strongswan.git
8 years ago"this" removed from comments.
Tobias Brunner [Thu, 19 May 2011 12:00:49 +0000 (14:00 +0200)]
"this" removed from comments.

8 years agoRecord the history of a policy installed in the kernel.
Tobias Brunner [Fri, 13 May 2011 15:08:11 +0000 (17:08 +0200)]
Record the history of a policy installed in the kernel.

This allows to properly delete a policy e.g. if reauth=yes and
auto=route, because reqids are increased during reauthentication.

It also avoids overriding an installed policy with a trap policy.

8 years agoAdd the reqid to kernel_ipsec_t.del_policy.
Tobias Brunner [Fri, 13 May 2011 10:50:29 +0000 (12:50 +0200)]
Add the reqid to kernel_ipsec_t.del_policy.

8 years agoAdded a replace function to linked_list_t.
Tobias Brunner [Fri, 13 May 2011 09:52:49 +0000 (11:52 +0200)]
Added a replace function to linked_list_t.

8 years agoAdded an insert_after and insert_before function to linked_list_t.
Tobias Brunner [Fri, 13 May 2011 09:51:58 +0000 (11:51 +0200)]
Added an insert_after and insert_before function to linked_list_t.

8 years agoMigrated linked_list_t to INIT/METHOD macros.
Tobias Brunner [Fri, 13 May 2011 08:56:31 +0000 (10:56 +0200)]
Migrated linked_list_t to INIT/METHOD macros.

8 years agoCache the most recent reqid in the PF_KEY kernel interface.
Tobias Brunner [Tue, 10 May 2011 12:00:03 +0000 (14:00 +0200)]
Cache the most recent reqid in the PF_KEY kernel interface.

This makes the PF_KEY kernel interface behave the same as the Netlink
kernel interface.

8 years agocorrected description of shunt-policies scenario
Andreas Steffen [Tue, 5 Jul 2011 20:07:42 +0000 (22:07 +0200)]
corrected description of shunt-policies scenario

8 years agoinstall PASS and DROP shunt policies via PFKEYv2 interface
Andreas Steffen [Tue, 5 Jul 2011 19:57:27 +0000 (21:57 +0200)]
install PASS and DROP shunt policies via PFKEYv2 interface

8 years agoAdded news about library dir change.
Tobias Brunner [Tue, 5 Jul 2011 13:26:50 +0000 (15:26 +0200)]
Added news about library dir change.

8 years agoDon't install the libraries directly in lib/.
Tobias Brunner [Wed, 8 Jun 2011 13:49:15 +0000 (15:49 +0200)]
Don't install the libraries directly in lib/.

Instead use a subdirectory (prefix/lib/ipsec by default). Also moved the
plugins from libexec to a subdirectory of that dir.

8 years agoignore ports of IPv4 and IPv6 loopback interfaces
Andreas Steffen [Tue, 5 Jul 2011 07:16:01 +0000 (09:16 +0200)]
ignore ports of IPv4 and IPv6 loopback interfaces

8 years agofixed UTF-8 representation of polish reason string
Andreas Steffen [Tue, 5 Jul 2011 05:44:46 +0000 (07:44 +0200)]
fixed UTF-8 representation of polish reason string

8 years agoversion bump to 4.5.3dr8
Andreas Steffen [Tue, 5 Jul 2011 05:37:36 +0000 (07:37 +0200)]
version bump to 4.5.3dr8

8 years agodelete orphan file
Andreas Steffen [Mon, 4 Jul 2011 21:02:06 +0000 (23:02 +0200)]
delete orphan file

8 years agostart and stop apache server on dave
Andreas Steffen [Mon, 4 Jul 2011 20:40:46 +0000 (22:40 +0200)]
start and stop apache server on dave

8 years agoadded ITA Scanner IMC/IMV pair to tnccs-11-radius-block scenario
Andreas Steffen [Mon, 4 Jul 2011 20:32:34 +0000 (22:32 +0200)]
added ITA Scanner IMC/IMV pair to tnccs-11-radius-block scenario

8 years agofixed debug statement
Andreas Steffen [Mon, 4 Jul 2011 20:27:46 +0000 (22:27 +0200)]
fixed debug statement

8 years agoadded ITA Scanner IMC/IMV pair to tnccs-20 and tnccs-20-block scenarios
Andreas Steffen [Mon, 4 Jul 2011 19:44:22 +0000 (21:44 +0200)]
added ITA Scanner IMC/IMV pair to tnccs-20 and tnccs-20-block scenarios

