Spelling fixes
* accumulating * acquire * alignment * appropriate * argument * assign * attribute * authenticate * authentication * authenticator * authority * auxiliary * brackets * callback * camellia * can't * cancelability * certificate * choinyambuu * chunk * collector * collision * communicating * compares * compatibility * compressed * confidentiality * configuration * connection * consistency * constraint * construction * constructor * database * decapsulated * declaration * decrypt * derivative * destination * destroyed * details * devised * dynamic * ecapsulation * encoded * encoding * encrypted * enforcing * enumerator * establishment * excluded * exclusively * exited * expecting * expire * extension * filter * firewall * foundation * fulfillment * gateways * hashing * hashtable * heartbeats * identifier * identifiers * identities * identity * implementers * indicating * initialize * initiate * initiation * initiator * inner * instantiate * legitimate * libraries * libstrongswan * logger * malloc * manager * manually * measurement * mechanism * message * network * nonexistent * object * occurrence * optional * outgoing * packages * packets * padding * particular * passphrase * payload * periodically * policies * possible * previously * priority * proposal * protocol * provide * provider * pseudo * pseudonym * public * qualifier * quantum * quintuplets * reached * reading * recommendation to * recommendation * recursive * reestablish * referencing * registered * rekeying * reliable * replacing * representing * represents * request * request * resolver * result * resulting * resynchronization * retriable * revocation * right * rollback * rule * rules * runtime * scenario * scheduled * security * segment * service * setting * signature * specific * specified * speed * started * steffen * strongswan * subjectaltname * supported * threadsafe * traffic * tremendously * treshold * unique * uniqueness * unknown * until * upper * using * validator * verification * version * version * warrior Closes strongswan/strongswan#164.
This commit is contained in:
parent
baf29263d5
commit
b3ab7a48cc
20
NEWS
20
NEWS
|
@ -188,7 +188,7 @@ strongswan-5.7.0
|
|||
for low-exponent keys (i.e. with e=3). CVE-2018-16151 has been assigned to
|
||||
the problem of accepting random bytes after the OID of the hash function in
|
||||
such signatures, and CVE-2018-16152 has been assigned to the issue of not
|
||||
verifying that the parameters in the ASN.1 algorithmIdentitifer structure is
|
||||
verifying that the parameters in the ASN.1 algorithmIdentifier structure is
|
||||
empty. Other flaws that don't lead to a vulnerability directly (e.g. not
|
||||
checking for at least 8 bytes of padding) have no separate CVE assigned.
|
||||
|
||||
|
@ -694,7 +694,7 @@ strongswan-5.3.3
|
|||
|
||||
- In the bliss plugin the c_indices derivation using a SHA-512 based random
|
||||
oracle has been fixed, generalized and standardized by employing the MGF1 mask
|
||||
generation function with SHA-512. As a consequence BLISS signatures unsing the
|
||||
generation function with SHA-512. As a consequence BLISS signatures using the
|
||||
improved oracle are not compatible with the earlier implementation.
|
||||
|
||||
- Support for auto=route with right=%any for transport mode connections has
|
||||
|
@ -1269,7 +1269,7 @@ strongswan-5.0.1
|
|||
- The PA-TNC and PB-TNC protocols can now process huge data payloads
|
||||
>64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
|
||||
and these messages over several PB-TNC batches. As long as no
|
||||
consolidated recommandation from all IMVs can be obtained, the TNC
|
||||
consolidated recommendation from all IMVs can be obtained, the TNC
|
||||
server requests more client data by sending an empty SDATA batch.
|
||||
|
||||
- The rightgroups2 ipsec.conf option can require group membership during
|
||||
|
@ -1991,7 +1991,7 @@ strongswan-4.3.1
|
|||
|
||||
- The nm plugin also accepts CA certificates for gateway authentication. If
|
||||
a CA certificate is configured, strongSwan uses the entered gateway address
|
||||
as its idenitity, requiring the gateways certificate to contain the same as
|
||||
as its identity, requiring the gateways certificate to contain the same as
|
||||
subjectAltName. This allows a gateway administrator to deploy the same
|
||||
certificates to Windows 7 and NetworkManager clients.
|
||||
|
||||
|
@ -2038,7 +2038,7 @@ strongswan-4.3.0
|
|||
Initiators and responders can use several authentication rounds (e.g. RSA
|
||||
followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
|
||||
leftauth2/rightauth2 parameters define own authentication rounds or setup
|
||||
constraints for the remote peer. See the ipsec.conf man page for more detials.
|
||||
constraints for the remote peer. See the ipsec.conf man page for more details.
|
||||
|
||||
- If glibc printf hooks (register_printf_function) are not available,
|
||||
strongSwan can use the vstr string library to run on non-glibc systems.
|
||||
|
@ -2784,7 +2784,7 @@ strongswan-4.0.4
|
|||
|
||||
- Added support for preshared keys in IKEv2. PSK keys configured in
|
||||
ipsec.secrets are loaded. The authby parameter specifies the authentication
|
||||
method to authentificate ourself, the other peer may use PSK or RSA.
|
||||
method to authenticate ourself, the other peer may use PSK or RSA.
|
||||
|
||||
- Changed retransmission policy to respect the keyingtries parameter.
|
||||
|
||||
|
@ -2922,7 +2922,7 @@ strongswan-2.7.0
|
|||
left|rightfirewall keyword causes the automatic insertion
|
||||
and deletion of ACCEPT rules for tunneled traffic upon
|
||||
the successful setup and teardown of an IPsec SA, respectively.
|
||||
left|rightfirwall can be used with KLIPS under any Linux 2.4
|
||||
left|rightfirewall can be used with KLIPS under any Linux 2.4
|
||||
kernel or with NETKEY under a Linux kernel version >= 2.6.16
|
||||
in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
|
||||
kernel version < 2.6.16 which does not support IPsec policy
|
||||
|
@ -3043,7 +3043,7 @@ strongswan-2.6.0
|
|||
to replace the various shell and awk starter scripts (setup, _plutoload,
|
||||
_plutostart, _realsetup, _startklips, _confread, and auto). Since
|
||||
ipsec.conf is now parsed only once, the starting of multiple tunnels is
|
||||
accelerated tremedously.
|
||||
accelerated tremendously.
|
||||
|
||||
- Added support of %defaultroute to the ipsec starter. If the IP address
|
||||
changes, a HUP signal to the ipsec starter will automatically
|
||||
|
@ -3177,9 +3177,9 @@ strongswan-2.5.1
|
|||
|
||||
- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
|
||||
installed either by setting auto=route in ipsec.conf or by
|
||||
a connection put into hold, generates an XFRM_AQUIRE event
|
||||
a connection put into hold, generates an XFRM_ACQUIRE event
|
||||
for each packet that wants to use the not-yet existing
|
||||
tunnel. Up to now each XFRM_AQUIRE event led to an entry in
|
||||
tunnel. Up to now each XFRM_ACQUIRE event led to an entry in
|
||||
the Quick Mode queue, causing multiple IPsec SA to be
|
||||
established in rapid succession. Starting with strongswan-2.5.1
|
||||
only a single IPsec SA is established per host-pair connection.
|
||||
|
|
|
@ -639,7 +639,7 @@ following entries are required in `/etc/ipsec.conf`:
|
|||
|
||||
conn rw1
|
||||
right=%any
|
||||
righsubnet=10.4.0.5/32
|
||||
rightsubnet=10.4.0.5/32
|
||||
|
||||
conn rw2
|
||||
right=%any
|
||||
|
|
|
@ -25,7 +25,7 @@ charon.plugins.load-tester.crl
|
|||
certificates.
|
||||
|
||||
charon.plugins.load-tester.delay = 0
|
||||
Delay between initiatons for each thread.
|
||||
Delay between initiations for each thread.
|
||||
|
||||
charon.plugins.load-tester.delete_after_established = no
|
||||
Delete an IKE_SA as soon as it has been established.
|
||||
|
@ -66,7 +66,7 @@ charon.plugins.load-tester.initiators = 0
|
|||
Number of concurrent initiator threads to use in load test.
|
||||
|
||||
charon.plugins.load-tester.initiator_auth = pubkey
|
||||
Authentication method(s) the intiator uses.
|
||||
Authentication method(s) the initiator uses.
|
||||
|
||||
charon.plugins.load-tester.initiator_id =
|
||||
Initiator ID used in load test.
