strongswan.git
13 years agoupdated NEWS and ChangeLog for 4.0.4 release
Martin Willi [Mon, 25 Sep 2006 07:26:16 +0000 (07:26 -0000)]
updated NEWS and ChangeLog for 4.0.4 release

13 years agofixed retransmission policy for responder
Martin Willi [Mon, 25 Sep 2006 07:24:08 +0000 (07:24 -0000)]
fixed retransmission policy for responder

13 years agofixed dpd for responder
Martin Willi [Mon, 25 Sep 2006 06:38:58 +0000 (06:38 -0000)]
fixed dpd for responder

13 years agoadded ID_ANY check to matches_binary()
Andreas Steffen [Mon, 25 Sep 2006 06:19:40 +0000 (06:19 -0000)]
added ID_ANY check to matches_binary()

13 years agoreplaced 'missing value' warning by zero length chunk_t value
Andreas Steffen [Mon, 25 Sep 2006 06:18:45 +0000 (06:18 -0000)]
replaced 'missing value' warning by zero length chunk_t value

13 years agodefined maximum hash size
Andreas Steffen [Mon, 25 Sep 2006 06:15:57 +0000 (06:15 -0000)]
defined maximum hash size

13 years agosupport of AES-192-CBC private key encryption
Andreas Steffen [Mon, 25 Sep 2006 06:13:21 +0000 (06:13 -0000)]
support of AES-192-CBC private key encryption

13 years agoadded hostaccess support
Andreas Steffen [Mon, 25 Sep 2006 06:12:22 +0000 (06:12 -0000)]
added hostaccess support

13 years agoadded hostaccess support
Andreas Steffen [Mon, 25 Sep 2006 06:11:36 +0000 (06:11 -0000)]
added hostaccess support

13 years agomoved auth_method to policy
Andreas Steffen [Mon, 25 Sep 2006 06:11:09 +0000 (06:11 -0000)]
moved auth_method to policy

13 years agoadded hostaccess support
Andreas Steffen [Mon, 25 Sep 2006 06:10:28 +0000 (06:10 -0000)]
added hostaccess support

13 years agoadded hostaccess support
Andreas Steffen [Mon, 25 Sep 2006 06:10:02 +0000 (06:10 -0000)]
added hostaccess support

13 years agomore consistent authentication logging
Andreas Steffen [Mon, 25 Sep 2006 05:59:38 +0000 (05:59 -0000)]
more consistent authentication logging

13 years agoadded hostaccess support
Andreas Steffen [Mon, 25 Sep 2006 05:58:45 +0000 (05:58 -0000)]
added hostaccess support

13 years agomoved auth_method to policy
Andreas Steffen [Mon, 25 Sep 2006 05:52:50 +0000 (05:52 -0000)]
moved auth_method to policy

13 years agomoved auth_method to policy
Andreas Steffen [Mon, 25 Sep 2006 05:52:13 +0000 (05:52 -0000)]
moved auth_method to policy

13 years agoadded hostaccess support; moved auth_method to policy
Andreas Steffen [Mon, 25 Sep 2006 05:51:16 +0000 (05:51 -0000)]
added hostaccess support; moved auth_method to policy

13 years agoadded hostaccess support
Andreas Steffen [Mon, 25 Sep 2006 05:49:36 +0000 (05:49 -0000)]
added hostaccess support

13 years agoadded hostaccess support
Andreas Steffen [Mon, 25 Sep 2006 05:46:56 +0000 (05:46 -0000)]
added hostaccess support

13 years agoadded new test scenarios
Andreas Steffen [Mon, 25 Sep 2006 05:42:13 +0000 (05:42 -0000)]
added new test scenarios

13 years agofixed some compiler warnings 4.0.4
Martin Willi [Thu, 21 Sep 2006 09:17:13 +0000 (09:17 -0000)]
fixed some compiler warnings

