strongswan.git
11 years agoFreeBSD only reports a policy's usetime if a lifetime has been specified when the...
Tobias Brunner [Tue, 4 Aug 2009 09:03:39 +0000 (11:03 +0200)]
FreeBSD only reports a policy's usetime if a lifetime has been specified when the policy was added (we only specify a lifetime on the SA, not on the policy).

11 years agoFreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to...
Tobias Brunner [Fri, 31 Jul 2009 16:10:39 +0000 (18:10 +0200)]
FreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to zero, we accept that for now.

11 years agoMissing check for udp.h added.
Tobias Brunner [Fri, 31 Jul 2009 15:02:53 +0000 (17:02 +0200)]
Missing check for udp.h added.

11 years agoparse RDNs in multiple SEQUENCEs in all SETs of a DN
Martin Willi [Mon, 3 Aug 2009 13:24:48 +0000 (15:24 +0200)]
parse RDNs in multiple SEQUENCEs in all SETs of a DN

11 years agocompare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA
Martin Willi [Mon, 3 Aug 2009 12:37:24 +0000 (14:37 +0200)]
compare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA

11 years agofixed dereferencing bug caused by bool type redefinition
Andreas Steffen [Sun, 2 Aug 2009 14:58:32 +0000 (16:58 +0200)]
fixed dereferencing bug caused by bool type redefinition

11 years agoimplemented query_sa() for PFKEYv2
Andreas Steffen [Sun, 2 Aug 2009 09:46:33 +0000 (11:46 +0200)]
implemented query_sa() for PFKEYv2

11 years agocorrected interface definition
Andreas Steffen [Fri, 31 Jul 2009 06:57:55 +0000 (08:57 +0200)]
corrected interface definition

11 years agoupdate usetime only if usebytes increase
Andreas Steffen [Thu, 30 Jul 2009 21:19:42 +0000 (23:19 +0200)]
update usetime only if usebytes increase

11 years agodisplay transmitted bytes per SA
Andreas Steffen [Thu, 30 Jul 2009 19:33:19 +0000 (21:33 +0200)]
display transmitted bytes per SA

11 years agoHandling of unsupported policy directions (FWD) fixed.
Tobias Brunner [Thu, 30 Jul 2009 12:04:17 +0000 (14:04 +0200)]
Handling of unsupported policy directions (FWD) fixed.

11 years agoEnabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.
Tobias Brunner [Thu, 30 Jul 2009 11:52:08 +0000 (13:52 +0200)]
Enabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.

11 years agoConfigure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP...
Tobias Brunner [Wed, 29 Jul 2009 09:34:47 +0000 (11:34 +0200)]
Configure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP encapsulated ESP packets in the kernel.

11 years agoMake accept(2) and recvfrom(2) cancellation points on Mac OS X.
Tobias Brunner [Fri, 24 Jul 2009 08:58:27 +0000 (10:58 +0200)]
Make accept(2) and recvfrom(2) cancellation points on Mac OS X.

11 years agofixe KW_END_FIRST..KW_END_LAST keyword range
Andreas Steffen [Tue, 28 Jul 2009 13:44:24 +0000 (15:44 +0200)]
fixe KW_END_FIRST..KW_END_LAST keyword range

11 years agoimproved DPD error message
Andreas Steffen [Wed, 22 Jul 2009 20:30:21 +0000 (22:30 +0200)]
improved DPD error message

11 years agoadded file and segment lengths to checksum.c
Andreas Steffen [Tue, 21 Jul 2009 20:23:51 +0000 (22:23 +0200)]
added file and segment lengths to checksum.c

11 years agoversion bump to 4.3.4
Andreas Steffen [Tue, 21 Jul 2009 20:21:52 +0000 (22:21 +0200)]
version bump to 4.3.4

11 years agoversion bump of Linux UML kernel to 2.6.30.2 4.3.3
Andreas Steffen [Tue, 21 Jul 2009 13:51:04 +0000 (15:51 +0200)]
version bump of Linux UML kernel to 2.6.30.2

11 years agofilter objects for segment checksumming by dlpi_name, excludes rare false positives
Martin Willi [Tue, 21 Jul 2009 13:10:24 +0000 (15:10 +0200)]
filter objects for segment checksumming by dlpi_name, excludes rare false positives

11 years agoenumerate executable sections only to build checksum
Martin Willi [Tue, 21 Jul 2009 13:00:18 +0000 (15:00 +0200)]
enumerate executable sections only to build checksum

11 years agoannounce integrity testing only once
Martin Willi [Tue, 21 Jul 2009 12:58:14 +0000 (14:58 +0200)]
announce integrity testing only once

11 years agoFixed GID lookup in cases where the configured group is a prefix of another group.
Tobias Brunner [Mon, 20 Jul 2009 19:20:03 +0000 (21:20 +0200)]
Fixed GID lookup in cases where the configured group is a prefix of another group.

