strongswan.git
7 years agostore detected improper OS settings in database
Andreas Steffen [Thu, 29 Nov 2012 23:12:38 +0000 (00:12 +0100)]
store detected improper OS settings in database

7 years agoAdd load-tester NEWS
Martin Willi [Thu, 29 Nov 2012 09:29:17 +0000 (10:29 +0100)]
Add load-tester NEWS

7 years agoStore load-tester address leases in a hashtable for fast removal
Martin Willi [Mon, 12 Nov 2012 15:24:24 +0000 (16:24 +0100)]
Store load-tester address leases in a hashtable for fast removal

7 years agoConsolidated %any(6) host_t parsing
Martin Willi [Mon, 12 Nov 2012 14:58:39 +0000 (15:58 +0100)]
Consolidated %any(6) host_t parsing

7 years agoRemove numeric conversion from resolver, it is done directly in host_t
Martin Willi [Mon, 12 Nov 2012 14:49:48 +0000 (15:49 +0100)]
Remove numeric conversion from resolver, it is done directly in host_t

7 years agohost_create_from_dns() tries a numeric conversion before asking resolver
Martin Willi [Mon, 12 Nov 2012 14:48:48 +0000 (15:48 +0100)]
host_create_from_dns() tries a numeric conversion before asking resolver

7 years agoAdd a host_t constructor from string, but with a specific family
Martin Willi [Mon, 12 Nov 2012 16:10:45 +0000 (17:10 +0100)]
Add a host_t constructor from string, but with a specific family

7 years agoDon't wait while removing external IPs used for load testing
Martin Willi [Mon, 12 Nov 2012 10:14:03 +0000 (11:14 +0100)]
Don't wait while removing external IPs used for load testing

7 years agoInstall virtual IPs via interface name, and use an interface lookup where required
Martin Willi [Mon, 12 Nov 2012 09:06:09 +0000 (10:06 +0100)]
Install virtual IPs via interface name, and use an interface lookup where required

7 years agoload-tester can dynamically install a dedicated external IP for each IKE_SA
Martin Willi [Fri, 9 Nov 2012 14:48:37 +0000 (15:48 +0100)]
load-tester can dynamically install a dedicated external IP for each IKE_SA

For consistency, the local/remote parameters have been replaced by the
initiator/responder options. As initiator, the initiator option can
be overriden by an addrs section taking key/value pairs with address
pools to use on a specific interface.

7 years agoAdd an optional kernel-interface parameter to install IPs with a custom prefix
Martin Willi [Fri, 9 Nov 2012 14:46:58 +0000 (15:46 +0100)]
Add an optional kernel-interface parameter to install IPs with a custom prefix

7 years agoAdd a delay option to load-tester socket
Martin Willi [Fri, 19 Oct 2012 12:54:23 +0000 (14:54 +0200)]
Add a delay option to load-tester socket

7 years agoIndicate message retransmissions while initiating load-test batches
Martin Willi [Fri, 19 Oct 2012 09:36:31 +0000 (11:36 +0200)]
Indicate message retransmissions while initiating load-test batches

7 years agoAdd alerts for sent/received message retransmissions and timeout
Martin Willi [Fri, 19 Oct 2012 09:32:20 +0000 (11:32 +0200)]
Add alerts for sent/received message retransmissions and timeout

7 years agoInitiate each load-testing connection with a fresh peer config
Martin Willi [Fri, 19 Oct 2012 08:57:27 +0000 (10:57 +0200)]
Initiate each load-testing connection with a fresh peer config

7 years agoInitiate IKE_SAs trigger over load-tester socket in parallel
Martin Willi [Fri, 19 Oct 2012 08:47:31 +0000 (10:47 +0200)]
Initiate IKE_SAs trigger over load-tester socket in parallel

7 years agoAdd a simple load-tester utility to initiate over control socket
Martin Willi [Thu, 18 Oct 2012 13:41:44 +0000 (15:41 +0200)]
Add a simple load-tester utility to initiate over control socket

7 years agoAdd a load-tester control socket to manually trigger initiation
Martin Willi [Thu, 18 Oct 2012 13:40:37 +0000 (15:40 +0200)]
Add a load-tester control socket to manually trigger initiation

