strongswan.git
12 years agochanges in 4.2.11
Andreas Steffen [Tue, 20 Jan 2009 22:37:58 +0000 (22:37 -0000)]
changes in 4.2.11

12 years agoadded notify message types used by RFC 4739
Andreas Steffen [Mon, 19 Jan 2009 12:32:42 +0000 (12:32 -0000)]
added notify message types used by RFC 4739

12 years agoproper initialization and disposal of keying material
Andreas Steffen [Thu, 15 Jan 2009 01:52:44 +0000 (01:52 -0000)]
proper initialization and disposal of keying material

12 years agoadded pfkey/esp-alg-null scenario
Andreas Steffen [Thu, 15 Jan 2009 00:47:21 +0000 (00:47 -0000)]
added pfkey/esp-alg-null scenario

12 years agoadded ikev2/esp-alg-null scenario
Andreas Steffen [Thu, 15 Jan 2009 00:39:06 +0000 (00:39 -0000)]
added ikev2/esp-alg-null scenario

12 years agofixed ESP NULL encryption
Andreas Steffen [Thu, 15 Jan 2009 00:34:42 +0000 (00:34 -0000)]
fixed ESP NULL encryption

12 years agofixed broken listing of connections in ipsec statusall
Andreas Steffen [Wed, 14 Jan 2009 08:10:16 +0000 (08:10 -0000)]
fixed broken listing of connections in ipsec statusall

12 years agoadded eap=gtc option to ipsec.conf man page
Andreas Steffen [Wed, 14 Jan 2009 03:29:59 +0000 (03:29 -0000)]
added eap=gtc option to ipsec.conf man page

12 years agodisable DPD and sending of cert requests in load-tester
Andreas Steffen [Wed, 14 Jan 2009 00:13:21 +0000 (00:13 -0000)]
disable DPD and sending of cert requests in load-tester

12 years agofixing cross-compilation
Tobias Brunner [Tue, 13 Jan 2009 10:38:16 +0000 (10:38 -0000)]
fixing cross-compilation

12 years agocosmetics
Andreas Steffen [Tue, 13 Jan 2009 06:50:55 +0000 (06:50 -0000)]
cosmetics

12 years agochanged type definition of level from char* to int
Andreas Steffen [Tue, 13 Jan 2009 06:36:31 +0000 (06:36 -0000)]
changed type definition of level from char* to int

12 years agohiding XFRM message names from netlink
Andreas Steffen [Fri, 9 Jan 2009 09:37:13 +0000 (09:37 -0000)]
hiding XFRM message names from netlink

12 years agorenamed chunk
Andreas Steffen [Fri, 9 Jan 2009 08:51:41 +0000 (08:51 -0000)]
renamed chunk

12 years agorefactored DBG3 output of sent XFRM messages
Andreas Steffen [Fri, 9 Jan 2009 08:46:31 +0000 (08:46 -0000)]
refactored DBG3 output of sent XFRM messages

12 years agoDBG3 output of sent XFRM messages
Andreas Steffen [Fri, 9 Jan 2009 08:27:17 +0000 (08:27 -0000)]
DBG3 output of sent XFRM messages

12 years agoadded message for undefined ocsp status #4
Andreas Steffen [Fri, 9 Jan 2009 01:36:13 +0000 (01:36 -0000)]
added message for undefined ocsp status #4

12 years agoadd a compatible memrchr() function if the platform does not support it (e.g. old...
Andreas Steffen [Fri, 9 Jan 2009 01:19:45 +0000 (01:19 -0000)]
add a compatible memrchr() function if the platform does not support it (e.g. old glibc). Patch courtesy to Thomas Jarosch

12 years agothe Linux 2.6.28 uml guest kernel does not need any patches
Andreas Steffen [Fri, 9 Jan 2009 00:28:47 +0000 (00:28 -0000)]
the Linux 2.6.28 uml guest kernel does not need any patches

12 years agotest of ipsec leases command in ikev2/ip-pool and ikev2/ip-two-pools scenarios
Andreas Steffen [Fri, 9 Jan 2009 00:24:54 +0000 (00:24 -0000)]
test of ipsec leases command in ikev2/ip-pool and ikev2/ip-two-pools scenarios