11 years agoFixed installation of config files in out-of-tree builds.
Tobias Brunner [Mon, 20 Jul 2009 19:13:45 +0000 (21:13 +0200)]
Fixed installation of config files in out-of-tree builds.

11 years agoUse the numerical UID/GID to install the config files and create the ipsec.d directories.
Tobias Brunner [Mon, 20 Jul 2009 19:03:05 +0000 (21:03 +0200)]
Use the numerical UID/GID to install the config files and create the ipsec.d directories.

11 years agoTranslate the configured user and group to a numerical UID and GID.
Tobias Brunner [Mon, 20 Jul 2009 19:01:13 +0000 (21:01 +0200)]
Translate the configured user and group to a numerical UID and GID.

11 years agostreamlined integrity test output some more
Andreas Steffen [Sat, 18 Jul 2009 09:23:27 +0000 (11:23 +0200)]
streamlined integrity test output some more

11 years agoadvertise activated integrity tests
Andreas Steffen [Fri, 17 Jul 2009 22:37:35 +0000 (00:37 +0200)]
advertise activated integrity tests

11 years agoadded latest NEWS
Andreas Steffen [Fri, 17 Jul 2009 20:54:23 +0000 (22:54 +0200)]
added latest NEWS

11 years agoadded ikev1/net2net-pgp-v4 scenario
Andreas Steffen [Fri, 17 Jul 2009 20:36:12 +0000 (22:36 +0200)]
added ikev1/net2net-pgp-v4 scenario

11 years agoadapted scenario description for OpenPGP V3 keys
Andreas Steffen [Fri, 17 Jul 2009 20:33:22 +0000 (22:33 +0200)]
adapted scenario description for OpenPGP V3 keys

11 years agoenable crypt debugging in ikev1/esp-alg-camellia scenario
Andreas Steffen [Fri, 17 Jul 2009 19:27:54 +0000 (21:27 +0200)]
enable crypt debugging in ikev1/esp-alg-camellia scenario

11 years agoadded strongswan-2.8.11 and strongswan-4.2.17 VIDs
Andreas Steffen [Fri, 17 Jul 2009 19:19:32 +0000 (21:19 +0200)]
added strongswan-2.8.11 and strongswan-4.2.17 VIDs

11 years agoenable integrity test in all rw-cert scenarios
Andreas Steffen [Fri, 17 Jul 2009 18:52:14 +0000 (20:52 +0200)]
enable integrity test in all rw-cert scenarios

11 years agofix test vector error output
Andreas Steffen [Fri, 17 Jul 2009 18:36:21 +0000 (20:36 +0200)]
fix test vector error output

11 years agostop strongswan if integrity check of libstrongswan or daemon fails
Andreas Steffen [Fri, 17 Jul 2009 18:33:19 +0000 (20:33 +0200)]
stop strongswan if integrity check of libstrongswan or daemon fails

11 years agostreamlined debug output of integrity tests
Andreas Steffen [Fri, 17 Jul 2009 15:00:17 +0000 (17:00 +0200)]
streamlined debug output of integrity tests

11 years agoenforce strongSwan coding rules
Andreas Steffen [Fri, 17 Jul 2009 14:57:07 +0000 (16:57 +0200)]
enforce strongSwan coding rules

11 years agoshortened cypto test output
Andreas Steffen [Fri, 17 Jul 2009 14:36:01 +0000 (16:36 +0200)]
shortened cypto test output

11 years agoaccelerate lookup in non-concatenated pools
Andreas Steffen [Fri, 17 Jul 2009 11:58:29 +0000 (13:58 +0200)]
accelerate lookup in non-concatenated pools

