strongswan.git
11 years agocosmetics in debug output
Andreas Steffen [Tue, 11 Nov 2008 06:19:37 +0000 (06:19 -0000)]
cosmetics in debug output

11 years agowhitelisting localtime_r
Martin Willi [Mon, 10 Nov 2008 16:44:27 +0000 (16:44 -0000)]
whitelisting localtime_r

11 years agomake load_tester more strict to use it along stroke
Martin Willi [Mon, 10 Nov 2008 16:43:15 +0000 (16:43 -0000)]
make load_tester more strict to use it along stroke

11 years agofixed leak in host_create_from_string("%any")
Martin Willi [Mon, 10 Nov 2008 16:42:05 +0000 (16:42 -0000)]
fixed leak in host_create_from_string("%any")

11 years agofixed some minor issues found when using -DFORTIFY_SOURCE=2
Martin Willi [Mon, 10 Nov 2008 15:45:19 +0000 (15:45 -0000)]
fixed some minor issues found when using -DFORTIFY_SOURCE=2

11 years agoiterations = 0 for infinite iterations
Martin Willi [Mon, 10 Nov 2008 10:10:51 +0000 (10:10 -0000)]
iterations = 0 for infinite iterations

11 years agoadded PEM version of keys
Martin Willi [Mon, 10 Nov 2008 10:09:44 +0000 (10:09 -0000)]
added PEM version of keys

11 years agosettings section enumeration
Martin Willi [Fri, 7 Nov 2008 15:08:53 +0000 (15:08 -0000)]
settings section enumeration
printf style key lookup

11 years agofixed copy/paste error
Martin Willi [Fri, 7 Nov 2008 14:48:54 +0000 (14:48 -0000)]
fixed copy/paste error

11 years agouse of host_create_any() for %any address
Andreas Steffen [Fri, 7 Nov 2008 05:15:19 +0000 (05:15 -0000)]
use of host_create_any() for %any address

11 years agoSADB_X_EXT_KMADDRESS is not present in old kernels
Andreas Steffen [Fri, 7 Nov 2008 03:38:56 +0000 (03:38 -0000)]
SADB_X_EXT_KMADDRESS is not present in old kernels

11 years agoadded retrieval of remote kmaddress via PF_KEY
Andreas Steffen [Fri, 7 Nov 2008 03:23:59 +0000 (03:23 -0000)]
added retrieval of remote kmaddress via PF_KEY

11 years agoadded delete_after_established option
Martin Willi [Thu, 6 Nov 2008 14:07:46 +0000 (14:07 -0000)]
added delete_after_established option

11 years agofixed leak
Martin Willi [Thu, 6 Nov 2008 14:05:58 +0000 (14:05 -0000)]
fixed leak
fixed build if !HAVE_BACKTRACE

11 years agouse read-write locks in crypto factory for parallelization
Martin Willi [Wed, 5 Nov 2008 16:21:57 +0000 (16:21 -0000)]
use read-write locks in crypto factory for parallelization

11 years agowrapped all pthread_rwlock_t in profilable rwlock_t
Martin Willi [Wed, 5 Nov 2008 16:12:54 +0000 (16:12 -0000)]
wrapped all pthread_rwlock_t in profilable rwlock_t

11 years agowrapped rwlock with profiling support
Martin Willi [Wed, 5 Nov 2008 15:51:57 +0000 (15:51 -0000)]
wrapped rwlock with profiling support

11 years agothreshhold and ./configure option for lock profiler
Martin Willi [Wed, 5 Nov 2008 14:36:57 +0000 (14:36 -0000)]
threshhold and ./configure option for lock profiler

11 years agoadded missing includes
Martin Willi [Wed, 5 Nov 2008 14:22:58 +0000 (14:22 -0000)]
added missing includes

11 years agoseparated backtrace functionality from leak_detective, used in
Martin Willi [Wed, 5 Nov 2008 13:58:19 +0000 (13:58 -0000)]
separated backtrace functionality from leak_detective, used in
leak_detective
mutex profiling
signal handler

