aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* curl: Dynamically query supported protocols and register appropriate featuresMartin Willi2014-09-241-10/+64
|
* leak-detective: Whitelist libssl SSL_COMP_get_compression_methods()Martin Willi2014-09-241-0/+2
| | | | | This function is called by libcurl initialization with SSL, and uses a static allocation of compression algorithms not freed.
* curl: Try to initialize with SSL support to handle https:// URIsMartin Willi2014-09-241-1/+6
| | | | If initialization fails, we fall back to the old behavior.
* watcher: Add a method to query the watcher stateMartin Willi2014-09-242-7/+45
| | | | | This allows a user to check if the watcher is actually running, and potentially perform read operations directly instead of relying on watcher.
* kernel-netlink: Define and use rtnetlink message typesMartin Willi2014-09-241-1/+22
|
* kernel-netlink: Pass protocol specific enum names to socket constructorMartin Willi2014-09-244-12/+13
| | | | | This avoid the hard dependency on enum names, and makes kernel_netlink_shared independent of kernel_netlink_ipsec.
* kernel-netlink: Clean up socket initialization, handle 0 as valid socket fdMartin Willi2014-09-241-9/+6
|
* kernel-netlink: Clean up response buffer managementMartin Willi2014-09-241-24/+16
|
* kernel-netlink: Use recv() instead of recvfrom()Martin Willi2014-09-241-11/+3
| | | | | As we are not interested in the returned address, there is really no need in passing that argument.
* kernel-netlink: Avoid casting the NLMSG_DATA() return valueMartin Willi2014-09-243-26/+26
| | | | There is really no need for doing so, and it makes the code just unreadable.
* kernel-netlink: Define netlink buffer as an union having a netlink headerMartin Willi2014-09-244-21/+24
| | | | | This allows us to streamline the netlink buffers, and avoid extensive casting.
* systemd: Discover and check systemd libraries with pkg-config during configureMartin Willi2014-09-221-1/+2
|
* systemd: Add a native systemd journal loggerMartin Willi2014-09-222-2/+186
|
* plugin-loader: Support a reload() callback for static featuresMartin Willi2014-09-229-12/+44
|
* systemd: Provide a charon-systemd daemon targeting full systemd integrationMartin Willi2014-09-224-0/+242
|
* swanctl: Complete --load-creds command summaryMartin Willi2014-09-221-1/+1
|
* swanctl: Fix description of load-pools command summaryMartin Willi2014-09-221-1/+1
|
* swanctl: Add a --load-all command, performing --load-{creds,pools,conns}Martin Willi2014-09-2210-97/+329
|
* swanctl: Add a --reload-settings commandMartin Willi2014-09-225-2/+93
|
* vici: Add a command to reload strongswan.confMartin Willi2014-09-221-0/+12
|
* encoding: Accept all exchange types for non IKEv1/IKEv2 major versionsMartin Willi2014-09-221-5/+11
|
* settings: Make loading a NULL or empty pattern a (nop-)successMartin Willi2014-09-221-1/+1
|
* settings: Use strongswan.conf used during library initialization for reloadMartin Willi2014-09-224-14/+4
| | | | | | | | Since 4b670a20 we require an explicit strongswan.conf to re-load configurations. However, the define was missing in the build, breaking SIGHUP based config reloading. Fixes #651.
* library: Store the used root strongswan.conf configurationMartin Willi2014-09-222-7/+12
|
* swanctl: Document --stats commandTobias Brunner2014-09-191-0/+3
|
* ikev2: Don't treat initial messages as MOBIKE exchangesTobias Brunner2014-09-161-6/+9
| | | | | The MOBIKE task is active during the initial exchanges but we don't want to treat them as actual MOBIKE exchanges (i.e. there is no path probing).
* ikev1: Don't cache last block of INFORMATIONAL messages as IVTobias Brunner2014-09-121-2/+2
| | | | | | | | | We don't expect a response with the same MID, but apparently some devices (e.g. FRITZ!Box) do that for DPDs, while still treating the response as a new exchange. By storing the last message block as IV we can't decrypt the first block of such a response. Fixes #661.