7 years agoLookip plugin additionally reports the IKE_SA unique identifier
Martin Willi [Thu, 29 Nov 2012 08:53:10 +0000 (09:53 +0100)]
Lookip plugin additionally reports the IKE_SA unique identifier

7 years agoallow update of file hashes
Andreas Steffen [Wed, 28 Nov 2012 22:18:33 +0000 (23:18 +0100)]
allow update of file hashes

7 years agoremoved unused header include
Andreas Steffen [Wed, 28 Nov 2012 13:37:15 +0000 (14:37 +0100)]
removed unused header include

7 years agodifferentiate attestation reason strings
Andreas Steffen [Wed, 28 Nov 2012 13:14:41 +0000 (14:14 +0100)]
differentiate attestation reason strings

7 years agostore collected device information in database
Andreas Steffen [Wed, 28 Nov 2012 09:50:56 +0000 (10:50 +0100)]
store collected device information in database

7 years agoFixed encoding of TLS extensions (elliptic_curves and signature_algorithms)
Tobias Brunner [Wed, 28 Nov 2012 09:18:28 +0000 (10:18 +0100)]
Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)

7 years agostore unique device_id in database
Andreas Steffen [Tue, 27 Nov 2012 22:48:40 +0000 (23:48 +0100)]
store unique device_id in database

7 years agocompleted Polish language version
Ewa Steffen [Fri, 23 Nov 2012 20:45:04 +0000 (21:45 +0100)]
completed Polish language version

7 years agocosmetics
Andreas Steffen [Fri, 23 Nov 2012 17:31:44 +0000 (18:31 +0100)]
cosmetics

7 years agoimplemented output of item lists in remediation instructions
Andreas Steffen [Fri, 23 Nov 2012 17:30:00 +0000 (18:30 +0100)]
implemented output of item lists in remediation instructions

7 years agorefactored reason string and remediation instructions framework
Andreas Steffen [Fri, 23 Nov 2012 11:30:09 +0000 (12:30 +0100)]
refactored reason string and remediation instructions framework

7 years agoDo not send 0.0.0.0/0 traffic selectors as Split-Include Unity attributes
Martin Willi [Wed, 21 Nov 2012 09:08:04 +0000 (10:08 +0100)]
Do not send 0.0.0.0/0 traffic selectors as Split-Include Unity attributes

It seems that iOS devices don't like them.

7 years agoallow the optional sharing if RSA private keys
Andreas Steffen [Wed, 21 Nov 2012 23:34:26 +0000 (00:34 +0100)]
allow the optional sharing if RSA private keys

7 years agoNew Android release after adding shortcuts and confirmation dialog
Tobias Brunner [Wed, 21 Nov 2012 18:07:52 +0000 (19:07 +0100)]
New Android release after adding shortcuts and confirmation dialog

Also fixed some Android 4.2 specific issues.

7 years agoandroid: Don't allow any backup for now
Tobias Brunner [Wed, 21 Nov 2012 18:05:18 +0000 (19:05 +0100)]
android: Don't allow any backup for now

7 years agoandroid: Properly handle exceptions when loading keys/certificates
Tobias Brunner [Wed, 21 Nov 2012 17:54:51 +0000 (18:54 +0100)]
android: Properly handle exceptions when loading keys/certificates

7 years agoandroid: Use the same tag string for all dialogs in MainActivity
Tobias Brunner [Tue, 20 Nov 2012 15:06:39 +0000 (16:06 +0100)]
android: Use the same tag string for all dialogs in MainActivity

7 years agoandroid: Hide previous dialogs when handling a new connection attempt
Tobias Brunner [Tue, 20 Nov 2012 14:47:54 +0000 (15:47 +0100)]
android: Hide previous dialogs when handling a new connection attempt

7 years agoandroid: Show confirmation dialog when starting a profile while already connected
Tobias Brunner [Tue, 20 Nov 2012 14:37:04 +0000 (15:37 +0100)]
android: Show confirmation dialog when starting a profile while already connected

7 years agoandroid: Add the ability to create shortcuts to specific VPN profiles
Tobias Brunner [Wed, 7 Nov 2012 15:09:59 +0000 (16:09 +0100)]
android: Add the ability to create shortcuts to specific VPN profiles

