strongswan.git
10 years agoprepare CAMELLIA_CCM ESP encryption
Andreas Steffen [Mon, 10 Aug 2009 14:30:42 +0000 (16:30 +0200)]
prepare CAMELLIA_CCM ESP encryption

10 years agoadd ikev1/esp-alg-aes-ctr scenario
Andreas Steffen [Sat, 8 Aug 2009 17:20:53 +0000 (19:20 +0200)]
add ikev1/esp-alg-aes-ctr scenario

10 years agoadded ikev2/esp-alg-aes-ctr scenario
Andreas Steffen [Sat, 8 Aug 2009 17:08:17 +0000 (19:08 +0200)]
added ikev2/esp-alg-aes-ctr scenario

10 years agoFreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates...
Tobias Brunner [Fri, 7 Aug 2009 16:30:40 +0000 (18:30 +0200)]
FreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates this function (and the other defined in execinfo.h).

10 years agoset protocol to ESP for policies installed as a trap
Martin Willi [Fri, 7 Aug 2009 14:05:32 +0000 (16:05 +0200)]
set protocol to ESP for policies installed as a trap

10 years agofixed printf fromat for length limited string
Martin Willi [Thu, 6 Aug 2009 15:56:45 +0000 (17:56 +0200)]
fixed printf fromat for length limited string

10 years ago%llu correctly prints u_int64_t
Andreas Steffen [Fri, 7 Aug 2009 07:50:36 +0000 (09:50 +0200)]
%llu correctly prints u_int64_t

10 years agoprinting u_int64_t caused segfault on 32-bit platforms
Andreas Steffen [Fri, 7 Aug 2009 06:47:07 +0000 (08:47 +0200)]
printing u_int64_t caused segfault on 32-bit platforms

10 years agodo not set usetime if query_policy() fails
Andreas Steffen [Fri, 7 Aug 2009 03:59:09 +0000 (05:59 +0200)]
do not set usetime if query_policy() fails

10 years agoUse LONG_MAX instead of a hard-coded value.
Tobias Brunner [Thu, 6 Aug 2009 16:22:01 +0000 (18:22 +0200)]
Use LONG_MAX instead of a hard-coded value.

10 years agoFreeBSD returns the current policy use time only after specifying a hard lifetime...
Tobias Brunner [Thu, 6 Aug 2009 16:14:44 +0000 (18:14 +0200)]
FreeBSD returns the current policy use time only after specifying a hard lifetime when installing the policy.

10 years agoadded openssl-ikev2/alg-camellia scenario
Andreas Steffen [Thu, 6 Aug 2009 14:48:24 +0000 (16:48 +0200)]
added openssl-ikev2/alg-camellia scenario

10 years agoFixed a race condition when querying stats of a child_sa in different order.
Tobias Brunner [Thu, 6 Aug 2009 14:46:02 +0000 (16:46 +0200)]
Fixed a race condition when querying stats of a child_sa in different order.

10 years agouse SS_RC_FIRST and SS_RC_LAST
Andreas Steffen [Thu, 6 Aug 2009 14:42:44 +0000 (16:42 +0200)]
use SS_RC_FIRST and SS_RC_LAST

10 years agoabort pluto or charon if initialization fails
Andreas Steffen [Thu, 6 Aug 2009 14:32:42 +0000 (16:32 +0200)]
abort pluto or charon if initialization fails

10 years agoDon't query the policy usetime if there was no traffic on the SA.
Tobias Brunner [Thu, 6 Aug 2009 13:14:54 +0000 (15:14 +0200)]
Don't query the policy usetime if there was no traffic on the SA.

This helps in cases where a policy is assigned to more than one SA. That
is, SAs now should have different usetimes even if they use the same policy.

10 years agoReverted the interface changes introduced in 3f720dc7.
Tobias Brunner [Thu, 6 Aug 2009 11:30:16 +0000 (13:30 +0200)]
Reverted the interface changes introduced in 3f720dc7.

10 years agoadded support for ipsec.secrets "include" directive
Martin Willi [Thu, 6 Aug 2009 09:29:55 +0000 (11:29 +0200)]
added support for ipsec.secrets "include" directive

10 years agoReversed the check for udp.h, fixes compilation on Linux.
Tobias Brunner [Thu, 6 Aug 2009 08:01:59 +0000 (10:01 +0200)]
Reversed the check for udp.h, fixes compilation on Linux.

