strongswan.git
11 years agoBEET mode might want forwarding policies
Martin Willi [Wed, 12 Nov 2008 16:47:19 +0000 (16:47 -0000)]
BEET mode might want forwarding policies

11 years agoremoved some obsolete includes
Martin Willi [Wed, 12 Nov 2008 16:10:34 +0000 (16:10 -0000)]
removed some obsolete includes

11 years agomoved ike_initiator flag to IKE_SAs condition bitfield
Martin Willi [Wed, 12 Nov 2008 16:07:17 +0000 (16:07 -0000)]
moved ike_initiator flag to IKE_SAs condition bitfield

11 years agoported some hard-to-merge cherries back to trunk :-/
Martin Willi [Wed, 12 Nov 2008 15:09:24 +0000 (15:09 -0000)]
ported some hard-to-merge cherries back to trunk :-/
shame, svn, shame: this was ways to complicated
we should consider a switch to git...

11 years agofixing keylength bug at the right place:
Martin Willi [Wed, 12 Nov 2008 08:27:48 +0000 (08:27 -0000)]
fixing keylength bug at the right place:
we usually don't touch output parameters if operations fails

11 years agoimproved fix
Andreas Steffen [Wed, 12 Nov 2008 04:08:30 +0000 (04:08 -0000)]
improved fix

11 years agofixed AES-CCM/GCM authenticated encryption by eliminating generation of superfluous...
Andreas Steffen [Wed, 12 Nov 2008 04:02:10 +0000 (04:02 -0000)]
fixed AES-CCM/GCM authenticated encryption by eliminating generation of superfluous generation of integrity keying material

11 years agofixed compiler warnings issued by:
Martin Willi [Tue, 11 Nov 2008 18:37:19 +0000 (18:37 -0000)]
fixed compiler warnings issued by:
gcc 4.3
curl.h gcc type-checking
glibc with enabled FORTIFY_SOURCE checking

11 years ago#defing out compress algs to avoid compiler warning
Martin Willi [Tue, 11 Nov 2008 18:35:10 +0000 (18:35 -0000)]
#defing out compress algs to avoid compiler warning

11 years agoupdated method signature of add_policy
Martin Willi [Tue, 11 Nov 2008 18:33:48 +0000 (18:33 -0000)]
updated method signature of add_policy

11 years agofixed compilation of medcli plugin
Martin Willi [Tue, 11 Nov 2008 15:20:25 +0000 (15:20 -0000)]
fixed compilation of medcli plugin

11 years agoadded missing include for ULONG_MAX
Martin Willi [Tue, 11 Nov 2008 15:19:13 +0000 (15:19 -0000)]
added missing include for ULONG_MAX

11 years agoannouncing the kernel plugins
Tobias Brunner [Tue, 11 Nov 2008 13:35:51 +0000 (13:35 -0000)]
announcing the kernel plugins

11 years agofixing mediation extension
Tobias Brunner [Tue, 11 Nov 2008 13:12:05 +0000 (13:12 -0000)]
fixing mediation extension

11 years agosome typos
Tobias Brunner [Tue, 11 Nov 2008 13:11:44 +0000 (13:11 -0000)]
some typos

11 years agoadded some NEWS for 4.2.9
Martin Willi [Tue, 11 Nov 2008 12:52:55 +0000 (12:52 -0000)]
added some NEWS for 4.2.9

11 years agodynamic logging configuration through strongswan.conf
Martin Willi [Tue, 11 Nov 2008 10:52:37 +0000 (10:52 -0000)]
dynamic logging configuration through strongswan.conf
fallback to existing ipsec.conf/stroke loglevel configuration

11 years agofixed compiler warning
Martin Willi [Tue, 11 Nov 2008 10:29:31 +0000 (10:29 -0000)]
fixed compiler warning

11 years agofixing a memory leak
Tobias Brunner [Tue, 11 Nov 2008 09:56:47 +0000 (09:56 -0000)]
fixing a memory leak

11 years agomerging kernel_klips plugin back into trunk
Tobias Brunner [Tue, 11 Nov 2008 09:22:00 +0000 (09:22 -0000)]
merging kernel_klips plugin back into trunk

