sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
8,923 Commits 101 Branches 327 Tags
Commit Graph

8923 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
adfd3b992f smp: Use proper signed type to get return value of read(2). 2012-03-27 09:10:33 +02:00
Tobias Brunner
008e2df477 pluto: Use time_monotonic() instead of a custom implementation. 2012-03-27 09:10:33 +02:00
Tobias Brunner
8e066237a7 Don't include individual glib headers in nm plugin. 
Expections are glib/gi18n.h, glib/gi18n-lib.h, glib/gprintf.h and
glib/gstdio.h.
 2012-03-26 15:23:17 +02:00
Martin Willi
3110744a6b Fix null-terminated XAuth passwords, as sent by Android 4 2012-03-22 15:09:25 +01:00
Martin Willi
83d77866f4 Store authentication info of a XAUTH round on IKE_SA 2012-03-22 09:06:31 +01:00
Martin Willi
79f39ecf5d Added a getter for CHILD_SA marks 2012-03-22 09:06:12 +01:00
Martin Willi
3de54af7ec Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid 2012-03-22 09:05:56 +01:00
Andreas Steffen
80abe22f65 fixed parsing of IF-MAP SOAP responses 2012-03-21 14:25:19 +01:00
Martin Willi
4f3cf61dfd Reply with received configuration payload identifier in Mode Config 2012-03-20 18:06:29 +01:00
Martin Willi
b1f2f05c92 Merge branch 'ikev1-clean' into ikev1-master 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/daemon.c
	src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
	src/libcharon/plugins/eap_radius/eap_radius_accounting.c
	src/libcharon/plugins/eap_radius/eap_radius_forward.c
	src/libcharon/plugins/farp/farp_listener.c
	src/libcharon/sa/ike_sa.c
	src/libcharon/sa/keymat.c
	src/libcharon/sa/task_manager.c
	src/libcharon/sa/trap_manager.c
	src/libstrongswan/plugins/x509/x509_cert.c
	src/libstrongswan/utils.h

Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
 2012-03-20 17:57:53 +01:00
Tobias Brunner
d112a7e1fe Properly handle retransmitted initial IKE messages. 
This change allows to properly handle retransmits of initial IKE
messages when we've already processed them (i.e. our response is now resent
immediately).
 2012-03-20 17:31:41 +01:00
Tobias Brunner
de9357bb44 Implemented table of init hashes without linked_list_t. 2012-03-20 17:31:41 +01:00
Tobias Brunner
6f0cca20d8 Implemented table of connected peers without linked_list_t. 2012-03-20 17:31:41 +01:00
Tobias Brunner
3489370458 Implemented table of half open IKE_SAs without linked_list_t. 2012-03-20 17:31:41 +01:00
Tobias Brunner
e49bb4e3e3 Don't use linked_list_t for buckets in main IKE_SA hash table. 2012-03-20 17:31:41 +01:00
Tobias Brunner
894c52cba2 Fixed deadlock if checkin_and_destroy is called during shutdown. 2012-03-20 17:31:40 +01:00
Tobias Brunner
4b2f428f40 Do not clone hashes of initial IKE messages when storing them in the hash table. 2012-03-20 17:31:40 +01:00
Tobias Brunner
20e3d5ea00 Store IKEv2 IKE_SAs by local SPI in the IKE_SA manager hash table. 
For IKEv1 the previous behavior of always using the initiator's SPI as
key is maintained.
 2012-03-20 17:31:40 +01:00
Tobias Brunner
71cf97871f Added separate hashtable for hashes of initial IKE messages. 
This does not require us to do a lookup for an SA by SPI first.
