strongswan.git
10 years agomoved resolve plugin from libcharon to libhydra
Andreas Steffen [Tue, 4 May 2010 21:52:44 +0000 (23:52 +0200)]
moved resolve plugin from libcharon to libhydra

10 years agoDo a proper cleanup when printing usage info.
Tobias Brunner [Tue, 4 May 2010 15:33:35 +0000 (17:33 +0200)]
Do a proper cleanup when printing usage info.

10 years agoMoved syslog.h include.
Tobias Brunner [Tue, 4 May 2010 15:40:10 +0000 (17:40 +0200)]
Moved syslog.h include.

10 years agoCompiler warning fixed.
Tobias Brunner [Tue, 4 May 2010 15:00:43 +0000 (17:00 +0200)]
Compiler warning fixed.

10 years agofixed typo
Andreas Steffen [Tue, 4 May 2010 04:18:10 +0000 (06:18 +0200)]
fixed typo

10 years agoAdd 'flush_line' option to filelog section.
Adrian-Ken Rueegsegger [Sun, 2 May 2010 12:37:16 +0000 (14:37 +0200)]
Add 'flush_line' option to filelog section.

The new boolean 'flush_line' option in the filelog section of
strongswan.conf specifies if log messages should be flushed to the given
file for each new line.

10 years agoUse reqid from connection config if present.
Reto Buerki [Thu, 22 Apr 2010 15:03:30 +0000 (17:03 +0200)]
Use reqid from connection config if present.

10 years agoAdd reqid field and getter function to child_cfg_t.
Reto Buerki [Thu, 22 Apr 2010 15:03:29 +0000 (17:03 +0200)]
Add reqid field and getter function to child_cfg_t.

10 years agoInclude reqid in stroke add connection message.
Reto Buerki [Thu, 22 Apr 2010 15:03:28 +0000 (17:03 +0200)]
Include reqid in stroke add connection message.

10 years agoAdd reqid keyword to config connection section.
Reto Buerki [Thu, 22 Apr 2010 15:03:27 +0000 (17:03 +0200)]
Add reqid keyword to config connection section.

10 years agodelete release files
Andreas Steffen [Mon, 3 May 2010 07:31:22 +0000 (09:31 +0200)]
delete release files

10 years agoversion bump to 4.4.1
Andreas Steffen [Mon, 3 May 2010 07:09:43 +0000 (09:09 +0200)]
version bump to 4.4.1

10 years agoadded getprotobyname to whitelist 4.4.0
Andreas Steffen [Sun, 2 May 2010 19:13:10 +0000 (21:13 +0200)]
added getprotobyname to whitelist

10 years agoremove subnet from sourceip
Andreas Steffen [Sun, 2 May 2010 15:58:36 +0000 (17:58 +0200)]
remove subnet from sourceip

10 years agofinal fix for cloning and deleting sourceip strings
Andreas Steffen [Sun, 2 May 2010 13:55:46 +0000 (15:55 +0200)]
final fix for cloning and deleting sourceip strings

10 years agofixed end->sourceip memory leak in ipsec starter
Andreas Steffen [Sun, 2 May 2010 12:56:35 +0000 (14:56 +0200)]
fixed end->sourceip memory leak in ipsec starter

10 years agoupdated options in testing.conf
Andreas Steffen [Sun, 2 May 2010 09:47:24 +0000 (11:47 +0200)]
updated options in testing.conf

10 years agofixed flex parser memory leaks in ipsec starter
Andreas Steffen [Sun, 2 May 2010 09:40:46 +0000 (11:40 +0200)]
fixed flex parser memory leaks in ipsec starter

10 years agofree config before exiting since library_deinit() calls leak detective
Andreas Steffen [Sun, 2 May 2010 09:00:21 +0000 (11:00 +0200)]
free config before exiting since library_deinit() calls leak detective

10 years agoWe have to rename thread_create on Mac OS X because it conflicts with a syscall.
Tobias Brunner [Thu, 29 Apr 2010 12:44:31 +0000 (14:44 +0200)]
We have to rename thread_create on Mac OS X because it conflicts with a syscall.

10 years agoInitialize libstrongswan in stroke (fixes Vstr logging).
Tobias Brunner [Thu, 29 Apr 2010 12:51:44 +0000 (14:51 +0200)]
Initialize libstrongswan in stroke (fixes Vstr logging).