12 years agoversion bump to 2.4.11
Andreas Steffen [Thu, 8 Jan 2009 22:23:42 +0000 (22:23 -0000)]
version bump to 2.4.11

12 years agoadapted ikev2/ip-pool-wish scenario to the new stroke ip pool function
Andreas Steffen [Thu, 8 Jan 2009 21:41:07 +0000 (21:41 -0000)]
adapted ikev2/ip-pool-wish scenario to the new stroke ip pool function

12 years agofixed two bugs introduced by the stroke ip pool refactoring 4.2.10
Andreas Steffen [Thu, 8 Jan 2009 21:34:44 +0000 (21:34 -0000)]
fixed two bugs introduced by the stroke ip pool refactoring

12 years agoincrease nonce size to 32 bytes, required when using SHA384/512 PRFs
Martin Willi [Wed, 31 Dec 2008 08:58:49 +0000 (08:58 -0000)]
increase nonce size to 32 bytes, required when using SHA384/512 PRFs

12 years agomissing LOGFILE in debug statement
Andreas Steffen [Tue, 23 Dec 2008 06:35:16 +0000 (06:35 -0000)]
missing LOGFILE in debug statement

12 years agoadded some NEWS for 4.2.10
Martin Willi [Mon, 22 Dec 2008 12:48:50 +0000 (12:48 -0000)]
added some NEWS for 4.2.10

12 years agofixed a potential memory leak when reusing mobike task
Martin Willi [Fri, 19 Dec 2008 14:34:40 +0000 (14:34 -0000)]
fixed a potential memory leak when reusing mobike task

12 years agoRNG tests based on FIPS 140-1
Martin Willi [Thu, 18 Dec 2008 16:24:22 +0000 (16:24 -0000)]
RNG tests based on FIPS 140-1

12 years agosupport for Padlock RNG
Martin Willi [Thu, 18 Dec 2008 16:21:05 +0000 (16:21 -0000)]
support for Padlock RNG

12 years agoproper feature probing for padlock
Martin Willi [Wed, 17 Dec 2008 15:40:01 +0000 (15:40 -0000)]
proper feature probing for padlock

12 years agocorrect use of calloc in hashtable_t
Tobias Brunner [Wed, 17 Dec 2008 09:56:05 +0000 (09:56 -0000)]
correct use of calloc in hashtable_t

12 years agoupdated documentation
Martin Willi [Wed, 17 Dec 2008 09:00:22 +0000 (09:00 -0000)]
updated documentation
some minor cleanups
calloc does not need an additional memset(0)

12 years agoimproved IKE_SA uniqueness check
Tobias Brunner [Tue, 16 Dec 2008 17:21:28 +0000 (17:21 -0000)]
improved IKE_SA uniqueness check

12 years agopurge certificates after IKE_AUTH response has been built
Martin Willi [Tue, 16 Dec 2008 15:48:36 +0000 (15:48 -0000)]
purge certificates after IKE_AUTH response has been built

12 years agoreimplemented certificate cache:
Martin Willi [Mon, 15 Dec 2008 15:41:48 +0000 (15:41 -0000)]
reimplemented certificate cache:
fixes unsafe certificate caching
use fixed array instead of a list
fine grained per-slot locking
use cache hits for housekeeping

12 years agosignal each entry condvar after enumeration, required if wait_for_entry is called
Martin Willi [Mon, 15 Dec 2008 09:19:04 +0000 (09:19 -0000)]
signal each entry condvar after enumeration, required if wait_for_entry is called

12 years agoadded an additional frame to lock profiling backtraces
Martin Willi [Mon, 15 Dec 2008 09:13:43 +0000 (09:13 -0000)]
added an additional frame to lock profiling backtraces

12 years agodo not respawn cancelled threads if we are shutting down
Martin Willi [Fri, 12 Dec 2008 15:57:12 +0000 (15:57 -0000)]
do not respawn cancelled threads if we are shutting down

12 years agofixed possible deadlock in checkin_and_destroy
Martin Willi [Fri, 12 Dec 2008 10:40:45 +0000 (10:40 -0000)]
fixed possible deadlock in checkin_and_destroy

12 years agoavoid DNS lookup if possible
Martin Willi [Fri, 12 Dec 2008 10:38:53 +0000 (10:38 -0000)]
avoid DNS lookup if possible