* ikev1: Log IV when encrypting messagesTobias Brunner2014-09-121-0/+1
|
* ikev1: Skip unusable IPComp proposalsTobias Brunner2014-09-121-1/+1
| | | | Fixes #661.
* ikev1: Properly handle different proposal numbering schemesTobias Brunner2014-09-121-5/+10
| | | | | | | | | | | | | | | | | | While the examples in RFC 2408 show proposal numbers starting at 1 and increasing by one for each subsequent proposal this is not mandatory. Actually, IKEv1 proposals may start at any number, the only requirement is that the proposal numbers increase monotonically they don't have to do so consecutively. Most implementations follow the examples and start numbering at 1 (charon, racoon, Shrew, Cisco, Windows XP, FRITZ!Box) but pluto was one of the implementations that started with 0 and there might be others out there. The previous assumption that implementations always start numbering proposals at 0 caused problems with clients that start numbering with 1 and whose first proposal consists of multiple protocols (e.g. ESP+IPComp). Fixes #661.
* kernel-netlink: Optionally install protocol and ports on transport mode SAsTobias Brunner2014-09-121-6/+18
|
* ikev2: Reduce timeout if path probing was enabledTobias Brunner2014-09-121-6/+13
|
* ikev2: Defer MOBIKE updates if no path is availableTobias Brunner2014-09-121-7/+14
|
* ike-mobike: Allow calling transmit() even when not currently path probingTobias Brunner2014-09-121-5/+17
| | | | Path probing is enabled if the current path is not available anymore.
* ikev2: Defer path probing if no path is currently availableTobias Brunner2014-09-121-1/+20
| | | | | We do the same before initiating the task, so we should probably do it too when we already initiated it, not just time out and destroy the SA.
* ike-mobike: Return FALSE in transmit() if no path was availableTobias Brunner2014-09-122-3/+7
|
* ikev2: Enable path probing for currently active MOBIKE taskTobias Brunner2014-09-121-0/+18
| | | | | | | This might not be the case if e.g. an address appeared but the old one is still available but not actually usable. Without this the MOBIKE task would eventually time out even though we might be able to switch to a working address.
* ike-mobike: Add method to enable path probingTobias Brunner2014-09-122-0/+12
|
* ike-mobike: Skip peer addresses we can't send packets to when checking pathsTobias Brunner2014-09-121-5/+18
|
* ikev2: Skip peer addresses we can't send packets to when looking for valid pathsTobias Brunner2014-09-121-0/+18
|
* ikev2: Insert MOBIKE tasks at the front of the queueTobias Brunner2014-09-121-1/+6
| | | | | In case we have no usable path to the other peer there is no point in initiating any other tasks (like rekeying).
* ikev2: Migrate number of pending MOBIKE updatesTobias Brunner2014-09-121-0/+5
| | | | | This will probably never be more than 1 since we only have one task queued at a time and we don't migrate running tasks.
* ikev2: Properly keep track of pending MOBIKE updatesTobias Brunner2014-09-121-8/+27
| | | | | | | | Because we only queue one MOBIKE task at a time, but destroy superfluous ones only after we already increased the counter for pending MOBIKE updates, we have to reduce the counter when such tasks are destroyed. Otherwise, the queued task would assume another task is queued when it is running and ignore any successful response.
* android: Reduce CHILD_SA lifetimeTobias Brunner2014-09-121-2/+2
|
* android: Add DH groups to ESP proposalsTobias Brunner2014-09-121-2/+12
|
* child-cfg: Ignore duplicate proposalsTobias Brunner2014-09-121-0/+11
| | | | | If ESP proposals are added once with and once without DH groups duplicates result during IKE_AUTH when DH groups are stripped.
* proposal: Fix equals()Tobias Brunner2014-09-121-5/+5
|
* android: Reestablish IKE_SA if CHILD_SA rekeying failedTobias Brunner2014-09-121-3/+36
|
* android: Report error if CHILD_SA rekeying failsTobias Brunner2014-09-121-0/+6
|
* kernel-netlink: Add global option to configure MSS-clamping on installed routesTobias Brunner2014-09-121-6/+26
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-18 12:23:02 +0000