f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
572abc6cbd
Replaced ike_sa_t.create_additional_address_iterator with enumerator.
2011-07-06 09:43:45 +02:00
4bbce1ef37
Replaced ike_sa_t.create_child_sa_iterator with enumerator.
...
This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.
2011-07-06 09:43:45 +02:00
e26304348c
Replaced simple iterator usages.
2011-07-06 09:43:45 +02:00
a4c040d536
Added strongswan.conf option to override half open IKE_SA timeout
2011-05-16 15:24:15 +02:00
68447302d6
Typo fixed.
2011-04-28 12:50:30 +02:00
3ced6b51e4
Move establish/inherit of rekeyed IKE_SAs to delete messages
...
Having the inherit() function delayed to the IKE_SA establish procedure
was problematic. The task destroy function was never a good place and
results in locking/cleanup problems. After establishing the SA, it
should be really checked in ASAP to avoid any triggered DPD checks
to get lost.
2011-03-15 15:20:09 +01:00
e44ebdcfc8
Slightly change IKE_SA destruction order to inherit properly during ike_rekey task destruction
2011-02-28 10:31:36 +00:00
2082417df3
Force port update as responder when initiator switches to 4500 in IKE_AUTH
2011-01-12 14:37:15 +01:00
9ca5d0280e
Moved check if packet already encoded to ike_sa, avoids message() hook invocation twice
2011-01-05 16:45:52 +01:00
c67de660d2
Move critical bit checking to ike_sa, notify payload includes unsupported payload type
2011-01-05 16:45:44 +01:00
89fda1abb5
Moved message()-hook invocation to generate_message(), catch pre-generated IKE_SA_INITs, too
2011-01-05 16:45:41 +01:00
6c2d466b90
Support manually triggerd DPD check, even if DPD disabled in config
2011-01-05 16:45:40 +01:00
5774408898
Change behavior of responder during roaming.
...
If the current source address is not available anymore, the responder
uses ike_mobike_t.roam, thus, uses multiple address combinations when
trying to notify the initiator.
2010-10-12 11:11:05 +02:00
261b2572d1
Send list of additional addresses even if current path is still valid.
2010-10-12 11:11:05 +02:00
bab56a4abb
Extracted path checking in ike_sa_t.roam into separate functions.
2010-10-12 11:11:05 +02:00
13876431d6
Explicitly configure MOBIKE tasks to update the list of additional addresses.
2010-10-12 11:11:05 +02:00
cd26eedc5c
Do not update hosts based on retransmitted messages.
2010-10-12 11:11:04 +02:00
d5bd775126
Do not update remote host if we are behind a NAT.
2010-10-12 11:11:04 +02:00
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
f6659688ab
Refer to kernel interface via hydra and not charon.
2010-09-02 19:01:25 +02:00
61e8e73206
Refer to scheduler via hydra and not charon.
2010-09-02 19:01:24 +02:00
c5f7146b17
Refer to processor via hydra and not charon.
2010-09-02 19:01:22 +02:00
277f02ce9e
Slightly refactored port floating.
...
In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
2010-08-30 13:42:58 +02:00
b519071299
Use AEAD wrapper for encryption payload encryption/decryption
2010-08-19 19:02:33 +02:00
02571374c4
Recreate IKE_SA_INIT related tasks only if they have completed
2010-06-30 13:48:47 +02:00
550d9085fa
Flush auth configs, create new keymat during SA reset
2010-06-07 14:59:39 +02:00
dbdb69f908
Recreate IKE_INIT/IKE_NATD/IKE_VENDOR tasks if we reset SA during IKE_AUTH
2010-06-07 14:58:57 +02:00
ea340ee840
Wrap task enumerator in ike_sa
2010-06-07 11:37:55 +02:00
8bced61b76
Migrated ike_sa_t to INIT/METHOD macros
2010-06-07 09:30:27 +00:00
fe02d99b96
Use wrapped getters for close/dpd action
2010-06-02 11:48:51 +02:00
84aa96e5f5
Invoke updown hook if IKE_SA delete is enforced in deleting state
2010-04-06 12:11:28 +02:00
045833c79d
Release virtual IPs with the same identity as we acquired it
2010-03-25 14:29:10 +01:00
58f86d0f0f
Changed all usages of lib->attributes to hydra->attributes.
2010-03-24 18:54:26 +01:00
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00
Tobias Brunner