strongswan.git
14 years agohandle certificate parsing error more generous
Martin Willi [Thu, 14 Sep 2006 13:14:58 +0000 (13:14 -0000)]
handle certificate parsing error more generous

14 years agofixed certificate verification bug!
Martin Willi [Thu, 14 Sep 2006 12:22:08 +0000 (12:22 -0000)]
fixed certificate verification bug!

14 years agofixed memleak when receiving invalid certificate
Martin Willi [Thu, 14 Sep 2006 12:15:41 +0000 (12:15 -0000)]
fixed memleak when receiving invalid certificate

14 years agoversion bump to 4.0.4
Andreas Steffen [Thu, 14 Sep 2006 06:47:21 +0000 (06:47 -0000)]
version bump to 4.0.4

14 years agoversion bump to 4.0.4
Andreas Steffen [Thu, 14 Sep 2006 06:45:16 +0000 (06:45 -0000)]
version bump to 4.0.4

14 years agotwo new test scenarios
Andreas Steffen [Thu, 14 Sep 2006 06:39:14 +0000 (06:39 -0000)]
two new test scenarios

14 years agofixed path to images directory
Andreas Steffen [Thu, 14 Sep 2006 06:38:50 +0000 (06:38 -0000)]
fixed path to images directory

14 years agoimplemented updown script to handle firewalling
Martin Willi [Tue, 12 Sep 2006 13:50:14 +0000 (13:50 -0000)]
implemented updown script to handle firewalling

14 years agoadd priority management for kernel policy
Martin Willi [Fri, 8 Sep 2006 13:10:52 +0000 (13:10 -0000)]
add priority management for kernel policy
let ROUTED policies installed, until manuall removed
introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
ike_sa_manager cleanups

14 years agoimplemented handling of dpdaction and dpddelay ipsec.conf parameters
Martin Willi [Fri, 8 Sep 2006 06:12:02 +0000 (06:12 -0000)]
implemented handling of dpdaction and dpddelay ipsec.conf parameters

14 years agoreuse reqid when a ROUTED child_sa gets INSTALLED
Martin Willi [Tue, 5 Sep 2006 14:07:25 +0000 (14:07 -0000)]
reuse reqid when a ROUTED child_sa gets INSTALLED
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes

14 years agofixed a at-least-one-year-old bug which caused crashed in the scheduler
Martin Willi [Thu, 31 Aug 2006 06:48:10 +0000 (06:48 -0000)]
fixed a at-least-one-year-old bug which caused crashed in the scheduler

14 years agoadded raw socket filter for IPv6
Martin Willi [Thu, 31 Aug 2006 06:18:15 +0000 (06:18 -0000)]
added raw socket filter for IPv6

14 years agoimplemented NAT detection for IPv6
Martin Willi [Thu, 31 Aug 2006 06:17:41 +0000 (06:17 -0000)]
implemented NAT detection for IPv6

14 years agoremoved unneeded constructor
Martin Willi [Thu, 31 Aug 2006 06:16:52 +0000 (06:16 -0000)]
removed unneeded constructor

14 years agoinitial support for IPv6 (more testing needed)
Martin Willi [Wed, 30 Aug 2006 17:12:56 +0000 (17:12 -0000)]
initial support for IPv6 (more testing needed)
  socket works (without v6 filter)
  traffic selector handle IPv4/v4 cleanly
    improvements in traffic selector code
  kernel interface accepts v6 traffic selectors and hosts
  host_t class has full IPv6 support

14 years agoadded stddef.h include for compilers which do not support the offsetof() directive
Martin Willi [Mon, 28 Aug 2006 09:02:51 +0000 (09:02 -0000)]
added stddef.h include for compilers which do not support the offsetof() directive

14 years agomoved interface enumeration code to socket, where it belongs
Martin Willi [Mon, 28 Aug 2006 08:45:22 +0000 (08:45 -0000)]
moved interface enumeration code to socket, where it belongs
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"