11 years agorenamed proxy to proxy_mode in stroke_msg.h
Andreas Steffen [Tue, 11 Nov 2008 07:28:52 +0000 (07:28 -0000)]
renamed proxy to proxy_mode in stroke_msg.h

11 years agodeleted obsolete parameter descriptions
Andreas Steffen [Tue, 11 Nov 2008 07:11:30 +0000 (07:11 -0000)]
deleted obsolete parameter descriptions

11 years agopreliminary support of Mobile IPv6
Andreas Steffen [Tue, 11 Nov 2008 06:37:37 +0000 (06:37 -0000)]
preliminary support of Mobile IPv6

11 years agoadded the MIPv6 options use_proxy_mode and install_policy
Andreas Steffen [Tue, 11 Nov 2008 06:29:25 +0000 (06:29 -0000)]
added the MIPv6 options use_proxy_mode and install_policy

11 years agocosmetics in debug output
Andreas Steffen [Tue, 11 Nov 2008 06:19:37 +0000 (06:19 -0000)]
cosmetics in debug output

11 years agowhitelisting localtime_r
Martin Willi [Mon, 10 Nov 2008 16:44:27 +0000 (16:44 -0000)]
whitelisting localtime_r

11 years agomake load_tester more strict to use it along stroke
Martin Willi [Mon, 10 Nov 2008 16:43:15 +0000 (16:43 -0000)]
make load_tester more strict to use it along stroke

11 years agofixed leak in host_create_from_string("%any")
Martin Willi [Mon, 10 Nov 2008 16:42:05 +0000 (16:42 -0000)]
fixed leak in host_create_from_string("%any")

11 years agofixed some minor issues found when using -DFORTIFY_SOURCE=2
Martin Willi [Mon, 10 Nov 2008 15:45:19 +0000 (15:45 -0000)]
fixed some minor issues found when using -DFORTIFY_SOURCE=2

11 years agoiterations = 0 for infinite iterations
Martin Willi [Mon, 10 Nov 2008 10:10:51 +0000 (10:10 -0000)]
iterations = 0 for infinite iterations

11 years agoadded PEM version of keys
Martin Willi [Mon, 10 Nov 2008 10:09:44 +0000 (10:09 -0000)]
added PEM version of keys

11 years agosettings section enumeration
Martin Willi [Fri, 7 Nov 2008 15:08:53 +0000 (15:08 -0000)]
settings section enumeration
printf style key lookup

11 years agofixed copy/paste error
Martin Willi [Fri, 7 Nov 2008 14:48:54 +0000 (14:48 -0000)]
fixed copy/paste error

11 years agouse of host_create_any() for %any address
Andreas Steffen [Fri, 7 Nov 2008 05:15:19 +0000 (05:15 -0000)]
use of host_create_any() for %any address

11 years agoSADB_X_EXT_KMADDRESS is not present in old kernels
Andreas Steffen [Fri, 7 Nov 2008 03:38:56 +0000 (03:38 -0000)]
SADB_X_EXT_KMADDRESS is not present in old kernels

11 years agoadded retrieval of remote kmaddress via PF_KEY
Andreas Steffen [Fri, 7 Nov 2008 03:23:59 +0000 (03:23 -0000)]
added retrieval of remote kmaddress via PF_KEY

11 years agoadded delete_after_established option
Martin Willi [Thu, 6 Nov 2008 14:07:46 +0000 (14:07 -0000)]
added delete_after_established option

11 years agofixed leak
Martin Willi [Thu, 6 Nov 2008 14:05:58 +0000 (14:05 -0000)]
fixed leak
fixed build if !HAVE_BACKTRACE

11 years agouse read-write locks in crypto factory for parallelization
Martin Willi [Wed, 5 Nov 2008 16:21:57 +0000 (16:21 -0000)]
use read-write locks in crypto factory for parallelization

11 years agowrapped all pthread_rwlock_t in profilable rwlock_t
Martin Willi [Wed, 5 Nov 2008 16:12:54 +0000 (16:12 -0000)]
wrapped all pthread_rwlock_t in profilable rwlock_t