10 years agoactivated CAMELLIA_CBC cipher in openssl plugin
Andreas Steffen [Wed, 5 Aug 2009 20:46:53 +0000 (22:46 +0200)]
activated CAMELLIA_CBC cipher in openssl plugin

10 years agosupport of SHA224-based certificate signatures
Andreas Steffen [Wed, 5 Aug 2009 20:01:13 +0000 (22:01 +0200)]
support of SHA224-based certificate signatures

10 years agoEnabling UDP encapsulation via setsockopt fails on Mac OS X (it is also not required...
Tobias Brunner [Wed, 5 Aug 2009 10:31:10 +0000 (12:31 +0200)]
Enabling UDP encapsulation via setsockopt fails on Mac OS X (it is also not required as this is done using sysctl).

10 years agooutput number of transmitted bytes in closing CHILD_SA statement
Andreas Steffen [Tue, 4 Aug 2009 21:08:42 +0000 (23:08 +0200)]
output number of transmitted bytes in closing CHILD_SA statement

10 years agoFreeBSD only reports a policy's usetime if a lifetime has been specified when the...
Tobias Brunner [Tue, 4 Aug 2009 09:03:39 +0000 (11:03 +0200)]
FreeBSD only reports a policy's usetime if a lifetime has been specified when the policy was added (we only specify a lifetime on the SA, not on the policy).

10 years agoFreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to...
Tobias Brunner [Fri, 31 Jul 2009 16:10:39 +0000 (18:10 +0200)]
FreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to zero, we accept that for now.

10 years agoMissing check for udp.h added.
Tobias Brunner [Fri, 31 Jul 2009 15:02:53 +0000 (17:02 +0200)]
Missing check for udp.h added.

10 years agoparse RDNs in multiple SEQUENCEs in all SETs of a DN
Martin Willi [Mon, 3 Aug 2009 13:24:48 +0000 (15:24 +0200)]
parse RDNs in multiple SEQUENCEs in all SETs of a DN

10 years agocompare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA
Martin Willi [Mon, 3 Aug 2009 12:37:24 +0000 (14:37 +0200)]
compare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA

10 years agofixed dereferencing bug caused by bool type redefinition
Andreas Steffen [Sun, 2 Aug 2009 14:58:32 +0000 (16:58 +0200)]
fixed dereferencing bug caused by bool type redefinition

10 years agoimplemented query_sa() for PFKEYv2
Andreas Steffen [Sun, 2 Aug 2009 09:46:33 +0000 (11:46 +0200)]
implemented query_sa() for PFKEYv2

10 years agocorrected interface definition
Andreas Steffen [Fri, 31 Jul 2009 06:57:55 +0000 (08:57 +0200)]
corrected interface definition

10 years agoupdate usetime only if usebytes increase
Andreas Steffen [Thu, 30 Jul 2009 21:19:42 +0000 (23:19 +0200)]
update usetime only if usebytes increase

10 years agodisplay transmitted bytes per SA
Andreas Steffen [Thu, 30 Jul 2009 19:33:19 +0000 (21:33 +0200)]
display transmitted bytes per SA

10 years agoHandling of unsupported policy directions (FWD) fixed.
Tobias Brunner [Thu, 30 Jul 2009 12:04:17 +0000 (14:04 +0200)]
Handling of unsupported policy directions (FWD) fixed.

10 years agoEnabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.
Tobias Brunner [Thu, 30 Jul 2009 11:52:08 +0000 (13:52 +0200)]
Enabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.

10 years agoConfigure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP...
Tobias Brunner [Wed, 29 Jul 2009 09:34:47 +0000 (11:34 +0200)]
Configure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP encapsulated ESP packets in the kernel.

10 years agoMake accept(2) and recvfrom(2) cancellation points on Mac OS X.
Tobias Brunner [Fri, 24 Jul 2009 08:58:27 +0000 (10:58 +0200)]
Make accept(2) and recvfrom(2) cancellation points on Mac OS X.