8 years agoadded ITA Scanner IMC/IMV pair which detects open server ports on TNC clients
Andreas Steffen [Mon, 4 Jul 2011 19:40:25 +0000 (21:40 +0200)]
added ITA Scanner IMC/IMV pair which detects open server ports on TNC clients

8 years agoadded support if the IETF port filter attribute
Andreas Steffen [Fri, 1 Jul 2011 16:10:33 +0000 (18:10 +0200)]
added support if the IETF port filter attribute

8 years agoagain a bitwise or is required
Andreas Steffen [Thu, 30 Jun 2011 20:26:36 +0000 (22:26 +0200)]
again a bitwise or is required

8 years agoversion bump to 4.5.3dr7
Andreas Steffen [Wed, 29 Jun 2011 14:51:33 +0000 (16:51 +0200)]
version bump to 4.5.3dr7

8 years agofixed sql/shunt-policies scenario
Andreas Steffen [Wed, 29 Jun 2011 06:23:58 +0000 (08:23 +0200)]
fixed sql/shunt-policies scenario

8 years agoimplemented PASS and DROP shunt policies
Andreas Steffen [Tue, 28 Jun 2011 17:42:54 +0000 (19:42 +0200)]
implemented PASS and DROP shunt policies

8 years agoInitialize trap_manager listener with INIT macro, too
Martin Willi [Tue, 28 Jun 2011 15:19:20 +0000 (17:19 +0200)]
Initialize trap_manager listener with INIT macro, too

8 years agoMigrated trap_manager_t to INIT/METHOD macros
Andreas Steffen [Tue, 28 Jun 2011 12:42:29 +0000 (14:42 +0200)]
Migrated trap_manager_t to INIT/METHOD macros

8 years agoversion bump to 4.5.3dr6
Andreas Steffen [Mon, 27 Jun 2011 20:35:20 +0000 (22:35 +0200)]
version bump to 4.5.3dr6

8 years agooops, should have been a bitwise and
Andreas Steffen [Sat, 25 Jun 2011 12:57:49 +0000 (14:57 +0200)]
oops, should have been a bitwise and

8 years agofixed copy-and-paste error
Andreas Steffen [Sat, 25 Jun 2011 12:21:20 +0000 (14:21 +0200)]
fixed copy-and-paste error

8 years agooutput all known PA-TNC subtype names
Andreas Steffen [Fri, 24 Jun 2011 15:31:47 +0000 (17:31 +0200)]
output all known PA-TNC subtype names

8 years agoadded tnc/tnccs-20-server-retry scenario
Andreas Steffen [Thu, 23 Jun 2011 17:59:27 +0000 (19:59 +0200)]
added tnc/tnccs-20-server-retry scenario

8 years agorenamed tncss-20-retry scenario to tnccs-20-client-retry
Andreas Steffen [Thu, 23 Jun 2011 17:59:00 +0000 (19:59 +0200)]
renamed tncss-20-retry scenario to tnccs-20-client-retry

8 years agorefactoring of change_state()
Andreas Steffen [Thu, 23 Jun 2011 17:52:30 +0000 (19:52 +0200)]
refactoring of change_state()

8 years agoimplemented server-initiated handshake retry in IMC/IMV Test pair
Andreas Steffen [Thu, 23 Jun 2011 13:23:53 +0000 (15:23 +0200)]
implemented server-initiated handshake retry in IMC/IMV Test pair

8 years agonotify IMVs about handshake retries
Andreas Steffen [Thu, 23 Jun 2011 13:22:41 +0000 (15:22 +0200)]
notify IMVs about handshake retries

8 years agoversion bump to 4.5.3dr5
Andreas Steffen [Sun, 19 Jun 2011 21:27:43 +0000 (23:27 +0200)]
version bump to 4.5.3dr5

8 years agoadded libimcv options to strongswan.conf
Andreas Steffen [Sat, 18 Jun 2011 12:08:37 +0000 (14:08 +0200)]
added libimcv options to strongswan.conf

8 years agosome cosmetics
Andreas Steffen [Thu, 16 Jun 2011 09:34:52 +0000 (11:34 +0200)]
some cosmetics

