Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
c56b8c1a26
peer-cfg: Add property for interface ID
2019-04-04 09:31:38 +02:00
Tobias Brunner
784d96e031
Fixed some typos, courtesy of codespell
2018-09-17 18:51:44 +02:00
Tobias Brunner
a2ff8b654d
peer-cfg: Add properties for PPK ID and whether PPK is required
2018-09-10 18:03:01 +02:00
Tobias Brunner
40ed812442
peer-cfg: Replace equal child configs with newly added ones
...
Otherwise, renamed child configs would still be known to the daemon
under their old name.
Fixes #2746 .
2018-09-10 17:45:07 +02:00
Tobias Brunner
84cdfbc9bc
child-cfg: Allow suppressing log messages when selecting traffic selectors
...
Although being already logged on level 2, these messages are usually just
confusing if they pop up randomly in the log when e.g. querying the configs
or installing traps. So after this the log messages will only be logged when
actually proposing or selecting traffic selectors during IKE.
2018-06-28 18:46:42 +02:00
Tobias Brunner
8d4ebb3ac4
peer-cfg: Use an rwlock instead of a mutex to safely access child-cfgs
...
If multiple threads want to enumerate child-cfgs and potentially lock
other locks (e.g. check out IKE_SAs) while doing so a deadlock could
be caused (as was the case with VICI configs with start_action=start).
It should also improve performance for roadwarrior connections and lots
of clients connecting concurrently.
Fixes #2374 .
2017-07-27 13:34:40 +02:00
Tobias Brunner
95a63bf281
Migrate all enumerators to venumerate() interface change
2017-05-26 13:56:44 +02:00
Tobias Brunner
ed96fe72cf
peer-cfg: Store mediated_by as name and not peer-cfg reference
...
This way updates to the mediation config are respected and the order in
which configs are configured/loaded does not matter.
The SQL plugin currently maintains the strong relationship between
mediated and mediation connection (we could theoretically change that to a
string too).
2017-02-16 19:24:09 +01:00
Tobias Brunner
da1d5cd2e6
peer-cfg: Fix memory leak when replacing child configs
...
Fixes: 622c2b2c33
("peer-cfg: Add method to atomically replace child
configs")
2016-11-11 15:34:33 +01:00
Tobias Brunner
2ba5dadb12
peer-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
622c2b2c33
peer-cfg: Add method to atomically replace child configs
2016-03-08 10:21:58 +01:00
Tobias Brunner
f6a5e6b6a9
peer-cfg: Use new method to compare linked lists in equals()
...
This also compares the complete lists not only the first two items.
2016-03-08 10:21:57 +01:00
Tobias Brunner
b4ae9e81f5
peer-cfg: Set DPD timeout to at least DPD delay
...
If DPD timeout is set but to a value smaller than the DPD delay the code
in task_manager_v1.c:queue_liveliness_check will run into an integer
underrun.
2016-02-01 15:29:25 +01:00
Tobias Brunner
ebeb8c87c5
traffic-selector: Don't end printf'ed list of traffic selectors with a space
2015-11-10 12:13:06 +01:00
Martin Willi
b9dd46d8a9
peer-cfg: Add missing UNIQUE_NEVER to unique_policy_names
2014-05-19 18:05:51 +02:00
Martin Willi
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
Martin Willi
246e2bed1d
Use subset matching instead of is_contained_in() to select a child_cfg
...
If one selector has a wider IP range than the other, but the other has a
wider port/protocol selector than the first one, none is completely contained
in the other. The check for a match using is_contained_in() therefore would
fail. Using get_subset() can handle such cases, fixing configuration selection.
2013-06-13 13:37:50 +02:00
Tobias Brunner
eba65182e4
Include 'aggressive' when comparing peer_cfg_t objects
2012-11-07 12:44:58 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
cf62d073f1
Move ike_version_t definition from peer_cfg_t to ike_cfg_t
2012-10-24 10:17:36 +02:00
Martin Willi
7ee37114c9
Derive a dynamic TS to multiple virtual IPs
2012-09-18 17:11:03 +02:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Andreas Steffen
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
Martin Willi
5ce59d4c06
Added an aggressive mode peer_cfg option
2012-03-20 17:31:34 +01:00
Martin Willi
986237603f
Fix ike_version_t enum names
2012-03-20 17:31:29 +01:00
Martin Willi
ac009df132
Pass IKE version to peer config enumerator, filter configs
2012-03-20 17:31:25 +01:00
Martin Willi
d08269c700
Added a get_rekey/reauth_time() jitter parameter to get time without randomization
2012-03-20 17:30:52 +01:00
Tobias Brunner
f7a8fcedc0
Use enum to define IKE version on peer_cfg_t.
...
Replaced all those magic numbers.
2012-03-20 17:30:41 +01:00
Tobias Brunner
6b444c5934
Migrated peer_cfg_t to INIT/METHOD macros.
2011-08-03 15:17:34 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Martin Willi
1038d9fee5
Added a null-safe strdup variant
2011-01-05 16:46:02 +01:00
Tobias Brunner
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00