strongswan.git
4 years agolibtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()
Tobias Brunner [Fri, 25 Sep 2015 10:00:58 +0000 (12:00 +0200)]
libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()

4 years agoplugin-loader: Optionally use RTLD_NOW with dlopen()
Tobias Brunner [Fri, 25 Sep 2015 09:05:24 +0000 (11:05 +0200)]
plugin-loader: Optionally use RTLD_NOW with dlopen()

This can be useful when writing custom plugins as typos or missing
linker flags that result in unresolved symbols in the shared object
could otherwise cause late crashes.  In particular, if such a symbol
is used in a code path that is rarely executed.  During development
and testing using RTLD_NOW instead of RTLD_LAZY will prevent the
plugin from getting loaded and makes the error visible immediately.

4 years agowindows: Define RTLD_NOW, even if it is not used
Tobias Brunner [Fri, 25 Sep 2015 15:41:31 +0000 (17:41 +0200)]
windows: Define RTLD_NOW, even if it is not used

4 years agokernel-pfkey: Enable ENCR_AES_CTR when it's available
Renato Botelho [Fri, 6 Nov 2015 19:07:38 +0000 (17:07 -0200)]
kernel-pfkey: Enable ENCR_AES_CTR when it's available

Obtained-from: pfSense
Sponsored-by: Rubicon Communications (Netgate)
Closes strongswan/strongswan#17.

4 years agovici: Add NAT information when listing IKE_SAs
Tobias Brunner [Mon, 9 Nov 2015 10:39:54 +0000 (11:39 +0100)]
vici: Add NAT information when listing IKE_SAs

The `nat-local` and `nat-remote` keys contain information on the NAT
status of the local and remote IKE endpoints, respectively.  If a
responder did not detect a NAT but is configured to fake a NAT situation
this is indicated by `nat-fake` (if an initiator fakes a NAT situation
`nat-local` is set).  If any NAT is detected or faked `nat-any` is set.

Closes strongswan/strongswan#16.

4 years agoMerge branch 'iv-gen-null-encr'
Tobias Brunner [Mon, 9 Nov 2015 10:16:12 +0000 (11:16 +0100)]
Merge branch 'iv-gen-null-encr'

Fixes NULL encryption in libipsec.

Fixes #1174.

4 years agotesting: Add libipsec/net2net-null scenario
Tobias Brunner [Fri, 23 Oct 2015 12:47:54 +0000 (14:47 +0200)]
testing: Add libipsec/net2net-null scenario

4 years agoiv-gen: Use NULL IV generator for NULL encryption
Tobias Brunner [Fri, 23 Oct 2015 12:34:54 +0000 (14:34 +0200)]
iv-gen: Use NULL IV generator for NULL encryption

We don't need an IV for NULL encryption, so we wouldn't technically need
an IV generator.  But some of the code currently relies on an IV
generator to be present.  So we don't have to change that code and
handle IV size == 0 specially we use the new NULL IV generator, which
handles this transparently to the existing code.

Before 3c81cb6fc322 ("aead: Create AEAD using traditional transforms
with an explicit IV generator") iv_gen_rand_t was used for NULL
encryption, which would work too but this way it's clearer.

4 years agocrypto: Add NULL IV generator
Tobias Brunner [Fri, 23 Oct 2015 12:16:57 +0000 (14:16 +0200)]
crypto: Add NULL IV generator

This does not actually allocate an IV and only accepts requests
for size == 0.

4 years agoconfigure: Load sha1 and random plugins in manager by default
Tobias Brunner [Thu, 22 Oct 2015 09:05:31 +0000 (11:05 +0200)]
configure: Load sha1 and random plugins in manager by default

If the openssl plugin is not enabled we need these to generate session
IDs and to authenticate the users.

The md4 plugin is not needed in the manager.

Fixes #1168.

4 years agostroke: Make down-nb actually non-blocking
Tobias Brunner [Wed, 4 Nov 2015 15:44:17 +0000 (16:44 +0100)]
stroke: Make down-nb actually non-blocking

Fixes #1191.

