ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
16,136 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

32 Commits

Author SHA1 Message Date
Tobias Brunner 2e4d110d1e linked-list: Change return value of find_first() and signature of its callback 
This avoids the unportable five pointer hack.
 2017-05-26 13:56:44 +02:00
Tobias Brunner 749ac175fa child-cfg: Use flags for boolean options 
Makes it potentially easier to add new flags.
 2017-05-23 16:51:15 +02:00
Tobias Brunner da82786b2d child-cfg: Always apply hosts to traffic selectors if proposing transport mode 
Usually, %dynamic is used as traffic selector for transport mode SAs,
however, if wildcard traps are used then the remote TS will be a subnet.
With strongSwan at the remote end that usually works fine as the local
%dynamic TS narrows the proposed TS appropriately.  But some
implementations reject non-host TS for transport mode SAs.
Another problem could be if several distinct subnets are configured for a
wildcard trap, as we'd then propose unrelated subnets on that transport
mode SA, which might be problematic even for strongSwan (switch to tunnel
mode and duplicate policies).

Closes strongswan/strongswan#61.
 2017-02-27 18:23:56 +01:00
Tobias Brunner 22f13dcecd proposal: Copy SPI and proposal number from correct proposal in select() 
If charon.prefer_configured_proposals is disabled select() is called on
the received proposal. This incorrectly set the SPI to 0 as the
configured proposal has no SPI set.

Fixes #2190.
 2017-02-06 11:14:31 +01:00
Tobias Brunner c98e48cf0e child-cfg: Add setting that controls whether outbound FWD policies are installed 2016-09-28 17:56:43 +02:00
Tobias Brunner f2ea230b91 child-cfg: Add option to prefer supplied proposals over locally configured ones 2016-06-17 18:48:07 +02:00
Andreas Steffen b1df631212 vici list-conns sends reauthentication and rekeying time information 2016-05-04 18:13:52 +02:00
Andreas Steffen c26e4330e7 Implemented IPsec policies restricted to given network interface 2016-04-09 16:51:02 +02:00
Andreas Steffen 7f57c4f9fb Support manually-set IPsec policy priorities 2016-04-09 16:51:01 +02:00
Tobias Brunner 8a00a8452d child-cfg: Use struct to pass data to constructor 2016-04-09 16:51:01 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner 3af23606bf child-cfg: Add equals() method 2016-03-08 10:21:57 +01:00
Tobias Brunner f92399ef18 child-cfg: Ignore duplicate proposals 
If ESP proposals are added once with and once without DH groups
duplicates result during IKE_AUTH when DH groups are stripped.
 2014-09-12 10:18:14 +02:00
Martin Willi bdcaa5e680 child-cfg: Store connection specific replay window on CHILD_SA config 2014-06-17 15:42:02 +02:00
Martin Willi 356846db5d child-cfg: Allow passing NULL as proposal to add_proposal() 
Making the API consistent to the one of ike_cfg.
 2014-05-16 16:01:21 +02:00
Tobias Brunner c478dfe617 child-cfg: Fix removal of redundant traffic selectors 
We have to make sure we compare every selected traffic selector with every
other in the list.

Fixes #577.
 2014-04-25 19:04:35 +02:00
Martin Willi a485320393 Raise an alert if the responding peer narrowed traffic selectors 2013-06-19 16:11:46 +02:00
Tobias Brunner 4eba7269b8 proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all 2012-10-24 16:09:42 +02:00
Tobias Brunner 6676769e8c Make sure we propose a dynamic TS if we don't have hosts to derive a TS from 
7ee37114 removed this behavior.
 2012-09-21 18:14:17 +02:00
Martin Willi 7ee37114c9 Derive a dynamic TS to multiple virtual IPs 2012-09-18 17:11:03 +02:00
Tobias Brunner 455accc687 Ensure traffic selectors are dynamic before calling set_address() when deriving them 2012-09-12 18:13:47 +02:00
Tobias Brunner d2b4dff5dd Log configured CHILD_SA proposals as initiator 2012-08-24 13:43:14 +02:00
Martin Willi 1038d9fee5 Added a null-safe strdup variant 2011-01-05 16:46:02 +01:00
Martin Willi 37788b1d06 Added a TFC padding option to child_cfg 2010-12-20 09:45:39 +01:00
Andreas Steffen c616d84c3f start and route connections defined in an SQL database via start_action field and ipsec up %startall command 2010-11-28 11:57:49 +01:00
Andreas Steffen 31f6f1513d Migrated child_cfg_t to INIT/METHOD macros 2010-11-26 16:32:15 +01:00
Tobias Brunner 08c0d340b8 Moved ipsec_transform_t to kernel_ipsec.h in libhydra. 
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
 2010-09-02 19:01:25 +02:00
Andreas Steffen 26c4d0102a configuration of different marks for inbound and outbound direction 2010-07-09 09:06:07 +02:00
Andreas Steffen ee26c537d7 support of xfrm marks for IKEv2 2010-07-02 23:46:09 +02:00
Tobias Brunner 4e9d313ff8 Explicitly include stdint.h for UINT64_MAX. 
This is required on FreeBSD 8.
 2010-06-15 15:31:46 +02:00
Reto Buerki 277fcf9f86 Add reqid field and getter function to child_cfg_t. 2010-05-04 14:38:34 +02:00
Tobias Brunner 08c5572602 Moving charon to libcharon. 2010-03-19 13:34:52 +01:00