strongswan.git
14 years agouse condvar broadcasts to signal threads waiting for an IP, there might be more than one
Martin Willi [Wed, 30 Jul 2008 13:19:12 +0000 (13:19 -0000)]
use condvar broadcasts to signal threads waiting for an IP, there might be more than one

14 years agothe list of addresses on the interface of a guest is not cached anymore, but queried...
Tobias Brunner [Wed, 30 Jul 2008 13:15:18 +0000 (13:15 -0000)]
the list of addresses on the interface of a guest is not cached anymore, but queried directly from the interface

14 years ago* Guest#exec uses the new exec_str function
Tobias Brunner [Wed, 30 Jul 2008 13:01:04 +0000 (13:01 -0000)]
* Guest#exec uses the new exec_str function
* tab completion in irdumm enabled

14 years agoadded an extended exec function to guests that allows to get the output of the comman...
Tobias Brunner [Wed, 30 Jul 2008 12:58:45 +0000 (12:58 -0000)]
added an extended exec function to guests that allows to get the output of the command as string or by line.

14 years agousing shared read locks in credential set enumerators to avoid deadlocks
Martin Willi [Wed, 30 Jul 2008 11:38:44 +0000 (11:38 -0000)]
using shared read locks in credential set enumerators to avoid deadlocks

14 years agoadded strongswan.conf option "charon.dos_protection" to disable cookies/aggressivenes...
Martin Willi [Wed, 30 Jul 2008 08:27:08 +0000 (08:27 -0000)]
added strongswan.conf option "charon.dos_protection" to disable cookies/aggressiveness check

14 years agoadded keyid2sql helper script
Andreas Steffen [Tue, 29 Jul 2008 19:46:39 +0000 (19:46 -0000)]
added keyid2sql helper script

14 years agostarter now waits for a maximum of 10s instead of 1s for charon before restarting...
Andreas Steffen [Tue, 29 Jul 2008 19:44:54 +0000 (19:44 -0000)]
starter now waits for a maximum of 10s instead of 1s for charon before restarting the daemon

14 years agodemoted IKE state change output to debug level 2
Andreas Steffen [Mon, 28 Jul 2008 14:01:45 +0000 (14:01 -0000)]
demoted IKE state change output to debug level 2

14 years agoignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier
Andreas Steffen [Mon, 28 Jul 2008 13:53:04 +0000 (13:53 -0000)]
ignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier

14 years agoswitched xterm console title
Martin Willi [Mon, 28 Jul 2008 13:10:34 +0000 (13:10 -0000)]
switched xterm console title

14 years agousing gnome-terminal in irdumm
Martin Willi [Mon, 28 Jul 2008 12:37:01 +0000 (12:37 -0000)]
using gnome-terminal in irdumm

14 years agoversion bump to 4.2.6
Andreas Steffen [Mon, 28 Jul 2008 09:14:07 +0000 (09:14 -0000)]
version bump to 4.2.6

14 years agouse XFRM_MSG_UPDPOLICY for existing policies only
Martin Willi [Mon, 28 Jul 2008 08:29:04 +0000 (08:29 -0000)]
use XFRM_MSG_UPDPOLICY for existing policies only

14 years agoupdated UML INSTALL information 4.2.5
Andreas Steffen [Fri, 25 Jul 2008 10:30:53 +0000 (10:30 -0000)]
updated UML INSTALL information

14 years agoadapted UML scenarios to improved virtual IP address pool
Andreas Steffen [Fri, 25 Jul 2008 10:18:23 +0000 (10:18 -0000)]
adapted UML scenarios to improved virtual IP address pool

14 years agoSQLite database template with improved address pool management
Andreas Steffen [Fri, 25 Jul 2008 08:02:53 +0000 (08:02 -0000)]
SQLite database template with improved address pool management

14 years agoadded changes for the 4.2.5 release
Andreas Steffen [Fri, 25 Jul 2008 08:00:04 +0000 (08:00 -0000)]
added changes for the 4.2.5 release

14 years agoadded tests.h to distribution
Martin Willi [Thu, 24 Jul 2008 12:48:36 +0000 (12:48 -0000)]
added tests.h to distribution