4 years agoVersion bump to 5.3.4dr2
Andreas Steffen [Fri, 6 Nov 2015 15:07:04 +0000 (16:07 +0100)]
Version bump to 5.3.4dr2

4 years agotesting: Updated hasher tests
Andreas Steffen [Fri, 6 Nov 2015 15:05:44 +0000 (16:05 +0100)]
testing: Updated hasher tests

4 years agoExplicitly mention SHA2 algorithm in BLISS OIDs and signature schemes
Andreas Steffen [Fri, 6 Nov 2015 13:55:10 +0000 (14:55 +0100)]
Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes

4 years agoVersion bump to 5.3.4dr1 5.3.4dr1
Andreas Steffen [Wed, 4 Nov 2015 18:42:17 +0000 (19:42 +0100)]
Version bump to 5.3.4dr1

4 years agoUse word-aligned XOR in sha3_absorb()
Andreas Steffen [Tue, 3 Nov 2015 18:06:45 +0000 (19:06 +0100)]
Use word-aligned XOR in sha3_absorb()

4 years agotesting: BLISS CA uses SHA-3 in its CRL
Andreas Steffen [Fri, 30 Oct 2015 06:06:57 +0000 (07:06 +0100)]
testing: BLISS CA uses SHA-3 in its CRL

4 years agoSupport BLISS signatures with SHA-3 hash
Andreas Steffen [Wed, 28 Oct 2015 20:00:31 +0000 (21:00 +0100)]
Support BLISS signatures with SHA-3 hash

4 years agoImplemented SHA-3 hash algorithm including test vectors
Andreas Steffen [Wed, 28 Oct 2015 18:57:14 +0000 (19:57 +0100)]
Implemented SHA-3 hash algorithm including test vectors

4 years agoDefined SHA-3 hashers
Andreas Steffen [Thu, 15 Oct 2015 14:39:50 +0000 (16:39 +0200)]
Defined SHA-3 hashers

4 years agotesting: Update tkm to version 0.1.3
Tobias Brunner [Fri, 30 Oct 2015 10:19:44 +0000 (11:19 +0100)]
testing: Update tkm to version 0.1.3

Adds XFRM state/policy flush when terminating which caused tests to fail
due to the check added with 9086f060d35a ("testing: Let test scenarios
fail if IPsec SAs or policies are not removed").

4 years agolibipsec: Properly support CAMELLIA in CTR mode
Tobias Brunner [Mon, 21 Sep 2015 09:12:14 +0000 (11:12 +0200)]
libipsec: Properly support CAMELLIA in CTR mode

4 years agoikev2: Fix size of key material for CAMELLIA-CTR
Tobias Brunner [Mon, 21 Sep 2015 09:11:33 +0000 (11:11 +0200)]
ikev2: Fix size of key material for CAMELLIA-CTR

Like AES in CTR mode it includes a 4 byte nonce.

4 years agolibipsec: Fix crypter lookup for AES-CTR
Tobias Brunner [Mon, 21 Sep 2015 09:02:45 +0000 (11:02 +0200)]
libipsec: Fix crypter lookup for AES-CTR

Due to the nonce, the ESP key material is four bytes longer than needed for
the actual AES key.  The crypto plugins, however, register their AES-CTR
implementations with the AES key length, so the lookup here failed.

For IKEv2 the key material is allocated after creating a crypter instance
with the negotiated AES key size.  The length of the actual key material is
retrieved via get_key_size(), which adds the four bytes to the AES key length.

Fixes #1124.

4 years agoike-mobike: Send retransmits to the current local and remote addresses
Tobias Brunner [Wed, 23 Sep 2015 08:53:20 +0000 (10:53 +0200)]
ike-mobike: Send retransmits to the current local and remote addresses

These might have changed by a peer-initiated MOBIKE address update.

Fixes #1125.

