strongswan.git
9 years agoUse a shortcut to resolve numeric IP addresses (no need for separate threads)
Tobias Brunner [Thu, 18 Oct 2012 07:10:18 +0000 (09:10 +0200)]
Use a shortcut to resolve numeric IP addresses (no need for separate threads)

9 years agoUse native threads in host resolver so that it works even if processor has no threads
Tobias Brunner [Thu, 18 Oct 2012 08:47:51 +0000 (10:47 +0200)]
Use native threads in host resolver so that it works even if processor has no threads

9 years agoTerminate unused resolver threads after a timeout
Tobias Brunner [Thu, 18 Oct 2012 06:46:24 +0000 (08:46 +0200)]
Terminate unused resolver threads after a timeout

9 years agoOnly create more threads if needed in host_resolver_t
Tobias Brunner [Wed, 17 Oct 2012 16:04:33 +0000 (18:04 +0200)]
Only create more threads if needed in host_resolver_t

9 years agoUse a helper function to add milliseconds to timeval structs
Tobias Brunner [Tue, 16 Oct 2012 10:38:54 +0000 (12:38 +0200)]
Use a helper function to add milliseconds to timeval structs

9 years agoandroid: Ignore if peer is unreachable when reestablishing an SA
Tobias Brunner [Tue, 16 Oct 2012 11:41:02 +0000 (13:41 +0200)]
android: Ignore if peer is unreachable when reestablishing an SA

9 years agoandroid: Use a shorter timeout for retransmits
Tobias Brunner [Tue, 16 Oct 2012 10:05:50 +0000 (12:05 +0200)]
android: Use a shorter timeout for retransmits

9 years agoandroid: Use keyingtries=%forever and dpd|closeaction=restart
Tobias Brunner [Tue, 16 Oct 2012 09:50:53 +0000 (11:50 +0200)]
android: Use keyingtries=%forever and dpd|closeaction=restart

We also ignore the CHILD_SA_DOWN event.

This should allow us to keep the connection up as long as the user does
not manually disconnect.

9 years agoResolve hosts by DNS name in separate threads so we can cancel them
Tobias Brunner [Tue, 16 Oct 2012 08:57:02 +0000 (10:57 +0200)]
Resolve hosts by DNS name in separate threads so we can cancel them

getaddrinfo(3) may block a long time so proper termination of the daemon may
block if DNS servers are not reachable.

getaddrinfo(3) is an optional cancellation point in posix threads so it
might still block a shutdown but at least on Android (with the signal based
pthread_cancel implementation) it works, on Linux starter will kill charon
anyway after a while.

9 years agoandroid: Handle unreachable peers via alert
Tobias Brunner [Mon, 15 Oct 2012 12:50:22 +0000 (14:50 +0200)]
android: Handle unreachable peers via alert

9 years agoAdded a new alert that is raised if peer does not respond to initial IKE message
Tobias Brunner [Mon, 15 Oct 2012 11:12:43 +0000 (13:12 +0200)]
Added a new alert that is raised if peer does not respond to initial IKE message

9 years agoandroid: Use 0.0.0.0/0 as local traffic selector
Tobias Brunner [Mon, 15 Oct 2012 09:02:18 +0000 (11:02 +0200)]
android: Use 0.0.0.0/0 as local traffic selector

This is helpful if the responder also wants to tunnel e.g. multicast
packages.

9 years agoLog IP addresses for discarded inbound IPsec packets
Tobias Brunner [Mon, 15 Oct 2012 09:19:34 +0000 (11:19 +0200)]
Log IP addresses for discarded inbound IPsec packets

9 years agoandroid: Bypass/protect previously bypassed sockets if connectivity changes
Tobias Brunner [Thu, 11 Oct 2012 16:48:17 +0000 (18:48 +0200)]
android: Bypass/protect previously bypassed sockets if connectivity changes

9 years agoandroid: Support for IPsec SA update added
Tobias Brunner [Wed, 10 Oct 2012 13:31:24 +0000 (15:31 +0200)]
android: Support for IPsec SA update added

9 years agoUse pointers for lookups in IPsec SA manager
Tobias Brunner [Wed, 10 Oct 2012 17:17:17 +0000 (19:17 +0200)]
Use pointers for lookups in IPsec SA manager

9 years agoIPsec SA manager implements update_sa()
Tobias Brunner [Wed, 10 Oct 2012 13:31:02 +0000 (15:31 +0200)]
IPsec SA manager implements update_sa()