11 years agoproper cleanup of openssl locking code
Martin Willi [Wed, 5 Nov 2008 12:37:37 +0000 (12:37 -0000)]
proper cleanup of openssl locking code

11 years agofixed sender destruction order
Martin Willi [Wed, 5 Nov 2008 12:24:36 +0000 (12:24 -0000)]
fixed sender destruction order

11 years agofixed iterator regression introduced in [4577]
Martin Willi [Wed, 5 Nov 2008 11:55:17 +0000 (11:55 -0000)]
fixed iterator regression introduced in [4577]

11 years agoreplaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant
Martin Willi [Wed, 5 Nov 2008 11:29:56 +0000 (11:29 -0000)]
replaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant

11 years agoget rid of unused iterator hook functions
Martin Willi [Wed, 5 Nov 2008 08:37:09 +0000 (08:37 -0000)]
get rid of unused iterator hook functions

11 years agogot rid of deprecated create_iterator_locked()
Martin Willi [Wed, 5 Nov 2008 08:32:38 +0000 (08:32 -0000)]
got rid of deprecated create_iterator_locked()

11 years agosimple mutex profiler
Martin Willi [Wed, 5 Nov 2008 07:57:26 +0000 (07:57 -0000)]
simple mutex profiler

11 years agodo not install route if interface lookup failed
Martin Willi [Wed, 5 Nov 2008 07:38:55 +0000 (07:38 -0000)]
do not install route if interface lookup failed

11 years ago%any is IP family neutral
Andreas Steffen [Wed, 5 Nov 2008 05:32:43 +0000 (05:32 -0000)]
%any is IP family neutral

11 years agocorrected typo2
Andreas Steffen [Wed, 5 Nov 2008 05:27:42 +0000 (05:27 -0000)]
corrected typo2

11 years agosupport of %any address string
Andreas Steffen [Wed, 5 Nov 2008 04:53:45 +0000 (04:53 -0000)]
support of %any address string

11 years agohandle 0.0.0.0 string and af == AF_INET6
Andreas Steffen [Wed, 5 Nov 2008 00:41:46 +0000 (00:41 -0000)]
handle 0.0.0.0 string and af == AF_INET6

11 years agotwo new load_testing options:
Martin Willi [Tue, 4 Nov 2008 14:55:22 +0000 (14:55 -0000)]
two new load_testing options:
request_virtual_ip: request a INTERNAL_IPV4_ADDR as client
pool: provide addresses from a named virtual IP pool

11 years agoOpenSSL requires a signature length of exactly RSA_size()
Martin Willi [Tue, 4 Nov 2008 14:05:42 +0000 (14:05 -0000)]
OpenSSL requires a signature length of exactly RSA_size()

11 years agoremoved superfluous get_other_public_value in diffie_hellman_t interface
Martin Willi [Tue, 4 Nov 2008 13:12:11 +0000 (13:12 -0000)]
removed superfluous get_other_public_value in diffie_hellman_t interface

11 years agofixed bignum export if BN_num_bytes() != DH_size()
Martin Willi [Tue, 4 Nov 2008 13:05:00 +0000 (13:05 -0000)]
fixed bignum export if BN_num_bytes() != DH_size()

11 years agofixed memleak
Martin Willi [Tue, 4 Nov 2008 13:01:36 +0000 (13:01 -0000)]
fixed memleak

11 years agoadded a delay option to delay initiations
Martin Willi [Tue, 4 Nov 2008 12:59:53 +0000 (12:59 -0000)]
added a delay option to delay initiations

11 years agocorrected a copy-and-paste error
Andreas Steffen [Mon, 3 Nov 2008 23:46:42 +0000 (23:46 -0000)]
corrected a copy-and-paste error

11 years agoupdated copyright of kernel interface code
Andreas Steffen [Mon, 3 Nov 2008 23:34:23 +0000 (23:34 -0000)]
updated copyright of kernel interface code

11 years agoadded support for xfrm remote kmaddress
Andreas Steffen [Mon, 3 Nov 2008 23:29:34 +0000 (23:29 -0000)]
added support for xfrm remote kmaddress

