strongswan.git
10 years agostarter: Some whitespace cleanup.
Tobias Brunner [Mon, 30 Aug 2010 06:58:56 +0000 (08:58 +0200)]
starter: Some whitespace cleanup.

10 years agopluto: Added PLUTO_UDP_ENC argument to updown script.
Tobias Brunner [Mon, 30 Aug 2010 06:54:38 +0000 (08:54 +0200)]
pluto: Added PLUTO_UDP_ENC argument to updown script.

This contains the remote UDP port in case of UDP encapsulated ESP.

10 years agopluto: Return value fixed.
Tobias Brunner [Mon, 30 Aug 2010 06:47:13 +0000 (08:47 +0200)]
pluto: Return value fixed.

10 years agopluto: Removed bare shunt table.
Tobias Brunner [Wed, 18 Aug 2010 07:41:04 +0000 (09:41 +0200)]
pluto: Removed bare shunt table.

10 years agoDo not install routes for pluto.
Tobias Brunner [Tue, 17 Aug 2010 07:48:59 +0000 (09:48 +0200)]
Do not install routes for pluto.

There are some incompatibilities with e.g. passthrough policies.
Pluto installs required source routes via updown script.

10 years agopluto: Handle changed NAT mappings via libhydra's kernel interface.
Tobias Brunner [Mon, 16 Aug 2010 17:07:30 +0000 (19:07 +0200)]
pluto: Handle changed NAT mappings via libhydra's kernel interface.

10 years agopluto: Removed no_klips flag (--noklips option).
Tobias Brunner [Mon, 16 Aug 2010 13:53:56 +0000 (15:53 +0200)]
pluto: Removed no_klips flag (--noklips option).

10 years agopluto: Removed references to KLIPS from documentation, log messages and comments.
Tobias Brunner [Mon, 16 Aug 2010 12:32:55 +0000 (14:32 +0200)]
pluto: Removed references to KLIPS from documentation, log messages and comments.

10 years agopluto: Added --debug-kernel as alias for --debug-klips.
Tobias Brunner [Mon, 16 Aug 2010 12:59:23 +0000 (14:59 +0200)]
pluto: Added --debug-kernel as alias for --debug-klips.

10 years agopluto: Replaced DBG_KLIPS with DBG_KERNEL.
Tobias Brunner [Mon, 16 Aug 2010 12:07:09 +0000 (14:07 +0200)]
pluto: Replaced DBG_KLIPS with DBG_KERNEL.

10 years agopluto: Removed the KLIPS preprocessor flag.
Tobias Brunner [Mon, 16 Aug 2010 12:02:25 +0000 (14:02 +0200)]
pluto: Removed the KLIPS preprocessor flag.

10 years agopluto: Removed unneeded kernel abstractions.
Tobias Brunner [Mon, 16 Aug 2010 09:26:31 +0000 (11:26 +0200)]
pluto: Removed unneeded kernel abstractions.

10 years agopluto: Completely removed struct kernel_ops.
Tobias Brunner [Mon, 16 Aug 2010 09:12:57 +0000 (11:12 +0200)]
pluto: Completely removed struct kernel_ops.

10 years agopluto: Refactored PF_KEY capabilities registration.
Tobias Brunner [Mon, 16 Aug 2010 08:33:37 +0000 (10:33 +0200)]
pluto: Refactored PF_KEY capabilities registration.

Although we use the kernel interface from libhydra we still need this to make
the available algorithms known to pluto.

10 years agopluto: Removed unneeded functions from PF_KEY interface.
Tobias Brunner [Wed, 11 Aug 2010 11:51:03 +0000 (13:51 +0200)]
pluto: Removed unneeded functions from PF_KEY interface.

We still use the algorithm registration.

10 years agopluto: Completely removed orphaned_holds.
Tobias Brunner [Tue, 10 Aug 2010 15:36:38 +0000 (17:36 +0200)]
pluto: Completely removed orphaned_holds.

10 years agoScheduler and processor have been moved to libstrongswan.
Tobias Brunner [Tue, 3 Aug 2010 16:57:30 +0000 (18:57 +0200)]
Scheduler and processor have been moved to libstrongswan.

Also reverts 0c21dc000d3cd5c82eb22c4481e6459978456364 as the dependency
to libcharon is no longer required.