12 years agoexecute events if difference is 0, prevents a busywait
Martin Willi [Fri, 12 Dec 2008 09:16:31 +0000 (09:16 -0000)]
execute events if difference is 0, prevents a busywait

12 years agoload tester got a "shutdown_when_complete" option, allows performance test using...
Martin Willi [Fri, 12 Dec 2008 09:14:37 +0000 (09:14 -0000)]
load tester got a "shutdown_when_complete" option, allows performance test using "time"

12 years agodaemon exports main_thread_id, sends SIGTERM to the main thread in daemon_kill
Martin Willi [Fri, 12 Dec 2008 09:13:06 +0000 (09:13 -0000)]
daemon exports main_thread_id, sends SIGTERM to the main thread in daemon_kill

12 years agoleak detective binds execution to a signle core, avoids corruption on SMP machines
Martin Willi [Fri, 12 Dec 2008 09:10:52 +0000 (09:10 -0000)]
leak detective binds execution to a signle core, avoids corruption on SMP machines

12 years agowait until all IKE_SAs are in-house before destroying them
Martin Willi [Fri, 12 Dec 2008 08:33:48 +0000 (08:33 -0000)]
wait until all IKE_SAs are in-house before destroying them

12 years agoaddress extensions refactored
Tobias Brunner [Thu, 11 Dec 2008 13:39:30 +0000 (13:39 -0000)]
address extensions refactored

12 years agofixed usage of "leases" command
Martin Willi [Thu, 11 Dec 2008 12:49:41 +0000 (12:49 -0000)]
fixed usage of "leases" command

12 years agonat_traversal in manpage corrected
Tobias Brunner [Wed, 10 Dec 2008 17:45:44 +0000 (17:45 -0000)]
nat_traversal in manpage corrected

12 years agofixing checkout of IKE SAs with only the initiator SPI
Tobias Brunner [Wed, 10 Dec 2008 15:58:39 +0000 (15:58 -0000)]
fixing checkout of IKE SAs with only the initiator SPI

12 years agoincreasing the performance of checkout_duplicate by using a hash table.
Tobias Brunner [Wed, 10 Dec 2008 13:51:21 +0000 (13:51 -0000)]
increasing the performance of checkout_duplicate by using a hash table.

12 years agoinitial size of 1 is nonsense
Tobias Brunner [Wed, 10 Dec 2008 13:45:05 +0000 (13:45 -0000)]
initial size of 1 is nonsense

12 years agoincremental version of chunk_hash
Tobias Brunner [Wed, 10 Dec 2008 13:43:51 +0000 (13:43 -0000)]
incremental version of chunk_hash

12 years agolist assigned leases using "ipsec leases"
Martin Willi [Wed, 10 Dec 2008 13:00:02 +0000 (13:00 -0000)]
list assigned leases using "ipsec leases"

12 years agoadded IKE_SA established timer to "ipsec statusall"
Martin Willi [Wed, 10 Dec 2008 09:59:35 +0000 (09:59 -0000)]
added IKE_SA established timer to "ipsec statusall"

12 years agousing rwlock to parallel build credentials
Martin Willi [Tue, 9 Dec 2008 15:57:51 +0000 (15:57 -0000)]
using rwlock to parallel build credentials

12 years agouse thread-safe variant of gmtime
Martin Willi [Tue, 9 Dec 2008 15:00:30 +0000 (15:00 -0000)]
use thread-safe variant of gmtime

12 years agofixed load-tester shared key lookup
Martin Willi [Tue, 9 Dec 2008 14:45:56 +0000 (14:45 -0000)]
fixed load-tester shared key lookup

12 years agopurge auth_info when IKE_SA is established, releases cert memory
Martin Willi [Tue, 9 Dec 2008 14:34:15 +0000 (14:34 -0000)]
purge auth_info when IKE_SA is established, releases cert memory

12 years agolimit number of ADDITIONAL_IPV*_ADDR notifies
Martin Willi [Tue, 9 Dec 2008 14:32:57 +0000 (14:32 -0000)]
limit number of ADDITIONAL_IPV*_ADDR notifies

12 years agolist pools and usage in ipsec statusall
Martin Willi [Tue, 9 Dec 2008 13:24:12 +0000 (13:24 -0000)]
list pools and usage in ipsec statusall