11 years agoadded locking mechanism for multithreaded use of OpenSSL
Martin Willi [Mon, 3 Nov 2008 16:14:12 +0000 (16:14 -0000)]
added locking mechanism for multithreaded use of OpenSSL

11 years agoadded fake_kernel option to make dummy kernel implementation optional
Martin Willi [Mon, 3 Nov 2008 15:11:01 +0000 (15:11 -0000)]
added fake_kernel option to make dummy kernel implementation optional

11 years agoremoved accidently checked in debug code
Martin Willi [Mon, 3 Nov 2008 12:40:42 +0000 (12:40 -0000)]
removed accidently checked in debug code

11 years agoload testing between different hosts
Martin Willi [Mon, 3 Nov 2008 10:02:39 +0000 (10:02 -0000)]
load testing between different hosts

11 years agolog loaded plugins at startup
Martin Willi [Mon, 3 Nov 2008 09:44:54 +0000 (09:44 -0000)]
log loaded plugins at startup

11 years agoreverted 4541, does not fix the problem
Martin Willi [Mon, 3 Nov 2008 09:44:20 +0000 (09:44 -0000)]
reverted 4541, does not fix the problem

11 years agomigrate job creates a new IKE_SA
Andreas Steffen [Mon, 3 Nov 2008 07:08:59 +0000 (07:08 -0000)]
migrate job creates a new IKE_SA

11 years agoreplace tab by spaces
Andreas Steffen [Mon, 3 Nov 2008 06:56:22 +0000 (06:56 -0000)]
replace tab by spaces

11 years agoremoved unused variables
Andreas Steffen [Mon, 3 Nov 2008 03:56:03 +0000 (03:56 -0000)]
removed unused variables

11 years agomigrate_job() finds a matching child_cfg
Andreas Steffen [Mon, 3 Nov 2008 02:05:41 +0000 (02:05 -0000)]
migrate_job() finds a matching child_cfg

11 years agocorrected parameter description
Andreas Steffen [Mon, 3 Nov 2008 00:24:38 +0000 (00:24 -0000)]
corrected parameter description

11 years agocorrected captions
Andreas Steffen [Sun, 2 Nov 2008 22:13:17 +0000 (22:13 -0000)]
corrected captions

11 years agofully implemented the parsing of XFRM and PF_KEY MIGRATE messages
Andreas Steffen [Sun, 2 Nov 2008 21:34:52 +0000 (21:34 -0000)]
fully implemented the parsing of XFRM and PF_KEY MIGRATE messages

11 years agoremoved 0-byte truncation, fixes random Openssl RSA signature verification failures
Martin Willi [Fri, 31 Oct 2008 17:07:04 +0000 (17:07 -0000)]
removed 0-byte truncation, fixes random Openssl RSA signature verification failures

11 years agofixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)
Martin Willi [Fri, 31 Oct 2008 17:05:40 +0000 (17:05 -0000)]
fixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)

11 years agoidentify attributes of XFRM ACQUIRE and MIGRATE messages
Andreas Steffen [Fri, 31 Oct 2008 06:18:48 +0000 (06:18 -0000)]
identify attributes of XFRM ACQUIRE and MIGRATE messages

11 years agosubscribing XFRM socket for MIGRATE messages
Andreas Steffen [Fri, 31 Oct 2008 02:50:01 +0000 (02:50 -0000)]
subscribing XFRM socket for MIGRATE messages

11 years agoadapted evaltest.dat to extended acquire job message
Andreas Steffen [Fri, 31 Oct 2008 01:46:37 +0000 (01:46 -0000)]
adapted evaltest.dat to extended acquire job message

11 years agoparse xfrm and pf_key acquire messages and subscribe to migrate messages
Andreas Steffen [Fri, 31 Oct 2008 01:43:23 +0000 (01:43 -0000)]
parse xfrm and pf_key acquire messages and subscribe to migrate messages

11 years agoreverted changeset 4529:
Martin Willi [Thu, 30 Oct 2008 13:21:21 +0000 (13:21 -0000)]
reverted changeset 4529:
Camellia is 22 in IKEv1, but not-yet defined in IKEv2
in IKEv2, 22 is reserved for AES-XTS

