+ find existing IKE_SA on CHILD_SA initiation
+ use dpdaction/dpddelay parameters from ipsec.conf
-/ add firewall script support
++ add firewall script support
+ do not link unneeded libraries in bins
+ include only a minimum of NATD payloads
+ implement 3DES to load encrypted pem files
+ implement a "event bus" mechanism
- / add more output to to up/down, somehow...
+ + add more output to to up/down, somehow...
- detach console after first keyingtry
- proper handling of CTRL+C console detach (SIG_PIPE)
- configure flag which allows to ommit vendor id in pluto
- add a Rekey-Counter for SAs in "statusall"
- ipsec status:
+ on one line: ip, id, spi
- - no key age, rekey for IKE
+ + no key age, rekey for IKE
- byte count
-- retry transaction on failure while keyingtries > 1
\ No newline at end of file
+- retry transaction on failure while keyingtries > 1
+- reduce printf handlers count to 10, as uClibc does not support more
#include "encodings.h"
-ENUM(encoding_type_names, U_INT_4, UNKNOWN_DATA,
+ENUM(encoding_type_names, U_INT_4, ENCRYPTED_DATA,
"U_INT_4",
"U_INT_8",
"U_INT_16",
"U_INT_32",
"U_INT_64",
- "IKE_SPI",
"RESERVED_BIT",
"RESERVED_BYTE",
"FLAG",
"PROPOSALS",
"TRANSFORMS",
"TRANSFORM_ATTRIBUTES",
+ "CONFIGURATION_ATTRIBUTES",
+ "CONFIGURATION_ATTRIBUTE_VALUE",
"ATTRIBUTE_FORMAT",
"ATTRIBUTE_TYPE",
"ATTRIBUTE_LENGTH_OR_VALUE",
+ "CONFIGURATION_ATTRIBUTE_LENGTH",
"ATTRIBUTE_VALUE",
+ "TRAFFIC_SELECTORS",
+ "TS_TYPE",
+ "ADDRESS",
"NONCE_DATA",
"ID_DATA",
"AUTH_DATA",
- "ENCRYPTED_DATA",
- "TS_TYPE",
- "ADDRESS",
- "TRAFFIC_SELECTORS",
"CERT_DATA",
"CERTREQ_DATA",
+ "EAP_DATA",
"SPIS",
"VID_DATA",
- "VID_DATA",
- "CONFIGURATION_ATTRIBUTES",
- "CONFIGURATION_ATTRIBUTE_LENGTH",
- "CONFIGURATION_ATTRIBUTE_VALUE",
- "EAP_MESSAGE",
"UNKNOWN_DATA",
+ "IKE_SPI",
+ "ENCRYPTED_DATA",
);
projects / thirdparty / strongswan.git / commitdiff
