strongswan.git
6 years agochild-sa: Set replay window on both inbound and outbound SA
Martin Willi [Wed, 18 Jun 2014 14:50:18 +0000 (16:50 +0200)]
child-sa: Set replay window on both inbound and outbound SA

While the outbound SA actually does not need a replay window, the kernel rejects
zero replay windows on SAs using ESN. The ESN flag is required to use the full
sequence number in ICV calculation, hence we set the replay window.

This restores the behavior we had before 30c009c2.

6 years agokernel-netlink: Never use XFRMA_REPLAY_ESN_VAL to configure zero replay windows
Martin Willi [Wed, 18 Jun 2014 12:57:21 +0000 (14:57 +0200)]
kernel-netlink: Never use XFRMA_REPLAY_ESN_VAL to configure zero replay windows

Trying to disable replay windows using the ESN attribute fails with EINVAL.
Use non-ESN legacy format to disable replay windows, even if ESN has been
negotiated over IKE.

6 years agoAdded swanctl/net2net-route scenario
Andreas Steffen [Wed, 18 Jun 2014 12:57:33 +0000 (14:57 +0200)]
Added swanctl/net2net-route scenario

6 years agoAdded swanctl/net2net-start scenario
Andreas Steffen [Wed, 18 Jun 2014 12:35:59 +0000 (14:35 +0200)]
Added swanctl/net2net-start scenario

6 years agoMinor changes in swanctl scenarios
Andreas Steffen [Wed, 18 Jun 2014 12:35:36 +0000 (14:35 +0200)]
Minor changes in swanctl scenarios

6 years agoThe policy_started check is not needed any more
Andreas Steffen [Wed, 18 Jun 2014 12:01:02 +0000 (14:01 +0200)]
The policy_started check is not needed any more

6 years agoAdded swanctl --list-pols and swanctl --stats do scenario log
Andreas Steffen [Wed, 18 Jun 2014 11:16:18 +0000 (13:16 +0200)]
Added swanctl --list-pols and swanctl --stats do scenario log

6 years agotesting: Delete accidentally committed test cases
Tobias Brunner [Wed, 18 Jun 2014 07:36:08 +0000 (09:36 +0200)]
testing: Delete accidentally committed test cases

6 years agoikev1: Allow late connection switching based on XAuth username
Tobias Brunner [Fri, 16 May 2014 08:39:22 +0000 (10:39 +0200)]
ikev1: Allow late connection switching based on XAuth username

6 years agoidentification: Only use either , or / to separate RDNs
Tobias Brunner [Mon, 5 May 2014 11:55:15 +0000 (13:55 +0200)]
identification: Only use either , or / to separate RDNs

If a DN starts with a slash (or whitespace and a slash) slashes will
be used, otherwise commas.

6 years agosshkey: Fix loading of ECDSA keys from files
Tobias Brunner [Thu, 3 Apr 2014 07:23:55 +0000 (09:23 +0200)]
sshkey: Fix loading of ECDSA keys from files

6 years agosshkey: Add support to parse SSH public keys from files with left|rightsigkey
Tobias Brunner [Thu, 3 Apr 2014 07:21:43 +0000 (09:21 +0200)]
sshkey: Add support to parse SSH public keys from files with left|rightsigkey

6 years agoMerge branch 'vici-stats'
Martin Willi [Tue, 17 Jun 2014 15:56:05 +0000 (17:56 +0200)]
Merge branch 'vici-stats'

Add a vici/swanctl "stats" command to print daemon info, similar to the header
shown in "ipsec statusall".

6 years agovici: Support memory stats without leak-detective on Windows
Martin Willi [Wed, 11 Jun 2014 14:50:59 +0000 (16:50 +0200)]
vici: Support memory stats without leak-detective on Windows

6 years agoswanctl: Add a --stats command to print daemon infos and statistics
Martin Willi [Wed, 11 Jun 2014 14:19:38 +0000 (16:19 +0200)]
swanctl: Add a --stats command to print daemon infos and statistics

6 years agovici: Add a stats command returning various daemon infos and statistics
Martin Willi [Wed, 11 Jun 2014 14:07:40 +0000 (16:07 +0200)]
vici: Add a stats command returning various daemon infos and statistics

6 years agoswanctl: Support private key decryption passhprases in swanctl.conf
Martin Willi [Wed, 4 Jun 2014 08:37:59 +0000 (10:37 +0200)]
swanctl: Support private key decryption passhprases in swanctl.conf

While there is no real security benefit of storing private keys encrypted if
the passphrase is stored along with it, there still seems to be demand for this
functionality. We add it for compatibility with ipsec.secrets, even if it is
not really recommended.

