sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
8,963 Commits 101 Branches 327 Tags
Commit Graph

8963 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
6695b48582 Add an additional proposal without IPComp to SA payload. 2012-05-24 15:32:28 +02:00
Tobias Brunner
3451ecd7ac Added log message if peer does not accept/provide IPComp proposal. 2012-05-24 15:32:28 +02:00
Tobias Brunner
47b448b807 Added support to negotiate IPComp during Quick Mode. 2012-05-24 15:32:28 +02:00
Tobias Brunner
647cd741e8 Added support for IKEv1 IPComp proposals in SA payload. 2012-05-24 15:32:28 +02:00
Tobias Brunner
7a75cae856 Added support for IKEv1 IPComp proposals in proposal substructure. 2012-05-24 15:32:27 +02:00
Tobias Brunner
00e11bcefd Fix memleak during Quick Mode in case no SPI can be allocated from kernel. 2012-05-24 15:32:27 +02:00
Tobias Brunner
624bb24d12 Properly filter IKEv1 proposals consisting of multiple proposal payloads. 
Since a proposal_t object is created for each transform contained in the
proposal payload, it does not work to simply remove the last proposal_t
object added to the list (there may be several other extracted from the
previous proposal payload).
 2012-05-24 15:32:27 +02:00
Tobias Brunner
fda9f104b4 Fixed check for loaded plugins with feature types that are not compared exactly. 
Previously e.g. RNGs with weaker strength would have overwritten stronger
ones.
 2012-05-24 15:15:34 +02:00
Tobias Brunner
0e5d587df7 get_match() method added to hashtable_t. 2012-05-24 15:15:34 +02:00
Andreas Steffen
fa50a89c95 added ikev1/xauth-rsa-eap-md5-radius scenario 2012-05-24 09:26:00 +02:00
Tobias Brunner
9eac6106d0 Use a hashtable to check for already loaded plugin features. 2012-05-23 17:50:05 +02:00
Tobias Brunner
a9cfd29c10 Hash function for plugin features added. 2012-05-23 17:50:05 +02:00
Andreas Steffen
31c83b973e load nonce plugin 2012-05-23 15:05:57 +02:00
Andreas Steffen
ad59f3a91a added ikev1 pluto-charon interoperability scenarios 2012-05-23 14:47:41 +02:00
Andreas Steffen
148b643880 upgraded ikev1 scenarios to 5.0.0 2012-05-23 14:45:15 +02:00
Martin Willi
3c475660c5 Apply IDir before deriving keys as aggressive initiator 2012-05-23 12:27:47 +02:00
Martin Willi
523ce7c20c Use received identity to look up PSK as aggressive responder 2012-05-23 12:18:45 +02:00
Martin Willi
51754f6654 Check if we actually have an initiating packet to free while processing responses 2012-05-23 11:50:12 +02:00
Andreas Steffen
2ac996cb71 list IKEv1 Aggressive Mode in ipsec statusall 2012-05-23 11:12:27 +02:00
Tobias Brunner
1a624ff45a Switch to alternative peer config in IKEv1 Main and Aggressive Mode. 2012-05-21 15:49:25 +02:00
Martin Willi
17949695bf Cancel pending retransmits when flushing active task queue 2012-05-21 14:57:33 +02:00
Martin Willi
4ce92ef350 Cancel active quick mode task when receiving INFORMATIONAL error 2012-05-21 14:57:33 +02:00
Martin Willi
7ce504e182 Flush task queues explicitly, not implicitly if task returns ALREADY_DONE 2012-05-21 14:17:09 +02:00
Martin Willi
cbc1a20ffe Wrap task managers flush_queue() in IKE_SA 2012-05-21 14:05:01 +02:00
Martin Willi
a5c799602f Make task managers flush_queue() method public 2012-05-21 14:02:35 +02:00
Tobias Brunner
9e19cb912d Destroy Netlink socket only after deleting remaining source routes. 2012-05-21 13:33:13 +02:00
Martin Willi
75d4e01c4a Enumerate correct list while removing nonce_gens, fix deregistration 2012-05-21 12:28:01 +02:00
Martin Willi
32400cd91a Added a convenience function to dump backtraces for gdb-less debugging 2012-05-21 12:18:49 +02:00
Martin Willi
b5341bb07c Fix IKEv1 DPD clear, destroying IKE_SA even if reestablish not needed 2012-05-21 12:17:32 +02:00
Tobias Brunner
769696450a Properly munmap/close file if loading IMC/IMV fails. 2012-05-18 12:32:31 +02:00
Tobias Brunner
7a56c35fc9 Remove executable flag from source files. 2012-05-18 10:04:08 +02:00
Tobias Brunner
22bf44c8b9 Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, tasks etc.). 2012-05-18 10:04:08 +02:00
Tobias Brunner
7959a3faec Removed superfluous @param in bus.h. 2012-05-18 09:57:01 +02:00
Tobias Brunner
7684ca2e8c whitelist: Make sure listed IDs are null-terminated. 2012-05-18 09:57:01 +02:00
Tobias Brunner
816f7f238f pkcs8: Initialize salt and IV properly. 2012-05-18 08:36:37 +02:00
Tobias Brunner
5c162dd944 List registered nonce generators in statusall output. 2012-05-18 08:15:41 +02:00
Tobias Brunner
b826b192ba Add enumerator for registered nonce generators. 2012-05-18 08:15:41 +02:00
Adrian-Ken Rueegsegger
afaf1bdf5e Use nonce_gen instead of rng to generate nonces 
Replace usage of rng plugin with nonce generator to create nonces in
IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
 2012-05-18 08:15:41 +02:00
Adrian-Ken Rueegsegger
5338fe5e79 Add create_nonce_gen function to keymat interface 
This function returns a nonce generator object.
 2012-05-18 08:15:41 +02:00
Adrian-Ken Rueegsegger
04024b5de8 Add nonce plugin implementation 
This nonce generator uses an RNG to generate nonces. The RNG quality is
currently set to RNG_WEAK which is the same value used in IKE init.

