strongswan.git
12 years agoadded updated mconsole-exec patch for 2.6.28
Martin Willi [Thu, 5 Mar 2009 14:32:15 +0000 (14:32 -0000)]
added updated mconsole-exec patch for 2.6.28

12 years agoadded ikev2/ip-two-pools-mixed scenario
Andreas Steffen [Tue, 3 Mar 2009 17:10:52 +0000 (17:10 -0000)]
added ikev2/ip-two-pools-mixed scenario

12 years agocorrected scenario descriptions
Andreas Steffen [Tue, 3 Mar 2009 17:09:13 +0000 (17:09 -0000)]
corrected scenario descriptions

12 years agofixed format string argument error, resulting in crash
Martin Willi [Tue, 3 Mar 2009 14:56:17 +0000 (14:56 -0000)]
fixed format string argument error, resulting in crash
fixed memleak if pool not found

12 years agostop searching other pools if lease successfully released
Martin Willi [Tue, 3 Mar 2009 14:43:53 +0000 (14:43 -0000)]
stop searching other pools if lease successfully released

12 years agoipsec statusall <conn> also filters address pools
Andreas Steffen [Tue, 3 Mar 2009 10:30:59 +0000 (10:30 -0000)]
ipsec statusall <conn> also filters address pools

12 years agofixed MSCHAPv2 password lookup when used with NetworkManager
Martin Willi [Tue, 24 Feb 2009 13:39:50 +0000 (13:39 -0000)]
fixed MSCHAPv2 password lookup when used with NetworkManager

12 years agoadded EAP-Identity package
Martin Willi [Tue, 24 Feb 2009 11:50:24 +0000 (11:50 -0000)]
added EAP-Identity package

12 years agoupdated debian packages to 4.2.12, supporting EAP-MSCHAPv2
Martin Willi [Mon, 23 Feb 2009 16:33:17 +0000 (16:33 -0000)]
updated debian packages to 4.2.12, supporting EAP-MSCHAPv2

12 years agoversion bump to 4.2.13
Andreas Steffen [Sat, 21 Feb 2009 17:53:10 +0000 (17:53 -0000)]
version bump to 4.2.13

12 years agochanges in 4.2.12 4.2.12
Andreas Steffen [Fri, 20 Feb 2009 19:52:14 +0000 (19:52 -0000)]
changes in 4.2.12

12 years agoadded eap=mschapv2 to ipsec.conf.5
Andreas Steffen [Thu, 19 Feb 2009 22:12:04 +0000 (22:12 -0000)]
added eap=mschapv2 to ipsec.conf.5

12 years agoadded ikev2/rw-eap-mschapv2 scenario
Andreas Steffen [Thu, 19 Feb 2009 22:02:28 +0000 (22:02 -0000)]
added ikev2/rw-eap-mschapv2 scenario

12 years agofixed some memleaks in mschapv2 plugin
Tobias Brunner [Thu, 19 Feb 2009 14:32:13 +0000 (14:32 -0000)]
fixed some memleaks in mschapv2 plugin

12 years agoECB mode added to the DES plugin
Tobias Brunner [Thu, 19 Feb 2009 14:29:25 +0000 (14:29 -0000)]
ECB mode added to the DES plugin

12 years agodes ecb enum value changed, ignores set for md4 plugin
Tobias Brunner [Thu, 19 Feb 2009 13:46:08 +0000 (13:46 -0000)]
des ecb enum value changed, ignores set for md4 plugin

12 years agoadded Id svn:keyword
Andreas Steffen [Thu, 19 Feb 2009 10:16:45 +0000 (10:16 -0000)]
added Id svn:keyword

12 years agosupport of MD4 hash
Andreas Steffen [Thu, 19 Feb 2009 10:06:58 +0000 (10:06 -0000)]
support of MD4 hash

12 years agocorrected typo
Andreas Steffen [Thu, 19 Feb 2009 09:54:31 +0000 (09:54 -0000)]
corrected typo

12 years agoadding plugin for EAP-MS-CHAPv2
Tobias Brunner [Wed, 18 Feb 2009 19:57:15 +0000 (19:57 -0000)]
adding plugin for EAP-MS-CHAPv2