10 years agoInitialize libstrongswan in starter (fixes Vstr logging).
Tobias Brunner [Thu, 29 Apr 2010 12:33:29 +0000 (14:33 +0200)]
Initialize libstrongswan in starter (fixes Vstr logging).

10 years agoThe mutex of a thread has to be locked when destroying it.
Tobias Brunner [Thu, 29 Apr 2010 11:30:51 +0000 (13:30 +0200)]
The mutex of a thread has to be locked when destroying it.

10 years agoFixing out-of-tree build after adding dependency to config.status.
Tobias Brunner [Thu, 29 Apr 2010 11:29:53 +0000 (13:29 +0200)]
Fixing out-of-tree build after adding dependency to config.status.

10 years agoUsers of PLUGINS depend on config.status, rebuilding them if plugin configuration...
Martin Willi [Thu, 29 Apr 2010 09:28:27 +0000 (11:28 +0200)]
Users of PLUGINS depend on config.status, rebuilding them if plugin configuration is updated

10 years agoFixed RSA key generation with gcrypt
Martin Willi [Thu, 29 Apr 2010 07:51:37 +0000 (09:51 +0200)]
Fixed RSA key generation with gcrypt

10 years agoPEM encoder supports encoding from RSA components directly, allowing gcrypt plugin...
Martin Willi [Thu, 29 Apr 2010 07:36:45 +0000 (09:36 +0200)]
PEM encoder supports encoding from RSA components directly, allowing gcrypt plugin to encode in PEM

10 years agoadded AES-GMAC support to NEWS
Andreas Steffen [Thu, 29 Apr 2010 05:41:30 +0000 (07:41 +0200)]
added AES-GMAC support to NEWS

10 years agodo not destroy whack_attr if it hasn't been initialized
Andreas Steffen [Thu, 29 Apr 2010 05:28:51 +0000 (07:28 +0200)]
do not destroy whack_attr if it hasn't been initialized

10 years agoadded debug output argument
Andreas Steffen [Wed, 28 Apr 2010 10:27:45 +0000 (12:27 +0200)]
added debug output argument

10 years agoReintroduce to_referer(), redirect() does not work with get_referer()
Martin Willi [Wed, 28 Apr 2010 07:03:08 +0000 (09:03 +0200)]
Reintroduce to_referer(), redirect() does not work with get_referer()

10 years agoUse a 301 permanent redirect if no controller given
Martin Willi [Mon, 26 Apr 2010 07:41:10 +0000 (09:41 +0200)]
Use a 301 permanent redirect if no controller given

10 years agoadded ikev1/alg-esp-aes-gmac scenario
Andreas Steffen [Tue, 27 Apr 2010 11:48:37 +0000 (13:48 +0200)]
added ikev1/alg-esp-aes-gmac scenario

10 years agoadded AES_GMAC output string
Andreas Steffen [Tue, 27 Apr 2010 11:47:11 +0000 (13:47 +0200)]
added AES_GMAC output string

10 years agoadded ikev2/alg-esp-aes-gmac scenario
Andreas Steffen [Tue, 27 Apr 2010 11:13:10 +0000 (13:13 +0200)]
added ikev2/alg-esp-aes-gmac scenario

10 years agoadded ikev1/alg-modp-subgroup scenario
Andreas Steffen [Fri, 23 Apr 2010 13:23:54 +0000 (15:23 +0200)]
added ikev1/alg-modp-subgroup scenario

10 years agoadded ikev2/alg-modp-subgroup scenario
Andreas Steffen [Fri, 23 Apr 2010 13:03:16 +0000 (15:03 +0200)]
added ikev2/alg-modp-subgroup scenario

10 years agoinclude dhcp-client-identifier in the DHCP request
Andreas Steffen [Fri, 23 Apr 2010 10:57:43 +0000 (12:57 +0200)]
include dhcp-client-identifier in the DHCP request

10 years agoadded ikev2/dhcp-static-client-id scenario
Andreas Steffen [Fri, 23 Apr 2010 10:56:59 +0000 (12:56 +0200)]
added ikev2/dhcp-static-client-id scenario

10 years agofixed optional dnsmasq.conf in the ikev2/dhcp-static-mac scenario
Andreas Steffen [Fri, 23 Apr 2010 10:38:30 +0000 (12:38 +0200)]
fixed optional dnsmasq.conf in the ikev2/dhcp-static-mac scenario