The plugin is enabled and thus built by default.
 2012-05-18 08:15:40 +02:00
Adrian-Ken Rueegsegger
e2fc09c186 Add nonce generator interface 
Nonce generators (nonce_gen_t) can be used to get or allocate nonces.

Users can request nonce generators from the crypto factory while nonce
plugins register/remove themselves to/from the crypto factory.
 2012-05-18 08:15:40 +02:00
Andreas Steffen
80c5b17d1a make IKEv1 DPD timeout configurable in charon 2012-05-17 19:49:22 +02:00
Martin Willi
24742c0f83 Moved IKEv1 DPD processing to task manager, fix sequence issues 2012-05-15 17:00:12 +02:00
Martin Willi
b7dafb3f5b Consider inbound ESP as a sign of liveness for DPD timeout 2012-05-15 14:58:28 +02:00
Martin Willi
4b38c22c00 Schedule a DPD timeout job that enforces the IKE message timeout policy 2012-05-15 14:46:02 +02:00
Martin Willi
ebf829f2eb Send unanswered follow up R_U_THERE messages with the same DPD seq 2012-05-15 14:46:02 +02:00
Martin Willi
57a8418c88 Do not send IKEv1 DPD retransmit, but create a new INFORMATIONAL 2012-05-15 14:46:02 +02:00
Tobias Brunner
b3089ab74c Free name of application using libcharon. 2012-05-15 11:37:07 +02:00
Tobias Brunner
d3590016e9 starter: Initialize thread pool so kernel events are consumed. 2012-05-15 08:55:19 +02:00
Martin Willi
9e25007646 Explicitly cast from strict_t to crl_policy_t 2012-05-14 14:11:54 +02:00