 2012-03-20 17:31:40 +01:00
Tobias Brunner
68611395dc chunk_equals_ptr added to compare chunks given as pointers. 2012-03-20 17:31:40 +01:00
Tobias Brunner
1726795fa9 Store the major IKE version on ike_sa_id_t. 2012-03-20 17:31:40 +01:00
Tobias Brunner
8254e7ecb8 Implemented handling of UNITY_LOAD_BALANCE as reauthentication. 2012-03-20 17:31:40 +01:00
Martin Willi
a7d3b0e098 Check if we actually have a packet before retransmitting it 2012-03-20 17:31:40 +01:00
Martin Willi
35852af7b1 Use a single set of FDs for all random plugin RNG instances 2012-03-20 17:31:40 +01:00
Tobias Brunner
eff331f799 Parse IKEv1 Cisco Load Balancing notify (can't act on it yet). 2012-03-20 17:31:40 +01:00
Tobias Brunner
3a9d5cbc14 Fixed transform numbering in IKEv1 proposal. 2012-03-20 17:31:40 +01:00
Tobias Brunner
dcbdc914fa Compiler warning fixed. 2012-03-20 17:31:40 +01:00
Martin Willi
182d55b229 Use correct enum values to detect three message tasks for retransmission 2012-03-20 17:31:40 +01:00
Martin Willi
f98af1ddd5 Trigger DPD not before IKE_SA state gets updated 2012-03-20 17:31:39 +01:00
Martin Willi
5ed4b727d0 Fix mapping of IKEv1 encapsulation mode 2012-03-20 17:31:39 +01:00
Martin Willi
7fd7ffc649 Use UDP encapsulation even in non-NAT situation if initiator requests it 2012-03-20 17:31:39 +01:00
Martin Willi
75e3d90d43 Updated ipsec.conf man page for the use of IKEv1 with pluto 2012-03-20 17:31:39 +01:00
Martin Willi
c60246a618 Support inactivity timeout in IKEv1 CHILD_SAs 2012-03-20 17:31:39 +01:00
Martin Willi
a0c17d4157 Use a dedicated PRF for HASH/SIG payloads using ECDSA specific hasher 2012-03-20 17:31:39 +01:00
Martin Willi
4c685e8850 Select public key auth method by checking what key we have 2012-03-20 17:31:39 +01:00
Martin Willi
83b152dd4f Support ECDSA signatures in IKEv1 pubkey authenticator 2012-03-20 17:31:39 +01:00
Martin Willi
5be386ff8e Exchange certificates when using IKEv1 ECDSA authentication 2012-03-20 17:31:39 +01:00
Martin Willi
5aef6bd0f3 Accept NULL auth_cfg_t passed to credential_manager_t.get_private() 2012-03-20 17:31:39 +01:00
Martin Willi
6261c0c3b7 Support encoding of IKEv1 ECDSA proposals 2012-03-20 17:31:38 +01:00
Martin Willi
c8d46f2959 Dropped support of deprecated authby=eap and eap= options 2012-03-20 17:31:38 +01:00
Martin Willi
c791def8c1 Added support for authby/xauth_server legacy options 2012-03-20 17:31:38 +01:00
Martin Willi
c390569a76 Renamed CONFIGURATION_ATTRIBUTE_LENGTH to streamline it with other ATTRIBUTE rules 2012-03-20 17:31:38 +01:00
Martin Willi
05cb240215 Use ATTRIBUTE_VALUE rule in configuration attribute to parse it with correct length 2012-03-20 17:31:38 +01:00
Martin Willi
a994050e9c Don't re-resolve addresses during initiate if they have already been set 2012-03-20 17:31:38 +01:00
Martin Willi
aa3b53e716 Adopt children after syncing a rekeyed IKEv1 SA 2012-03-20 17:31:38 +01:00
Martin Willi
fed5c33440 Synchronize IKEv1 DPD sequence numbers 2012-03-20 17:31:38 +01:00
Martin Willi
fd6fbf1764 Setting message ID on task manager sets DPD sequence numbers in IKEv1 2012-03-20 17:31:38 +01:00
Martin Willi
783c496966 Update state before triggering DPD, as we cancel it if PASSIVE 2012-03-20 17:31:38 +01:00
Martin Willi
a46b8e16ad Set thread specific SA on bus for each enumerated IKE_SA 2012-03-20 17:31:38 +01:00
Martin Willi
b226fd300d Sync remote virtual IP for IKEv1 SAs 2012-03-20 17:31:38 +01:00