8 years agofixed XML parsing of TNCCS 1.1 ReasonString message
Andreas Steffen [Thu, 16 Jun 2011 09:30:38 +0000 (11:30 +0200)]
fixed XML parsing of TNCCS 1.1 ReasonString message

8 years agorestablish the lost links to the TNC@FHH project
Andreas Steffen [Wed, 15 Jun 2011 12:16:58 +0000 (14:16 +0200)]
restablish the lost links to the TNC@FHH project

8 years agofixed some descriptions
Andreas Steffen [Wed, 15 Jun 2011 12:07:16 +0000 (14:07 +0200)]
fixed some descriptions

8 years agoadded the tnc/tnccs-20-retry scenario
Andreas Steffen [Wed, 15 Jun 2011 12:06:48 +0000 (14:06 +0200)]
added the tnc/tnccs-20-retry scenario

8 years agoclear reason strings after delivering them
Andreas Steffen [Wed, 15 Jun 2011 11:53:53 +0000 (13:53 +0200)]
clear reason strings after delivering them

8 years agoimplemented handshake retry on the client side
Andreas Steffen [Wed, 15 Jun 2011 11:09:19 +0000 (13:09 +0200)]
implemented handshake retry on the client side

8 years agoWe actually need to link against libz, as neo libraries are often static
Martin Willi [Wed, 15 Jun 2011 10:23:21 +0000 (12:23 +0200)]
We actually need to link against libz, as neo libraries are often static

This reverts commit 3c0630a797a18ad353167e56feb21476b4553834.

8 years agoSet cookies for the complete domain
Martin Willi [Wed, 15 Jun 2011 10:22:41 +0000 (12:22 +0200)]
Set cookies for the complete domain

8 years agoMigrated libfast to INIT/METHOD macros
Martin Willi [Wed, 15 Jun 2011 09:25:53 +0000 (11:25 +0200)]
Migrated libfast to INIT/METHOD macros

8 years agoadded missing single quotes
Andreas Steffen [Tue, 14 Jun 2011 15:26:54 +0000 (17:26 +0200)]
added missing single quotes

8 years agofixed the IF-TNCCS 1.1 ReasonString XML encoding
Andreas Steffen [Tue, 14 Jun 2011 13:58:03 +0000 (15:58 +0200)]
fixed the IF-TNCCS 1.1 ReasonString XML encoding

8 years agosend a reason string only if action recommendation is not allow
Andreas Steffen [Tue, 14 Jun 2011 13:45:34 +0000 (15:45 +0200)]
send a reason string only if action recommendation is not allow

8 years agocosmetics
Andreas Steffen [Tue, 14 Jun 2011 12:26:05 +0000 (14:26 +0200)]
cosmetics

8 years agoeat trailing space in preferred language string
Andreas Steffen [Mon, 13 Jun 2011 21:01:28 +0000 (23:01 +0200)]
eat trailing space in preferred language string

8 years agosupport multiple language preferences
Andreas Steffen [Mon, 13 Jun 2011 13:58:27 +0000 (15:58 +0200)]
support multiple language preferences

8 years agoimplemented sending of reason strings
Andreas Steffen [Mon, 13 Jun 2011 13:31:34 +0000 (15:31 +0200)]
implemented sending of reason strings

8 years agoadded missing single quotes
Andreas Steffen [Mon, 13 Jun 2011 13:29:43 +0000 (15:29 +0200)]
added missing single quotes

8 years agofixed length check
Andreas Steffen [Sun, 12 Jun 2011 19:49:53 +0000 (21:49 +0200)]
fixed length check

8 years agoversion bump to 4.5.3dr4
Andreas Steffen [Fri, 10 Jun 2011 05:45:40 +0000 (07:45 +0200)]
version bump to 4.5.3dr4

8 years agounfinished MS SoH Request
Andreas Steffen [Thu, 9 Jun 2011 06:56:45 +0000 (08:56 +0200)]
unfinished MS SoH Request

8 years agoCOPYING updated to the most current version (address was incorrect).
Tobias Brunner [Wed, 8 Jun 2011 14:32:30 +0000 (16:32 +0200)]
COPYING updated to the most current version (address was incorrect).

8 years agoFix integrity checks with monolithic build.
Tobias Brunner [Wed, 8 Jun 2011 13:46:07 +0000 (15:46 +0200)]
Fix integrity checks with monolithic build.

8 years agoPrevent deadlock while shutting down thread pool.
Tobias Brunner [Wed, 8 Jun 2011 08:52:05 +0000 (10:52 +0200)]
Prevent deadlock while shutting down thread pool.

