Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Thomas Egerer
eed20c21d3
ha: Add auth method for HA IKEv1 key derivation
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2018-12-07 10:17:56 +01:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
f5fe0ffa2a
bus: Add new hooks for derived IKE_SA and CHILD_SA keys
2016-10-04 10:01:49 +02:00
Tobias Brunner
bd71ba0ffb
task-manager: Add retransmit cleared alert
2016-06-06 14:11:01 +02:00
Thomas Egerer
9da65eaeb9
task-manager: Add retransmit count to retransmit send alert
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-06-06 14:11:01 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
072d9dc3c6
bus: Add new hook called when IKEv1 CHILD_SAs are migrated to a new IKE_SA
...
The interface is currently not very nice, but if we ever were able to
safely checkout multiple SAs concurrently we could add something similar
to ike_rekey() and call that when we detect a reauthentication.
2015-05-21 15:38:31 +02:00
Adrian-Ken Rueegsegger
8262be3cdc
Add bool param to ALERT_KEEP_ON_CHILD_SA_FAILURE alert
...
The parameter indicates if the alert is raised upon failure to establish
the first CHILD SA of an IKE SA.
2015-05-04 18:07:29 +02:00
Martin Willi
e1fe2781b0
bus: Add an ike_update() hook invoked when peer endpoints change
2015-02-20 15:33:59 +01:00
Tobias Brunner
127a98dc90
ikev1: Move fragment generation to message_t
2014-10-10 09:30:26 +02:00
Tobias Brunner
614359a7d5
bus: Add ike_reestablish_pre hook, called before DNS resolution
...
The old hook is renamed to ike_reestablish_post and is now also called
when the initiation of the new IKE_SA failed.
2014-07-22 11:10:36 +02:00
Martin Willi
eef7427b0f
bus: Add a handle_vips() hook invoked after handling configuration attributes
...
Similar to assign_vips() used by a peer assigning virtual IPs to the other peer,
the handle_vips() hook gets invoked on a peers after receiving attributes. On
release of the same attributes the hook gets invoked again.
This is useful to inspect handled attributes, as the ike_updown() hook is
invoked after authentication, when attributes have not been handled yet.
2014-06-17 15:14:51 +02:00
Martin Willi
58750670cf
bus: raise certificate validation alerts using credential manager hook
2013-07-18 16:00:30 +02:00
Martin Willi
a485320393
Raise an alert if the responding peer narrowed traffic selectors
2013-06-19 16:11:46 +02:00
Martin Willi
965348cd7a
Raise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILURE
2013-05-15 17:18:03 +02:00
Andreas Steffen
12fa1784d0
emit a single assig_vips bus message for all VIPs
2013-04-06 14:16:30 +02:00
Andreas Steffen
ba2880d569
ifmap plugin subscribes to assing_vip bus signal
2013-04-06 11:09:41 +02:00
Martin Willi
335982169a
When IKEv1 DPD times out, raise missing SEND_RETRANSMIT_TIMOUT alert
2013-03-14 14:20:54 +01:00
Martin Willi
c45cf9048e
Raise an alert if an IKE_SA could not have been reauthenticated and expires
2013-03-14 14:20:54 +01:00
Tobias Brunner
ef33a4ab82
Fixed some typos, courtesy of codespell
2012-12-20 09:35:26 +01:00
Adrian-Ken Rueegsegger
ba8b28b67f
Raise an alert if IKE SA is kept
...
This alert is raised when the establishment of a child SA fails but the
IKE SA is kept.
