strongswan.git
13 years agoadapted UML scenarios to improved virtual IP address pool
Andreas Steffen [Fri, 25 Jul 2008 10:18:23 +0000 (10:18 -0000)]
adapted UML scenarios to improved virtual IP address pool

13 years agoSQLite database template with improved address pool management
Andreas Steffen [Fri, 25 Jul 2008 08:02:53 +0000 (08:02 -0000)]
SQLite database template with improved address pool management

13 years agoadded changes for the 4.2.5 release
Andreas Steffen [Fri, 25 Jul 2008 08:00:04 +0000 (08:00 -0000)]
added changes for the 4.2.5 release

13 years agoadded tests.h to distribution
Martin Willi [Thu, 24 Jul 2008 12:48:36 +0000 (12:48 -0000)]
added tests.h to distribution

13 years agofixed UCI thread cancellation on ARM
Martin Willi [Thu, 24 Jul 2008 08:52:12 +0000 (08:52 -0000)]
fixed UCI thread cancellation on ARM

13 years agoadded option charon.plugins.sql.lease_history to disable lease history logging
Martin Willi [Thu, 24 Jul 2008 08:28:45 +0000 (08:28 -0000)]
added option charon.plugins.sql.lease_history to disable lease history logging

13 years agofixed statistic calcuation for static leases
Martin Willi [Thu, 24 Jul 2008 08:21:55 +0000 (08:21 -0000)]
fixed statistic calcuation for static leases

13 years agocompleted IKE_SA logging at the AUDIT level
Andreas Steffen [Wed, 23 Jul 2008 18:46:34 +0000 (18:46 -0000)]
completed IKE_SA logging at the AUDIT level

13 years agofixed pool statistics
Martin Willi [Wed, 23 Jul 2008 13:56:07 +0000 (13:56 -0000)]
fixed pool statistics

13 years agoIKE_SA rekeying inherits other_host from old IKE_SA
Andreas Steffen [Wed, 23 Jul 2008 07:44:26 +0000 (07:44 -0000)]
IKE_SA rekeying inherits other_host from old IKE_SA

13 years agocosmetics
Andreas Steffen [Wed, 23 Jul 2008 06:38:24 +0000 (06:38 -0000)]
cosmetics

13 years agostart default strongSwan UML topology
Andreas Steffen [Tue, 22 Jul 2008 17:21:01 +0000 (17:21 -0000)]
start default strongSwan UML topology

13 years agosome more changes to IKE_SA and CHILD_SA logging
Andreas Steffen [Tue, 22 Jul 2008 17:10:10 +0000 (17:10 -0000)]
some more changes to IKE_SA and CHILD_SA logging

13 years agoexperimental and untested reimplementation of sql based IP pool
Martin Willi [Tue, 22 Jul 2008 14:56:15 +0000 (14:56 -0000)]
experimental and untested reimplementation of sql based IP pool
uses address preallocation and separate address/lease tables for linear lookup time

13 years agocosmetics
Andreas Steffen [Tue, 22 Jul 2008 12:13:48 +0000 (12:13 -0000)]
cosmetics

13 years agoipsec status lists IPCOMP CPIs
Andreas Steffen [Tue, 22 Jul 2008 12:03:58 +0000 (12:03 -0000)]
ipsec status lists IPCOMP CPIs

13 years agoown CPI was not deleted due to copy-and-paste error
Andreas Steffen [Tue, 22 Jul 2008 10:53:56 +0000 (10:53 -0000)]
own CPI was not deleted due to copy-and-paste error

13 years agoconsistent logging of SPIs and CPIs
Andreas Steffen [Tue, 22 Jul 2008 10:16:45 +0000 (10:16 -0000)]
consistent logging of SPIs and CPIs

13 years agomissing FETCH_END caused SEGFAULT in ikev2/rw-hash-and-url scenario
Andreas Steffen [Tue, 22 Jul 2008 06:24:00 +0000 (06:24 -0000)]
missing FETCH_END caused SEGFAULT in ikev2/rw-hash-and-url scenario

13 years agodisplay protoport in dynamic/32 traffic selectors
Andreas Steffen [Mon, 21 Jul 2008 19:08:03 +0000 (19:08 -0000)]
display protoport in dynamic/32 traffic selectors

