strongswan.git
11 years agorta->rta_len is NOT the payload data length, use RTA_PAYLOAD(rta) instead!
Martin Willi [Fri, 14 Nov 2008 10:30:26 +0000 (10:30 -0000)]
rta->rta_len is NOT the payload data length, use RTA_PAYLOAD(rta) instead!

11 years agodo not use public interface for functions which are local anyway
Martin Willi [Fri, 14 Nov 2008 09:38:49 +0000 (09:38 -0000)]
do not use public interface for functions which are local anyway

11 years agoreset IKE_SA on bus during child_sa destruction
Martin Willi [Fri, 14 Nov 2008 08:38:53 +0000 (08:38 -0000)]
reset IKE_SA on bus during child_sa destruction

11 years agoadapted evaltest.dat to changed debug output
Andreas Steffen [Thu, 13 Nov 2008 21:38:16 +0000 (21:38 -0000)]
adapted evaltest.dat to changed debug output

11 years agoupdated API doc for socket.h
Martin Willi [Thu, 13 Nov 2008 07:48:27 +0000 (07:48 -0000)]
updated API doc for socket.h

11 years agoported socket enumerator to raw-socket.c
Martin Willi [Thu, 13 Nov 2008 07:15:45 +0000 (07:15 -0000)]
ported socket enumerator to raw-socket.c
some cleanups in socket.c

11 years agoadded type=transport_proxy and installpolicy=yes|no to man page
Andreas Steffen [Thu, 13 Nov 2008 06:29:53 +0000 (06:29 -0000)]
added type=transport_proxy and installpolicy=yes|no to man page

11 years agoadded MIPv6 functionality to NEWS
Andreas Steffen [Thu, 13 Nov 2008 05:46:51 +0000 (05:46 -0000)]
added MIPv6 functionality to NEWS

11 years agocorrected unwanted deletion in comment
Andreas Steffen [Wed, 12 Nov 2008 22:57:46 +0000 (22:57 -0000)]
corrected unwanted deletion in comment

11 years agoBEET mode might want forwarding policies
Martin Willi [Wed, 12 Nov 2008 16:47:19 +0000 (16:47 -0000)]
BEET mode might want forwarding policies

11 years agoremoved some obsolete includes
Martin Willi [Wed, 12 Nov 2008 16:10:34 +0000 (16:10 -0000)]
removed some obsolete includes

11 years agomoved ike_initiator flag to IKE_SAs condition bitfield
Martin Willi [Wed, 12 Nov 2008 16:07:17 +0000 (16:07 -0000)]
moved ike_initiator flag to IKE_SAs condition bitfield

11 years agoported some hard-to-merge cherries back to trunk :-/
Martin Willi [Wed, 12 Nov 2008 15:09:24 +0000 (15:09 -0000)]
ported some hard-to-merge cherries back to trunk :-/
shame, svn, shame: this was ways to complicated
we should consider a switch to git...

11 years agofixing keylength bug at the right place:
Martin Willi [Wed, 12 Nov 2008 08:27:48 +0000 (08:27 -0000)]
fixing keylength bug at the right place:
we usually don't touch output parameters if operations fails

11 years agoimproved fix
Andreas Steffen [Wed, 12 Nov 2008 04:08:30 +0000 (04:08 -0000)]
improved fix

11 years agofixed AES-CCM/GCM authenticated encryption by eliminating generation of superfluous...
Andreas Steffen [Wed, 12 Nov 2008 04:02:10 +0000 (04:02 -0000)]
fixed AES-CCM/GCM authenticated encryption by eliminating generation of superfluous generation of integrity keying material

11 years agofixed compiler warnings issued by:
Martin Willi [Tue, 11 Nov 2008 18:37:19 +0000 (18:37 -0000)]
fixed compiler warnings issued by:
gcc 4.3
curl.h gcc type-checking
glibc with enabled FORTIFY_SOURCE checking

11 years ago#defing out compress algs to avoid compiler warning
Martin Willi [Tue, 11 Nov 2008 18:35:10 +0000 (18:35 -0000)]
#defing out compress algs to avoid compiler warning