2012-12-20 09:15:07 +01:00
Martin Willi
578f72ceb0
Raise an alert if half-open timeout limit reached
2012-12-19 10:40:33 +01:00
Martin Willi
c57fe7ac6f
Raise an alert if an authorize() hook fails
2012-12-19 10:40:33 +01:00
Martin Willi
45d6134218
Raise an alert if allocating virtual IPs fails
2012-12-19 10:40:33 +01:00
Martin Willi
f285b9efc8
Raise an alert if kernel policy installation fails
2012-12-19 10:40:33 +01:00
Martin Willi
bcf3147e0a
Raise an alert if kernel SA installation fails
2012-12-19 10:40:33 +01:00
Martin Willi
24f30ec92f
Raise an alert on traffic selector mismatch
2012-12-19 10:40:32 +01:00
Martin Willi
c794455666
Raise alerts when enforcing IKE_SA unique policy
2012-12-19 10:40:32 +01:00
Martin Willi
5dd9c3087f
Raise an alert if CHILD_SA proposals mismatch
2012-12-19 10:40:32 +01:00
Martin Willi
bab949bb26
Raise an alert if IKE proposals mismatch
2012-12-19 10:40:32 +01:00
Martin Willi
3f7f5388a5
Raise an alert of generating local authentication data fails
2012-12-19 10:40:32 +01:00
Martin Willi
3c79b7b7db
Add alerts for sent/received message retransmissions and timeout
2012-11-29 10:22:51 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Martin Willi
418f4bc7a5
Raise a bus alert when IKE message body parsing fails
2012-10-24 11:34:30 +02:00
Martin Willi
2b95ab7620
Raise a bus alert when IKE message header parsing fails
2012-10-24 11:34:30 +02:00
Martin Willi
f6f16131d0
Raise a bus alert when a received message contains unknown SPIs
2012-10-24 11:34:30 +02:00
Tobias Brunner
1d6dc62727
Added a new alert that is raised if peer does not respond to initial IKE message
2012-10-16 14:16:17 +02:00
Martin Willi
f942588f95
Add a responder narrow() hook to change TS in the kernel, but not on the wire
2012-09-11 16:14:39 +02:00
Tobias Brunner
4dbb193190
Add ike_reestablish() event that is triggered when an IKE_SA is reestablished
...
This is particularly useful during reauthentication to get the new
IKE_SA.
2012-09-06 11:25:14 +02:00
Tobias Brunner
7959a3faec
Removed superfluous @param in bus.h.
2012-05-18 09:57:01 +02:00
Tobias Brunner
ead92870b8
Loggers specify what log messages they want to receive during registration.
...
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).
To update the log levels loggers can simply be registered again.
2012-05-02 14:45:38 +02:00
Tobias Brunner
0e474f9148
Use a separate interface for loggers.
...
The new interface does not allow loggers to unregister themselves from
the bus. This allows us to use a rwlock_t for them.
The latter also means that loggers can now be called concurrently by
multiple threads.
2012-05-02 14:45:38 +02:00
Tobias Brunner
f9f867899a
Use a separate list and mutex for loggers.
...
This avoids deadlocks caused by extensive listener_t implementations
which might want to acquire a lock which is currently held by another
thread wanting to log messages. Since the latter requires that thread
to acquire the same lock the initial thread currently holds this
previously resulted in a deadlock.
With this change logging messages does not require threads to acquire
the main lock in bus_t and thus avoids the deadlock.
2012-05-02 14:45:38 +02:00
Tobias Brunner
a629513961
Remove obsolete bus_t.listen() method.
2012-05-02 14:45:38 +02:00
Martin Willi
47b8f6ef4b
Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted
2012-03-20 17:31:37 +01:00
Martin Willi
23f9e7a18d
Pass IKEv1 specific keymat to ike_keys hook
2012-03-20 17:31:37 +01:00
Martin Willi
8e3f14baab
bus->listen() and the controller wrappers accept a timeout to wait for callbacks
2011-08-26 10:44:25 +02:00
Tobias Brunner
ccbe380377
Throw an alert if authentication of the peer fails (not only for initiator).
2011-08-12 10:04:02 +02:00
Tobias Brunner
7ab19d571d
Throw an alert when the peer address cannot be resolved during initiation.
2011-08-12 09:59:27 +02:00