|
||||
|
|
|
@ -74,7 +74,7 @@ libtls library messages
|
|||
libipsec library messages
|
||||
.TP
|
||||
.B lib
|
||||
libstrongwan library messages
|
||||
libstrongswan library messages
|
||||
.TP
|
||||
.B tnc
|
||||
Trusted Network Connect
|
||||
|
|
|
@ -55,7 +55,7 @@ ARG_WITH_SUBST([piddir], [/var/run], [set path for PID and UNIX sock
|
|||
ARG_WITH_SUBST([ipsecdir], [${libexecdir%/}/ipsec], [set installation path for ipsec tools])
|
||||
ARG_WITH_SUBST([ipseclibdir], [${libdir%/}/ipsec], [set installation path for ipsec libraries])
|
||||
ARG_WITH_SUBST([plugindir], [${ipseclibdir%/}/plugins], [set the installation path of plugins])
|
||||
ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic librariers])
|
||||
ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic libraries])
|
||||
ARG_WITH_SUBST([nm-ca-dir], [/usr/share/ca-certificates], [directory the NM backend uses to look up trusted root certificates])
|
||||
ARG_WITH_SUBST([swanctldir], [${sysconfdir}/swanctl], [base directory for swanctl configuration files and credentials])
|
||||
ARG_WITH_SUBST([linux-headers], [\${top_srcdir}/src/include], [set directory of linux header files to use])
|
||||
|
@ -1035,7 +1035,7 @@ if test x$tss_tss2 = xtrue; then
|
|||
AC_SUBST(tss2_LIBS, "$tss2_sys_LIBS")
|
||||
else
|
||||
PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
|
||||
[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
|
||||
[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Manager])],
|
||||
[tss2_tabrmd=false])
|
||||
PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
|
||||
[tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
|
||||
|
|
|
@ -44,7 +44,7 @@ struct nm_backend_t {
|
|||
nm_creds_t *creds;
|
||||
|
||||
/**
|
||||
* attribute handler regeisterd at the daemon
|
||||
* attribute handler registered at the daemon
|
||||
*/
|
||||
nm_handler_t *handler;
|
||||
};
|
||||
|
|
|
@ -561,7 +561,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
|
|||
return FALSE;
|
||||
}
|
||||
}
|
||||
/* ... or certificate/private key authenitcation */
|
||||
/* ... or certificate/private key authentication */
|
||||
else if ((str = nm_setting_vpn_get_data_item(vpn, "usercert")))
|
||||
{
|
||||
public_key_t *public;
|
||||
|
|
|
@ -45,7 +45,7 @@ struct private_tkm_listener_t {
|
|||
/**
|
||||
* Return id of remote identity.
|
||||
*
|
||||
* TODO: Replace this with the lookup for the remote identitiy id.
|
||||
* TODO: Replace this with the lookup for the remote identity id.
|
||||
*
|
||||
* Currently the reqid of the first child SA in peer config of IKE SA is
|
||||
* returned. Might choose wrong reqid if IKE SA has multiple child configs
|
||||
|
|
|
@ -108,7 +108,7 @@ The following CHILD_SA specific configuration options are supported:
|
|||
lts: Local side traffic selectors, comma separated CIDR subnets
|
||||
rts: Remote side traffic selectors, comma separated CIDR subnets
|
||||
transport: Propose IPsec transport mode instead of tunnel mode
|
||||
tfc_padding: Inject Traffic Flow Confidentialty bytes to align packets to the
|
||||
tfc_padding: Inject Traffic Flow Confidentiality bytes to align packets to the
|
||||
given length
|
||||
proposal: CHILD_SA proposal list, same syntax as IKE_SA proposal list
|
||||
|
||||
|
@ -271,7 +271,7 @@ Currently, the following hooks are defined with the following options:
|
|||
request: yes to set in request, no in response
|
||||
id: IKEv2 message identifier of message to mangle
|
||||
from: proposal number to mangle
|
||||
to: new porposal number to set instead of from
|
||||
to: new proposal number to set instead of from
|
||||
set_reserved: set arbitrary reserved bits/bytes in payloads
|
||||
request: yes to set in request, no in response
|
||||
id: IKEv2 message identifier of message to mangle
|
||||
|
|
|
@ -129,7 +129,7 @@ static bool load_cert(settings_t *settings, bool trusted)
|
|||
}
|
||||
|
||||
/**
|
||||
* Load certificates from the confiuguration file
|
||||
* Load certificates from the configuration file
|
||||
*/
|
||||
static bool load_certs(settings_t *settings, char *dir)
|
||||
{
|
||||
|
@ -163,7 +163,7 @@ static bool load_certs(settings_t *settings, char *dir)
|
|||
}
|
||||
|
||||
/**
|
||||
* Load private keys from the confiuguration file
|
||||
* Load private keys from the configuration file
|
||||
*/
|
||||
static bool load_keys(settings_t *settings, char *dir)
|
||||
{
|
||||
|
|
|
@ -38,7 +38,7 @@ struct private_kernel_android_ipsec_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* Callback registrered with libipsec.
|
||||
* Callback registered with libipsec.
|
||||
*/
|
||||
static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard)
|
||||
{
|
||||
|
|
|
@ -68,7 +68,7 @@ AC_ARG_ENABLE(
|
|||
)
|
||||
AC_ARG_WITH(
|
||||
[libnm-glib],
|
||||
AS_HELP_STRING([--without-libnm-glib], [build NetworkManager-strongswan without libnm-glib comatibility]),
|
||||
AS_HELP_STRING([--without-libnm-glib], [build NetworkManager-strongswan without libnm-glib compatibility]),
|
||||
[with_libnm_glib=no],
|
||||
[with_libnm_glib=yes]
|
||||
)
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
</packing>
|
||||
</child>
|
||||
<child>
|
||||
<object class="GtkAlignment" id="gateway-alignement">
|
||||
<object class="GtkAlignment" id="gateway-alignment">
|
||||
<property name="visible">True</property>
|
||||
<property name="can_focus">False</property>
|
||||
<property name="left_padding">12</property>
|
||||
|
@ -135,7 +135,7 @@
|
|||
</packing>
|
||||
</child>
|
||||
<child>
|
||||
<object class="GtkAlignment" id="client-aligement">
|
||||
<object class="GtkAlignment" id="client-alignment">
|
||||
<property name="visible">True</property>
|
||||
<property name="can_focus">False</property>
|
||||
<property name="left_padding">12</property>
|
||||
|
@ -351,7 +351,7 @@
|
|||
</packing>
|
||||
</child>
|
||||
<child>
|
||||
<object class="GtkAlignment" id="options-alignement">
|
||||
<object class="GtkAlignment" id="options-alignment">
|
||||
<property name="visible">True</property>
|
||||
<property name="can_focus">False</property>
|
||||
<property name="left_padding">12</property>
|
||||
|
|
|
@ -219,7 +219,7 @@ enum {
|
|||
#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
|
||||
|
||||
/*
|
||||
* Generic LSM security context for comunicating to user space
|
||||
* Generic LSM security context for communicating to user space
|
||||
* NOTE: Same format as sadb_x_sec_ctx
|
||||
*/
|
||||
struct xfrm_user_sec_ctx {
|
||||
|
|
|
@ -37,7 +37,7 @@ struct attribute_handler_t {
|
|||
/**
|
||||
* Handle a configuration attribute.
|
||||
*
|
||||
* After receiving a configuration attriubte, it is passed to each
|
||||
* After receiving a configuration attribute, it is passed to each
|
||||
* attribute handler until it is handled.
|
||||
*
|
||||
* @param ike_sa IKE_SA under which attribute is received
|
||||
|
|
|
@ -233,7 +233,7 @@ typedef struct {
|
|||
enumerator_t *inner;
|
||||
/** IKE_SA to request attributes for */
|
||||
ike_sa_t *ike_sa;
|
||||
/** virtual IPs we are requesting along with attriubutes */
|
||||
/** virtual IPs we are requesting along with attributes */
|
||||
linked_list_t *vips;
|
||||
} initiator_enumerator_t;
|
||||
|
||||
|
|
|
@ -85,7 +85,7 @@ typedef struct {
|
|||
* Lease entry.