10 years agopluto: Install IN policy of a shunt eroute with protocol.
Tobias Brunner [Tue, 10 Aug 2010 13:09:13 +0000 (15:09 +0200)]
pluto: Install IN policy of a shunt eroute with protocol.

10 years agopluto: Fixed byte-order of ports in traffic selectors.
Tobias Brunner [Tue, 3 Aug 2010 14:40:41 +0000 (16:40 +0200)]
pluto: Fixed byte-order of ports in traffic selectors.

10 years agotesting: Print output of 'make oldconfig' to STDOUT, besides logging it.
Tobias Brunner [Tue, 10 Aug 2010 13:06:41 +0000 (15:06 +0200)]
testing: Print output of 'make oldconfig' to STDOUT, besides logging it.

10 years agotesting: Only sleep after a host has actually been started.
Tobias Brunner [Tue, 3 Aug 2010 14:37:12 +0000 (16:37 +0200)]
testing: Only sleep after a host has actually been started.

10 years agotesting: Build strongSwan a bit faster using make -j.
Tobias Brunner [Tue, 3 Aug 2010 14:34:47 +0000 (16:34 +0200)]
testing: Build strongSwan a bit faster using make -j.

10 years agotesting: Force the UML Kernel to x86.
Tobias Brunner [Tue, 3 Aug 2010 14:33:55 +0000 (16:33 +0200)]
testing: Force the UML Kernel to x86.

10 years agotesting: Adding kernel-netlink to pluto.load statements.
Tobias Brunner [Tue, 3 Aug 2010 11:05:33 +0000 (13:05 +0200)]
testing: Adding kernel-netlink to pluto.load statements.

10 years agotesting: Added missing host alice to test.conf.
Tobias Brunner [Tue, 3 Aug 2010 11:30:16 +0000 (13:30 +0200)]
testing: Added missing host alice to test.conf.

10 years agoCharon specific strongswan.conf options generalized.
Tobias Brunner [Tue, 3 Aug 2010 10:23:14 +0000 (12:23 +0200)]
Charon specific strongswan.conf options generalized.

10 years agopluto: Listen for kernel events via libhydra's kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:58:47 +0000 (11:58 +0200)]
pluto: Listen for kernel events via libhydra's kernel interface.

10 years agopluto: Adapted kernel.c to changed kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:53:40 +0000 (11:53 +0200)]
pluto: Adapted kernel.c to changed kernel interface.

10 years agoAdapted child_sa_t to changed kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:50:56 +0000 (11:50 +0200)]
Adapted child_sa_t to changed kernel interface.

10 years agoFixing installation of trap policies (SPI=0) in kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:49:28 +0000 (11:49 +0200)]
Fixing installation of trap policies (SPI=0) in kernel interface.

10 years agopluto: Do not close all file descriptors on startup, just redirect stdin, stdout...
Tobias Brunner [Fri, 30 Jul 2010 10:16:24 +0000 (12:16 +0200)]
pluto: Do not close all file descriptors on startup, just redirect stdin, stdout and stderr to /dev/null.

Otherwise the pipe used to synchronize pluto->events with the main
thread would be closed.

10 years agopluto: Added a generic event queue.
Tobias Brunner [Fri, 30 Jul 2010 09:51:15 +0000 (11:51 +0200)]
pluto: Added a generic event queue.

This allows to easily execute arbitrary callbacks in the context of the pluto
main thread (e.g. in order to synchronize with threads from the thread-pool).

10 years agopluto: Fixed the reqid that is passed to the updown script.
Tobias Brunner [Thu, 29 Jul 2010 11:37:39 +0000 (13:37 +0200)]
pluto: Fixed the reqid that is passed to the updown script.

10 years agopluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 11:36:23 +0000 (13:36 +0200)]
pluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.

10 years agopluto: Removed unneeded get_proto_reqid.
Tobias Brunner [Thu, 29 Jul 2010 11:33:48 +0000 (13:33 +0200)]
pluto: Removed unneeded get_proto_reqid.

We will use the same reqid for all protocols, as in charon.

10 years agopluto: Added missing return_on in out_sa.
Tobias Brunner [Thu, 29 Jul 2010 10:24:18 +0000 (12:24 +0200)]
pluto: Added missing return_on in out_sa.

10 years agopluto: Use time_monotonic() instead of time() for use time calculation.
Tobias Brunner [Thu, 29 Jul 2010 10:19:48 +0000 (12:19 +0200)]
pluto: Use time_monotonic() instead of time() for use time calculation.

