strongswan.git
11 years agouse old algorithm nameagain in pfkey/alg-aes-xcbc scenario
Andreas Steffen [Tue, 21 Oct 2008 03:42:32 +0000 (03:42 -0000)]
use old algorithm nameagain in pfkey/alg-aes-xcbc scenario

11 years agoreset threads IKE_SA after checking other IKE_SAs
Martin Willi [Mon, 20 Oct 2008 11:38:16 +0000 (11:38 -0000)]
reset threads IKE_SA after checking other IKE_SAs
invoke updown script only if we have valid IKE_SA

11 years agore-established all previous AUD level messages
Andreas Steffen [Fri, 17 Oct 2008 03:44:06 +0000 (03:44 -0000)]
re-established all previous AUD level messages

11 years agofixed perl oid generation
Martin Willi [Thu, 16 Oct 2008 15:38:48 +0000 (15:38 -0000)]
fixed perl oid generation

11 years agoloading updown plugin if required
Martin Willi [Thu, 16 Oct 2008 12:48:27 +0000 (12:48 -0000)]
loading updown plugin if required

11 years agomoved updown script invocation to an optional plugin
Martin Willi [Thu, 16 Oct 2008 11:48:18 +0000 (11:48 -0000)]
moved updown script invocation to an optional plugin

11 years agobus uses finally recusive locking
Martin Willi [Thu, 16 Oct 2008 11:32:43 +0000 (11:32 -0000)]
bus uses finally recusive locking
other small fixes

11 years agocondvar->wait() can handle recursive mutex
Martin Willi [Thu, 16 Oct 2008 11:29:42 +0000 (11:29 -0000)]
condvar->wait() can handle recursive mutex

11 years agoadded missing EAP-AKA RFC
Martin Willi [Thu, 16 Oct 2008 07:21:30 +0000 (07:21 -0000)]
added missing EAP-AKA RFC

11 years agoadded a guest.mconsole() method to script mconsole (e.g. add additional conX=)
Martin Willi [Wed, 15 Oct 2008 14:47:52 +0000 (14:47 -0000)]
added a guest.mconsole() method to script mconsole (e.g. add additional conX=)

11 years agocache keys for in and outbound ESP SAs
Martin Willi [Wed, 15 Oct 2008 12:24:44 +0000 (12:24 -0000)]
cache keys for in and outbound ESP SAs
removed redundant storing of traffic selectors in CHILD_SA (sa_policy_t)
creating TS pairs dynamically using create_policy_enumerator()

11 years agotypedef fixed
Tobias Brunner [Wed, 15 Oct 2008 11:34:29 +0000 (11:34 -0000)]
typedef fixed

11 years agoreverted changeset [4440], [4443] uses old algorithm name again
Martin Willi [Wed, 15 Oct 2008 08:50:14 +0000 (08:50 -0000)]
reverted changeset [4440], [4443] uses old algorithm name again

11 years agostore ESP keys in CHILD_SA
Martin Willi [Wed, 15 Oct 2008 08:37:56 +0000 (08:37 -0000)]
store ESP keys in CHILD_SA

11 years agoactivate compilation of the kernel_pfkey plugin
Andreas Steffen [Wed, 15 Oct 2008 00:22:51 +0000 (00:22 -0000)]
activate compilation of the kernel_pfkey plugin

11 years agoadded PFKEYv2 UML scenarios
Andreas Steffen [Wed, 15 Oct 2008 00:11:00 +0000 (00:11 -0000)]
added PFKEYv2 UML scenarios

11 years agoname of ESP algorithm changed to AES_XCBC_96-128
Andreas Steffen [Tue, 14 Oct 2008 23:55:19 +0000 (23:55 -0000)]
name of ESP algorithm changed to AES_XCBC_96-128

11 years agopassing chunks, not prf+, to kernel interface
Martin Willi [Tue, 14 Oct 2008 15:17:44 +0000 (15:17 -0000)]
passing chunks, not prf+, to kernel interface
gives us better control of keymat in CHILD_SA

11 years agotypos
Tobias Brunner [Tue, 14 Oct 2008 12:18:53 +0000 (12:18 -0000)]
typos

11 years agodirectory 'build' renamed as 'packages'
Tobias Brunner [Tue, 14 Oct 2008 11:53:23 +0000 (11:53 -0000)]
directory 'build' renamed as 'packages'