6 years agoMerge branch 'conn-specific-replay'
Martin Willi [Tue, 17 Jun 2014 14:50:14 +0000 (16:50 +0200)]
Merge branch 'conn-specific-replay'

Introduces a connection specific replay_window option, overriding the global
charon.replay_window strongswan.conf option. Original patch courtesy of
Zheng Zhong and Christophe Gouault from 6Wind.

6 years agoNEWS: Mention replay_window ipsec.conf option
Martin Willi [Tue, 17 Jun 2014 14:44:58 +0000 (16:44 +0200)]
NEWS: Mention replay_window ipsec.conf option

6 years agoswanctl: Document replay_window option
Martin Willi [Tue, 17 Jun 2014 14:48:25 +0000 (16:48 +0200)]
swanctl: Document replay_window option

6 years agovici: Support a replay_window CHILD_SA option
Martin Willi [Mon, 16 Jun 2014 15:41:07 +0000 (17:41 +0200)]
vici: Support a replay_window CHILD_SA option

6 years agostarter: Add a replay_window connection option
Martin Willi [Mon, 16 Jun 2014 15:36:13 +0000 (17:36 +0200)]
starter: Add a replay_window connection option

6 years agokernel-pfkey: Support connection specific replay window sizes up to 32 packets
Martin Willi [Mon, 16 Jun 2014 15:33:45 +0000 (17:33 +0200)]
kernel-pfkey: Support connection specific replay window sizes up to 32 packets

6 years agokernel-netlink: Support connection specific replay window sizes
Martin Willi [Mon, 16 Jun 2014 15:32:49 +0000 (17:32 +0200)]
kernel-netlink: Support connection specific replay window sizes

6 years agokernel-interface: Add a replay_window parameter to add_sa()
Martin Willi [Mon, 16 Jun 2014 15:31:43 +0000 (17:31 +0200)]
kernel-interface: Add a replay_window parameter to add_sa()

6 years agochild-cfg: Store connection specific replay window on CHILD_SA config
Martin Willi [Mon, 16 Jun 2014 15:26:33 +0000 (17:26 +0200)]
child-cfg: Store connection specific replay window on CHILD_SA config

6 years agoMerge branch 'win-errno'
Martin Willi [Tue, 17 Jun 2014 13:24:06 +0000 (15:24 +0200)]
Merge branch 'win-errno'

Improves errno handling for Winsock2 compatibility functions.

6 years agowindows: Declare strerror_s()
Martin Willi [Wed, 11 Jun 2014 15:10:19 +0000 (17:10 +0200)]
windows: Declare strerror_s()

Older MinGW versions seem to miss this function declaration. Fixes build on
Travis using Ubuntu 12.04.

6 years agowindows: Extend strerror_r/s by extended POSIX errno strings
Martin Willi [Wed, 11 Jun 2014 10:07:34 +0000 (12:07 +0200)]
windows: Extend strerror_r/s by extended POSIX errno strings

6 years agowindows: Implement strerror_r using strerror_s
Martin Willi [Wed, 11 Jun 2014 09:38:52 +0000 (11:38 +0200)]
windows: Implement strerror_r using strerror_s

6 years agowindows: Wrap most Winsock2 Posix functions to set errno
Martin Willi [Wed, 11 Jun 2014 09:08:03 +0000 (11:08 +0200)]
windows: Wrap most Winsock2 Posix functions to set errno

While Winsock provides many Posix compatibility functions, they do not set
errno, but use WSAGetLastError() for error reporting. The wrapped functions
derive an errno from WSAGetLastError() on failure.

6 years agowatcher: Prevent race condition spawning multiple watcher threads
Martin Willi [Wed, 11 Jun 2014 13:04:15 +0000 (15:04 +0200)]
watcher: Prevent race condition spawning multiple watcher threads

If file descriptors get added and removed in rapid succession, the active
watcher thread might not take notice of it and continues running. However, add()
spawns a watcher thread whenever a file descriptor is added to an empty set.
This could result in multiple watcher threads, which is fixed by a proper
check for running watchers.

6 years agothread-value: Defer cleanup handling to thread termination on Windows
Martin Willi [Wed, 11 Jun 2014 12:24:22 +0000 (14:24 +0200)]
thread-value: Defer cleanup handling to thread termination on Windows

Instead of cleaning up all thread-values during destruction, cleanup handler
is invoked when a thread detaches. Thread detaching is cough using the Windows
DllMain() entry point, and allows us to basically revert 204098a7.