13 years agoextended statusall output
Martin Willi [Thu, 21 Sep 2006 07:03:21 +0000 (07:03 -0000)]
extended statusall output
  added job/event-queue statistics
  added allocation statistics when using LEAK_DETECTIVE

13 years agofixed include typo
Martin Willi [Thu, 21 Sep 2006 05:55:07 +0000 (05:55 -0000)]
fixed include typo

13 years agopublic declaration of all HASH_SIZEs in hasher.h
Martin Willi [Wed, 20 Sep 2006 06:45:19 +0000 (06:45 -0000)]
public declaration of all HASH_SIZEs in hasher.h

13 years agosupport of encrypted private key files
Andreas Steffen [Wed, 20 Sep 2006 05:48:54 +0000 (05:48 -0000)]
support of encrypted private key files

13 years agosupport of encrypted private key files
Andreas Steffen [Wed, 20 Sep 2006 05:48:27 +0000 (05:48 -0000)]
support of encrypted private key files

13 years agoadded copyright notice to sha2_hasher
Martin Willi [Tue, 19 Sep 2006 14:54:01 +0000 (14:54 -0000)]
added copyright notice to sha2_hasher
included SHA2 in build process

13 years agoimplemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512
Martin Willi [Tue, 19 Sep 2006 14:49:47 +0000 (14:49 -0000)]
implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512

13 years agoadded support for 3DES encryption algorithm in IKE
Martin Willi [Tue, 19 Sep 2006 11:18:35 +0000 (11:18 -0000)]
added support for 3DES encryption algorithm in IKE

13 years agofixed the ids parsing bug
Andreas Steffen [Tue, 19 Sep 2006 06:17:06 +0000 (06:17 -0000)]
fixed the ids parsing bug

13 years agofixed the ids parsing bug
Andreas Steffen [Tue, 19 Sep 2006 06:16:48 +0000 (06:16 -0000)]
fixed the ids parsing bug

13 years agoupdated TODOs
Martin Willi [Mon, 18 Sep 2006 11:41:04 +0000 (11:41 -0000)]
updated TODOs

13 years agofixed memleak
Martin Willi [Mon, 18 Sep 2006 11:39:53 +0000 (11:39 -0000)]
fixed memleak
fixed proper handling of id parsing errors
proper return value when no PSK found

13 years agoadded HOST_ACCESS for firewall script as default
Martin Willi [Mon, 18 Sep 2006 11:38:37 +0000 (11:38 -0000)]
added HOST_ACCESS for firewall script as default

13 years agomore debugging output for PSK authentication
Martin Willi [Mon, 18 Sep 2006 11:38:11 +0000 (11:38 -0000)]
more debugging output for PSK authentication

13 years agosome cleanups here and there
Martin Willi [Mon, 18 Sep 2006 11:37:40 +0000 (11:37 -0000)]
some cleanups here and there

13 years agoadded auth_method field
Andreas Steffen [Mon, 18 Sep 2006 07:46:16 +0000 (07:46 -0000)]
added auth_method field

13 years agoadded auth_method field
Andreas Steffen [Mon, 18 Sep 2006 07:45:16 +0000 (07:45 -0000)]
added auth_method field

13 years agocosmetics
Andreas Steffen [Mon, 18 Sep 2006 07:44:41 +0000 (07:44 -0000)]
cosmetics

13 years agoverify_emsa_pkcs1_signature returns status_t
Andreas Steffen [Mon, 18 Sep 2006 07:44:16 +0000 (07:44 -0000)]
verify_emsa_pkcs1_signature returns status_t

13 years agocosmetics
Andreas Steffen [Mon, 18 Sep 2006 07:43:44 +0000 (07:43 -0000)]
cosmetics

13 years agoadded PSK support
Andreas Steffen [Mon, 18 Sep 2006 07:42:57 +0000 (07:42 -0000)]
added PSK support

13 years agoenabled firewall support
Andreas Steffen [Mon, 18 Sep 2006 07:41:54 +0000 (07:41 -0000)]
enabled firewall support

