aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-0610-16/+50
|
* child-sa: query SAD/SPD just for what we actually need to update statisticsMartin Willi2013-05-061-2/+5
|
* kernel-pfkey: be less verbose about unexpected sequence numbersMartin Willi2013-05-061-1/+1
|
* kernel-pfkey: install exclude routes if kernel-net requires themMartin Willi2013-05-061-0/+152
|
* kernel-pfroute: add a feature flag requesting "exclude" routesMartin Willi2013-05-062-0/+9
| | | | | | | | If routes installed along with policies covering the peer address affect local IKE/ESP packets, they won't get routed correctly. To work around this issue, the kernel interface can install "exclude" routes for the IKE peer. Not all networking backends require this workaround, hence we export a flag for it if it is required.
* kernel-pfroute: remove unused interface address refcountingMartin Willi2013-05-061-11/+0
|
* kernel-pfroute: mark IPs installed on tun device as virtualMartin Willi2013-05-061-1/+24
|
* kernel-pfroute: install virtual IPs using dedicated tun devicesMartin Willi2013-05-061-5/+91
|
* kernel-pfkey: when installing a route for a virtual IP, use its interfaceMartin Willi2013-05-061-1/+10
| | | | | When installing a route over a tun device for a virtual IP, the route must be set over the tun, not the IKE interface.
* kernel-interface: get_address_by_ts() can tell if a returned IP is virtualMartin Willi2013-05-065-6/+31
|
* kernel-interface: support enumeration of virtual-only IPsMartin Willi2013-05-063-9/+20
|
* kernel-pfkey: refactor route installation to a dedicate functionMartin Willi2013-05-061-74/+81
|
* kernel-pfroute: split /0 routes to avoid conflict with default routeMartin Willi2013-05-061-0/+15
|
* kernel-pfkey: check if we have a gateway before comparing themMartin Willi2013-05-061-0/+1
|
* kernel-pfkey: install route along with input, not forward policiesMartin Willi2013-05-061-20/+20
| | | | | | As forwarding policies are not available on all systems (OS X), using the forward policy to attach the route is a bad pick. Using input policies allows OS X to install routes.
* kernel-pfroute: rescan address list for an interface if its state changesMartin Willi2013-05-061-0/+43
| | | | | It seems that we don't get address notifications if the interface is down on OS X.
* kernel-pfroute: add newly appearing interfaces to the interface cacheMartin Willi2013-05-061-1/+22
|
* kernel-pfroute: implement get_nexthop()Martin Willi2013-05-061-6/+73
|
* kernel-pfroute: install and uninstall routesMartin Willi2013-05-061-2/+129
|
* kernel-pfroute: collect replies received for our own queriesMartin Willi2013-05-061-4/+40
|
* kernel-pfroute: refactor PF_ROUTE message processing, use an enumeratorMartin Willi2013-05-061-35/+117
|
* kernel-pfkey: use an int to set esp_port with a sysctl on OS XMartin Willi2013-05-061-2/+4
|
* kernel-pfroute: use INIT() macro for allocationsMartin Willi2013-05-061-17/+21
|
* kernel-pfroute: use only a single PF_ROUTE socket for both events and queriesMartin Willi2013-05-061-27/+11
|
* kernel-pfroute: fix length check when receiving PF_ROUTE messagesMartin Willi2013-05-061-1/+1
|
* kernel-pfkey: remove obsolete pluto specific behaviorMartin Willi2013-05-061-5/+1
|
* kernel-netlink: remove obsolete pluto specific behaviorMartin Willi2013-05-061-7/+1
|
* tun_device: add a getter for the address previously passed to set_address()Martin Willi2013-05-062-0/+32
|
* tun_device: add a getter for the underlying file descriptorMartin Willi2013-05-062-0/+14
|
* tun-device: use host_create_netmask() to calculate interface netmaskMartin Willi2013-05-061-49/+12
|
* host: add a netmask constructor taking the number of network bitsMartin Willi2013-05-062-0/+57
|
* host: remove unused host_t.get_differences() methodMartin Willi2013-05-062-39/+0
|
* host: print %#H format specifiers not as %any, but with the portMartin Willi2013-05-061-1/+1
|
* host: initialize sockaddr->sa_len if it is availableMartin Willi2013-05-061-0/+14
|
* child-sa: pass traffic selector to add_sa() regardless of IPsec modeMartin Willi2013-05-061-14/+11
| | | | | This lets the kernel backend decide what to do with it, and in fact all kernel interfaces already handle this correctly.
* socket-default: to bind to one dynamic port on OS X, create v4 socket before v6Martin Willi2013-05-061-1/+7
| | | | | It seems that the order of binding sockets of different address families to the same dynamic port must be v6-before-v4 on Linux, but v4-before-v6 on OS X.
* socket-default: refactor socket pair opening to a functionMartin Willi2013-05-061-27/+23
|
* socket-default: Don't try to send packet if we haven't a socket for given familyMartin Willi2013-05-061-3/+4
|
* socket-default: Use -1 if socket is not available, as 0 is actually a valid fdMartin Willi2013-05-061-20/+23
|
* semaphore: similar to thread_create(), semaphore_create() is used by MachMartin Willi2013-05-061-0/+5
| | | | | | The compiler spits no warning, but the wrong symbol is used when calling semaphore_create() from strongSwan. Override the name with a #define to force the use of our semaphore_create().
* charon-cmd: add an option to set a different server identityMartin Willi2013-05-063-1/+19
|
* proposals: try next if IKEv2 algorithm could not be mapped to IKEv1Martin Willi2013-05-061-2/+4
|
* charon-cmd: add support for different IKEv1/IKEv2 authentication profilesMartin Willi2013-05-064-17/+170
|
* charon-cmd: support multi-line help text for each option in usageMartin Willi2013-05-062-2/+12
|
* charon-cmd: add --local/remote-ts options to set traffic selectorsMartin Willi2013-05-063-4/+64
|
* charon-cmd: Use dynamic ports with the socket-default pluginMartin Willi2013-05-061-0/+2
|
* settings: Add a set_default_str() to set a different default for a keyMartin Willi2013-05-062-0/+31
| | | | | The value is set only if it is not configured in strongswan.conf or has not been set() otherwise.
* charon-cmd: prompt for EAP passwords on-demand using a callback credential setMartin Willi2013-05-061-0/+49
|
* charon-cmd: authenticate with EAP if no private key is givenMartin Willi2013-05-061-1/+18
|
* charon-cmd: pass arguments to all handlers, even if already handledMartin Willi2013-05-061-2/+5
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-24 00:33:06 +0000