|
||||
*/
|
||||
typedef struct {
|
||||
/* identitiy reference */
|
||||
/* identity reference */
|
||||
identification_t *id;
|
||||
/* array of online leases, as unique_lease_t */
|
||||
array_t *online;
|
||||
|
|
|
@ -461,7 +461,7 @@ struct bus_t {
|
|||
* CHILD_SA migration hook.
|
||||
*
|
||||
* @param new ID of new SA when called for the old, NULL otherwise
|
||||
* @param uniue unique ID of new SA when called for the old, 0 otherwise
|
||||
* @param unique unique ID of new SA when called for the old, 0 otherwise
|
||||
*/
|
||||
void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique);
|
||||
|
||||
|
|
|
@ -114,12 +114,12 @@ struct private_child_cfg_t {
|
|||
uint32_t reqid;
|
||||
|
||||
/**
|
||||
* Optionl interface ID to use for inbound CHILD_SA
|
||||
* Optional interface ID to use for inbound CHILD_SA
|
||||
*/
|
||||
uint32_t if_id_in;
|
||||
|
||||
/**
|
||||
* Optionl interface ID to use for outbound CHILD_SA
|
||||
* Optional interface ID to use for outbound CHILD_SA
|
||||
*/
|
||||
uint32_t if_id_out;
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@ struct child_cfg_t {
|
|||
/**
|
||||
* Select a proposal from a supplied list.
|
||||
*
|
||||
* Returned propsal is newly created and must be destroyed after usage.
|
||||
* Returned proposal is newly created and must be destroyed after usage.
|
||||
*
|
||||
* @param proposals list from which proposals are selected
|
||||
* @param flags flags to consider during proposal selection
|
||||
|
@ -124,7 +124,7 @@ struct child_cfg_t {
|
|||
* side, one for the remote side.
|
||||
* If a list with traffic selectors is supplied, these are used to narrow
|
||||
* down the traffic selector list to the greatest common divisor.
|
||||
* Some traffic selector may be "dymamic", meaning they are narrowed down
|
||||
* Some traffic selector may be "dynamic", meaning they are narrowed down
|
||||
* to a specific address (host-to-host or virtual-IP setups). Use
|
||||
* the "host" parameter to narrow such traffic selectors to that address.
|
||||
* Resulted list and its traffic selectors must be destroyed after use.
|
||||
|
|
|
@ -156,12 +156,12 @@ struct private_peer_cfg_t {
|
|||
linked_list_t *remote_auth;
|
||||
|
||||
/**
|
||||
* Optionl interface ID to use for inbound CHILD_SA
|
||||
* Optional interface ID to use for inbound CHILD_SA
|
||||
*/
|
||||
uint32_t if_id_in;
|
||||
|
||||
/**
|
||||
* Optionl interface ID to use for outbound CHILD_SA
|
||||
* Optional interface ID to use for outbound CHILD_SA
|
||||
*/
|
||||
uint32_t if_id_out;
|
||||
|
||||
|
|
|
@ -134,7 +134,7 @@ struct peer_cfg_t {
|
|||
ike_version_t (*get_ike_version)(peer_cfg_t *this);
|
||||
|
||||
/**
|
||||
* Get the IKE config to use for initiaton.
|
||||
* Get the IKE config to use for initiation.
|
||||
*
|
||||
* @return the IKE config to use
|
||||
*/
|
||||
|
|
|
@ -150,7 +150,7 @@
|
|||
* synchronization:
|
||||
* Each IKE_SA must be checked out strictly and checked in again after use. The
|
||||
* manager guarantees that only one thread may check out a single IKE_SA. This
|
||||
* allows us to write the (complex) IKE_SAs routines non-threadsave.
|
||||
* allows us to write the (complex) IKE_SAs routines non-threadsafe.
|
||||
* The IKE_SA contain the state and the logic of each IKE_SA and handle the
|
||||
* messages.
|
||||
*
|
||||
|
|
|
@ -78,9 +78,9 @@ typedef struct {
|
|||
/* Payload type */
|
||||
payload_type_t type;
|
||||
/* Minimal occurrence of this payload. */
|
||||
size_t min_occurence;
|
||||
size_t min_occurrence;
|
||||
/* Max occurrence of this payload. */
|
||||
size_t max_occurence;
|
||||
size_t max_occurrence;
|
||||
/* TRUE if payload must be encrypted */
|
||||
bool encrypted;
|
||||
/* If payload occurs, the message rule is fulfilled */
|
||||
|
@ -1653,7 +1653,7 @@ static ike_header_t *create_header(private_message_t *this)
|
|||
/**
|
||||
* Generates the message, if needed, wraps the payloads in an encrypted payload.
|
||||
*
|
||||
* The generator and the possible enrypted payload are returned. The latter
|
||||
* The generator and the possible encrypted payload are returned. The latter
|
||||
* is not yet encrypted (but the transform is set). It is also not added to
|
||||
* the payload list (so unless there are unencrypted payloads that list will
|
||||
* be empty afterwards).
|
||||
|
@ -2600,11 +2600,11 @@ static status_t verify(private_message_t *this)
|
|||
found++;
|
||||
DBG2(DBG_ENC, "found payload of type %N",
|
||||
payload_type_names, type);
|
||||
if (found > rule->max_occurence)
|
||||
if (found > rule->max_occurrence)
|
||||
{
|
||||
DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
|
||||
"occurred in current message", payload_type_names,
|
||||
type, rule->max_occurence, found);
|
||||
type, rule->max_occurrence, found);
|
||||
enumerator->destroy(enumerator);
|
||||
return VERIFY_ERROR;
|
||||
}
|
||||
|
@ -2612,10 +2612,10 @@ static status_t verify(private_message_t *this)
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
if (!complete && found < rule->min_occurence)
|
||||
if (!complete && found < rule->min_occurrence)
|
||||
{
|
||||
DBG1(DBG_ENC, "payload of type %N not occurred %d times (%d)",
|
||||
payload_type_names, rule->type, rule->min_occurence, found);
|
||||
payload_type_names, rule->type, rule->min_occurrence, found);
|
||||
return VERIFY_ERROR;
|
||||
}
|
||||
if (found && rule->sufficient)
|
||||
|
|
|
@ -391,7 +391,7 @@ METHOD(parser_t, parse_payload, status_t,
|
|||
|
||||
/* base pointer for output, avoids casting in every rule */
|
||||
output = pld;
|
||||
/* parse the payload with its own rulse */
|
||||
/* parse the payload with its own rules */
|
||||
rule_count = pld->get_encoding_rules(pld, &this->rules);
|
||||
for (rule_number = 0; rule_number < rule_count; rule_number++)
|
||||
{
|
||||
|
@ -618,7 +618,7 @@ METHOD(parser_t, parse_payload, status_t,
|
|||
return PARSE_ERROR;
|
||||
}
|
||||
}
|
||||
/* process next rulue */
|
||||
/* process next rule */
|
||||
rule++;
|
||||
}
|
||||
|
||||
|
|
|
@ -58,7 +58,7 @@ struct cp_payload_t {
|
|||
/**
|
||||
* Creates an enumerator of stored configuration_attribute_t objects.
|
||||
*
|
||||
* @return enumerator over configration_attribute_T
|
||||
* @return enumerator over configuration_attribute_t
|
||||
*/
|
||||
enumerator_t *(*create_attribute_enumerator) (cp_payload_t *this);
|
||||
|
||||
|
|
|
@ -83,7 +83,7 @@ static encoding_rule_t encodings[] = {
|
|||
{ RESERVED_BIT, offsetof(private_eap_payload_t, reserved[6]) },
|
||||
/* Length of the whole payload*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_eap_payload_t, payload_length) },
|
||||
/* chunt to data, starting at "code" */
|
||||
/* chunk to data, starting at "code" */
|
||||
{ CHUNK_DATA, offsetof(private_eap_payload_t, data) },
|
||||
};
|
||||
|
||||
|
|
|
@ -179,7 +179,7 @@ enum encoding_type_t {
|
|||
/**
|
||||
* Representing a spi field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* When generating the content of the chunk pointing to
|
||||
* is written.
|
||||
*
|
||||
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
|
||||
|
@ -248,7 +248,7 @@ enum encoding_type_t {
|
|||
* this field is available or missing and so parsed/generated
|
||||
* or not parsed/not generated.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* When generating the content of the chunk pointing to
|
||||
* is written.