13 years agoadded
Andreas Steffen [Mon, 18 Sep 2006 07:41:22 +0000 (07:41 -0000)]
added

13 years agoadded
Andreas Steffen [Mon, 18 Sep 2006 07:41:09 +0000 (07:41 -0000)]
added

13 years agoadded
Andreas Steffen [Mon, 18 Sep 2006 07:40:37 +0000 (07:40 -0000)]
added

13 years agoproper error handling for socket creation
Martin Willi [Mon, 18 Sep 2006 06:44:38 +0000 (06:44 -0000)]
proper error handling for socket creation

13 years agohandle certificate parsing error more generous
Martin Willi [Thu, 14 Sep 2006 13:14:58 +0000 (13:14 -0000)]
handle certificate parsing error more generous

13 years agofixed certificate verification bug!
Martin Willi [Thu, 14 Sep 2006 12:22:08 +0000 (12:22 -0000)]
fixed certificate verification bug!

13 years agofixed memleak when receiving invalid certificate
Martin Willi [Thu, 14 Sep 2006 12:15:41 +0000 (12:15 -0000)]
fixed memleak when receiving invalid certificate

13 years agoversion bump to 4.0.4
Andreas Steffen [Thu, 14 Sep 2006 06:47:21 +0000 (06:47 -0000)]
version bump to 4.0.4

13 years agoversion bump to 4.0.4
Andreas Steffen [Thu, 14 Sep 2006 06:45:16 +0000 (06:45 -0000)]
version bump to 4.0.4

13 years agotwo new test scenarios
Andreas Steffen [Thu, 14 Sep 2006 06:39:14 +0000 (06:39 -0000)]
two new test scenarios

13 years agofixed path to images directory
Andreas Steffen [Thu, 14 Sep 2006 06:38:50 +0000 (06:38 -0000)]
fixed path to images directory

13 years agoimplemented updown script to handle firewalling
Martin Willi [Tue, 12 Sep 2006 13:50:14 +0000 (13:50 -0000)]
implemented updown script to handle firewalling

13 years agoadd priority management for kernel policy
Martin Willi [Fri, 8 Sep 2006 13:10:52 +0000 (13:10 -0000)]
add priority management for kernel policy
let ROUTED policies installed, until manuall removed
introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
ike_sa_manager cleanups

13 years agoimplemented handling of dpdaction and dpddelay ipsec.conf parameters
Martin Willi [Fri, 8 Sep 2006 06:12:02 +0000 (06:12 -0000)]
implemented handling of dpdaction and dpddelay ipsec.conf parameters

13 years agoreuse reqid when a ROUTED child_sa gets INSTALLED
Martin Willi [Tue, 5 Sep 2006 14:07:25 +0000 (14:07 -0000)]
reuse reqid when a ROUTED child_sa gets INSTALLED
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes

13 years agofixed a at-least-one-year-old bug which caused crashed in the scheduler
Martin Willi [Thu, 31 Aug 2006 06:48:10 +0000 (06:48 -0000)]
fixed a at-least-one-year-old bug which caused crashed in the scheduler

13 years agoadded raw socket filter for IPv6
Martin Willi [Thu, 31 Aug 2006 06:18:15 +0000 (06:18 -0000)]
added raw socket filter for IPv6

13 years agoimplemented NAT detection for IPv6
Martin Willi [Thu, 31 Aug 2006 06:17:41 +0000 (06:17 -0000)]
implemented NAT detection for IPv6

13 years agoremoved unneeded constructor
Martin Willi [Thu, 31 Aug 2006 06:16:52 +0000 (06:16 -0000)]
removed unneeded constructor

13 years agoinitial support for IPv6 (more testing needed)
Martin Willi [Wed, 30 Aug 2006 17:12:56 +0000 (17:12 -0000)]
initial support for IPv6 (more testing needed)
  socket works (without v6 filter)
  traffic selector handle IPv4/v4 cleanly
    improvements in traffic selector code
  kernel interface accepts v6 traffic selectors and hosts
  host_t class has full IPv6 support