12 years agoextended stroke in-memory pool to use hash-tables
Martin Willi [Tue, 9 Dec 2008 13:23:42 +0000 (13:23 -0000)]
extended stroke in-memory pool to use hash-tables
supports online/offline leases
properly reassign addresses to identities

12 years agofixed hashtable->get_count() after doubling table size
Martin Willi [Tue, 9 Dec 2008 11:13:52 +0000 (11:13 -0000)]
fixed hashtable->get_count() after doubling table size

12 years agorequire explicit enabling of load-testing plugin
Martin Willi [Tue, 9 Dec 2008 09:11:37 +0000 (09:11 -0000)]
require explicit enabling of load-testing plugin

12 years agogenerating different initiator identities, configs and certificates on the fly
Martin Willi [Mon, 8 Dec 2008 19:18:28 +0000 (19:18 -0000)]
generating different initiator identities, configs and certificates on the fly

12 years agoremoved debugging leftovers
Martin Willi [Mon, 8 Dec 2008 19:15:38 +0000 (19:15 -0000)]
removed debugging leftovers

12 years agofixed out-of-tree build of scepclient
Martin Willi [Mon, 8 Dec 2008 16:00:33 +0000 (16:00 -0000)]
fixed out-of-tree build of scepclient

12 years agobasic x509 certificate generation
Martin Willi [Mon, 8 Dec 2008 15:29:36 +0000 (15:29 -0000)]
basic x509 certificate generation

12 years agowhitelisted another pthread_setspecific implementation
Martin Willi [Mon, 8 Dec 2008 15:27:24 +0000 (15:27 -0000)]
whitelisted another pthread_setspecific implementation

12 years agoaccept NULL values in hashtable enumerator
Martin Willi [Fri, 5 Dec 2008 12:34:17 +0000 (12:34 -0000)]
accept NULL values in hashtable enumerator

12 years agohashtable enumerator enumerates over both, key and values
Martin Willi [Fri, 5 Dec 2008 10:01:52 +0000 (10:01 -0000)]
hashtable enumerator enumerates over both, key and values

12 years agoadded actual ikev2bis draft
Martin Willi [Fri, 5 Dec 2008 09:41:20 +0000 (09:41 -0000)]
added actual ikev2bis draft

12 years agopass identity to release_address(), allows providers to do a lookup by id
Martin Willi [Fri, 5 Dec 2008 09:40:50 +0000 (09:40 -0000)]
pass identity to release_address(), allows providers to do a lookup by id

12 years agoextended changeset [4753]
Andreas Steffen [Thu, 4 Dec 2008 23:16:10 +0000 (23:16 -0000)]
extended changeset [4753]

12 years agoimplemented the policy cache in kernel_netlink_ipsec_t with a hash table instead...
Tobias Brunner [Thu, 4 Dec 2008 16:46:08 +0000 (16:46 -0000)]
implemented the policy cache in kernel_netlink_ipsec_t with a hash table instead of a linked list.

12 years agofixed off by one error
Tobias Brunner [Thu, 4 Dec 2008 16:33:39 +0000 (16:33 -0000)]
fixed off by one error

12 years agofixed copy-paste bug (double-free)
Martin Willi [Thu, 4 Dec 2008 10:10:37 +0000 (10:10 -0000)]
fixed copy-paste bug (double-free)

12 years agoreset pointer for a clean destruction
Martin Willi [Thu, 4 Dec 2008 10:09:21 +0000 (10:09 -0000)]
reset pointer for a clean destruction

12 years agohandling peer_match with higher priority tan ike_match to select correct config if...
Martin Willi [Thu, 4 Dec 2008 10:00:03 +0000 (10:00 -0000)]
handling peer_match with higher priority tan ike_match to select correct config if IPs are equal

12 years agoleak whitelisting of OPENSSL_config()
Martin Willi [Thu, 4 Dec 2008 09:23:53 +0000 (09:23 -0000)]
leak whitelisting of OPENSSL_config()

12 years agosuppress output from leak-detective in openac
Andreas Steffen [Thu, 4 Dec 2008 04:51:05 +0000 (04:51 -0000)]
suppress output from leak-detective in openac

12 years agoload openac plugins explicitly
Andreas Steffen [Thu, 4 Dec 2008 04:36:39 +0000 (04:36 -0000)]
load openac plugins explicitly