9 years agoSetter for src and destination address of ipsec_sa_t added
Tobias Brunner [Wed, 10 Oct 2012 13:29:25 +0000 (15:29 +0200)]
Setter for src and destination address of ipsec_sa_t added

9 years agoandroid: Trigger roam events in case connectivity changes
Tobias Brunner [Wed, 10 Oct 2012 12:42:12 +0000 (14:42 +0200)]
android: Trigger roam events in case connectivity changes

9 years agoandroid: Register NetworkManager as BroadcastReceiver and relay events via JNI
Tobias Brunner [Wed, 10 Oct 2012 12:14:30 +0000 (14:14 +0200)]
android: Register NetworkManager as BroadcastReceiver and relay events via JNI

9 years agoandroid: Determine source address dynamically
Tobias Brunner [Wed, 10 Oct 2012 10:26:51 +0000 (12:26 +0200)]
android: Determine source address dynamically

9 years agoandroid: Added NetworkManager class which allows to retrieve a local IP address
Tobias Brunner [Wed, 10 Oct 2012 10:10:20 +0000 (12:10 +0200)]
android: Added NetworkManager class which allows to retrieve a local IP address

9 years agoandroid: Increase compile warnings
Tobias Brunner [Wed, 10 Oct 2012 10:11:31 +0000 (12:11 +0200)]
android: Increase compile warnings

9 years agoandroid: Fixed "Configure" button in Android VPN dialog
Tobias Brunner [Wed, 10 Oct 2012 09:56:34 +0000 (11:56 +0200)]
android: Fixed "Configure" button in Android VPN dialog

9 years agoandroid: Don't use the default ESP proposal as it includes unsupported algorithms
Tobias Brunner [Tue, 9 Oct 2012 12:01:33 +0000 (14:01 +0200)]
android: Don't use the default ESP proposal as it includes unsupported algorithms

9 years agoRemove unused this parameter to load_issuer_cert/key(), as it is uninitialized
Martin Willi [Tue, 16 Oct 2012 12:11:14 +0000 (14:11 +0200)]
Remove unused this parameter to load_issuer_cert/key(), as it is uninitialized

9 years agoGenerate a load-tester certificate only for DN or subjectAltName identities
Martin Willi [Mon, 1 Oct 2012 13:38:20 +0000 (15:38 +0200)]
Generate a load-tester certificate only for DN or subjectAltName identities

9 years agoAdd a load-tester initiator_match option to match custom initiator_id
Martin Willi [Mon, 1 Oct 2012 13:14:35 +0000 (15:14 +0200)]
Add a load-tester initiator_match option to match custom initiator_id

9 years agoEncode non-DN load-tester identities as subjectAltNames
Martin Willi [Mon, 1 Oct 2012 13:13:49 +0000 (15:13 +0200)]
Encode non-DN load-tester identities as subjectAltNames

9 years agoAdd a load-tester digest option for issuing peer certificates
Martin Willi [Mon, 1 Oct 2012 12:44:55 +0000 (14:44 +0200)]
Add a load-tester digest option for issuing peer certificates

9 years agoLoad a multiple load-tester CA certificates from a directory
Martin Willi [Mon, 1 Oct 2012 12:34:03 +0000 (14:34 +0200)]
Load a multiple load-tester CA certificates from a directory

9 years agoAdded load-tester options to read issuing CA certificate and key from files
Martin Willi [Mon, 1 Oct 2012 12:01:13 +0000 (14:01 +0200)]
Added load-tester options to read issuing CA certificate and key from files

9 years agoUse proper offset when adding mark attribute in kernel-netlink plugin
Tobias Brunner [Mon, 15 Oct 2012 09:11:29 +0000 (11:11 +0200)]
Use proper offset when adding mark attribute in kernel-netlink plugin

9 years agoAlso add mark when querying current replay state in kernel-netlink plugin
Tobias Brunner [Fri, 12 Oct 2012 16:34:21 +0000 (18:34 +0200)]
Also add mark when querying current replay state in kernel-netlink plugin

9 years agoallow registration of multiple message type
Andreas Steffen [Sun, 14 Oct 2012 15:37:00 +0000 (17:37 +0200)]
allow registration of multiple message type

9 years agoimplemented IETF Operational Status attribute
Andreas Steffen [Sat, 13 Oct 2012 18:34:50 +0000 (20:34 +0200)]
implemented IETF Operational Status attribute

9 years agocorrected class description
Andreas Steffen [Sat, 13 Oct 2012 08:38:10 +0000 (10:38 +0200)]
corrected class description

