0ce19b27a6
instanciate new tasks only if none queued
2009-05-07 15:57:34 +02:00
a627e31f46
properly delete IKE_SA if IKE_SA_INIT processing failed
2009-05-07 15:53:45 +02:00
8c5d72cd0b
removing svn keyword $Id$ from all files
2009-04-30 13:19:35 +00:00
d24a74c5b4
merging changes from portability branch back to trunk
...
important change for developers: %Y replaces %D to print identities!
2009-04-30 11:37:54 +00:00
18eef5d6b6
added support for AES counter mode in ESP
...
proposal keywords: aes128ctr aes192ctr aes256ctr
2009-04-27 12:16:52 +00:00
7f56b49461
attribute_manager supports attribute_handler's to handle configuration attributes via plugins
...
moved resolv.conf editing to a separate plugin (resolv_conf)
extended attribute_provider interface to hand out arbitrary attributes
moved strongswan.conf based dns/nbns configuration to a plugin (attr)
2009-04-24 14:13:52 +00:00
6554b5e412
schedule_job uses seconds to support time values larger than 49 days
...
added schedule_job_ms for ms resolution events
2009-04-21 15:16:56 +00:00
405e30a4a7
dump CHILD_SA keys in loglevel 4
2009-04-21 09:29:23 +00:00
09f706ec3e
fixed IKE_SA rekeying collisions
2009-04-20 11:29:27 +00:00
8a36c7e20d
do not adopt already initiated tasks after rekeying
2009-04-20 11:28:23 +00:00
c889ce80ab
fixing IKE_SA rekeying if charon.ikesa_table_size > 1
2009-04-17 16:58:11 +00:00
3a80181b61
missed strcaseeq added
2009-04-17 10:52:41 +00:00
63176bbcb0
moved strcaseeq() macro from constants.h to utils.h
2009-04-17 09:52:49 +00:00
a44bb9345f
merged multi-auth branch back into trunk
2009-04-14 10:34:24 +00:00
fda8404abc
cosmetics
2009-03-26 13:58:17 +00:00
f32a321a57
output peer ID in duplicate deletion log entry
2009-03-26 13:18:19 +00:00
d3fbc75e85
set port for NATD hash calculation in the "include-all" case
2009-03-26 11:49:07 +00:00
1490ff4d9b
updated Doxyfile
...
properly close all doxygen groups
fixed remaining doxygen warnings
2009-03-24 17:43:01 +00:00
4a6b84a934
reintegrated eap-radius branch into trunk
2009-03-24 10:24:58 +00:00
9717826f10
fallback to family specific %any(6) if kernel lookup fails
2009-03-16 14:23:36 +00:00
d25ce3701e
printf hooks refactored to increase portability (i.e. support for platforms without glibc-compatible customizable printf - the Vstr string library is currently required on such platforms).
2009-03-12 18:07:32 +00:00
f98cdf7a47
adding plugin for EAP-MS-CHAPv2
2009-02-18 19:57:15 +00:00
2b1f5f3461
configuration of NBNS server assignment via strongswan.conf
2009-02-13 11:57:50 +00:00
48f9a22b57
configuration of DNS server assignment via strongswan.conf
2009-02-12 09:02:15 +00:00
b81d8cd3cc
changed [4856] to dynamically choose traffic selector family
2009-02-11 13:09:52 +00:00
95f1735f87
send proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches
2009-02-10 17:21:44 +00:00
04a7a1c309
free unneeded retransmission packet when exchange completes
2009-02-09 10:45:51 +00:00
b59f154b09
proper initialization and disposal of keying material
2009-01-15 01:52:44 +00:00
6f17bf83d5
fixed ESP NULL encryption
2009-01-15 00:34:42 +00:00
12d4186f5c
fixed a potential memory leak when reusing mobike task
2008-12-19 14:34:40 +00:00
9bcc9bb60e
updated documentation
...
some minor cleanups
calloc does not need an additional memset(0)
2008-12-17 09:00:22 +00:00
58464dd737
improved IKE_SA uniqueness check
2008-12-16 17:21:28 +00:00
097e4b8ff9
purge certificates after IKE_AUTH response has been built
2008-12-16 15:48:36 +00:00
482218f075
signal each entry condvar after enumeration, required if wait_for_entry is called
2008-12-15 09:19:04 +00:00
248a1f57bb
fixed possible deadlock in checkin_and_destroy
2008-12-12 10:40:45 +00:00
d183adbc9d
avoid DNS lookup if possible
2008-12-12 10:38:53 +00:00
f2bd424c89
wait until all IKE_SAs are in-house before destroying them
2008-12-12 08:33:48 +00:00
2475560c82
fixing checkout of IKE SAs with only the initiator SPI
2008-12-10 15:58:39 +00:00
97016769fd
increasing the performance of checkout_duplicate by using a hash table.
2008-12-10 13:51:21 +00:00
7023d49ee1
purge auth_info when IKE_SA is established, releases cert memory
2008-12-09 14:34:15 +00:00
a1466a3ec2
limit number of ADDITIONAL_IPV*_ADDR notifies
2008-12-09 14:32:57 +00:00
876d5c63a3
pass identity to release_address(), allows providers to do a lookup by id
2008-12-05 09:40:50 +00:00
d0eee69822
reset pointer for a clean destruction
2008-12-04 10:09:21 +00:00
394eb35b0c
some task queueing improvements:
...
- do not pass CHILD_SAs to task constructor, might not
be valid anymore during execution (late lookup)
- use sub-tasks to delete CHILD/IKE_SA after rekeying,
as we want to execute the delete before additional
queued tasks
2008-12-01 18:38:28 +00:00
405cc1d924
schedule rekeying when activating passive IKE_SAs
2008-11-28 16:19:19 +00:00
c610f42430
added a PASSIVE IKE_SA state to manage it externally
2008-11-28 10:49:14 +00:00
ddef455219
pass SKd to derive_ike_keys() to have a more interoperable API
2008-11-28 09:51:44 +00:00
d2de674b9a
checkin of non-existing IKE_SAs
...
removed unneeded checkin() return values
2008-11-26 14:32:55 +00:00
ed6146ffbe
performance optimization for the DOS protection.
...
* half-open SAs per peer are tracked in a hash table
* charon.dos_protection setting replaced with charon.cookie_threshold and charon.block_threshold
* chunk_hash function added
2008-11-25 13:16:05 +00:00
28dd27be64
fixed crash due to missing function call parameter
2008-11-25 08:11:57 +00:00
Martin Willi