14 years agoversion bump of UML kernel to 2.6.17.11
Andreas Steffen [Fri, 25 Aug 2006 09:25:12 +0000 (09:25 -0000)]
version bump of UML kernel to 2.6.17.11

14 years agofixed crash bug when doing "ipsec down" with an unknown connection
Martin Willi [Fri, 25 Aug 2006 09:19:42 +0000 (09:19 -0000)]
fixed crash bug when doing "ipsec down" with an unknown connection

14 years agoadded name property in CHILD_SA, allows proper status output
Martin Willi [Fri, 25 Aug 2006 09:07:37 +0000 (09:07 -0000)]
added name property in CHILD_SA, allows proper status output

14 years ago(no commit message)
Martin Willi [Fri, 25 Aug 2006 07:42:48 +0000 (07:42 -0000)]

14 years agofixed bug which prevented port float when nat is detected
Martin Willi [Fri, 25 Aug 2006 07:37:22 +0000 (07:37 -0000)]
fixed bug which prevented port float when nat is detected

14 years agoversion bumps
Andreas Steffen [Fri, 25 Aug 2006 07:30:29 +0000 (07:30 -0000)]
version bumps

14 years ago'sha' and 'sha1' are now treated as synonyms
Andreas Steffen [Wed, 23 Aug 2006 12:07:15 +0000 (12:07 -0000)]
'sha' and 'sha1' are now treated as synonyms

14 years ago'sha' and 'sha1' are now treated as synonyms
Andreas Steffen [Wed, 23 Aug 2006 12:07:07 +0000 (12:07 -0000)]
'sha' and 'sha1' are now treated as synonyms

14 years agoupdated Changelog and other docs
Martin Willi [Wed, 23 Aug 2006 11:48:33 +0000 (11:48 -0000)]
updated Changelog and other docs

14 years agofixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD) 4.0.3
Martin Willi [Wed, 23 Aug 2006 09:25:41 +0000 (09:25 -0000)]
fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD)

14 years agoimplement proper handling of most simultaneous IKE_SA rekeying cases
Martin Willi [Wed, 23 Aug 2006 07:30:43 +0000 (07:30 -0000)]
implement proper handling of most simultaneous IKE_SA rekeying cases

14 years agoversion bump to 4.0.3
Andreas Steffen [Wed, 2 Aug 2006 12:33:26 +0000 (12:33 -0000)]
version bump to 4.0.3

14 years agoimplemented proper refcounting using atomic operations
Martin Willi [Fri, 28 Jul 2006 09:45:18 +0000 (09:45 -0000)]
implemented proper refcounting using atomic operations

14 years agoimplemented IKE_SA rekeying
Martin Willi [Thu, 27 Jul 2006 12:18:40 +0000 (12:18 -0000)]
implemented IKE_SA rekeying
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!

14 years agoadded possibility to route CHILD_SAs, without to set them up
Martin Willi [Fri, 21 Jul 2006 13:31:53 +0000 (13:31 -0000)]
added possibility to route CHILD_SAs, without to set them up
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires

14 years agoreuse an existing IKE_SA to set up additional CHILD_SAs
Martin Willi [Thu, 20 Jul 2006 14:57:49 +0000 (14:57 -0000)]
reuse an existing IKE_SA to set up additional CHILD_SAs

14 years agointroduced refcounting on policy and connections
Martin Willi [Thu, 20 Jul 2006 10:09:32 +0000 (10:09 -0000)]
introduced refcounting on policy and connections
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors

14 years agocleanups in kernel interface code
Martin Willi [Tue, 18 Jul 2006 12:53:54 +0000 (12:53 -0000)]
cleanups in kernel interface code
added proper traffic selector to string conversion
some cleanups here & there

14 years agoX.509 certificate trust path verification 4.0.2
Andreas Steffen [Fri, 14 Jul 2006 13:21:19 +0000 (13:21 -0000)]
X.509 certificate trust path verification

14 years agoadded
Andreas Steffen [Fri, 14 Jul 2006 12:58:47 +0000 (12:58 -0000)]
added