Using this mechanism, we make sure that the cleanup handler is invoked by the
the correct thread. Further, this mechanism works for externally-spawned
threads which run outside of our thread_cb() routine, and works more efficiently
with short-running threads.

6 years agosocket-win: Use non-overlapped I/O and socket event selection
Martin Willi [Tue, 10 Jun 2014 13:58:31 +0000 (15:58 +0200)]
socket-win: Use non-overlapped I/O and socket event selection

The use of overlapped I/O was incorrect, as we passed stack based buffers, but
did not cancel/wait for pending completion on all sockets. Our receive-from-all
socket interface is actually tricky to implement using overlapped I/O. Switch
to WSAEventSelect() event management, which can be canceled properly while
working in a select()-like way.

6 years agoMerge branch 'attr-enum'
Martin Willi [Tue, 17 Jun 2014 13:15:02 +0000 (15:15 +0200)]
Merge branch 'attr-enum'

Introduces a handle_vips() hook very similar to assign_vips(), but for clients
handling virtual IPs and other configuration attributes. Non-handled attributes
are stored on the IKE_SA as well and can be enumerated.

6 years agobus: Add a handle_vips() hook invoked after handling configuration attributes
Martin Willi [Tue, 11 Feb 2014 09:09:08 +0000 (10:09 +0100)]
bus: Add a handle_vips() hook invoked after handling configuration attributes

Similar to assign_vips() used by a peer assigning virtual IPs to the other peer,
the handle_vips() hook gets invoked on a peers after receiving attributes. On
release of the same attributes the hook gets invoked again.

This is useful to inspect handled attributes, as the ike_updown() hook is
invoked after authentication, when attributes have not been handled yet.

6 years agoikev1: Invoke the assign_vips() bus hook for IKEv1 as well
Martin Willi [Tue, 11 Feb 2014 08:49:44 +0000 (09:49 +0100)]
ikev1: Invoke the assign_vips() bus hook for IKEv1 as well

6 years agoike: Create an enumerator for (un-)handled configuration attributes on IKE_SA
Martin Willi [Tue, 11 Feb 2014 09:12:24 +0000 (10:12 +0100)]
ike: Create an enumerator for (un-)handled configuration attributes on IKE_SA

6 years agoike: Store unhandled attributes on IKE_SA as well
Martin Willi [Tue, 11 Feb 2014 08:19:45 +0000 (09:19 +0100)]
ike: Store unhandled attributes on IKE_SA as well

6 years agoVersion bump to 5.2.0rc1
Andreas Steffen [Sun, 15 Jun 2014 09:40:15 +0000 (11:40 +0200)]
Version bump to 5.2.0rc1

6 years agoMentioned first six swanctl scenarios in NEWS 5.2.0dr6
Andreas Steffen [Sat, 14 Jun 2014 13:43:44 +0000 (15:43 +0200)]
Mentioned first six swanctl scenarios in NEWS

6 years agoAdded swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenarios
Andreas Steffen [Sat, 14 Jun 2014 13:14:53 +0000 (15:14 +0200)]
Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenarios

6 years agoSingle-line --raw mode simplifies evaltest of swanctl scenarios
Andreas Steffen [Thu, 12 Jun 2014 21:00:26 +0000 (23:00 +0200)]
Single-line --raw mode simplifies evaltest of swanctl scenarios

6 years agoSplit swanctl --raw mode into single-line and --pretty mode
Andreas Steffen [Thu, 12 Jun 2014 20:57:15 +0000 (22:57 +0200)]
Split swanctl --raw mode into single-line and --pretty mode

6 years agoAdded swanctl/ip-pool-db scenario
Andreas Steffen [Wed, 11 Jun 2014 16:11:11 +0000 (18:11 +0200)]
Added swanctl/ip-pool-db scenario

6 years agoUpdated strongTNC configuration
Andreas Steffen [Wed, 11 Jun 2014 16:09:48 +0000 (18:09 +0200)]
Updated strongTNC configuration

6 years agoAdded swanctl/ip-pool scenario
Andreas Steffen [Tue, 10 Jun 2014 14:11:25 +0000 (16:11 +0200)]
Added swanctl/ip-pool scenario

6 years agoAllow multiple hash values in the file reference database
Andreas Steffen [Tue, 10 Jun 2014 13:10:21 +0000 (15:10 +0200)]
Allow multiple hash values in the file reference database