7 years agoandroid: Start a specific VPN profile based on special Intents
Tobias Brunner [Wed, 7 Nov 2012 15:06:30 +0000 (16:06 +0100)]
android: Start a specific VPN profile based on special Intents

7 years agoandroid: Attribute added to display the list of VPN profiles in read-only mode
Tobias Brunner [Wed, 7 Nov 2012 15:02:21 +0000 (16:02 +0100)]
android: Attribute added to display the list of VPN profiles in read-only mode

7 years agoFixed two bugs in logging MSK during EAP-SIM/AKA
Tobias Brunner [Wed, 21 Nov 2012 10:55:55 +0000 (11:55 +0100)]
Fixed two bugs in logging MSK during EAP-SIM/AKA

msk is already a pointer to a chunk_t and it was actually not set yet.

7 years agoadded ike2/rw-eap-md5-class-radius scenario
Andreas Steffen [Wed, 21 Nov 2012 05:05:34 +0000 (06:05 +0100)]
added ike2/rw-eap-md5-class-radius scenario

7 years agoandroid: Show an error if VPN fails due to lock down mode in Android 4.2
Tobias Brunner [Thu, 15 Nov 2012 17:52:18 +0000 (18:52 +0100)]
android: Show an error if VPN fails due to lock down mode in Android 4.2

7 years agoandroid: Add error message as argument to "VPN not supported" dialog
Tobias Brunner [Thu, 15 Nov 2012 17:51:24 +0000 (18:51 +0100)]
android: Add error message as argument to "VPN not supported" dialog

7 years agoandroid: Content providers are not exported by default in Android 4.2
Tobias Brunner [Thu, 15 Nov 2012 16:29:01 +0000 (17:29 +0100)]
android: Content providers are not exported by default in Android 4.2

7 years agoandroid: Set target SDK to 17 (Android 4.2)
Tobias Brunner [Thu, 15 Nov 2012 16:28:33 +0000 (17:28 +0100)]
android: Set target SDK to 17 (Android 4.2)

7 years agoandroid: Private key bug has been fixed with Android 4.2
Tobias Brunner [Thu, 15 Nov 2012 16:25:44 +0000 (17:25 +0100)]
android: Private key bug has been fixed with Android 4.2

7 years agooverwrite sensitive prime with zeroes
Andreas Steffen [Sun, 18 Nov 2012 21:55:22 +0000 (22:55 +0100)]
overwrite sensitive prime with zeroes

7 years agostrndup() requires string.h header file
Andreas Steffen [Sun, 18 Nov 2012 18:41:03 +0000 (19:41 +0100)]
strndup() requires string.h header file

7 years agoimplemented generation of safe primes
Andreas Steffen [Sun, 18 Nov 2012 18:22:31 +0000 (19:22 +0100)]
implemented generation of safe primes

7 years agogenerate reason strings and remediation instructions for improper OS settings
Andreas Steffen [Sun, 18 Nov 2012 10:44:03 +0000 (11:44 +0100)]
generate reason strings and remediation instructions for improper OS settings

7 years agoprecautionary measures
Andreas Steffen [Sat, 17 Nov 2012 13:53:27 +0000 (14:53 +0100)]
precautionary measures

7 years agofixed a memory leak in pacman
Andreas Steffen [Sat, 17 Nov 2012 07:16:53 +0000 (08:16 +0100)]
fixed a memory leak in pacman

7 years agoremoved unused variable
Andreas Steffen [Sat, 17 Nov 2012 07:16:23 +0000 (08:16 +0100)]
removed unused variable

7 years agoAdd an ikesa_limit option to limit number of IKE_SAs as responder
Martin Willi [Fri, 16 Nov 2012 09:27:36 +0000 (10:27 +0100)]
Add an ikesa_limit option to limit number of IKE_SAs as responder

7 years agoPass PLUTO_XAUTH_ID to updown script
Martin Willi [Fri, 16 Nov 2012 08:56:05 +0000 (09:56 +0100)]
Pass PLUTO_XAUTH_ID to updown script

7 years agoversion bump to 5.0.2dr4
Andreas Steffen [Thu, 15 Nov 2012 20:56:27 +0000 (21:56 +0100)]
version bump to 5.0.2dr4

