strongswan.git
11 years agoadded radius init script mit increased debugging
Andreas Steffen [Thu, 2 Sep 2010 11:19:24 +0000 (13:19 +0200)]
added radius init script mit increased debugging

11 years agodisplay configuration and log of FreeRadius servers
Andreas Steffen [Thu, 2 Sep 2010 11:15:49 +0000 (13:15 +0200)]
display configuration and log of FreeRadius servers

11 years agoAdd DHE enabled RSA variants to the supported TLS suites
Martin Willi [Thu, 2 Sep 2010 17:27:37 +0000 (19:27 +0200)]
Add DHE enabled RSA variants to the supported TLS suites

11 years agoAdded TLS server side support for DHE suites
Martin Willi [Thu, 2 Sep 2010 17:27:13 +0000 (19:27 +0200)]
Added TLS server side support for DHE suites

11 years agoAdded TLS client side support for DHE suites
Martin Willi [Thu, 2 Sep 2010 17:26:19 +0000 (19:26 +0200)]
Added TLS client side support for DHE suites

11 years agoStore a MODP group we use for each TLS suite
Martin Willi [Thu, 2 Sep 2010 17:24:56 +0000 (19:24 +0200)]
Store a MODP group we use for each TLS suite

11 years agoAdded support for MODP_CUSTOM to gmp plugin
Martin Willi [Thu, 2 Sep 2010 17:23:37 +0000 (19:23 +0200)]
Added support for MODP_CUSTOM to gmp plugin

11 years agoAdded a MODP_CUSTOM DH group which takes g and p as constructor arguments
Martin Willi [Thu, 2 Sep 2010 17:06:34 +0000 (19:06 +0200)]
Added a MODP_CUSTOM DH group which takes g and p as constructor arguments

11 years agoImplemented "signature algorithm" hello extension
Martin Willi [Thu, 2 Sep 2010 17:19:17 +0000 (19:19 +0200)]
Implemented "signature algorithm" hello extension

11 years agoAdded TLS extension identifiers
Martin Willi [Thu, 2 Sep 2010 17:07:45 +0000 (19:07 +0200)]
Added TLS extension identifiers

11 years agoAdded generic TLS data sign/verify, hash/sig algorithm construction
Martin Willi [Thu, 2 Sep 2010 17:15:16 +0000 (19:15 +0200)]
Added generic TLS data sign/verify, hash/sig algorithm construction

11 years agoContinue with a randomized premaster if decryption failed / version mismatches
Martin Willi [Thu, 2 Sep 2010 12:48:30 +0000 (14:48 +0200)]
Continue with a randomized premaster if decryption failed / version mismatches

11 years agopluto: Removed unused lifetime from raw_eroute.
Tobias Brunner [Thu, 2 Sep 2010 16:59:53 +0000 (18:59 +0200)]
pluto: Removed unused lifetime from raw_eroute.

11 years agopluto: Added support for statically configured reqids.
Tobias Brunner [Thu, 2 Sep 2010 14:05:21 +0000 (16:05 +0200)]
pluto: Added support for statically configured reqids.

11 years agotesting: Added ikev1 xfrm mark scenarios.
Tobias Brunner [Mon, 30 Aug 2010 08:04:16 +0000 (10:04 +0200)]
testing: Added ikev1 xfrm mark scenarios.

11 years agopluto: Make marks available in updown script.
Tobias Brunner [Mon, 30 Aug 2010 08:01:37 +0000 (10:01 +0200)]
pluto: Make marks available in updown script.

11 years agopluto: Fixed comparison of connections, if marks are specified.
Tobias Brunner [Mon, 30 Aug 2010 07:59:25 +0000 (09:59 +0200)]
pluto: Fixed comparison of connections, if marks are specified.

11 years agopluto: Store xfrm marks on connection and use them when installing SAs and policies.
Tobias Brunner [Mon, 30 Aug 2010 07:56:53 +0000 (09:56 +0200)]
pluto: Store xfrm marks on connection and use them when installing SAs and policies.

11 years agostarter: Some whitespace cleanup.
Tobias Brunner [Mon, 30 Aug 2010 06:58:56 +0000 (08:58 +0200)]
starter: Some whitespace cleanup.

11 years agopluto: Added PLUTO_UDP_ENC argument to updown script.
Tobias Brunner [Mon, 30 Aug 2010 06:54:38 +0000 (08:54 +0200)]
pluto: Added PLUTO_UDP_ENC argument to updown script.