13 years agoadded stddef.h include for compilers which do not support the offsetof() directive
Martin Willi [Mon, 28 Aug 2006 09:02:51 +0000 (09:02 -0000)]
added stddef.h include for compilers which do not support the offsetof() directive

13 years agomoved interface enumeration code to socket, where it belongs
Martin Willi [Mon, 28 Aug 2006 08:45:22 +0000 (08:45 -0000)]
moved interface enumeration code to socket, where it belongs
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"

13 years agoversion bump of UML kernel to 2.6.17.11
Andreas Steffen [Fri, 25 Aug 2006 09:25:12 +0000 (09:25 -0000)]
version bump of UML kernel to 2.6.17.11

13 years agofixed crash bug when doing "ipsec down" with an unknown connection
Martin Willi [Fri, 25 Aug 2006 09:19:42 +0000 (09:19 -0000)]
fixed crash bug when doing "ipsec down" with an unknown connection

13 years agoadded name property in CHILD_SA, allows proper status output
Martin Willi [Fri, 25 Aug 2006 09:07:37 +0000 (09:07 -0000)]
added name property in CHILD_SA, allows proper status output

13 years ago(no commit message)
Martin Willi [Fri, 25 Aug 2006 07:42:48 +0000 (07:42 -0000)]

13 years agofixed bug which prevented port float when nat is detected
Martin Willi [Fri, 25 Aug 2006 07:37:22 +0000 (07:37 -0000)]
fixed bug which prevented port float when nat is detected

13 years agoversion bumps
Andreas Steffen [Fri, 25 Aug 2006 07:30:29 +0000 (07:30 -0000)]
version bumps

13 years ago'sha' and 'sha1' are now treated as synonyms
Andreas Steffen [Wed, 23 Aug 2006 12:07:15 +0000 (12:07 -0000)]
'sha' and 'sha1' are now treated as synonyms

13 years ago'sha' and 'sha1' are now treated as synonyms
Andreas Steffen [Wed, 23 Aug 2006 12:07:07 +0000 (12:07 -0000)]
'sha' and 'sha1' are now treated as synonyms

13 years agoupdated Changelog and other docs
Martin Willi [Wed, 23 Aug 2006 11:48:33 +0000 (11:48 -0000)]
updated Changelog and other docs

13 years agofixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD) 4.0.3
Martin Willi [Wed, 23 Aug 2006 09:25:41 +0000 (09:25 -0000)]
fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD)

13 years agoimplement proper handling of most simultaneous IKE_SA rekeying cases
Martin Willi [Wed, 23 Aug 2006 07:30:43 +0000 (07:30 -0000)]
implement proper handling of most simultaneous IKE_SA rekeying cases

13 years agoversion bump to 4.0.3
Andreas Steffen [Wed, 2 Aug 2006 12:33:26 +0000 (12:33 -0000)]
version bump to 4.0.3

13 years agoimplemented proper refcounting using atomic operations
Martin Willi [Fri, 28 Jul 2006 09:45:18 +0000 (09:45 -0000)]
implemented proper refcounting using atomic operations

13 years agoimplemented IKE_SA rekeying
Martin Willi [Thu, 27 Jul 2006 12:18:40 +0000 (12:18 -0000)]
implemented IKE_SA rekeying
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!