11 years agoreintegrated bus-refactoring branch
Martin Willi [Tue, 14 Oct 2008 08:52:13 +0000 (08:52 -0000)]
reintegrated bus-refactoring branch

11 years agomerging kernel_pfkey plugin back from kernel-interface branch
Tobias Brunner [Tue, 14 Oct 2008 08:46:31 +0000 (08:46 -0000)]
merging kernel_pfkey plugin back from kernel-interface branch

11 years agoversion bump to 4.2.9
Andreas Steffen [Tue, 14 Oct 2008 01:53:37 +0000 (01:53 -0000)]
version bump to 4.2.9

11 years agocorrected typo 4.2.8
Andreas Steffen [Mon, 13 Oct 2008 22:54:09 +0000 (22:54 -0000)]
corrected typo

11 years agoadded bug fix for addr_in_subnet() to NEWS
Andreas Steffen [Mon, 13 Oct 2008 00:15:16 +0000 (00:15 -0000)]
added bug fix for addr_in_subnet() to NEWS

11 years agoadd support of --enable-eap-sim-file and --enable-kernel-pfkey configuration options
Andreas Steffen [Mon, 13 Oct 2008 00:09:44 +0000 (00:09 -0000)]
add support of --enable-eap-sim-file and --enable-kernel-pfkey configuration options

11 years agoset guest-specific kernel parameters
Martin Willi [Fri, 10 Oct 2008 11:20:04 +0000 (11:20 -0000)]
set guest-specific kernel parameters
removed memory setting, use mem= instead

11 years agoreintegrated two-sim branch providing SIM card plugin API
Martin Willi [Fri, 10 Oct 2008 08:36:01 +0000 (08:36 -0000)]
reintegrated two-sim branch providing SIM card plugin API

11 years agotrimming additial / in some cases
Martin Willi [Fri, 10 Oct 2008 07:33:37 +0000 (07:33 -0000)]
trimming additial / in some cases

11 years agouse busybox compatible kill
Martin Willi [Fri, 10 Oct 2008 06:59:03 +0000 (06:59 -0000)]
use busybox compatible kill

11 years agoremove intermediate CA certs after UML test
Andreas Steffen [Thu, 9 Oct 2008 22:20:56 +0000 (22:20 -0000)]
remove intermediate CA certs after UML test

11 years agofixed MOBIKE roaming if clients address changes
Martin Willi [Thu, 9 Oct 2008 08:25:11 +0000 (08:25 -0000)]
fixed MOBIKE roaming if clients address changes

11 years agofaster implementation of addr_in_subnet()
Andreas Steffen [Thu, 9 Oct 2008 05:44:00 +0000 (05:44 -0000)]
faster implementation of addr_in_subnet()

11 years agoadded proposal parsing of uncommon DH groups 3072/6144
Martin Willi [Wed, 8 Oct 2008 12:57:11 +0000 (12:57 -0000)]
added proposal parsing of uncommon DH groups 3072/6144

11 years agosome mobike improvement NEWS
Martin Willi [Wed, 8 Oct 2008 12:24:08 +0000 (12:24 -0000)]
some mobike improvement NEWS

11 years agoignore routing events for our own routes
Martin Willi [Wed, 8 Oct 2008 08:29:49 +0000 (08:29 -0000)]
ignore routing events for our own routes

11 years agomobike: try to keep existing source address before switching to another
Martin Willi [Wed, 8 Oct 2008 08:23:46 +0000 (08:23 -0000)]
mobike: try to keep existing source address before switching to another

11 years agoraw public key support for charon
Andreas Steffen [Wed, 8 Oct 2008 07:03:39 +0000 (07:03 -0000)]
raw public key support for charon

11 years agoimplemented ipsec listalgs as a stroke command
Andreas Steffen [Wed, 8 Oct 2008 07:00:13 +0000 (07:00 -0000)]
implemented ipsec listalgs as a stroke command

11 years agocorrect fix that replaces Changeset 4378
Andreas Steffen [Wed, 8 Oct 2008 06:57:52 +0000 (06:57 -0000)]
correct fix that replaces Changeset 4378

11 years agoremoving fix applied by Changeset 4378
Andreas Steffen [Wed, 8 Oct 2008 06:15:41 +0000 (06:15 -0000)]
removing fix applied by Changeset 4378

