ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,934 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
Tobias Brunner 414f2c3754 mem-pool: Be less strict when reassigning existing online leases 
Also assign online leases to a peer connecting from the same endpoint
when it requests any virtual IP.  This is mainly a workaround for
Windows clients that remember the virtual IPv6 address and re-request it
the next time the connection is initiated (even if it is not a
reauthentication) but don't do the same for virtual IPv4 addresses.
This can result in duplicate policies with different reqids because
these are allocated for unique sets of traffic selectors.

Fixes #3541.
 2021-01-18 13:58:01 +01:00
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner 0ee64f88e5 attributes: Add definition of some additional configuration attributes 2019-08-26 10:16:48 +02:00
Tobias Brunner 784d96e031 Fixed some typos, courtesy of codespell 2018-09-17 18:51:44 +02:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner 95a63bf281 Migrate all enumerators to venumerate() interface change 2017-05-26 13:56:44 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner 7798284da1 attributes: Define P-CSCF address attributes described in RFC 7651 2016-03-10 11:57:38 +01:00
Tobias Brunner 8394ea2a42 libhydra: Move kernel interface to libcharon 
This moves hydra->kernel_interface to charon->kernel.
 2016-03-03 17:36:11 +01:00
Tobias Brunner 7d02f8dbf4 mem-pool: Remove entries without online or offline leases 
This avoids filling up the hash table with unused/old identities.

References #841.
 2015-03-19 09:55:56 +01:00
Martin Willi 22e6a06b8c mem-pool: Pass the remote IKE address, to re-acquire() an address during reauth 
With make-before-break IKEv2 re-authentication, virtual IP addresses must be
assigned overlapping to the same peer. With the remote IKE address, the backend
can detect re-authentication attempts by comparing the remote host address and
port. This allows proper reassignment of the virtual IP if it is re-requested.

This change removes the mem-pool.reassign_online option, as it is obsolete now.
IPs get automatically reassigned if a peer re-requests the same address, and
additionally connects from the same address and port.
 2015-02-20 13:34:57 +01:00
Martin Willi b9be25ea39 attribute-handler: Pass full IKE_SA to handler backends 2015-02-20 13:34:56 +01:00
Martin Willi bc9ded9dbf attribute-provider: Pass full IKE_SA to provider backends 2015-02-20 13:34:56 +01:00
Martin Willi a12f357b40 attribute-manager: Pass full IKE_SA to handler methods 2015-02-20 13:34:56 +01:00
Martin Willi a16058a491 attribute-manager: Pass the full IKE_SA to provider methods 2015-02-20 13:34:56 +01:00
Martin Willi 751363275f attributes: Move the configuration attributes framework to libcharon 2015-02-20 13:34:55 +01:00