That's because get_sa_info now returns a monotonic timestamp.

10 years agopluto: Removed KLIPS specific code from was_eroute_idle.
Tobias Brunner [Thu, 29 Jul 2010 16:09:44 +0000 (18:09 +0200)]
pluto: Removed KLIPS specific code from was_eroute_idle.

10 years agopluto: Migrated get_sa_info to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 10:19:03 +0000 (12:19 +0200)]
pluto: Migrated get_sa_info to libhydra's kernel interface.

10 years agopluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 09:24:46 +0000 (11:24 +0200)]
pluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.

10 years agopluto: Adapted sag_eroute to the new signature of eroute_connection.
Tobias Brunner [Thu, 29 Jul 2010 09:01:30 +0000 (11:01 +0200)]
pluto: Adapted sag_eroute to the new signature of eroute_connection.

10 years agopluto: Migrated raw_eroute to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 08:41:36 +0000 (10:41 +0200)]
pluto: Migrated raw_eroute to libhydra's kernel interface.

This introduces a new struct to pass the protocol information like spis.
Also adapted eroute_connection and the simple calls of raw_eroute to
the new signature.

10 years agopluto: Added a function to create a traffic_selector_t from an ip_subnet.
Tobias Brunner [Thu, 29 Jul 2010 08:46:45 +0000 (10:46 +0200)]
pluto: Added a function to create a traffic_selector_t from an ip_subnet.

10 years agopluto: Migrated update_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Tue, 27 Jul 2010 17:13:51 +0000 (19:13 +0200)]
pluto: Migrated update_ipsec_sa to libhydra's kernel interface.

10 years agopluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.
Tobias Brunner [Tue, 27 Jul 2010 16:05:38 +0000 (18:05 +0200)]
pluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.

10 years agopluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.
Tobias Brunner [Tue, 27 Jul 2010 16:01:40 +0000 (18:01 +0200)]
pluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.

10 years agoDo not overwrite the original mode when installing policies.
Tobias Brunner [Tue, 27 Jul 2010 15:38:03 +0000 (17:38 +0200)]
Do not overwrite the original mode when installing policies.

The mode is later used to decide if a route has to be installed.

10 years agopluto: Removed KLIPS specific algorithm detection.
Tobias Brunner [Mon, 26 Jul 2010 08:41:18 +0000 (10:41 +0200)]
pluto: Removed KLIPS specific algorithm detection.

10 years agopluto: Removed KLIPS specific bare shunt scanning.
Tobias Brunner [Tue, 20 Jul 2010 11:25:29 +0000 (13:25 +0200)]
pluto: Removed KLIPS specific bare shunt scanning.

10 years agoAdded support for different policy types in kernel_netlink plugin.
Tobias Brunner [Mon, 19 Jul 2010 16:50:19 +0000 (18:50 +0200)]
Added support for different policy types in kernel_netlink plugin.

10 years agoAdded an option to specify the type of a policy to kernel_ipsec.add_policy.
Tobias Brunner [Mon, 19 Jul 2010 16:38:29 +0000 (18:38 +0200)]
Added an option to specify the type of a policy to kernel_ipsec.add_policy.

This will later allow us to support pluto's passthrough and drop
policies in charon.

10 years agopluto: Migrated get_my_cpi to libhydra's kernel interface.
Tobias Brunner [Mon, 19 Jul 2010 08:19:29 +0000 (10:19 +0200)]
pluto: Migrated get_my_cpi to libhydra's kernel interface.

10 years agopluto: Migrated get_ipsec_spi to libhydra's kernel interface.
Tobias Brunner [Thu, 15 Jul 2010 12:10:25 +0000 (14:10 +0200)]
pluto: Migrated get_ipsec_spi to libhydra's kernel interface.

10 years agoAdded support for combined IPComp/ESP/AH policies in kernel_netlink plugin.
Tobias Brunner [Mon, 19 Jul 2010 10:31:39 +0000 (12:31 +0200)]
Added support for combined IPComp/ESP/AH policies in kernel_netlink plugin.

10 years agoReplaced the protocol argument in add_policy with an optional SPI for an AH SA.
Tobias Brunner [Mon, 19 Jul 2010 09:25:47 +0000 (11:25 +0200)]
Replaced the protocol argument in add_policy with an optional SPI for an AH SA.