11 years agoupdated method signature of add_policy
Martin Willi [Tue, 11 Nov 2008 18:33:48 +0000 (18:33 -0000)]
updated method signature of add_policy

11 years agofixed compilation of medcli plugin
Martin Willi [Tue, 11 Nov 2008 15:20:25 +0000 (15:20 -0000)]
fixed compilation of medcli plugin

11 years agoadded missing include for ULONG_MAX
Martin Willi [Tue, 11 Nov 2008 15:19:13 +0000 (15:19 -0000)]
added missing include for ULONG_MAX

11 years agoannouncing the kernel plugins
Tobias Brunner [Tue, 11 Nov 2008 13:35:51 +0000 (13:35 -0000)]
announcing the kernel plugins

11 years agofixing mediation extension
Tobias Brunner [Tue, 11 Nov 2008 13:12:05 +0000 (13:12 -0000)]
fixing mediation extension

11 years agosome typos
Tobias Brunner [Tue, 11 Nov 2008 13:11:44 +0000 (13:11 -0000)]
some typos

11 years agoadded some NEWS for 4.2.9
Martin Willi [Tue, 11 Nov 2008 12:52:55 +0000 (12:52 -0000)]
added some NEWS for 4.2.9

11 years agodynamic logging configuration through strongswan.conf
Martin Willi [Tue, 11 Nov 2008 10:52:37 +0000 (10:52 -0000)]
dynamic logging configuration through strongswan.conf
fallback to existing ipsec.conf/stroke loglevel configuration

11 years agofixed compiler warning
Martin Willi [Tue, 11 Nov 2008 10:29:31 +0000 (10:29 -0000)]
fixed compiler warning

11 years agofixing a memory leak
Tobias Brunner [Tue, 11 Nov 2008 09:56:47 +0000 (09:56 -0000)]
fixing a memory leak

11 years agomerging kernel_klips plugin back into trunk
Tobias Brunner [Tue, 11 Nov 2008 09:22:00 +0000 (09:22 -0000)]
merging kernel_klips plugin back into trunk

11 years agorenamed proxy to proxy_mode in stroke_msg.h
Andreas Steffen [Tue, 11 Nov 2008 07:28:52 +0000 (07:28 -0000)]
renamed proxy to proxy_mode in stroke_msg.h

11 years agodeleted obsolete parameter descriptions
Andreas Steffen [Tue, 11 Nov 2008 07:11:30 +0000 (07:11 -0000)]
deleted obsolete parameter descriptions

11 years agopreliminary support of Mobile IPv6
Andreas Steffen [Tue, 11 Nov 2008 06:37:37 +0000 (06:37 -0000)]
preliminary support of Mobile IPv6

11 years agoadded the MIPv6 options use_proxy_mode and install_policy
Andreas Steffen [Tue, 11 Nov 2008 06:29:25 +0000 (06:29 -0000)]
added the MIPv6 options use_proxy_mode and install_policy

11 years agocosmetics in debug output
Andreas Steffen [Tue, 11 Nov 2008 06:19:37 +0000 (06:19 -0000)]
cosmetics in debug output

11 years agowhitelisting localtime_r
Martin Willi [Mon, 10 Nov 2008 16:44:27 +0000 (16:44 -0000)]
whitelisting localtime_r

11 years agomake load_tester more strict to use it along stroke
Martin Willi [Mon, 10 Nov 2008 16:43:15 +0000 (16:43 -0000)]
make load_tester more strict to use it along stroke

11 years agofixed leak in host_create_from_string("%any")
Martin Willi [Mon, 10 Nov 2008 16:42:05 +0000 (16:42 -0000)]
fixed leak in host_create_from_string("%any")

11 years agofixed some minor issues found when using -DFORTIFY_SOURCE=2
Martin Willi [Mon, 10 Nov 2008 15:45:19 +0000 (15:45 -0000)]
fixed some minor issues found when using -DFORTIFY_SOURCE=2

11 years agoiterations = 0 for infinite iterations
Martin Willi [Mon, 10 Nov 2008 10:10:51 +0000 (10:10 -0000)]
iterations = 0 for infinite iterations