6 years agoAdded swanctl/rw-cert scenario
Andreas Steffen [Tue, 10 Jun 2014 07:13:20 +0000 (09:13 +0200)]
Added swanctl/rw-cert scenario

6 years agoAdded Android 4.3 and 4.4.3 to imv database
Andreas Steffen [Tue, 10 Jun 2014 07:11:21 +0000 (09:11 +0200)]
Added Android 4.3 and 4.4.3 to imv database

6 years agoDefine default swanctl credentials in hosts directory
Andreas Steffen [Mon, 9 Jun 2014 07:59:09 +0000 (09:59 +0200)]
Define default swanctl credentials in hosts directory

6 years agoAdded missing units (s = seconds)
Andreas Steffen [Tue, 10 Jun 2014 14:18:23 +0000 (16:18 +0200)]
Added missing units (s = seconds)

6 years agoFixes in SWID entity support
Andreas Steffen [Sun, 8 Jun 2014 09:13:32 +0000 (11:13 +0200)]
Fixes in SWID entity support

6 years agoMerge branch 'win-32bit'
Martin Willi [Fri, 6 Jun 2014 14:32:31 +0000 (16:32 +0200)]
Merge branch 'win-32bit'

Fixes some issues when building 32-bit Windows binaries. Mostly related
to the call API. Introduces a Travis 32-bit Windows build variant.

6 years agotravis: Add a Windows 32-bit variant build test
Martin Willi [Thu, 5 Jun 2014 12:07:21 +0000 (14:07 +0200)]
travis: Add a Windows 32-bit variant build test

6 years agowindows: Link against psapi32
Martin Willi [Thu, 5 Jun 2014 11:14:13 +0000 (13:14 +0200)]
windows: Link against psapi32

On some version GetModuleFileNameEx/GetModuleInformation is in psapi32 instead
of kernel32. We link to both libraries to make sure we have it.

6 years agobacktrace: Use GetModuleInformation/GetModuleFileNameEx directly on Win32
Martin Willi [Thu, 5 Jun 2014 11:12:38 +0000 (13:12 +0200)]
backtrace: Use GetModuleInformation/GetModuleFileNameEx directly on Win32

The K32 variants are actually needed on 64-bit only.

6 years agowindows: Use WINAPI call convention for Windows API callbacks
Martin Willi [Thu, 5 Jun 2014 11:10:43 +0000 (13:10 +0200)]
windows: Use WINAPI call convention for Windows API callbacks

For x86_64 it does not actually matter, but for i686 builds the call convention
is different with WINAPI.

6 years agowindows: Do not check if having clock_gettime()
Martin Willi [Thu, 5 Jun 2014 11:08:38 +0000 (13:08 +0200)]
windows: Do not check if having clock_gettime()

Windows does not have it, but libwinpthread has. If this library is available
during build, it will be linked, which we prefer to avoid.

6 years agoVersion bump to 5.2.0dr6
Andreas Steffen [Fri, 6 Jun 2014 09:18:11 +0000 (11:18 +0200)]
Version bump to 5.2.0dr6

6 years agoUbuntu 14.04 updated to 3.13.0-29 kernel
Andreas Steffen [Fri, 6 Jun 2014 09:17:38 +0000 (11:17 +0200)]
Ubuntu 14.04 updated to 3.13.0-29 kernel

6 years agoExtended pt-tls-client PLUGINS list
Andreas Steffen [Fri, 6 Jun 2014 09:16:41 +0000 (11:16 +0200)]
Extended pt-tls-client PLUGINS list

6 years agoUpdated REST API
Andreas Steffen [Fri, 6 Jun 2014 08:55:42 +0000 (10:55 +0200)]
Updated REST API

6 years agoandroid: Add all Android.mk files to the tarball
Tobias Brunner [Fri, 6 Jun 2014 08:12:26 +0000 (10:12 +0200)]
android: Add all Android.mk files to the tarball

6 years agoFixed typo in strongswan.conf
Andreas Steffen [Thu, 5 Jun 2014 09:26:54 +0000 (11:26 +0200)]
Fixed typo in strongswan.conf

6 years agoNEWS: Introduce Windows support
Martin Willi [Wed, 4 Jun 2014 14:41:50 +0000 (16:41 +0200)]
NEWS: Introduce Windows support

6 years agoMerge branch 'win-fetcher'
Martin Willi [Wed, 4 Jun 2014 14:35:02 +0000 (16:35 +0200)]
Merge branch 'win-fetcher'

Implements a HTTP/HTTPS fetcher for the Windows platform using the native
WinHTTP API.