10 years agofixe KW_END_FIRST..KW_END_LAST keyword range
Andreas Steffen [Tue, 28 Jul 2009 13:44:24 +0000 (15:44 +0200)]
fixe KW_END_FIRST..KW_END_LAST keyword range

10 years agoimproved DPD error message
Andreas Steffen [Wed, 22 Jul 2009 20:30:21 +0000 (22:30 +0200)]
improved DPD error message

10 years agoadded file and segment lengths to checksum.c
Andreas Steffen [Tue, 21 Jul 2009 20:23:51 +0000 (22:23 +0200)]
added file and segment lengths to checksum.c

10 years agoversion bump to 4.3.4
Andreas Steffen [Tue, 21 Jul 2009 20:21:52 +0000 (22:21 +0200)]
version bump to 4.3.4

10 years agoversion bump of Linux UML kernel to 2.6.30.2 4.3.3
Andreas Steffen [Tue, 21 Jul 2009 13:51:04 +0000 (15:51 +0200)]
version bump of Linux UML kernel to 2.6.30.2

10 years agofilter objects for segment checksumming by dlpi_name, excludes rare false positives
Martin Willi [Tue, 21 Jul 2009 13:10:24 +0000 (15:10 +0200)]
filter objects for segment checksumming by dlpi_name, excludes rare false positives

10 years agoenumerate executable sections only to build checksum
Martin Willi [Tue, 21 Jul 2009 13:00:18 +0000 (15:00 +0200)]
enumerate executable sections only to build checksum

10 years agoannounce integrity testing only once
Martin Willi [Tue, 21 Jul 2009 12:58:14 +0000 (14:58 +0200)]
announce integrity testing only once

10 years agoFixed GID lookup in cases where the configured group is a prefix of another group.
Tobias Brunner [Mon, 20 Jul 2009 19:20:03 +0000 (21:20 +0200)]
Fixed GID lookup in cases where the configured group is a prefix of another group.

10 years agoFixed installation of config files in out-of-tree builds.
Tobias Brunner [Mon, 20 Jul 2009 19:13:45 +0000 (21:13 +0200)]
Fixed installation of config files in out-of-tree builds.

10 years agoUse the numerical UID/GID to install the config files and create the ipsec.d directories.
Tobias Brunner [Mon, 20 Jul 2009 19:03:05 +0000 (21:03 +0200)]
Use the numerical UID/GID to install the config files and create the ipsec.d directories.

10 years agoTranslate the configured user and group to a numerical UID and GID.
Tobias Brunner [Mon, 20 Jul 2009 19:01:13 +0000 (21:01 +0200)]
Translate the configured user and group to a numerical UID and GID.

10 years agostreamlined integrity test output some more
Andreas Steffen [Sat, 18 Jul 2009 09:23:27 +0000 (11:23 +0200)]
streamlined integrity test output some more

10 years agoadvertise activated integrity tests
Andreas Steffen [Fri, 17 Jul 2009 22:37:35 +0000 (00:37 +0200)]
advertise activated integrity tests

10 years agoadded latest NEWS
Andreas Steffen [Fri, 17 Jul 2009 20:54:23 +0000 (22:54 +0200)]
added latest NEWS

10 years agoadded ikev1/net2net-pgp-v4 scenario
Andreas Steffen [Fri, 17 Jul 2009 20:36:12 +0000 (22:36 +0200)]
added ikev1/net2net-pgp-v4 scenario

10 years agoadapted scenario description for OpenPGP V3 keys
Andreas Steffen [Fri, 17 Jul 2009 20:33:22 +0000 (22:33 +0200)]
adapted scenario description for OpenPGP V3 keys

10 years agoenable crypt debugging in ikev1/esp-alg-camellia scenario
Andreas Steffen [Fri, 17 Jul 2009 19:27:54 +0000 (21:27 +0200)]
enable crypt debugging in ikev1/esp-alg-camellia scenario

10 years agoadded strongswan-2.8.11 and strongswan-4.2.17 VIDs
Andreas Steffen [Fri, 17 Jul 2009 19:19:32 +0000 (21:19 +0200)]
added strongswan-2.8.11 and strongswan-4.2.17 VIDs

10 years agoenable integrity test in all rw-cert scenarios
Andreas Steffen [Fri, 17 Jul 2009 18:52:14 +0000 (20:52 +0200)]
enable integrity test in all rw-cert scenarios

10 years agofix test vector error output
Andreas Steffen [Fri, 17 Jul 2009 18:36:21 +0000 (20:36 +0200)]
fix test vector error output

10 years agostop strongswan if integrity check of libstrongswan or daemon fails
Andreas Steffen [Fri, 17 Jul 2009 18:33:19 +0000 (20:33 +0200)]
stop strongswan if integrity check of libstrongswan or daemon fails

