Martin Willi
|
6ec949e022
|
Fixed BEET mode by installing SAs with negotiated address in traffic selector
|
2009-12-17 10:52:07 +01:00 |
Martin Willi
|
7b3814f75d
|
remove spaces before tabs at the beginning of lines (^( )+\t)
|
2009-09-04 15:02:11 +02:00 |
Martin Willi
|
b9b8a98f47
|
remove spaces within tabs (\t( )+\t)
|
2009-09-04 15:00:19 +02:00 |
Martin Willi
|
323f9f990f
|
replaces four spaces by tabs, where appropriate
|
2009-09-04 14:50:23 +02:00 |
Martin Willi
|
7daf5226b7
|
removed trailing spaces ([[:space:]]+$)
|
2009-09-04 13:46:09 +02:00 |
Tobias Brunner
|
e75f423753
|
Refactored the lifetime_cfg_t struct to be simpler and more expressive. Initialization is now static.
|
2009-09-01 12:54:33 +02:00 |
Tobias Brunner
|
e3c7e72973
|
Terminology and return value of get_lifetime of child_sa_t corrected.
|
2009-09-01 12:53:44 +02:00 |
Tobias Brunner
|
cb123493d1
|
child_sa_t adapted to the new lifetime configuration.
|
2009-09-01 12:53:43 +02:00 |
Martin Willi
|
6180a55852
|
use time_monotonic() instead of time() for statistics and time difference calculations
|
2009-08-31 18:00:28 +02:00 |
Martin Willi
|
1bc0b4f795
|
remove incomplete SAs with PROTO_ESP
|
2009-08-25 18:12:55 +02:00 |
Andreas Steffen
|
99dd42918e
|
do not set usetime if query_policy() fails
|
2009-08-07 05:59:09 +02:00 |
Tobias Brunner
|
c3a78360a8
|
Fixed a race condition when querying stats of a child_sa in different order.
|
2009-08-06 16:47:32 +02:00 |
Tobias Brunner
|
dd83c6d490
|
Don't query the policy usetime if there was no traffic on the SA.
This helps in cases where a policy is assigned to more than one SA. That
is, SAs now should have different usetimes even if they use the same policy.
|
2009-08-06 15:14:54 +02:00 |
Tobias Brunner
|
b3f8ea8346
|
Reverted the interface changes introduced in 3f720dc7 .
|
2009-08-06 13:31:54 +02:00 |
Andreas Steffen
|
47eb87d437
|
corrected interface definition
|
2009-07-31 08:57:55 +02:00 |
Andreas Steffen
|
3f720dc7c3
|
update usetime only if usebytes increase
|
2009-07-30 23:19:42 +02:00 |
Andreas Steffen
|
2ad51539f6
|
display transmitted bytes per SA
|
2009-07-30 21:33:19 +02:00 |
Martin Willi
|
64e8ca281f
|
simplified SPI allocation after refactorings
|
2009-05-14 10:28:18 +02:00 |
Martin Willi
|
37974979bc
|
do not report a CHILD_SA rekey time if rekeying disabled
|
2009-05-12 10:56:48 +02:00 |
Tobias Brunner
|
8c5d72cd0b
|
removing svn keyword $Id$ from all files
|
2009-04-30 13:19:35 +00:00 |
Tobias Brunner
|
d24a74c5b4
|
merging changes from portability branch back to trunk
important change for developers: %Y replaces %D to print identities!
|
2009-04-30 11:37:54 +00:00 |
Martin Willi
|
3aaf7908d1
|
refactored and cleaned up child_sa interface
replaced add/update calls by a install() call
allocating SPIs always externally
support installation of non-allocated CHILD_SAs
some other cleanups
|
2008-11-19 15:31:27 +00:00 |
Andreas Steffen
|
08c6ed9f14
|
fixed virtual IP re-installation failure in MOBIKE scenarios introduced with changeset 4662
|
2008-11-17 00:01:34 +00:00 |
Andreas Steffen
|
7a915d627d
|
completed migration of MIPv6 connections
|
2008-11-16 21:19:58 +00:00 |
Martin Willi
|
ce42db0921
|
BEET mode might want forwarding policies
|
2008-11-12 16:47:19 +00:00 |
Martin Willi
|
b8cbb6451c
|
ported some hard-to-merge cherries back to trunk :-/
shame, svn, shame: this was ways to complicated
we should consider a switch to git...