4 years agoMerge branch 'ikev1-cache-informational'
Tobias Brunner [Fri, 30 Oct 2015 09:33:51 +0000 (10:33 +0100)]
Merge branch 'ikev1-cache-informational'

With these changes an INFORMATIONAL message (e.g. with an INITIAL_CONTACT
notify) that arrives while a responder is waiting for the last Aggressive
Mode request gets queued and delivered later.  Previously such messages
caused the IKE_SA to fail as some tasks waiting for the last AM message
fail when trying to handle the INFORMATIONAL message.  Therefore, all
other messages, such as TRANSACTION and QUICK_MODE requests, are now
dropped until AM is complete.  These don't have to be cached as they get
retransmitted by the other peer.

Fixes #1130.

4 years agoikev1: Handle queued INFORMATIONAL message after receiving the last AM request
Tobias Brunner [Mon, 28 Sep 2015 15:39:54 +0000 (17:39 +0200)]
ikev1: Handle queued INFORMATIONAL message after receiving the last AM request

4 years agoikev1: Queue INFORMATIONAL request if AM is not complete yet
Tobias Brunner [Mon, 28 Sep 2015 15:37:42 +0000 (17:37 +0200)]
ikev1: Queue INFORMATIONAL request if AM is not complete yet

4 years agoikev1: Handle queued TRANSACTION messages only after processing replies
Tobias Brunner [Mon, 28 Sep 2015 15:35:30 +0000 (17:35 +0200)]
ikev1: Handle queued TRANSACTION messages only after processing replies

4 years agoikev1: Extract queueing of TRANSACTIONAL requests when MM is not complete yet
Tobias Brunner [Mon, 28 Sep 2015 15:33:46 +0000 (17:33 +0200)]
ikev1: Extract queueing of TRANSACTIONAL requests when MM is not complete yet

4 years agoikev1: Drop TRANSACTION/QUICK_MODE requests until we received the last AM message
Tobias Brunner [Mon, 28 Sep 2015 15:30:36 +0000 (17:30 +0200)]
ikev1: Drop TRANSACTION/QUICK_MODE requests until we received the last AM message

4 years agoikev1: Make maximum number of IKEv1 phase 2 exchanges we keep state about configurable
Tobias Brunner [Tue, 22 Sep 2015 09:56:44 +0000 (11:56 +0200)]
ikev1: Make maximum number of IKEv1 phase 2 exchanges we keep state about configurable

Fixes #1128.

4 years agoFix typo in error handling for sigwaitinfo() in charon-systemd and charon-tkm
Tobias Brunner [Thu, 29 Oct 2015 16:37:06 +0000 (17:37 +0100)]
Fix typo in error handling for sigwaitinfo() in charon-systemd and charon-tkm

Fixes 858148092d1e ("Replace usages of sigwait(3) with sigwaitinfo(2)")

4 years agorandom: Properly handle errors when reading from /dev/[u]random
Tobias Brunner [Mon, 12 Oct 2015 09:04:55 +0000 (11:04 +0200)]
random: Properly handle errors when reading from /dev/[u]random

If -1 was returned on the first call to read() `done` got SIZE_MAX
and the function returned TRUE even though no actual random data had
been allocated.

Fixes #1156.

4 years agoikev1: Avoid fourth QM message if third QM messages of multiple exchanges are handled...
Tobias Brunner [Wed, 7 Oct 2015 14:08:22 +0000 (16:08 +0200)]
ikev1: Avoid fourth QM message if third QM messages of multiple exchanges are handled delayed

If we haven't received the third QM message for multiple exchanges the
return value of NEED_MORE for passive tasks that are not responsible for
a specific exchange would trigger a fourth empty QM message.

Fixes: 4de361d92c54 ("ikev1: Fix handling of overlapping Quick Mode exchanges")

References #1076.

4 years agoikev1: Prevent deadlock when checking for duplicate IKEv1 SAs
Tobias Brunner [Wed, 2 Sep 2015 10:14:35 +0000 (12:14 +0200)]
ikev1: Prevent deadlock when checking for duplicate IKEv1 SAs

Previously, the current segment was held while checking for duplicate
SAs, which requires acquiring all segments.  If multiple threads did this
concurrently this resulted in a deadlock as they couldn't acquire the
segments held by the other threads attempting to do the same.  With the
default configuration only one segment is used, which prevents the problem
as only one thread can check in an IKE SA concurrently.

