strongswan.git
9 years agoimplemented enforcement-report metadata
Andreas Steffen [Fri, 12 Aug 2011 11:16:02 +0000 (13:16 +0200)]
implemented enforcement-report metadata

9 years agouse EAP identity
Andreas Steffen [Fri, 12 Aug 2011 09:34:56 +0000 (11:34 +0200)]
use EAP identity

9 years agodefined mapping of IKEv2 identity types to IF-MAP identity types
Andreas Steffen [Fri, 12 Aug 2011 09:07:29 +0000 (11:07 +0200)]
defined mapping of IKEv2 identity types to IF-MAP identity types

9 years agoIf we close a duplicate SA, it is also no authentication failure.
Tobias Brunner [Fri, 12 Aug 2011 08:11:39 +0000 (10:11 +0200)]
If we close a duplicate SA, it is also no authentication failure.

9 years agoIf local authentication fails, it is not really a peer auth failure.
Tobias Brunner [Wed, 10 Aug 2011 15:42:30 +0000 (17:42 +0200)]
If local authentication fails, it is not really a peer auth failure.

9 years agoThrow an alert if authentication of the peer fails (not only for initiator).
Tobias Brunner [Wed, 10 Aug 2011 15:29:06 +0000 (17:29 +0200)]
Throw an alert if authentication of the peer fails (not only for initiator).

9 years agoThrow an alert when the peer address cannot be resolved during initiation.
Tobias Brunner [Wed, 10 Aug 2011 13:45:41 +0000 (15:45 +0200)]
Throw an alert when the peer address cannot be resolved during initiation.

9 years agoThrow an alert via bus_t when remote authentication fails.
Tobias Brunner [Wed, 10 Aug 2011 13:17:40 +0000 (15:17 +0200)]
Throw an alert via bus_t when remote authentication fails.

9 years agosupport capability metadata
Andreas Steffen [Thu, 11 Aug 2011 13:06:01 +0000 (15:06 +0200)]
support capability metadata

9 years agoVerify that executables are available and set (pluto|charon)start accordingly.
Tobias Brunner [Thu, 11 Aug 2011 11:38:05 +0000 (13:38 +0200)]
Verify that executables are available and set (pluto|charon)start accordingly.

Some distributions enable both daemons but then distribute the
executables in two separate packages.  If only one package is installed
but both daemons are enabled in ipsec.conf, starter will try to start
the non existing daemon over and over again, and will each time readd
the configs to the other daemon.

9 years agoversion bump to 4.6.0dr2
Andreas Steffen [Thu, 11 Aug 2011 05:56:42 +0000 (07:56 +0200)]
version bump to 4.6.0dr2

9 years agoadded tnc-ifmap attributes to manpage
Andreas Steffen [Wed, 10 Aug 2011 13:58:18 +0000 (15:58 +0200)]
added tnc-ifmap attributes to manpage

9 years agoversion bump to 4.6.0dr1
Andreas Steffen [Wed, 10 Aug 2011 07:28:31 +0000 (09:28 +0200)]
version bump to 4.6.0dr1

9 years agodefine server_cert in strongswan.conf
Andreas Steffen [Wed, 10 Aug 2011 04:13:21 +0000 (06:13 +0200)]
define server_cert in strongswan.conf

9 years agogetting rid of axis2.html configuration
Andreas Steffen [Tue, 9 Aug 2011 19:09:37 +0000 (21:09 +0200)]
getting rid of axis2.html configuration

9 years agooutput PEP device addresses as metadata
Andreas Steffen [Mon, 8 Aug 2011 18:13:32 +0000 (20:13 +0200)]
output PEP device addresses as metadata

9 years agoclassify an EAP identity as a username
Andreas Steffen [Mon, 8 Aug 2011 17:03:50 +0000 (19:03 +0200)]
classify an EAP identity as a username

9 years agorefactoring of tnc-ifmap plugin
Andreas Steffen [Mon, 8 Aug 2011 15:48:56 +0000 (17:48 +0200)]
refactoring of tnc-ifmap plugin

9 years agopublish all IKE_SA metadata after tnc-ifmap plugin reload
Andreas Steffen [Mon, 8 Aug 2011 07:49:35 +0000 (09:49 +0200)]
publish all IKE_SA metadata after tnc-ifmap plugin reload

9 years agoimplemented tnc-ifmap reload method
Andreas Steffen [Mon, 8 Aug 2011 06:48:18 +0000 (08:48 +0200)]
implemented tnc-ifmap reload method