This contains the remote UDP port in case of UDP encapsulated ESP.

11 years agopluto: Return value fixed.
Tobias Brunner [Mon, 30 Aug 2010 06:47:13 +0000 (08:47 +0200)]
pluto: Return value fixed.

11 years agopluto: Removed bare shunt table.
Tobias Brunner [Wed, 18 Aug 2010 07:41:04 +0000 (09:41 +0200)]
pluto: Removed bare shunt table.

11 years agoDo not install routes for pluto.
Tobias Brunner [Tue, 17 Aug 2010 07:48:59 +0000 (09:48 +0200)]
Do not install routes for pluto.

There are some incompatibilities with e.g. passthrough policies.
Pluto installs required source routes via updown script.

11 years agopluto: Handle changed NAT mappings via libhydra's kernel interface.
Tobias Brunner [Mon, 16 Aug 2010 17:07:30 +0000 (19:07 +0200)]
pluto: Handle changed NAT mappings via libhydra's kernel interface.

11 years agopluto: Removed no_klips flag (--noklips option).
Tobias Brunner [Mon, 16 Aug 2010 13:53:56 +0000 (15:53 +0200)]
pluto: Removed no_klips flag (--noklips option).

11 years agopluto: Removed references to KLIPS from documentation, log messages and comments.
Tobias Brunner [Mon, 16 Aug 2010 12:32:55 +0000 (14:32 +0200)]
pluto: Removed references to KLIPS from documentation, log messages and comments.

11 years agopluto: Added --debug-kernel as alias for --debug-klips.
Tobias Brunner [Mon, 16 Aug 2010 12:59:23 +0000 (14:59 +0200)]
pluto: Added --debug-kernel as alias for --debug-klips.

11 years agopluto: Replaced DBG_KLIPS with DBG_KERNEL.
Tobias Brunner [Mon, 16 Aug 2010 12:07:09 +0000 (14:07 +0200)]
pluto: Replaced DBG_KLIPS with DBG_KERNEL.

11 years agopluto: Removed the KLIPS preprocessor flag.
Tobias Brunner [Mon, 16 Aug 2010 12:02:25 +0000 (14:02 +0200)]
pluto: Removed the KLIPS preprocessor flag.

11 years agopluto: Removed unneeded kernel abstractions.
Tobias Brunner [Mon, 16 Aug 2010 09:26:31 +0000 (11:26 +0200)]
pluto: Removed unneeded kernel abstractions.

11 years agopluto: Completely removed struct kernel_ops.
Tobias Brunner [Mon, 16 Aug 2010 09:12:57 +0000 (11:12 +0200)]
pluto: Completely removed struct kernel_ops.

11 years agopluto: Refactored PF_KEY capabilities registration.
Tobias Brunner [Mon, 16 Aug 2010 08:33:37 +0000 (10:33 +0200)]
pluto: Refactored PF_KEY capabilities registration.

Although we use the kernel interface from libhydra we still need this to make
the available algorithms known to pluto.

11 years agopluto: Removed unneeded functions from PF_KEY interface.
Tobias Brunner [Wed, 11 Aug 2010 11:51:03 +0000 (13:51 +0200)]
pluto: Removed unneeded functions from PF_KEY interface.

We still use the algorithm registration.

11 years agopluto: Completely removed orphaned_holds.
Tobias Brunner [Tue, 10 Aug 2010 15:36:38 +0000 (17:36 +0200)]
pluto: Completely removed orphaned_holds.

11 years agoScheduler and processor have been moved to libstrongswan.
Tobias Brunner [Tue, 3 Aug 2010 16:57:30 +0000 (18:57 +0200)]
Scheduler and processor have been moved to libstrongswan.

Also reverts 0c21dc000d3cd5c82eb22c4481e6459978456364 as the dependency
to libcharon is no longer required.

11 years agopluto: Install IN policy of a shunt eroute with protocol.
Tobias Brunner [Tue, 10 Aug 2010 13:09:13 +0000 (15:09 +0200)]
pluto: Install IN policy of a shunt eroute with protocol.

11 years agopluto: Fixed byte-order of ports in traffic selectors.
Tobias Brunner [Tue, 3 Aug 2010 14:40:41 +0000 (16:40 +0200)]
pluto: Fixed byte-order of ports in traffic selectors.