Fixes: a064eaa8a63a ("Handling of initial contact")

4 years agoReplace usages of sigwait(3) with sigwaitinfo(2)
Tobias Brunner [Thu, 17 Sep 2015 15:52:14 +0000 (17:52 +0200)]
Replace usages of sigwait(3) with sigwaitinfo(2)

This is basically the same call, but it has the advantage of being
supported by FreeBSD's valgrind, which sigwait() is not.

References #1106.

4 years agotesting: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 scenario
Tobias Brunner [Mon, 21 Sep 2015 08:12:24 +0000 (10:12 +0200)]
testing: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 scenario

The default of 56 bytes already exceeds the threshold of 90 bytes (8 bytes
ICMP + 40 bytes IPv6 = 104 bytes).  By reducing the size we make sure the
packet is not compressed (40 + 8 + 40 = 88).

This also fixes a strange failure of this scenario due to the recently
added post-test `ip xfrm state` check.  The kernel stores a reference to
the used SAs on the inbound skbuffs and since these are garbage collected
it could take a while until all references to an SA disappear and the SA
is finally destroyed.  But while SAs might not get destroyed immediately
when we delete them, they are actually marked as dead and therefore won't
show up in `ip xfrm state`.  However, that's not the case for the tunnel
SAs the kernel attaches to IPComp SAs, which we don't explicitly delete,
and which aren't modified by the kernel until the IPComp SA is destroyed.
So what happened when the last ping unintentionally got compressed is that
the skbuff had a reference to the IPComp SA and therefore the tunnel SA.
This skbuff often was destroyed after the `ip xfrm state` check ran and
because the tunnel SA would still get reported the test case failed.

4 years agoupdown: Add rules to allow IP6IP6 traffic used for uncompressed small packets
Tobias Brunner [Mon, 21 Sep 2015 08:12:17 +0000 (10:12 +0200)]
updown: Add rules to allow IP6IP6 traffic used for uncompressed small packets

4 years agoshunt-manager: Resolve %dynamic to %any4/6 before installing policies
Tobias Brunner [Wed, 26 Aug 2015 16:08:14 +0000 (18:08 +0200)]
shunt-manager: Resolve %dynamic to %any4/6 before installing policies

left|rightsubnet default to %dynamic, which is basically 0.0.0.0/0 until an
address is assigned to it.  So if only one side was undefined and the other
traffic selector was IPv6 an address family mismatch would occur.

References #595.

4 years agoshunt-manager: Don't install policies in case of an address family or IP protocol...
Tobias Brunner [Wed, 26 Aug 2015 16:07:06 +0000 (18:07 +0200)]
shunt-manager: Don't install policies in case of an address family or IP protocol mismatch

References #595.

4 years agoopenssl: Explicitly include openssl/bn.h
Tobias Brunner [Wed, 16 Sep 2015 09:16:59 +0000 (11:16 +0200)]
openssl: Explicitly include openssl/bn.h

If OpenSSL is compiled with OPENSSL_NO_DEPRECATED some of the headers
we include don't include openssl/bn.h anymore.  Therefore, we have to
explicitly include it ourselves where we use BN_* functions.

Fixes #1113.

4 years agounit-tests: Add a test to verify that there is no partial matching of RDNs
Tobias Brunner [Wed, 9 Sep 2015 12:39:26 +0000 (14:39 +0200)]
unit-tests: Add a test to verify that there is no partial matching of RDNs

4 years agoscepclient: Remove copyright and license from man page
Tobias Brunner [Wed, 9 Sep 2015 09:45:17 +0000 (11:45 +0200)]
scepclient: Remove copyright and license from man page

4 years agoinclude: Add linux/socket.h
Tobias Brunner [Mon, 7 Sep 2015 10:04:55 +0000 (12:04 +0200)]
include: Add linux/socket.h

__kernel_sa_family_t is defined and used since Linux 3.1, so on systems
with older kernels (like CentOS 6.7, which still ships a 2.6.32 kernel) the
build with the current UAPI headers fails.  And using the native headers on
such system does not really work either because we use structs, defines, and
enum values from the newer headers in the kernel-netlink plugin.

