strongswan.git
11 years agoadd a compatible memrchr() function if the platform does not support it (e.g. old...
Andreas Steffen [Fri, 9 Jan 2009 01:19:45 +0000 (01:19 -0000)]
add a compatible memrchr() function if the platform does not support it (e.g. old glibc). Patch courtesy to Thomas Jarosch

11 years agothe Linux 2.6.28 uml guest kernel does not need any patches
Andreas Steffen [Fri, 9 Jan 2009 00:28:47 +0000 (00:28 -0000)]
the Linux 2.6.28 uml guest kernel does not need any patches

11 years agotest of ipsec leases command in ikev2/ip-pool and ikev2/ip-two-pools scenarios
Andreas Steffen [Fri, 9 Jan 2009 00:24:54 +0000 (00:24 -0000)]
test of ipsec leases command in ikev2/ip-pool and ikev2/ip-two-pools scenarios

11 years agoversion bump to 2.4.11
Andreas Steffen [Thu, 8 Jan 2009 22:23:42 +0000 (22:23 -0000)]
version bump to 2.4.11

11 years agoadapted ikev2/ip-pool-wish scenario to the new stroke ip pool function
Andreas Steffen [Thu, 8 Jan 2009 21:41:07 +0000 (21:41 -0000)]
adapted ikev2/ip-pool-wish scenario to the new stroke ip pool function

11 years agofixed two bugs introduced by the stroke ip pool refactoring 4.2.10
Andreas Steffen [Thu, 8 Jan 2009 21:34:44 +0000 (21:34 -0000)]
fixed two bugs introduced by the stroke ip pool refactoring

11 years agoincrease nonce size to 32 bytes, required when using SHA384/512 PRFs
Martin Willi [Wed, 31 Dec 2008 08:58:49 +0000 (08:58 -0000)]
increase nonce size to 32 bytes, required when using SHA384/512 PRFs

11 years agomissing LOGFILE in debug statement
Andreas Steffen [Tue, 23 Dec 2008 06:35:16 +0000 (06:35 -0000)]
missing LOGFILE in debug statement

11 years agoadded some NEWS for 4.2.10
Martin Willi [Mon, 22 Dec 2008 12:48:50 +0000 (12:48 -0000)]
added some NEWS for 4.2.10

11 years agofixed a potential memory leak when reusing mobike task
Martin Willi [Fri, 19 Dec 2008 14:34:40 +0000 (14:34 -0000)]
fixed a potential memory leak when reusing mobike task

11 years agoRNG tests based on FIPS 140-1
Martin Willi [Thu, 18 Dec 2008 16:24:22 +0000 (16:24 -0000)]
RNG tests based on FIPS 140-1

11 years agosupport for Padlock RNG
Martin Willi [Thu, 18 Dec 2008 16:21:05 +0000 (16:21 -0000)]
support for Padlock RNG

11 years agoproper feature probing for padlock
Martin Willi [Wed, 17 Dec 2008 15:40:01 +0000 (15:40 -0000)]
proper feature probing for padlock

11 years agocorrect use of calloc in hashtable_t
Tobias Brunner [Wed, 17 Dec 2008 09:56:05 +0000 (09:56 -0000)]
correct use of calloc in hashtable_t

11 years agoupdated documentation
Martin Willi [Wed, 17 Dec 2008 09:00:22 +0000 (09:00 -0000)]
updated documentation
some minor cleanups
calloc does not need an additional memset(0)

11 years agoimproved IKE_SA uniqueness check
Tobias Brunner [Tue, 16 Dec 2008 17:21:28 +0000 (17:21 -0000)]
improved IKE_SA uniqueness check

11 years agopurge certificates after IKE_AUTH response has been built
Martin Willi [Tue, 16 Dec 2008 15:48:36 +0000 (15:48 -0000)]
purge certificates after IKE_AUTH response has been built

11 years agoreimplemented certificate cache:
Martin Willi [Mon, 15 Dec 2008 15:41:48 +0000 (15:41 -0000)]
reimplemented certificate cache:
fixes unsafe certificate caching
use fixed array instead of a list
fine grained per-slot locking
use cache hits for housekeeping

11 years agosignal each entry condvar after enumeration, required if wait_for_entry is called
Martin Willi [Mon, 15 Dec 2008 09:19:04 +0000 (09:19 -0000)]
signal each entry condvar after enumeration, required if wait_for_entry is called