11 years agotesting: Print output of 'make oldconfig' to STDOUT, besides logging it.
Tobias Brunner [Tue, 10 Aug 2010 13:06:41 +0000 (15:06 +0200)]
testing: Print output of 'make oldconfig' to STDOUT, besides logging it.

11 years agotesting: Only sleep after a host has actually been started.
Tobias Brunner [Tue, 3 Aug 2010 14:37:12 +0000 (16:37 +0200)]
testing: Only sleep after a host has actually been started.

11 years agotesting: Build strongSwan a bit faster using make -j.
Tobias Brunner [Tue, 3 Aug 2010 14:34:47 +0000 (16:34 +0200)]
testing: Build strongSwan a bit faster using make -j.

11 years agotesting: Force the UML Kernel to x86.
Tobias Brunner [Tue, 3 Aug 2010 14:33:55 +0000 (16:33 +0200)]
testing: Force the UML Kernel to x86.

11 years agotesting: Adding kernel-netlink to pluto.load statements.
Tobias Brunner [Tue, 3 Aug 2010 11:05:33 +0000 (13:05 +0200)]
testing: Adding kernel-netlink to pluto.load statements.

11 years agotesting: Added missing host alice to test.conf.
Tobias Brunner [Tue, 3 Aug 2010 11:30:16 +0000 (13:30 +0200)]
testing: Added missing host alice to test.conf.

11 years agoCharon specific strongswan.conf options generalized.
Tobias Brunner [Tue, 3 Aug 2010 10:23:14 +0000 (12:23 +0200)]
Charon specific strongswan.conf options generalized.

11 years agopluto: Listen for kernel events via libhydra's kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:58:47 +0000 (11:58 +0200)]
pluto: Listen for kernel events via libhydra's kernel interface.

11 years agopluto: Adapted kernel.c to changed kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:53:40 +0000 (11:53 +0200)]
pluto: Adapted kernel.c to changed kernel interface.

11 years agoAdapted child_sa_t to changed kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:50:56 +0000 (11:50 +0200)]
Adapted child_sa_t to changed kernel interface.

11 years agoFixing installation of trap policies (SPI=0) in kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:49:28 +0000 (11:49 +0200)]
Fixing installation of trap policies (SPI=0) in kernel interface.

11 years agopluto: Do not close all file descriptors on startup, just redirect stdin, stdout...
Tobias Brunner [Fri, 30 Jul 2010 10:16:24 +0000 (12:16 +0200)]
pluto: Do not close all file descriptors on startup, just redirect stdin, stdout and stderr to /dev/null.

Otherwise the pipe used to synchronize pluto->events with the main
thread would be closed.

11 years agopluto: Added a generic event queue.
Tobias Brunner [Fri, 30 Jul 2010 09:51:15 +0000 (11:51 +0200)]
pluto: Added a generic event queue.

This allows to easily execute arbitrary callbacks in the context of the pluto
main thread (e.g. in order to synchronize with threads from the thread-pool).

11 years agopluto: Fixed the reqid that is passed to the updown script.
Tobias Brunner [Thu, 29 Jul 2010 11:37:39 +0000 (13:37 +0200)]
pluto: Fixed the reqid that is passed to the updown script.

11 years agopluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 11:36:23 +0000 (13:36 +0200)]
pluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.

11 years agopluto: Removed unneeded get_proto_reqid.
Tobias Brunner [Thu, 29 Jul 2010 11:33:48 +0000 (13:33 +0200)]
pluto: Removed unneeded get_proto_reqid.

We will use the same reqid for all protocols, as in charon.

11 years agopluto: Added missing return_on in out_sa.
Tobias Brunner [Thu, 29 Jul 2010 10:24:18 +0000 (12:24 +0200)]
pluto: Added missing return_on in out_sa.

11 years agopluto: Use time_monotonic() instead of time() for use time calculation.
Tobias Brunner [Thu, 29 Jul 2010 10:19:48 +0000 (12:19 +0200)]
pluto: Use time_monotonic() instead of time() for use time calculation.

That's because get_sa_info now returns a monotonic timestamp.

11 years agopluto: Removed KLIPS specific code from was_eroute_idle.
Tobias Brunner [Thu, 29 Jul 2010 16:09:44 +0000 (18:09 +0200)]
pluto: Removed KLIPS specific code from was_eroute_idle.

11 years agopluto: Migrated get_sa_info to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 10:19:03 +0000 (12:19 +0200)]
pluto: Migrated get_sa_info to libhydra's kernel interface.

11 years agopluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 09:24:46 +0000 (11:24 +0200)]
pluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.

