restrict PA-TNC messages to maximum size
[strongswan.git] / src / libcharon / sa /
2012-07-10 Martin WilliSend cert request based on peers configured authenticat...
2012-07-09 Martin WilliDon't send CERTREQs when initiating aggressive mode PSK
2012-06-29 Martin WilliAs a responder, don't start a TRANSACTION request if...
2012-06-27 Martin WilliDefer quick mode initiation if we expect a mode config...
2012-06-27 Martin WilliQueue a mode config task as responder if we need a...
2012-06-27 Martin WilliAdd basic support for XAuth responder authentication
2012-06-26 Martin WilliIgnore a received %any virtual IP for installation
2012-06-25 Tobias BrunnerCentralized thread cancellation in processor_t
2012-06-25 Andreas Steffensupport Cisco Unity VID
2012-06-25 Martin WilliEnforce uniqueids=keep based on XAuth identity
2012-06-25 Martin WilliDon't send XAUTH_OK if a hook prevents SA to establish
2012-06-25 Martin WilliEnforce uniqueids=keep only for non-XAuth Main/Agressiv...
2012-06-25 Martin WilliUse XAuth/EAP remote identity for uniqueness check
2012-06-25 Martin WilliAdd missing XAuth name variable when complaining about...
2012-06-22 Tobias BrunnerFix SIGSEGV if kernel install fails during Quick Mode...
2012-06-14 Martin WilliAdopt children as XAuth initiator (which is IKE responder)
2012-06-14 Martin WilliRequire a scary option to respond to Aggressive Mode...
2012-06-08 Andreas Steffenimplemented the right|leftallowany feature
2012-06-08 Martin WilliEnforce uniqueness policy in IKEv1 main and aggressive...
2012-06-08 Martin WilliTry to rekey without KE exchange if peer returns INVALI...
2012-06-08 Martin WilliWhile checking for redundant quick modes, compare traff...
2012-06-08 Martin WilliStore shorter soft lifetime of in- and outbound SAs...
2012-06-08 Martin WilliInitiate quick mode rekeying with narrowed traffic...
2012-06-08 Martin WilliUse traffic selectors passed to quick mode constructor...
2012-06-08 Martin WilliInstead of rekeying, delete a quick mode if we have...
2012-06-06 Martin WilliAs responder, enforce the same configuration while...
2012-06-04 Tobias BrunnerMark CHILD_SAs used for trap policies to uninstall...
2012-05-30 Tobias BrunnerAvoid queueing more than one retry initiate job.
2012-05-30 Tobias BrunnerRetry IKE_SA initiation if DNS resolution failed.
2012-05-25 Tobias BrunnerFix MOBIKE address update if responder address changed.
2012-05-25 Tobias BrunnerResolve hosts before reauthenticating due to address...
2012-05-25 Tobias BrunnerDon't queue delete_ike_sa job when setting IKE_DELETING.
2012-05-25 Tobias BrunnerDuring reauthentication reestablish IKE_SA even if...
2012-05-25 Tobias BrunnerIntegrated main parts of IKE_REAUTH task into ike_sa_t...
2012-05-25 Tobias BrunnerFixed route lookup in case MOBIKE is not enabled.
2012-05-24 Tobias BrunnerAdded log message if peer does not accept/provide IPCom...
2012-05-24 Tobias BrunnerAdded support to negotiate IPComp during Quick Mode.
2012-05-24 Tobias BrunnerAdded support for IKEv1 IPComp proposals in SA payload.
2012-05-24 Tobias BrunnerFix memleak during Quick Mode in case no SPI can be...
2012-05-23 Martin WilliApply IDir before deriving keys as aggressive initiator
2012-05-23 Martin WilliUse received identity to look up PSK as aggressive...
2012-05-23 Martin WilliCheck if we actually have an initiating packet to free...
2012-05-21 Tobias BrunnerSwitch to alternative peer config in IKEv1 Main and...
2012-05-21 Martin WilliCancel pending retransmits when flushing active task...
2012-05-21 Martin WilliCancel active quick mode task when receiving INFORMATIO...
2012-05-21 Martin WilliFlush task queues explicitly, not implicitly if task...
2012-05-21 Martin WilliWrap task managers flush_queue() in IKE_SA
2012-05-21 Martin WilliMake task managers flush_queue() method public
2012-05-18 Tobias BrunnerRemove executable flag from source files.
2012-05-18 Tobias BrunnerUse separate Doxygen groups for IKEv1 and IKEv2 entitie...