12 years agoforce unique connections for mediation connections
Tobias Brunner [Wed, 18 Feb 2009 19:48:11 +0000 (19:48 -0000)]
force unique connections for mediation connections

12 years agoadding enum elements for MD4 and DES (ECB)
Tobias Brunner [Wed, 18 Feb 2009 19:45:46 +0000 (19:45 -0000)]
adding enum elements for MD4 and DES (ECB)

12 years agoadding MD4 and DES (ECB) to openssl plugin
Tobias Brunner [Wed, 18 Feb 2009 19:41:33 +0000 (19:41 -0000)]
adding MD4 and DES (ECB) to openssl plugin

12 years agoalways encode EAP usernames as ID_KEY_ID
Martin Willi [Wed, 18 Feb 2009 15:03:33 +0000 (15:03 -0000)]
always encode EAP usernames as ID_KEY_ID

12 years agoremoved unused extract_last_token() and the required memrchr implementation
Martin Willi [Wed, 18 Feb 2009 09:45:54 +0000 (09:45 -0000)]
removed unused extract_last_token() and the required memrchr implementation

12 years agodo not operate on strongswan-padlock on non-x86
Martin Willi [Tue, 17 Feb 2009 18:30:02 +0000 (18:30 -0000)]
do not operate on strongswan-padlock on non-x86

12 years agotypo
Tobias Brunner [Tue, 17 Feb 2009 17:14:15 +0000 (17:14 -0000)]
typo

12 years agoadded missing kernel-netlink plugin
Martin Willi [Tue, 17 Feb 2009 09:38:42 +0000 (09:38 -0000)]
added missing kernel-netlink plugin

12 years agofixed build on non-i386 architectures
Martin Willi [Tue, 17 Feb 2009 09:34:52 +0000 (09:34 -0000)]
fixed build on non-i386 architectures

12 years agobuild strongswan-padlock on i386 only
Martin Willi [Mon, 16 Feb 2009 16:49:43 +0000 (16:49 -0000)]
build strongswan-padlock on i386 only

12 years agouse separate distribution tarballs for NetworkManager applet
Martin Willi [Mon, 16 Feb 2009 16:11:16 +0000 (16:11 -0000)]
use separate distribution tarballs for NetworkManager applet

12 years agouse a slightly adopted package versioning scheme
Martin Willi [Mon, 16 Feb 2009 16:05:30 +0000 (16:05 -0000)]
use a slightly adopted package versioning scheme
  NM applet uses strongSwan independent versions

12 years agoadded Makefile to build ubuntu PPA source packages
Martin Willi [Mon, 16 Feb 2009 16:03:09 +0000 (16:03 -0000)]
added Makefile to build ubuntu PPA source packages

12 years agoinitial version of new modular strongswan debian packages
Martin Willi [Mon, 16 Feb 2009 12:48:35 +0000 (12:48 -0000)]
initial version of new modular strongswan debian packages
  "strongswan" metapackage adds similar functionality as old debian packages
  "network-manager-strongswan" depends on required strongSwan packages

12 years agoconfiguration of NBNS server assignment via strongswan.conf
Andreas Steffen [Fri, 13 Feb 2009 11:57:50 +0000 (11:57 -0000)]
configuration of NBNS server assignment via strongswan.conf

12 years agouse internal host venus as dns2
Andreas Steffen [Thu, 12 Feb 2009 09:18:42 +0000 (09:18 -0000)]
use internal host venus as dns2

12 years agoconfiguration of DNS server assignment via strongswan.conf
Andreas Steffen [Thu, 12 Feb 2009 09:02:15 +0000 (09:02 -0000)]
configuration of DNS server assignment via strongswan.conf

12 years ago[4859] caused crash when handling the %config case
Andreas Steffen [Wed, 11 Feb 2009 22:39:35 +0000 (22:39 -0000)]
[4859] caused crash when handling the %config case

12 years agocorrected syntax
Andreas Steffen [Wed, 11 Feb 2009 16:45:14 +0000 (16:45 -0000)]
corrected syntax

12 years agothis debug statement has only two arguments
Andreas Steffen [Wed, 11 Feb 2009 16:41:37 +0000 (16:41 -0000)]
this debug statement has only two arguments

