aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* printf-hook-builtin: Print NaN/Infinity floating point values as suchMartin Willi2013-10-112-2/+36
|
* printf-hook-builtin: Correctly round up floating point valuesMartin Willi2013-10-112-9/+43
|
* printf-hook-builtin: Add some preliminary floating point supportMartin Willi2013-10-112-2/+223
| | | | | This minimalistic implementation has no aspiration for completeness or accuracy, and just provides what we need.
* printf-hook-builtin: Support GNU %m specifierMartin Willi2013-10-112-0/+21
|
* printf-hook-builtin: Add a new "builtin" backend using its own printf() routinesMartin Willi2013-10-114-1/+1025
| | | | | | Overloads printf C library functions by a self-contained implementation, based on klibc. Does not yet feature all the required default formatters, including those for floating point values.
* printf-hook: Add some basic printf() string/integer test functionsMartin Willi2013-10-114-1/+112
|
* printf-hook: Move glibc/vstr printf hook backends to separate filesMartin Willi2013-10-119-383/+586
|
* libipsec: Enforce byte/packet lifetimes on SAsMartin Willi2013-10-113-7/+77
|
* kernel-libipsec: Support ESPv3 TFC paddingMartin Willi2013-10-111-1/+1
|
* libipsec: remove extra RFC4303 TFC padding appended to inner payloadMartin Willi2013-10-111-0/+6
|
* kernel-libipsec: Support query_sa() to report usage statisticsMartin Willi2013-10-111-1/+2
|
* libipsec: Support usage statistics and query_sa() on IPsec SAsMartin Willi2013-10-115-4/+102
|
* kernel: Use a time_t to report use time in query_policy()Martin Willi2013-10-1111-13/+13
|
* kernel: Use a time_t to report use time in query_sa()Martin Willi2013-10-1111-15/+15
|
* updown: Install forwarding rules with the actually used protocolMartin Willi2013-10-111-1/+1
|
* updown: Add a PLUTO_PROTO variable set to 'ah' or 'esp'Martin Willi2013-10-112-1/+6
|
* starter: Reject connections having both 'ah' and 'esp' keywords setMartin Willi2013-10-111-0/+9
| | | | | We currently don't support mixed proposals or bundles, so don't create the illusion we would.
* ike: Define keylength for aescmac algorithmMartin Willi2013-10-111-0/+1
|
* ikev1: Support parsing of AH+IPComp proposalsMartin Willi2013-10-111-9/+11
|
* starter: Remove obsolete 'auth' optionMartin Willi2013-10-115-7/+0
|
* ikev1: Accept more than two certificate payloadsMartin Willi2013-10-111-2/+2
|
* ikev1: Support en-/decoding of SA payloads with AH algorithmsMartin Willi2013-10-111-31/+99
|
* kernel-handler: Whitespace cleanupsMartin Willi2013-10-111-42/+38
|
* stroke: List proposals in statusall without leading '/' in AH SAsMartin Willi2013-10-111-1/+7
|
* ikev1: Delete quick modes with the negotiated SA protocolMartin Willi2013-10-111-1/+1
|
* trap-manager: Install trap with SA protocol of the first configured proposalMartin Willi2013-10-111-4/+12
|
* child-sa: Save protocol during SPI allocationMartin Willi2013-10-111-6/+3
| | | | | This allows us to properly delete the incomplete SA with the correct protocol should negotiation fail.
* ikev1: Negotiate SPI with the first/negotiated proposal protocolMartin Willi2013-10-111-3/+18
|
* ikev2: Allocate SPI with the protocol of the first/negotiated proposalMartin Willi2013-10-111-2/+16
|
* proposal: Strip redundant integrity algos for ESP proposals onlyMartin Willi2013-10-111-16/+19
|
* stroke: Configure proposal with AH protocol if 'ah' option setMartin Willi2013-10-112-11/+16
|
* starter: Add an 'ah' keyword for Authentication Header Security AssociationsMartin Willi2013-10-116-0/+6
|
* Keep a copy of the tnccs instance for PT-TLS handoverAndreas Steffen2013-10-095-27/+144
|
* xauth-pam: Make trimming of email addresses optional5.1.1dr4Tobias Brunner2013-10-041-4/+9
| | | | Fixes #430.