11 years agowrapped rwlock with profiling support
Martin Willi [Wed, 5 Nov 2008 15:51:57 +0000 (15:51 -0000)]
wrapped rwlock with profiling support

11 years agothreshhold and ./configure option for lock profiler
Martin Willi [Wed, 5 Nov 2008 14:36:57 +0000 (14:36 -0000)]
threshhold and ./configure option for lock profiler

11 years agoadded missing includes
Martin Willi [Wed, 5 Nov 2008 14:22:58 +0000 (14:22 -0000)]
added missing includes

11 years agoseparated backtrace functionality from leak_detective, used in
Martin Willi [Wed, 5 Nov 2008 13:58:19 +0000 (13:58 -0000)]
separated backtrace functionality from leak_detective, used in
leak_detective
mutex profiling
signal handler

11 years agoproper cleanup of openssl locking code
Martin Willi [Wed, 5 Nov 2008 12:37:37 +0000 (12:37 -0000)]
proper cleanup of openssl locking code

11 years agofixed sender destruction order
Martin Willi [Wed, 5 Nov 2008 12:24:36 +0000 (12:24 -0000)]
fixed sender destruction order

11 years agofixed iterator regression introduced in [4577]
Martin Willi [Wed, 5 Nov 2008 11:55:17 +0000 (11:55 -0000)]
fixed iterator regression introduced in [4577]

11 years agoreplaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant
Martin Willi [Wed, 5 Nov 2008 11:29:56 +0000 (11:29 -0000)]
replaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant

11 years agoget rid of unused iterator hook functions
Martin Willi [Wed, 5 Nov 2008 08:37:09 +0000 (08:37 -0000)]
get rid of unused iterator hook functions

11 years agogot rid of deprecated create_iterator_locked()
Martin Willi [Wed, 5 Nov 2008 08:32:38 +0000 (08:32 -0000)]
got rid of deprecated create_iterator_locked()

11 years agosimple mutex profiler
Martin Willi [Wed, 5 Nov 2008 07:57:26 +0000 (07:57 -0000)]
simple mutex profiler

11 years agodo not install route if interface lookup failed
Martin Willi [Wed, 5 Nov 2008 07:38:55 +0000 (07:38 -0000)]
do not install route if interface lookup failed

11 years ago%any is IP family neutral
Andreas Steffen [Wed, 5 Nov 2008 05:32:43 +0000 (05:32 -0000)]
%any is IP family neutral

11 years agocorrected typo2
Andreas Steffen [Wed, 5 Nov 2008 05:27:42 +0000 (05:27 -0000)]
corrected typo2

11 years agosupport of %any address string
Andreas Steffen [Wed, 5 Nov 2008 04:53:45 +0000 (04:53 -0000)]
support of %any address string

11 years agohandle 0.0.0.0 string and af == AF_INET6
Andreas Steffen [Wed, 5 Nov 2008 00:41:46 +0000 (00:41 -0000)]
handle 0.0.0.0 string and af == AF_INET6

11 years agotwo new load_testing options:
Martin Willi [Tue, 4 Nov 2008 14:55:22 +0000 (14:55 -0000)]
two new load_testing options:
request_virtual_ip: request a INTERNAL_IPV4_ADDR as client
pool: provide addresses from a named virtual IP pool

11 years agoOpenSSL requires a signature length of exactly RSA_size()
Martin Willi [Tue, 4 Nov 2008 14:05:42 +0000 (14:05 -0000)]
OpenSSL requires a signature length of exactly RSA_size()

11 years agoremoved superfluous get_other_public_value in diffie_hellman_t interface
Martin Willi [Tue, 4 Nov 2008 13:12:11 +0000 (13:12 -0000)]
removed superfluous get_other_public_value in diffie_hellman_t interface

11 years agofixed bignum export if BN_num_bytes() != DH_size()
Martin Willi [Tue, 4 Nov 2008 13:05:00 +0000 (13:05 -0000)]
fixed bignum export if BN_num_bytes() != DH_size()