14 years agofixed UDP decapsulation by adding inbound bypass policy for send socket
Martin Willi [Fri, 14 Jul 2006 12:53:06 +0000 (12:53 -0000)]
fixed UDP decapsulation by adding inbound bypass policy for send socket

14 years agoupdated mixed tests to new charon output
Martin Willi [Fri, 14 Jul 2006 12:29:26 +0000 (12:29 -0000)]
updated mixed tests to new charon output

14 years agocorrected DPD entry
Andreas Steffen [Fri, 14 Jul 2006 11:51:45 +0000 (11:51 -0000)]
corrected DPD entry

14 years agoreenabled module tests for charon
Martin Willi [Fri, 14 Jul 2006 11:16:49 +0000 (11:16 -0000)]
reenabled module tests for charon

14 years agofixed bug which erroneously detected KE payload when rekeying
Martin Willi [Fri, 14 Jul 2006 08:18:48 +0000 (08:18 -0000)]
fixed bug which erroneously detected KE payload when rekeying

14 years agoadded IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2ho...
Martin Willi [Fri, 14 Jul 2006 08:08:55 +0000 (08:08 -0000)]
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT

14 years agoimproved logging on verify errors for some payloads
Martin Willi [Thu, 13 Jul 2006 12:49:35 +0000 (12:49 -0000)]
improved logging on verify errors for some payloads
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload

14 years agoadded test cases from NAT team
Martin Willi [Thu, 13 Jul 2006 12:45:18 +0000 (12:45 -0000)]
added test cases from NAT team
updated all IKEv2 tests to work with new status output

14 years agoadded tcpdumpcount function from NATT guys
Martin Willi [Thu, 13 Jul 2006 12:43:52 +0000 (12:43 -0000)]
added tcpdumpcount function from NATT guys
added possibility to mount the strongswan tree into all UMLs
added script for installing from shared tree in all UMLs
added script to shut down all UMLs properly

14 years agoremoved in favour of tests from NAT team
Martin Willi [Thu, 13 Jul 2006 12:00:36 +0000 (12:00 -0000)]
removed in favour of tests from NAT team

14 years agofixed CREATE_CHILD_SA transaction dispatching
Martin Willi [Thu, 13 Jul 2006 08:51:24 +0000 (08:51 -0000)]
fixed CREATE_CHILD_SA transaction dispatching

14 years agoadded CHILD_SA states, which allows us to detect further simultaneous transactions
Martin Willi [Thu, 13 Jul 2006 08:26:54 +0000 (08:26 -0000)]
added CHILD_SA states, which allows us to detect further simultaneous transactions
reimplemented the buggy message id handling

14 years agoupdated some inline docs
Martin Willi [Wed, 12 Jul 2006 14:08:52 +0000 (14:08 -0000)]
updated some inline docs

14 years agofixed crypter/signer in/out to conform with standard
Martin Willi [Wed, 12 Jul 2006 14:08:13 +0000 (14:08 -0000)]
fixed crypter/signer in/out to conform with standard

14 years agofixed payload order
Martin Willi [Wed, 12 Jul 2006 14:07:30 +0000 (14:07 -0000)]
fixed payload order

14 years agoadded message id logging
Martin Willi [Wed, 12 Jul 2006 14:06:25 +0000 (14:06 -0000)]
added message id logging

14 years agoadded all currently known notify payload types
Martin Willi [Wed, 12 Jul 2006 14:05:57 +0000 (14:05 -0000)]
added all currently known notify payload types

14 years agoadded policy cache to kernel interface
Martin Willi [Wed, 12 Jul 2006 11:42:36 +0000 (11:42 -0000)]
added policy cache to kernel interface
allows refcounting of multiple installed policies
finally brings us stable simultaneous rekeying

14 years agoleak detective blanks memory on free & alloc, allows further membug detection
Martin Willi [Wed, 12 Jul 2006 11:15:31 +0000 (11:15 -0000)]
leak detective blanks memory on free & alloc, allows further membug detection

14 years agocode cleanups
Martin Willi [Wed, 12 Jul 2006 11:13:48 +0000 (11:13 -0000)]
code cleanups