12 years agofixed refactoring error in openac
Andreas Steffen [Thu, 4 Dec 2008 04:34:49 +0000 (04:34 -0000)]
fixed refactoring error in openac

12 years agosuppress leak-detective stderr output in ipsec pool
Andreas Steffen [Thu, 4 Dec 2008 03:31:53 +0000 (03:31 -0000)]
suppress leak-detective stderr output in ipsec pool

12 years agofixed double free of host in sadb_address2ts
Andreas Steffen [Thu, 4 Dec 2008 01:08:19 +0000 (01:08 -0000)]
fixed double free of host in sadb_address2ts

12 years agoenable leak-detective and integrity-test in UML tests by default
Andreas Steffen [Thu, 4 Dec 2008 00:34:59 +0000 (00:34 -0000)]
enable leak-detective and integrity-test in UML tests by default

12 years agoadd support for smartcards in charon by using the ENGINE API provided by OpenSSL...
Tobias Brunner [Wed, 3 Dec 2008 10:12:20 +0000 (10:12 -0000)]
add support for smartcards in charon by using the ENGINE API provided by OpenSSL, based on patches by Michael Ro├čberg.

12 years agoenable quoted tokens in the token enumerator
Tobias Brunner [Wed, 3 Dec 2008 10:03:59 +0000 (10:03 -0000)]
enable quoted tokens in the token enumerator

12 years agofixed compiler warning
Tobias Brunner [Wed, 3 Dec 2008 10:03:02 +0000 (10:03 -0000)]
fixed compiler warning

12 years agoadded memstr and extract_token_str helper functions
Tobias Brunner [Wed, 3 Dec 2008 09:45:58 +0000 (09:45 -0000)]
added memstr and extract_token_str helper functions

12 years agoadding general purpose hash table
Tobias Brunner [Wed, 3 Dec 2008 09:32:16 +0000 (09:32 -0000)]
adding general purpose hash table

12 years agofixed double free of host in selector2ts
Martin Willi [Wed, 3 Dec 2008 09:15:29 +0000 (09:15 -0000)]
fixed double free of host in selector2ts

12 years agoref_get()/ref_put() use atomic gcc operations if supported, thanks to Thomas Jarosch...
Martin Willi [Tue, 2 Dec 2008 12:14:32 +0000 (12:14 -0000)]
ref_get()/ref_put() use atomic gcc operations if supported, thanks to Thomas Jarosch for the patch

12 years agoadded a --disable-threads ./configure option for pluto
Martin Willi [Tue, 2 Dec 2008 09:01:57 +0000 (09:01 -0000)]
added a --disable-threads ./configure option for pluto

12 years agouse DBG_ANY to set all loglevels
Martin Willi [Tue, 2 Dec 2008 08:52:46 +0000 (08:52 -0000)]
use DBG_ANY to set all loglevels

12 years agoadded time.h include for struct tm
Martin Willi [Tue, 2 Dec 2008 08:46:15 +0000 (08:46 -0000)]
added time.h include for struct tm

12 years agosome task queueing improvements:
Martin Willi [Mon, 1 Dec 2008 18:38:28 +0000 (18:38 -0000)]
some task queueing improvements:
- do not pass CHILD_SAs to task constructor, might not
  be valid anymore during execution (late lookup)
- use sub-tasks to delete CHILD/IKE_SA after rekeying,
  as we want to execute the delete before additional
  queued tasks

12 years agore-established lost default auth sys_logger
Andreas Steffen [Mon, 1 Dec 2008 01:24:55 +0000 (01:24 -0000)]
re-established lost default auth sys_logger

12 years agoschedule rekeying when activating passive IKE_SAs
Martin Willi [Fri, 28 Nov 2008 16:19:19 +0000 (16:19 -0000)]
schedule rekeying when activating passive IKE_SAs

12 years agodo not delete passive IKE_SAs
Martin Willi [Fri, 28 Nov 2008 15:44:25 +0000 (15:44 -0000)]
do not delete passive IKE_SAs

12 years agoadded a PASSIVE IKE_SA state to manage it externally
Martin Willi [Fri, 28 Nov 2008 10:49:14 +0000 (10:49 -0000)]
added a PASSIVE IKE_SA state to manage it externally