|
2008-11-12 15:09:24 +00:00 |
Tobias Brunner
|
ea625fabf9
|
merging kernel_klips plugin back into trunk
|
2008-11-11 09:22:00 +00:00 |
Andreas Steffen
|
d487b4b727
|
preliminary support of Mobile IPv6
|
2008-11-11 06:37:37 +00:00 |
Martin Willi
|
e13389a7f7
|
got rid of deprecated create_iterator_locked()
|
2008-11-05 08:32:38 +00:00 |
Martin Willi
|
80853d8498
|
moved CHILD_SA key derivation to keymat_t
passing key chunks to CHILD_SA, not the PRF
|
2008-10-29 16:06:16 +00:00 |
Martin Willi
|
82d20c0588
|
additional getters for ipcomp and UDP encap
|
2008-10-24 09:51:48 +00:00 |
Martin Willi
|
6e10aeadab
|
more CHILD_SA refactorings
|
2008-10-24 08:02:35 +00:00 |
Martin Willi
|
6df2837a8c
|
fixed enumeration of CHILD_SA traffic selectors
|
2008-10-21 10:57:40 +00:00 |
Martin Willi
|
ad3af574a4
|
moved updown script invocation to an optional plugin
|
2008-10-16 11:48:18 +00:00 |
Martin Willi
|
1df106bf39
|
cache keys for in and outbound ESP SAs
removed redundant storing of traffic selectors in CHILD_SA (sa_policy_t)
creating TS pairs dynamically using create_policy_enumerator()
|
2008-10-15 12:24:44 +00:00 |
Martin Willi
|
9f4e5f8c47
|
store ESP keys in CHILD_SA
|
2008-10-15 08:37:56 +00:00 |
Martin Willi
|
e517b4b174
|
passing chunks, not prf+, to kernel interface
gives us better control of keymat in CHILD_SA
|
2008-10-14 15:17:44 +00:00 |
Tobias Brunner
|
c25c8dce60
|
typos
|
2008-10-14 12:18:53 +00:00 |
Martin Willi
|
a985db3ff3
|
reintegrated bus-refactoring branch
|
2008-10-14 08:52:13 +00:00 |
Tobias Brunner
|
a341a68fac
|
merging renaming of mode_t to ipsec_mode_t back to trunk
|
2008-09-25 13:56:23 +00:00 |
Andreas Steffen
|
66da78b4bb
|
ipsec status lists IPCOMP CPIs
|
2008-07-22 12:03:58 +00:00 |
Andreas Steffen
|
c3967e779e
|
own CPI was not deleted due to copy-and-paste error
|
2008-07-22 10:53:56 +00:00 |
Martin Willi
|
7beea2e99f
|
fixed acquire-delay bug by:
installing policies before states
updating policies if protocol has changed
|
2008-07-16 11:51:37 +00:00 |
Tobias Brunner
|
d4aad55434
|
IPComp for IKEv2
|
2008-05-08 16:19:11 +00:00 |
Martin Willi
|
3c7e72f5b0
|
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator
|
2008-03-26 10:06:45 +00:00 |
Martin Willi
|
552cc11b1f
|
merged the modularization branch (credentials) back to trunk
|
2008-03-13 14:14:44 +00:00 |
Andreas Steffen
|
d5da42a9e4
|
fixed _updown target for ipv6
|
2007-11-06 13:45:54 +00:00 |
Martin Willi
|
011fb1b97e
|
removed accidentally checked in debugging code
|
2007-10-01 12:25:26 +00:00 |
Martin Willi
|
9dae1bed00
|
implemented IKEv2 force_encap connection parameter
enforces UDP encapsulation by faking NAT detection payloads
to hurdle restrictive firewalls
|
2007-10-01 12:19:39 +00:00 |
Martin Willi
|
d9d69536b0
|
improved MOBIKE roaming between interfaces
|
2007-09-24 12:15:25 +00:00 |