10 years agoadded ikev2/dhcp-static-mac scenario
Andreas Steffen [Fri, 23 Apr 2010 10:33:11 +0000 (12:33 +0200)]
added ikev2/dhcp-static-mac scenario

10 years agoadded ikev2/dhcp-dynamic scenario
Andreas Steffen [Fri, 23 Apr 2010 09:52:37 +0000 (11:52 +0200)]
added ikev2/dhcp-dynamic scenario

10 years agomake DHCP debug messages consistent
Andreas Steffen [Fri, 23 Apr 2010 05:37:16 +0000 (07:37 +0200)]
make DHCP debug messages consistent

10 years agofixed typo
Andreas Steffen [Thu, 22 Apr 2010 22:02:13 +0000 (00:02 +0200)]
fixed typo

10 years agoIgnore DH exchange in CHILD_SA rekeying if the selected proposal contains no DH group
Martin Willi [Wed, 21 Apr 2010 06:40:55 +0000 (08:40 +0200)]
Ignore DH exchange in CHILD_SA rekeying if the selected proposal contains no DH group

10 years agofixed segfault in pluto with multiple ISAKMP SAs in delete payload
Heiko Hund [Tue, 20 Apr 2010 19:22:50 +0000 (21:22 +0200)]
fixed segfault in pluto with multiple ISAKMP SAs in delete payload

10 years agoAdded support for DH groups 22, 23 and 24, patch contributed by Joy Latten
Martin Willi [Mon, 19 Apr 2010 12:41:20 +0000 (14:41 +0200)]
Added support for DH groups 22, 23 and 24, patch contributed by Joy Latten

10 years agoAccept DHCP replies on bootps port, as we act as a relay agent if server address...
Martin Willi [Mon, 19 Apr 2010 09:16:36 +0000 (11:16 +0200)]
Accept DHCP replies on bootps port, as we act as a relay agent if server address configured

10 years agoIntegrating libhydra into the Android build system.
Tobias Brunner [Mon, 12 Apr 2010 14:47:47 +0000 (16:47 +0200)]
Integrating libhydra into the Android build system.

10 years agoUse openssl in Android by default.
Tobias Brunner [Mon, 12 Apr 2010 13:54:48 +0000 (15:54 +0200)]
Use openssl in Android by default.

10 years agoWhen logging to the database, the IDs of an IKE SA are initially NULL.
Tobias Brunner [Mon, 12 Apr 2010 11:51:10 +0000 (13:51 +0200)]
When logging to the database, the IDs of an IKE SA are initially NULL.

10 years agofixed silly bug
Andreas Steffen [Mon, 12 Apr 2010 09:25:46 +0000 (11:25 +0200)]
fixed silly bug

10 years agoupdated DER versions of research and sales CAs
Andreas Steffen [Sun, 11 Apr 2010 20:00:01 +0000 (22:00 +0200)]
updated DER versions of research and sales CAs

10 years agoimplemented inheritance of virtual IP assigned by Mode Config on the responder side
Andreas Steffen [Sun, 11 Apr 2010 17:19:20 +0000 (19:19 +0200)]
implemented inheritance of virtual IP assigned by Mode Config on the responder side

10 years agoadded ikev1/ip-two-pools-mixed scenario
Andreas Steffen [Sun, 11 Apr 2010 15:05:42 +0000 (17:05 +0200)]
added ikev1/ip-two-pools-mixed scenario

10 years agoadded support of RAM-based pools to NEWS
Andreas Steffen [Sun, 11 Apr 2010 14:29:39 +0000 (16:29 +0200)]
added support of RAM-based pools to NEWS

10 years agoIKEv1 uses Mode Config payload
Andreas Steffen [Sun, 11 Apr 2010 14:09:09 +0000 (16:09 +0200)]
IKEv1 uses Mode Config payload

10 years agoadded ikev1/ip-two-pools scenario
Andreas Steffen [Sun, 11 Apr 2010 14:05:54 +0000 (16:05 +0200)]
added ikev1/ip-two-pools scenario

10 years agoremove virtual interfaces after scenario
Andreas Steffen [Sun, 11 Apr 2010 14:05:04 +0000 (16:05 +0200)]
remove virtual interfaces after scenario