14 years agoidentification_t.matches() supports multiple wildcard counts
Andreas Steffen [Tue, 11 Jul 2006 06:12:45 +0000 (06:12 -0000)]
identification_t.matches() supports multiple wildcard counts

14 years agoidentification_t.matches() supports multiple wildcard counts
Andreas Steffen [Tue, 11 Jul 2006 06:11:59 +0000 (06:11 -0000)]
identification_t.matches() supports multiple wildcard counts

14 years agofurther work done for simultaneous rekeying/delete
Martin Willi [Mon, 10 Jul 2006 14:24:04 +0000 (14:24 -0000)]
further work done for simultaneous rekeying/delete
still some cases which cause trouble

14 years agofixed compiler warnings in parser when using -O2
Martin Willi [Fri, 7 Jul 2006 12:48:27 +0000 (12:48 -0000)]
fixed compiler warnings in parser when using -O2

14 years agoreenabled check_expiry
Martin Willi [Fri, 7 Jul 2006 12:25:25 +0000 (12:25 -0000)]
reenabled check_expiry

14 years agoupdated copyright information
Martin Willi [Fri, 7 Jul 2006 08:49:06 +0000 (08:49 -0000)]
updated copyright information

14 years agoreimplemented CHILD_SA rekeying & delete
Martin Willi [Fri, 7 Jul 2006 07:04:07 +0000 (07:04 -0000)]
reimplemented CHILD_SA rekeying & delete
no simultanous transaction with CHILD_SAs yet!

14 years agoremoved NAT_TRAVERSAL and VIRTUAL_IP compile options
Andreas Steffen [Fri, 7 Jul 2006 05:51:54 +0000 (05:51 -0000)]
removed NAT_TRAVERSAL and VIRTUAL_IP compile options

14 years agoremoved NAT_TRAVERSAL compile option
Andreas Steffen [Fri, 7 Jul 2006 05:51:20 +0000 (05:51 -0000)]
removed NAT_TRAVERSAL compile option

14 years agoremoved NAT_TRAVERSAL and VIRTUAL_IP compile options
Andreas Steffen [Fri, 7 Jul 2006 05:50:02 +0000 (05:50 -0000)]
removed NAT_TRAVERSAL and VIRTUAL_IP compile options

14 years agoadded
Andreas Steffen [Fri, 7 Jul 2006 05:44:45 +0000 (05:44 -0000)]
added

14 years agoupdated NEWS
Martin Willi [Wed, 5 Jul 2006 14:13:45 +0000 (14:13 -0000)]
updated NEWS

14 years agoadded support for leftprotoport and rightprotoport
Martin Willi [Wed, 5 Jul 2006 13:13:07 +0000 (13:13 -0000)]
added support for leftprotoport and rightprotoport

14 years agoimproved CHILD_SA output for "ipsec statusall"
Martin Willi [Wed, 5 Jul 2006 13:11:55 +0000 (13:11 -0000)]
improved CHILD_SA output for "ipsec statusall"

14 years agoupdated whitelist (getprotobynumber)
Martin Willi [Wed, 5 Jul 2006 13:10:47 +0000 (13:10 -0000)]
updated whitelist (getprotobynumber)

14 years agoredesigned IKE_SA using a transaction mechanism:
Martin Willi [Wed, 5 Jul 2006 10:53:20 +0000 (10:53 -0000)]
redesigned IKE_SA using a transaction mechanism:
  removed old state machine
  reimplemented IKE_SA setup and delete
  implemented dead peer detection
  implemented keep-alives
  a lot of fixes
  no rekeying yet

14 years agofixed compiler warnings
Martin Willi [Wed, 5 Jul 2006 10:09:42 +0000 (10:09 -0000)]
fixed compiler warnings

14 years agomade thread ids unsigned again, to avoid negative thread ids on some systems
Martin Willi [Tue, 4 Jul 2006 13:30:49 +0000 (13:30 -0000)]
made thread ids unsigned again, to avoid negative thread ids on some systems