11 years agofixed memleak
Martin Willi [Tue, 4 Nov 2008 13:01:36 +0000 (13:01 -0000)]
fixed memleak

11 years agoadded a delay option to delay initiations
Martin Willi [Tue, 4 Nov 2008 12:59:53 +0000 (12:59 -0000)]
added a delay option to delay initiations

11 years agocorrected a copy-and-paste error
Andreas Steffen [Mon, 3 Nov 2008 23:46:42 +0000 (23:46 -0000)]
corrected a copy-and-paste error

11 years agoupdated copyright of kernel interface code
Andreas Steffen [Mon, 3 Nov 2008 23:34:23 +0000 (23:34 -0000)]
updated copyright of kernel interface code

11 years agoadded support for xfrm remote kmaddress
Andreas Steffen [Mon, 3 Nov 2008 23:29:34 +0000 (23:29 -0000)]
added support for xfrm remote kmaddress

11 years agoadded locking mechanism for multithreaded use of OpenSSL
Martin Willi [Mon, 3 Nov 2008 16:14:12 +0000 (16:14 -0000)]
added locking mechanism for multithreaded use of OpenSSL

11 years agoadded fake_kernel option to make dummy kernel implementation optional
Martin Willi [Mon, 3 Nov 2008 15:11:01 +0000 (15:11 -0000)]
added fake_kernel option to make dummy kernel implementation optional

11 years agoremoved accidently checked in debug code
Martin Willi [Mon, 3 Nov 2008 12:40:42 +0000 (12:40 -0000)]
removed accidently checked in debug code

11 years agoload testing between different hosts
Martin Willi [Mon, 3 Nov 2008 10:02:39 +0000 (10:02 -0000)]
load testing between different hosts

11 years agolog loaded plugins at startup
Martin Willi [Mon, 3 Nov 2008 09:44:54 +0000 (09:44 -0000)]
log loaded plugins at startup

11 years agoreverted 4541, does not fix the problem
Martin Willi [Mon, 3 Nov 2008 09:44:20 +0000 (09:44 -0000)]
reverted 4541, does not fix the problem

11 years agomigrate job creates a new IKE_SA
Andreas Steffen [Mon, 3 Nov 2008 07:08:59 +0000 (07:08 -0000)]
migrate job creates a new IKE_SA

11 years agoreplace tab by spaces
Andreas Steffen [Mon, 3 Nov 2008 06:56:22 +0000 (06:56 -0000)]
replace tab by spaces

11 years agoremoved unused variables
Andreas Steffen [Mon, 3 Nov 2008 03:56:03 +0000 (03:56 -0000)]
removed unused variables

11 years agomigrate_job() finds a matching child_cfg
Andreas Steffen [Mon, 3 Nov 2008 02:05:41 +0000 (02:05 -0000)]
migrate_job() finds a matching child_cfg

11 years agocorrected parameter description
Andreas Steffen [Mon, 3 Nov 2008 00:24:38 +0000 (00:24 -0000)]
corrected parameter description

11 years agocorrected captions
Andreas Steffen [Sun, 2 Nov 2008 22:13:17 +0000 (22:13 -0000)]
corrected captions

11 years agofully implemented the parsing of XFRM and PF_KEY MIGRATE messages
Andreas Steffen [Sun, 2 Nov 2008 21:34:52 +0000 (21:34 -0000)]
fully implemented the parsing of XFRM and PF_KEY MIGRATE messages

11 years agoremoved 0-byte truncation, fixes random Openssl RSA signature verification failures
Martin Willi [Fri, 31 Oct 2008 17:07:04 +0000 (17:07 -0000)]
removed 0-byte truncation, fixes random Openssl RSA signature verification failures

11 years agofixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)
Martin Willi [Fri, 31 Oct 2008 17:05:40 +0000 (17:05 -0000)]
fixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)

11 years agoidentify attributes of XFRM ACQUIRE and MIGRATE messages
Andreas Steffen [Fri, 31 Oct 2008 06:18:48 +0000 (06:18 -0000)]
identify attributes of XFRM ACQUIRE and MIGRATE messages