13 years agofixed bus args copy on non i386 archs
Martin Willi [Mon, 21 Jul 2008 14:23:43 +0000 (14:23 -0000)]
fixed bus args copy on non i386 archs

13 years agoconsistent logging of IKE and CHILD SAs
Andreas Steffen [Mon, 21 Jul 2008 12:47:59 +0000 (12:47 -0000)]
consistent logging of IKE and CHILD SAs

13 years agopool performance testing
Martin Willi [Mon, 21 Jul 2008 11:17:20 +0000 (11:17 -0000)]
pool performance testing

13 years agoloading unit-tester plugin as the last one
Martin Willi [Mon, 21 Jul 2008 11:16:07 +0000 (11:16 -0000)]
loading unit-tester plugin as the last one

13 years agoreverted bus to non-recursive mutex due instability
Martin Willi [Mon, 21 Jul 2008 11:15:16 +0000 (11:15 -0000)]
reverted bus to non-recursive mutex due instability

13 years agoadded a driver type getter for database implementations
Martin Willi [Mon, 21 Jul 2008 11:13:06 +0000 (11:13 -0000)]
added a driver type getter for database implementations

13 years agointroduced an additional bus->signal parameter for signal specific data
Martin Willi [Fri, 18 Jul 2008 15:51:40 +0000 (15:51 -0000)]
introduced an additional bus->signal parameter for signal specific data
added SIG_IKE/SIG_CHD macros for signal emitting

13 years agoremoved testing app, this is scriptable with irdumm now
Martin Willi [Fri, 18 Jul 2008 12:14:43 +0000 (12:14 -0000)]
removed testing app, this is scriptable with irdumm now

13 years agoallow but filter recursive listener invocation
Martin Willi [Fri, 18 Jul 2008 11:05:01 +0000 (11:05 -0000)]
allow but filter recursive listener invocation

13 years agofixed compiler warning
Martin Willi [Fri, 18 Jul 2008 10:54:49 +0000 (10:54 -0000)]
fixed compiler warning

13 years agoextended UCI plugin by a simple control interface using a fifo
Martin Willi [Fri, 18 Jul 2008 10:34:44 +0000 (10:34 -0000)]
extended UCI plugin by a simple control interface using a fifo

13 years agoeliminated bashisms in _updown scripts
Andreas Steffen [Fri, 18 Jul 2008 10:04:40 +0000 (10:04 -0000)]
eliminated bashisms in _updown scripts

13 years agoavoid heap allocation in bus->signal for performance reasons
Martin Willi [Thu, 17 Jul 2008 11:45:58 +0000 (11:45 -0000)]
avoid heap allocation in bus->signal for performance reasons

13 years agofixed potential segfault in resolve_hosts
Martin Willi [Thu, 17 Jul 2008 11:06:31 +0000 (11:06 -0000)]
fixed potential segfault in resolve_hosts

13 years agoignore IPCOMP acquires, fixes additional CHILD_SA setup with acquired SAs using compr...
Martin Willi [Thu, 17 Jul 2008 08:25:34 +0000 (08:25 -0000)]
ignore IPCOMP acquires, fixes additional CHILD_SA setup with acquired SAs using compression

13 years agodo not distinguish different policy protocols in userland cache
Martin Willi [Wed, 16 Jul 2008 12:33:19 +0000 (12:33 -0000)]
do not distinguish different policy protocols in userland cache

13 years agodo not complain about existing routes
Martin Willi [Wed, 16 Jul 2008 12:30:47 +0000 (12:30 -0000)]
do not complain about existing routes

13 years agoincluded Thomas in copyright statement
Andreas Steffen [Wed, 16 Jul 2008 12:28:29 +0000 (12:28 -0000)]
included Thomas in copyright statement

13 years agobuild dumm with leak ./configure
Martin Willi [Wed, 16 Jul 2008 11:54:44 +0000 (11:54 -0000)]
build dumm with leak ./configure

13 years agofixed acquire-delay bug by:
Martin Willi [Wed, 16 Jul 2008 11:51:37 +0000 (11:51 -0000)]
fixed acquire-delay bug by:
  installing policies before states
  updating policies if protocol has changed

13 years agoupdated copyright statement
Andreas Steffen [Wed, 16 Jul 2008 10:17:04 +0000 (10:17 -0000)]
updated copyright statement