11 years agoadded scenario ikev2/ip-split-pools-db
Andreas Steffen [Fri, 17 Jul 2009 11:38:57 +0000 (13:38 +0200)]
added scenario ikev2/ip-split-pools-db

11 years agoadded sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios
Andreas Steffen [Fri, 17 Jul 2009 09:50:59 +0000 (11:50 +0200)]
added sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios

11 years agocheck for an existing lease over all assigned pools first
Andreas Steffen [Fri, 17 Jul 2009 09:48:35 +0000 (11:48 +0200)]
check for an existing lease over all assigned pools first

11 years agofixed problem with static leases over multiple pools
Andreas Steffen [Thu, 16 Jul 2009 19:53:46 +0000 (21:53 +0200)]
fixed problem with static leases over multiple pools

11 years agoFixing distribution build (checksum.c is created on the user's system).
Tobias Brunner [Thu, 16 Jul 2009 14:50:55 +0000 (16:50 +0200)]
Fixing distribution build (checksum.c is created on the user's system).

11 years agofixed memleak in SQL config lookup
Martin Willi [Thu, 16 Jul 2009 13:59:56 +0000 (15:59 +0200)]
fixed memleak in SQL config lookup

11 years agoCheck for gperf version added to configure script.
Tobias Brunner [Thu, 16 Jul 2009 12:59:30 +0000 (14:59 +0200)]
Check for gperf version added to configure script.

11 years agoraise an alert() if the RADIUS server is not responding
Martin Willi [Wed, 15 Jul 2009 14:13:51 +0000 (16:13 +0200)]
raise an alert() if the RADIUS server is not responding

11 years agoadded an alert() bus hook to raise critical system errors and notifications
Martin Willi [Wed, 15 Jul 2009 14:12:02 +0000 (16:12 +0200)]
added an alert() bus hook to raise critical system errors and notifications

11 years agoTypo fixed.
Tobias Brunner [Thu, 16 Jul 2009 08:59:20 +0000 (10:59 +0200)]
Typo fixed.

11 years agoAdded an option to the configure script to disable building the scripts.
Tobias Brunner [Thu, 16 Jul 2009 08:52:14 +0000 (10:52 +0200)]
Added an option to the configure script to disable building the scripts.

11 years agoRevert "gperf under FreeBSD does not know the -m option."
Tobias Brunner [Thu, 16 Jul 2009 08:09:23 +0000 (10:09 +0200)]
Revert "gperf under FreeBSD does not know the -m option."

This reverts commit 0ead254919c66a1b6a9e39b175f0b92f2a076c12.

11 years agoRemoved an unnecessary include of a header that is not available on Mac OS X.
Tobias Brunner [Wed, 15 Jul 2009 20:39:40 +0000 (22:39 +0200)]
Removed an unnecessary include of a header that is not available on Mac OS X.

11 years agoconversion from ECDSA_WITH_SHAxxx OIDs to signature schemes
Andreas Steffen [Wed, 15 Jul 2009 16:12:40 +0000 (18:12 +0200)]
conversion from ECDSA_WITH_SHAxxx OIDs to signature schemes

11 years agomoved the CFLAGS mangling AC_LIB_PREFIX macro behind CFLAG test
Martin Willi [Wed, 15 Jul 2009 14:04:37 +0000 (16:04 +0200)]
moved the CFLAGS mangling AC_LIB_PREFIX macro behind CFLAG test

11 years agoupdated debian package
Martin Willi [Wed, 15 Jul 2009 12:09:49 +0000 (14:09 +0200)]
updated debian package

11 years agoupdated Standards-Version to 3.8.2
Martin Willi [Wed, 15 Jul 2009 12:01:47 +0000 (14:01 +0200)]
updated Standards-Version to 3.8.2

11 years agoadded ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning
Martin Willi [Wed, 15 Jul 2009 12:00:42 +0000 (14:00 +0200)]
added ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning

11 years agoadded copyright information, fixes copyright-without-copyright-notice lintian warning
Martin Willi [Wed, 15 Jul 2009 11:59:25 +0000 (13:59 +0200)]
added copyright information, fixes copyright-without-copyright-notice lintian warning

11 years agocast pointers to uintptr_t for alignement check
Martin Willi [Wed, 15 Jul 2009 08:07:15 +0000 (10:07 +0200)]
cast pointers to uintptr_t for alignement check

11 years agogperf under FreeBSD does not know the -m option.
Tobias Brunner [Tue, 14 Jul 2009 10:03:12 +0000 (12:03 +0200)]
gperf under FreeBSD does not know the -m option.