9 years agoimplemented IETF Factory Default Password Enabled attribute
Andreas Steffen [Fri, 12 Oct 2012 20:04:51 +0000 (22:04 +0200)]
implemented IETF Factory Default Password Enabled attribute

9 years agoadded tnc/tnccs-20-os scenario
Andreas Steffen [Fri, 12 Oct 2012 07:50:15 +0000 (09:50 +0200)]
added tnc/tnccs-20-os scenario

9 years agoimplemented the Forwarding Enabled attribute
Andreas Steffen [Fri, 12 Oct 2012 07:49:44 +0000 (09:49 +0200)]
implemented the Forwarding Enabled attribute

9 years agominor fixes in imc_attestation.c
Andreas Steffen [Thu, 11 Oct 2012 22:53:07 +0000 (00:53 +0200)]
minor fixes in imc_attestation.c

9 years agoFixed update_sa in kernel-netlink plugin if marks are used
Tobias Brunner [Thu, 11 Oct 2012 17:08:47 +0000 (19:08 +0200)]
Fixed update_sa in kernel-netlink plugin if marks are used

9 years agoFixed compilation of android_handler_t
Tobias Brunner [Thu, 11 Oct 2012 09:12:05 +0000 (11:12 +0200)]
Fixed compilation of android_handler_t

9 years agoversion bump to 5.0.2dr1
Andreas Steffen [Thu, 11 Oct 2012 07:21:38 +0000 (09:21 +0200)]
version bump to 5.0.2dr1

9 years agoimplemented os_info_t class
Andreas Steffen [Wed, 10 Oct 2012 19:54:05 +0000 (21:54 +0200)]
implemented os_info_t class

9 years agoRemove outdated TODO information
Martin Willi [Wed, 10 Oct 2012 11:10:28 +0000 (13:10 +0200)]
Remove outdated TODO information

9 years agoimplemented IETF String Version attribute
Andreas Steffen [Wed, 10 Oct 2012 10:30:18 +0000 (12:30 +0200)]
implemented IETF String Version attribute

9 years agorestrict package name and package version number fields to 255 octets
Andreas Steffen [Wed, 10 Oct 2012 07:03:11 +0000 (09:03 +0200)]
restrict package name and package version number fields to 255 octets

9 years agocreated OS IMC/IMV pair
Andreas Steffen [Tue, 9 Oct 2012 21:58:17 +0000 (23:58 +0200)]
created OS IMC/IMV pair

9 years agoimplemented IETF Installed Packages attribute
Andreas Steffen [Tue, 9 Oct 2012 21:28:15 +0000 (23:28 +0200)]
implemented IETF Installed Packages attribute

9 years agofixed PA-TNC error code to Invalid Parameter
Andreas Steffen [Tue, 9 Oct 2012 21:22:03 +0000 (23:22 +0200)]
fixed PA-TNC error code to Invalid Parameter

9 years agocheck for zero product vendor ID and non-zero product ID
Andreas Steffen [Tue, 9 Oct 2012 18:07:51 +0000 (20:07 +0200)]
check for zero product vendor ID and non-zero product ID

9 years agocosmetics
Andreas Steffen [Tue, 9 Oct 2012 18:06:55 +0000 (20:06 +0200)]
cosmetics

9 years agocosmetics
Andreas Steffen [Mon, 8 Oct 2012 17:17:13 +0000 (19:17 +0200)]
cosmetics

9 years agoFix leak of PINs from ipsec.secrets
Martin Willi [Thu, 4 Oct 2012 12:45:10 +0000 (14:45 +0200)]
Fix leak of PINs from ipsec.secrets

9 years agolist multiple files with a given basename but different path names
Andreas Steffen [Mon, 8 Oct 2012 16:56:22 +0000 (18:56 +0200)]
list multiple files with a given basename but different path names

9 years agocheck length of hex-encoded IV
Andreas Steffen [Sun, 7 Oct 2012 15:07:35 +0000 (17:07 +0200)]
check length of hex-encoded IV

9 years agoallow has_noskip_flag to contain TRUE_OR_FALSE
Andreas Steffen [Sun, 7 Oct 2012 14:26:02 +0000 (16:26 +0200)]
allow has_noskip_flag to contain TRUE_OR_FALSE

9 years agofree entry in error case
Andreas Steffen [Sun, 7 Oct 2012 12:08:49 +0000 (14:08 +0200)]
free entry in error case

9 years agotest first and up in the outer while loop
Andreas Steffen [Sun, 7 Oct 2012 10:46:19 +0000 (12:46 +0200)]
test first and up in the outer while loop

