strongswan.git
14 years agoadded tcpdumpcount function from NATT guys
Martin Willi [Thu, 13 Jul 2006 12:43:52 +0000 (12:43 -0000)]
added tcpdumpcount function from NATT guys
added possibility to mount the strongswan tree into all UMLs
added script for installing from shared tree in all UMLs
added script to shut down all UMLs properly

14 years agoremoved in favour of tests from NAT team
Martin Willi [Thu, 13 Jul 2006 12:00:36 +0000 (12:00 -0000)]
removed in favour of tests from NAT team

14 years agofixed CREATE_CHILD_SA transaction dispatching
Martin Willi [Thu, 13 Jul 2006 08:51:24 +0000 (08:51 -0000)]
fixed CREATE_CHILD_SA transaction dispatching

14 years agoadded CHILD_SA states, which allows us to detect further simultaneous transactions
Martin Willi [Thu, 13 Jul 2006 08:26:54 +0000 (08:26 -0000)]
added CHILD_SA states, which allows us to detect further simultaneous transactions
reimplemented the buggy message id handling

14 years agoupdated some inline docs
Martin Willi [Wed, 12 Jul 2006 14:08:52 +0000 (14:08 -0000)]
updated some inline docs

14 years agofixed crypter/signer in/out to conform with standard
Martin Willi [Wed, 12 Jul 2006 14:08:13 +0000 (14:08 -0000)]
fixed crypter/signer in/out to conform with standard

14 years agofixed payload order
Martin Willi [Wed, 12 Jul 2006 14:07:30 +0000 (14:07 -0000)]
fixed payload order

14 years agoadded message id logging
Martin Willi [Wed, 12 Jul 2006 14:06:25 +0000 (14:06 -0000)]
added message id logging

14 years agoadded all currently known notify payload types
Martin Willi [Wed, 12 Jul 2006 14:05:57 +0000 (14:05 -0000)]
added all currently known notify payload types

14 years agoadded policy cache to kernel interface
Martin Willi [Wed, 12 Jul 2006 11:42:36 +0000 (11:42 -0000)]
added policy cache to kernel interface
allows refcounting of multiple installed policies
finally brings us stable simultaneous rekeying

14 years agoleak detective blanks memory on free & alloc, allows further membug detection
Martin Willi [Wed, 12 Jul 2006 11:15:31 +0000 (11:15 -0000)]
leak detective blanks memory on free & alloc, allows further membug detection

14 years agocode cleanups
Martin Willi [Wed, 12 Jul 2006 11:13:48 +0000 (11:13 -0000)]
code cleanups

14 years agoidentification_t.matches() supports multiple wildcard counts
Andreas Steffen [Tue, 11 Jul 2006 06:12:45 +0000 (06:12 -0000)]
identification_t.matches() supports multiple wildcard counts

14 years agoidentification_t.matches() supports multiple wildcard counts
Andreas Steffen [Tue, 11 Jul 2006 06:11:59 +0000 (06:11 -0000)]
identification_t.matches() supports multiple wildcard counts

14 years agofurther work done for simultaneous rekeying/delete
Martin Willi [Mon, 10 Jul 2006 14:24:04 +0000 (14:24 -0000)]
further work done for simultaneous rekeying/delete
still some cases which cause trouble

14 years agofixed compiler warnings in parser when using -O2
Martin Willi [Fri, 7 Jul 2006 12:48:27 +0000 (12:48 -0000)]
fixed compiler warnings in parser when using -O2

14 years agoreenabled check_expiry
Martin Willi [Fri, 7 Jul 2006 12:25:25 +0000 (12:25 -0000)]
reenabled check_expiry

14 years agoupdated copyright information
Martin Willi [Fri, 7 Jul 2006 08:49:06 +0000 (08:49 -0000)]
updated copyright information

14 years agoreimplemented CHILD_SA rekeying & delete
Martin Willi [Fri, 7 Jul 2006 07:04:07 +0000 (07:04 -0000)]
reimplemented CHILD_SA rekeying & delete
no simultanous transaction with CHILD_SAs yet!