13 years agofixed bashism in ipsec.in
Andreas Steffen [Wed, 16 Jul 2008 06:59:08 +0000 (06:59 -0000)]
fixed bashism in ipsec.in

13 years agoset XFRM_STATE_AF_UNSPEC flag only in IPsec tunnel mode
Andreas Steffen [Tue, 15 Jul 2008 21:35:55 +0000 (21:35 -0000)]
set XFRM_STATE_AF_UNSPEC flag only in IPsec tunnel mode

13 years agotypo
Andreas Steffen [Tue, 15 Jul 2008 15:31:34 +0000 (15:31 -0000)]
typo

13 years agoThe XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over...
Andreas Steffen [Tue, 15 Jul 2008 15:28:00 +0000 (15:28 -0000)]
The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels

13 years agoported patch to final 2.6.26 release, including UML Makefile fixes
Martin Willi [Tue, 15 Jul 2008 14:41:12 +0000 (14:41 -0000)]
ported patch to final 2.6.26 release, including UML Makefile fixes

13 years agocosmetics
Andreas Steffen [Tue, 15 Jul 2008 13:09:09 +0000 (13:09 -0000)]
cosmetics

13 years agoadded pfsgroup to ipsec.conf.5 man page
Andreas Steffen [Tue, 15 Jul 2008 13:07:27 +0000 (13:07 -0000)]
added pfsgroup to ipsec.conf.5 man page

13 years agoedited description
Andreas Steffen [Fri, 11 Jul 2008 17:09:48 +0000 (17:09 -0000)]
edited description

13 years agoadded the ikev2/any-interface scenario
Andreas Steffen [Fri, 11 Jul 2008 17:08:25 +0000 (17:08 -0000)]
added the ikev2/any-interface scenario

13 years agoexpanded ikev2/ip-two-pools-db to a spoke-to-hub network using virtual IP addresses
Andreas Steffen [Fri, 11 Jul 2008 15:24:02 +0000 (15:24 -0000)]
expanded ikev2/ip-two-pools-db to a spoke-to-hub network using virtual IP addresses

13 years agoreverted [4125],[4166], reimplemented the proper way
Martin Willi [Fri, 11 Jul 2008 08:54:56 +0000 (08:54 -0000)]
reverted [4125],[4166], reimplemented the proper way

13 years agosetting ike_sa on bus in checkout_new
Martin Willi [Fri, 11 Jul 2008 08:47:18 +0000 (08:47 -0000)]
setting ike_sa on bus in checkout_new

13 years agoupdate_peerid() does not accept %any as a certificate's subjectAltName
Andreas Steffen [Wed, 9 Jul 2008 22:13:39 +0000 (22:13 -0000)]
update_peerid() does not accept %any as a certificate's subjectAltName

13 years agodo a route lookup to allow routing of left=%any connections
Martin Willi [Wed, 9 Jul 2008 14:16:19 +0000 (14:16 -0000)]
do a route lookup to allow routing of left=%any connections

13 years agoadded /usr/local/[s]bin to uml exec path
Martin Willi [Wed, 9 Jul 2008 12:39:11 +0000 (12:39 -0000)]
added /usr/local/[s]bin to uml exec path

13 years agoloading ruby scripts specified at command line
Martin Willi [Wed, 9 Jul 2008 12:18:06 +0000 (12:18 -0000)]
loading ruby scripts specified at command line

13 years agoruby bindings/fixes for template loading
Martin Willi [Wed, 9 Jul 2008 11:43:48 +0000 (11:43 -0000)]
ruby bindings/fixes for template loading

13 years agopassing a block to guest.exec() processes output lines
Martin Willi [Wed, 9 Jul 2008 10:51:10 +0000 (10:51 -0000)]
passing a block to guest.exec() processes output lines

13 years agouml "exec" writes stdout/stderr back to mconsole
Martin Willi [Tue, 8 Jul 2008 14:58:20 +0000 (14:58 -0000)]
uml "exec" writes stdout/stderr back to mconsole
guest->exec() accepts a callback for output
sligtly refactored mconsole.c