11 years agoadded hooks for IKE and CHILD keymat
Martin Willi [Thu, 30 Oct 2008 12:58:54 +0000 (12:58 -0000)]
added hooks for IKE and CHILD keymat

11 years agostore plain skd, not the prf
Martin Willi [Thu, 30 Oct 2008 09:18:52 +0000 (09:18 -0000)]
store plain skd, not the prf

11 years agoadded Camellia CBC to list of encryption algorithms
Andreas Steffen [Thu, 30 Oct 2008 03:31:36 +0000 (03:31 -0000)]
added Camellia CBC to list of encryption algorithms

11 years agocorrected parameter description
Andreas Steffen [Thu, 30 Oct 2008 00:35:37 +0000 (00:35 -0000)]
corrected parameter description

11 years agomoved CHILD_SA key derivation to keymat_t
Martin Willi [Wed, 29 Oct 2008 16:06:16 +0000 (16:06 -0000)]
moved CHILD_SA key derivation to keymat_t
passing key chunks to CHILD_SA, not the PRF

11 years agoprf handles zero-length allocations graceful
Martin Willi [Wed, 29 Oct 2008 14:12:54 +0000 (14:12 -0000)]
prf handles zero-length allocations graceful

11 years agodo not store DH redundant in keymat
Martin Willi [Wed, 29 Oct 2008 13:35:06 +0000 (13:35 -0000)]
do not store DH redundant in keymat

11 years agoreplaced not-maintained ChangeLog
Martin Willi [Wed, 29 Oct 2008 09:27:51 +0000 (09:27 -0000)]
replaced not-maintained ChangeLog

11 years agoupgrade to linux-2.6.28 headers with support for kmaddress struct
Andreas Steffen [Wed, 29 Oct 2008 05:32:38 +0000 (05:32 -0000)]
upgrade to linux-2.6.28 headers with support for kmaddress struct

11 years agomoved key derivation and management into keymat object
Martin Willi [Tue, 28 Oct 2008 16:07:06 +0000 (16:07 -0000)]
moved key derivation and management into keymat object
allows secured implementation of key management (e.g. in kernel or HW)
only IKE keys for now

11 years agostore IKE proposal implicitly during derive_keys
Martin Willi [Tue, 28 Oct 2008 10:12:21 +0000 (10:12 -0000)]
store IKE proposal implicitly during derive_keys

11 years agofixed reauthentication time in statusall
Martin Willi [Tue, 28 Oct 2008 09:41:33 +0000 (09:41 -0000)]
fixed reauthentication time in statusall

11 years agorefining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key
Andreas Steffen [Tue, 28 Oct 2008 01:59:01 +0000 (01:59 -0000)]
refining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key

11 years agouse more generic stats getter, introducing new stats
Martin Willi [Mon, 27 Oct 2008 14:51:00 +0000 (14:51 -0000)]
use more generic stats getter, introducing new stats

11 years agonew release of NM debs
Martin Willi [Mon, 27 Oct 2008 12:01:23 +0000 (12:01 -0000)]
new release of NM debs

11 years agoincluding a "none" tundev to make NM happy
Martin Willi [Mon, 27 Oct 2008 11:30:27 +0000 (11:30 -0000)]
including a "none" tundev to make NM happy

11 years agofixed some compiler warnings
Martin Willi [Mon, 27 Oct 2008 11:13:33 +0000 (11:13 -0000)]
fixed some compiler warnings

11 years agoremove unused local DH_EXPONENT_ENTROPY definition
Andreas Steffen [Mon, 27 Oct 2008 00:02:22 +0000 (00:02 -0000)]
remove unused local DH_EXPONENT_ENTROPY definition

11 years agouse 512 bits of entropy for secret DH exponents
Andreas Steffen [Sun, 26 Oct 2008 23:53:52 +0000 (23:53 -0000)]
use 512 bits of entropy for secret DH exponents

11 years agoadditional getters for ipcomp and UDP encap
Martin Willi [Fri, 24 Oct 2008 09:51:48 +0000 (09:51 -0000)]
additional getters for ipcomp and UDP encap

