ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,353 Commits 7 Branches 233 Tags 88 MiB
Commit Graph

34 Commits

Author SHA1 Message Date
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Thomas Egerer f930b732c4 proposal: Use flags to select/match proposals 
During proposal selection with ike/child_cfgs a couple of boolean
variables can be set (e.g. private, prefer_self, strip_dh). To simplify
the addition of new parameters, these functions now use a set of flags
instead of indiviual boolean values.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2019-10-24 17:22:53 +02:00
Tobias Brunner 72c96dbf9f child-cfg: Add property for interface ID 2019-04-03 12:00:08 +02:00
Tobias Brunner fa4d4012ae child-cfg: Add properties for in-/outbound mark the SA should set 2018-08-31 12:24:30 +02:00
Tobias Brunner c993eaf9d1 kernel: Add option to control DS field behavior 2018-08-29 11:36:04 +02:00
Tobias Brunner dc8b015d78 kernel: Add options to control DF and ECN header bits/fields via XFRM 
The options control whether the DF and ECN header bits/fields are copied
from the unencrypted packets to the encrypted packets in tunnel mode (DF only
for IPv4), and for ECN whether the same is done for inbound packets.

Note: This implementation only works with Linux/Netlink/XFRM.

Based on a patch by Markus Sattler.
 2018-08-29 11:36:04 +02:00
Tobias Brunner 84cdfbc9bc child-cfg: Allow suppressing log messages when selecting traffic selectors 
Although being already logged on level 2, these messages are usually just
confusing if they pop up randomly in the log when e.g. querying the configs
or installing traps.  So after this the log messages will only be logged when
actually proposing or selecting traffic selectors during IKE.
 2018-06-28 18:46:42 +02:00
Adi Nissim 8ced1570ab child-cfg: Make HW offload auto mode configurable 
Until now the configuration available to user for HW offload were:
hw_offload = no
hw_offload = yes

With this commit users will be able to configure auto mode using:
hw_offload = auto

Signed-off-by: Adi Nissim <adin@mellanox.com>
Reviewed-by: Aviv Heller <avivh@mellanox.com>
 2018-03-21 10:32:02 +01:00
Tobias Brunner 2307bffe56 proposal: Move proposal_t from libcharon to libstrongswan 
This allows us to use it without having to initialize libcharon, which
was required for the logging (we probably could have included debug.h
instead of daemon.h to workaround that but this seems more correct).
 2017-11-17 18:09:54 +01:00
Tobias Brunner ea43f8ffe5 child-cfg: Optionally set mark on inbound SA 2017-11-02 09:59:38 +01:00
Tobias Brunner 7637633bb9 child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256 
The correct truncation is 128-bit but some implementations insist on
using 96-bit truncation.  With strongSwan this can be negotiated using
an algorithm identifier from a private range.  But this doesn't work
with third-party implementations.  This adds an option to use 96-bit
truncation even if the official identifier is used.
 2017-05-26 11:22:27 +02:00
Tobias Brunner 4a17583051 child-cfg: Add flag to enable hardware offload 2017-05-23 16:54:36 +02:00
Tobias Brunner 749ac175fa child-cfg: Use flags for boolean options 
Makes it potentially easier to add new flags.
 2017-05-23 16:51:15 +02:00
Tobias Brunner c98e48cf0e child-cfg: Add setting that controls whether outbound FWD policies are installed 2016-09-28 17:56:43 +02:00
Tobias Brunner f2ea230b91 child-cfg: Add option to prefer supplied proposals over locally configured ones 2016-06-17 18:48:07 +02:00
Andreas Steffen b1df631212 vici list-conns sends reauthentication and rekeying time information 2016-05-04 18:13:52 +02:00
Andreas Steffen c26e4330e7 Implemented IPsec policies restricted to given network interface 2016-04-09 16:51:02 +02:00
Andreas Steffen 7f57c4f9fb Support manually-set IPsec policy priorities 2016-04-09 16:51:01 +02:00
Tobias Brunner 8a00a8452d child-cfg: Use struct to pass data to constructor 2016-04-09 16:51:01 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner 3af23606bf child-cfg: Add equals() method 2016-03-08 10:21:57 +01:00
Martin Willi bdcaa5e680 child-cfg: Store connection specific replay window on CHILD_SA config 2014-06-17 15:42:02 +02:00
Martin Willi 356846db5d child-cfg: Allow passing NULL as proposal to add_proposal() 
Making the API consistent to the one of ike_cfg.
 2014-05-16 16:01:21 +02:00
Tobias Brunner 0ceb288815 Fix various API doc issues and typos 
Partially based on an old patch by Adrian-Ken Rueegsegger.
 2013-07-18 18:30:36 +02:00
Martin Willi 7ee37114c9 Derive a dynamic TS to multiple virtual IPs 2012-09-18 17:11:03 +02:00
Tobias Brunner f3bb1bd039 Fixed common misspellings. 
Mostly found by 'codespell'.
 2011-07-20 16:14:10 +02:00
Martin Willi 37788b1d06 Added a TFC padding option to child_cfg 2010-12-20 09:45:39 +01:00
Andreas Steffen c616d84c3f start and route connections defined in an SQL database via start_action field and ipsec up %startall command 2010-11-28 11:57:49 +01:00
Tobias Brunner 08c0d340b8 Moved ipsec_transform_t to kernel_ipsec.h in libhydra. 
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
 2010-09-02 19:01:25 +02:00
Tobias Brunner 6f449d2efd Moved kernel interface to libhydra. 2010-09-02 19:01:25 +02:00
Andreas Steffen 26c4d0102a configuration of different marks for inbound and outbound direction 2010-07-09 09:06:07 +02:00
Andreas Steffen ee26c537d7 support of xfrm marks for IKEv2 2010-07-02 23:46:09 +02:00
Reto Buerki 277fcf9f86 Add reqid field and getter function to child_cfg_t. 2010-05-04 14:38:34 +02:00
Tobias Brunner 08c5572602 Moving charon to libcharon. 2010-03-19 13:34:52 +01:00