14 years agoremoved NAT_TRAVERSAL and VIRTUAL_IP compile options
Andreas Steffen [Fri, 7 Jul 2006 05:51:54 +0000 (05:51 -0000)]
removed NAT_TRAVERSAL and VIRTUAL_IP compile options

14 years agoremoved NAT_TRAVERSAL compile option
Andreas Steffen [Fri, 7 Jul 2006 05:51:20 +0000 (05:51 -0000)]
removed NAT_TRAVERSAL compile option

14 years agoremoved NAT_TRAVERSAL and VIRTUAL_IP compile options
Andreas Steffen [Fri, 7 Jul 2006 05:50:02 +0000 (05:50 -0000)]
removed NAT_TRAVERSAL and VIRTUAL_IP compile options

14 years agoadded
Andreas Steffen [Fri, 7 Jul 2006 05:44:45 +0000 (05:44 -0000)]
added

14 years agoupdated NEWS
Martin Willi [Wed, 5 Jul 2006 14:13:45 +0000 (14:13 -0000)]
updated NEWS

14 years agoadded support for leftprotoport and rightprotoport
Martin Willi [Wed, 5 Jul 2006 13:13:07 +0000 (13:13 -0000)]
added support for leftprotoport and rightprotoport

14 years agoimproved CHILD_SA output for "ipsec statusall"
Martin Willi [Wed, 5 Jul 2006 13:11:55 +0000 (13:11 -0000)]
improved CHILD_SA output for "ipsec statusall"

14 years agoupdated whitelist (getprotobynumber)
Martin Willi [Wed, 5 Jul 2006 13:10:47 +0000 (13:10 -0000)]
updated whitelist (getprotobynumber)

14 years agoredesigned IKE_SA using a transaction mechanism:
Martin Willi [Wed, 5 Jul 2006 10:53:20 +0000 (10:53 -0000)]
redesigned IKE_SA using a transaction mechanism:
  removed old state machine
  reimplemented IKE_SA setup and delete
  implemented dead peer detection
  implemented keep-alives
  a lot of fixes
  no rekeying yet

14 years agofixed compiler warnings
Martin Willi [Wed, 5 Jul 2006 10:09:42 +0000 (10:09 -0000)]
fixed compiler warnings

14 years agomade thread ids unsigned again, to avoid negative thread ids on some systems
Martin Willi [Tue, 4 Jul 2006 13:30:49 +0000 (13:30 -0000)]
made thread ids unsigned again, to avoid negative thread ids on some systems

14 years agofixed memleak when initiating a connection already up
Martin Willi [Tue, 4 Jul 2006 13:29:16 +0000 (13:29 -0000)]
fixed memleak when initiating a connection already up

14 years agoupdated leak detective whitelist
Martin Willi [Tue, 4 Jul 2006 13:26:20 +0000 (13:26 -0000)]
updated leak detective whitelist

14 years agoapplied latest NATT patch with some fixes and cleanups
Martin Willi [Tue, 4 Jul 2006 13:25:00 +0000 (13:25 -0000)]
applied latest NATT patch with some fixes and cleanups

14 years agotest currently without firewall
Andreas Steffen [Tue, 4 Jul 2006 06:54:53 +0000 (06:54 -0000)]
test currently without firewall

14 years agoadded
Andreas Steffen [Tue, 4 Jul 2006 06:51:58 +0000 (06:51 -0000)]
added

14 years agoadded
Andreas Steffen [Tue, 4 Jul 2006 06:13:54 +0000 (06:13 -0000)]
added

14 years agoadded
Andreas Steffen [Tue, 4 Jul 2006 06:13:33 +0000 (06:13 -0000)]
added

14 years agoremoved
Andreas Steffen [Tue, 4 Jul 2006 06:13:07 +0000 (06:13 -0000)]
removed