9 years agomoved ifmap code into tnc_ifmap_soap
Andreas Steffen [Mon, 8 Aug 2011 06:29:43 +0000 (08:29 +0200)]
moved ifmap code into tnc_ifmap_soap

9 years agofree device_name in destroy()
Andreas Steffen [Sun, 7 Aug 2011 22:19:08 +0000 (00:19 +0200)]
free device_name in destroy()

9 years agoset device_name via strongswan.conf
Andreas Steffen [Sun, 7 Aug 2011 22:13:36 +0000 (00:13 +0200)]
set device_name via strongswan.conf

9 years agofixed delete filters
Andreas Steffen [Sun, 7 Aug 2011 21:41:05 +0000 (23:41 +0200)]
fixed delete filters

9 years agocheck for publishReceived response
Andreas Steffen [Sun, 7 Aug 2011 20:40:21 +0000 (22:40 +0200)]
check for publishReceived response

9 years agoadded authenticated-by metadata
Andreas Steffen [Sun, 7 Aug 2011 17:54:43 +0000 (19:54 +0200)]
added authenticated-by metadata

9 years agofirst working publish of metadata
Andreas Steffen [Sun, 7 Aug 2011 15:04:02 +0000 (17:04 +0200)]
first working publish of metadata

9 years agoadded some XML syntax checking
Andreas Steffen [Sat, 6 Aug 2011 22:21:15 +0000 (00:21 +0200)]
added some XML syntax checking

9 years agoimplemented purgePublisher command
Andreas Steffen [Sat, 6 Aug 2011 14:33:28 +0000 (16:33 +0200)]
implemented purgePublisher command

9 years agofixed typo
Andreas Steffen [Fri, 5 Aug 2011 23:02:40 +0000 (01:02 +0200)]
fixed typo

9 years agocombined newSession and newSessionResult
Andreas Steffen [Fri, 5 Aug 2011 22:50:29 +0000 (00:50 +0200)]
combined newSession and newSessionResult

9 years agonewSession and endSession work
Andreas Steffen [Fri, 5 Aug 2011 22:12:55 +0000 (00:12 +0200)]
newSession and endSession work

9 years agocreated tnc-ifmap plugin
Andreas Steffen [Fri, 5 Aug 2011 14:15:55 +0000 (16:15 +0200)]
created tnc-ifmap plugin

9 years agoFixed syntax in MySQL script.
Tobias Brunner [Mon, 8 Aug 2011 14:15:28 +0000 (16:15 +0200)]
Fixed syntax in MySQL script.

9 years agoInstall and use libtls as dynamic library, as we have our private libdir now
Martin Willi [Mon, 8 Aug 2011 11:24:16 +0000 (13:24 +0200)]
Install and use libtls as dynamic library, as we have our private libdir now

9 years agoMigrated simaka_message to INIT/METHOD macros
Martin Willi [Thu, 7 Jul 2011 10:42:15 +0000 (12:42 +0200)]
Migrated simaka_message to INIT/METHOD macros

9 years agoMigratd simaka_crypto to INIT/METHOD macros
Martin Willi [Thu, 7 Jul 2011 10:42:01 +0000 (12:42 +0200)]
Migratd simaka_crypto to INIT/METHOD macros

9 years agoMigrated all SIM/AKA code to libsimaka, use SIM and AKA backend managers registered...
Martin Willi [Thu, 7 Jul 2011 10:31:45 +0000 (12:31 +0200)]
Migrated all SIM/AKA code to libsimaka, use SIM and AKA backend managers registered by name

9 years agoAdd a non-clonig variant of eap_payload_create_data
Martin Willi [Thu, 7 Jul 2011 10:31:02 +0000 (12:31 +0200)]
Add a non-clonig variant of eap_payload_create_data

9 years agoInstall and link libsimaka as dynamic library
Martin Willi [Wed, 6 Jul 2011 13:45:26 +0000 (15:45 +0200)]
Install and link libsimaka as dynamic library

9 years agoProvide generic object registration by name on libstrongswan
Martin Willi [Wed, 6 Jul 2011 13:19:13 +0000 (15:19 +0200)]
Provide generic object registration by name on libstrongswan

9 years agoFixed function descriptions
Martin Willi [Wed, 6 Jul 2011 12:38:23 +0000 (14:38 +0200)]
Fixed function descriptions

9 years agomaemo: New upstream release.
Tobias Brunner [Fri, 5 Aug 2011 12:45:17 +0000 (14:45 +0200)]
maemo: New upstream release.

