ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
8,939 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

115 Commits

Author SHA1 Message Date
Tobias Brunner 42500c274a Use name from initialization to access settings in libcharon. 
Also fixes several whitespace errors.
 2012-05-03 13:57:04 +02:00
Martin Willi b24be29646 Merge branch 'ikev1' 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/encoding/generator.c
	src/libcharon/encoding/payloads/notify_payload.c
	src/libcharon/encoding/payloads/notify_payload.h
	src/libcharon/encoding/payloads/payload.c
	src/libcharon/network/receiver.c
	src/libcharon/sa/authenticator.c
	src/libcharon/sa/authenticator.h
	src/libcharon/sa/ikev2/tasks/ike_init.c
	src/libcharon/sa/task_manager.c
	src/libstrongswan/credentials/auth_cfg.c
 2012-05-02 11:12:31 +02:00
Tobias Brunner ae9ce83511 Properly initialize src in ike_sa_t.is_any_path_valid(). 2012-04-06 10:54:44 +02:00
Martin Willi b1f2f05c92 Merge branch 'ikev1-clean' into ikev1-master 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/daemon.c
	src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
	src/libcharon/plugins/eap_radius/eap_radius_accounting.c
	src/libcharon/plugins/eap_radius/eap_radius_forward.c
	src/libcharon/plugins/farp/farp_listener.c
	src/libcharon/sa/ike_sa.c
	src/libcharon/sa/keymat.c
	src/libcharon/sa/task_manager.c
	src/libcharon/sa/trap_manager.c
	src/libstrongswan/plugins/x509/x509_cert.c
	src/libstrongswan/utils.h

Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
 2012-03-20 17:57:53 +01:00
Martin Willi f98af1ddd5 Trigger DPD not before IKE_SA state gets updated 2012-03-20 17:31:39 +01:00
Martin Willi a994050e9c Don't re-resolve addresses during initiate if they have already been set 2012-03-20 17:31:38 +01:00
Martin Willi 783c496966 Update state before triggering DPD, as we cancel it if PASSIVE 2012-03-20 17:31:38 +01:00
Martin Willi 47b8f6ef4b Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted 2012-03-20 17:31:37 +01:00
Martin Willi 1a0648490c Invoke ike_updown hooks for reauthenticated IKEv1 SAs 2012-03-20 17:31:36 +01:00
Martin Willi 11aadd7722 Disable DPD checking for peers not supporting it 2012-03-20 17:31:35 +01:00
Martin Willi 1e624ce876 Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state 2012-03-20 17:31:35 +01:00
Martin Willi 3a0b67bce5 Destroy IKE_SA after reauthentication initiatend and lifetime limit reached 2012-03-20 17:31:33 +01:00
Martin Willi beab4a90ae Query for XAuth identity in get_other_eap_id(), too 2012-03-20 17:31:32 +01:00
Martin Willi 9c64f214f1 Support initiation of childless IKEv1 ISAKMP SAs 2012-03-20 17:31:32 +01:00
Martin Willi 7e9e1f96df Don't trigger reauthentication if initiator authenticated using XAuth 2012-03-20 17:31:32 +01:00
Martin Willi 3a925f74ab Do not query CHILD_SA during delete if they already expired 2012-03-20 17:31:31 +01:00
Martin Willi 3d54ae94d9 Handle initiation of not supported IKE versions properly 2012-03-20 17:31:30 +01:00
Martin Willi d9c1dae293 Implemented resetting of IKEv1 task manager, enabling additional keyingtries 2012-03-20 17:31:29 +01:00
Martin Willi 448e2e2945 Check message version before processing it on an IKE_SA 2012-03-20 17:31:29 +01:00
Martin Willi 438a8d785f Added a TODO for creating IKE_SAs with unsupported protocol version 2012-03-20 17:31:28 +01:00
Martin Willi 3b08de850a Removed obsolete task header inclusion in IKE_SA 2012-03-20 17:31:27 +01:00
Martin Willi 873df908cc Moved MOBIKE task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi 26eee421b4 Check in task manager if we have to requeue IKE tasks in a non-first keyingtry 2012-03-20 17:31:27 +01:00
Martin Willi cedb412e5a Moved IKE_SA reauth task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi dab60d6411 Moved IKE_SA rekey task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi 3ed148b37e Moved IKE_SA delete task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi 83c5fda053 Moved CHILD_SA delete task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi 463a73cc0f Moved CHILD_SA rekey task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi fe43d9a237 Moved CHILD_SA initiate task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi a60daa07f6 Moved IKE_SA initiate task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi 244d715de5 Moved liveness checking task creation to protocol specific task manager 2012-03-20 17:31:27 +01:00
Martin Willi 15a682f4c2 Separated libcharon/sa directory with ikev1 and ikev2 subfolders 2012-03-20 17:31:26 +01:00
Martin Willi 2e3c9f8799 Renamed ike_vendor_v1 to isakmp_vendor 2012-03-20 17:31:26 +01:00
Martin Willi 79d6fc7f72 Renamed ike_natd_v1 to isakmp_natd 2012-03-20 17:31:26 +01:00
Martin Willi 824dc0adad Renamed ike_cert_pre_v1 to isakmp_cert_pre 2012-03-20 17:31:26 +01:00
Martin Willi 0aa2af5efc Renamed ike_cert_post_v1 to isakmp_cert_post 2012-03-20 17:31:26 +01:00
Martin Willi ef175c92d9 Initiate IKE_ANY configurations with IKEv2 2012-03-20 17:31:25 +01:00
Martin Willi 53816600ff Added a quick_delete task flag to enforce delete, even if CHILD_SA not found 2012-03-20 17:31:24 +01:00
Martin Willi b24b73b7f3 Flush auth configs, if enabled, for both IKEv1 and IKEv2 2012-03-20 17:31:23 +01:00
Martin Willi c459dae556 Use IKEv1 specific tasks to close Quick Mode SAs 2012-03-20 17:31:22 +01:00
Martin Willi 5f23be840b Use the IKEv1 specific delete in IKEv1 SAs 2012-03-20 17:31:22 +01:00
Martin Willi 69adeb5bf2 Replace xauth_request task with a new stub where we reimplement it 2012-03-20 17:31:15 +01:00
Martin Willi c64a4b4f8e Implemented post-authentication certificate handling for IKEv1 2012-03-20 17:31:13 +01:00
Martin Willi 0bcdb8e571 Implemented pre-authentication certificate handling for IKEv1 2012-03-20 17:31:13 +01:00
Tobias Brunner 1cc4ec46cf Task added for IKEv1 NAT detection. 
There is already support for both Main and Aggressive Mode.
 2012-03-20 17:31:10 +01:00
Clavister OpenSource 02c36eeb86 IKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, signalling whether or not to call the task_manager->initiate method after queueing the task. 2012-03-20 17:31:10 +01:00
Clavister OpenSource 65359ccbbc IKEv1 XAuth: Add "initiate xauth" method, which adds the xauth task into the queue for initiation. 2012-03-20 17:31:09 +01:00
Tobias Brunner 68c6863bbb Moved main part of message processing to task managers. 
This will allow individual error handling for each IKE version and should
allow better handling of IKEv1 retransmits.
 2012-03-20 17:31:08 +01:00
Tobias Brunner 44ff1153e8 Addded ike_sa_t.set_statistic to set timestamps from task manager. 2012-03-20 17:31:08 +01:00
Clavister OpenSource e63cb7f816 Revert "IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task manager. When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place." 
This reverts commit c6c28f4ac522dd8afb457847bca79eee77f78706.

Revert "IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t.  This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode.  This change should be reverted once we have a better method to initiate this exchange."

This reverts commit 5529dc50477e25df9dd5f3c442bb1521c0baf225.
 2012-03-20 17:31:07 +01:00