11 years agoadded an additional frame to lock profiling backtraces
Martin Willi [Mon, 15 Dec 2008 09:13:43 +0000 (09:13 -0000)]
added an additional frame to lock profiling backtraces

11 years agodo not respawn cancelled threads if we are shutting down
Martin Willi [Fri, 12 Dec 2008 15:57:12 +0000 (15:57 -0000)]
do not respawn cancelled threads if we are shutting down

11 years agofixed possible deadlock in checkin_and_destroy
Martin Willi [Fri, 12 Dec 2008 10:40:45 +0000 (10:40 -0000)]
fixed possible deadlock in checkin_and_destroy

11 years agoavoid DNS lookup if possible
Martin Willi [Fri, 12 Dec 2008 10:38:53 +0000 (10:38 -0000)]
avoid DNS lookup if possible

11 years agoexecute events if difference is 0, prevents a busywait
Martin Willi [Fri, 12 Dec 2008 09:16:31 +0000 (09:16 -0000)]
execute events if difference is 0, prevents a busywait

11 years agoload tester got a "shutdown_when_complete" option, allows performance test using...
Martin Willi [Fri, 12 Dec 2008 09:14:37 +0000 (09:14 -0000)]
load tester got a "shutdown_when_complete" option, allows performance test using "time"

11 years agodaemon exports main_thread_id, sends SIGTERM to the main thread in daemon_kill
Martin Willi [Fri, 12 Dec 2008 09:13:06 +0000 (09:13 -0000)]
daemon exports main_thread_id, sends SIGTERM to the main thread in daemon_kill

11 years agoleak detective binds execution to a signle core, avoids corruption on SMP machines
Martin Willi [Fri, 12 Dec 2008 09:10:52 +0000 (09:10 -0000)]
leak detective binds execution to a signle core, avoids corruption on SMP machines

11 years agowait until all IKE_SAs are in-house before destroying them
Martin Willi [Fri, 12 Dec 2008 08:33:48 +0000 (08:33 -0000)]
wait until all IKE_SAs are in-house before destroying them

11 years agoaddress extensions refactored
Tobias Brunner [Thu, 11 Dec 2008 13:39:30 +0000 (13:39 -0000)]
address extensions refactored

11 years agofixed usage of "leases" command
Martin Willi [Thu, 11 Dec 2008 12:49:41 +0000 (12:49 -0000)]
fixed usage of "leases" command

11 years agonat_traversal in manpage corrected
Tobias Brunner [Wed, 10 Dec 2008 17:45:44 +0000 (17:45 -0000)]
nat_traversal in manpage corrected

11 years agofixing checkout of IKE SAs with only the initiator SPI
Tobias Brunner [Wed, 10 Dec 2008 15:58:39 +0000 (15:58 -0000)]
fixing checkout of IKE SAs with only the initiator SPI

11 years agoincreasing the performance of checkout_duplicate by using a hash table.
Tobias Brunner [Wed, 10 Dec 2008 13:51:21 +0000 (13:51 -0000)]
increasing the performance of checkout_duplicate by using a hash table.

11 years agoinitial size of 1 is nonsense
Tobias Brunner [Wed, 10 Dec 2008 13:45:05 +0000 (13:45 -0000)]
initial size of 1 is nonsense

11 years agoincremental version of chunk_hash
Tobias Brunner [Wed, 10 Dec 2008 13:43:51 +0000 (13:43 -0000)]
incremental version of chunk_hash

11 years agolist assigned leases using "ipsec leases"
Martin Willi [Wed, 10 Dec 2008 13:00:02 +0000 (13:00 -0000)]
list assigned leases using "ipsec leases"

11 years agoadded IKE_SA established timer to "ipsec statusall"
Martin Willi [Wed, 10 Dec 2008 09:59:35 +0000 (09:59 -0000)]
added IKE_SA established timer to "ipsec statusall"

11 years agousing rwlock to parallel build credentials
Martin Willi [Tue, 9 Dec 2008 15:57:51 +0000 (15:57 -0000)]
using rwlock to parallel build credentials

11 years agouse thread-safe variant of gmtime
Martin Willi [Tue, 9 Dec 2008 15:00:30 +0000 (15:00 -0000)]
use thread-safe variant of gmtime

11 years agofixed load-tester shared key lookup
Martin Willi [Tue, 9 Dec 2008 14:45:56 +0000 (14:45 -0000)]
fixed load-tester shared key lookup