9 years agomaemo: Define _GNU_SOURCE to make llabs available.
Tobias Brunner [Fri, 5 Aug 2011 12:36:11 +0000 (14:36 +0200)]
maemo: Define _GNU_SOURCE to make llabs available.

llabs is defined in C99, thus requires e.g. _USE_ISOC99 to be defined.
features.h on Maemo defines _USE_ISOC99 in fewer cases than newer versions
of it do on other platforms.

9 years agomaemo: Libraries are installed in lib/ipsec, binaries in libexec not lib.
Tobias Brunner [Fri, 5 Aug 2011 12:30:03 +0000 (14:30 +0200)]
maemo: Libraries are installed in lib/ipsec, binaries in libexec not lib.

9 years agomaemo: Don't overwrite location of libexec.
Tobias Brunner [Fri, 5 Aug 2011 12:28:45 +0000 (14:28 +0200)]
maemo: Don't overwrite location of libexec.

9 years agoMigrated peer_cfg_t to INIT/METHOD macros.
Tobias Brunner [Mon, 11 Jul 2011 09:18:15 +0000 (11:18 +0200)]
Migrated peer_cfg_t to INIT/METHOD macros.

9 years agoShow error code of Microsoft specific error notify
Martin Willi [Mon, 1 Aug 2011 09:27:25 +0000 (11:27 +0200)]
Show error code of Microsoft specific error notify

9 years agoAdded Microsoft specific error notify
Martin Willi [Mon, 1 Aug 2011 09:27:01 +0000 (11:27 +0200)]
Added Microsoft specific error notify

9 years agoAdded tnc Doxygen group to libcharon.
Tobias Brunner [Wed, 3 Aug 2011 08:56:33 +0000 (10:56 +0200)]
Added tnc Doxygen group to libcharon.

9 years agoMoved PEN to libstrongswan Doxygen group.
Tobias Brunner [Wed, 3 Aug 2011 08:55:42 +0000 (10:55 +0200)]
Moved PEN to libstrongswan Doxygen group.

9 years agoDoxygen group for BIO added.
Tobias Brunner [Wed, 3 Aug 2011 08:54:32 +0000 (10:54 +0200)]
Doxygen group for BIO added.

9 years agoDisable policy history for pluto. 4.5.3
Tobias Brunner [Tue, 2 Aug 2011 16:34:49 +0000 (18:34 +0200)]
Disable policy history for pluto.

pluto tracks usage of policies already in its own way.

9 years agopluto: --debug-kernel aliasing was not fully complete.
Tobias Brunner [Tue, 2 Aug 2011 16:15:50 +0000 (18:15 +0200)]
pluto: --debug-kernel aliasing was not fully complete.

9 years agoha plugin does not need Linux headers anymore
Martin Willi [Tue, 2 Aug 2011 15:08:41 +0000 (17:08 +0200)]
ha plugin does not need Linux headers anymore

9 years agoCheck for kernel version and use appropriate jhash version in HA plugin
Martin Willi [Tue, 2 Aug 2011 15:00:15 +0000 (17:00 +0200)]
Check for kernel version and use appropriate jhash version in HA plugin

9 years agojhash.h is not part of the distribution anymore.
Tobias Brunner [Tue, 2 Aug 2011 14:14:16 +0000 (16:14 +0200)]
jhash.h is not part of the distribution anymore.

9 years agoRemove the Linux jhash.h copy, as the implementation changed for 2.6.37
Martin Willi [Tue, 2 Aug 2011 12:11:49 +0000 (14:11 +0200)]
Remove the Linux jhash.h copy, as the implementation changed for 2.6.37

There are now different version for jhash, use --with-linux-headers
targeting the headers of the kernel used with the HA plugin.

9 years agoversion bump to 4.5.3
Andreas Steffen [Mon, 1 Aug 2011 17:15:01 +0000 (19:15 +0200)]
version bump to 4.5.3

9 years agoProperly initialize ike_sa_t.
Tobias Brunner [Mon, 1 Aug 2011 11:08:15 +0000 (13:08 +0200)]
Properly initialize ike_sa_t.

9 years agoProperly initialize the UCI plugin.
Tobias Brunner [Mon, 1 Aug 2011 11:06:09 +0000 (13:06 +0200)]
Properly initialize the UCI plugin.