11 years agoadded the sql/rw-rsa and sql/rw-rsa-keyid scenarios using raw RSA public keys
Andreas Steffen [Wed, 8 Oct 2008 03:37:40 +0000 (03:37 -0000)]
added the sql/rw-rsa and sql/rw-rsa-keyid scenarios using raw RSA public keys

11 years agoget_subject() of a CERT_TRUSTED_PUBKEY object returns ID_PUBKEY_INFO_SHA1 hash consis...
Andreas Steffen [Wed, 8 Oct 2008 03:35:52 +0000 (03:35 -0000)]
get_subject() of a CERT_TRUSTED_PUBKEY object returns ID_PUBKEY_INFO_SHA1 hash consistent with the IKEv2 keyid philosophy

11 years agoImplemented BUILD_BLOB_ASN1_DER for the CERT_TRUSTED_PUBKEY subtype
Andreas Steffen [Wed, 8 Oct 2008 01:19:26 +0000 (01:19 -0000)]
Implemented BUILD_BLOB_ASN1_DER for the CERT_TRUSTED_PUBKEY subtype

11 years agofixed loop termination criterion in addr_in_subnet(). Thanks go to Wolfgang Steudel...
Andreas Steffen [Tue, 7 Oct 2008 21:41:45 +0000 (21:41 -0000)]
fixed loop termination criterion in addr_in_subnet(). Thanks go to Wolfgang Steudel, TU Ilmenau

11 years agoguest bootup waits for init, not for network stack (fixes 2.6.27 guest kernels)
Martin Willi [Tue, 7 Oct 2008 16:31:41 +0000 (16:31 -0000)]
guest bootup waits for init, not for network stack (fixes 2.6.27 guest kernels)

11 years agoported mconsole-exec patch to 2.6.27-rc7
Martin Willi [Tue, 7 Oct 2008 09:09:34 +0000 (09:09 -0000)]
ported mconsole-exec patch to 2.6.27-rc7

11 years agouserland support to process notifies for new NAT mappings detected in UDP encapsulation
Martin Willi [Tue, 7 Oct 2008 07:55:28 +0000 (07:55 -0000)]
userland support to process notifies for new NAT mappings detected in UDP encapsulation

11 years agowait 5 seconds before deactivating eth1 interface on alice
Andreas Steffen [Tue, 7 Oct 2008 04:56:50 +0000 (04:56 -0000)]
wait 5 seconds before deactivating eth1 interface on alice

11 years agoexplicitly load kernel-netlink plugin in UML scenarios
Andreas Steffen [Tue, 7 Oct 2008 04:51:20 +0000 (04:51 -0000)]
explicitly load kernel-netlink plugin in UML scenarios

11 years agouse MOBIKE enabled DPD if we are NATed
Martin Willi [Mon, 6 Oct 2008 13:37:04 +0000 (13:37 -0000)]
use MOBIKE enabled DPD if we are NATed
update SAs if we detect changes in NAT mappings

11 years agofixed builder_cancel macro to return NULL on failed build
Martin Willi [Mon, 6 Oct 2008 13:08:49 +0000 (13:08 -0000)]
fixed builder_cancel macro to return NULL on failed build

11 years agodo not run CHILD_SA delete action if rekeying
Martin Willi [Fri, 3 Oct 2008 16:01:14 +0000 (16:01 -0000)]
do not run CHILD_SA delete action if rekeying

11 years agoadded --disable-kernel-netlink configure option
Andreas Steffen [Fri, 3 Oct 2008 03:27:42 +0000 (03:27 -0000)]
added --disable-kernel-netlink configure option

11 years agouse dpd_action also for remotely closed tunnels
Martin Willi [Thu, 2 Oct 2008 13:47:19 +0000 (13:47 -0000)]
use dpd_action also for remotely closed tunnels

11 years agoalso respect the mobike=no setting as responder
Martin Willi [Tue, 30 Sep 2008 12:36:58 +0000 (12:36 -0000)]
also respect the mobike=no setting as responder

11 years agousing signed return value for read()
Martin Willi [Tue, 30 Sep 2008 06:27:50 +0000 (06:27 -0000)]
using signed return value for read()

12 years agomerging renaming of mode_t to ipsec_mode_t back to trunk
Tobias Brunner [Thu, 25 Sep 2008 13:56:23 +0000 (13:56 -0000)]
merging renaming of mode_t to ipsec_mode_t back to trunk

12 years agomerging modularized kernel interface back to trunk
Tobias Brunner [Thu, 25 Sep 2008 07:56:58 +0000 (07:56 -0000)]
merging modularized kernel interface back to trunk