6 years agotravis: Build "all" tests without Windows HTTP fetcher
Martin Willi [Wed, 2 Apr 2014 09:36:19 +0000 (11:36 +0200)]
travis: Build "all" tests without Windows HTTP fetcher

We don't include it in the Windows build test either, as MinGW does not come
with -lwinhttp.

6 years agopki: Support complex trustchain and revocation checking in --verify
Martin Willi [Fri, 4 Apr 2014 08:37:59 +0000 (10:37 +0200)]
pki: Support complex trustchain and revocation checking in --verify

6 years agounit-tests: Zero-initialize chunk to avoid free on non-successful fetch
Martin Willi [Mon, 2 Jun 2014 10:52:32 +0000 (12:52 +0200)]
unit-tests: Zero-initialize chunk to avoid free on non-successful fetch

If the fetch fails, the fetcher is not required to return an empty chunk. Avoid
the resulting invalid free() by initializing data.ptr to NULL.

6 years agowinhttp: Support basic authentication for URLs having credentials
Martin Willi [Mon, 2 Jun 2014 09:55:18 +0000 (11:55 +0200)]
winhttp: Support basic authentication for URLs having credentials

6 years agowinhttp: Support new response code fetcher option
Martin Willi [Mon, 19 May 2014 14:15:37 +0000 (16:15 +0200)]
winhttp: Support new response code fetcher option

6 years agowinhttp: Implement a http(s) fetcher based on Microsofts WinHTTP API
Martin Willi [Thu, 30 Jan 2014 13:07:53 +0000 (14:07 +0100)]
winhttp: Implement a http(s) fetcher based on Microsofts WinHTTP API

6 years agoMerge branch 'win-kernel'
Martin Willi [Wed, 4 Jun 2014 14:32:23 +0000 (16:32 +0200)]
Merge branch 'win-kernel'

Adds the kernel-iph and kernel-wfp kernel backends for the Windows platform.
kernel-iph provides a networking backend using the IP Helper native Windows
API, while the kernel-wfp backend implements an interface to the Windows Kernel
IPsec layer using the Windows Filtering Platform API.

6 years agotravis: Build "all" tests without Windows kernel backends
Martin Willi [Wed, 2 Apr 2014 09:35:19 +0000 (11:35 +0200)]
travis: Build "all" tests without Windows kernel backends

6 years agokernel-wfp: Include Windows header patch for MinGW 4.8.1
Martin Willi [Fri, 9 May 2014 13:11:58 +0000 (15:11 +0200)]
kernel-wfp: Include Windows header patch for MinGW 4.8.1

6 years agokernel-wfp: Clone acquire traffic selectors only if they exist
Martin Willi [Wed, 9 Apr 2014 08:42:36 +0000 (10:42 +0200)]
kernel-wfp: Clone acquire traffic selectors only if they exist

6 years agokernel-wfp: Install routes for trap policies
Martin Willi [Wed, 9 Apr 2014 08:42:15 +0000 (10:42 +0200)]
kernel-wfp: Install routes for trap policies

6 years agokernel-wfp: Refactor route management to separate function
Martin Willi [Wed, 9 Apr 2014 08:41:32 +0000 (10:41 +0200)]
kernel-wfp: Refactor route management to separate function

6 years agokernel-wfp: Install tunnel mode policies to appropriate sub-layers
Martin Willi [Tue, 8 Apr 2014 13:58:38 +0000 (15:58 +0200)]
kernel-wfp: Install tunnel mode policies to appropriate sub-layers

While it is unclear if this has any effect at all, we prefer specific sublayers
to install policies as suggested.

6 years agokernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW builds
Martin Willi [Thu, 2 Jan 2014 16:31:30 +0000 (17:31 +0100)]
kernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW builds

6 years agokernel-wfp: Support multiple traffic selectors on tunnel mode SAs
Martin Willi [Tue, 24 Dec 2013 10:34:50 +0000 (11:34 +0100)]
kernel-wfp: Support multiple traffic selectors on tunnel mode SAs

6 years agochild-sa: Pass the number of total policies tied to an SA to the kernel
Martin Willi [Tue, 24 Dec 2013 10:27:59 +0000 (11:27 +0100)]
child-sa: Pass the number of total policies tied to an SA to the kernel

This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.

