Tobias Brunner
2e4d110d1e
linked-list: Change return value of find_first() and signature of its callback
...
This avoids the unportable five pointer hack.
2017-05-26 13:56:44 +02:00
Tobias Brunner
749ac175fa
child-cfg: Use flags for boolean options
...
Makes it potentially easier to add new flags.
2017-05-23 16:51:15 +02:00
Tobias Brunner
da82786b2d
child-cfg: Always apply hosts to traffic selectors if proposing transport mode
...
Usually, %dynamic is used as traffic selector for transport mode SAs,
however, if wildcard traps are used then the remote TS will be a subnet.
With strongSwan at the remote end that usually works fine as the local
%dynamic TS narrows the proposed TS appropriately. But some
implementations reject non-host TS for transport mode SAs.
Another problem could be if several distinct subnets are configured for a
wildcard trap, as we'd then propose unrelated subnets on that transport
mode SA, which might be problematic even for strongSwan (switch to tunnel
mode and duplicate policies).
Closes strongswan/strongswan#61 .
2017-02-27 18:23:56 +01:00
Tobias Brunner
22f13dcecd
proposal: Copy SPI and proposal number from correct proposal in select()
...
If charon.prefer_configured_proposals is disabled select() is called on
the received proposal. This incorrectly set the SPI to 0 as the
configured proposal has no SPI set.
Fixes #2190 .
2017-02-06 11:14:31 +01:00
Tobias Brunner
c98e48cf0e
child-cfg: Add setting that controls whether outbound FWD policies are installed
2016-09-28 17:56:43 +02:00
Tobias Brunner
f2ea230b91
child-cfg: Add option to prefer supplied proposals over locally configured ones
2016-06-17 18:48:07 +02:00
Andreas Steffen
b1df631212
vici list-conns sends reauthentication and rekeying time information
2016-05-04 18:13:52 +02:00
Andreas Steffen
c26e4330e7
Implemented IPsec policies restricted to given network interface
2016-04-09 16:51:02 +02:00
Andreas Steffen
7f57c4f9fb
Support manually-set IPsec policy priorities
2016-04-09 16:51:01 +02:00
Tobias Brunner
8a00a8452d
child-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
3af23606bf
child-cfg: Add equals() method
2016-03-08 10:21:57 +01:00
Tobias Brunner
f92399ef18
child-cfg: Ignore duplicate proposals
...
If ESP proposals are added once with and once without DH groups
duplicates result during IKE_AUTH when DH groups are stripped.
2014-09-12 10:18:14 +02:00
Martin Willi
bdcaa5e680
child-cfg: Store connection specific replay window on CHILD_SA config
2014-06-17 15:42:02 +02:00
Martin Willi
356846db5d
child-cfg: Allow passing NULL as proposal to add_proposal()
...
Making the API consistent to the one of ike_cfg.
2014-05-16 16:01:21 +02:00
Tobias Brunner
c478dfe617
child-cfg: Fix removal of redundant traffic selectors
...
We have to make sure we compare every selected traffic selector with every
other in the list.
Fixes #577 .
2014-04-25 19:04:35 +02:00
Martin Willi
a485320393
Raise an alert if the responding peer narrowed traffic selectors
2013-06-19 16:11:46 +02:00
Tobias Brunner
4eba7269b8
proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all
2012-10-24 16:09:42 +02:00
Tobias Brunner
6676769e8c
Make sure we propose a dynamic TS if we don't have hosts to derive a TS from
...
7ee37114
removed this behavior.
2012-09-21 18:14:17 +02:00
Martin Willi
7ee37114c9
Derive a dynamic TS to multiple virtual IPs
2012-09-18 17:11:03 +02:00
Tobias Brunner
455accc687
Ensure traffic selectors are dynamic before calling set_address() when deriving them
2012-09-12 18:13:47 +02:00
Tobias Brunner
d2b4dff5dd
Log configured CHILD_SA proposals as initiator
2012-08-24 13:43:14 +02:00
Martin Willi
1038d9fee5
Added a null-safe strdup variant
2011-01-05 16:46:02 +01:00
Martin Willi
37788b1d06
Added a TFC padding option to child_cfg
2010-12-20 09:45:39 +01:00
Andreas Steffen
c616d84c3f
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
2010-11-28 11:57:49 +01:00
Andreas Steffen
31f6f1513d
Migrated child_cfg_t to INIT/METHOD macros
2010-11-26 16:32:15 +01:00
Tobias Brunner
08c0d340b8
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
...
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
2010-09-02 19:01:25 +02:00
Andreas Steffen
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
Andreas Steffen
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
Tobias Brunner
4e9d313ff8
Explicitly include stdint.h for UINT64_MAX.
...
This is required on FreeBSD 8.
2010-06-15 15:31:46 +02:00
Reto Buerki
277fcf9f86
Add reqid field and getter function to child_cfg_t.
2010-05-04 14:38:34 +02:00
Tobias Brunner
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00