11 years agoadded PEM version of keys
Martin Willi [Mon, 10 Nov 2008 10:09:44 +0000 (10:09 -0000)]
added PEM version of keys

11 years agosettings section enumeration
Martin Willi [Fri, 7 Nov 2008 15:08:53 +0000 (15:08 -0000)]
settings section enumeration
printf style key lookup

11 years agofixed copy/paste error
Martin Willi [Fri, 7 Nov 2008 14:48:54 +0000 (14:48 -0000)]
fixed copy/paste error

11 years agouse of host_create_any() for %any address
Andreas Steffen [Fri, 7 Nov 2008 05:15:19 +0000 (05:15 -0000)]
use of host_create_any() for %any address

11 years agoSADB_X_EXT_KMADDRESS is not present in old kernels
Andreas Steffen [Fri, 7 Nov 2008 03:38:56 +0000 (03:38 -0000)]
SADB_X_EXT_KMADDRESS is not present in old kernels

11 years agoadded retrieval of remote kmaddress via PF_KEY
Andreas Steffen [Fri, 7 Nov 2008 03:23:59 +0000 (03:23 -0000)]
added retrieval of remote kmaddress via PF_KEY

11 years agoadded delete_after_established option
Martin Willi [Thu, 6 Nov 2008 14:07:46 +0000 (14:07 -0000)]
added delete_after_established option

11 years agofixed leak
Martin Willi [Thu, 6 Nov 2008 14:05:58 +0000 (14:05 -0000)]
fixed leak
fixed build if !HAVE_BACKTRACE

11 years agouse read-write locks in crypto factory for parallelization
Martin Willi [Wed, 5 Nov 2008 16:21:57 +0000 (16:21 -0000)]
use read-write locks in crypto factory for parallelization

11 years agowrapped all pthread_rwlock_t in profilable rwlock_t
Martin Willi [Wed, 5 Nov 2008 16:12:54 +0000 (16:12 -0000)]
wrapped all pthread_rwlock_t in profilable rwlock_t

11 years agowrapped rwlock with profiling support
Martin Willi [Wed, 5 Nov 2008 15:51:57 +0000 (15:51 -0000)]
wrapped rwlock with profiling support

11 years agothreshhold and ./configure option for lock profiler
Martin Willi [Wed, 5 Nov 2008 14:36:57 +0000 (14:36 -0000)]
threshhold and ./configure option for lock profiler

11 years agoadded missing includes
Martin Willi [Wed, 5 Nov 2008 14:22:58 +0000 (14:22 -0000)]
added missing includes

11 years agoseparated backtrace functionality from leak_detective, used in
Martin Willi [Wed, 5 Nov 2008 13:58:19 +0000 (13:58 -0000)]
separated backtrace functionality from leak_detective, used in
leak_detective
mutex profiling
signal handler

11 years agoproper cleanup of openssl locking code
Martin Willi [Wed, 5 Nov 2008 12:37:37 +0000 (12:37 -0000)]
proper cleanup of openssl locking code

11 years agofixed sender destruction order
Martin Willi [Wed, 5 Nov 2008 12:24:36 +0000 (12:24 -0000)]
fixed sender destruction order

11 years agofixed iterator regression introduced in [4577]
Martin Willi [Wed, 5 Nov 2008 11:55:17 +0000 (11:55 -0000)]
fixed iterator regression introduced in [4577]

11 years agoreplaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant
Martin Willi [Wed, 5 Nov 2008 11:29:56 +0000 (11:29 -0000)]
replaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant

11 years agoget rid of unused iterator hook functions
Martin Willi [Wed, 5 Nov 2008 08:37:09 +0000 (08:37 -0000)]
get rid of unused iterator hook functions

11 years agogot rid of deprecated create_iterator_locked()
Martin Willi [Wed, 5 Nov 2008 08:32:38 +0000 (08:32 -0000)]
got rid of deprecated create_iterator_locked()

11 years agosimple mutex profiler
Martin Willi [Wed, 5 Nov 2008 07:57:26 +0000 (07:57 -0000)]
simple mutex profiler

