Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Thomas Egerer
f930b732c4
proposal: Use flags to select/match proposals
...
During proposal selection with ike/child_cfgs a couple of boolean
variables can be set (e.g. private, prefer_self, strip_dh). To simplify
the addition of new parameters, these functions now use a set of flags
instead of indiviual boolean values.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2019-10-24 17:22:53 +02:00
Tobias Brunner
72c96dbf9f
child-cfg: Add property for interface ID
2019-04-03 12:00:08 +02:00
Tobias Brunner
fa4d4012ae
child-cfg: Add properties for in-/outbound mark the SA should set
2018-08-31 12:24:30 +02:00
Tobias Brunner
c993eaf9d1
kernel: Add option to control DS field behavior
2018-08-29 11:36:04 +02:00
Tobias Brunner
dc8b015d78
kernel: Add options to control DF and ECN header bits/fields via XFRM
...
The options control whether the DF and ECN header bits/fields are copied
from the unencrypted packets to the encrypted packets in tunnel mode (DF only
for IPv4), and for ECN whether the same is done for inbound packets.
Note: This implementation only works with Linux/Netlink/XFRM.
Based on a patch by Markus Sattler.
2018-08-29 11:36:04 +02:00
Tobias Brunner
84cdfbc9bc
child-cfg: Allow suppressing log messages when selecting traffic selectors
...
Although being already logged on level 2, these messages are usually just
confusing if they pop up randomly in the log when e.g. querying the configs
or installing traps. So after this the log messages will only be logged when
actually proposing or selecting traffic selectors during IKE.
2018-06-28 18:46:42 +02:00
Adi Nissim
8ced1570ab
child-cfg: Make HW offload auto mode configurable
...
Until now the configuration available to user for HW offload were:
hw_offload = no
hw_offload = yes
With this commit users will be able to configure auto mode using:
hw_offload = auto
Signed-off-by: Adi Nissim <adin@mellanox.com>
Reviewed-by: Aviv Heller <avivh@mellanox.com>
2018-03-21 10:32:02 +01:00
Tobias Brunner
2307bffe56
proposal: Move proposal_t from libcharon to libstrongswan
...
This allows us to use it without having to initialize libcharon, which
was required for the logging (we probably could have included debug.h
instead of daemon.h to workaround that but this seems more correct).
2017-11-17 18:09:54 +01:00
Tobias Brunner
ea43f8ffe5
child-cfg: Optionally set mark on inbound SA
2017-11-02 09:59:38 +01:00
Tobias Brunner
7637633bb9
child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256
...
The correct truncation is 128-bit but some implementations insist on
using 96-bit truncation. With strongSwan this can be negotiated using
an algorithm identifier from a private range. But this doesn't work
with third-party implementations. This adds an option to use 96-bit
truncation even if the official identifier is used.
2017-05-26 11:22:27 +02:00
Tobias Brunner
4a17583051
child-cfg: Add flag to enable hardware offload
2017-05-23 16:54:36 +02:00
Tobias Brunner
749ac175fa
child-cfg: Use flags for boolean options
...
Makes it potentially easier to add new flags.
2017-05-23 16:51:15 +02:00
Tobias Brunner
c98e48cf0e
child-cfg: Add setting that controls whether outbound FWD policies are installed
2016-09-28 17:56:43 +02:00
Tobias Brunner
f2ea230b91
child-cfg: Add option to prefer supplied proposals over locally configured ones
2016-06-17 18:48:07 +02:00
Andreas Steffen
b1df631212
vici list-conns sends reauthentication and rekeying time information
2016-05-04 18:13:52 +02:00
Andreas Steffen
c26e4330e7
Implemented IPsec policies restricted to given network interface
2016-04-09 16:51:02 +02:00
Andreas Steffen
7f57c4f9fb
Support manually-set IPsec policy priorities
2016-04-09 16:51:01 +02:00
Tobias Brunner
8a00a8452d
child-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
3af23606bf
child-cfg: Add equals() method
2016-03-08 10:21:57 +01:00
Martin Willi
bdcaa5e680
child-cfg: Store connection specific replay window on CHILD_SA config
2014-06-17 15:42:02 +02:00
Martin Willi
356846db5d
child-cfg: Allow passing NULL as proposal to add_proposal()
...
Making the API consistent to the one of ike_cfg.
2014-05-16 16:01:21 +02:00
Tobias Brunner
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
Martin Willi
7ee37114c9
Derive a dynamic TS to multiple virtual IPs
2012-09-18 17:11:03 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Martin Willi
37788b1d06
Added a TFC padding option to child_cfg
2010-12-20 09:45:39 +01:00
Andreas Steffen
c616d84c3f
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
2010-11-28 11:57:49 +01:00
Tobias Brunner
08c0d340b8
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
...
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
2010-09-02 19:01:25 +02:00
Tobias Brunner
6f449d2efd
Moved kernel interface to libhydra.
2010-09-02 19:01:25 +02:00
Andreas Steffen
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
Andreas Steffen
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
Reto Buerki
277fcf9f86
Add reqid field and getter function to child_cfg_t.
2010-05-04 14:38:34 +02:00
Tobias Brunner
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00