12 years agomissing '_' added
Tobias Brunner [Fri, 19 Sep 2008 13:20:09 +0000 (13:20 -0000)]
missing '_' added

12 years agoversion bump to 4.2.8
Andreas Steffen [Thu, 18 Sep 2008 00:42:22 +0000 (00:42 -0000)]
version bump to 4.2.8

12 years agocompleted NEWS for 4.2.7 release 4.2.7
Andreas Steffen [Thu, 18 Sep 2008 00:34:31 +0000 (00:34 -0000)]
completed NEWS for 4.2.7 release

12 years agofixed DH value range testing
Martin Willi [Wed, 17 Sep 2008 09:02:30 +0000 (09:02 -0000)]
fixed DH value range testing

12 years agochecking mpz_export return value properly
Martin Willi [Wed, 17 Sep 2008 08:10:48 +0000 (08:10 -0000)]
checking mpz_export return value properly
fixes a potential DoS attack if a DH value of zero gets processed

12 years agostroke parses and lists AC groups
Andreas Steffen [Wed, 17 Sep 2008 02:17:01 +0000 (02:17 -0000)]
stroke parses and lists AC groups

12 years agoupdated ubuntu packages for release compatible with NM svn20080908
Martin Willi [Fri, 12 Sep 2008 13:48:11 +0000 (13:48 -0000)]
updated ubuntu packages for release compatible with NM svn20080908

12 years agoported NM plugin to upstream NetworkManager changes
Martin Willi [Fri, 12 Sep 2008 13:28:31 +0000 (13:28 -0000)]
ported NM plugin to upstream NetworkManager changes
splitted secrets (4031)
using uuid in auth-dialog (4053)

12 years agoallow multiple DELETE payloads in an informational message
Martin Willi [Thu, 11 Sep 2008 11:14:09 +0000 (11:14 -0000)]
allow multiple DELETE payloads in an informational message

12 years agoupdated NEWS
Martin Willi [Fri, 5 Sep 2008 15:10:56 +0000 (15:10 -0000)]
updated NEWS

12 years agofixed ubuntu distribution/typos
Martin Willi [Fri, 5 Sep 2008 14:44:21 +0000 (14:44 -0000)]
fixed ubuntu distribution/typos

12 years agonew ubuntu package release
Martin Willi [Fri, 5 Sep 2008 14:01:47 +0000 (14:01 -0000)]
new ubuntu package release

12 years agoNM plugin supports (encrypted) private key files
Martin Willi [Fri, 5 Sep 2008 13:26:58 +0000 (13:26 -0000)]
NM plugin supports (encrypted) private key files

12 years agotime values in strongswan.conf can be optionally specified in days (d), hours (h...
Andreas Steffen [Thu, 4 Sep 2008 16:19:46 +0000 (16:19 -0000)]
time values in strongswan.conf can be optionally specified in days (d), hours (h), minutes (m), or seconds (s)

12 years agosome NEWS
Martin Willi [Thu, 4 Sep 2008 14:52:33 +0000 (14:52 -0000)]
some NEWS

12 years agofixed some translations/encoding
Martin Willi [Thu, 4 Sep 2008 13:51:35 +0000 (13:51 -0000)]
fixed some translations/encoding

12 years agoan initial German translation for NM plugin
Martin Willi [Thu, 4 Sep 2008 13:39:37 +0000 (13:39 -0000)]
an initial German translation for NM plugin

12 years agoupdated debian build to extended nm plugin
Martin Willi [Thu, 4 Sep 2008 11:55:31 +0000 (11:55 -0000)]
updated debian build to extended nm plugin

12 years agoreduced nm verbosity
Martin Willi [Thu, 4 Sep 2008 10:35:20 +0000 (10:35 -0000)]
reduced nm verbosity

12 years agoimplemented NetworkManager certificate/private key authentication using ssh-agent
Martin Willi [Thu, 4 Sep 2008 08:40:37 +0000 (08:40 -0000)]
implemented NetworkManager certificate/private key authentication using ssh-agent

12 years agoadded a configure option to select charon binary
Martin Willi [Thu, 4 Sep 2008 08:37:31 +0000 (08:37 -0000)]
added a configure option to select charon binary