11 years agodo not install route if interface lookup failed
Martin Willi [Wed, 5 Nov 2008 07:38:55 +0000 (07:38 -0000)]
do not install route if interface lookup failed

11 years ago%any is IP family neutral
Andreas Steffen [Wed, 5 Nov 2008 05:32:43 +0000 (05:32 -0000)]
%any is IP family neutral

11 years agocorrected typo2
Andreas Steffen [Wed, 5 Nov 2008 05:27:42 +0000 (05:27 -0000)]
corrected typo2

11 years agosupport of %any address string
Andreas Steffen [Wed, 5 Nov 2008 04:53:45 +0000 (04:53 -0000)]
support of %any address string

11 years agohandle 0.0.0.0 string and af == AF_INET6
Andreas Steffen [Wed, 5 Nov 2008 00:41:46 +0000 (00:41 -0000)]
handle 0.0.0.0 string and af == AF_INET6

11 years agotwo new load_testing options:
Martin Willi [Tue, 4 Nov 2008 14:55:22 +0000 (14:55 -0000)]
two new load_testing options:
request_virtual_ip: request a INTERNAL_IPV4_ADDR as client
pool: provide addresses from a named virtual IP pool

11 years agoOpenSSL requires a signature length of exactly RSA_size()
Martin Willi [Tue, 4 Nov 2008 14:05:42 +0000 (14:05 -0000)]
OpenSSL requires a signature length of exactly RSA_size()

11 years agoremoved superfluous get_other_public_value in diffie_hellman_t interface
Martin Willi [Tue, 4 Nov 2008 13:12:11 +0000 (13:12 -0000)]
removed superfluous get_other_public_value in diffie_hellman_t interface

11 years agofixed bignum export if BN_num_bytes() != DH_size()
Martin Willi [Tue, 4 Nov 2008 13:05:00 +0000 (13:05 -0000)]
fixed bignum export if BN_num_bytes() != DH_size()

11 years agofixed memleak
Martin Willi [Tue, 4 Nov 2008 13:01:36 +0000 (13:01 -0000)]
fixed memleak

11 years agoadded a delay option to delay initiations
Martin Willi [Tue, 4 Nov 2008 12:59:53 +0000 (12:59 -0000)]
added a delay option to delay initiations

11 years agocorrected a copy-and-paste error
Andreas Steffen [Mon, 3 Nov 2008 23:46:42 +0000 (23:46 -0000)]
corrected a copy-and-paste error

11 years agoupdated copyright of kernel interface code
Andreas Steffen [Mon, 3 Nov 2008 23:34:23 +0000 (23:34 -0000)]
updated copyright of kernel interface code

11 years agoadded support for xfrm remote kmaddress
Andreas Steffen [Mon, 3 Nov 2008 23:29:34 +0000 (23:29 -0000)]
added support for xfrm remote kmaddress

11 years agoadded locking mechanism for multithreaded use of OpenSSL
Martin Willi [Mon, 3 Nov 2008 16:14:12 +0000 (16:14 -0000)]
added locking mechanism for multithreaded use of OpenSSL

11 years agoadded fake_kernel option to make dummy kernel implementation optional
Martin Willi [Mon, 3 Nov 2008 15:11:01 +0000 (15:11 -0000)]
added fake_kernel option to make dummy kernel implementation optional

11 years agoremoved accidently checked in debug code
Martin Willi [Mon, 3 Nov 2008 12:40:42 +0000 (12:40 -0000)]
removed accidently checked in debug code

11 years agoload testing between different hosts
Martin Willi [Mon, 3 Nov 2008 10:02:39 +0000 (10:02 -0000)]
load testing between different hosts

11 years agolog loaded plugins at startup
Martin Willi [Mon, 3 Nov 2008 09:44:54 +0000 (09:44 -0000)]
log loaded plugins at startup

11 years agoreverted 4541, does not fix the problem
Martin Willi [Mon, 3 Nov 2008 09:44:20 +0000 (09:44 -0000)]
reverted 4541, does not fix the problem

11 years agomigrate job creates a new IKE_SA
Andreas Steffen [Mon, 3 Nov 2008 07:08:59 +0000 (07:08 -0000)]
migrate job creates a new IKE_SA