10 years agoInitialize the thread pool in pluto.
Tobias Brunner [Tue, 13 Jul 2010 11:18:04 +0000 (13:18 +0200)]
Initialize the thread pool in pluto.

10 years agoRefer to scheduler and processor via lib and not hydra.
Tobias Brunner [Thu, 15 Jul 2010 12:49:41 +0000 (14:49 +0200)]
Refer to scheduler and processor via lib and not hydra.

10 years agoMoved scheduler and thread pool to libstrongswan.
Tobias Brunner [Thu, 15 Jul 2010 12:26:19 +0000 (14:26 +0200)]
Moved scheduler and thread pool to libstrongswan.

10 years agoMoved all kernel plugins to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 16:10:16 +0000 (18:10 +0200)]
Moved all kernel plugins to libhydra.

10 years agoMoved ipsec_transform_t to kernel_ipsec.h in libhydra.
Tobias Brunner [Mon, 12 Jul 2010 15:40:37 +0000 (17:40 +0200)]
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.

Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.

10 years agoRefer to kernel interface via hydra and not charon.
Tobias Brunner [Mon, 12 Jul 2010 09:14:54 +0000 (11:14 +0200)]
Refer to kernel interface via hydra and not charon.

10 years agoMoved kernel interface to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 08:57:46 +0000 (10:57 +0200)]
Moved kernel interface to libhydra.

10 years agoRemoved references to protocol_id_t from kernel interface.
Tobias Brunner [Mon, 12 Jul 2010 08:35:19 +0000 (10:35 +0200)]
Removed references to protocol_id_t from kernel interface.

Instead we use the actual IP protocol identifier (the conversion now happens in
child_sa_t and kernel_handler_t).

10 years agoMigrated child_sa_t to INIT/METHOD macros.
Tobias Brunner [Mon, 12 Jul 2010 07:38:39 +0000 (09:38 +0200)]
Migrated child_sa_t to INIT/METHOD macros.

10 years agoMoved roam job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 14:03:09 +0000 (16:03 +0200)]
Moved roam job creation to kernel event handler.

10 years agoRefer to scheduler via hydra and not charon.
Tobias Brunner [Tue, 6 Jul 2010 11:23:42 +0000 (13:23 +0200)]
Refer to scheduler via hydra and not charon.

10 years agoMoved scheduler_t to libhydra.
Tobias Brunner [Tue, 6 Jul 2010 11:13:39 +0000 (13:13 +0200)]
Moved scheduler_t to libhydra.

10 years agoMoved migrate job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:46:40 +0000 (12:46 +0200)]
Moved migrate job creation to kernel event handler.

10 years agoMoved update SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:34:15 +0000 (12:34 +0200)]
Moved update SA job creation to kernel event handler.

10 years agoMoved delete/rekey CHILD_SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:09:06 +0000 (12:09 +0200)]
Moved delete/rekey CHILD_SA job creation to kernel event handler.

10 years agoMoved acquire job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 09:50:43 +0000 (11:50 +0200)]
Moved acquire job creation to kernel event handler.

10 years agoAdded kernel event handler stub.
Tobias Brunner [Tue, 6 Jul 2010 09:36:58 +0000 (11:36 +0200)]
Added kernel event handler stub.

10 years agoAll kernel listener hooks are optional.
Tobias Brunner [Tue, 6 Jul 2010 14:09:06 +0000 (16:09 +0200)]
All kernel listener hooks are optional.

10 years agoAdded listener handling to kernel interface.
Tobias Brunner [Tue, 6 Jul 2010 11:02:01 +0000 (13:02 +0200)]
Added listener handling to kernel interface.

10 years agoAdded an interface for kernel event listeners.
Tobias Brunner [Tue, 6 Jul 2010 07:28:12 +0000 (09:28 +0200)]
Added an interface for kernel event listeners.

10 years agoSome minor comment fixes.
Tobias Brunner [Tue, 6 Jul 2010 08:48:55 +0000 (10:48 +0200)]
Some minor comment fixes.

10 years agoSome whitespace and code style fixes.
Tobias Brunner [Mon, 5 Jul 2010 16:52:50 +0000 (18:52 +0200)]
Some whitespace and code style fixes.

10 years agoDo not include files from libcharon in libhydra.
Tobias Brunner [Mon, 5 Jul 2010 16:49:41 +0000 (18:49 +0200)]
Do not include files from libcharon in libhydra.