|
||||
*
|
||||
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
|
||||
|
@ -274,7 +274,7 @@ enum encoding_type_t {
|
|||
* Depending on the last field of type TS_TYPE
|
||||
* this field is either 4 or 16 byte long.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* When generating the content of the chunk pointing to
|
||||
* is written.
|
||||
*
|
||||
* When parsing 4 or 16 bytes are read and written into the chunk pointing to.
|
||||
|
@ -290,7 +290,7 @@ enum encoding_type_t {
|
|||
* Representing an IKE_SPI field in an IKEv2 Header.
|
||||
*
|
||||
* When generating the value of the uint64_t pointing to
|
||||
* is written (host and networ order is not changed).
|
||||
* is written (host and network order is not changed).
|
||||
*
|
||||
* When parsing 8 bytes are read and written into the uint64_t pointing to.
|
||||
*/
|
||||
|
@ -302,7 +302,7 @@ enum encoding_type_t {
|
|||
ENCRYPTED_DATA,
|
||||
|
||||
/**
|
||||
* Reprensenting a field containing a set of wrapped payloads.
|
||||
* Representing a field containing a set of wrapped payloads.
|
||||
*
|
||||
* This type is not used directly, but as an offset to the wrapped payloads.
|
||||
* The type of the wrapped payload is added to this encoding type.
|
||||
|
|
|
@ -61,7 +61,7 @@ struct fragment_payload_t {
|
|||
/**
|
||||
* Get the fragment data.
|
||||
*
|
||||
* @return chunkt to internal fragment data
|
||||
* @return chunk to internal fragment data
|
||||
*/
|
||||
chunk_t (*get_data)(fragment_payload_t *this);
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ struct hash_payload_t {
|
|||
/**
|
||||
* Get the hash value.
|
||||
*
|
||||
* @return chunkt to internal hash data
|
||||
* @return chunk to internal hash data
|
||||
*/
|
||||
chunk_t (*get_hash) (hash_payload_t *this);
|
||||
|
||||
|
|
|
@ -89,7 +89,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type,
|
|||
* Create an IKEv1 ID_ADDR_SUBNET/RANGE identity from a traffic selector.
|
||||
*
|
||||
* @param ts traffic selector
|
||||
* @return PLV1_ID id_paylad_t object.
|
||||
* @return PLV1_ID id_payload_t object.
|
||||
*/
|
||||
id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts);
|
||||
|
||||
|
|
|
@ -168,7 +168,7 @@ enum payload_type_t {
|
|||
PLV2_NONCE = 40,
|
||||
|
||||
/**
|
||||
* Notify paylaod (N).
|
||||
* Notify payload (N).
|
||||
*/
|
||||
PLV2_NOTIFY = 41,
|
||||
|
||||
|
@ -178,7 +178,7 @@ enum payload_type_t {
|
|||
PLV2_DELETE = 42,
|
||||
|
||||
/**
|
||||
* Vendor id paylpoad (V).
|
||||
* Vendor id payload (V).
|
||||
*/
|
||||
PLV2_VENDOR_ID = 43,
|
||||
|
||||
|
@ -382,9 +382,9 @@ struct payload_t {
|
|||
size_t (*get_length) (payload_t *this);
|
||||
|
||||
/**
|
||||
* Verifies payload structure and makes consistence check.
|
||||
* Verifies payload structure and makes consistency check.
|
||||
*
|
||||
* @return SUCCESS, FAILED if consistence not given
|
||||
* @return SUCCESS, FAILED if consistency not given
|
||||
*/
|
||||
status_t (*verify) (payload_t *this);
|
||||
|
||||
|
@ -399,7 +399,7 @@ struct payload_t {
|
|||
*
|
||||
* Useful for the parser, who wants a generic constructor for all payloads.
|
||||
* It supports all payload_t methods. If a payload type is not known,
|
||||
* an unknwon_paylod is created with the chunk of data in it.
|
||||
* an unknown_payload is created with the chunk of data in it.
|
||||
*
|
||||
* @param type type of the payload to create
|
||||
* @return payload_t object
|
||||
|
|
|
@ -117,7 +117,7 @@ struct proposal_substructure_t {
|
|||
bool (*get_cpi) (proposal_substructure_t *this, uint16_t *cpi);
|
||||
|
||||
/**
|
||||
* Get proposals contained in a propsal_substructure_t.
|
||||
* Get proposals contained in a proposal_substructure_t.
|
||||
*
|
||||
* @param list list to add created proposals to
|
||||
*/
|
||||
|
|
|
@ -134,7 +134,7 @@ struct traffic_selector_substructure_t {
|
|||
traffic_selector_substructure_t *traffic_selector_substructure_create(void);
|
||||
|
||||
/**
|
||||
* Creates an initialized traffif selector substructure using
|
||||
* Creates an initialized traffic selector substructure using
|
||||
* the values from a traffic_selector_t.
|
||||
*
|
||||
* @param traffic_selector traffic_selector_t to use for initialization
|
||||
|
|
|
@ -361,7 +361,7 @@ struct kernel_interface_t {
|
|||
*
|
||||
* @param virtual_ip virtual ip address to remove
|
||||
* @param prefix prefix length of the IP to uninstall, -1 for auto
|
||||
* @param wait TRUE to wait untily IP is gone
|
||||
* @param wait TRUE to wait until IP is gone
|
||||
* @return SUCCESS if operation completed
|
||||
*/
|
||||
status_t (*del_ip) (kernel_interface_t *this, host_t *virtual_ip,
|
||||
|
@ -433,7 +433,7 @@ struct kernel_interface_t {
|
|||
/**
|
||||
* Check if interfaces are excluded by config.
|
||||
*
|
||||
* @return TRUE if no interfaces are exclued by config
|
||||
* @return TRUE if no interfaces are excluded by config
|
||||
*/
|
||||
bool (*all_interfaces_usable)(kernel_interface_t *this);
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ struct kernel_listener_t {
|
|||
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
|
||||
|
||||
/**
|
||||
* Hook called if an exire event for an IPsec SA is received.
|
||||
* Hook called if an expire event for an IPsec SA is received.
|
||||
*
|
||||
* @param protocol protocol of the expired SA
|
||||
* @param spi spi of the expired SA
|
||||
|
@ -63,7 +63,7 @@ struct kernel_listener_t {
|
|||
*
|
||||
* @param protocol IPsec protocol of affected SA
|
||||
* @param spi spi of the SA
|
||||
* @param dst old destinatino address of SA
|
||||
* @param dst old destination address of SA
|
||||
* @param remote new remote host
|
||||
* @return TRUE to remain registered, FALSE to unregister
|
||||
*/
|
||||
|
|
|
@ -302,7 +302,7 @@ static bool cookie_required(private_receiver_t *this,
|
|||
/* We don't disable cookies unless we haven't seen IKE_SA_INITs
|
||||
* for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between
|
||||
* cookie on / cookie off states, which is problematic. Consider the
|
||||
* following: A legitimiate initiator sends a IKE_SA_INIT while we
|
||||
* following: A legitimate initiator sends a IKE_SA_INIT while we
|
||||
* are under a DoS attack. If we toggle our cookie behavior,
|
||||
* multiple retransmits of this IKE_SA_INIT might get answered with
|
||||
* and without cookies. The initiator goes on and retries with
|
||||
|
|
|
@ -33,7 +33,7 @@ typedef struct dhcp_provider_t dhcp_provider_t;
|
|||
struct dhcp_provider_t {
|
||||
|
||||
/**
|
||||
* Implements attribute_provier_t interface.
|
||||
* Implements attribute_provider_t interface.