9 years agoBuild libtncif on Android.
Tobias Brunner [Fri, 29 Jul 2011 15:41:14 +0000 (17:41 +0200)]
Build libtncif on Android.

9 years agoFile lists in Android.mk files updated.
Tobias Brunner [Fri, 29 Jul 2011 15:40:01 +0000 (17:40 +0200)]
File lists in Android.mk files updated.

9 years agoUpdate fallback drop policies if required.
Tobias Brunner [Fri, 29 Jul 2011 10:34:51 +0000 (12:34 +0200)]
Update fallback drop policies if required.

9 years agoAllow routing table IDs > 255 when filtering them.
Tobias Brunner [Fri, 29 Jul 2011 10:16:18 +0000 (12:16 +0200)]
Allow routing table IDs > 255 when filtering them.

9 years agoDUMM: Allow addresses to be configured with net prefix.
Tobias Brunner [Fri, 29 Jul 2011 10:14:02 +0000 (12:14 +0200)]
DUMM: Allow addresses to be configured with net prefix.

9 years agoFixed host_create_from_subnet when no prefix is given.
Tobias Brunner [Fri, 29 Jul 2011 10:11:20 +0000 (12:11 +0200)]
Fixed host_create_from_subnet when no prefix is given.

9 years agoInstall fallback drop policies for all three directions.
Tobias Brunner [Thu, 28 Jul 2011 12:24:42 +0000 (14:24 +0200)]
Install fallback drop policies for all three directions.

9 years agoInstall fallback drop policies to avoid transmitting unencrypted packets.
Tobias Brunner [Wed, 27 Jul 2011 11:44:33 +0000 (13:44 +0200)]
Install fallback drop policies to avoid transmitting unencrypted packets.

During the update of a CHILD_SA (e.g. caused by MOBIKE) the old policy
is first uninstalled and then the new one is installed.  In the short
time in between, where no policy is available in the kernel, unencrypted
packets could have been transmitted.

9 years agoRemove policies in kernel interfaces based on their priority.
Tobias Brunner [Wed, 27 Jul 2011 11:41:35 +0000 (13:41 +0200)]
Remove policies in kernel interfaces based on their priority.

This allows to unroute a connection while the same connection is
currently established.  In this case both CHILD_SAs share the same
reqid but the installed policies have different priorities.

9 years agoAdded missing include in mysql plugin.
Tobias Brunner [Tue, 26 Jul 2011 13:47:01 +0000 (15:47 +0200)]
Added missing include in mysql plugin.

This was previously pulled in via linked_list.h->iterator.h->library.h.

9 years agoAdded tnc, imc, imv debug message groups to man page.
Tobias Brunner [Tue, 26 Jul 2011 07:38:13 +0000 (09:38 +0200)]
Added tnc, imc, imv debug message groups to man page.

9 years agoshow correct network topology in shunt-policies scenarios
Andreas Steffen [Tue, 26 Jul 2011 05:55:20 +0000 (07:55 +0200)]
show correct network topology in shunt-policies scenarios

9 years agoInherit authentication information during IKE_SA rekeying
Martin Willi [Mon, 25 Jul 2011 12:08:18 +0000 (14:08 +0200)]
Inherit authentication information during IKE_SA rekeying

9 years agoAdded a log message when roam jobs get created.
Tobias Brunner [Thu, 21 Jul 2011 17:44:42 +0000 (19:44 +0200)]
Added a log message when roam jobs get created.

9 years agoReadded docs for some arguments to global functions.
Tobias Brunner [Thu, 21 Jul 2011 16:32:28 +0000 (18:32 +0200)]
Readded docs for some arguments to global functions.

Those were overzealously removed in 28623fc5389829858c78c759a214aa5c64ea26c6.

9 years agoFixed sleep command in two test cases.
Tobias Brunner [Thu, 21 Jul 2011 14:34:37 +0000 (16:34 +0200)]
Fixed sleep command in two test cases.

9 years agoAdded NEWS about job priorities and IKE_SA_INIT dropping.
Tobias Brunner [Thu, 21 Jul 2011 14:26:30 +0000 (16:26 +0200)]
Added NEWS about job priorities and IKE_SA_INIT dropping.

9 years agoDocumentation about job priorities added to man page.
Tobias Brunner [Thu, 21 Jul 2011 14:17:08 +0000 (16:17 +0200)]
Documentation about job priorities added to man page.