We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.

11 years agoCorrected check for valid ASN1 types in rdn_enumerate.
Tobias Brunner [Tue, 14 Jul 2009 09:55:09 +0000 (11:55 +0200)]
Corrected check for valid ASN1 types in rdn_enumerate.

Because of the range of u_char the comparison was always TRUE before.

11 years agoAdded --with-lib-prefix option to the configure script.
Tobias Brunner [Tue, 14 Jul 2009 09:50:24 +0000 (11:50 +0200)]
Added --with-lib-prefix option to the configure script.

This option enables users to add additional search paths for include
files and libraries.

11 years agoadded SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs
Andreas Steffen [Tue, 14 Jul 2009 03:35:01 +0000 (05:35 +0200)]
added SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs

11 years agodouble free caused strange side effects
Andreas Steffen [Mon, 13 Jul 2009 18:28:36 +0000 (20:28 +0200)]
double free caused strange side effects

11 years agoreport installation failure of inbound and/or outbound IPsec SA, separately
Andreas Steffen [Mon, 13 Jul 2009 13:13:12 +0000 (15:13 +0200)]
report installation failure of inbound and/or outbound IPsec SA, separately

11 years agogreat, I got my comma back
Andreas Steffen [Sun, 12 Jul 2009 19:08:37 +0000 (21:08 +0200)]
great, I got my comma back

11 years agoecp_x_coordinate_only option and IKEv1 AEAD support
Andreas Steffen [Sat, 11 Jul 2009 18:04:38 +0000 (20:04 +0200)]
ecp_x_coordinate_only option and IKEv1 AEAD support

11 years agoaddes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios
Andreas Steffen [Sat, 11 Jul 2009 16:44:50 +0000 (18:44 +0200)]
addes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios

11 years agopluto supports AES_CCM and AES_GCM ESP algorithms
Andreas Steffen [Sat, 11 Jul 2009 16:43:09 +0000 (18:43 +0200)]
pluto supports AES_CCM and AES_GCM ESP algorithms

11 years agoput variable definitions up front
Andreas Steffen [Fri, 10 Jul 2009 20:58:47 +0000 (22:58 +0200)]
put variable definitions up front

11 years agocosmetics
Andreas Steffen [Fri, 10 Jul 2009 20:18:26 +0000 (22:18 +0200)]
cosmetics

11 years agoadded listener.h to charon_SOURCES
Andreas Steffen [Fri, 10 Jul 2009 19:43:21 +0000 (21:43 +0200)]
added listener.h to charon_SOURCES

11 years agouse the configured NM connection id as configuration/IKE_SA name
Martin Willi [Fri, 10 Jul 2009 09:01:44 +0000 (11:01 +0200)]
use the configured NM connection id as configuration/IKE_SA name

11 years agofixed state check if establishing the CHILD_SA fails
Martin Willi [Fri, 10 Jul 2009 07:40:02 +0000 (09:40 +0200)]
fixed state check if establishing the CHILD_SA fails

11 years agouse the new updown()/rekey() hooks to track the state of NetworkManager connections
Martin Willi [Fri, 10 Jul 2009 07:37:27 +0000 (09:37 +0200)]
use the new updown()/rekey() hooks to track the state of NetworkManager connections

11 years agoupdate libfreeswan/pfkeyv2.h
Andreas Steffen [Fri, 10 Jul 2009 05:15:08 +0000 (07:15 +0200)]
update libfreeswan/pfkeyv2.h

11 years agoadded AES_CTR, AES_CCM, and AES_GCM strings
Andreas Steffen [Fri, 10 Jul 2009 04:53:54 +0000 (06:53 +0200)]
added AES_CTR, AES_CCM, and AES_GCM strings

11 years agoimplemented ike_down() bus hook
Martin Willi [Thu, 9 Jul 2009 12:44:08 +0000 (14:44 +0200)]
implemented ike_down() bus hook