13 years agoadded possibility to route CHILD_SAs, without to set them up
Martin Willi [Fri, 21 Jul 2006 13:31:53 +0000 (13:31 -0000)]
added possibility to route CHILD_SAs, without to set them up
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires

13 years agoreuse an existing IKE_SA to set up additional CHILD_SAs
Martin Willi [Thu, 20 Jul 2006 14:57:49 +0000 (14:57 -0000)]
reuse an existing IKE_SA to set up additional CHILD_SAs

13 years agointroduced refcounting on policy and connections
Martin Willi [Thu, 20 Jul 2006 10:09:32 +0000 (10:09 -0000)]
introduced refcounting on policy and connections
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors

13 years agocleanups in kernel interface code
Martin Willi [Tue, 18 Jul 2006 12:53:54 +0000 (12:53 -0000)]
cleanups in kernel interface code
added proper traffic selector to string conversion
some cleanups here & there

13 years agoX.509 certificate trust path verification 4.0.2
Andreas Steffen [Fri, 14 Jul 2006 13:21:19 +0000 (13:21 -0000)]
X.509 certificate trust path verification

13 years agoadded
Andreas Steffen [Fri, 14 Jul 2006 12:58:47 +0000 (12:58 -0000)]
added

13 years agofixed UDP decapsulation by adding inbound bypass policy for send socket
Martin Willi [Fri, 14 Jul 2006 12:53:06 +0000 (12:53 -0000)]
fixed UDP decapsulation by adding inbound bypass policy for send socket

13 years agoupdated mixed tests to new charon output
Martin Willi [Fri, 14 Jul 2006 12:29:26 +0000 (12:29 -0000)]
updated mixed tests to new charon output

13 years agocorrected DPD entry
Andreas Steffen [Fri, 14 Jul 2006 11:51:45 +0000 (11:51 -0000)]
corrected DPD entry

13 years agoreenabled module tests for charon
Martin Willi [Fri, 14 Jul 2006 11:16:49 +0000 (11:16 -0000)]
reenabled module tests for charon

13 years agofixed bug which erroneously detected KE payload when rekeying
Martin Willi [Fri, 14 Jul 2006 08:18:48 +0000 (08:18 -0000)]
fixed bug which erroneously detected KE payload when rekeying

13 years agoadded IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2ho...
Martin Willi [Fri, 14 Jul 2006 08:08:55 +0000 (08:08 -0000)]
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT

13 years agoimproved logging on verify errors for some payloads
Martin Willi [Thu, 13 Jul 2006 12:49:35 +0000 (12:49 -0000)]
improved logging on verify errors for some payloads
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload

13 years agoadded test cases from NAT team
Martin Willi [Thu, 13 Jul 2006 12:45:18 +0000 (12:45 -0000)]
added test cases from NAT team
updated all IKEv2 tests to work with new status output

13 years agoadded tcpdumpcount function from NATT guys
Martin Willi [Thu, 13 Jul 2006 12:43:52 +0000 (12:43 -0000)]
added tcpdumpcount function from NATT guys
added possibility to mount the strongswan tree into all UMLs
added script for installing from shared tree in all UMLs
added script to shut down all UMLs properly

13 years agoremoved in favour of tests from NAT team
Martin Willi [Thu, 13 Jul 2006 12:00:36 +0000 (12:00 -0000)]
removed in favour of tests from NAT team

13 years agofixed CREATE_CHILD_SA transaction dispatching
Martin Willi [Thu, 13 Jul 2006 08:51:24 +0000 (08:51 -0000)]
fixed CREATE_CHILD_SA transaction dispatching

13 years agoadded CHILD_SA states, which allows us to detect further simultaneous transactions
Martin Willi [Thu, 13 Jul 2006 08:26:54 +0000 (08:26 -0000)]
added CHILD_SA states, which allows us to detect further simultaneous transactions
reimplemented the buggy message id handling

13 years agoupdated some inline docs
Martin Willi [Wed, 12 Jul 2006 14:08:52 +0000 (14:08 -0000)]
updated some inline docs

13 years agofixed crypter/signer in/out to conform with standard
Martin Willi [Wed, 12 Jul 2006 14:08:13 +0000 (14:08 -0000)]
fixed crypter/signer in/out to conform with standard

13 years agofixed payload order
Martin Willi [Wed, 12 Jul 2006 14:07:30 +0000 (14:07 -0000)]
fixed payload order