14 years agofixed UCI thread cancellation on ARM
Martin Willi [Thu, 24 Jul 2008 08:52:12 +0000 (08:52 -0000)]
fixed UCI thread cancellation on ARM

14 years agoadded option charon.plugins.sql.lease_history to disable lease history logging
Martin Willi [Thu, 24 Jul 2008 08:28:45 +0000 (08:28 -0000)]
added option charon.plugins.sql.lease_history to disable lease history logging

14 years agofixed statistic calcuation for static leases
Martin Willi [Thu, 24 Jul 2008 08:21:55 +0000 (08:21 -0000)]
fixed statistic calcuation for static leases

14 years agocompleted IKE_SA logging at the AUDIT level
Andreas Steffen [Wed, 23 Jul 2008 18:46:34 +0000 (18:46 -0000)]
completed IKE_SA logging at the AUDIT level

14 years agofixed pool statistics
Martin Willi [Wed, 23 Jul 2008 13:56:07 +0000 (13:56 -0000)]
fixed pool statistics

14 years agoIKE_SA rekeying inherits other_host from old IKE_SA
Andreas Steffen [Wed, 23 Jul 2008 07:44:26 +0000 (07:44 -0000)]
IKE_SA rekeying inherits other_host from old IKE_SA

14 years agocosmetics
Andreas Steffen [Wed, 23 Jul 2008 06:38:24 +0000 (06:38 -0000)]
cosmetics

14 years agostart default strongSwan UML topology
Andreas Steffen [Tue, 22 Jul 2008 17:21:01 +0000 (17:21 -0000)]
start default strongSwan UML topology

14 years agosome more changes to IKE_SA and CHILD_SA logging
Andreas Steffen [Tue, 22 Jul 2008 17:10:10 +0000 (17:10 -0000)]
some more changes to IKE_SA and CHILD_SA logging

14 years agoexperimental and untested reimplementation of sql based IP pool
Martin Willi [Tue, 22 Jul 2008 14:56:15 +0000 (14:56 -0000)]
experimental and untested reimplementation of sql based IP pool
uses address preallocation and separate address/lease tables for linear lookup time

14 years agocosmetics
Andreas Steffen [Tue, 22 Jul 2008 12:13:48 +0000 (12:13 -0000)]
cosmetics

14 years agoipsec status lists IPCOMP CPIs
Andreas Steffen [Tue, 22 Jul 2008 12:03:58 +0000 (12:03 -0000)]
ipsec status lists IPCOMP CPIs

14 years agoown CPI was not deleted due to copy-and-paste error
Andreas Steffen [Tue, 22 Jul 2008 10:53:56 +0000 (10:53 -0000)]
own CPI was not deleted due to copy-and-paste error

14 years agoconsistent logging of SPIs and CPIs
Andreas Steffen [Tue, 22 Jul 2008 10:16:45 +0000 (10:16 -0000)]
consistent logging of SPIs and CPIs

14 years agomissing FETCH_END caused SEGFAULT in ikev2/rw-hash-and-url scenario
Andreas Steffen [Tue, 22 Jul 2008 06:24:00 +0000 (06:24 -0000)]
missing FETCH_END caused SEGFAULT in ikev2/rw-hash-and-url scenario

14 years agodisplay protoport in dynamic/32 traffic selectors
Andreas Steffen [Mon, 21 Jul 2008 19:08:03 +0000 (19:08 -0000)]
display protoport in dynamic/32 traffic selectors

14 years agofixed bus args copy on non i386 archs
Martin Willi [Mon, 21 Jul 2008 14:23:43 +0000 (14:23 -0000)]
fixed bus args copy on non i386 archs

14 years agoconsistent logging of IKE and CHILD SAs
Andreas Steffen [Mon, 21 Jul 2008 12:47:59 +0000 (12:47 -0000)]
consistent logging of IKE and CHILD SAs

14 years agopool performance testing
Martin Willi [Mon, 21 Jul 2008 11:17:20 +0000 (11:17 -0000)]
pool performance testing

14 years agoloading unit-tester plugin as the last one
Martin Willi [Mon, 21 Jul 2008 11:16:07 +0000 (11:16 -0000)]
loading unit-tester plugin as the last one

14 years agoreverted bus to non-recursive mutex due instability
Martin Willi [Mon, 21 Jul 2008 11:15:16 +0000 (11:15 -0000)]
reverted bus to non-recursive mutex due instability