6 years agokernel-iph: Implicitly enable IP forwarding when installing routes
Martin Willi [Tue, 24 Dec 2013 09:40:09 +0000 (10:40 +0100)]
kernel-iph: Implicitly enable IP forwarding when installing routes

6 years agokernel-wfp: Show a warning for packets the kernel drops in its IPsec layers
Martin Willi [Tue, 24 Dec 2013 09:01:35 +0000 (10:01 +0100)]
kernel-wfp: Show a warning for packets the kernel drops in its IPsec layers

6 years agokernel-wfp: Set flag to get UDP encapsulation with tunnel mode working
Martin Willi [Mon, 23 Dec 2013 17:45:13 +0000 (18:45 +0100)]
kernel-wfp: Set flag to get UDP encapsulation with tunnel mode working

Having this flag set fixes connections initiated by the Windows host, but
unfortunately does not yet fix incoming connections. Connection state issue?
We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.

6 years agokernel-wfp: Install tunnel and trap forward policies
Martin Willi [Fri, 20 Dec 2013 13:42:10 +0000 (14:42 +0100)]
kernel-wfp: Install tunnel and trap forward policies

6 years agokernel-wfp: Manually create a ProviderContext to attach individual filters
Martin Willi [Thu, 19 Dec 2013 15:55:43 +0000 (16:55 +0100)]
kernel-wfp: Manually create a ProviderContext to attach individual filters

This gives us more flexibility than using the intransparent FwpmIPsecTunnelAdd,
and fixes the issues we have seen with trap policies. Forward filters are
still missing, but required for site-to-site tunnels.

6 years agokernel-wfp: Print filter weight in "ipsecdump filters"
Martin Willi [Thu, 19 Dec 2013 13:23:08 +0000 (14:23 +0100)]
kernel-wfp: Print filter weight in "ipsecdump filters"

6 years agokernel-wfp: Add support for trap policies and acquires
Martin Willi [Thu, 19 Dec 2013 13:22:00 +0000 (14:22 +0100)]
kernel-wfp: Add support for trap policies and acquires

6 years agosocket-win: Install IKE bypass policies using bypass_socket()
Martin Willi [Thu, 19 Dec 2013 13:14:37 +0000 (14:14 +0100)]
socket-win: Install IKE bypass policies using bypass_socket()

6 years agokernel-wfp: Implement bypass_socket() using dedicated filter rules
Martin Willi [Thu, 19 Dec 2013 13:13:06 +0000 (14:13 +0100)]
kernel-wfp: Implement bypass_socket() using dedicated filter rules

6 years agokernel-wfp: Register for WFP Net events
Martin Willi [Thu, 19 Dec 2013 08:48:43 +0000 (09:48 +0100)]
kernel-wfp: Register for WFP Net events

6 years agokernel-wfp: Add some missing IPv6 GUIDs, fix IPv6 host conversion
Martin Willi [Wed, 18 Dec 2013 10:56:36 +0000 (11:56 +0100)]
kernel-wfp: Add some missing IPv6 GUIDs, fix IPv6 host conversion

6 years agokernel-wfp: Add an ipsecdump "filters" command to print IPsec related filters
Martin Willi [Wed, 18 Dec 2013 10:57:36 +0000 (11:57 +0100)]
kernel-wfp: Add an ipsecdump "filters" command to print IPsec related filters

6 years agokernel-wfp: Add an ipsecdump utility to show installed SAs/SPs on Windows
Martin Willi [Mon, 16 Dec 2013 16:13:03 +0000 (17:13 +0100)]
kernel-wfp: Add an ipsecdump utility to show installed SAs/SPs on Windows

6 years agokernel-wfp: Depend on used RNG plugin features
Martin Willi [Mon, 16 Dec 2013 11:12:57 +0000 (12:12 +0100)]
kernel-wfp: Depend on used RNG plugin features

6 years agokernel-wfp: Implement update_sa()
Martin Willi [Fri, 13 Dec 2013 16:14:26 +0000 (17:14 +0100)]
kernel-wfp: Implement update_sa()

6 years agokernel-wfp: Configure ports for SAs using UDP encapsulation
Martin Willi [Mon, 16 Dec 2013 11:13:39 +0000 (12:13 +0100)]
kernel-wfp: Configure ports for SAs using UDP encapsulation

6 years agokernel-wfp: Refactor SA context construction, and use IPsecSaContextCreate1()
Martin Willi [Fri, 13 Dec 2013 16:13:39 +0000 (17:13 +0100)]
kernel-wfp: Refactor SA context construction, and use IPsecSaContextCreate1()