11 years agoreplace tab by spaces
Andreas Steffen [Mon, 3 Nov 2008 06:56:22 +0000 (06:56 -0000)]
replace tab by spaces

11 years agoremoved unused variables
Andreas Steffen [Mon, 3 Nov 2008 03:56:03 +0000 (03:56 -0000)]
removed unused variables

11 years agomigrate_job() finds a matching child_cfg
Andreas Steffen [Mon, 3 Nov 2008 02:05:41 +0000 (02:05 -0000)]
migrate_job() finds a matching child_cfg

11 years agocorrected parameter description
Andreas Steffen [Mon, 3 Nov 2008 00:24:38 +0000 (00:24 -0000)]
corrected parameter description

11 years agocorrected captions
Andreas Steffen [Sun, 2 Nov 2008 22:13:17 +0000 (22:13 -0000)]
corrected captions

11 years agofully implemented the parsing of XFRM and PF_KEY MIGRATE messages
Andreas Steffen [Sun, 2 Nov 2008 21:34:52 +0000 (21:34 -0000)]
fully implemented the parsing of XFRM and PF_KEY MIGRATE messages

11 years agoremoved 0-byte truncation, fixes random Openssl RSA signature verification failures
Martin Willi [Fri, 31 Oct 2008 17:07:04 +0000 (17:07 -0000)]
removed 0-byte truncation, fixes random Openssl RSA signature verification failures

11 years agofixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)
Martin Willi [Fri, 31 Oct 2008 17:05:40 +0000 (17:05 -0000)]
fixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)

11 years agoidentify attributes of XFRM ACQUIRE and MIGRATE messages
Andreas Steffen [Fri, 31 Oct 2008 06:18:48 +0000 (06:18 -0000)]
identify attributes of XFRM ACQUIRE and MIGRATE messages

11 years agosubscribing XFRM socket for MIGRATE messages
Andreas Steffen [Fri, 31 Oct 2008 02:50:01 +0000 (02:50 -0000)]
subscribing XFRM socket for MIGRATE messages

11 years agoadapted evaltest.dat to extended acquire job message
Andreas Steffen [Fri, 31 Oct 2008 01:46:37 +0000 (01:46 -0000)]
adapted evaltest.dat to extended acquire job message

11 years agoparse xfrm and pf_key acquire messages and subscribe to migrate messages
Andreas Steffen [Fri, 31 Oct 2008 01:43:23 +0000 (01:43 -0000)]
parse xfrm and pf_key acquire messages and subscribe to migrate messages

11 years agoreverted changeset 4529:
Martin Willi [Thu, 30 Oct 2008 13:21:21 +0000 (13:21 -0000)]
reverted changeset 4529:
Camellia is 22 in IKEv1, but not-yet defined in IKEv2
in IKEv2, 22 is reserved for AES-XTS

11 years agoadded hooks for IKE and CHILD keymat
Martin Willi [Thu, 30 Oct 2008 12:58:54 +0000 (12:58 -0000)]
added hooks for IKE and CHILD keymat

11 years agostore plain skd, not the prf
Martin Willi [Thu, 30 Oct 2008 09:18:52 +0000 (09:18 -0000)]
store plain skd, not the prf

11 years agoadded Camellia CBC to list of encryption algorithms
Andreas Steffen [Thu, 30 Oct 2008 03:31:36 +0000 (03:31 -0000)]
added Camellia CBC to list of encryption algorithms

11 years agocorrected parameter description
Andreas Steffen [Thu, 30 Oct 2008 00:35:37 +0000 (00:35 -0000)]
corrected parameter description

11 years agomoved CHILD_SA key derivation to keymat_t
Martin Willi [Wed, 29 Oct 2008 16:06:16 +0000 (16:06 -0000)]
moved CHILD_SA key derivation to keymat_t
passing key chunks to CHILD_SA, not the PRF

11 years agoprf handles zero-length allocations graceful
Martin Willi [Wed, 29 Oct 2008 14:12:54 +0000 (14:12 -0000)]
prf handles zero-length allocations graceful