aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Request Unity configuration attributes for IKEv1 onlyMartin Willi2012-09-181-0/+6
|
* Add Cisco Unity client support for Split-Include and Local-LANMartin Willi2012-09-188-0/+781
|
* Derive a dynamic TS to multiple virtual IPsMartin Willi2012-09-188-118/+160
|
* Use the vararg list constructor in quick mode taskMartin Willi2012-09-181-16/+8
|
* Add a linked list constructor taking items from a vararg listMartin Willi2012-09-182-2/+33
|
* Make stroke user-creds work with XAuth configsTobias Brunner2012-09-181-9/+18
|
* Fix Doxygen comment for proposal_keywords_tTobias Brunner2012-09-181-1/+1
| | | | Two dots seem to mark the end of a list.
* New Android release after fixing IDr problemsTobias Brunner2012-09-181-2/+2
|
* Use random ports in NetworkManager backendTobias Brunner2012-09-181-0/+4
|
* Fix equality comparison of auth_cfg_tTobias Brunner2012-09-181-2/+16
| | | | | | | We previously only confirmed that rules contained in the first config are also contained in the second, but since the number of rules does not have to be equal, it might be that the second config contains rules that the first one doesn't.
* Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>Tobias Brunner2012-09-181-0/+10
|
* Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backendTobias Brunner2012-09-181-1/+3
|
* android: Use AUTH_RULE_IDENTITY_LOOSETobias Brunner2012-09-181-0/+1
|
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-183-1/+28
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* New Android release after fixing Unicode conversion bugTobias Brunner2012-09-171-2/+2
|
* android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)Tobias Brunner2012-09-171-5/+6
|
* Removed the unneeded socket-raw pluginTobias Brunner2012-09-147-885/+0
|
* Change traffic selectors during Quick Mode in case of a NAT in transport modeTobias Brunner2012-09-141-9/+19
| | | | | | | | | Windows 7 sends its internal address as TSi. While we don't support the NAT-T drafts as used by Windows XP it is interesting to note that the client there omits the TSi payload which then would automatically get set to the public IP address of the client. Fixes #220.
* Added algorithm lookup via kernel_interface_t to the various kernel interfacesTobias Brunner2012-09-135-19/+72
|
* Added possibility to register custom kernel algorithms to kernel interfaceTobias Brunner2012-09-132-1/+172
|
* Added possibility to register custom proposal keywordsTobias Brunner2012-09-138-18/+185
| | | | Keyword lookup and registration are handled via the new lib->proposal object.
* Removed len argument from proposal_get_token()Tobias Brunner2012-09-135-31/+29
| | | | Also use enumerators instead of lexparser.h to parse proposal strings.
* Make arguments for enumerator_create_token|directory constTobias Brunner2012-09-132-7/+10
|
* Moved proposal_keywords to proposal_keywords_staticFrancois ten Krooden2012-09-137-34/+131
| | | | Added new proposal keywords with function to reference the static keywords.
* Option added to enforce a configured destination address for DHCP packetsTobias Brunner2012-09-131-1/+9
|
* Allow calls to set_address() for any host-sized TS, not only dynamic onesTobias Brunner2012-09-121-1/+1
| | | | | This fixes CHILD_SA updates (e.g. due to MOBIKE), which were broken since 4cb0783.
* Ensure traffic selectors are dynamic before calling set_address() when ↵Tobias Brunner2012-09-121-2/+2
| | | | deriving them
* Consistently log XFRM mark masks with 0 prefix in kernel-netlink pluginTobias Brunner2012-09-121-13/+13
|
* starter: Added --nolog option to suppress logging in starter itselfTobias Brunner2012-09-121-2/+6
| | | | Fixes #224.
* starter: Allow %any also for protocol in left|rightprotoportTobias Brunner2012-09-121-9/+15
|
* Don't allow NULL encryption with PEAPMartin Willi2012-09-121-1/+3
|
* Use memmove on overlapping regions, and operate with correct sizeof()Martin Willi2012-09-121-2/+2
|
* Whitespace cleanups in tls_eapMartin Willi2012-09-121-6/+6
|
* Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != ↵Martin Willi2012-09-121-3/+2
| | | | sizeof(int)
* Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is emptyMartin Willi2012-09-111-29/+14
|
* Don't use host address for dynamic TS in IKEv1 if a virtual IP was expectedMartin Willi2012-09-111-40/+57
|
* Don't use host address for dynamic TS in IKEv2 if a virtual IP was expectedMartin Willi2012-09-111-1/+33
|
* Don't return a subset for a dynamic TS unless set_address has been calledMartin Willi2012-09-111-1/+5
|
* Send FAILED_CP_REQUIRED if a configuration payload was expected, but not ↵Martin Willi2012-09-111-0/+9
| | | | received
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-113-83/+180
|
* Pass full pool list to release_addressMartin Willi2012-09-119-47/+95
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-1110-73/+109
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a linked list constructor initializing from an enumeratorMartin Willi2012-09-112-0/+27
|
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-113-3/+48
|
* Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radiusMartin Willi2012-09-111-2/+10
|
* Fix leak while enumerating RADIUS Framed-IPs from IKE_SAMartin Willi2012-09-111-0/+1
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-105-5/+12
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Add strongswan.conf runtime options for /dev/[u]random filesMartin Willi2012-09-101-2/+7
| | | | Fixes #221.
* Use the proper types for comma separated attributes read from strongswan.confTobias Brunner2012-09-101-27/+25
| | | | | | Attributes of different address families previously were mapped to the same attribute type (the one derived from the address family of the first address).
* Print the name of mem pools instead of the confusing <base>/<size>Tobias Brunner2012-09-101-2/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 08:23:16 +0000