixes #275.
* android: Moved chunk_from_byte_array and byte_array_from_chunk helper functionsTobias Brunner2013-01-142-24/+32
|
* android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h ↵Tobias Brunner2013-01-141-0/+1
| | | | on Android
* Properly send IKEv1 packets if no ike_cfg is known yetTobias Brunner2013-01-141-2/+5
| | | | This applies for error notifies.
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Respect given address family when resolving "%any"Martin Willi2013-01-141-1/+5
|
* Android.mk of libstrongswan updatedTobias Brunner2013-01-141-2/+2
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-1234-59/+859
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Added an option to configure the maximum size of a fragmentTobias Brunner2013-01-121-3/+10
| |
| * Properly detect fragmentation capabilitiesTobias Brunner2013-01-121-3/+27
| | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately.
| * Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-1219-29/+67
| |
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-2423-28/+59
| |
| * Include source port in init hash for fragmented messagesTobias Brunner2012-12-241-1/+8
| |
| * Add an option to en-/disable IKE fragmentationTobias Brunner2012-12-242-5/+20
| | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled.
| * Split larger messages into fragments if IKE fragmentation is supported by peerTobias Brunner2012-12-241-14/+114
| |
| * Log message size for in- and outbound IKE messagesTobias Brunner2012-12-242-4/+7
| |
| * Add support to create IKE fragmentsTobias Brunner2012-12-242-0/+30
| | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing.
| * Log added NAT-T vendor IDsTobias Brunner2012-12-241-0/+1
| |
| * Detect a peer's support for IKE fragmentationTobias Brunner2012-12-242-0/+9
| | | | | | | | Fragments are accepted even if this vendor ID is not seen.
| * Map fragmented initial initial Main or Aggressive Mode messages to the same ↵Tobias Brunner2012-12-241-1/+17
| | | | | | | | IKE_SA
| * Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵Tobias Brunner2012-12-241-1/+2
| | | | | | | | | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
| * Don't handle fragmented messages larger than charon.max_packetTobias Brunner2012-12-241-4/+39
| |
| * Don't update an IKE_SA-entry's cached message ID when handling fragmentsTobias Brunner2012-12-241-1/+4
| |
| * Store inbound IKE fragments and reassemble the message when all fragments ↵Tobias Brunner2012-12-241-3/+166
| | | | | | | | are received
| * Add message rules to properly handle IKE fragmentsTobias Brunner2012-12-241-0/+8
| | | | | | | | | | These are sent in unencrypted messages and are the only payload contained in such messages.
| * Reset the encrypted flag when handling IKE messages that contain a fragmentTobias Brunner2012-12-241-0/+6
| | | | | | | | | | Racoon sets the encrypted bit for messages containing a fragment, but these messages are not really encrypted (the fragmented message is though).
| * Payload added to handle IKE fragmentsTobias Brunner2012-12-246-11/+314
| |
* | Don't use bio_writer_t.skip() to write length field when appending more dataMartin Willi2013-01-112-6/+9
| | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation.
* | Use raw opcodes for rdrand to build with older binutilsMartin Willi2013-01-111-6/+6
| |
* | Provide RNG_TRUE quality in rdrand by mixing reseeded outputs using AESMartin Willi2013-01-112-8/+108
| |
* | Provide RNG_STRONG quality in rdrand by forcing PRNG reseed after every sampleMartin Willi2013-01-112-1/+69
| |
* | Provide RNG_WEAK quality random generator in rdrandMartin Willi2013-01-114-2/+342
| |
* | Add a rdrand plugin stub detecting availability of RDRAND instructionsMartin Willi2013-01-114-0/+183
| |
* | Streamline debug output when receiving intermediate CA certificates in IKEv1Martin Willi2013-01-111-1/+1
| |
* | Refactored IKEv2 cert/certreq payload processing to multiple functionsMartin Willi2013-01-111-112/+141
| |
* | Refactored IKEv1 cert payload processing to multiple functionsMartin Willi2013-01-111-73/+102
| |
* | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-113-0/+96
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-114-6/+6
| |
* | Fixed some typos in Ukrainian translationPavel Kopchyk2013-01-091-15/+16
| |
* | conftest: Add support for time_format and ike_name options in log sectionsThomas Klute2013-01-081-1/+18
| | | | | | | | | | | | Both options are well supported for normal operation but were completely ignored by conftest, which used hard coded defaults. File options are still missing but could be added in a similar way.
* | conftest: Fix log level settings for stdoutThomas Klute2013-01-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | This patch fixes bug #272 ("conftest ignores log settings for stdout"). http://wiki.strongswan.org/issues/272 According to the documentation of add_logger in src/libcharon/bus/bus.h, the relevant log levels of a logger are registered with the logging subsystem when adding the logger. If the log levels change later, the logger must be re-added to propagate the new settings. In conftest.c, the stdout logger is initialized and added before reading the logging settings, but wasn't re-added after reading the settings.
* | conftest: Make outgoing sequence number set by reset_seq configurableThomas Klute2013-01-082-8/+70
| | | | | | | | | | | | | | | | This is useful for certain test cases. Passing the sequence number to the callback requires a new struct that contains both the number and the xfrm_usersa_id. The new configuration parameter is called oseq in accordance with the kernel name, see the comment in the reset_cb callback function for details.
* | Include opensslconf.h before checking its definesMartin Willi2013-01-031-0/+2
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 15:24:28 +0000