__kernel_sa_family_t is defined in linux/socket.h so we ship that too (in
particular the simplified UAPI version from Linux 3.7+).

Fixes #1099.

4 years agoVersion bump to 5.3.3 5.3.3
Andreas Steffen [Sun, 6 Sep 2015 13:05:36 +0000 (15:05 +0200)]
Version bump to 5.3.3

4 years agotesting: added ikev2/alg-chacha20poly1305 scenario
Andreas Steffen [Tue, 1 Sep 2015 15:30:15 +0000 (17:30 +0200)]
testing: added ikev2/alg-chacha20poly1305 scenario

4 years agotesting: update to Linux 4.2 kernel
Andreas Steffen [Tue, 1 Sep 2015 15:29:30 +0000 (17:29 +0200)]
testing: update to Linux 4.2 kernel

4 years agoVersion bump to 5.3.3rc2 5.3.3rc2
Andreas Steffen [Tue, 1 Sep 2015 11:16:43 +0000 (13:16 +0200)]
Version bump to 5.3.3rc2

4 years agoimv-os: Add some useful usage output to the pacman utility
Tobias Brunner [Mon, 31 Aug 2015 14:02:11 +0000 (16:02 +0200)]
imv-os: Add some useful usage output to the pacman utility

Fixes #487.

4 years agokernel-netlink: Properly set port mask for ICMP type/code if only set on one side
Tobias Brunner [Wed, 26 Aug 2015 15:46:10 +0000 (17:46 +0200)]
kernel-netlink: Properly set port mask for ICMP type/code if only set on one side

If only one traffic selector had a port (type/code) the other side had
the port mask set to 0, which canceled out the applied type/code.

It also fixes the installation of ICMP type/code on big-endian hosts.

Fixes #1091.
References #595.

4 years agokernel-pfkey: Properly encode ICMP type/code if only set on one side
Tobias Brunner [Wed, 26 Aug 2015 14:16:30 +0000 (16:16 +0200)]
kernel-pfkey: Properly encode ICMP type/code if only set on one side

References #595.

4 years agotesting: Updated environment variable documentation in updown scripts
Tobias Brunner [Mon, 31 Aug 2015 08:59:10 +0000 (10:59 +0200)]
testing: Updated environment variable documentation in updown scripts

4 years agolibimcv: Updated Android.mk file
Tobias Brunner [Mon, 31 Aug 2015 08:53:22 +0000 (10:53 +0200)]
libimcv: Updated Android.mk file

4 years agoNEWS: Added additional news
Tobias Brunner [Fri, 28 Aug 2015 16:10:37 +0000 (18:10 +0200)]
NEWS: Added additional news

4 years agoeap-radius: Fix creation of host_t objects based on Framed-IPv6-Address attributes
Tobias Brunner [Fri, 28 Aug 2015 14:51:05 +0000 (16:51 +0200)]
eap-radius: Fix creation of host_t objects based on Framed-IPv6-Address attributes

Fixes ec490e68ae37 ("eap-radius: Add support for some basic IPv6-specific RADIUS attributes").
References #1001.

4 years agoconf: Add documentation for new osx-attr option
Tobias Brunner [Fri, 28 Aug 2015 13:49:58 +0000 (15:49 +0200)]
conf: Add documentation for new osx-attr option

4 years agopki: Add new type options to --issue command usage output
Tobias Brunner [Thu, 27 Aug 2015 15:53:43 +0000 (17:53 +0200)]
pki: Add new type options to --issue command usage output

4 years agoconf: Fix declaration of default values for imc-hcd options
Tobias Brunner [Thu, 27 Aug 2015 14:59:12 +0000 (16:59 +0200)]
conf: Fix declaration of default values for imc-hcd options

4 years agostarter: Remove documentation for starter.load option
Tobias Brunner [Thu, 27 Aug 2015 14:42:09 +0000 (16:42 +0200)]
starter: Remove documentation for starter.load option

4 years agoeap-ttls: Limit maximum length of tunneled EAP packet to EAP-TTLS packet
Tobias Brunner [Thu, 27 Aug 2015 13:15:04 +0000 (15:15 +0200)]
eap-ttls: Limit maximum length of tunneled EAP packet to EAP-TTLS packet