During destruction the main thread locks the mutex in processor_t and
waits on a condvar for threads to have terminated.  Because the mutex
has also to be locked to decrement the thread count the condvar cannot
be signaled before doing that as otherwise the main thread might already
be waiting to join the threads while locking the mutex and thus causing
a deadlock.

8 years agoProperly print time differences.
Tobias Brunner [Tue, 7 Jun 2011 15:16:01 +0000 (17:16 +0200)]
Properly print time differences.

time_t is not necessarily of type int.

8 years agoUse proper printf specifiers to print u_int64_t and uintptr_t.
Tobias Brunner [Tue, 7 Jun 2011 15:13:48 +0000 (17:13 +0200)]
Use proper printf specifiers to print u_int64_t and uintptr_t.

8 years agoFix compilation with GCC 4.6.
Laurent Bigonville [Tue, 7 Jun 2011 13:45:18 +0000 (15:45 +0200)]
Fix compilation with GCC 4.6.

8 years agoexplicitly activate use of TNC headers
Andreas Steffen [Tue, 7 Jun 2011 10:19:23 +0000 (12:19 +0200)]
explicitly activate use of TNC headers

8 years agoAdded documentation and NEWS for closeaction
Martin Willi [Tue, 7 Jun 2011 10:03:45 +0000 (12:03 +0200)]
Added documentation and NEWS for closeaction

8 years agoAdd a closeaction ipsec.conf keyword to configure close action
Martin Willi [Tue, 7 Jun 2011 09:37:15 +0000 (11:37 +0200)]
Add a closeaction ipsec.conf keyword to configure close action

8 years agoseparated tncif_names from standard TCG TNC header files
Andreas Steffen [Mon, 6 Jun 2011 18:36:58 +0000 (20:36 +0200)]
separated tncif_names from standard TCG TNC header files

8 years agonearly completed PA-TNC error handling
Andreas Steffen [Sun, 5 Jun 2011 21:24:48 +0000 (23:24 +0200)]
nearly completed PA-TNC error handling

8 years agoshow PB-PA message type/subtype
Andreas Steffen [Sun, 5 Jun 2011 13:46:01 +0000 (15:46 +0200)]
show PB-PA message type/subtype

8 years agocosmetics
Andreas Steffen [Sun, 5 Jun 2011 13:06:55 +0000 (15:06 +0200)]
cosmetics

8 years agoversion bump to 4.5.3dr3
Andreas Steffen [Sun, 5 Jun 2011 12:55:18 +0000 (14:55 +0200)]
version bump to 4.5.3dr3

8 years agoenum names for ietf_attr_t
Andreas Steffen [Sun, 5 Jun 2011 12:17:47 +0000 (14:17 +0200)]
enum names for ietf_attr_t

8 years agomap action recommendation codes to PB access recommendation codes
Andreas Steffen [Sun, 5 Jun 2011 10:27:20 +0000 (12:27 +0200)]
map action recommendation codes to PB access recommendation codes

8 years agoadded a reference count for PA-TNC attributes
Andreas Steffen [Fri, 3 Jun 2011 14:39:27 +0000 (16:39 +0200)]
added a reference count for PA-TNC attributes

8 years agoCheck if colliding task has actually a CHILD, i.e. after a migrate
Martin Willi [Wed, 1 Jun 2011 13:57:29 +0000 (13:57 +0000)]
Check if colliding task has actually a CHILD, i.e. after a migrate

8 years agoFix alignement compiler warning
Martin Willi [Wed, 1 Jun 2011 12:12:35 +0000 (14:12 +0200)]
Fix alignement compiler warning

8 years agolink to the TNC@FHH project
Andreas Steffen [Fri, 3 Jun 2011 06:36:57 +0000 (08:36 +0200)]
link to the TNC@FHH project

8 years agofixed sleep command in ikev1/esp-ah-tunnel scenario
Andreas Steffen [Fri, 3 Jun 2011 05:05:43 +0000 (07:05 +0200)]
fixed sleep command in ikev1/esp-ah-tunnel scenario

8 years agoactive and passive IKEv2 hosts changed again
Andreas Steffen [Thu, 2 Jun 2011 23:47:25 +0000 (01:47 +0200)]
active and passive IKEv2 hosts changed again