|
||||
*/
|
||||
attribute_provider_t provider;
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ typedef struct eap_aka_3gpp_functions_t eap_aka_3gpp_functions_t;
|
|||
* @param id user identity
|
||||
* @param[out] k (16 byte) scratchpad to receive secret key K
|
||||
* @param[out] opc (16 byte) scratchpad to receive operator variant key
|
||||
* derivate OPc
|
||||
* derivative OPc
|
||||
*/
|
||||
bool eap_aka_3gpp_get_k_opc(identification_t *id, uint8_t k[AKA_K_LEN],
|
||||
uint8_t opc[AKA_OPC_LEN]);
|
||||
|
@ -88,7 +88,7 @@ struct eap_aka_3gpp_functions_t {
|
|||
* f1 : Calculate MAC-A from RAND, SQN, AMF using K and OPc
|
||||
*
|
||||
* @param k (128 bit) secret key K
|
||||
* @param opc (128 bit) operator variant key derivate OPc
|
||||
* @param opc (128 bit) operator variant key derivative OPc
|
||||
* @param rand (128 bit) random value RAND
|
||||
* @param sqn (48 bit) sequence number SQN
|
||||
* @param amf (16 bit) authentication management field AMF
|
||||
|
@ -106,7 +106,7 @@ struct eap_aka_3gpp_functions_t {
|
|||
* f1* : Calculate MAC-S from RAND, SQN, AMF using K and OPc
|
||||
*
|
||||
* @param k (128 bit) secret key K
|
||||
* @param opc (128 bit) operator variant key derivate OPc
|
||||
* @param opc (128 bit) operator variant key derivative OPc
|
||||
* @param rand (128 bit) random value RAND
|
||||
* @param sqn (48 bit) sequence number SQN
|
||||
* @param amf (16 bit) authentication management field AMF
|
||||
|
@ -127,7 +127,7 @@ struct eap_aka_3gpp_functions_t {
|
|||
* f5 : Calculates AK from RAND using K and OPc
|
||||
*
|
||||
* @param k (128 bit) secret key K
|
||||
* @param opc (128 bit) operator variant key derivate OPc
|
||||
* @param opc (128 bit) operator variant key derivative OPc
|
||||
* @param rand (128 bit) random value RAND
|
||||
* @param[out] res (64 bit) scratchpad to receive signed response RES
|
||||
* @param[out] ck (128 bit) scratchpad to receive encryption key CK
|
||||
|
@ -146,7 +146,7 @@ struct eap_aka_3gpp_functions_t {
|
|||
* f5* : Calculates resync AKS from RAND using K and OPc
|
||||
*
|
||||
* @param k (128 bit) secret key K
|
||||
* @param opc (128 bit) operator variant key derivate OPc
|
||||
* @param opc (128 bit) operator variant key derivative OPc
|
||||
* @param rand (128 bit) random value RAND
|
||||
* @param[out] aks (48 bit) scratchpad to receive resync anonymity key AKS
|
||||
* @return TRUE if calculations successful
|
||||
|
|
|
@ -44,7 +44,7 @@ struct private_eap_gtc_t {
|
|||
identification_t *peer;
|
||||
|
||||
/**
|
||||
* EAP message identififier
|
||||
* EAP message identifier
|
||||
*/
|
||||
uint8_t identifier;
|
||||
};
|
||||
|
|
|
@ -1161,7 +1161,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this,
|
|||
/* delay the response for some time to make brute-force attacks harder */
|
||||
sleep(RETRY_DELAY);
|
||||
|
||||
/* since the error is retryable the state does not change, we still
|
||||
/* since the error is retriable the state does not change, we still
|
||||
* expect an MSCHAPV2_RESPONSE from the peer */
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
|
|
@ -383,7 +383,7 @@ static void process_filter_id(radius_message_t *msg)
|
|||
}
|
||||
|
||||
/**
|
||||
* Handle Session-Timeout attribte and Interim updates
|
||||
* Handle Session-Timeout attribute and Interim updates
|
||||
*/
|
||||
static void process_timeout(radius_message_t *msg)
|
||||
{
|
||||
|
@ -502,7 +502,7 @@ static void add_unity_split_attribute(eap_radius_provider_t *provider,
|
|||
}
|
||||
writer->write_data(writer, net->get_address(net));
|
||||
writer->write_data(writer, mask->get_address(mask));
|
||||
padding = writer->skip(writer, 6); /* 6 bytes pdding */
|
||||
padding = writer->skip(writer, 6); /* 6 bytes padding */
|
||||
memset(padding.ptr, 0, padding.len);
|
||||
mask->destroy(mask);
|
||||
net->destroy(net);
|
||||
|
|
|
@ -18,8 +18,8 @@
|
|||
* @{ @ingroup eap_simaka_pseudonym
|
||||
*/
|
||||
|
||||
#ifndef EAP_SIMAKA_PSEDUONYM_PROVIDER_H_
|
||||
#define EAP_SIMAKA_PSEDUONYM_PROVIDER_H_
|
||||
#ifndef EAP_SIMAKA_PSEUDONYM_PROVIDER_H_
|
||||
#define EAP_SIMAKA_PSEUDONYM_PROVIDER_H_
|
||||
|
||||
#include <simaka_provider.h>
|
||||
|
||||
|
@ -46,4 +46,4 @@ struct eap_simaka_pseudonym_provider_t {
|
|||
*/
|
||||
eap_simaka_pseudonym_provider_t *eap_simaka_pseudonym_provider_create();
|
||||
|
||||
#endif /** EAP_SIMAKA_PSEDUONYM_PROVIDER_H_ @}*/
|
||||
#endif /** EAP_SIMAKA_PSEUDONYM_PROVIDER_H_ @}*/
|
||||
|
|
|
@ -39,7 +39,7 @@ struct forecast_listener_t {
|
|||
* Create an enumerator over active tunnels.
|
||||
*
|
||||
* The enumerator enumerates over local or remote traffic selectors,
|
||||
* associated firewall marks and if decasulated packets should get
|
||||
* associated firewall marks and if decapsulated packets should get
|
||||
* reinjected into other tunnels.
|
||||
*
|
||||
* @param local TRUE to enumerate local, FALSE to enumerate remote TS
|
||||
|
|
|
@ -160,7 +160,7 @@ static uint32_t jhash(jhash_version_t version, uint32_t a, uint32_t b)
|
|||
}
|
||||
|
||||
/**
|
||||
* Segmentate a calculated hash
|
||||
* Segment a calculated hash
|
||||
*/
|
||||
static u_int hash2segment(private_ha_kernel_t *this, uint64_t hash)
|
||||
{
|
||||
|
|
|
@ -50,7 +50,7 @@ struct ha_kernel_t {
|
|||
/**
|
||||
* Get the segment an arbitrary integer is in.
|
||||
*
|
||||
* @param n integer to segmentate
|
||||
* @param n integer to segment
|
||||
*/
|
||||
u_int (*get_segment_int)(ha_kernel_t *this, int n);
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ struct private_ha_segments_t {
|
|||
bool heartbeat_active;
|
||||
|
||||
/**
|
||||
* Interval we send hearbeats
|
||||
* Interval we send heartbeats
|
||||
*/
|
||||
int heartbeat_delay;
|
||||
|
||||
|
|
|
@ -432,7 +432,7 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
|
|||
.prefixlen = policy->dst.mask,
|
||||
);
|
||||
#ifndef __linux__
|
||||
/* on Linux we cant't install a gateway */
|
||||
/* on Linux we can't install a gateway */
|
||||
route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src,
|
||||
NULL);
|
||||
#endif
|
||||
|
|
|
@ -145,7 +145,7 @@ static bool equals_sa(sa_entry_t *a, sa_entry_t *b)
|
|||
typedef struct {
|
||||
/** policy source addresses */
|
||||
traffic_selector_t *src;
|
||||
/** policy destinaiton addresses */
|
||||
/** policy destination addresses */
|
||||
traffic_selector_t *dst;
|
||||
/** WFP allocated LUID for inbound filter ID */
|
||||
uint64_t policy_in;
|
||||
|
|
|
@ -327,7 +327,7 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str,
|
|||
if (this->initiator_id)
|
||||
{
|
||||
if (this->initiator_match && (!local && !num))
|
||||
{ /* as responder, use the secified identity that matches
|
||||
{ /* as responder, use the specified identity that matches
|
||||
* all used initiator identities, if given. */
|
||||
snprintf(buf, sizeof(buf), this->initiator_match, rnd);
|
||||
id = identification_create_from_string(buf);
|
||||
|
|
|
@ -142,7 +142,7 @@ struct private_socket_default_socket_t {
|
|||
bool set_source;
|
||||
|
||||
/**
|
||||
* TRUE to force sending source interface on outbound packetrs
|
||||
* TRUE to force sending source interface on outbound packets
|
||||
*/
|
||||
bool set_sourceif;
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ struct stroke_ca_t {
|
|||
* otherwise returns the same certificate.