10 years agoMove callback_job_t to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 13:32:54 +0000 (15:32 +0200)]
Move callback_job_t to libhydra.

10 years agoFixing Doxygen groups after moving processor.
Tobias Brunner [Mon, 5 Jul 2010 13:24:58 +0000 (15:24 +0200)]
Fixing Doxygen groups after moving processor.

10 years agoRefer to processor via hydra and not charon.
Tobias Brunner [Mon, 5 Jul 2010 11:52:05 +0000 (13:52 +0200)]
Refer to processor via hydra and not charon.

10 years agoMove processor_t (thread-pool) to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 11:46:04 +0000 (13:46 +0200)]
Move processor_t (thread-pool) to libhydra.

10 years agoSupport different hash/sig algorithms in handshake signing, including ECDSA
Martin Willi [Thu, 2 Sep 2010 08:29:32 +0000 (10:29 +0200)]
Support different hash/sig algorithms in handshake signing, including ECDSA

10 years agoAdded TLS ClientCertificateType identifiers
Martin Willi [Thu, 2 Sep 2010 08:05:11 +0000 (10:05 +0200)]
Added TLS ClientCertificateType identifiers

10 years agoAdded TLS specific Hash and Signature Algorithm identifiers
Martin Willi [Thu, 2 Sep 2010 07:21:45 +0000 (09:21 +0200)]
Added TLS specific Hash and Signature Algorithm identifiers

10 years agoFixed typos in tls_writer method descriptions
Martin Willi [Thu, 2 Sep 2010 08:28:51 +0000 (10:28 +0200)]
Fixed typos in tls_writer method descriptions

10 years agoRespect key types in stroke key/certificate backend
Martin Willi [Thu, 2 Sep 2010 10:37:27 +0000 (12:37 +0200)]
Respect key types in stroke key/certificate backend

10 years agoAdded an enumerator for registered credential builders
Martin Willi [Thu, 2 Sep 2010 07:46:09 +0000 (09:46 +0200)]
Added an enumerator for registered credential builders

10 years agoMigrated credential_factory to INIT/METHOD macros
Martin Willi [Thu, 2 Sep 2010 07:30:48 +0000 (09:30 +0200)]
Migrated credential_factory to INIT/METHOD macros

10 years agoadapted evaltest.dat to new RULE_OCSP_VALIDATION
Andreas Steffen [Wed, 1 Sep 2010 20:22:27 +0000 (22:22 +0200)]
adapted evaltest.dat to new RULE_OCSP_VALIDATION

10 years agocosmetics in debug output
Andreas Steffen [Wed, 1 Sep 2010 12:30:14 +0000 (14:30 +0200)]
cosmetics in debug output

10 years agodefined aaa_identity
Andreas Steffen [Tue, 31 Aug 2010 22:16:19 +0000 (00:16 +0200)]
defined aaa_identity

10 years agoincrease number of message due to large certificate payloads
Andreas Steffen [Tue, 31 Aug 2010 22:11:23 +0000 (00:11 +0200)]
increase number of message due to large certificate payloads

10 years agoclarified debug output
Andreas Steffen [Tue, 31 Aug 2010 21:22:39 +0000 (23:22 +0200)]
clarified debug output

10 years agofixed typo
Andreas Steffen [Tue, 31 Aug 2010 19:42:14 +0000 (21:42 +0200)]
fixed typo

10 years agoDo not process any more TLS handshake messages on fatal alerts
Martin Willi [Tue, 31 Aug 2010 16:08:46 +0000 (18:08 +0200)]
Do not process any more TLS handshake messages on fatal alerts

10 years agoLoad a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
Martin Willi [Tue, 31 Aug 2010 16:02:46 +0000 (18:02 +0200)]
Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined

10 years agoStrictly check if the server certificate matches the TLS server identity
Martin Willi [Tue, 31 Aug 2010 16:07:38 +0000 (18:07 +0200)]
Strictly check if the server certificate matches the TLS server identity

10 years agoUse the AAA Identity for EAP authentication, if given
Martin Willi [Tue, 31 Aug 2010 16:06:02 +0000 (18:06 +0200)]
Use the AAA Identity for EAP authentication, if given

10 years agoAdded support for the ipsec.conf aaa_identity keyword
Martin Willi [Tue, 31 Aug 2010 15:52:52 +0000 (17:52 +0200)]
Added support for the ipsec.conf aaa_identity keyword