10 years agostreamlined debug output of integrity tests
Andreas Steffen [Fri, 17 Jul 2009 15:00:17 +0000 (17:00 +0200)]
streamlined debug output of integrity tests

10 years agoenforce strongSwan coding rules
Andreas Steffen [Fri, 17 Jul 2009 14:57:07 +0000 (16:57 +0200)]
enforce strongSwan coding rules

10 years agoshortened cypto test output
Andreas Steffen [Fri, 17 Jul 2009 14:36:01 +0000 (16:36 +0200)]
shortened cypto test output

10 years agoaccelerate lookup in non-concatenated pools
Andreas Steffen [Fri, 17 Jul 2009 11:58:29 +0000 (13:58 +0200)]
accelerate lookup in non-concatenated pools

10 years agoadded scenario ikev2/ip-split-pools-db
Andreas Steffen [Fri, 17 Jul 2009 11:38:57 +0000 (13:38 +0200)]
added scenario ikev2/ip-split-pools-db

10 years agoadded sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios
Andreas Steffen [Fri, 17 Jul 2009 09:50:59 +0000 (11:50 +0200)]
added sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios

10 years agocheck for an existing lease over all assigned pools first
Andreas Steffen [Fri, 17 Jul 2009 09:48:35 +0000 (11:48 +0200)]
check for an existing lease over all assigned pools first

10 years agofixed problem with static leases over multiple pools
Andreas Steffen [Thu, 16 Jul 2009 19:53:46 +0000 (21:53 +0200)]
fixed problem with static leases over multiple pools

10 years agoFixing distribution build (checksum.c is created on the user's system).
Tobias Brunner [Thu, 16 Jul 2009 14:50:55 +0000 (16:50 +0200)]
Fixing distribution build (checksum.c is created on the user's system).

10 years agofixed memleak in SQL config lookup
Martin Willi [Thu, 16 Jul 2009 13:59:56 +0000 (15:59 +0200)]
fixed memleak in SQL config lookup

10 years agoCheck for gperf version added to configure script.
Tobias Brunner [Thu, 16 Jul 2009 12:59:30 +0000 (14:59 +0200)]
Check for gperf version added to configure script.

10 years agoraise an alert() if the RADIUS server is not responding
Martin Willi [Wed, 15 Jul 2009 14:13:51 +0000 (16:13 +0200)]
raise an alert() if the RADIUS server is not responding

10 years agoadded an alert() bus hook to raise critical system errors and notifications
Martin Willi [Wed, 15 Jul 2009 14:12:02 +0000 (16:12 +0200)]
added an alert() bus hook to raise critical system errors and notifications

10 years agoTypo fixed.
Tobias Brunner [Thu, 16 Jul 2009 08:59:20 +0000 (10:59 +0200)]
Typo fixed.

10 years agoAdded an option to the configure script to disable building the scripts.
Tobias Brunner [Thu, 16 Jul 2009 08:52:14 +0000 (10:52 +0200)]
Added an option to the configure script to disable building the scripts.

10 years agoRevert "gperf under FreeBSD does not know the -m option."
Tobias Brunner [Thu, 16 Jul 2009 08:09:23 +0000 (10:09 +0200)]
Revert "gperf under FreeBSD does not know the -m option."

This reverts commit 0ead254919c66a1b6a9e39b175f0b92f2a076c12.

10 years agoRemoved an unnecessary include of a header that is not available on Mac OS X.
Tobias Brunner [Wed, 15 Jul 2009 20:39:40 +0000 (22:39 +0200)]
Removed an unnecessary include of a header that is not available on Mac OS X.

10 years agoconversion from ECDSA_WITH_SHAxxx OIDs to signature schemes
Andreas Steffen [Wed, 15 Jul 2009 16:12:40 +0000 (18:12 +0200)]
conversion from ECDSA_WITH_SHAxxx OIDs to signature schemes

10 years agomoved the CFLAGS mangling AC_LIB_PREFIX macro behind CFLAG test
Martin Willi [Wed, 15 Jul 2009 14:04:37 +0000 (16:04 +0200)]
moved the CFLAGS mangling AC_LIB_PREFIX macro behind CFLAG test

10 years agoupdated debian package
Martin Willi [Wed, 15 Jul 2009 12:09:49 +0000 (14:09 +0200)]
updated debian package