14 years agoadded a driver type getter for database implementations
Martin Willi [Mon, 21 Jul 2008 11:13:06 +0000 (11:13 -0000)]
added a driver type getter for database implementations

14 years agointroduced an additional bus->signal parameter for signal specific data
Martin Willi [Fri, 18 Jul 2008 15:51:40 +0000 (15:51 -0000)]
introduced an additional bus->signal parameter for signal specific data
added SIG_IKE/SIG_CHD macros for signal emitting

14 years agoremoved testing app, this is scriptable with irdumm now
Martin Willi [Fri, 18 Jul 2008 12:14:43 +0000 (12:14 -0000)]
removed testing app, this is scriptable with irdumm now

14 years agoallow but filter recursive listener invocation
Martin Willi [Fri, 18 Jul 2008 11:05:01 +0000 (11:05 -0000)]
allow but filter recursive listener invocation

14 years agofixed compiler warning
Martin Willi [Fri, 18 Jul 2008 10:54:49 +0000 (10:54 -0000)]
fixed compiler warning

14 years agoextended UCI plugin by a simple control interface using a fifo
Martin Willi [Fri, 18 Jul 2008 10:34:44 +0000 (10:34 -0000)]
extended UCI plugin by a simple control interface using a fifo

14 years agoeliminated bashisms in _updown scripts
Andreas Steffen [Fri, 18 Jul 2008 10:04:40 +0000 (10:04 -0000)]
eliminated bashisms in _updown scripts

14 years agoavoid heap allocation in bus->signal for performance reasons
Martin Willi [Thu, 17 Jul 2008 11:45:58 +0000 (11:45 -0000)]
avoid heap allocation in bus->signal for performance reasons

14 years agofixed potential segfault in resolve_hosts
Martin Willi [Thu, 17 Jul 2008 11:06:31 +0000 (11:06 -0000)]
fixed potential segfault in resolve_hosts

14 years agoignore IPCOMP acquires, fixes additional CHILD_SA setup with acquired SAs using compr...
Martin Willi [Thu, 17 Jul 2008 08:25:34 +0000 (08:25 -0000)]
ignore IPCOMP acquires, fixes additional CHILD_SA setup with acquired SAs using compression

14 years agodo not distinguish different policy protocols in userland cache
Martin Willi [Wed, 16 Jul 2008 12:33:19 +0000 (12:33 -0000)]
do not distinguish different policy protocols in userland cache

14 years agodo not complain about existing routes
Martin Willi [Wed, 16 Jul 2008 12:30:47 +0000 (12:30 -0000)]
do not complain about existing routes

14 years agoincluded Thomas in copyright statement
Andreas Steffen [Wed, 16 Jul 2008 12:28:29 +0000 (12:28 -0000)]
included Thomas in copyright statement

14 years agobuild dumm with leak ./configure
Martin Willi [Wed, 16 Jul 2008 11:54:44 +0000 (11:54 -0000)]
build dumm with leak ./configure

14 years agofixed acquire-delay bug by:
Martin Willi [Wed, 16 Jul 2008 11:51:37 +0000 (11:51 -0000)]
fixed acquire-delay bug by:
  installing policies before states
  updating policies if protocol has changed

14 years agoupdated copyright statement
Andreas Steffen [Wed, 16 Jul 2008 10:17:04 +0000 (10:17 -0000)]
updated copyright statement

14 years agofixed bashism in ipsec.in
Andreas Steffen [Wed, 16 Jul 2008 06:59:08 +0000 (06:59 -0000)]
fixed bashism in ipsec.in

14 years agoset XFRM_STATE_AF_UNSPEC flag only in IPsec tunnel mode
Andreas Steffen [Tue, 15 Jul 2008 21:35:55 +0000 (21:35 -0000)]
set XFRM_STATE_AF_UNSPEC flag only in IPsec tunnel mode

14 years agotypo
Andreas Steffen [Tue, 15 Jul 2008 15:31:34 +0000 (15:31 -0000)]
typo

14 years agoThe XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over...
Andreas Steffen [Tue, 15 Jul 2008 15:28:00 +0000 (15:28 -0000)]
The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels

14 years agoported patch to final 2.6.26 release, including UML Makefile fixes
Martin Willi [Tue, 15 Jul 2008 14:41:12 +0000 (14:41 -0000)]
ported patch to final 2.6.26 release, including UML Makefile fixes

14 years agocosmetics
Andreas Steffen [Tue, 15 Jul 2008 13:09:09 +0000 (13:09 -0000)]
cosmetics

14 years agoadded pfsgroup to ipsec.conf.5 man page
Andreas Steffen [Tue, 15 Jul 2008 13:07:27 +0000 (13:07 -0000)]
added pfsgroup to ipsec.conf.5 man page

14 years agoedited description
Andreas Steffen [Fri, 11 Jul 2008 17:09:48 +0000 (17:09 -0000)]
edited description

14 years agoadded the ikev2/any-interface scenario
Andreas Steffen [Fri, 11 Jul 2008 17:08:25 +0000 (17:08 -0000)]
added the ikev2/any-interface scenario

14 years agoexpanded ikev2/ip-two-pools-db to a spoke-to-hub network using virtual IP addresses
Andreas Steffen [Fri, 11 Jul 2008 15:24:02 +0000 (15:24 -0000)]
expanded ikev2/ip-two-pools-db to a spoke-to-hub network using virtual IP addresses

14 years agoreverted [4125],[4166], reimplemented the proper way
Martin Willi [Fri, 11 Jul 2008 08:54:56 +0000 (08:54 -0000)]
reverted [4125],[4166], reimplemented the proper way

14 years agosetting ike_sa on bus in checkout_new
Martin Willi [Fri, 11 Jul 2008 08:47:18 +0000 (08:47 -0000)]
setting ike_sa on bus in checkout_new

14 years agoupdate_peerid() does not accept %any as a certificate's subjectAltName
Andreas Steffen [Wed, 9 Jul 2008 22:13:39 +0000 (22:13 -0000)]
update_peerid() does not accept %any as a certificate's subjectAltName

14 years agodo a route lookup to allow routing of left=%any connections
Martin Willi [Wed, 9 Jul 2008 14:16:19 +0000 (14:16 -0000)]
do a route lookup to allow routing of left=%any connections

14 years agoadded /usr/local/[s]bin to uml exec path
Martin Willi [Wed, 9 Jul 2008 12:39:11 +0000 (12:39 -0000)]
added /usr/local/[s]bin to uml exec path

14 years agoloading ruby scripts specified at command line
Martin Willi [Wed, 9 Jul 2008 12:18:06 +0000 (12:18 -0000)]
loading ruby scripts specified at command line

14 years agoruby bindings/fixes for template loading
Martin Willi [Wed, 9 Jul 2008 11:43:48 +0000 (11:43 -0000)]
ruby bindings/fixes for template loading

14 years agopassing a block to guest.exec() processes output lines
Martin Willi [Wed, 9 Jul 2008 10:51:10 +0000 (10:51 -0000)]
passing a block to guest.exec() processes output lines

14 years agouml "exec" writes stdout/stderr back to mconsole
Martin Willi [Tue, 8 Jul 2008 14:58:20 +0000 (14:58 -0000)]
uml "exec" writes stdout/stderr back to mconsole
guest->exec() accepts a callback for output
sligtly refactored mconsole.c

14 years agoguest interface/address management using hackish mconsole exec patch, ruby bindings
Martin Willi [Mon, 7 Jul 2008 14:56:04 +0000 (14:56 -0000)]
guest interface/address management using hackish mconsole exec patch, ruby bindings

14 years agodisconnecting interfaces properly on bridge destruction
Martin Willi [Sat, 5 Jul 2008 09:32:55 +0000 (09:32 -0000)]
disconnecting interfaces properly on bridge destruction

14 years agothrowing proper exeptions on errors, correct return values
Martin Willi [Fri, 4 Jul 2008 16:42:54 +0000 (16:42 -0000)]
throwing proper exeptions on errors, correct return values
mixin enumerable in classes/objects with .each

14 years agoprototype of irdumm - interactive ruby shell for dumm
Martin Willi [Fri, 4 Jul 2008 14:21:41 +0000 (14:21 -0000)]
prototype of irdumm - interactive ruby shell for dumm