13 years agoguest interface/address management using hackish mconsole exec patch, ruby bindings
Martin Willi [Mon, 7 Jul 2008 14:56:04 +0000 (14:56 -0000)]
guest interface/address management using hackish mconsole exec patch, ruby bindings

13 years agodisconnecting interfaces properly on bridge destruction
Martin Willi [Sat, 5 Jul 2008 09:32:55 +0000 (09:32 -0000)]
disconnecting interfaces properly on bridge destruction

13 years agothrowing proper exeptions on errors, correct return values
Martin Willi [Fri, 4 Jul 2008 16:42:54 +0000 (16:42 -0000)]
throwing proper exeptions on errors, correct return values
mixin enumerable in classes/objects with .each

13 years agoprototype of irdumm - interactive ruby shell for dumm
Martin Willi [Fri, 4 Jul 2008 14:21:41 +0000 (14:21 -0000)]
prototype of irdumm - interactive ruby shell for dumm

13 years agosome stability improvements
Martin Willi [Fri, 4 Jul 2008 06:58:04 +0000 (06:58 -0000)]
some stability improvements

13 years agoreset version to 4.2.5
Andreas Steffen [Thu, 3 Jul 2008 16:43:18 +0000 (16:43 -0000)]
reset version to 4.2.5

13 years agoupdate NEWS with ip pool add-ons and fixes
Andreas Steffen [Thu, 3 Jul 2008 16:42:45 +0000 (16:42 -0000)]
update NEWS with ip pool add-ons and fixes

13 years agoipsec statusall displays dpd options
Andreas Steffen [Wed, 2 Jul 2008 10:48:57 +0000 (10:48 -0000)]
ipsec statusall displays dpd options

13 years agochanged medcli settings keys
Martin Willi [Wed, 2 Jul 2008 09:02:38 +0000 (09:02 -0000)]
changed medcli settings keys

13 years agosql plugin supports a list of pools to fall back, specified by e.g. rightsourceip...
Martin Willi [Wed, 2 Jul 2008 08:31:48 +0000 (08:31 -0000)]
sql plugin supports a list of pools to fall back, specified by e.g. rightsourceip=%pool1,pool2

13 years agousing token enumerator to parser plugin list
Martin Willi [Wed, 2 Jul 2008 08:19:43 +0000 (08:19 -0000)]
using token enumerator to parser plugin list

13 years agofixed another compiler warning
Martin Willi [Wed, 2 Jul 2008 08:16:43 +0000 (08:16 -0000)]
fixed another compiler warning

13 years agoimplementation of a simple "token enumerator"
Martin Willi [Wed, 2 Jul 2008 08:09:07 +0000 (08:09 -0000)]
implementation of a simple "token enumerator"

13 years agofixed compiler warning
Martin Willi [Wed, 2 Jul 2008 08:05:51 +0000 (08:05 -0000)]
fixed compiler warning
updated svn:ignore property

13 years agocheck if parsing of ipsec update was successful
Andreas Steffen [Wed, 2 Jul 2008 05:51:49 +0000 (05:51 -0000)]
check if parsing of ipsec update was successful

13 years agoadded simple ikev2/ip-two-pools scenario
Andreas Steffen [Tue, 1 Jul 2008 20:38:30 +0000 (20:38 -0000)]
added simple ikev2/ip-two-pools scenario

13 years agoadded ikev2/ip-two-pools-db scenario
Andreas Steffen [Tue, 1 Jul 2008 15:16:28 +0000 (15:16 -0000)]
added ikev2/ip-two-pools-db scenario

13 years agofixed medsrv database uri key
Martin Willi [Tue, 1 Jul 2008 13:57:47 +0000 (13:57 -0000)]
fixed medsrv database uri key

13 years agorenamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP
Andreas Steffen [Tue, 1 Jul 2008 13:47:26 +0000 (13:47 -0000)]
renamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP

13 years agoadded a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote...
Martin Willi [Tue, 1 Jul 2008 12:48:56 +0000 (12:48 -0000)]
added a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote virtual ip

13 years agologging peer addresses in peer_cfg lookup
Martin Willi [Tue, 1 Jul 2008 11:10:37 +0000 (11:10 -0000)]
logging peer addresses in peer_cfg lookup

13 years agoadded host match prio to debugging output
Martin Willi [Tue, 1 Jul 2008 11:01:27 +0000 (11:01 -0000)]
added host match prio to debugging output