14 years agoremoved version information from ipsec.conf
Andreas Steffen [Tue, 4 Jul 2006 06:12:10 +0000 (06:12 -0000)]
removed version information from ipsec.conf

14 years agolog entries start with lowcercase character
Andreas Steffen [Tue, 4 Jul 2006 06:11:35 +0000 (06:11 -0000)]
log entries start with lowcercase character

14 years agorestored lost IKEv2 packet suppression
Andreas Steffen [Mon, 3 Jul 2006 14:39:57 +0000 (14:39 -0000)]
restored lost IKEv2 packet suppression

14 years agoadded USE_LEAK_DETECTIVE option
Andreas Steffen [Mon, 3 Jul 2006 08:36:47 +0000 (08:36 -0000)]
added USE_LEAK_DETECTIVE option

14 years agofixed natd_hash memory leak
Andreas Steffen [Mon, 3 Jul 2006 08:34:34 +0000 (08:34 -0000)]
fixed natd_hash memory leak

14 years agotests with subdirectory structure
Andreas Steffen [Mon, 3 Jul 2006 07:11:30 +0000 (07:11 -0000)]
tests with subdirectory structure

14 years agoremoved tests
Andreas Steffen [Mon, 3 Jul 2006 07:10:25 +0000 (07:10 -0000)]
removed tests

14 years agointroduced subdirectory structure
Andreas Steffen [Mon, 3 Jul 2006 07:10:17 +0000 (07:10 -0000)]
introduced subdirectory structure

14 years agosupport of cert payloads
Andreas Steffen [Mon, 3 Jul 2006 06:27:45 +0000 (06:27 -0000)]
support of cert payloads

14 years agolowercase log entries
Andreas Steffen [Mon, 3 Jul 2006 06:26:06 +0000 (06:26 -0000)]
lowercase log entries

14 years agodistributed by ITA
Andreas Steffen [Mon, 3 Jul 2006 06:24:54 +0000 (06:24 -0000)]
distributed by ITA

14 years agoadded support of updown parameter
Andreas Steffen [Mon, 3 Jul 2006 06:22:43 +0000 (06:22 -0000)]
added support of updown parameter

14 years agogeneration of default key
Andreas Steffen [Mon, 3 Jul 2006 06:21:56 +0000 (06:21 -0000)]
generation of default key

14 years agocosmetics
Andreas Steffen [Mon, 3 Jul 2006 06:21:40 +0000 (06:21 -0000)]
cosmetics

14 years agoadded support of updown parameter
Andreas Steffen [Mon, 3 Jul 2006 06:21:14 +0000 (06:21 -0000)]
added support of updown parameter

14 years agoversion bump to 4.0.2
Andreas Steffen [Wed, 28 Jun 2006 11:09:14 +0000 (11:09 -0000)]
version bump to 4.0.2

14 years agoadded X.509 trust chain verification
Andreas Steffen [Tue, 27 Jun 2006 08:48:28 +0000 (08:48 -0000)]
added X.509 trust chain verification

14 years agoversion bump to 4.0.2
Andreas Steffen [Tue, 27 Jun 2006 08:47:03 +0000 (08:47 -0000)]
version bump to 4.0.2

14 years agoESP packet size changed
Andreas Steffen [Tue, 27 Jun 2006 07:08:37 +0000 (07:08 -0000)]
ESP packet size changed

14 years agofixed bad_proposal_syntax bug
Andreas Steffen [Tue, 27 Jun 2006 07:07:44 +0000 (07:07 -0000)]
fixed bad_proposal_syntax bug

14 years agoapplied new changes from NATT team
Martin Willi [Fri, 23 Jun 2006 14:02:30 +0000 (14:02 -0000)]
applied new changes from NATT team
DPD only done when no IPsec and IKE traffic processed
minor changes here and there

14 years agosome message code cleanups
Martin Willi [Fri, 23 Jun 2006 14:00:15 +0000 (14:00 -0000)]
some message code cleanups

