ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,353 Commits 7 Branches 233 Tags 88 MiB
Commit Graph

36 Commits

Author SHA1 Message Date
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner c56b8c1a26 peer-cfg: Add property for interface ID 2019-04-04 09:31:38 +02:00
Tobias Brunner 784d96e031 Fixed some typos, courtesy of codespell 2018-09-17 18:51:44 +02:00
Tobias Brunner a2ff8b654d peer-cfg: Add properties for PPK ID and whether PPK is required 2018-09-10 18:03:01 +02:00
Tobias Brunner 40ed812442 peer-cfg: Replace equal child configs with newly added ones 
Otherwise, renamed child configs would still be known to the daemon
under their old name.

Fixes #2746.
 2018-09-10 17:45:07 +02:00
Tobias Brunner 84cdfbc9bc child-cfg: Allow suppressing log messages when selecting traffic selectors 
Although being already logged on level 2, these messages are usually just
confusing if they pop up randomly in the log when e.g. querying the configs
or installing traps.  So after this the log messages will only be logged when
actually proposing or selecting traffic selectors during IKE.
 2018-06-28 18:46:42 +02:00
Tobias Brunner 8d4ebb3ac4 peer-cfg: Use an rwlock instead of a mutex to safely access child-cfgs 
If multiple threads want to enumerate child-cfgs and potentially lock
other locks (e.g. check out IKE_SAs) while doing so a deadlock could
be caused (as was the case with VICI configs with start_action=start).
It should also improve performance for roadwarrior connections and lots
of clients connecting concurrently.

Fixes #2374.
 2017-07-27 13:34:40 +02:00
Tobias Brunner 95a63bf281 Migrate all enumerators to venumerate() interface change 2017-05-26 13:56:44 +02:00
Tobias Brunner ed96fe72cf peer-cfg: Store mediated_by as name and not peer-cfg reference 
This way updates to the mediation config are respected and the order in
which configs are configured/loaded does not matter.

The SQL plugin currently maintains the strong relationship between
mediated and mediation connection (we could theoretically change that to a
string too).
 2017-02-16 19:24:09 +01:00
Tobias Brunner da1d5cd2e6 peer-cfg: Fix memory leak when replacing child configs 
Fixes: 622c2b2c33 ("peer-cfg: Add method to atomically replace child
configs")
 2016-11-11 15:34:33 +01:00
Tobias Brunner 2ba5dadb12 peer-cfg: Use struct to pass data to constructor 2016-04-09 16:51:01 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner 622c2b2c33 peer-cfg: Add method to atomically replace child configs 2016-03-08 10:21:58 +01:00
Tobias Brunner f6a5e6b6a9 peer-cfg: Use new method to compare linked lists in equals() 
This also compares the complete lists not only the first two items.
 2016-03-08 10:21:57 +01:00
Tobias Brunner b4ae9e81f5 peer-cfg: Set DPD timeout to at least DPD delay 
If DPD timeout is set but to a value smaller than the DPD delay the code
in task_manager_v1.c:queue_liveliness_check will run into an integer
underrun.
 2016-02-01 15:29:25 +01:00
Tobias Brunner ebeb8c87c5 traffic-selector: Don't end printf'ed list of traffic selectors with a space 2015-11-10 12:13:06 +01:00
Martin Willi b9dd46d8a9 peer-cfg: Add missing UNIQUE_NEVER to unique_policy_names 2014-05-19 18:05:51 +02:00
Martin Willi 9aeaa7396e peer-cfg: add a pull/push mode option to use with mode config 2013-09-04 10:33:37 +02:00
Martin Willi 246e2bed1d Use subset matching instead of is_contained_in() to select a child_cfg 
If one selector has a wider IP range than the other, but the other has a
wider port/protocol selector than the first one, none is completely contained
in the other. The check for a match using is_contained_in() therefore would
fail. Using get_subset() can handle such cases, fixing configuration selection.
 2013-06-13 13:37:50 +02:00
Tobias Brunner eba65182e4 Include 'aggressive' when comparing peer_cfg_t objects 2012-11-07 12:44:58 +01:00
Tobias Brunner 12642a6831 Moved data structures to new collections subfolder 2012-10-24 16:00:49 +02:00
Martin Willi 1fdd62ffce Remove version argument on peer_cfg constructor, use ike_cfg version instead 2012-10-24 10:19:33 +02:00
Martin Willi cf62d073f1 Move ike_version_t definition from peer_cfg_t to ike_cfg_t 2012-10-24 10:17:36 +02:00
Martin Willi 7ee37114c9 Derive a dynamic TS to multiple virtual IPs 2012-09-18 17:11:03 +02:00
Martin Willi 497ce2cf51 Support multiple address pools configured on a peer_cfg 2012-08-30 16:43:42 +02:00
Martin Willi 101d26babe Support multiple virtual IPs on peer_cfg and ike_sa classes 2012-08-30 16:43:42 +02:00
Andreas Steffen 80c5b17d1a make IKEv1 DPD timeout configurable in charon 2012-05-17 19:49:22 +02:00
Martin Willi 5ce59d4c06 Added an aggressive mode peer_cfg option 2012-03-20 17:31:34 +01:00
Martin Willi 986237603f Fix ike_version_t enum names 2012-03-20 17:31:29 +01:00
Martin Willi ac009df132 Pass IKE version to peer config enumerator, filter configs 2012-03-20 17:31:25 +01:00
Martin Willi d08269c700 Added a get_rekey/reauth_time() jitter parameter to get time without randomization 2012-03-20 17:30:52 +01:00
Tobias Brunner f7a8fcedc0 Use enum to define IKE version on peer_cfg_t. 
Replaced all those magic numbers.
 2012-03-20 17:30:41 +01:00
Tobias Brunner 6b444c5934 Migrated peer_cfg_t to INIT/METHOD macros. 2011-08-03 15:17:34 +02:00
Tobias Brunner f3bb1bd039 Fixed common misspellings. 
Mostly found by 'codespell'.
 2011-07-20 16:14:10 +02:00
Martin Willi 1038d9fee5 Added a null-safe strdup variant 2011-01-05 16:46:02 +01:00
Tobias Brunner 08c5572602 Moving charon to libcharon. 2010-03-19 13:34:52 +01:00