10 years agoupdated Standards-Version to 3.8.2
Martin Willi [Wed, 15 Jul 2009 12:01:47 +0000 (14:01 +0200)]
updated Standards-Version to 3.8.2

10 years agoadded ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning
Martin Willi [Wed, 15 Jul 2009 12:00:42 +0000 (14:00 +0200)]
added ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning

10 years agoadded copyright information, fixes copyright-without-copyright-notice lintian warning
Martin Willi [Wed, 15 Jul 2009 11:59:25 +0000 (13:59 +0200)]
added copyright information, fixes copyright-without-copyright-notice lintian warning

10 years agocast pointers to uintptr_t for alignement check
Martin Willi [Wed, 15 Jul 2009 08:07:15 +0000 (10:07 +0200)]
cast pointers to uintptr_t for alignement check

10 years agogperf under FreeBSD does not know the -m option.
Tobias Brunner [Tue, 14 Jul 2009 10:03:12 +0000 (12:03 +0200)]
gperf under FreeBSD does not know the -m option.

We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.

10 years agoCorrected check for valid ASN1 types in rdn_enumerate.
Tobias Brunner [Tue, 14 Jul 2009 09:55:09 +0000 (11:55 +0200)]
Corrected check for valid ASN1 types in rdn_enumerate.

Because of the range of u_char the comparison was always TRUE before.

10 years agoAdded --with-lib-prefix option to the configure script.
Tobias Brunner [Tue, 14 Jul 2009 09:50:24 +0000 (11:50 +0200)]
Added --with-lib-prefix option to the configure script.

This option enables users to add additional search paths for include
files and libraries.

11 years agoadded SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs
Andreas Steffen [Tue, 14 Jul 2009 03:35:01 +0000 (05:35 +0200)]
added SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs

11 years agodouble free caused strange side effects
Andreas Steffen [Mon, 13 Jul 2009 18:28:36 +0000 (20:28 +0200)]
double free caused strange side effects

11 years agoreport installation failure of inbound and/or outbound IPsec SA, separately
Andreas Steffen [Mon, 13 Jul 2009 13:13:12 +0000 (15:13 +0200)]
report installation failure of inbound and/or outbound IPsec SA, separately

11 years agogreat, I got my comma back
Andreas Steffen [Sun, 12 Jul 2009 19:08:37 +0000 (21:08 +0200)]
great, I got my comma back

11 years agoecp_x_coordinate_only option and IKEv1 AEAD support
Andreas Steffen [Sat, 11 Jul 2009 18:04:38 +0000 (20:04 +0200)]
ecp_x_coordinate_only option and IKEv1 AEAD support

11 years agoaddes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios
Andreas Steffen [Sat, 11 Jul 2009 16:44:50 +0000 (18:44 +0200)]
addes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios

11 years agopluto supports AES_CCM and AES_GCM ESP algorithms
Andreas Steffen [Sat, 11 Jul 2009 16:43:09 +0000 (18:43 +0200)]
pluto supports AES_CCM and AES_GCM ESP algorithms

11 years agoput variable definitions up front
Andreas Steffen [Fri, 10 Jul 2009 20:58:47 +0000 (22:58 +0200)]
put variable definitions up front

11 years agocosmetics
Andreas Steffen [Fri, 10 Jul 2009 20:18:26 +0000 (22:18 +0200)]
cosmetics

11 years agoadded listener.h to charon_SOURCES
Andreas Steffen [Fri, 10 Jul 2009 19:43:21 +0000 (21:43 +0200)]
added listener.h to charon_SOURCES

11 years agouse the configured NM connection id as configuration/IKE_SA name
Martin Willi [Fri, 10 Jul 2009 09:01:44 +0000 (11:01 +0200)]
use the configured NM connection id as configuration/IKE_SA name

11 years agofixed state check if establishing the CHILD_SA fails
Martin Willi [Fri, 10 Jul 2009 07:40:02 +0000 (09:40 +0200)]
fixed state check if establishing the CHILD_SA fails

11 years agouse the new updown()/rekey() hooks to track the state of NetworkManager connections
Martin Willi [Fri, 10 Jul 2009 07:37:27 +0000 (09:37 +0200)]
use the new updown()/rekey() hooks to track the state of NetworkManager connections

11 years agoupdate libfreeswan/pfkeyv2.h
Andreas Steffen [Fri, 10 Jul 2009 05:15:08 +0000 (07:15 +0200)]
update libfreeswan/pfkeyv2.h