4 years agotrap-manager: Cleanup local address in error cases
Tobias Brunner [Thu, 27 Aug 2015 12:45:11 +0000 (14:45 +0200)]
trap-manager: Cleanup local address in error cases

4 years agoimv-os: Properly free strings for invalid input in pacman
Tobias Brunner [Thu, 27 Aug 2015 12:41:13 +0000 (14:41 +0200)]
imv-os: Properly free strings for invalid input in pacman

4 years agoha: Close control FIFO if it is not valid
Tobias Brunner [Thu, 27 Aug 2015 12:31:42 +0000 (14:31 +0200)]
ha: Close control FIFO if it is not valid

4 years agoswanctl: Correctly build man page in out-of-tree builds from the repository
Tobias Brunner [Thu, 27 Aug 2015 10:42:21 +0000 (12:42 +0200)]
swanctl: Correctly build man page in out-of-tree builds from the repository

4 years agoFixed some typos, courtesy of codespell
Tobias Brunner [Thu, 27 Aug 2015 10:06:31 +0000 (12:06 +0200)]
Fixed some typos, courtesy of codespell

4 years agoFix some Doxygen issues
Tobias Brunner [Thu, 27 Aug 2015 10:03:11 +0000 (12:03 +0200)]
Fix some Doxygen issues

4 years agounit-tests: Additional test cases to increase coverage
Tobias Brunner [Tue, 25 Aug 2015 09:29:42 +0000 (11:29 +0200)]
unit-tests: Additional test cases to increase coverage

4 years agotraffic-selector: Use calc_netbits() in RFC 3779 constructor
Tobias Brunner [Tue, 25 Aug 2015 17:13:59 +0000 (19:13 +0200)]
traffic-selector: Use calc_netbits() in RFC 3779 constructor

This properly detects prefixes encoded as ranges.

4 years agoike: Fix half-open count for initiating SAs when initially checked in
Tobias Brunner [Mon, 24 Aug 2015 10:27:34 +0000 (12:27 +0200)]
ike: Fix half-open count for initiating SAs when initially checked in

4 years agoike: Only consider number of half-open SAs as responder when deciding whether COOKIEs...
Tobias Brunner [Mon, 24 Aug 2015 10:18:16 +0000 (12:18 +0200)]
ike: Only consider number of half-open SAs as responder when deciding whether COOKIEs are sent

4 years agoVersion bump to 5.3.3rc1
Andreas Steffen [Tue, 25 Aug 2015 13:09:19 +0000 (15:09 +0200)]
Version bump to 5.3.3rc1

4 years agoAdded some spaces in swanctl.conf
Andreas Steffen [Tue, 25 Aug 2015 13:08:52 +0000 (15:08 +0200)]
Added some spaces in swanctl.conf

4 years agovici: Handle closed sockets in the Ruby gem
Evan Broder [Sat, 22 Aug 2015 23:20:40 +0000 (19:20 -0400)]
vici: Handle closed sockets in the Ruby gem

From recvfrom(2) (which UDPSocket#recv backs into):

  The return value will be 0 when the peer has performed an orderly
  shutdown.

(i.e. it will return an empty string)

Previously in this scenario, Vici::Transport#recv_all would spin
forever trying to pull more data off the socket. I'm not entirely
clear what happened that caused strongSwan to shutdown the socket, but
it probably should not cause vici Ruby apps to spin.

Closes strongswan/strongswan#13.

4 years agoMerge branch 'starter-kernel-flush'
Tobias Brunner [Fri, 21 Aug 2015 16:27:12 +0000 (18:27 +0200)]
Merge branch 'starter-kernel-flush'

Removes flushing of the IPsec state in the kernel when starter
terminates.  We can't easily flush only the policies created for
IPsec SAs (and if installpolicies=no is used we don't want to flush
policies anyway).  Also, since existing policies don't cause errors
anymore these aren't really an issue anymore (I think this was one of
the main reasons to flush the state).  This behavior is also specific to
starter, so nothing is flushed when charon is used via systemd/swanctl.
This will also allow us to merge libhydra with libcharon in a future
release.

