aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* rdrand: Move RDRAND detection log to level 2Martin Willi2014-02-101-2/+2
| | | | | When having RDRAND support, these log messages might be confusing when using pki or other tools.
* updown: Return an empty DNS server enumerator if no IKE_SA availableMartin Willi2014-02-061-1/+1
| | | | | The one existing caller does not handle a NULL return and always expects an enumerator; and returning FALSE does not make sense anyway.
* charon-cmd: Request an IPv6 virtual IP if an IPv6 remote subnet givenMartin Willi2014-02-061-4/+23
|
* charon-cmd: Document new proposal options in manpageMartin Willi2014-02-061-0/+18
|
* charon-cmd: Add --esp/--ah-proposal options to specify CHILD_SA proposalsMartin Willi2014-02-063-1/+43
|
* charon-cmd: Add an --ike-proposal option to specify non-default IKE proposalsMartin Willi2014-02-063-1/+34
|
* charon-cmd: Block SIGUSR1 on worker threadsMartin Willi2014-02-061-0/+1
| | | | | | To properly shut down charon-cmd with leak reports, only the main thread should catch SIGUSR1 to shut down the application. Work threads should ignore SIGUSR1 to avoid any hard application termination.
* Document ipsec attest --session commandAndreas Steffen2014-02-051-2/+5
|
* Allow output of session time in UTCAndreas Steffen2014-02-051-2/+2
|
* Added missing semicolon in SQL statementsAndreas Steffen2014-02-051-6/+6
|
* Added Android 4.3.1 to products database tableAndreas Steffen2014-02-041-2/+14
|
* Added new Android versions to PTS databaseAndreas Steffen2014-02-041-0/+60
|
* unit-tests: Add some test cases for HTTP GET/POST fetchesMartin Willi2014-01-313-1/+275
|
* unit-tests: Fix test_runner_run() apidocMartin Willi2014-01-291-1/+1
|
* pki: Declare correct section in pki --issue man pageTobias Brunner2014-01-241-1/+1
|
* ike: Restart inactivity counter after doing a CHILD_SA rekeyMartin Willi2014-01-231-2/+3
| | | | | | | | | | | | When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity job is queued for a time unrelated to the rekey time, so it might happen that the inactivity job gets executed just after rekeying. If this happens, inactivity is detected even if we had traffic on the rekeyed CHILD_SA just before rekeying. This change implies that inactivity checks can't handle inactivity timeouts for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter than the rekey time to have any effect.
* child-sa: Add a getter for CHILD_SA install timeMartin Willi2014-01-232-0/+20
|
* xauth-pam: Open/close a PAM session for each connected clientAndrea Bonomi2014-01-234-9/+265
| | | | Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
* xauth-pam: Sanitize XAuth attributes before passing them to PAMMartin Willi2014-01-231-1/+5
|
* ikev2: Add Cisco FRAGMENTATION vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Add Cisco Copyright vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Add Cisco Delete Reason vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Use a more dynamic vendor ID database, as we use with IKEv1Martin Willi2014-01-231-16/+57
|
* libpts: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-29/+5
|
* tnccs: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-232-27/+6
|
* pem: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-29/+6
|
* stroke: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-30/+6
|
* radattr: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-40/+8
|
* libfast: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-29/+10
|
* integrity-checker: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-31/+6
|
* chunk: Externalize error reporting in chunk_write()Martin Willi2014-01-236-30/+52
| | | | | This avoids passing that arbitrary label just for error messages, and gives greater flexibility in handling errors.
* chunk: Provide a fallback chunk_map() if mmap is not availableMartin Willi2014-01-231-1/+46
|
* chunk: Use dynamically allocated buffer in chunk_from_fd()Martin Willi2014-01-2310-25/+183
| | | | | | | | When acting on files, we can use fstat() to estimate the buffer size. On non-file FDs, we dynamically increase an allocated buffer. Additionally we slightly change the function signature to properly handle zero-length files and add appropriate unit tests.
* chunk: Add functions to map file contents to a chunkMartin Willi2014-01-233-1/+149
|
* unity: Send all traffic selectors in a single UNITY_SPLIT_INCLUDE attributeTobias Brunner2014-01-231-35/+47
| | | | Cisco clients only handle the first such attribute.
* unity: Change local TS to 0.0.0.0/0 as responderTobias Brunner2014-01-231-4/+7
| | | | | Cisco clients and Shrew expect a remote TS of 0.0.0.0/0 if Unity is used, otherwise Quick Mode fails.
* unity: Send UNITY_SPLIT_INCLUDE attributes with proper paddingTobias Brunner2014-01-231-11/+16
| | | | | | The additional 6 bytes are not actually padding but are parsed by the Cisco client as protocol and src and dst ports (each two bytes but strangely only the first two in network order).
* kernel-netlink: Set selector on transport mode IPComp SAsTobias Brunner2014-01-231-1/+1
|
* kernel-netlink: Selectively add selector on SAs that use IPCompTobias Brunner2014-01-231-1/+7
| | | | | | Don't add a selector to tunnel mode SAs, these might serve multiple traffic selectors but with only one selector on the SA only the traffic matching the first one would actually get tunneled.
* updown: Increase buffer size for script and environment variablesTobias Brunner2014-01-231-1/+1
|
* updown: Allow IPIP traffic if IPComp was negotiatedTobias Brunner2014-01-231-0/+31
| | | | | | | | | | | The kernel implicitly creates an IPIP SA if an IPComp SA is installed. This SA is used inbound for small packets that are not compressed. Since the addresses are different (they are the tunnel addresses not those of the tunneled traffic) additional rules are required if the traffic selector does not cover the tunnel addresses (e.g. due to a NAT). For SAs with multiple traffic selectors duplicate rules will get installed.
* updown: Add PLUTO_IPCOMP to indicate if IPComp was negotiatedTobias Brunner2014-01-232-1/+10
|
* curl: Replace spaces in URIs with %20Tobias Brunner2014-01-231-3/+14
| | | | | | | cURL requires the URIs to be URL-encoded. Apparently, some CAs encode CRL URIs with spaces in them. Fixes #454.
* utils: Add strreplace functionTobias Brunner2014-01-233-2/+155
|
* stroke: Ensure the buffer of strings in a stroke_msg_t is null-terminatedTobias Brunner2014-01-231-2/+5
| | | | | Otherwise a malicious user could send an unterminated string to cause unterminated reads.
* stroke: Add an option to prevent log level changes via stroke socketTobias Brunner2014-01-231-2/+15
|
* pki: Make sure no command registers too many optionsTobias Brunner2014-01-232-4/+11
|
* pki: Increase MAX_COMMANDS to cover all currently available commandsTobias Brunner2014-01-231-2/+2
| | | | Fixes #452.
* pki: Print a warning if MAX_COMMANDS is too lowTobias Brunner2014-01-231-0/+7
|
* pki: Properly use ?: when defining option arraysTobias Brunner2014-01-231-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 00:12:31 +0000