2012-05-18 Adrian-Ken RueegseggerUse nonce_gen instead of rng to generate nonces
2012-05-18 Adrian-Ken RueegseggerAdd create_nonce_gen function to keymat interface
2012-05-17 Andreas Steffenmake IKEv1 DPD timeout configurable in charon
2012-05-15 Martin WilliMoved IKEv1 DPD processing to task manager, fix sequenc...
2012-05-15 Martin WilliSchedule a DPD timeout job that enforces the IKE messag...
2012-05-15 Martin WilliSend unanswered follow up R_U_THERE messages with the...
2012-05-15 Martin WilliDo not send IKEv1 DPD retransmit, but create a new...
2012-05-05 Andreas Steffenallow private algorithms
2012-05-05 Andreas Steffenvendor ID cosmetics
2012-05-03 Tobias BrunnerUse name from initialization to access settings in...
2012-05-02 Martin WilliMerge branch 'ikev1'
2012-04-18 Tobias BrunnerRemoved auth_cfg_t.replace_value() and replaced usages...
2012-04-17 Martin WilliAdded a note about DH/keymat lifecycle for custom imple...
2012-04-17 Martin WilliReuse existing DH value when retrying IKE_SA_INIT with...
2012-04-16 Martin WilliFix iteration through half-open IKE_SA table
2012-04-16 Tobias BrunnerUse IP address as ID as responder if not configured...
2012-04-16 Tobias BrunnerFall back on IP address as IDi if none is configured...
2012-04-16 Tobias BrunnerUse auth_cfg_t.replace_value where appropriate.
2012-04-16 Tobias BrunnerFixed IDi in case neither left nor leftid is configured.
2012-04-11 Martin WilliDon't invoke child_updown hook twice as responder
2012-04-06 Tobias BrunnerProperly initialize src in ike_sa_t.is_any_path_valid().
2012-04-04 Martin WilliAdded another bunch of commonly used IKEv1 NATT vendor IDs
2012-04-03 Andreas Steffenadded IKEv2 Generic Secure Password Authentication...
2012-03-22 Martin WilliStore authentication info of a XAUTH round on IKE_SA
2012-03-22 Martin WilliAdded a getter for CHILD_SA marks
2012-03-22 Martin WilliDefine a special XFRM mark_t.value that dynamically...
2012-03-20 Martin WilliReply with received configuration payload identifier...
2012-03-20 Martin WilliMerge branch 'ikev1-clean' into ikev1-master
2012-03-20 Tobias BrunnerProperly handle retransmitted initial IKE messages.
2012-03-20 Tobias BrunnerImplemented table of init hashes without linked_list_t.
2012-03-20 Tobias BrunnerImplemented table of connected peers without linked_list_t.
2012-03-20 Tobias BrunnerImplemented table of half open IKE_SAs without linked_l...
2012-03-20 Tobias BrunnerDon't use linked_list_t for buckets in main IKE_SA...
2012-03-20 Tobias BrunnerFixed deadlock if checkin_and_destroy is called during...
2012-03-20 Tobias BrunnerDo not clone hashes of initial IKE messages when storin...
2012-03-20 Tobias BrunnerStore IKEv2 IKE_SAs by local SPI in the IKE_SA manager...
2012-03-20 Tobias BrunnerAdded separate hashtable for hashes of initial IKE...
2012-03-20 Tobias BrunnerStore the major IKE version on ike_sa_id_t.
2012-03-20 Tobias BrunnerImplemented handling of UNITY_LOAD_BALANCE as reauthent...
2012-03-20 Martin WilliCheck if we actually have a packet before retransmitting it
2012-03-20 Tobias BrunnerParse IKEv1 Cisco Load Balancing notify (can't act...
2012-03-20 Tobias BrunnerCompiler warning fixed.
2012-03-20 Martin WilliUse correct enum values to detect three message tasks...
2012-03-20 Martin WilliTrigger DPD not before IKE_SA state gets updated
2012-03-20 Martin WilliUse UDP encapsulation even in non-NAT situation if...
2012-03-20 Martin WilliSupport inactivity timeout in IKEv1 CHILD_SAs
2012-03-20 Martin WilliUse a dedicated PRF for HASH/SIG payloads using ECDSA...
2012-03-20 Martin WilliSelect public key auth method by checking what key...
2012-03-20 Martin WilliSupport ECDSA signatures in IKEv1 pubkey authenticator
2012-03-20 Martin WilliExchange certificates when using IKEv1 ECDSA authentication
next