11 years agopluto: Adapted sag_eroute to the new signature of eroute_connection.
Tobias Brunner [Thu, 29 Jul 2010 09:01:30 +0000 (11:01 +0200)]
pluto: Adapted sag_eroute to the new signature of eroute_connection.

11 years agopluto: Migrated raw_eroute to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 08:41:36 +0000 (10:41 +0200)]
pluto: Migrated raw_eroute to libhydra's kernel interface.

This introduces a new struct to pass the protocol information like spis.
Also adapted eroute_connection and the simple calls of raw_eroute to
the new signature.

11 years agopluto: Added a function to create a traffic_selector_t from an ip_subnet.
Tobias Brunner [Thu, 29 Jul 2010 08:46:45 +0000 (10:46 +0200)]
pluto: Added a function to create a traffic_selector_t from an ip_subnet.

11 years agopluto: Migrated update_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Tue, 27 Jul 2010 17:13:51 +0000 (19:13 +0200)]
pluto: Migrated update_ipsec_sa to libhydra's kernel interface.

11 years agopluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.
Tobias Brunner [Tue, 27 Jul 2010 16:05:38 +0000 (18:05 +0200)]
pluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.

11 years agopluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.
Tobias Brunner [Tue, 27 Jul 2010 16:01:40 +0000 (18:01 +0200)]
pluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.

11 years agoDo not overwrite the original mode when installing policies.
Tobias Brunner [Tue, 27 Jul 2010 15:38:03 +0000 (17:38 +0200)]
Do not overwrite the original mode when installing policies.

The mode is later used to decide if a route has to be installed.

11 years agopluto: Removed KLIPS specific algorithm detection.
Tobias Brunner [Mon, 26 Jul 2010 08:41:18 +0000 (10:41 +0200)]
pluto: Removed KLIPS specific algorithm detection.

11 years agopluto: Removed KLIPS specific bare shunt scanning.
Tobias Brunner [Tue, 20 Jul 2010 11:25:29 +0000 (13:25 +0200)]
pluto: Removed KLIPS specific bare shunt scanning.

11 years agoAdded support for different policy types in kernel_netlink plugin.
Tobias Brunner [Mon, 19 Jul 2010 16:50:19 +0000 (18:50 +0200)]
Added support for different policy types in kernel_netlink plugin.

11 years agoAdded an option to specify the type of a policy to kernel_ipsec.add_policy.
Tobias Brunner [Mon, 19 Jul 2010 16:38:29 +0000 (18:38 +0200)]
Added an option to specify the type of a policy to kernel_ipsec.add_policy.

This will later allow us to support pluto's passthrough and drop
policies in charon.

11 years agopluto: Migrated get_my_cpi to libhydra's kernel interface.
Tobias Brunner [Mon, 19 Jul 2010 08:19:29 +0000 (10:19 +0200)]
pluto: Migrated get_my_cpi to libhydra's kernel interface.

11 years agopluto: Migrated get_ipsec_spi to libhydra's kernel interface.
Tobias Brunner [Thu, 15 Jul 2010 12:10:25 +0000 (14:10 +0200)]
pluto: Migrated get_ipsec_spi to libhydra's kernel interface.

11 years agoAdded support for combined IPComp/ESP/AH policies in kernel_netlink plugin.
Tobias Brunner [Mon, 19 Jul 2010 10:31:39 +0000 (12:31 +0200)]
Added support for combined IPComp/ESP/AH policies in kernel_netlink plugin.

11 years agoReplaced the protocol argument in add_policy with an optional SPI for an AH SA.
Tobias Brunner [Mon, 19 Jul 2010 09:25:47 +0000 (11:25 +0200)]
Replaced the protocol argument in add_policy with an optional SPI for an AH SA.

11 years agoInitialize the thread pool in pluto.
Tobias Brunner [Tue, 13 Jul 2010 11:18:04 +0000 (13:18 +0200)]
Initialize the thread pool in pluto.

11 years agoRefer to scheduler and processor via lib and not hydra.
Tobias Brunner [Thu, 15 Jul 2010 12:49:41 +0000 (14:49 +0200)]
Refer to scheduler and processor via lib and not hydra.

11 years agoMoved scheduler and thread pool to libstrongswan.
Tobias Brunner [Thu, 15 Jul 2010 12:26:19 +0000 (14:26 +0200)]
Moved scheduler and thread pool to libstrongswan.