8 years agomoved TNC scenarios to tnc folder
Andreas Steffen [Thu, 2 Jun 2011 22:47:20 +0000 (00:47 +0200)]
moved TNC scenarios to tnc folder

8 years agocorrectly destroy the hosts
Andreas Steffen [Thu, 2 Jun 2011 22:43:47 +0000 (00:43 +0200)]
correctly destroy the hosts

8 years agofixed subnet to string conversion by using ts_to_subnet()
Andreas Steffen [Thu, 2 Jun 2011 22:26:39 +0000 (00:26 +0200)]
fixed subnet to string conversion by using ts_to_subnet()

8 years agofixed IP range to subnet conversion in ts_to_subnet()
Andreas Steffen [Thu, 2 Jun 2011 22:19:22 +0000 (00:19 +0200)]
fixed IP range to subnet conversion in ts_to_subnet()

8 years agoikev2/rw-eap-tnc-11-radius scenario now uses a PA-TNC IMC/IMV pair
Andreas Steffen [Thu, 2 Jun 2011 10:36:27 +0000 (12:36 +0200)]
ikev2/rw-eap-tnc-11-radius scenario now uses a PA-TNC IMC/IMV pair

8 years agostreamlined libimcv debug output
Andreas Steffen [Thu, 2 Jun 2011 10:19:03 +0000 (12:19 +0200)]
streamlined libimcv debug output

8 years agoset configuration of imv_test with each TNC handshake
Andreas Steffen [Thu, 2 Jun 2011 09:37:27 +0000 (11:37 +0200)]
set configuration of imv_test with each TNC handshake

8 years agoconfigure IMC/IMV pairs as libimcv plugins
Andreas Steffen [Thu, 2 Jun 2011 08:24:31 +0000 (10:24 +0200)]
configure IMC/IMV pairs as libimcv plugins

8 years agoconfigure libimcv debug output via strongswan.conf
Andreas Steffen [Thu, 2 Jun 2011 07:59:46 +0000 (09:59 +0200)]
configure libimcv debug output via strongswan.conf

8 years agodisable leak_detective in ikev2/rw-eap-tnc-11-radius scenario
Andreas Steffen [Wed, 1 Jun 2011 20:17:32 +0000 (22:17 +0200)]
disable leak_detective in ikev2/rw-eap-tnc-11-radius scenario

8 years agooutput strongswan.conf and daemon.log on RADIUS hosts with strongSwan IMV
Andreas Steffen [Wed, 1 Jun 2011 19:38:03 +0000 (21:38 +0200)]
output strongswan.conf and daemon.log on RADIUS hosts with strongSwan IMV

8 years agoinitialize libstrongswan in dynamic stand-alone libimcv-based libraries
Andreas Steffen [Wed, 1 Jun 2011 18:59:25 +0000 (20:59 +0200)]
initialize libstrongswan in dynamic stand-alone libimcv-based libraries

8 years agostarted error handling of PA-TNC protocol
Andreas Steffen [Wed, 1 Jun 2011 14:33:09 +0000 (16:33 +0200)]
started error handling of PA-TNC protocol

8 years agomake IMC/IMV pairs independent of libcharon
Andreas Steffen [Wed, 1 Jun 2011 14:32:01 +0000 (16:32 +0200)]
make IMC/IMV pairs independent of libcharon

8 years agoLoad af-alg with higher priority
Martin Willi [Tue, 31 May 2011 11:58:55 +0000 (13:58 +0200)]
Load af-alg with higher priority

8 years agoProvide recursive mutex' just in case the PKCS#11 library requires it
Martin Willi [Fri, 27 May 2011 14:07:58 +0000 (16:07 +0200)]
Provide recursive mutex' just in case the PKCS#11 library requires it

8 years agolibfast does not depend on zlib directly, clearsilver can be built without compressio...
Martin Willi [Fri, 27 May 2011 13:58:35 +0000 (15:58 +0200)]
libfast does not depend on zlib directly, clearsilver can be built without compression support

8 years agoInclude m4/config directory in git, supporting autoregen -i of a fresh clone
Martin Willi [Fri, 27 May 2011 13:14:23 +0000 (15:14 +0200)]
Include m4/config directory in git, supporting autoregen -i of a fresh clone

8 years agodo not checksum IMC/IMV plugins
Andreas Steffen [Wed, 1 Jun 2011 07:22:12 +0000 (09:22 +0200)]
do not checksum IMC/IMV plugins