If the previous behavior is needed it can easily be replicated with some
external tools (we could also write a simple utility that does this).

Additional checks in the test environment make sure that the daemon
cleans up the state properly.

4 years agotesting: Let test scenarios fail if IPsec SAs or policies are not removed
Tobias Brunner [Fri, 21 Aug 2015 12:33:26 +0000 (14:33 +0200)]
testing: Let test scenarios fail if IPsec SAs or policies are not removed

The IKE daemon should delete all installed SAs and policies when
everything works properly, so we fail the test if that's not the case.

4 years agotesting: Flush state and policies before every scenario
Tobias Brunner [Fri, 21 Aug 2015 12:32:29 +0000 (14:32 +0200)]
testing: Flush state and policies before every scenario

Similar to conntrack we make sure we are working on a clean slate.

4 years agostarter: Don't flush SAs in the kernel
Tobias Brunner [Fri, 21 Aug 2015 11:57:00 +0000 (13:57 +0200)]
starter: Don't flush SAs in the kernel

If starter is not used we don't do that either. And this allows us to
move the stuff in libhydra back to libcharon.

4 years agostarter: Don't flush policies in the kernel
Tobias Brunner [Thu, 13 Aug 2015 09:08:41 +0000 (11:08 +0200)]
starter: Don't flush policies in the kernel

We can't control which policies we flush, so if policies are installed
and used outside of strongSwan for other protocols we'd flush them too.
And if installpolicies=no is used we probably shouldn't flush policies
either.  Luckily already existing policies are not treated as fatal
errors anymore, so not flushing policies should not be that much of an
issue (in case of a crash in dynamic setups, e.g. with virtual IPs,
policies could be left behind even after restarting the connections and
properly terminating the daemon).

4 years agokernel-pfkey: Only flush SAs of types we actually manage
Tobias Brunner [Thu, 13 Aug 2015 09:01:50 +0000 (11:01 +0200)]
kernel-pfkey: Only flush SAs of types we actually manage

4 years agokernel-netlink: Only flush SAs of types we actually manage
Tobias Brunner [Thu, 13 Aug 2015 08:34:47 +0000 (10:34 +0200)]
kernel-netlink: Only flush SAs of types we actually manage

4 years agoMerge branch 'init-limits'
Tobias Brunner [Fri, 21 Aug 2015 16:21:24 +0000 (18:21 +0200)]
Merge branch 'init-limits'

IKE_SAs that are initiated are now counted towards the half-open IKE_SAs
limit.  Optionally it is possible to enforce limits towards the number of
half-open IKE_SAs and the job load also when initiating SAs.  This is
currently only possible via VICI.

4 years agovici: Optionally check limits when initiating connections
Tobias Brunner [Thu, 16 Jul 2015 15:56:16 +0000 (17:56 +0200)]
vici: Optionally check limits when initiating connections

If the init-limits parameter is set (disabled by default) init limits
will be checked and might prevent new SAs from getting initiated.

4 years agovici: Add get_bool() convenience getter for VICI messages
Tobias Brunner [Thu, 16 Jul 2015 15:51:40 +0000 (17:51 +0200)]
vici: Add get_bool() convenience getter for VICI messages

4 years agocontroller: Optionally adhere to init limits also when initiating IKE_SAs
Tobias Brunner [Thu, 16 Jul 2015 15:21:54 +0000 (17:21 +0200)]
controller: Optionally adhere to init limits also when initiating IKE_SAs

4 years agoike: Also track initiating IKE_SAs as half-open
Tobias Brunner [Fri, 17 Jul 2015 09:48:53 +0000 (11:48 +0200)]
ike: Also track initiating IKE_SAs as half-open

4 years agostroke: Allow %any as local address
Tobias Brunner [Mon, 3 Aug 2015 17:36:45 +0000 (19:36 +0200)]
stroke: Allow %any as local address

Actually, resolving addresses in `left` might be overkill as we'll assume
left=local anyway (the only difference is the log message).