12 years agofixed a 64-bit issue with time_t printf hooks
Andreas Steffen [Wed, 11 Feb 2009 16:37:16 +0000 (16:37 -0000)]
fixed a 64-bit issue with time_t printf hooks

12 years agochanged [4856] to dynamically choose traffic selector family
Martin Willi [Wed, 11 Feb 2009 13:09:52 +0000 (13:09 -0000)]
changed [4856] to dynamically choose traffic selector family

12 years agorespect family when assigning pool addresses
Martin Willi [Wed, 11 Feb 2009 12:50:04 +0000 (12:50 -0000)]
respect family when assigning pool addresses

12 years agosend proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches
Martin Willi [Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)]
send proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches

12 years agofree unneeded retransmission packet when exchange completes
Martin Willi [Mon, 9 Feb 2009 10:45:51 +0000 (10:45 -0000)]
free unneeded retransmission packet when exchange completes

12 years agosupport of dynamic/128 and %any6
Andreas Steffen [Thu, 5 Feb 2009 22:13:48 +0000 (22:13 -0000)]
support of dynamic/128 and %any6

12 years agodisable MOBIKE in load-tester
Andreas Steffen [Thu, 5 Feb 2009 10:10:20 +0000 (10:10 -0000)]
disable MOBIKE in load-tester

12 years agooutput pool name string rather than pool pointer
Andreas Steffen [Wed, 28 Jan 2009 00:37:11 +0000 (00:37 -0000)]
output pool name string rather than pool pointer

12 years agoversion bump to 4.2.12
Andreas Steffen [Wed, 21 Jan 2009 03:14:52 +0000 (03:14 -0000)]
version bump to 4.2.12

12 years agoadded two Microsoft proprietary configuration attribute types 4.2.11
Andreas Steffen [Tue, 20 Jan 2009 22:55:13 +0000 (22:55 -0000)]
added two Microsoft proprietary configuration attribute types

12 years agochanges in 4.2.11
Andreas Steffen [Tue, 20 Jan 2009 22:37:58 +0000 (22:37 -0000)]
changes in 4.2.11

12 years agoadded notify message types used by RFC 4739
Andreas Steffen [Mon, 19 Jan 2009 12:32:42 +0000 (12:32 -0000)]
added notify message types used by RFC 4739

12 years agoproper initialization and disposal of keying material
Andreas Steffen [Thu, 15 Jan 2009 01:52:44 +0000 (01:52 -0000)]
proper initialization and disposal of keying material

12 years agoadded pfkey/esp-alg-null scenario
Andreas Steffen [Thu, 15 Jan 2009 00:47:21 +0000 (00:47 -0000)]
added pfkey/esp-alg-null scenario

12 years agoadded ikev2/esp-alg-null scenario
Andreas Steffen [Thu, 15 Jan 2009 00:39:06 +0000 (00:39 -0000)]
added ikev2/esp-alg-null scenario

12 years agofixed ESP NULL encryption
Andreas Steffen [Thu, 15 Jan 2009 00:34:42 +0000 (00:34 -0000)]
fixed ESP NULL encryption

12 years agofixed broken listing of connections in ipsec statusall
Andreas Steffen [Wed, 14 Jan 2009 08:10:16 +0000 (08:10 -0000)]
fixed broken listing of connections in ipsec statusall

12 years agoadded eap=gtc option to ipsec.conf man page
Andreas Steffen [Wed, 14 Jan 2009 03:29:59 +0000 (03:29 -0000)]
added eap=gtc option to ipsec.conf man page

12 years agodisable DPD and sending of cert requests in load-tester
Andreas Steffen [Wed, 14 Jan 2009 00:13:21 +0000 (00:13 -0000)]
disable DPD and sending of cert requests in load-tester

12 years agofixing cross-compilation
Tobias Brunner [Tue, 13 Jan 2009 10:38:16 +0000 (10:38 -0000)]
fixing cross-compilation

12 years agocosmetics
Andreas Steffen [Tue, 13 Jan 2009 06:50:55 +0000 (06:50 -0000)]
cosmetics

12 years agochanged type definition of level from char* to int
Andreas Steffen [Tue, 13 Jan 2009 06:36:31 +0000 (06:36 -0000)]
changed type definition of level from char* to int