11 years agopurge auth_info when IKE_SA is established, releases cert memory
Martin Willi [Tue, 9 Dec 2008 14:34:15 +0000 (14:34 -0000)]
purge auth_info when IKE_SA is established, releases cert memory

11 years agolimit number of ADDITIONAL_IPV*_ADDR notifies
Martin Willi [Tue, 9 Dec 2008 14:32:57 +0000 (14:32 -0000)]
limit number of ADDITIONAL_IPV*_ADDR notifies

11 years agolist pools and usage in ipsec statusall
Martin Willi [Tue, 9 Dec 2008 13:24:12 +0000 (13:24 -0000)]
list pools and usage in ipsec statusall

11 years agoextended stroke in-memory pool to use hash-tables
Martin Willi [Tue, 9 Dec 2008 13:23:42 +0000 (13:23 -0000)]
extended stroke in-memory pool to use hash-tables
supports online/offline leases
properly reassign addresses to identities

11 years agofixed hashtable->get_count() after doubling table size
Martin Willi [Tue, 9 Dec 2008 11:13:52 +0000 (11:13 -0000)]
fixed hashtable->get_count() after doubling table size

11 years agorequire explicit enabling of load-testing plugin
Martin Willi [Tue, 9 Dec 2008 09:11:37 +0000 (09:11 -0000)]
require explicit enabling of load-testing plugin

11 years agogenerating different initiator identities, configs and certificates on the fly
Martin Willi [Mon, 8 Dec 2008 19:18:28 +0000 (19:18 -0000)]
generating different initiator identities, configs and certificates on the fly

11 years agoremoved debugging leftovers
Martin Willi [Mon, 8 Dec 2008 19:15:38 +0000 (19:15 -0000)]
removed debugging leftovers

11 years agofixed out-of-tree build of scepclient
Martin Willi [Mon, 8 Dec 2008 16:00:33 +0000 (16:00 -0000)]
fixed out-of-tree build of scepclient

11 years agobasic x509 certificate generation
Martin Willi [Mon, 8 Dec 2008 15:29:36 +0000 (15:29 -0000)]
basic x509 certificate generation

11 years agowhitelisted another pthread_setspecific implementation
Martin Willi [Mon, 8 Dec 2008 15:27:24 +0000 (15:27 -0000)]
whitelisted another pthread_setspecific implementation

11 years agoaccept NULL values in hashtable enumerator
Martin Willi [Fri, 5 Dec 2008 12:34:17 +0000 (12:34 -0000)]
accept NULL values in hashtable enumerator

11 years agohashtable enumerator enumerates over both, key and values
Martin Willi [Fri, 5 Dec 2008 10:01:52 +0000 (10:01 -0000)]
hashtable enumerator enumerates over both, key and values

11 years agoadded actual ikev2bis draft
Martin Willi [Fri, 5 Dec 2008 09:41:20 +0000 (09:41 -0000)]
added actual ikev2bis draft

11 years agopass identity to release_address(), allows providers to do a lookup by id
Martin Willi [Fri, 5 Dec 2008 09:40:50 +0000 (09:40 -0000)]
pass identity to release_address(), allows providers to do a lookup by id

11 years agoextended changeset [4753]
Andreas Steffen [Thu, 4 Dec 2008 23:16:10 +0000 (23:16 -0000)]
extended changeset [4753]

11 years agoimplemented the policy cache in kernel_netlink_ipsec_t with a hash table instead...
Tobias Brunner [Thu, 4 Dec 2008 16:46:08 +0000 (16:46 -0000)]
implemented the policy cache in kernel_netlink_ipsec_t with a hash table instead of a linked list.

11 years agofixed off by one error
Tobias Brunner [Thu, 4 Dec 2008 16:33:39 +0000 (16:33 -0000)]
fixed off by one error

11 years agofixed copy-paste bug (double-free)
Martin Willi [Thu, 4 Dec 2008 10:10:37 +0000 (10:10 -0000)]
fixed copy-paste bug (double-free)

11 years agoreset pointer for a clean destruction
Martin Willi [Thu, 4 Dec 2008 10:09:21 +0000 (10:09 -0000)]
reset pointer for a clean destruction

11 years agohandling peer_match with higher priority tan ike_match to select correct config if...
Martin Willi [Thu, 4 Dec 2008 10:00:03 +0000 (10:00 -0000)]
handling peer_match with higher priority tan ike_match to select correct config if IPs are equal