Also includes docs about IKE_SA_INIT dropping.

9 years agofixed esn type
Andreas Steffen [Wed, 20 Jul 2011 21:11:19 +0000 (23:11 +0200)]
fixed esn type

9 years agofixed some more misspellings
Andreas Steffen [Wed, 20 Jul 2011 20:19:01 +0000 (22:19 +0200)]
fixed some more misspellings

9 years agoFixed common misspellings.
Tobias Brunner [Wed, 20 Jul 2011 13:57:53 +0000 (15:57 +0200)]
Fixed common misspellings.

Mostly found by 'codespell'.

9 years agoRemoved old ikev2bis draft.
Tobias Brunner [Wed, 20 Jul 2011 13:57:29 +0000 (15:57 +0200)]
Removed old ikev2bis draft.

9 years agoAdded missing load-tester options to man page.
Tobias Brunner [Mon, 18 Jul 2011 17:01:18 +0000 (19:01 +0200)]
Added missing load-tester options to man page.

9 years agoCount running load-tester threads properly.
Tobias Brunner [Mon, 18 Jul 2011 16:45:13 +0000 (18:45 +0200)]
Count running load-tester threads properly.

9 years agoFix load-tester.shutdown_when_complete option.
Tobias Brunner [Mon, 18 Jul 2011 16:42:47 +0000 (18:42 +0200)]
Fix load-tester.shutdown_when_complete option.

It didn't work when used together with delete_after_established=yes.

9 years agoFix listener registration in load-tester plugin.
Tobias Brunner [Mon, 18 Jul 2011 16:42:21 +0000 (18:42 +0200)]
Fix listener registration in load-tester plugin.

This fixes the load-tester.shutdown_when_complete option.

9 years agoremoved stray code
Andreas Steffen [Mon, 18 Jul 2011 08:22:29 +0000 (10:22 +0200)]
removed stray code

9 years agoadded libimcv.plugins.imv_scanner options to strongswan.conf
Andreas Steffen [Sun, 17 Jul 2011 09:07:30 +0000 (11:07 +0200)]
added libimcv.plugins.imv_scanner options to strongswan.conf

9 years agoadded ikev2/net2net-esn scenario
Andreas Steffen [Sat, 16 Jul 2011 12:12:23 +0000 (14:12 +0200)]
added ikev2/net2net-esn scenario

9 years agoadded log and status output for ESN
Andreas Steffen [Sat, 16 Jul 2011 09:09:38 +0000 (11:09 +0200)]
added log and status output for ESN

9 years agoadded IKEv2 exchange type IKE_SESSION_RESUME from RFC 5723
Andreas Steffen [Fri, 15 Jul 2011 05:48:36 +0000 (07:48 +0200)]
added IKEv2 exchange type IKE_SESSION_RESUME from RFC 5723

9 years agoversion bump to 4.5.3rc1
Andreas Steffen [Thu, 14 Jul 2011 21:27:07 +0000 (23:27 +0200)]
version bump to 4.5.3rc1

9 years agoalice is now master in the ha/both-active scenario
Andreas Steffen [Thu, 14 Jul 2011 15:31:47 +0000 (17:31 +0200)]
alice is now master in the ha/both-active scenario

9 years agoshort form changed
Andreas Steffen [Thu, 14 Jul 2011 14:49:41 +0000 (16:49 +0200)]
short form changed

9 years agoFix parentheses in write() to CLUSTERIP control files
Martin Willi [Thu, 14 Jul 2011 13:56:10 +0000 (15:56 +0200)]
Fix parentheses in write() to CLUSTERIP control files

9 years agoshunt manager installs policies with %any hosts
Andreas Steffen [Thu, 14 Jul 2011 11:51:36 +0000 (13:51 +0200)]
shunt manager installs policies with %any hosts

9 years agoadded HOME_AGENT_ADDRESS CP attribute type
Andreas Steffen [Thu, 14 Jul 2011 09:05:13 +0000 (11:05 +0200)]
added HOME_AGENT_ADDRESS CP attribute type

9 years agofixed typo
Andreas Steffen [Thu, 14 Jul 2011 08:53:37 +0000 (10:53 +0200)]
fixed typo

9 years agoupdated IANA IKEv2 Notify Message Types
Andreas Steffen [Thu, 14 Jul 2011 08:51:24 +0000 (10:51 +0200)]
updated IANA IKEv2 Notify Message Types