13 years agopeer_cfg lookup takes peer addresses into account
Martin Willi [Tue, 1 Jul 2008 09:05:20 +0000 (09:05 -0000)]
peer_cfg lookup takes peer addresses into account

13 years agostrongswan.conf's charon.close_ike_on_child_failure closes IKE_SA if CHILD_SA setup...
Martin Willi [Tue, 1 Jul 2008 07:54:09 +0000 (07:54 -0000)]
strongswan.conf's charon.close_ike_on_child_failure closes IKE_SA if CHILD_SA setup in IKE_AUTH fails

13 years agowhitelisting leaks of ENGINE_load_builtin_engines
Martin Willi [Tue, 1 Jul 2008 07:53:03 +0000 (07:53 -0000)]
whitelisting leaks of ENGINE_load_builtin_engines

13 years agosending INTERNAL_ADDRESS_FAILURE if virtual IP requested but none found
Martin Willi [Tue, 1 Jul 2008 06:36:52 +0000 (06:36 -0000)]
sending INTERNAL_ADDRESS_FAILURE if virtual IP requested but none found

13 years agoshow authentication method in ipsec statusall
Andreas Steffen [Mon, 30 Jun 2008 17:08:47 +0000 (17:08 -0000)]
show authentication method in ipsec statusall

13 years agofixed chunk_increment, fixes reuse of already assigned addresses
Martin Willi [Mon, 30 Jun 2008 12:33:38 +0000 (12:33 -0000)]
fixed chunk_increment, fixes reuse of already assigned addresses

13 years agosqlite plugin requires libsqlite3 => 3.3.1 to share connections
Martin Willi [Mon, 30 Jun 2008 11:06:18 +0000 (11:06 -0000)]
sqlite plugin requires libsqlite3 => 3.3.1 to share connections
use recursive locking if libsqlite3 < 3.5.0

13 years agoadded strongswan.conf option charon.reuse_iksa=no to create each CHILD_SA in a new...
Martin Willi [Mon, 30 Jun 2008 08:45:11 +0000 (08:45 -0000)]
added strongswan.conf option charon.reuse_iksa=no to create each CHILD_SA in a new IKE_SA

13 years agoadded sql/rw-eap-aka-rsa scenario
Andreas Steffen [Mon, 30 Jun 2008 07:24:55 +0000 (07:24 -0000)]
added sql/rw-eap-aka-rsa scenario

13 years agoconfigure plugin path in scripts
Andreas Steffen [Sun, 29 Jun 2008 14:43:50 +0000 (14:43 -0000)]
configure plugin path in scripts

13 years agocreated scripts/Makefile.am
Andreas Steffen [Sun, 29 Jun 2008 13:57:00 +0000 (13:57 -0000)]
created scripts/Makefile.am

13 years agolog received vendor id as a hex value
Andreas Steffen [Fri, 27 Jun 2008 17:11:54 +0000 (17:11 -0000)]
log received vendor id as a hex value

13 years agocorrected vendor_id_payload diagram
Andreas Steffen [Fri, 27 Jun 2008 15:22:27 +0000 (15:22 -0000)]
corrected vendor_id_payload diagram

13 years agocorrected some NEWS entries
Andreas Steffen [Thu, 26 Jun 2008 13:50:54 +0000 (13:50 -0000)]
corrected some NEWS entries

13 years agocorrected description of openssl/ike-alg-ecp-high scenario
Andreas Steffen [Thu, 26 Jun 2008 13:49:48 +0000 (13:49 -0000)]
corrected description of openssl/ike-alg-ecp-high scenario

13 years agoversion bump to 4.2.5
Andreas Steffen [Thu, 26 Jun 2008 09:59:55 +0000 (09:59 -0000)]
version bump to 4.2.5

13 years agocheck migration of ESP sequence numbers in MOBIKE scenarios 4.2.4
Andreas Steffen [Thu, 26 Jun 2008 09:46:23 +0000 (09:46 -0000)]
check migration of ESP sequence numbers in MOBIKE scenarios

13 years agouse ip xfrm with the detailed -s option
Andreas Steffen [Thu, 26 Jun 2008 09:41:22 +0000 (09:41 -0000)]
use ip xfrm with the detailed -s option