11 years agomore CHILD_SA refactorings
Martin Willi [Fri, 24 Oct 2008 08:02:35 +0000 (08:02 -0000)]
more CHILD_SA refactorings

11 years agoinitiate connections simultaneously in load tester
Martin Willi [Wed, 22 Oct 2008 09:01:36 +0000 (09:01 -0000)]
initiate connections simultaneously in load tester

11 years agoinclude updown plugin in sql scenarios
Andreas Steffen [Tue, 21 Oct 2008 22:28:29 +0000 (22:28 -0000)]
include updown plugin in sql scenarios

11 years agoa load testing plugin, to:
Martin Willi [Tue, 21 Oct 2008 13:00:38 +0000 (13:00 -0000)]
a load testing plugin, to:
find multi-threading issues
do performance profiling

11 years agofixed enumeration of CHILD_SA traffic selectors
Martin Willi [Tue, 21 Oct 2008 10:57:40 +0000 (10:57 -0000)]
fixed enumeration of CHILD_SA traffic selectors

11 years agouse old algorithm nameagain in pfkey/alg-aes-xcbc scenario
Andreas Steffen [Tue, 21 Oct 2008 03:42:32 +0000 (03:42 -0000)]
use old algorithm nameagain in pfkey/alg-aes-xcbc scenario

11 years agoreset threads IKE_SA after checking other IKE_SAs
Martin Willi [Mon, 20 Oct 2008 11:38:16 +0000 (11:38 -0000)]
reset threads IKE_SA after checking other IKE_SAs
invoke updown script only if we have valid IKE_SA

11 years agore-established all previous AUD level messages
Andreas Steffen [Fri, 17 Oct 2008 03:44:06 +0000 (03:44 -0000)]
re-established all previous AUD level messages

11 years agofixed perl oid generation
Martin Willi [Thu, 16 Oct 2008 15:38:48 +0000 (15:38 -0000)]
fixed perl oid generation

11 years agoloading updown plugin if required
Martin Willi [Thu, 16 Oct 2008 12:48:27 +0000 (12:48 -0000)]
loading updown plugin if required

11 years agomoved updown script invocation to an optional plugin
Martin Willi [Thu, 16 Oct 2008 11:48:18 +0000 (11:48 -0000)]
moved updown script invocation to an optional plugin

11 years agobus uses finally recusive locking
Martin Willi [Thu, 16 Oct 2008 11:32:43 +0000 (11:32 -0000)]
bus uses finally recusive locking
other small fixes

11 years agocondvar->wait() can handle recursive mutex
Martin Willi [Thu, 16 Oct 2008 11:29:42 +0000 (11:29 -0000)]
condvar->wait() can handle recursive mutex

11 years agoadded missing EAP-AKA RFC
Martin Willi [Thu, 16 Oct 2008 07:21:30 +0000 (07:21 -0000)]
added missing EAP-AKA RFC

11 years agoadded a guest.mconsole() method to script mconsole (e.g. add additional conX=)
Martin Willi [Wed, 15 Oct 2008 14:47:52 +0000 (14:47 -0000)]
added a guest.mconsole() method to script mconsole (e.g. add additional conX=)

11 years agocache keys for in and outbound ESP SAs
Martin Willi [Wed, 15 Oct 2008 12:24:44 +0000 (12:24 -0000)]
cache keys for in and outbound ESP SAs
removed redundant storing of traffic selectors in CHILD_SA (sa_policy_t)
creating TS pairs dynamically using create_policy_enumerator()

11 years agotypedef fixed
Tobias Brunner [Wed, 15 Oct 2008 11:34:29 +0000 (11:34 -0000)]
typedef fixed

11 years agoreverted changeset [4440], [4443] uses old algorithm name again
Martin Willi [Wed, 15 Oct 2008 08:50:14 +0000 (08:50 -0000)]
reverted changeset [4440], [4443] uses old algorithm name again

11 years agostore ESP keys in CHILD_SA
Martin Willi [Wed, 15 Oct 2008 08:37:56 +0000 (08:37 -0000)]
store ESP keys in CHILD_SA