11 years agosubscribing XFRM socket for MIGRATE messages
Andreas Steffen [Fri, 31 Oct 2008 02:50:01 +0000 (02:50 -0000)]
subscribing XFRM socket for MIGRATE messages

11 years agoadapted evaltest.dat to extended acquire job message
Andreas Steffen [Fri, 31 Oct 2008 01:46:37 +0000 (01:46 -0000)]
adapted evaltest.dat to extended acquire job message

11 years agoparse xfrm and pf_key acquire messages and subscribe to migrate messages
Andreas Steffen [Fri, 31 Oct 2008 01:43:23 +0000 (01:43 -0000)]
parse xfrm and pf_key acquire messages and subscribe to migrate messages

11 years agoreverted changeset 4529:
Martin Willi [Thu, 30 Oct 2008 13:21:21 +0000 (13:21 -0000)]
reverted changeset 4529:
Camellia is 22 in IKEv1, but not-yet defined in IKEv2
in IKEv2, 22 is reserved for AES-XTS

11 years agoadded hooks for IKE and CHILD keymat
Martin Willi [Thu, 30 Oct 2008 12:58:54 +0000 (12:58 -0000)]
added hooks for IKE and CHILD keymat

11 years agostore plain skd, not the prf
Martin Willi [Thu, 30 Oct 2008 09:18:52 +0000 (09:18 -0000)]
store plain skd, not the prf

11 years agoadded Camellia CBC to list of encryption algorithms
Andreas Steffen [Thu, 30 Oct 2008 03:31:36 +0000 (03:31 -0000)]
added Camellia CBC to list of encryption algorithms

11 years agocorrected parameter description
Andreas Steffen [Thu, 30 Oct 2008 00:35:37 +0000 (00:35 -0000)]
corrected parameter description

11 years agomoved CHILD_SA key derivation to keymat_t
Martin Willi [Wed, 29 Oct 2008 16:06:16 +0000 (16:06 -0000)]
moved CHILD_SA key derivation to keymat_t
passing key chunks to CHILD_SA, not the PRF

11 years agoprf handles zero-length allocations graceful
Martin Willi [Wed, 29 Oct 2008 14:12:54 +0000 (14:12 -0000)]
prf handles zero-length allocations graceful

11 years agodo not store DH redundant in keymat
Martin Willi [Wed, 29 Oct 2008 13:35:06 +0000 (13:35 -0000)]
do not store DH redundant in keymat

11 years agoreplaced not-maintained ChangeLog
Martin Willi [Wed, 29 Oct 2008 09:27:51 +0000 (09:27 -0000)]
replaced not-maintained ChangeLog

11 years agoupgrade to linux-2.6.28 headers with support for kmaddress struct
Andreas Steffen [Wed, 29 Oct 2008 05:32:38 +0000 (05:32 -0000)]
upgrade to linux-2.6.28 headers with support for kmaddress struct

11 years agomoved key derivation and management into keymat object
Martin Willi [Tue, 28 Oct 2008 16:07:06 +0000 (16:07 -0000)]
moved key derivation and management into keymat object
allows secured implementation of key management (e.g. in kernel or HW)
only IKE keys for now

11 years agostore IKE proposal implicitly during derive_keys
Martin Willi [Tue, 28 Oct 2008 10:12:21 +0000 (10:12 -0000)]
store IKE proposal implicitly during derive_keys

11 years agofixed reauthentication time in statusall
Martin Willi [Tue, 28 Oct 2008 09:41:33 +0000 (09:41 -0000)]
fixed reauthentication time in statusall

11 years agorefining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key
Andreas Steffen [Tue, 28 Oct 2008 01:59:01 +0000 (01:59 -0000)]
refining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key

11 years agouse more generic stats getter, introducing new stats
Martin Willi [Mon, 27 Oct 2008 14:51:00 +0000 (14:51 -0000)]
use more generic stats getter, introducing new stats

11 years agonew release of NM debs
Martin Willi [Mon, 27 Oct 2008 12:01:23 +0000 (12:01 -0000)]
new release of NM debs