11 years agoMoved all kernel plugins to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 16:10:16 +0000 (18:10 +0200)]
Moved all kernel plugins to libhydra.

11 years agoMoved ipsec_transform_t to kernel_ipsec.h in libhydra.
Tobias Brunner [Mon, 12 Jul 2010 15:40:37 +0000 (17:40 +0200)]
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.

Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.

11 years agoRefer to kernel interface via hydra and not charon.
Tobias Brunner [Mon, 12 Jul 2010 09:14:54 +0000 (11:14 +0200)]
Refer to kernel interface via hydra and not charon.

11 years agoMoved kernel interface to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 08:57:46 +0000 (10:57 +0200)]
Moved kernel interface to libhydra.

11 years agoRemoved references to protocol_id_t from kernel interface.
Tobias Brunner [Mon, 12 Jul 2010 08:35:19 +0000 (10:35 +0200)]
Removed references to protocol_id_t from kernel interface.

Instead we use the actual IP protocol identifier (the conversion now happens in
child_sa_t and kernel_handler_t).

11 years agoMigrated child_sa_t to INIT/METHOD macros.
Tobias Brunner [Mon, 12 Jul 2010 07:38:39 +0000 (09:38 +0200)]
Migrated child_sa_t to INIT/METHOD macros.

11 years agoMoved roam job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 14:03:09 +0000 (16:03 +0200)]
Moved roam job creation to kernel event handler.

11 years agoRefer to scheduler via hydra and not charon.
Tobias Brunner [Tue, 6 Jul 2010 11:23:42 +0000 (13:23 +0200)]
Refer to scheduler via hydra and not charon.

11 years agoMoved scheduler_t to libhydra.
Tobias Brunner [Tue, 6 Jul 2010 11:13:39 +0000 (13:13 +0200)]
Moved scheduler_t to libhydra.

11 years agoMoved migrate job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:46:40 +0000 (12:46 +0200)]
Moved migrate job creation to kernel event handler.

11 years agoMoved update SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:34:15 +0000 (12:34 +0200)]
Moved update SA job creation to kernel event handler.

11 years agoMoved delete/rekey CHILD_SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:09:06 +0000 (12:09 +0200)]
Moved delete/rekey CHILD_SA job creation to kernel event handler.

11 years agoMoved acquire job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 09:50:43 +0000 (11:50 +0200)]
Moved acquire job creation to kernel event handler.

11 years agoAdded kernel event handler stub.
Tobias Brunner [Tue, 6 Jul 2010 09:36:58 +0000 (11:36 +0200)]
Added kernel event handler stub.

11 years agoAll kernel listener hooks are optional.
Tobias Brunner [Tue, 6 Jul 2010 14:09:06 +0000 (16:09 +0200)]
All kernel listener hooks are optional.

11 years agoAdded listener handling to kernel interface.
Tobias Brunner [Tue, 6 Jul 2010 11:02:01 +0000 (13:02 +0200)]
Added listener handling to kernel interface.

11 years agoAdded an interface for kernel event listeners.
Tobias Brunner [Tue, 6 Jul 2010 07:28:12 +0000 (09:28 +0200)]
Added an interface for kernel event listeners.

11 years agoSome minor comment fixes.
Tobias Brunner [Tue, 6 Jul 2010 08:48:55 +0000 (10:48 +0200)]
Some minor comment fixes.

11 years agoSome whitespace and code style fixes.
Tobias Brunner [Mon, 5 Jul 2010 16:52:50 +0000 (18:52 +0200)]
Some whitespace and code style fixes.

11 years agoDo not include files from libcharon in libhydra.
Tobias Brunner [Mon, 5 Jul 2010 16:49:41 +0000 (18:49 +0200)]
Do not include files from libcharon in libhydra.

11 years agoMove callback_job_t to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 13:32:54 +0000 (15:32 +0200)]
Move callback_job_t to libhydra.

11 years agoFixing Doxygen groups after moving processor.
Tobias Brunner [Mon, 5 Jul 2010 13:24:58 +0000 (15:24 +0200)]
Fixing Doxygen groups after moving processor.

11 years agoRefer to processor via hydra and not charon.
Tobias Brunner [Mon, 5 Jul 2010 11:52:05 +0000 (13:52 +0200)]
Refer to processor via hydra and not charon.

11 years agoMove processor_t (thread-pool) to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 11:46:04 +0000 (13:46 +0200)]
Move processor_t (thread-pool) to libhydra.