10 years agoadded ikev1/ip-pool scenario
Andreas Steffen [Sun, 11 Apr 2010 12:40:04 +0000 (14:40 +0200)]
added ikev1/ip-pool scenario

10 years agoshow in-memory pools in ipsec statusall
Andreas Steffen [Sun, 11 Apr 2010 09:46:47 +0000 (11:46 +0200)]
show in-memory pools in ipsec statusall

10 years agoadded missing curly brackets
Andreas Steffen [Sat, 10 Apr 2010 22:49:04 +0000 (00:49 +0200)]
added missing curly brackets

10 years agosupport in-memory pools in swapped connection definitions
Andreas Steffen [Sat, 10 Apr 2010 22:26:49 +0000 (00:26 +0200)]
support in-memory pools in swapped connection definitions

10 years agoFixed OpenSSL engine_id setting, i.e. do not use 'library.' prefix for settings in...
Tobias Brunner [Sat, 10 Apr 2010 10:10:04 +0000 (12:10 +0200)]
Fixed OpenSSL engine_id setting, i.e. do not use 'library.' prefix for settings in libstrongswan.

10 years agopluto now requires attr plugin for dns and nbns server loading from strongswan.conf
Andreas Steffen [Fri, 9 Apr 2010 19:03:32 +0000 (21:03 +0200)]
pluto now requires attr plugin for dns and nbns server loading from strongswan.conf

10 years agoStore DH generator in a chunk, hide non-public data in a private struct
Martin Willi [Thu, 8 Apr 2010 13:08:35 +0000 (15:08 +0200)]
Store DH generator in a chunk, hide non-public data in a private struct

10 years agorecovered private keys of no CDP certificates
Andreas Steffen [Wed, 7 Apr 2010 17:37:53 +0000 (19:37 +0200)]
recovered private keys of no CDP certificates

10 years agorecovered lost Duck CA certificates
Andreas Steffen [Wed, 7 Apr 2010 17:30:33 +0000 (19:30 +0200)]
recovered lost Duck CA certificates

10 years agoMigrated scepclient/openac logging hooks to new signature
Martin Willi [Wed, 7 Apr 2010 13:51:55 +0000 (15:51 +0200)]
Migrated scepclient/openac logging hooks to new signature

10 years agoRemove to_referer() method, as it fails if no referer was given
Martin Willi [Wed, 7 Apr 2010 13:36:22 +0000 (15:36 +0200)]
Remove to_referer() method, as it fails if no referer was given

10 years agoRenamed clone function to avoid name clash with uclibc
Martin Willi [Wed, 7 Apr 2010 12:54:22 +0000 (14:54 +0200)]
Renamed clone function to avoid name clash with uclibc

10 years agoNEWS about HA plugin
Martin Willi [Wed, 7 Apr 2010 12:16:52 +0000 (14:16 +0200)]
NEWS about HA plugin

10 years agoUpdated HA plugin to new APIs
Martin Willi [Mon, 22 Mar 2010 10:25:27 +0000 (10:25 +0000)]
Updated HA plugin to new APIs

10 years agoUpdated location of traffic selector header
Martin Willi [Fri, 19 Mar 2010 18:06:53 +0000 (19:06 +0100)]
Updated location of traffic selector header

10 years agoMoved ha plugin to libcharon
Martin Willi [Fri, 19 Mar 2010 18:03:46 +0000 (19:03 +0100)]
Moved ha plugin to libcharon

10 years agoMake resync/monitoring functionality optional
Martin Willi [Wed, 30 Sep 2009 14:23:58 +0000 (16:23 +0200)]
Make resync/monitoring functionality optional

10 years agoListen to ike_updown/rekey hook instead of ike_state_change
Martin Willi [Wed, 30 Sep 2009 09:48:15 +0000 (11:48 +0200)]
Listen to ike_updown/rekey hook instead of ike_state_change

10 years agoRequest a complete resync after daemon startup
Martin Willi [Wed, 30 Sep 2009 09:04:22 +0000 (11:04 +0200)]
Request a complete resync after daemon startup

10 years agoDo not automatically take over segments, as we need to resync first
Martin Willi [Wed, 30 Sep 2009 08:36:27 +0000 (10:36 +0200)]
Do not automatically take over segments, as we need to resync first