12 years agohiding XFRM message names from netlink
Andreas Steffen [Fri, 9 Jan 2009 09:37:13 +0000 (09:37 -0000)]
hiding XFRM message names from netlink

12 years agorenamed chunk
Andreas Steffen [Fri, 9 Jan 2009 08:51:41 +0000 (08:51 -0000)]
renamed chunk

12 years agorefactored DBG3 output of sent XFRM messages
Andreas Steffen [Fri, 9 Jan 2009 08:46:31 +0000 (08:46 -0000)]
refactored DBG3 output of sent XFRM messages

12 years agoDBG3 output of sent XFRM messages
Andreas Steffen [Fri, 9 Jan 2009 08:27:17 +0000 (08:27 -0000)]
DBG3 output of sent XFRM messages

12 years agoadded message for undefined ocsp status #4
Andreas Steffen [Fri, 9 Jan 2009 01:36:13 +0000 (01:36 -0000)]
added message for undefined ocsp status #4

12 years agoadd a compatible memrchr() function if the platform does not support it (e.g. old...
Andreas Steffen [Fri, 9 Jan 2009 01:19:45 +0000 (01:19 -0000)]
add a compatible memrchr() function if the platform does not support it (e.g. old glibc). Patch courtesy to Thomas Jarosch

12 years agothe Linux 2.6.28 uml guest kernel does not need any patches
Andreas Steffen [Fri, 9 Jan 2009 00:28:47 +0000 (00:28 -0000)]
the Linux 2.6.28 uml guest kernel does not need any patches

12 years agotest of ipsec leases command in ikev2/ip-pool and ikev2/ip-two-pools scenarios
Andreas Steffen [Fri, 9 Jan 2009 00:24:54 +0000 (00:24 -0000)]
test of ipsec leases command in ikev2/ip-pool and ikev2/ip-two-pools scenarios

12 years agoversion bump to 2.4.11
Andreas Steffen [Thu, 8 Jan 2009 22:23:42 +0000 (22:23 -0000)]
version bump to 2.4.11

12 years agoadapted ikev2/ip-pool-wish scenario to the new stroke ip pool function
Andreas Steffen [Thu, 8 Jan 2009 21:41:07 +0000 (21:41 -0000)]
adapted ikev2/ip-pool-wish scenario to the new stroke ip pool function

12 years agofixed two bugs introduced by the stroke ip pool refactoring 4.2.10
Andreas Steffen [Thu, 8 Jan 2009 21:34:44 +0000 (21:34 -0000)]
fixed two bugs introduced by the stroke ip pool refactoring

12 years agoincrease nonce size to 32 bytes, required when using SHA384/512 PRFs
Martin Willi [Wed, 31 Dec 2008 08:58:49 +0000 (08:58 -0000)]
increase nonce size to 32 bytes, required when using SHA384/512 PRFs

12 years agomissing LOGFILE in debug statement
Andreas Steffen [Tue, 23 Dec 2008 06:35:16 +0000 (06:35 -0000)]
missing LOGFILE in debug statement

12 years agoadded some NEWS for 4.2.10
Martin Willi [Mon, 22 Dec 2008 12:48:50 +0000 (12:48 -0000)]
added some NEWS for 4.2.10

12 years agofixed a potential memory leak when reusing mobike task
Martin Willi [Fri, 19 Dec 2008 14:34:40 +0000 (14:34 -0000)]
fixed a potential memory leak when reusing mobike task

12 years agoRNG tests based on FIPS 140-1
Martin Willi [Thu, 18 Dec 2008 16:24:22 +0000 (16:24 -0000)]
RNG tests based on FIPS 140-1

12 years agosupport for Padlock RNG
Martin Willi [Thu, 18 Dec 2008 16:21:05 +0000 (16:21 -0000)]
support for Padlock RNG

12 years agoproper feature probing for padlock
Martin Willi [Wed, 17 Dec 2008 15:40:01 +0000 (15:40 -0000)]
proper feature probing for padlock

12 years agocorrect use of calloc in hashtable_t
Tobias Brunner [Wed, 17 Dec 2008 09:56:05 +0000 (09:56 -0000)]
correct use of calloc in hashtable_t