* ikev1: Accept reauthentication attempts with a keep unique policy from same hostMartin Willi2013-09-301-6/+17
| | | | | | | When we have a "keep" unique policy in place, we have to be less strict in rejecting Main/Aggressive Modes to enforce it. If the host/port equals to that of an existing ISAKMP SA, we assume it is a reauthentication attempt and accept the new SA (to replace the old).
* ikev1: Don't log a reauthentication detection message if no children adoptedMartin Willi2013-09-301-2/+6
| | | | | When a replace unique policy is in place, the children get adopted during the uniqueness check. In this case the message is just misleading.
* ikev1: Delay a potential delete for a duplicate IKE_SA having a replace policyMartin Willi2013-09-301-8/+29
| | | | | | | | | Sending a DELETE for the replaced SA immediately is problematic during reauthentication, as the peer might have associated the Quick Modes to the old SA, and also delete them. With this change the delete for the old ISAKMP SA is usually omitted, as it is gets implicitly deleted by the reauth.
* eap-radius: Increase buffer for attributes sent in RADIUS accounting messagesTobias Brunner2013-09-271-1/+1
| | | | 64 bytes might be too short for user names/identities.
* openssl: Properly log FIPS mode when enabled via openssl.confTobias Brunner2013-09-271-5/+13
| | | | | | | | | Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf it should be disabled in strongswan.conf (or the other way around). Either way, we should log whether FIPS mode is enabled or not. References #412.
* android: New release after fixing remediation instructions regressionTobias Brunner2013-09-261-2/+2
|
* android: Change progress dialog handlingTobias Brunner2013-09-261-24/+41
| | | | | With the previous code the dialog sometimes was hidden for a short while before it got reopened.
* android: Clear remediation instructions when starting a new connectionTobias Brunner2013-09-261-0/+1
|
* starter: Don't ignore keyingtries with rekey=noTobias Brunner2013-09-261-1/+2
| | | | | | | Since keyingtries also affects the number of retries initially or when reestablishing an SA it should not be affected by the rekey option. Fixes #418.
* load-tester: Fix crash if private key was not loaded successfullyTobias Brunner2013-09-241-1/+1
| | | | Fixes #417.
* printf-hook: Write to output stream instead of the FD directly when using VstrTobias Brunner2013-09-241-12/+12
| | | | | This avoids problems when other stdio functions are used (fputs, fwrite) as writes via Vstr/FD were always unbuffered.
* android: New release after improving recovery after connectivity changesTobias Brunner2013-09-231-2/+2
|
* android: Change state handling to display errors occurring while the app is ↵Tobias Brunner2013-09-233-64/+56
| | | | | | | | | | hidden A new connection ID allows listeners to track which errors they have already shown to the user or were already dismissed by the user. This was necessary because the state fragment is now unregistered from state changes when it is not shown.
* android: Don't update state fragments when they are not displayedTobias Brunner2013-09-232-2/+26
| | | | | | | Besides that updates don't make much sense when the fragments are not displayed this fixes the following exception: java.lang.IllegalStateException: Can not perform this action after onSaveInstanceState
* ikev2: Force an update of the host addresses on the first responseTobias Brunner2013-09-231-11/+9
| | | | | | | | | | | This is especially useful on Android where we are able to send messages even if we don't know the correct local address (this is possible because we don't set source addresses in outbound messages). This way we may learn the correct local address if it e.g. changed right before reestablishing an SA. Updating the local address later is tricky without MOBIKE as the responder might not update the associated IPsec SAs properly.
* ike-sa: Resolve hosts before reestablishing an IKE_SATobias Brunner2013-09-231-0/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 06:06:00 +0000