11 years agoleak whitelisting of OPENSSL_config()
Martin Willi [Thu, 4 Dec 2008 09:23:53 +0000 (09:23 -0000)]
leak whitelisting of OPENSSL_config()

11 years agosuppress output from leak-detective in openac
Andreas Steffen [Thu, 4 Dec 2008 04:51:05 +0000 (04:51 -0000)]
suppress output from leak-detective in openac

11 years agoload openac plugins explicitly
Andreas Steffen [Thu, 4 Dec 2008 04:36:39 +0000 (04:36 -0000)]
load openac plugins explicitly

11 years agofixed refactoring error in openac
Andreas Steffen [Thu, 4 Dec 2008 04:34:49 +0000 (04:34 -0000)]
fixed refactoring error in openac

11 years agosuppress leak-detective stderr output in ipsec pool
Andreas Steffen [Thu, 4 Dec 2008 03:31:53 +0000 (03:31 -0000)]
suppress leak-detective stderr output in ipsec pool

11 years agofixed double free of host in sadb_address2ts
Andreas Steffen [Thu, 4 Dec 2008 01:08:19 +0000 (01:08 -0000)]
fixed double free of host in sadb_address2ts

11 years agoenable leak-detective and integrity-test in UML tests by default
Andreas Steffen [Thu, 4 Dec 2008 00:34:59 +0000 (00:34 -0000)]
enable leak-detective and integrity-test in UML tests by default

11 years agoadd support for smartcards in charon by using the ENGINE API provided by OpenSSL...
Tobias Brunner [Wed, 3 Dec 2008 10:12:20 +0000 (10:12 -0000)]
add support for smartcards in charon by using the ENGINE API provided by OpenSSL, based on patches by Michael Ro├čberg.

11 years agoenable quoted tokens in the token enumerator
Tobias Brunner [Wed, 3 Dec 2008 10:03:59 +0000 (10:03 -0000)]
enable quoted tokens in the token enumerator

11 years agofixed compiler warning
Tobias Brunner [Wed, 3 Dec 2008 10:03:02 +0000 (10:03 -0000)]
fixed compiler warning

11 years agoadded memstr and extract_token_str helper functions
Tobias Brunner [Wed, 3 Dec 2008 09:45:58 +0000 (09:45 -0000)]
added memstr and extract_token_str helper functions

11 years agoadding general purpose hash table
Tobias Brunner [Wed, 3 Dec 2008 09:32:16 +0000 (09:32 -0000)]
adding general purpose hash table

11 years agofixed double free of host in selector2ts
Martin Willi [Wed, 3 Dec 2008 09:15:29 +0000 (09:15 -0000)]
fixed double free of host in selector2ts

11 years agoref_get()/ref_put() use atomic gcc operations if supported, thanks to Thomas Jarosch...
Martin Willi [Tue, 2 Dec 2008 12:14:32 +0000 (12:14 -0000)]
ref_get()/ref_put() use atomic gcc operations if supported, thanks to Thomas Jarosch for the patch

11 years agoadded a --disable-threads ./configure option for pluto
Martin Willi [Tue, 2 Dec 2008 09:01:57 +0000 (09:01 -0000)]
added a --disable-threads ./configure option for pluto

11 years agouse DBG_ANY to set all loglevels
Martin Willi [Tue, 2 Dec 2008 08:52:46 +0000 (08:52 -0000)]
use DBG_ANY to set all loglevels

11 years agoadded time.h include for struct tm
Martin Willi [Tue, 2 Dec 2008 08:46:15 +0000 (08:46 -0000)]
added time.h include for struct tm

11 years agosome task queueing improvements:
Martin Willi [Mon, 1 Dec 2008 18:38:28 +0000 (18:38 -0000)]
some task queueing improvements:
- do not pass CHILD_SAs to task constructor, might not
  be valid anymore during execution (late lookup)
- use sub-tasks to delete CHILD/IKE_SA after rekeying,
  as we want to execute the delete before additional
  queued tasks

11 years agore-established lost default auth sys_logger
Andreas Steffen [Mon, 1 Dec 2008 01:24:55 +0000 (01:24 -0000)]
re-established lost default auth sys_logger

11 years agoschedule rekeying when activating passive IKE_SAs
Martin Willi [Fri, 28 Nov 2008 16:19:19 +0000 (16:19 -0000)]
schedule rekeying when activating passive IKE_SAs