9 years agofixed generation of PA-TNC error messages
Andreas Steffen [Sun, 7 Oct 2012 09:37:30 +0000 (11:37 +0200)]
fixed generation of PA-TNC error messages

9 years agoadded some new SHA-512 OIDs
Andreas Steffen [Wed, 3 Oct 2012 13:33:56 +0000 (15:33 +0200)]
added some new SHA-512 OIDs

9 years agoAdd a libfast sendfile() method to send files from disk 5.0.1
Martin Willi [Tue, 2 Oct 2012 13:37:36 +0000 (15:37 +0200)]
Add a libfast sendfile() method to send files from disk

9 years agoInclude all dev headers, even if they are configuration specific
Martin Willi [Tue, 2 Oct 2012 09:38:42 +0000 (11:38 +0200)]
Include all dev headers, even if they are configuration specific

9 years agoversion bump to 5.0.1
Andreas Steffen [Tue, 2 Oct 2012 08:39:43 +0000 (10:39 +0200)]
version bump to 5.0.1

9 years agoEnsure UNSUPPORTED_CRITICAL_PAYLOAD notify contains correct payload type
Tobias Brunner [Fri, 28 Sep 2012 20:31:06 +0000 (22:31 +0200)]
Ensure UNSUPPORTED_CRITICAL_PAYLOAD notify contains correct payload type

9 years agoMake sure hasher exists before trying to destroy it
Tobias Brunner [Fri, 28 Sep 2012 18:57:12 +0000 (20:57 +0200)]
Make sure hasher exists before trying to destroy it

9 years agoMissed one in 6c10cece
Tobias Brunner [Fri, 28 Sep 2012 18:55:40 +0000 (20:55 +0200)]
Missed one in 6c10cece

9 years agoMissed one in 3dcffed6
Tobias Brunner [Fri, 28 Sep 2012 18:50:09 +0000 (20:50 +0200)]
Missed one in 3dcffed6

9 years agoFixed RNG crypto tester
Tobias Brunner [Fri, 28 Sep 2012 17:13:40 +0000 (19:13 +0200)]
Fixed RNG crypto tester

9 years agoRequest is never NULL when responding with an INFORMATIONAL message
Tobias Brunner [Fri, 28 Sep 2012 17:10:03 +0000 (19:10 +0200)]
Request is never NULL when responding with an INFORMATIONAL message

9 years agoFixed check for rng in session ID creation of libfast
Tobias Brunner [Fri, 28 Sep 2012 17:07:53 +0000 (19:07 +0200)]
Fixed check for rng in session ID creation of libfast

9 years agoCompleted state handling in isakmp_cert_pre
Tobias Brunner [Fri, 28 Sep 2012 17:01:09 +0000 (19:01 +0200)]
Completed state handling in isakmp_cert_pre

Should not be a problem, but makes static analyzers happy.

9 years agoAdded missing break statements in NAT-T mapping handling in PF_KEY plugin
Tobias Brunner [Fri, 28 Sep 2012 16:57:56 +0000 (18:57 +0200)]
Added missing break statements in NAT-T mapping handling in PF_KEY plugin

9 years agoAdded missing break when building TLS cipher suites
Tobias Brunner [Fri, 28 Sep 2012 16:55:40 +0000 (18:55 +0200)]
Added missing break when building TLS cipher suites

9 years agoMake sure we successfully opened xfrm_acq_expires
Tobias Brunner [Fri, 28 Sep 2012 16:54:28 +0000 (18:54 +0200)]
Make sure we successfully opened xfrm_acq_expires

9 years agoAdded missing continue statement in ha socket error handling
Tobias Brunner [Fri, 28 Sep 2012 16:52:00 +0000 (18:52 +0200)]
Added missing continue statement in ha socket error handling

9 years agoFixed snprintf check in tnc-ifmap plugin
Tobias Brunner [Fri, 28 Sep 2012 16:49:16 +0000 (18:49 +0200)]
Fixed snprintf check in tnc-ifmap plugin

9 years agoMake static analyzers happy when parsing hosts from sockaddr_t
Tobias Brunner [Fri, 28 Sep 2012 16:35:26 +0000 (18:35 +0200)]
Make static analyzers happy when parsing hosts from sockaddr_t

9 years agoClarified code when hashing/comparing cached policies in kernel-netlink
Tobias Brunner [Fri, 28 Sep 2012 16:30:16 +0000 (18:30 +0200)]
Clarified code when hashing/comparing cached policies in kernel-netlink