14 years agofixed identification_t clone to apply function pointers
Martin Willi [Fri, 23 Jun 2006 13:20:17 +0000 (13:20 -0000)]
fixed identification_t clone to apply function pointers

14 years agocleaner error handling on UDP encapsultion sockopt failure
Martin Willi [Thu, 22 Jun 2006 13:05:15 +0000 (13:05 -0000)]
cleaner error handling on UDP encapsultion sockopt failure

14 years agoadded mysterious UDP encapsulation socket option to get encapsulation working
Martin Willi [Thu, 22 Jun 2006 12:57:49 +0000 (12:57 -0000)]
added mysterious UDP encapsulation socket option to get encapsulation working

14 years agofixed BAD_PROPOSAL_SYNTAX vulnerability
Andreas Steffen [Thu, 22 Jun 2006 12:16:12 +0000 (12:16 -0000)]
fixed BAD_PROPOSAL_SYNTAX vulnerability

14 years agofirst merge of NATT code
Martin Willi [Thu, 22 Jun 2006 06:36:28 +0000 (06:36 -0000)]
first merge of NATT code

14 years agofixed testing build 4.0.1
Martin Willi [Wed, 21 Jun 2006 12:58:02 +0000 (12:58 -0000)]
fixed testing build

14 years agoupdated for 4.0.1 release
Martin Willi [Wed, 21 Jun 2006 12:14:40 +0000 (12:14 -0000)]
updated for 4.0.1 release

14 years agoupdated news for 4.0.1 release
Martin Willi [Wed, 21 Jun 2006 12:11:29 +0000 (12:11 -0000)]
updated news for 4.0.1 release

14 years agofixed whitelist detection
Martin Willi [Tue, 20 Jun 2006 11:03:47 +0000 (11:03 -0000)]
fixed whitelist detection

14 years agoreworked function ignore mechanism to not-report whitelist
Martin Willi [Tue, 20 Jun 2006 10:05:56 +0000 (10:05 -0000)]
reworked function ignore mechanism to not-report whitelist
  rather than overriding functions

14 years agofixed execv call args to work when using strictcrl and syslog
Martin Willi [Tue, 20 Jun 2006 10:04:35 +0000 (10:04 -0000)]
fixed execv call args to work when using strictcrl and syslog

14 years agofixed bug: usage of already freed mem
Martin Willi [Tue, 20 Jun 2006 09:53:25 +0000 (09:53 -0000)]
fixed bug: usage of already freed mem

14 years agoreadded local_credential_store
Martin Willi [Tue, 20 Jun 2006 08:43:57 +0000 (08:43 -0000)]
readded local_credential_store
added sendcert policy to connection
some other cleanups

14 years agoimplemented rereadcrls rereadcacerts
Andreas Steffen [Tue, 20 Jun 2006 06:08:33 +0000 (06:08 -0000)]
implemented rereadcrls rereadcacerts

14 years agoimplemented rereadcrls rereadcacerts
Andreas Steffen [Tue, 20 Jun 2006 06:07:37 +0000 (06:07 -0000)]
implemented rereadcrls rereadcacerts

14 years agoimplemented rereadcrls rereadcacerts
Andreas Steffen [Tue, 20 Jun 2006 06:05:01 +0000 (06:05 -0000)]
implemented rereadcrls rereadcacerts

14 years agoremoved local_credential_store
Andreas Steffen [Tue, 20 Jun 2006 05:57:52 +0000 (05:57 -0000)]
removed local_credential_store

14 years agofixed SPI when acting as initiator of rekeying
Martin Willi [Mon, 19 Jun 2006 09:27:14 +0000 (09:27 -0000)]
fixed SPI when acting as initiator of rekeying

14 years agofixed SPI when rekeying and deleting CHILD_SAs
Martin Willi [Mon, 19 Jun 2006 08:54:19 +0000 (08:54 -0000)]
fixed SPI when rekeying and deleting CHILD_SAs