7 years agodiscovered the use of strndup()
Andreas Steffen [Thu, 15 Nov 2012 10:48:57 +0000 (11:48 +0100)]
discovered the use of strndup()

7 years agoimplemented blacklisting of software packages
Andreas Steffen [Wed, 14 Nov 2012 10:38:12 +0000 (11:38 +0100)]
implemented blacklisting of software packages

7 years agolibtnc can be initialized more than once
Martin Willi [Thu, 25 Oct 2012 13:23:49 +0000 (15:23 +0200)]
libtnc can be initialized more than once

7 years agolibcharon can be initialized more than once
Martin Willi [Thu, 25 Oct 2012 12:50:30 +0000 (14:50 +0200)]
libcharon can be initialized more than once

7 years agolibhydra can be initialized more than once
Martin Willi [Thu, 25 Oct 2012 12:44:06 +0000 (14:44 +0200)]
libhydra can be initialized more than once

7 years agolibstrongswan can be initialized more than once
Martin Willi [Thu, 25 Oct 2012 12:33:09 +0000 (14:33 +0200)]
libstrongswan can be initialized more than once

7 years agoLimit recursion when searching for source addresses
Tobias Brunner [Mon, 12 Nov 2012 18:39:34 +0000 (19:39 +0100)]
Limit recursion when searching for source addresses

This could be required if e.g. two default routes list gateways but the
corresponding outbound interfaces do not have any IP addresses on them.

7 years agoDon't call get_route recursively if a route's gateway matches the destination
Tobias Brunner [Mon, 12 Nov 2012 16:12:18 +0000 (17:12 +0100)]
Don't call get_route recursively if a route's gateway matches the destination

7 years agofixed remediation instructions output
Andreas Steffen [Tue, 13 Nov 2012 06:15:46 +0000 (07:15 +0100)]
fixed remediation instructions output

7 years agofixed memory leak
Andreas Steffen [Mon, 12 Nov 2012 12:08:58 +0000 (13:08 +0100)]
fixed memory leak

7 years agofixed typo in strcpy() function call
Andreas Steffen [Mon, 12 Nov 2012 11:31:16 +0000 (12:31 +0100)]
fixed typo in strcpy() function call

7 years agoFix destruction of tcg_pts_attr_file_meas_t when building from encoding
Tobias Brunner [Mon, 12 Nov 2012 11:12:07 +0000 (12:12 +0100)]
Fix destruction of tcg_pts_attr_file_meas_t when building from encoding

7 years agoupdated parameters
Andreas Steffen [Sun, 11 Nov 2012 17:40:03 +0000 (18:40 +0100)]
updated parameters

7 years agoimplemented reason string and remediation instructions for OS IMV
Andreas Steffen [Sun, 11 Nov 2012 17:37:56 +0000 (18:37 +0100)]
implemented reason string and remediation instructions for OS IMV

7 years agoupdated strongswan.conf man page
Andreas Steffen [Sun, 11 Nov 2012 10:05:21 +0000 (11:05 +0100)]
updated strongswan.conf man page

7 years agocentralized processing of assessment information
Andreas Steffen [Sun, 11 Nov 2012 09:51:19 +0000 (10:51 +0100)]
centralized processing of assessment information

7 years agoProperly define TSS_TROUSERS in configure script
Tobias Brunner [Mon, 12 Nov 2012 09:34:04 +0000 (10:34 +0100)]
Properly define TSS_TROUSERS in configure script

7 years agodefine TSS_TROUSERS compile option
Andreas Steffen [Sat, 10 Nov 2012 23:27:55 +0000 (00:27 +0100)]
define TSS_TROUSERS compile option

7 years agoimplemented get_remediation_instructions()
Andreas Steffen [Sat, 10 Nov 2012 22:47:06 +0000 (23:47 +0100)]
implemented get_remediation_instructions()

7 years agoremoved debug output
Andreas Steffen [Sat, 10 Nov 2012 20:37:33 +0000 (21:37 +0100)]
removed debug output

7 years agoimplement a preferred language enumerator
Andreas Steffen [Sat, 10 Nov 2012 20:35:46 +0000 (21:35 +0100)]
implement a preferred language enumerator

