aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* charon-cmd: Stop processing options if an argument is missing or an option ↵Tobias Brunner2013-05-081-0/+3
| | | | not recognized
* charon-cmd: Properly initialize options with no additional linesTobias Brunner2013-05-071-10/+10
|
* agent: Use sshkey plugin to parse keys, adds support for ECDSATobias Brunner2013-05-073-57/+69
|
* sshkey: Add support for ECDSA keysTobias Brunner2013-05-071-0/+70
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-075-22/+24
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-12/+22
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* sshkey: Added builder for SSHKEY RSA keysTobias Brunner2013-05-076-1/+142
|
* Add sshkey plugin stub that will parse RFC 4253 public keysTobias Brunner2013-05-074-0/+136
|
* Try to load raw keys from ipsec.conf as PKCS#1 blob firstTobias Brunner2013-05-071-5/+12
| | | | | The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before.
* charon-cmd: Add --agent option to authenticate using ssh-agent(1)Tobias Brunner2013-05-074-0/+72
| | | | | | The socket path is read from the SSH_AUTH_SOCK environment variable. So using this with sudo might require the -E command line (or an appropriate sudoers config) to preserve the environment.
* charon-cmd: Use loose matching of gateway identityTobias Brunner2013-05-071-0/+1
|
* kernel-pfroute: allow only one thread to do a route look up simultaneouslyMartin Willi2013-05-061-1/+8
| | | | Otherwise we mess up the sequence number another thread is waiting for.
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-0610-16/+50
|
* child-sa: query SAD/SPD just for what we actually need to update statisticsMartin Willi2013-05-061-2/+5
|
* kernel-pfkey: be less verbose about unexpected sequence numbersMartin Willi2013-05-061-1/+1
|
* kernel-pfkey: install exclude routes if kernel-net requires themMartin Willi2013-05-061-0/+152
|
* kernel-pfroute: add a feature flag requesting "exclude" routesMartin Willi2013-05-062-0/+9
| | | | | | | | If routes installed along with policies covering the peer address affect local IKE/ESP packets, they won't get routed correctly. To work around this issue, the kernel interface can install "exclude" routes for the IKE peer. Not all networking backends require this workaround, hence we export a flag for it if it is required.
* kernel-pfroute: remove unused interface address refcountingMartin Willi2013-05-061-11/+0
|
* kernel-pfroute: mark IPs installed on tun device as virtualMartin Willi2013-05-061-1/+24
|
* kernel-pfroute: install virtual IPs using dedicated tun devicesMartin Willi2013-05-061-5/+91
|
* kernel-pfkey: when installing a route for a virtual IP, use its interfaceMartin Willi2013-05-061-1/+10
| | | | | When installing a route over a tun device for a virtual IP, the route must be set over the tun, not the IKE interface.
* kernel-interface: get_address_by_ts() can tell if a returned IP is virtualMartin Willi2013-05-065-6/+31
|
* kernel-interface: support enumeration of virtual-only IPsMartin Willi2013-05-063-9/+20
|
* kernel-pfkey: refactor route installation to a dedicate functionMartin Willi2013-05-061-74/+81
|
* kernel-pfroute: split /0 routes to avoid conflict with default routeMartin Willi2013-05-061-0/+15
|
* kernel-pfkey: check if we have a gateway before comparing themMartin Willi2013-05-061-0/+1
|
* kernel-pfkey: install route along with input, not forward policiesMartin Willi2013-05-061-20/+20
| | | | | | As forwarding policies are not available on all systems (OS X), using the forward policy to attach the route is a bad pick. Using input policies allows OS X to install routes.
* kernel-pfroute: rescan address list for an interface if its state changesMartin Willi2013-05-061-0/+43
| | | | | It seems that we don't get address notifications if the interface is down on OS X.
* kernel-pfroute: add newly appearing interfaces to the interface cacheMartin Willi2013-05-061-1/+22
|
* kernel-pfroute: implement get_nexthop()Martin Willi2013-05-061-6/+73
|
* kernel-pfroute: install and uninstall routesMartin Willi2013-05-061-2/+129
|
* kernel-pfroute: collect replies received for our own queriesMartin Willi2013-05-061-4/+40
|
* kernel-pfroute: refactor PF_ROUTE message processing, use an enumeratorMartin Willi2013-05-061-35/+117
|
* kernel-pfkey: use an int to set esp_port with a sysctl on OS XMartin Willi2013-05-061-2/+4
|
* kernel-pfroute: use INIT() macro for allocationsMartin Willi2013-05-061-17/+21
|
* kernel-pfroute: use only a single PF_ROUTE socket for both events and queriesMartin Willi2013-05-061-27/+11
|
* kernel-pfroute: fix length check when receiving PF_ROUTE messagesMartin Willi2013-05-061-1/+1
|
* kernel-pfkey: remove obsolete pluto specific behaviorMartin Willi2013-05-061-5/+1
|
* kernel-netlink: remove obsolete pluto specific behaviorMartin Willi2013-05-061-7/+1
|
* tun_device: add a getter for the address previously passed to set_address()Martin Willi2013-05-062-0/+32
|
* tun_device: add a getter for the underlying file descriptorMartin Willi2013-05-062-0/+14
|
* tun-device: use host_create_netmask() to calculate interface netmaskMartin Willi2013-05-061-49/+12
|
* host: add a netmask constructor taking the number of network bitsMartin Willi2013-05-062-0/+57
|
* host: remove unused host_t.get_differences() methodMartin Willi2013-05-062-39/+0
|
* host: print %#H format specifiers not as %any, but with the portMartin Willi2013-05-061-1/+1
|
* host: initialize sockaddr->sa_len if it is availableMartin Willi2013-05-061-0/+14
|
* child-sa: pass traffic selector to add_sa() regardless of IPsec modeMartin Willi2013-05-061-14/+11
| | | | | This lets the kernel backend decide what to do with it, and in fact all kernel interfaces already handle this correctly.
* socket-default: to bind to one dynamic port on OS X, create v4 socket before v6Martin Willi2013-05-061-1/+7
| | | | | It seems that the order of binding sockets of different address families to the same dynamic port must be v6-before-v4 on Linux, but v4-before-v6 on OS X.
* socket-default: refactor socket pair opening to a functionMartin Willi2013-05-061-27/+23
|
* socket-default: Don't try to send packet if we haven't a socket for given familyMartin Willi2013-05-061-3/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 08:32:52 +0000