ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,353 Commits 7 Branches 233 Tags 88 MiB
Commit Graph

57 Commits

Author SHA1 Message Date
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Thomas Egerer eed20c21d3 ha: Add auth method for HA IKEv1 key derivation 
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2018-12-07 10:17:56 +01:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner f5fe0ffa2a bus: Add new hooks for derived IKE_SA and CHILD_SA keys 2016-10-04 10:01:49 +02:00
Tobias Brunner bd71ba0ffb task-manager: Add retransmit cleared alert 2016-06-06 14:11:01 +02:00
Thomas Egerer 9da65eaeb9 task-manager: Add retransmit count to retransmit send alert 
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2016-06-06 14:11:01 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner 072d9dc3c6 bus: Add new hook called when IKEv1 CHILD_SAs are migrated to a new IKE_SA 
The interface is currently not very nice, but if we ever were able to
safely checkout multiple SAs concurrently we could add something similar
to ike_rekey() and call that when we detect a reauthentication.
 2015-05-21 15:38:31 +02:00
Adrian-Ken Rueegsegger 8262be3cdc Add bool param to ALERT_KEEP_ON_CHILD_SA_FAILURE alert 
The parameter indicates if the alert is raised upon failure to establish
the first CHILD SA of an IKE SA.
 2015-05-04 18:07:29 +02:00
Martin Willi e1fe2781b0 bus: Add an ike_update() hook invoked when peer endpoints change 2015-02-20 15:33:59 +01:00
Tobias Brunner 127a98dc90 ikev1: Move fragment generation to message_t 2014-10-10 09:30:26 +02:00
Tobias Brunner 614359a7d5 bus: Add ike_reestablish_pre hook, called before DNS resolution 
The old hook is renamed to ike_reestablish_post and is now also called
when the initiation of the new IKE_SA failed.
 2014-07-22 11:10:36 +02:00
Martin Willi eef7427b0f bus: Add a handle_vips() hook invoked after handling configuration attributes 
Similar to assign_vips() used by a peer assigning virtual IPs to the other peer,
the handle_vips() hook gets invoked on a peers after receiving attributes. On
release of the same attributes the hook gets invoked again.