14 years agochange key derivation order to fullfill RFC
Martin Willi [Mon, 19 Jun 2006 08:11:42 +0000 (08:11 -0000)]
change key derivation order to fullfill RFC

14 years ago(no commit message)
Martin Willi [Fri, 16 Jun 2006 14:10:49 +0000 (14:10 -0000)]

14 years agoadded crl support
Andreas Steffen [Fri, 16 Jun 2006 05:55:30 +0000 (05:55 -0000)]
added crl support

14 years agoadded listcrls
Andreas Steffen [Fri, 16 Jun 2006 05:55:02 +0000 (05:55 -0000)]
added listcrls

14 years agoadded chunk_equals_or_null()
Andreas Steffen [Fri, 16 Jun 2006 05:53:47 +0000 (05:53 -0000)]
added chunk_equals_or_null()

14 years agoadded crl support
Andreas Steffen [Fri, 16 Jun 2006 05:52:52 +0000 (05:52 -0000)]
added crl support

14 years agochanged tabs from 8 to 4 spaces
Andreas Steffen [Fri, 16 Jun 2006 05:52:26 +0000 (05:52 -0000)]
changed tabs from 8 to 4 spaces

14 years agoadded crl support
Andreas Steffen [Fri, 16 Jun 2006 05:51:36 +0000 (05:51 -0000)]
added crl support

14 years agocosmetics
Andreas Steffen [Fri, 16 Jun 2006 05:51:16 +0000 (05:51 -0000)]
cosmetics

14 years agocosmetics (space)
Andreas Steffen [Fri, 16 Jun 2006 05:50:28 +0000 (05:50 -0000)]
cosmetics (space)

14 years agofixed compilation error
Martin Willi [Thu, 15 Jun 2006 13:41:06 +0000 (13:41 -0000)]
fixed compilation error

14 years agoupdated for release
Martin Willi [Thu, 15 Jun 2006 13:23:06 +0000 (13:23 -0000)]
updated for release

14 years agofixed aes code, we support now aes128, aes192, aes256 in IKE
Martin Willi [Thu, 15 Jun 2006 13:14:09 +0000 (13:14 -0000)]
fixed aes code, we support now aes128, aes192, aes256 in IKE

14 years agoadded support for "ike" and "esp" keywords
Martin Willi [Thu, 15 Jun 2006 11:09:11 +0000 (11:09 -0000)]
added support for "ike" and "esp" keywords
fixed bugs in proposal code
algorithm selection for charon works now with ipsec.conf
a lot of other fixes

14 years agoimplemented clean spi allocation behavior when using multiple proposals
Martin Willi [Thu, 15 Jun 2006 11:06:22 +0000 (11:06 -0000)]
implemented clean spi allocation behavior when using multiple proposals

14 years agofixed logleve(l) keyword typo
Martin Willi [Thu, 15 Jun 2006 11:03:41 +0000 (11:03 -0000)]
fixed logleve(l) keyword typo

14 years agohandling of "rekey=no" parameter added
Martin Willi [Thu, 15 Jun 2006 11:02:15 +0000 (11:02 -0000)]
handling of "rekey=no" parameter added

14 years agochanged default algorithms to:
Martin Willi [Thu, 15 Jun 2006 11:01:17 +0000 (11:01 -0000)]
changed default algorithms to:
  ike: aes128-sha-modp2048
  esp: aes128-sha1, 3des-md5

14 years agoadded default CRL directory path
Andreas Steffen [Wed, 14 Jun 2006 12:44:12 +0000 (12:44 -0000)]
added default CRL directory path

14 years agoadded strictcrlpolicy command line argument
Andreas Steffen [Wed, 14 Jun 2006 12:43:51 +0000 (12:43 -0000)]
added strictcrlpolicy command line argument

14 years agoadded option parsing
Andreas Steffen [Wed, 14 Jun 2006 12:42:36 +0000 (12:42 -0000)]
added option parsing