14 years agosome stability improvements
Martin Willi [Fri, 4 Jul 2008 06:58:04 +0000 (06:58 -0000)]
some stability improvements

14 years agoreset version to 4.2.5
Andreas Steffen [Thu, 3 Jul 2008 16:43:18 +0000 (16:43 -0000)]
reset version to 4.2.5

14 years agoupdate NEWS with ip pool add-ons and fixes
Andreas Steffen [Thu, 3 Jul 2008 16:42:45 +0000 (16:42 -0000)]
update NEWS with ip pool add-ons and fixes

14 years agoipsec statusall displays dpd options
Andreas Steffen [Wed, 2 Jul 2008 10:48:57 +0000 (10:48 -0000)]
ipsec statusall displays dpd options

14 years agochanged medcli settings keys
Martin Willi [Wed, 2 Jul 2008 09:02:38 +0000 (09:02 -0000)]
changed medcli settings keys

14 years agosql plugin supports a list of pools to fall back, specified by e.g. rightsourceip...
Martin Willi [Wed, 2 Jul 2008 08:31:48 +0000 (08:31 -0000)]
sql plugin supports a list of pools to fall back, specified by e.g. rightsourceip=%pool1,pool2

14 years agousing token enumerator to parser plugin list
Martin Willi [Wed, 2 Jul 2008 08:19:43 +0000 (08:19 -0000)]
using token enumerator to parser plugin list

14 years agofixed another compiler warning
Martin Willi [Wed, 2 Jul 2008 08:16:43 +0000 (08:16 -0000)]
fixed another compiler warning

14 years agoimplementation of a simple "token enumerator"
Martin Willi [Wed, 2 Jul 2008 08:09:07 +0000 (08:09 -0000)]
implementation of a simple "token enumerator"

14 years agofixed compiler warning
Martin Willi [Wed, 2 Jul 2008 08:05:51 +0000 (08:05 -0000)]
fixed compiler warning
updated svn:ignore property

14 years agocheck if parsing of ipsec update was successful
Andreas Steffen [Wed, 2 Jul 2008 05:51:49 +0000 (05:51 -0000)]
check if parsing of ipsec update was successful

14 years agoadded simple ikev2/ip-two-pools scenario
Andreas Steffen [Tue, 1 Jul 2008 20:38:30 +0000 (20:38 -0000)]
added simple ikev2/ip-two-pools scenario

14 years agoadded ikev2/ip-two-pools-db scenario
Andreas Steffen [Tue, 1 Jul 2008 15:16:28 +0000 (15:16 -0000)]
added ikev2/ip-two-pools-db scenario

14 years agofixed medsrv database uri key
Martin Willi [Tue, 1 Jul 2008 13:57:47 +0000 (13:57 -0000)]
fixed medsrv database uri key

14 years agorenamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP
Andreas Steffen [Tue, 1 Jul 2008 13:47:26 +0000 (13:47 -0000)]
renamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP

14 years agoadded a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote...
Martin Willi [Tue, 1 Jul 2008 12:48:56 +0000 (12:48 -0000)]
added a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote virtual ip

14 years agologging peer addresses in peer_cfg lookup
Martin Willi [Tue, 1 Jul 2008 11:10:37 +0000 (11:10 -0000)]
logging peer addresses in peer_cfg lookup

14 years agoadded host match prio to debugging output
Martin Willi [Tue, 1 Jul 2008 11:01:27 +0000 (11:01 -0000)]
added host match prio to debugging output

14 years agopeer_cfg lookup takes peer addresses into account
Martin Willi [Tue, 1 Jul 2008 09:05:20 +0000 (09:05 -0000)]
peer_cfg lookup takes peer addresses into account

14 years agostrongswan.conf's charon.close_ike_on_child_failure closes IKE_SA if CHILD_SA setup...
Martin Willi [Tue, 1 Jul 2008 07:54:09 +0000 (07:54 -0000)]
strongswan.conf's charon.close_ike_on_child_failure closes IKE_SA if CHILD_SA setup in IKE_AUTH fails

14 years agowhitelisting leaks of ENGINE_load_builtin_engines
Martin Willi [Tue, 1 Jul 2008 07:53:03 +0000 (07:53 -0000)]
whitelisting leaks of ENGINE_load_builtin_engines