|
||||
*
|
||||
* @param cert certificate to check
|
||||
* @return reference to stored CA certifiate, or original
|
||||
* @return reference to stored CA certificate, or original
|
||||
*/
|
||||
certificate_t *(*get_cert_ref)(stroke_ca_t *this, certificate_t *cert);
|
||||
|
||||
|
|
|
@ -176,7 +176,7 @@ static bool add_proposals(private_stroke_config_t *this, char *string,
|
|||
{
|
||||
return TRUE;
|
||||
}
|
||||
/* add default porposal to the end if not strict */
|
||||
/* add default proposal to the end if not strict */
|
||||
}
|
||||
if (ike_cfg)
|
||||
{
|
||||
|
|
|
@ -47,7 +47,7 @@ struct stroke_cred_t {
|
|||
* Reread secrets from config files.
|
||||
*
|
||||
* @param msg stroke message
|
||||
* @param prompt I/O channel to prompt for private key passhprase
|
||||
* @param prompt I/O channel to prompt for private key passphrase
|
||||
*/
|
||||
void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt);
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ struct private_uci_creds_t {
|
|||
typedef struct {
|
||||
/** implements enumerator */
|
||||
enumerator_t public;
|
||||
/** inneer UCI enumerator */
|
||||
/** inner UCI enumerator */
|
||||
enumerator_t *inner;
|
||||
/** currently enumerated shared shared */
|
||||
shared_key_t *current;
|
||||
|
|
|
@ -31,7 +31,7 @@ typedef struct unity_provider_t unity_provider_t;
|
|||
struct unity_provider_t {
|
||||
|
||||
/**
|
||||
* Implements attribute_provier_t interface.
|
||||
* Implements attribute_provider_t interface.
|
||||
*/
|
||||
attribute_provider_t provider;
|
||||
|
||||
|
|
|
@ -1271,7 +1271,7 @@ subdirectory, and gets built and installed if strongSwan has been
|
|||
The _Vici::Session_ module provides a _new()_ constructor for a high level
|
||||
interface, the underlying _Vici::Packet_ and _Vici::Transport_ classes are
|
||||
usually not required to build Perl applications using VICI. The _Vici::Session_
|
||||
class provides methods for the supported VICI commands. The auxiliare
|
||||
class provides methods for the supported VICI commands. The auxiliary
|
||||
_Vici::Message_ class is used to encode configuration parameters sent to
|
||||
the daemon and decode data returned by the daemon.
|
||||
|
||||
|
|
|
@ -324,7 +324,7 @@ vici_parse_t vici_parse(vici_res_t *res);
|
|||
char* vici_parse_name(vici_res_t *res);
|
||||
|
||||
/**
|
||||
* Compare name tag / key of a previusly parsed element.
|
||||
* Compare name tag / key of a previously parsed element.
|
||||
*
|
||||
* This call is valid only after vici_parse() returned VICI_PARSE_KEY_VALUE,
|
||||
* VICI_PARSE_BEGIN_SECTION or VICI_PARSE_BEGIN_LIST.
|
||||
|
|
|
@ -7,7 +7,7 @@ Gem::Specification.new do |s|
|
|||
The strongSwan VICI protocol allows external application to monitor,
|
||||
configure and control the IKE daemon charon. This Ruby Gem provides a
|
||||
native client side implementation of the VICI protocol, well suited to
|
||||
script automated tasks in a relaible way.
|
||||
script automated tasks in a reliable way.
|
||||
}
|
||||
s.summary = "Native Ruby interface for strongSwan VICI"
|
||||
s.homepage = "https://wiki.strongswan.org/projects/strongswan/wiki/Vici"
|
||||
|
|
|
@ -68,7 +68,7 @@ typedef struct authority_t authority_t;
|
|||
struct authority_t {
|
||||
|
||||
/**
|
||||
* Name of the certification authoritiy
|
||||
* Name of the certification authority
|
||||
*/
|
||||
char *name;
|
||||
|
||||
|
|
|
@ -80,7 +80,7 @@ static job_requeue_t raise_events(private_vici_logger_t *this)
|
|||
/**
|
||||
* Queue a message for async processing
|
||||
*/
|
||||
static void queue_messsage(private_vici_logger_t *this, vici_message_t *message)
|
||||
static void queue_message(private_vici_logger_t *this, vici_message_t *message)
|
||||
{
|
||||
this->queue->insert_last(this->queue, message);
|
||||
if (this->queue->get_count(this->queue) == 1)
|
||||
|
@ -124,7 +124,7 @@ METHOD(logger_t, log_, void,
|
|||
message = builder->finalize(builder);
|
||||
if (message)
|
||||
{
|
||||
queue_messsage(this, message);
|
||||
queue_message(this, message);
|
||||
}
|
||||
}
|
||||
this->recursive--;
|
||||
|
|
|
@ -47,7 +47,7 @@ struct vici_logger_t {
|
|||
* Create a vici_logger instance.
|
||||
*
|
||||
* @param dispatcher dispatcher to receive requests from
|
||||
* @return loggerential backend
|
||||
* @return logger backend
|
||||
*/
|
||||
vici_logger_t *vici_logger_create(vici_dispatcher_t *dispatcher);
|
||||
|
||||
|
|
|
@ -406,7 +406,7 @@ CALLBACK(on_write, bool,
|
|||
}
|
||||
|
||||
/**
|
||||
* Read in available header with data, non-blocking cumulating to buffer
|
||||
* Read in available header with data, non-blocking accumulating to buffer
|
||||
*/
|
||||
static bool do_read(private_vici_socket_t *this, entry_t *entry,
|
||||
stream_t *stream, char *errmsg, size_t errlen)
|
||||
|
|
|
@ -33,7 +33,7 @@ typedef struct delete_ike_sa_job_t delete_ike_sa_job_t;
|
|||
* Class representing an DELETE_IKE_SA Job.
|
||||
*
|
||||
* This job is responsible for deleting established or half open IKE_SAs.
|
||||
* A half open IKE_SA is every IKE_SA which hasn't reache the SA_ESTABLISHED
|
||||
* A half open IKE_SA is every IKE_SA which hasn't reached the SA_ESTABLISHED
|
||||
* state.
|
||||
*/
|
||||
struct delete_ike_sa_job_t {
|
||||
|
|
|
@ -29,7 +29,7 @@ typedef struct inactivity_job_t inactivity_job_t;
|
|||
/**
|
||||
* Job checking for inactivity of CHILD_SA to close them.
|
||||
*
|
||||
* The inactivity job reschedules itself to check CHILD_SAs prediodically.
|
||||
* The inactivity job reschedules itself to check CHILD_SAs periodically.
|
||||
*/
|
||||
struct inactivity_job_t {
|
||||
|
||||
|
|
|
@ -149,7 +149,7 @@ struct private_child_sa_t {
|
|||
uint32_t unique_id;
|
||||
|
||||
/**
|
||||
* Whether FWD policieis in the outbound direction should be installed
|
||||
* Whether FWD policies in the outbound direction should be installed
|
||||
*/
|
||||
bool policies_fwd_out;
|
||||
|
||||
|
|
|
@ -497,7 +497,7 @@ struct child_sa_t {
|
|||
uint32_t (*get_rekey_spi)(child_sa_t *this);
|
||||
|
||||
/**
|
||||
* Update hosts and ecapulation mode in the kernel SAs and policies.
|
||||
* Update hosts and ecapsulation mode in the kernel SAs and policies.
|
||||
*
|
||||
* @param me the new local host
|
||||
* @param other the new remote host
|
||||
|
|
|
@ -49,7 +49,7 @@ extern enum_name_t *eap_role_names;
|
|||
* responses. An EAP method may need multiple exchanges before succeeding, and
|
||||
* the eap_authentication may use multiple EAP methods to authenticate a peer.
|
||||
* To accomplish these requirements, all EAP methods have their own
|
||||
* implementation while the eap_authenticatior uses one or more of these
|
||||
* implementation while the eap_authenticator uses one or more of these
|
||||
* EAP methods. Sending of EAP(SUCCESS/FAILURE) message is not the job
|
||||
* of the method, the eap_authenticator does this.
|
||||
* An EAP method may establish a MSK, this is used the complete the
|
||||
|
@ -162,7 +162,7 @@ struct eap_method_t {
|
|||
* Constructors for server and peers are identical, to support both roles
|
||||
* of a EAP method, a plugin needs register two constructors in the
|
||||
* eap_manager_t.
