ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
8,272 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

8272 Commits

Author SHA1 Message Date
Martin Willi c60246a618 Support inactivity timeout in IKEv1 CHILD_SAs 2012-03-20 17:31:39 +01:00
Martin Willi a0c17d4157 Use a dedicated PRF for HASH/SIG payloads using ECDSA specific hasher 2012-03-20 17:31:39 +01:00
Martin Willi 4c685e8850 Select public key auth method by checking what key we have 2012-03-20 17:31:39 +01:00
Martin Willi 83b152dd4f Support ECDSA signatures in IKEv1 pubkey authenticator 2012-03-20 17:31:39 +01:00
Martin Willi 5be386ff8e Exchange certificates when using IKEv1 ECDSA authentication 2012-03-20 17:31:39 +01:00
Martin Willi 5aef6bd0f3 Accept NULL auth_cfg_t passed to credential_manager_t.get_private() 2012-03-20 17:31:39 +01:00
Martin Willi 6261c0c3b7 Support encoding of IKEv1 ECDSA proposals 2012-03-20 17:31:38 +01:00
Martin Willi c8d46f2959 Dropped support of deprecated authby=eap and eap= options 2012-03-20 17:31:38 +01:00
Martin Willi c791def8c1 Added support for authby/xauth_server legacy options 2012-03-20 17:31:38 +01:00
Martin Willi c390569a76 Renamed CONFIGURATION_ATTRIBUTE_LENGTH to streamline it with other ATTRIBUTE rules 2012-03-20 17:31:38 +01:00
Martin Willi 05cb240215 Use ATTRIBUTE_VALUE rule in configuration attribute to parse it with correct length 2012-03-20 17:31:38 +01:00
Martin Willi a994050e9c Don't re-resolve addresses during initiate if they have already been set 2012-03-20 17:31:38 +01:00
Martin Willi aa3b53e716 Adopt children after syncing a rekeyed IKEv1 SA 2012-03-20 17:31:38 +01:00
Martin Willi fed5c33440 Synchronize IKEv1 DPD sequence numbers 2012-03-20 17:31:38 +01:00
Martin Willi fd6fbf1764 Setting message ID on task manager sets DPD sequence numbers in IKEv1 2012-03-20 17:31:38 +01:00
Martin Willi 783c496966 Update state before triggering DPD, as we cancel it if PASSIVE 2012-03-20 17:31:38 +01:00
Martin Willi a46b8e16ad Set thread specific SA on bus for each enumerated IKE_SA 2012-03-20 17:31:38 +01:00
Martin Willi b226fd300d Sync remote virtual IP for IKEv1 SAs 2012-03-20 17:31:38 +01:00
Martin Willi 868d92a402 Sync new IKE_SA condition/extension flags 2012-03-20 17:31:37 +01:00
Martin Willi c8531b7e69 Added support for Phase1 IV synchronization to HA plugin 2012-03-20 17:31:37 +01:00
Martin Willi 47b8f6ef4b Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted 2012-03-20 17:31:37 +01:00
Martin Willi ae92641806 Create IKEv1 keymat hasher explicitly on sync 2012-03-20 17:31:37 +01:00
Martin Willi a0fa7a7f64 Clear initiator flag when checking out initial IKEv1 SA from message 2012-03-20 17:31:37 +01:00
Martin Willi 8bcd9bd161 Added support to sync IKEv1 SAs key material in HA plugin 2012-03-20 17:31:37 +01:00
Martin Willi 23f9e7a18d Pass IKEv1 specific keymat to ike_keys hook 2012-03-20 17:31:37 +01:00
Martin Willi 264514826c Use a more complete implementation of a HA specific diffie_hellman_t 2012-03-20 17:31:37 +01:00
Martin Willi 5763367cac Show IKE version in ipsec statusall 2012-03-20 17:31:37 +01:00
Martin Willi c3f1839ab7 Apply proposal to a HA synced IKE_SA 2012-03-20 17:31:37 +01:00
Martin Willi 3624b09e21 Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helper 2012-03-20 17:31:37 +01:00
Martin Willi 6bc6f67b0f Updated HA plugin to new IKEv2 specific keymat functions 2012-03-20 17:31:37 +01:00
Martin Willi 3957a6e4f3 Get a reference for the child_cfg passed to child_create_create() 2012-03-20 17:31:36 +01:00
Martin Willi 696fa8e003 Invoke bus_t.narrow hook in quick mode exchange 2012-03-20 17:31:36 +01:00
Martin Willi f420f51f55 Invoke authorization hooks for IKEv1 connections 2012-03-20 17:31:36 +01:00
Martin Willi 1a0648490c Invoke ike_updown hooks for reauthenticated IKEv1 SAs 2012-03-20 17:31:36 +01:00
Martin Willi b6ac063c36 Don't invoke a child_updown hook when a quick mode to delete has been rekeyed 2012-03-20 17:31:36 +01:00
Martin Willi 669d8bded2 Invoke child_rekey hook instead of child_updown when rekeying a quick mode 2012-03-20 17:31:36 +01:00
Martin Willi 5b7fc76861 Don't invoke updown hook when flushing SAs for IKEv1, tasks will do it 2012-03-20 17:31:36 +01:00
Martin Willi c654d949f3 Fix "incoming" flag passed to bus_t.message() hook 2012-03-20 17:31:36 +01:00
Martin Willi 477559cab5 Continue with next exchange after sending an INFORMATIONAL 2012-03-20 17:31:36 +01:00
Martin Willi 1b82eb23a2 Handle retransmission of DPD exchange, both as initiator and responder 2012-03-20 17:31:36 +01:00
Martin Willi 11aadd7722 Disable DPD checking for peers not supporting it 2012-03-20 17:31:35 +01:00
Martin Willi 214d4e4090 Added missing DPD task name 2012-03-20 17:31:35 +01:00
Martin Willi ff6b084ac4 Confirm message reception time only if DPD sequence number valid 2012-03-20 17:31:35 +01:00
Martin Willi 2ddd45c9a7 Simplified DPD handling by using a task for a single message only 2012-03-20 17:31:35 +01:00
Martin Willi 5ac4c2e1a9 Added missing short enum names for DPD notify types 2012-03-20 17:31:35 +01:00
Martin Willi bb2d4e1882 Print IKEv1 notify types in message summary 2012-03-20 17:31:35 +01:00
Martin Willi 5f2f864efc Support IKEv1 notifies in message_t.get_notify() 2012-03-20 17:31:35 +01:00
Martin Willi 3fca5bd123 Check if we have an RNG for IKEv1 task manager before using it 2012-03-20 17:31:35 +01:00
Martin Willi 31689338d6 Remove unused DPD sequence number getter on task manager 2012-03-20 17:31:35 +01:00
Martin Willi 1e624ce876 Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state 2012-03-20 17:31:35 +01:00