12 years agoagent plugin optionally accepts a BUILD_PUBLIC_KEY to select a specific private key...
Martin Willi [Thu, 4 Sep 2008 08:35:11 +0000 (08:35 -0000)]
agent plugin optionally accepts a BUILD_PUBLIC_KEY to select a specific private key from the agent

12 years agocharon.keep_alive = 0 disables the sending of NAT keep alives
Andreas Steffen [Wed, 3 Sep 2008 19:00:08 +0000 (19:00 -0000)]
charon.keep_alive = 0 disables the sending of NAT keep alives

12 years agoconfigure NAT keep alive interval using the charon.keep_alive key
Andreas Steffen [Wed, 3 Sep 2008 18:49:06 +0000 (18:49 -0000)]
configure NAT keep alive interval using the charon.keep_alive key

12 years agotypos
Tobias Brunner [Wed, 3 Sep 2008 07:44:46 +0000 (07:44 -0000)]
typos

12 years agohandle INFORMATIONAL exchanges with NATD payloads in mobike task
Martin Willi [Tue, 2 Sep 2008 14:02:40 +0000 (14:02 -0000)]
handle INFORMATIONAL exchanges with NATD payloads in mobike task

12 years agolibstrongswan agent plugin to use ssh-agent for RSA signatures
Martin Willi [Tue, 2 Sep 2008 11:04:26 +0000 (11:04 -0000)]
libstrongswan agent plugin to use ssh-agent for RSA signatures

12 years agoported openac to credential factory changes
Martin Willi [Tue, 2 Sep 2008 11:01:05 +0000 (11:01 -0000)]
ported openac to credential factory changes

12 years agorefactored credential builder
Martin Willi [Tue, 2 Sep 2008 11:00:13 +0000 (11:00 -0000)]
refactored credential builder
allow enumeration of matching builders
try a second builder if the first one fails
builder clones resources internally on demand
caller frees added resources on failure and success
stricter handling of non-supported build parts

12 years agoOIDs used by strongSwan
Andreas Steffen [Mon, 1 Sep 2008 11:38:03 +0000 (11:38 -0000)]
OIDs used by strongSwan

12 years agoadded thread_analysis tool
Andreas Steffen [Mon, 1 Sep 2008 11:19:07 +0000 (11:19 -0000)]
added thread_analysis tool

12 years agouse libcap for capability dropping
Martin Willi [Fri, 29 Aug 2008 09:24:14 +0000 (09:24 -0000)]
use libcap for capability dropping
optional, must be enabled --with-capabilities=libcap
will be extended to support --with-capabilities=libcap2

12 years agostreamlined ipsec listalgs output
Andreas Steffen [Fri, 29 Aug 2008 05:35:09 +0000 (05:35 -0000)]
streamlined ipsec listalgs output

12 years agocapability API to allow plugin-controlled capability set
Martin Willi [Thu, 28 Aug 2008 16:27:48 +0000 (16:27 -0000)]
capability API to allow plugin-controlled capability set

12 years agocosmetics
Martin Willi [Thu, 28 Aug 2008 11:15:01 +0000 (11:15 -0000)]
cosmetics

12 years agocreating default IKE proposals dynamically using algorithm enumeration API
Martin Willi [Thu, 28 Aug 2008 11:07:57 +0000 (11:07 -0000)]
creating default IKE proposals dynamically using algorithm enumeration API

12 years agoseparated sha1_prf implementation from sha1_hasher
Martin Willi [Thu, 28 Aug 2008 10:57:24 +0000 (10:57 -0000)]
separated sha1_prf implementation from sha1_hasher

12 years agocrypto_factory algorithm enumeration API
Martin Willi [Thu, 28 Aug 2008 09:24:42 +0000 (09:24 -0000)]
crypto_factory algorithm enumeration API
implementation of "ipsec listalgs"

12 years ago * allow to load templates from arbitrary places
Tobias Brunner [Thu, 28 Aug 2008 08:05:07 +0000 (08:05 -0000)]
 * allow to load templates from arbitrary places
 * changed implementation of guest?/iface?

12 years agomkdir_p: utility function to create a directory and all required parent directories
Tobias Brunner [Thu, 28 Aug 2008 07:47:55 +0000 (07:47 -0000)]
mkdir_p: utility function to create a directory and all required parent directories

12 years agobuild scripts for ubuntu NetworkManager packages
Martin Willi [Wed, 27 Aug 2008 13:51:05 +0000 (13:51 -0000)]
build scripts for ubuntu NetworkManager packages