9 years agoAvoid overrunning array when registering pki command line options
Tobias Brunner [Fri, 28 Sep 2012 16:22:54 +0000 (18:22 +0200)]
Avoid overrunning array when registering pki command line options

9 years agoUse %x to print uint32 as long ints are 64-bit long on x64 Linux
Tobias Brunner [Fri, 28 Sep 2012 16:09:08 +0000 (18:09 +0200)]
Use %x to print uint32 as long ints are 64-bit long on x64 Linux

9 years agoMake sure first argument is an int when using %.*s to print e.g. chunks
Tobias Brunner [Fri, 28 Sep 2012 16:01:49 +0000 (18:01 +0200)]
Make sure first argument is an int when using %.*s to print e.g. chunks

9 years agoAvoid memory leak when sending RADIUS accounting start message failed
Tobias Brunner [Fri, 28 Sep 2012 15:43:02 +0000 (17:43 +0200)]
Avoid memory leak when sending RADIUS accounting start message failed

9 years agoEnsure that pipe is closed when calling resolvconf(8)
Tobias Brunner [Fri, 28 Sep 2012 15:33:24 +0000 (17:33 +0200)]
Ensure that pipe is closed when calling resolvconf(8)

9 years agoAvoid memory leak when failing to read file metadata
Tobias Brunner [Fri, 28 Sep 2012 15:10:19 +0000 (17:10 +0200)]
Avoid memory leak when failing to read file metadata

9 years agoThe this->data member is never NULL
Tobias Brunner [Fri, 28 Sep 2012 15:08:16 +0000 (17:08 +0200)]
The this->data member is never NULL

9 years agoUse proper argument for sizeof when copying replay state
Tobias Brunner [Fri, 28 Sep 2012 15:00:20 +0000 (17:00 +0200)]
Use proper argument for sizeof when copying replay state

9 years agoAlgorithm names are not always static anymore, avoid string overflows
Tobias Brunner [Fri, 28 Sep 2012 14:42:50 +0000 (16:42 +0200)]
Algorithm names are not always static anymore, avoid string overflows

9 years agoCorrectly initialize payload length of encrypted payload
Tobias Brunner [Fri, 28 Sep 2012 14:30:26 +0000 (16:30 +0200)]
Correctly initialize payload length of encrypted payload

9 years agoThe eap argument of send_response is never NULL
Tobias Brunner [Fri, 28 Sep 2012 14:16:33 +0000 (16:16 +0200)]
The eap argument of send_response is never NULL

9 years agoProperly initialize sockaddr_in struct in fast and dhcp plugins
Tobias Brunner [Fri, 28 Sep 2012 14:03:09 +0000 (16:03 +0200)]
Properly initialize sockaddr_in struct in fast and dhcp plugins

9 years agoProperly initialize ima flag when adding file measurements
Tobias Brunner [Fri, 28 Sep 2012 13:51:39 +0000 (15:51 +0200)]
Properly initialize ima flag when adding file measurements

9 years agoProperly initialize chunk for PCR value in case of errors
Tobias Brunner [Fri, 28 Sep 2012 13:49:19 +0000 (15:49 +0200)]
Properly initialize chunk for PCR value in case of errors

9 years agoInitialize g and p in create_dh factory method
Tobias Brunner [Fri, 28 Sep 2012 13:48:09 +0000 (15:48 +0200)]
Initialize g and p in create_dh factory method

9 years agoProperly initialize chunk for extension OID when parsing CRLs
Tobias Brunner [Fri, 28 Sep 2012 13:39:37 +0000 (15:39 +0200)]
Properly initialize chunk for extension OID when parsing CRLs

9 years agoFix parsing of IPv6 headers in ip_packet_t
Tobias Brunner [Fri, 28 Sep 2012 13:15:07 +0000 (15:15 +0200)]
Fix parsing of IPv6 headers in ip_packet_t

9 years agoProperly cleanup varargs in LDAP fetcher's set_option()
Tobias Brunner [Fri, 28 Sep 2012 13:13:17 +0000 (15:13 +0200)]
Properly cleanup varargs in LDAP fetcher's set_option()

9 years agoProperly cleanup varargs in enumerators of both SQL backends
Tobias Brunner [Fri, 28 Sep 2012 13:10:29 +0000 (15:10 +0200)]
Properly cleanup varargs in enumerators of both SQL backends

9 years agoAllow replay windows smaller than the default of 32
Tobias Brunner [Thu, 27 Sep 2012 10:25:43 +0000 (12:25 +0200)]
Allow replay windows smaller than the default of 32