10 years agoDrop overlapping segments only if we have no active SAs on it
Martin Willi [Tue, 29 Sep 2009 14:40:58 +0000 (16:40 +0200)]
Drop overlapping segments only if we have no active SAs on it

10 years agoDo not install iptables rules, they should stay active after shutdown
Martin Willi [Tue, 29 Sep 2009 14:05:46 +0000 (16:05 +0200)]
Do not install iptables rules, they should stay active after shutdown

10 years agoTake over all segments if heartbeat becomes silent
Martin Willi [Tue, 29 Sep 2009 14:04:51 +0000 (16:04 +0200)]
Take over all segments if heartbeat becomes silent

10 years agoRenamed ha-sync plugin to ha
Martin Willi [Tue, 29 Sep 2009 10:56:10 +0000 (12:56 +0200)]
Renamed ha-sync plugin to ha

10 years agoTry to send HA sync messages synchronously
Martin Willi [Tue, 29 Sep 2009 09:31:24 +0000 (11:31 +0200)]
Try to send HA sync messages synchronously

10 years agoDo not sync a delete for a child in a destroying IKE_SA
Martin Willi [Tue, 29 Sep 2009 09:30:44 +0000 (11:30 +0200)]
Do not sync a delete for a child in a destroying IKE_SA

10 years agoInclude ICMP traffic in sync tunnel
Martin Willi [Tue, 29 Sep 2009 08:43:47 +0000 (10:43 +0200)]
Include ICMP traffic in sync tunnel

10 years agoRefactored segment enabling/disabling
Martin Willi [Tue, 29 Sep 2009 08:34:04 +0000 (10:34 +0200)]
Refactored segment enabling/disabling

10 years agoUse a connected UDP socket
Martin Willi [Tue, 29 Sep 2009 06:53:58 +0000 (08:53 +0200)]
Use a connected UDP socket

10 years agoRemoved obsolete socket subclasses
Martin Willi [Mon, 28 Sep 2009 12:49:16 +0000 (14:49 +0200)]
Removed obsolete socket subclasses

10 years agoAutomatically segment cluster using periodically sent status messages
Martin Willi [Mon, 28 Sep 2009 12:31:39 +0000 (14:31 +0200)]
Automatically segment cluster using periodically sent status messages

10 years agoDo not enable/disable our own sync tunnel
Martin Willi [Wed, 23 Sep 2009 12:04:32 +0000 (14:04 +0200)]
Do not enable/disable our own sync tunnel

10 years agoEnable/disable inactive/active segments only
Martin Willi [Wed, 23 Sep 2009 08:42:05 +0000 (10:42 +0200)]
Enable/disable inactive/active segments only

10 years agoDeactivate all active segments before shutting down
Martin Willi [Tue, 22 Sep 2009 15:10:25 +0000 (17:10 +0200)]
Deactivate all active segments before shutting down

10 years agoHA kernel interface can mangle netfilter rules, currently with iptables invocation
Martin Willi [Tue, 22 Sep 2009 14:51:47 +0000 (16:51 +0200)]
HA kernel interface can mangle netfilter rules, currently with iptables invocation

10 years agoAdded support for kernel segment manipulation
Martin Willi [Tue, 22 Sep 2009 13:19:43 +0000 (15:19 +0200)]
Added support for kernel segment manipulation

10 years agoMoved segment configuration parsing to ha_sync_plugin
Martin Willi [Tue, 22 Sep 2009 12:53:03 +0000 (14:53 +0200)]
Moved segment configuration parsing to ha_sync_plugin

10 years agoPropagate segment manipulation to cluster node
Martin Willi [Tue, 22 Sep 2009 12:33:38 +0000 (14:33 +0200)]
Propagate segment manipulation to cluster node

10 years agoSegment manipulation in HA sync is thread save
Martin Willi [Tue, 22 Sep 2009 12:32:52 +0000 (14:32 +0200)]
Segment manipulation in HA sync is thread save

10 years agoPassing 0 to segments->(de-)activate enables/disables all segments
Martin Willi [Tue, 15 Sep 2009 14:19:39 +0000 (16:19 +0200)]
Passing 0 to segments->(de-)activate enables/disables all segments

10 years agoseparated auto-tunnel functionality from socket
Martin Willi [Tue, 15 Sep 2009 12:52:56 +0000 (14:52 +0200)]
separated auto-tunnel functionality from socket