4 years agostroke: Add an option to disable side-swapping of configuration options
Tobias Brunner [Mon, 3 Aug 2015 17:26:54 +0000 (19:26 +0200)]
stroke: Add an option to disable side-swapping of configuration options

In some scenarios it might be preferred to ensure left is always local
and no unintended swaps occur.

4 years agoikev1: Assign different job priorities for inbound IKEv1 messages
Tobias Brunner [Fri, 17 Jul 2015 12:08:09 +0000 (14:08 +0200)]
ikev1: Assign different job priorities for inbound IKEv1 messages

4 years agotesting: Fix typo in p2pnat/behind-same-nat scenario
Tobias Brunner [Fri, 21 Aug 2015 15:48:37 +0000 (17:48 +0200)]
testing: Fix typo in p2pnat/behind-same-nat scenario

4 years agochild-rekey: Don't add a REKEY_SA notify if the child-create task is deleting the SA
Tobias Brunner [Wed, 19 Aug 2015 14:16:01 +0000 (16:16 +0200)]
child-rekey: Don't add a REKEY_SA notify if the child-create task is deleting the SA

4 years agochild-create: Cache proposed IPsec protocol
Tobias Brunner [Wed, 19 Aug 2015 13:53:00 +0000 (15:53 +0200)]
child-create: Cache proposed IPsec protocol

This allows us to DELETE CHILD_SAs on failures that occur before we
retrieved the selected proposal.

4 years agochild-create: Don't attempt to delete the SA if we don't have all the information
Tobias Brunner [Wed, 19 Aug 2015 13:08:02 +0000 (15:08 +0200)]
child-create: Don't attempt to delete the SA if we don't have all the information

Since we only support single protocols we could probably guess it and always
send a DELETE.

4 years agochild-rekey: Remove redundant migrate() call for child-create sub-task
Tobias Brunner [Tue, 28 Jul 2015 13:28:33 +0000 (15:28 +0200)]
child-rekey: Remove redundant migrate() call for child-create sub-task

When retrying due to a DH group mismatch this is already done by the
child-create task itself.  And in other cases where the task returns
NEED_MORE we actually will need access to a possible proposal to properly
delete it.

4 years agochild-create: Fix crash when retrying CHILD_SA rekeying due to a DH group mismatch
Tobias Brunner [Tue, 28 Jul 2015 13:10:17 +0000 (15:10 +0200)]
child-create: Fix crash when retrying CHILD_SA rekeying due to a DH group mismatch

If the responder declines our KE payload during a CHILD_SA rekeying migrate()
is called to reuse the child-create task.  But the child-rekey task then
calls the same method again.

Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()")

4 years agoauth-cfg: Don't enforce EAP_RADIUS
Tobias Brunner [Fri, 21 Aug 2015 09:40:07 +0000 (11:40 +0200)]
auth-cfg: Don't enforce EAP_RADIUS

Basically the same as e79b0e07e4ab.  EAP_RADIUS is also a virtual method
that will identify itself as a different EAP method later.

4 years agotesting: Add missing sim_files file to ikev2/rw-eap-sim-radius scenario
Tobias Brunner [Fri, 21 Aug 2015 09:37:23 +0000 (11:37 +0200)]
testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenario

4 years agotesting: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenario
Tobias Brunner [Fri, 21 Aug 2015 09:15:36 +0000 (11:15 +0200)]
testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenario

4 years agotesting: Print triplets.dat files of clients in EAP-SIM scenarios
Tobias Brunner [Fri, 21 Aug 2015 09:13:33 +0000 (11:13 +0200)]
testing: Print triplets.dat files of clients in EAP-SIM scenarios

References #1078.

4 years agoMerge branch 'stroke-ca-sections'
Tobias Brunner [Thu, 20 Aug 2015 17:37:09 +0000 (19:37 +0200)]
Merge branch 'stroke-ca-sections'

This resolves the duplicate CERTREQ issue when certificates in
ipsec.d/cacerts were referenced in ca sections.  It also ensures CA
certificates are reloaded atomically, so there is never a time when
an unchanged CA certificate is not available.

References #842.