Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Tobias Brunner
ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Martin Willi
f98af1ddd5
Trigger DPD not before IKE_SA state gets updated
2012-03-20 17:31:39 +01:00
Martin Willi
a994050e9c
Don't re-resolve addresses during initiate if they have already been set
2012-03-20 17:31:38 +01:00
Martin Willi
783c496966
Update state before triggering DPD, as we cancel it if PASSIVE
2012-03-20 17:31:38 +01:00
Martin Willi
47b8f6ef4b
Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted
2012-03-20 17:31:37 +01:00
Martin Willi
1a0648490c
Invoke ike_updown hooks for reauthenticated IKEv1 SAs
2012-03-20 17:31:36 +01:00
Martin Willi
11aadd7722
Disable DPD checking for peers not supporting it
2012-03-20 17:31:35 +01:00
Martin Willi
1e624ce876
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
2012-03-20 17:31:35 +01:00
Martin Willi
3a0b67bce5
Destroy IKE_SA after reauthentication initiatend and lifetime limit reached
2012-03-20 17:31:33 +01:00
Martin Willi
beab4a90ae
Query for XAuth identity in get_other_eap_id(), too
2012-03-20 17:31:32 +01:00
Martin Willi
9c64f214f1
Support initiation of childless IKEv1 ISAKMP SAs
2012-03-20 17:31:32 +01:00
Martin Willi
7e9e1f96df
Don't trigger reauthentication if initiator authenticated using XAuth
2012-03-20 17:31:32 +01:00
Martin Willi
3a925f74ab
Do not query CHILD_SA during delete if they already expired
2012-03-20 17:31:31 +01:00
Martin Willi
3d54ae94d9
Handle initiation of not supported IKE versions properly
2012-03-20 17:31:30 +01:00
Martin Willi
d9c1dae293
Implemented resetting of IKEv1 task manager, enabling additional keyingtries
2012-03-20 17:31:29 +01:00
Martin Willi
448e2e2945
Check message version before processing it on an IKE_SA
2012-03-20 17:31:29 +01:00
Martin Willi
438a8d785f
Added a TODO for creating IKE_SAs with unsupported protocol version
2012-03-20 17:31:28 +01:00
Martin Willi
3b08de850a
Removed obsolete task header inclusion in IKE_SA
2012-03-20 17:31:27 +01:00
Martin Willi
873df908cc
Moved MOBIKE task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
26eee421b4
Check in task manager if we have to requeue IKE tasks in a non-first keyingtry
2012-03-20 17:31:27 +01:00
Martin Willi
cedb412e5a
Moved IKE_SA reauth task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
dab60d6411
Moved IKE_SA rekey task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
3ed148b37e
Moved IKE_SA delete task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
83c5fda053
Moved CHILD_SA delete task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
463a73cc0f
Moved CHILD_SA rekey task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
fe43d9a237
Moved CHILD_SA initiate task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
a60daa07f6
Moved IKE_SA initiate task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
244d715de5
Moved liveness checking task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
Martin Willi
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00
Martin Willi
2e3c9f8799
Renamed ike_vendor_v1 to isakmp_vendor
2012-03-20 17:31:26 +01:00
Martin Willi
79d6fc7f72
Renamed ike_natd_v1 to isakmp_natd
2012-03-20 17:31:26 +01:00
Martin Willi
824dc0adad
Renamed ike_cert_pre_v1 to isakmp_cert_pre
2012-03-20 17:31:26 +01:00
Martin Willi
0aa2af5efc
Renamed ike_cert_post_v1 to isakmp_cert_post
2012-03-20 17:31:26 +01:00
Martin Willi
ef175c92d9
Initiate IKE_ANY configurations with IKEv2
2012-03-20 17:31:25 +01:00
Martin Willi
53816600ff
Added a quick_delete task flag to enforce delete, even if CHILD_SA not found
2012-03-20 17:31:24 +01:00
Martin Willi
b24b73b7f3
Flush auth configs, if enabled, for both IKEv1 and IKEv2
2012-03-20 17:31:23 +01:00
Martin Willi
c459dae556
Use IKEv1 specific tasks to close Quick Mode SAs
2012-03-20 17:31:22 +01:00
Martin Willi
5f23be840b
Use the IKEv1 specific delete in IKEv1 SAs
2012-03-20 17:31:22 +01:00
Martin Willi
69adeb5bf2
Replace xauth_request task with a new stub where we reimplement it
2012-03-20 17:31:15 +01:00
Martin Willi
c64a4b4f8e
Implemented post-authentication certificate handling for IKEv1
2012-03-20 17:31:13 +01:00
Martin Willi
0bcdb8e571
Implemented pre-authentication certificate handling for IKEv1
2012-03-20 17:31:13 +01:00
Tobias Brunner
1cc4ec46cf
Task added for IKEv1 NAT detection.
...
There is already support for both Main and Aggressive Mode.
2012-03-20 17:31:10 +01:00
Clavister OpenSource
02c36eeb86
IKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, signalling whether or not to call the task_manager->initiate method after queueing the task.
2012-03-20 17:31:10 +01:00
Clavister OpenSource
65359ccbbc
IKEv1 XAuth: Add "initiate xauth" method, which adds the xauth task into the queue for initiation.
2012-03-20 17:31:09 +01:00
Tobias Brunner
68c6863bbb
Moved main part of message processing to task managers.
...
This will allow individual error handling for each IKE version and should
allow better handling of IKEv1 retransmits.
2012-03-20 17:31:08 +01:00
Tobias Brunner
44ff1153e8
Addded ike_sa_t.set_statistic to set timestamps from task manager.
2012-03-20 17:31:08 +01:00
Clavister OpenSource
e63cb7f816
Revert "IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task manager. When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place."
...
This reverts commit c6c28f4ac522dd8afb457847bca79eee77f78706.
Revert "IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode. This change should be reverted once we have a better method to initiate this exchange."
This reverts commit 5529dc50477e25df9dd5f3c442bb1521c0baf225.
2012-03-20 17:31:07 +01:00