11 years agodo not delete passive IKE_SAs
Martin Willi [Fri, 28 Nov 2008 15:44:25 +0000 (15:44 -0000)]
do not delete passive IKE_SAs

11 years agoadded a PASSIVE IKE_SA state to manage it externally
Martin Willi [Fri, 28 Nov 2008 10:49:14 +0000 (10:49 -0000)]
added a PASSIVE IKE_SA state to manage it externally

11 years agopass SKd to derive_ike_keys() to have a more interoperable API
Martin Willi [Fri, 28 Nov 2008 09:51:44 +0000 (09:51 -0000)]
pass SKd to derive_ike_keys() to have a more interoperable API

11 years agofixed a double-unlock bug, showed up when using rwlocks in backend manager
Martin Willi [Fri, 28 Nov 2008 08:22:55 +0000 (08:22 -0000)]
fixed a double-unlock bug, showed up when using rwlocks in backend manager

11 years agouse rwlocks in backend manager to allow simultaneous access
Martin Willi [Thu, 27 Nov 2008 15:34:17 +0000 (15:34 -0000)]
use rwlocks in backend manager to allow simultaneous access

11 years agouse a rwlock in attribute manager to allow simultaneous access
Martin Willi [Thu, 27 Nov 2008 15:22:41 +0000 (15:22 -0000)]
use a rwlock in attribute manager to allow simultaneous access

11 years agoremove attribute provider in SQL plugin destruction
Martin Willi [Thu, 27 Nov 2008 14:33:41 +0000 (14:33 -0000)]
remove attribute provider in SQL plugin destruction

11 years agoadded an include hack to build starter without gmp.h
Martin Willi [Thu, 27 Nov 2008 10:20:25 +0000 (10:20 -0000)]
added an include hack to build starter without gmp.h

11 years agofixed pluto out-of-tree builds
Martin Willi [Thu, 27 Nov 2008 10:18:38 +0000 (10:18 -0000)]
fixed pluto out-of-tree builds

11 years agotoken enumerator missed the last token if it contains only a single char
Martin Willi [Thu, 27 Nov 2008 09:21:52 +0000 (09:21 -0000)]
token enumerator missed the last token if it contains only a single char

11 years agocheckin of non-existing IKE_SAs
Martin Willi [Wed, 26 Nov 2008 14:32:55 +0000 (14:32 -0000)]
checkin of non-existing IKE_SAs
removed unneeded checkin() return values

11 years agoremoved private parser function pointers, allows compiler to inline
Martin Willi [Wed, 26 Nov 2008 10:54:08 +0000 (10:54 -0000)]
removed private parser function pointers, allows compiler to inline

11 years agoremoved private generator function pointers, allows compiler to inline
Martin Willi [Wed, 26 Nov 2008 10:42:54 +0000 (10:42 -0000)]
removed private generator function pointers, allows compiler to inline

11 years agoinlined some short chunk functions, showed up in the profiler
Martin Willi [Wed, 26 Nov 2008 10:08:36 +0000 (10:08 -0000)]
inlined some short chunk functions, showed up in the profiler

11 years agomemxor() tweaks, as it is heavily used in xcbc
Martin Willi [Wed, 26 Nov 2008 10:06:59 +0000 (10:06 -0000)]
memxor() tweaks, as it is heavily used in xcbc

11 years agoallow to globally disable DOS protection by setting charon.dos_protection to no.
Tobias Brunner [Wed, 26 Nov 2008 09:22:19 +0000 (09:22 -0000)]
allow to globally disable DOS protection by setting charon.dos_protection to no.

11 years agooptimized the scheduler for performance by replacing the linked list with a heap.
Tobias Brunner [Tue, 25 Nov 2008 19:56:05 +0000 (19:56 -0000)]
optimized the scheduler for performance by replacing the linked list with a heap.

11 years agoreplacing the pthread_mutex in scheduler_t with the wrapped implementation.
Tobias Brunner [Tue, 25 Nov 2008 19:30:02 +0000 (19:30 -0000)]
replacing the pthread_mutex in scheduler_t with the wrapped implementation.
added a method to condvar_t which allows to wait for an absolute timeout.

11 years agoperformance optimization for the DOS protection.
Tobias Brunner [Tue, 25 Nov 2008 13:16:05 +0000 (13:16 -0000)]
performance optimization for the DOS protection.
 * half-open SAs per peer are tracked in a hash table
 * charon.dos_protection setting replaced with charon.cookie_threshold and charon.block_threshold
 * chunk_hash function added