7 years agoabort if fatal error is received from peer
Andreas Steffen [Fri, 9 Nov 2012 15:07:03 +0000 (16:07 +0100)]
abort if fatal error is received from peer

7 years agocorrected debug class
Andreas Steffen [Fri, 9 Nov 2012 14:50:10 +0000 (15:50 +0100)]
corrected debug class

7 years agoadded missing method assignments
Andreas Steffen [Fri, 9 Nov 2012 14:08:01 +0000 (15:08 +0100)]
added missing method assignments

7 years agoMade TSS implementation configurable and thereby optional
Tobias Brunner [Thu, 8 Nov 2012 18:31:24 +0000 (19:31 +0100)]
Made TSS implementation configurable and thereby optional

7 years agoadded missing --update parameter
Andreas Steffen [Thu, 8 Nov 2012 10:02:17 +0000 (11:02 +0100)]
added missing --update parameter

7 years agocreated packman daily update script
Andreas Steffen [Thu, 8 Nov 2012 08:19:10 +0000 (09:19 +0100)]
created packman daily update script

7 years agopacman supports differential security updates
Andreas Steffen [Wed, 7 Nov 2012 21:20:39 +0000 (22:20 +0100)]
pacman supports differential security updates

7 years agofixed Android product string
Andreas Steffen [Wed, 7 Nov 2012 13:57:41 +0000 (14:57 +0100)]
fixed Android product string

7 years agoaccumulate package counts over multiple attributes
Andreas Steffen [Wed, 7 Nov 2012 13:20:47 +0000 (14:20 +0100)]
accumulate package counts over multiple attributes

7 years agouse OS type on IMV side
Andreas Steffen [Wed, 7 Nov 2012 12:39:44 +0000 (13:39 +0100)]
use OS type on IMV side

7 years agoInclude 'aggressive' when comparing peer_cfg_t objects
Tobias Brunner [Wed, 7 Nov 2012 11:41:17 +0000 (12:41 +0100)]
Include 'aggressive' when comparing peer_cfg_t objects

7 years agoFixed output of longer debug messages
Tobias Brunner [Wed, 7 Nov 2012 11:38:31 +0000 (12:38 +0100)]
Fixed output of longer debug messages

(v)snprintf(3) returns the length without terminating null byte but the
length given as parameter must include it.

7 years ago'signal' is a keyword in MySQL 5.5
Tobias Brunner [Tue, 6 Nov 2012 13:23:56 +0000 (14:23 +0100)]
'signal' is a keyword in MySQL 5.5

Fixes #251.

7 years agofixed debug output
Andreas Steffen [Mon, 5 Nov 2012 20:56:49 +0000 (21:56 +0100)]
fixed debug output

7 years agoeliminate deinstalled packages
Andreas Steffen [Mon, 5 Nov 2012 20:40:19 +0000 (21:40 +0100)]
eliminate deinstalled packages

7 years agocheck installed packages in OS database
Andreas Steffen [Mon, 5 Nov 2012 20:00:56 +0000 (21:00 +0100)]
check installed packages in OS database

7 years agoDefine and use an OS enumeration type
Andreas Steffen [Mon, 5 Nov 2012 13:48:43 +0000 (14:48 +0100)]
Define and use an OS enumeration type

7 years agocheck if assessment has already been done
Andreas Steffen [Mon, 5 Nov 2012 13:46:50 +0000 (14:46 +0100)]
check if assessment has already been done

7 years agocompute the optimum Installed Packages attribute size
Andreas Steffen [Mon, 5 Nov 2012 11:13:13 +0000 (12:13 +0100)]
compute the optimum Installed Packages attribute size

7 years agoAdded ITA Start/Stop Angel attributes to split bulk data into multiple attributes
Andreas Steffen [Mon, 5 Nov 2012 09:24:12 +0000 (10:24 +0100)]
Added ITA Start/Stop Angel attributes to split bulk data into multiple attributes

7 years agoenumerate over installed Debian/Ubuntu packages
Andreas Steffen [Sun, 4 Nov 2012 22:54:36 +0000 (23:54 +0100)]
enumerate over installed Debian/Ubuntu packages

7 years agodebug output in lower case letters
Andreas Steffen [Sun, 4 Nov 2012 22:52:34 +0000 (23:52 +0100)]
debug output in lower case letters