12 years agoupdated documentation
Martin Willi [Wed, 17 Dec 2008 09:00:22 +0000 (09:00 -0000)]
updated documentation
some minor cleanups
calloc does not need an additional memset(0)

12 years agoimproved IKE_SA uniqueness check
Tobias Brunner [Tue, 16 Dec 2008 17:21:28 +0000 (17:21 -0000)]
improved IKE_SA uniqueness check

12 years agopurge certificates after IKE_AUTH response has been built
Martin Willi [Tue, 16 Dec 2008 15:48:36 +0000 (15:48 -0000)]
purge certificates after IKE_AUTH response has been built

12 years agoreimplemented certificate cache:
Martin Willi [Mon, 15 Dec 2008 15:41:48 +0000 (15:41 -0000)]
reimplemented certificate cache:
fixes unsafe certificate caching
use fixed array instead of a list
fine grained per-slot locking
use cache hits for housekeeping

12 years agosignal each entry condvar after enumeration, required if wait_for_entry is called
Martin Willi [Mon, 15 Dec 2008 09:19:04 +0000 (09:19 -0000)]
signal each entry condvar after enumeration, required if wait_for_entry is called

12 years agoadded an additional frame to lock profiling backtraces
Martin Willi [Mon, 15 Dec 2008 09:13:43 +0000 (09:13 -0000)]
added an additional frame to lock profiling backtraces

12 years agodo not respawn cancelled threads if we are shutting down
Martin Willi [Fri, 12 Dec 2008 15:57:12 +0000 (15:57 -0000)]
do not respawn cancelled threads if we are shutting down

12 years agofixed possible deadlock in checkin_and_destroy
Martin Willi [Fri, 12 Dec 2008 10:40:45 +0000 (10:40 -0000)]
fixed possible deadlock in checkin_and_destroy

12 years agoavoid DNS lookup if possible
Martin Willi [Fri, 12 Dec 2008 10:38:53 +0000 (10:38 -0000)]
avoid DNS lookup if possible

12 years agoexecute events if difference is 0, prevents a busywait
Martin Willi [Fri, 12 Dec 2008 09:16:31 +0000 (09:16 -0000)]
execute events if difference is 0, prevents a busywait

12 years agoload tester got a "shutdown_when_complete" option, allows performance test using...
Martin Willi [Fri, 12 Dec 2008 09:14:37 +0000 (09:14 -0000)]
load tester got a "shutdown_when_complete" option, allows performance test using "time"

12 years agodaemon exports main_thread_id, sends SIGTERM to the main thread in daemon_kill
Martin Willi [Fri, 12 Dec 2008 09:13:06 +0000 (09:13 -0000)]
daemon exports main_thread_id, sends SIGTERM to the main thread in daemon_kill

12 years agoleak detective binds execution to a signle core, avoids corruption on SMP machines
Martin Willi [Fri, 12 Dec 2008 09:10:52 +0000 (09:10 -0000)]
leak detective binds execution to a signle core, avoids corruption on SMP machines

12 years agowait until all IKE_SAs are in-house before destroying them
Martin Willi [Fri, 12 Dec 2008 08:33:48 +0000 (08:33 -0000)]
wait until all IKE_SAs are in-house before destroying them

12 years agoaddress extensions refactored
Tobias Brunner [Thu, 11 Dec 2008 13:39:30 +0000 (13:39 -0000)]
address extensions refactored

12 years agofixed usage of "leases" command
Martin Willi [Thu, 11 Dec 2008 12:49:41 +0000 (12:49 -0000)]
fixed usage of "leases" command

12 years agonat_traversal in manpage corrected
Tobias Brunner [Wed, 10 Dec 2008 17:45:44 +0000 (17:45 -0000)]
nat_traversal in manpage corrected

12 years agofixing checkout of IKE SAs with only the initiator SPI
Tobias Brunner [Wed, 10 Dec 2008 15:58:39 +0000 (15:58 -0000)]
fixing checkout of IKE SAs with only the initiator SPI

12 years agoincreasing the performance of checkout_duplicate by using a hash table.
Tobias Brunner [Wed, 10 Dec 2008 13:51:21 +0000 (13:51 -0000)]
increasing the performance of checkout_duplicate by using a hash table.