|
||||
* The passed identites are of type ID_EAP and valid only during the
|
||||
* The passed identities are of type ID_EAP and valid only during the
|
||||
* constructor invocation.
|
||||
*
|
||||
* @param server ID of the server to use for credential lookup
|
||||
|
|
|
@ -237,7 +237,7 @@ struct private_ike_sa_t {
|
|||
uint32_t keepalive_interval;
|
||||
|
||||
/**
|
||||
* The schedueld keep alive job, if any
|
||||
* The scheduled keep alive job, if any
|
||||
*/
|
||||
send_keepalive_job_t *keepalive_job;
|
||||
|
||||
|
|
|
@ -248,7 +248,7 @@ enum ike_condition_t {
|
|||
* Timing information and statistics to query from an SA
|
||||
*/
|
||||
enum statistic_t {
|
||||
/** Timestamp of SA establishement */
|
||||
/** Timestamp of SA establishment */
|
||||
STAT_ESTABLISHED = 0,
|
||||
/** Timestamp of scheduled rekeying */
|
||||
STAT_REKEY,
|
||||
|
@ -766,7 +766,7 @@ struct ike_sa_t {
|
|||
* to the CHILD_SA.
|
||||
*
|
||||
* @param child_cfg child config to create CHILD from
|
||||
* @param reqid reqid to use for CHILD_SA, 0 assigne uniquely
|
||||
* @param reqid reqid to use for CHILD_SA, 0 assign uniquely
|
||||
* @param tsi source of triggering packet
|
||||
* @param tsr destination of triggering packet.
|
||||
* @return
|
||||
|
@ -1036,7 +1036,7 @@ struct ike_sa_t {
|
|||
status_t (*reauth) (ike_sa_t *this);
|
||||
|
||||
/**
|
||||
* Restablish the IKE_SA.
|
||||
* Reestablish the IKE_SA.
|
||||
*
|
||||
* Reestablish an IKE_SA after it has been closed.
|
||||
*
|
||||
|
@ -1140,7 +1140,7 @@ struct ike_sa_t {
|
|||
/**
|
||||
* Remove the task the given enumerator points to.
|
||||
*
|
||||
* @note This should be used with caution, in partciular, for tasks in the
|
||||
* @note This should be used with caution, in particular, for tasks in the
|
||||
* active and passive queues.
|
||||
*
|
||||
* @param enumerator enumerator created with the method above
|
||||
|
@ -1155,7 +1155,7 @@ struct ike_sa_t {
|
|||
void (*flush_queue)(ike_sa_t *this, task_queue_t queue);
|
||||
|
||||
/**
|
||||
* Queue a task for initiaton to the task manager.
|
||||
* Queue a task for initiation to the task manager.
|
||||
*
|
||||
* @param task task to queue
|
||||
*/
|
||||
|
|
|
@ -128,10 +128,10 @@ struct ike_sa_id_t {
|
|||
* @param ike_version major IKE version
|
||||
* @param initiator_spi initiators SPI
|
||||
* @param responder_spi responders SPI
|
||||
* @param is_initiaor TRUE if we are the original initiator
|
||||
* @param is_initiator TRUE if we are the original initiator
|
||||
* @return ike_sa_id_t object
|
||||
*/
|
||||
ike_sa_id_t * ike_sa_id_create(uint8_t ike_version, uint64_t initiator_spi,
|
||||
uint64_t responder_spi, bool is_initiaor);
|
||||
uint64_t responder_spi, bool is_initiator);
|
||||
|
||||
#endif /** IKE_SA_ID_H_ @}*/
|
||||
|
|
|
@ -1813,7 +1813,7 @@ METHOD(ike_sa_manager_t, checkin, void,
|
|||
* entry as checked out while we release the lock so no other
|
||||
* thread can acquire it. Since it is not yet in the list of
|
||||
* connected peers that will not cause a deadlock as no other
|
||||
* caller of check_unqiueness() will try to check out this SA */
|
||||
* caller of check_uniqueness() will try to check out this SA */
|
||||
entry->checked_out = thread_current();
|
||||
unlock_single_segment(this, segment);
|
||||
|
||||
|
@ -1909,7 +1909,7 @@ METHOD(ike_sa_manager_t, checkin_and_destroy, void,
|
|||
}
|
||||
else
|
||||
{
|
||||
DBG1(DBG_MGR, "tried to checkin and delete nonexisting IKE_SA");
|
||||
DBG1(DBG_MGR, "tried to checkin and delete nonexistent IKE_SA");
|
||||
ike_sa->destroy(ike_sa);
|
||||
}
|
||||
charon->bus->set_sa(charon->bus, NULL);
|
||||
|
|
|
@ -62,7 +62,7 @@ struct keymat_v1_t {
|
|||
*
|
||||
* @param proposal selected algorithms
|
||||
* @param dh diffie hellman key, NULL if none used
|
||||
* @param spi_i SPI chosen by initiatior
|
||||
* @param spi_i SPI chosen by initiator
|
||||
* @param spi_r SPI chosen by responder
|
||||
* @param nonce_i quick mode initiator nonce
|
||||
* @param nonce_r quick mode responder nonce
|
||||
|
@ -95,7 +95,7 @@ struct keymat_v1_t {
|
|||
/**
|
||||
* Get HASH data for authentication.
|
||||
*
|
||||
* @param initiatior TRUE to create HASH_I, FALSE for HASH_R
|
||||
* @param initiator TRUE to create HASH_I, FALSE for HASH_R
|
||||
* @param dh public DH value of peer to create HASH for
|
||||
* @param dh_other others public DH value
|
||||
* @param ike_sa_id IKE_SA identifier
|
||||
|
|
|
@ -88,7 +88,7 @@ struct private_phase1_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* Get the first authentcation config from peer config
|
||||
* Get the first authentication config from peer config
|
||||
*/
|
||||
static auth_cfg_t *get_auth_cfg(peer_cfg_t *peer_cfg, bool local)
|
||||
{
|
||||
|
|
|
@ -85,7 +85,7 @@ METHOD(task_t, process_r, status_t,
|
|||
bool found = FALSE;
|
||||
|
||||
/* some peers send DELETE payloads for other IKE_SAs, e.g. those for expired
|
||||
* ones after a rekeyeing, make sure the SPIs match */
|
||||
* ones after a rekeying, make sure the SPIs match */
|
||||
id = this->ike_sa->get_id(this->ike_sa);
|
||||
payloads = message->create_payload_enumerator(message);
|
||||
while (payloads->enumerate(payloads, &payload))
|
||||
|
|
|
@ -352,7 +352,7 @@ METHOD(task_t, process_i, status_t,
|
|||
status_t result = NEED_MORE;
|
||||
|
||||
if (!this->ike_sa->supports_extension(this->ike_sa, EXT_NATT))
|
||||
{ /* we didn't receive VIDs inidcating support for NAT-T */
|
||||
{ /* we didn't receive VIDs indicating support for NAT-T */
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ typedef struct pubkey_authenticator_t pubkey_authenticator_t;
|
|||
#include <sa/authenticator.h>
|
||||
|
||||
/**
|
||||
* Implementation of authenticator_t using public key authenitcation.
|
||||
* Implementation of authenticator_t using public key authentication.
|
||||
*/
|
||||
struct pubkey_authenticator_t {
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ struct private_connect_manager_t {
|
|||
connect_manager_t public;
|
||||
|
||||
/**
|
||||
* Lock for exclusivly accessing the manager.
|
||||
* Lock for exclusively accessing the manager.
|
||||
*/
|
||||
mutex_t *mutex;
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ struct private_keymat_v2_t {
|
|||
chunk_t skd;
|
||||
|
||||
/**
|
||||
* Key to build outging authentication data (SKp)
|
||||
* Key to build outgoing authentication data (SKp)
|
||||
*/
|
||||
chunk_t skp_build;
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ struct peer_t {
|
|||
/** sa id of the peer, NULL if offline */
|
||||
ike_sa_id_t *ike_sa_id;
|
||||
|
||||
/** list of peer ids that reuested this peer */
|
||||
/** list of peer ids that requested this peer */
|
||||
linked_list_t *requested_by;
|
||||
};
|
||||
|
||||
|
@ -74,7 +74,7 @@ struct private_mediation_manager_t {
|
|||
mediation_manager_t public;
|
||||
|
||||
/**
|
||||
* Lock for exclusivly accessing the manager.