14 years agofixed memleak when initiating a connection already up
Martin Willi [Tue, 4 Jul 2006 13:29:16 +0000 (13:29 -0000)]
fixed memleak when initiating a connection already up

14 years agoupdated leak detective whitelist
Martin Willi [Tue, 4 Jul 2006 13:26:20 +0000 (13:26 -0000)]
updated leak detective whitelist

14 years agoapplied latest NATT patch with some fixes and cleanups
Martin Willi [Tue, 4 Jul 2006 13:25:00 +0000 (13:25 -0000)]
applied latest NATT patch with some fixes and cleanups

14 years agotest currently without firewall
Andreas Steffen [Tue, 4 Jul 2006 06:54:53 +0000 (06:54 -0000)]
test currently without firewall

14 years agoadded
Andreas Steffen [Tue, 4 Jul 2006 06:51:58 +0000 (06:51 -0000)]
added

14 years agoadded
Andreas Steffen [Tue, 4 Jul 2006 06:13:54 +0000 (06:13 -0000)]
added

14 years agoadded
Andreas Steffen [Tue, 4 Jul 2006 06:13:33 +0000 (06:13 -0000)]
added

14 years agoremoved
Andreas Steffen [Tue, 4 Jul 2006 06:13:07 +0000 (06:13 -0000)]
removed

14 years agoremoved version information from ipsec.conf
Andreas Steffen [Tue, 4 Jul 2006 06:12:10 +0000 (06:12 -0000)]
removed version information from ipsec.conf

14 years agolog entries start with lowcercase character
Andreas Steffen [Tue, 4 Jul 2006 06:11:35 +0000 (06:11 -0000)]
log entries start with lowcercase character

14 years agorestored lost IKEv2 packet suppression
Andreas Steffen [Mon, 3 Jul 2006 14:39:57 +0000 (14:39 -0000)]
restored lost IKEv2 packet suppression

14 years agoadded USE_LEAK_DETECTIVE option
Andreas Steffen [Mon, 3 Jul 2006 08:36:47 +0000 (08:36 -0000)]
added USE_LEAK_DETECTIVE option

14 years agofixed natd_hash memory leak
Andreas Steffen [Mon, 3 Jul 2006 08:34:34 +0000 (08:34 -0000)]
fixed natd_hash memory leak

14 years agotests with subdirectory structure
Andreas Steffen [Mon, 3 Jul 2006 07:11:30 +0000 (07:11 -0000)]
tests with subdirectory structure

14 years agoremoved tests
Andreas Steffen [Mon, 3 Jul 2006 07:10:25 +0000 (07:10 -0000)]
removed tests

14 years agointroduced subdirectory structure
Andreas Steffen [Mon, 3 Jul 2006 07:10:17 +0000 (07:10 -0000)]
introduced subdirectory structure

14 years agosupport of cert payloads
Andreas Steffen [Mon, 3 Jul 2006 06:27:45 +0000 (06:27 -0000)]
support of cert payloads

14 years agolowercase log entries
Andreas Steffen [Mon, 3 Jul 2006 06:26:06 +0000 (06:26 -0000)]
lowercase log entries

14 years agodistributed by ITA
Andreas Steffen [Mon, 3 Jul 2006 06:24:54 +0000 (06:24 -0000)]
distributed by ITA

14 years agoadded support of updown parameter
Andreas Steffen [Mon, 3 Jul 2006 06:22:43 +0000 (06:22 -0000)]
added support of updown parameter

14 years agogeneration of default key
Andreas Steffen [Mon, 3 Jul 2006 06:21:56 +0000 (06:21 -0000)]
generation of default key

14 years agocosmetics
Andreas Steffen [Mon, 3 Jul 2006 06:21:40 +0000 (06:21 -0000)]
cosmetics

14 years agoadded support of updown parameter
Andreas Steffen [Mon, 3 Jul 2006 06:21:14 +0000 (06:21 -0000)]
added support of updown parameter

14 years agoversion bump to 4.0.2
Andreas Steffen [Wed, 28 Jun 2006 11:09:14 +0000 (11:09 -0000)]
version bump to 4.0.2