11 years agoimplemented ike_up() bus hook
Martin Willi [Thu, 9 Jul 2009 11:44:06 +0000 (13:44 +0200)]
implemented ike_up() bus hook

11 years agoimplemented child_down() bus hook
Martin Willi [Thu, 9 Jul 2009 11:35:33 +0000 (13:35 +0200)]
implemented child_down() bus hook

11 years agoimplemented child_up() bus hook
Martin Willi [Thu, 9 Jul 2009 11:11:46 +0000 (13:11 +0200)]
implemented child_up() bus hook

11 years agoimplemented ike_rekey()/child_rekey() bus hooks
Martin Willi [Wed, 8 Jul 2009 12:33:24 +0000 (14:33 +0200)]
implemented ike_rekey()/child_rekey() bus hooks

11 years agoadded new listener callbacks to track SAs
Martin Willi [Wed, 8 Jul 2009 12:08:31 +0000 (14:08 +0200)]
added new listener callbacks to track SAs

11 years agomoved listener_t interface definition to a separate file
Martin Willi [Wed, 8 Jul 2009 07:00:02 +0000 (09:00 +0200)]
moved listener_t interface definition to a separate file

11 years agoenforced strongSwan coding rules
Andreas Steffen [Thu, 9 Jul 2009 13:02:51 +0000 (15:02 +0200)]
enforced strongSwan coding rules

11 years agoadded a RADIUS id_prefix option to prefix the IMSI
Martin Willi [Tue, 7 Jul 2009 13:47:09 +0000 (15:47 +0200)]
added a RADIUS id_prefix option to prefix the IMSI

11 years agoupdated ikev2bis draft from 03 to 04
Martin Willi [Thu, 9 Jul 2009 09:17:43 +0000 (11:17 +0200)]
updated ikev2bis draft from 03 to 04

11 years agomemxor does not access unaligned words anymore, but still uses words if possible
Martin Willi [Wed, 8 Jul 2009 15:19:49 +0000 (17:19 +0200)]
memxor does not access unaligned words anymore, but still uses words if possible

11 years agofixed doxygen section pgp
Martin Willi [Wed, 8 Jul 2009 08:29:12 +0000 (10:29 +0200)]
fixed doxygen section pgp

11 years agofixed two doxygen warnings
Martin Willi [Wed, 8 Jul 2009 08:28:54 +0000 (10:28 +0200)]
fixed two doxygen warnings

11 years agoupdated HACKING info
Martin Willi [Tue, 7 Jul 2009 15:26:16 +0000 (17:26 +0200)]
updated HACKING info

11 years agoremove obsolete child_cfg_t.equal_traffic_selectors() method
Martin Willi [Tue, 7 Jul 2009 12:38:55 +0000 (14:38 +0200)]
remove obsolete child_cfg_t.equal_traffic_selectors() method

11 years agochild_cfg matching code prefers a config containing the first proposed TS
Martin Willi [Tue, 7 Jul 2009 12:38:19 +0000 (14:38 +0200)]
child_cfg matching code prefers a config containing the first proposed TS

11 years agoadded missing equals() method assignment for ID_ANY identities
Martin Willi [Tue, 7 Jul 2009 11:42:22 +0000 (13:42 +0200)]
added missing equals() method assignment for ID_ANY identities

11 years agouse architecture specific Elf header
Martin Willi [Mon, 6 Jul 2009 14:36:01 +0000 (16:36 +0200)]
use architecture specific Elf header

11 years agocentralized ID type specific method assignement in generic constructor
Martin Willi [Mon, 6 Jul 2009 11:11:03 +0000 (13:11 +0200)]
centralized ID type specific method assignement in generic constructor

11 years agoremoved obsolete init_rdn()/get_next_rdn() functions
Martin Willi [Mon, 6 Jul 2009 10:47:18 +0000 (12:47 +0200)]
removed obsolete init_rdn()/get_next_rdn() functions

11 years agoreimplemented dnota() using RDN enumerator
Martin Willi [Mon, 6 Jul 2009 10:42:09 +0000 (12:42 +0200)]
reimplemented dnota() using RDN enumerator

11 years agoadded a chunk_printable() function (replaces sanitize_chunk)
Martin Willi [Mon, 6 Jul 2009 10:37:26 +0000 (12:37 +0200)]
added a chunk_printable() function (replaces sanitize_chunk)