This is useful to inspect handled attributes, as the ike_updown() hook is
invoked after authentication, when attributes have not been handled yet.
 2014-06-17 15:14:51 +02:00
Martin Willi 58750670cf bus: raise certificate validation alerts using credential manager hook 2013-07-18 16:00:30 +02:00
Martin Willi a485320393 Raise an alert if the responding peer narrowed traffic selectors 2013-06-19 16:11:46 +02:00
Martin Willi 965348cd7a Raise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILURE 2013-05-15 17:18:03 +02:00
Andreas Steffen 12fa1784d0 emit a single assig_vips bus message for all VIPs 2013-04-06 14:16:30 +02:00
Andreas Steffen ba2880d569 ifmap plugin subscribes to assing_vip bus signal 2013-04-06 11:09:41 +02:00
Martin Willi 335982169a When IKEv1 DPD times out, raise missing SEND_RETRANSMIT_TIMOUT alert 2013-03-14 14:20:54 +01:00
Martin Willi c45cf9048e Raise an alert if an IKE_SA could not have been reauthenticated and expires 2013-03-14 14:20:54 +01:00
Tobias Brunner ef33a4ab82 Fixed some typos, courtesy of codespell 2012-12-20 09:35:26 +01:00
Adrian-Ken Rueegsegger ba8b28b67f Raise an alert if IKE SA is kept 
This alert is raised when the establishment of a child SA fails but the
IKE SA is kept.
 2012-12-20 09:15:07 +01:00
Martin Willi 578f72ceb0 Raise an alert if half-open timeout limit reached 2012-12-19 10:40:33 +01:00
Martin Willi c57fe7ac6f Raise an alert if an authorize() hook fails 2012-12-19 10:40:33 +01:00
Martin Willi 45d6134218 Raise an alert if allocating virtual IPs fails 2012-12-19 10:40:33 +01:00
Martin Willi f285b9efc8 Raise an alert if kernel policy installation fails 2012-12-19 10:40:33 +01:00
Martin Willi bcf3147e0a Raise an alert if kernel SA installation fails 2012-12-19 10:40:33 +01:00
Martin Willi 24f30ec92f Raise an alert on traffic selector mismatch 2012-12-19 10:40:32 +01:00
Martin Willi c794455666 Raise alerts when enforcing IKE_SA unique policy 2012-12-19 10:40:32 +01:00
Martin Willi 5dd9c3087f Raise an alert if CHILD_SA proposals mismatch 2012-12-19 10:40:32 +01:00
Martin Willi bab949bb26 Raise an alert if IKE proposals mismatch 2012-12-19 10:40:32 +01:00
Martin Willi 3f7f5388a5 Raise an alert of generating local authentication data fails 2012-12-19 10:40:32 +01:00
Martin Willi 3c79b7b7db Add alerts for sent/received message retransmissions and timeout 2012-11-29 10:22:51 +01:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Martin Willi 418f4bc7a5 Raise a bus alert when IKE message body parsing fails 2012-10-24 11:34:30 +02:00
Martin Willi 2b95ab7620 Raise a bus alert when IKE message header parsing fails 2012-10-24 11:34:30 +02:00
Martin Willi f6f16131d0 Raise a bus alert when a received message contains unknown SPIs 2012-10-24 11:34:30 +02:00
Tobias Brunner 1d6dc62727 Added a new alert that is raised if peer does not respond to initial IKE message 2012-10-16 14:16:17 +02:00
Martin Willi f942588f95 Add a responder narrow() hook to change TS in the kernel, but not on the wire 2012-09-11 16:14:39 +02:00
Tobias Brunner 4dbb193190 Add ike_reestablish() event that is triggered when an IKE_SA is reestablished 
This is particularly useful during reauthentication to get the new
IKE_SA.
 2012-09-06 11:25:14 +02:00
Tobias Brunner 7959a3faec Removed superfluous @param in bus.h. 2012-05-18 09:57:01 +02:00
Tobias Brunner ead92870b8 Loggers specify what log messages they want to receive during registration. 
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).

To update the log levels loggers can simply be registered again.
 2012-05-02 14:45:38 +02:00
Tobias Brunner 0e474f9148 Use a separate interface for loggers. 
The new interface does not allow loggers to unregister themselves from
the bus.  This allows us to use a rwlock_t for them.

The latter also means that loggers can now be called concurrently by
multiple threads.
 2012-05-02 14:45:38 +02:00
Tobias Brunner f9f867899a Use a separate list and mutex for loggers. 
This avoids deadlocks caused by extensive listener_t implementations
which might want to acquire a lock which is currently held by another
thread wanting to log messages. Since the latter requires that thread
to acquire the same lock the initial thread currently holds this
previously resulted in a deadlock.

With this change logging messages does not require threads to acquire
the main lock in bus_t and thus avoids the deadlock.
 2012-05-02 14:45:38 +02:00
Tobias Brunner a629513961 Remove obsolete bus_t.listen() method. 2012-05-02 14:45:38 +02:00
Martin Willi 47b8f6ef4b Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted 2012-03-20 17:31:37 +01:00
Martin Willi 23f9e7a18d Pass IKEv1 specific keymat to ike_keys hook 2012-03-20 17:31:37 +01:00
Martin Willi 8e3f14baab bus->listen() and the controller wrappers accept a timeout to wait for callbacks 2011-08-26 10:44:25 +02:00
Tobias Brunner ccbe380377 Throw an alert if authentication of the peer fails (not only for initiator). 2011-08-12 10:04:02 +02:00
Tobias Brunner 7ab19d571d Throw an alert when the peer address cannot be resolved during initiation. 2011-08-12 09:59:27 +02:00