|
||||
* Lock for exclusively accessing the manager.
|
||||
*/
|
||||
mutex_t *mutex;
|
||||
|
||||
|
|
|
@ -1174,7 +1174,7 @@ static void send_auth_failed_informational(private_ike_auth_t *this,
|
|||
}
|
||||
|
||||
/**
|
||||
* Check if strict constraint fullfillment required to continue current auth
|
||||
* Check if strict constraint fulfillment required to continue current auth
|
||||
*/
|
||||
static bool require_strict(private_ike_auth_t *this, bool mutual_eap)
|
||||
{
|
||||
|
|
|
@ -91,7 +91,7 @@ METHOD(task_t, process_i, status_t,
|
|||
}
|
||||
|
||||
/**
|
||||
* Check if this delete happened after a rekey collsion
|
||||
* Check if this delete happened after a rekey collision
|
||||
*/
|
||||
static bool after_rekey_collision(private_ike_delete_t *this)
|
||||
{
|
||||
|
|
|
@ -404,7 +404,7 @@ METHOD(task_t, build_r, status_t,
|
|||
if (this->callback)
|
||||
{
|
||||
/* we got a callback from the mediation server, initiate the
|
||||
* queued mediated connecction */
|
||||
* queued mediated connection */
|
||||
charon->connect_manager->check_and_initiate(
|
||||
charon->connect_manager,
|
||||
this->ike_sa->get_id(this->ike_sa),
|
||||
|
|
|
@ -313,7 +313,7 @@ METHOD(task_t, build_i, status_t,
|
|||
/* source may be any, we have 3 possibilities to get our source address:
|
||||
* 1. It is defined in the config => use the one of the IKE_SA
|
||||
* 2. We do a routing lookup in the kernel interface
|
||||
* 3. Include all possbile addresses
|
||||
* 3. Include all possible addresses
|
||||
*/
|
||||
host = message->get_source(message);
|
||||
if (!host->is_anyaddr(host) || force_encap(ike_cfg))
|
||||
|
|
|
@ -233,7 +233,7 @@ struct task_manager_t {
|
|||
* If a message is processed outside of the manager, this call increments
|
||||
* the message ID counters of the task manager.
|
||||
*
|
||||
* @param inititate TRUE to increment the initiating ID
|
||||
* @param initiate TRUE to increment the initiating ID
|
||||
*/
|
||||
void (*incr_mid)(task_manager_t *this, bool initiate);
|
||||
|
||||
|
@ -280,7 +280,7 @@ struct task_manager_t {
|
|||
/**
|
||||
* Remove the task the given enumerator points to.
|
||||
*
|
||||
* @note This should be used with caution, in partciular, for tasks in the
|
||||
* @note This should be used with caution, in particular, for tasks in the
|
||||
* active and passive queues.
|
||||
*
|
||||
* @param enumerator enumerator created with the method above
|
||||
|
|
|
@ -21,7 +21,7 @@ static void assert_host(char *expected, host_t *host)
|
|||
{
|
||||
if (!expected)
|
||||
{
|
||||
ck_assert_msg(!host, "not epxecting IP != %+H", host);
|
||||
ck_assert_msg(!host, "not expecting IP != %+H", host);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
@ -225,7 +225,7 @@ struct listener_message_rule_t {
|
|||
payload_type_t payload;
|
||||
|
||||
/**
|
||||
* Notify type to expect/not expect (paylod type does not have to be
|
||||
* Notify type to expect/not expect (payload type does not have to be
|
||||
* specified)
|
||||
*/
|
||||
notify_type_t notify;
|
||||
|
|
|
@ -43,7 +43,7 @@ struct exchange_test_helper_t {
|
|||
|
||||
/**
|
||||
* Set the initial byte of all nonces generated by future nonce
|
||||
* generators (already instatiated nonce generators are not affected).
|
||||
* generators (already instantiated nonce generators are not affected).
|
||||
*/
|
||||
u_char nonce_first_byte;
|
||||
|
||||
|
|
|
@ -66,7 +66,7 @@ struct private_fast_dispatcher_t {
|
|||
mutex_t *mutex;
|
||||
|
||||
/**
|
||||
* Hahstable with active sessions
|
||||
* Hashtable with active sessions
|
||||
*/
|
||||
hashtable_t *sessions;
|
||||
|
||||
|
|
|
@ -171,7 +171,7 @@ struct fast_request_t {
|
|||
* server-push functionality.
|
||||
*
|
||||
* @param format printf like format string
|
||||
* @param ... argmuent list to format string
|
||||
* @param ... argument list to format string
|
||||
* @return number of streamed bytes, < 0 if stream closed
|
||||
*/
|
||||
int (*streamf)(fast_request_t *this, char *format, ...);
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @defgroup ietf_attr_assess_resultt ietf_attr_assess_result
|
||||
* @defgroup ietf_attr_assess_result ietf_attr_assess_result
|
||||
* @{ @ingroup ietf_attr
|
||||
*/
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @defgroup ietf_attr_attr_requestt ietf_attr_attr_request
|
||||
* @defgroup ietf_attr_attr_request ietf_attr_attr_request
|
||||
* @{ @ingroup ietf_attr
|
||||
*/
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @defgroup ietf_attr_installed_packagest ietf_attr_installed_packages
|
||||
* @defgroup ietf_attr_installed_packages ietf_attr_installed_packages
|
||||
* @{ @ingroup ietf_attr
|
||||
*/
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @defgroup ietf_attr_numeric_versiont ietf_attr_numeric_version
|
||||
* @defgroup ietf_attr_numeric_version ietf_attr_numeric_version
|
||||
* @{ @ingroup ietf_attr
|
||||
*/
|
||||
|
||||
|
@ -59,7 +59,7 @@ struct ietf_attr_numeric_version_t {
|
|||
* Gets the Major and Minor Numbers of the Service Pack
|
||||
*
|
||||
* @param major Service Pack Major Number
|
||||
* @param minor Servcie Pack Minor Number
|
||||
* @param minor Service Pack Minor Number
|
||||
*/
|
||||
void (*get_service_pack)(ietf_attr_numeric_version_t *this,
|
||||
uint16_t *major, uint16_t *minor);
|
||||
|
|
|
@ -117,7 +117,7 @@ pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_type_t error_code,
|
|||
/**
|
||||
* Creates an ietf_attr_pa_tnc_error_t object from an error code with offset
|
||||
*
|
||||
* @param error_code Vendor-specifica PA-TNC error code
|
||||
* @param error_code Vendor-specific PA-TNC error code
|
||||
* @param header PA-TNC message header (first 8 bytes)
|
||||
* @param error_offset PA-TNC error offset in bytes
|
||||
*
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @defgroup ietf_attr_port_filtert ietf_attr_port_filter
|
||||
* @defgroup ietf_attr_port_filter ietf_attr_port_filter
|
||||
* @{ @ingroup ietf_attr
|
||||
*/
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @defgroup ietf_attr_string_versiont ietf_attr_string_version
|
||||
* @defgroup ietf_attr_string_version ietf_attr_string_version
|
||||
* @{ @ingroup ietf_attr
|
||||
*/
|
||||
|
||||
|
|
|
@ -111,7 +111,7 @@ struct imv_workitem_t {
|
|||
* Set result string
|
||||
*
|
||||
* @param result Result string
|
||||
* @return Action Recommendatino
|
||||
* @return Action Recommendation
|
||||
*/
|
||||
TNC_IMV_Action_Recommendation (*get_result)(imv_workitem_t *this,
|
||||
char **result);
|
||||
|
|
|
@ -52,7 +52,7 @@ struct imc_swima_subscription_t {
|
|||
swima_inventory_t *targets;
|
||||
|
||||
/**
|
||||
* Retrieve SW Identifieres only
|
||||
* Retrieve SW Identifiers only
|
||||
*/
|
||||
bool sw_id_only;
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ struct pts_component_t {
|
|||
*
|
||||
* @param qualifier PTS Component Functional Name Qualifier
|
||||
* @param pts PTS interface
|
||||
* @param evidence returns component evidence measureemt
|
||||
* @param evidence returns component evidence measurement
|
||||
* @param measurements additional file measurements (NULL if not present)
|
||||
* @return status return code
|
||||
*/
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue