strongswan.git
7 years agoAdded encapsulation mode transform attribute to IPComp proposal.
Tobias Brunner [Fri, 25 May 2012 07:24:49 +0000 (09:24 +0200)]
Added encapsulation mode transform attribute to IPComp proposal.

7 years agoupgraded ikev1/compress to 5.0.0
Andreas Steffen [Thu, 24 May 2012 15:36:27 +0000 (17:36 +0200)]
upgraded ikev1/compress to 5.0.0

7 years agoUpdated ipsec.conf(5) to reflect changes to IPComp support.
Tobias Brunner [Thu, 24 May 2012 13:31:15 +0000 (15:31 +0200)]
Updated ipsec.conf(5) to reflect changes to IPComp support.

7 years agoAdd an additional proposal without IPComp to SA payload.
Tobias Brunner [Thu, 24 May 2012 12:40:12 +0000 (14:40 +0200)]
Add an additional proposal without IPComp to SA payload.

7 years agoAdded log message if peer does not accept/provide IPComp proposal.
Tobias Brunner [Thu, 24 May 2012 12:36:57 +0000 (14:36 +0200)]
Added log message if peer does not accept/provide IPComp proposal.

7 years agoAdded support to negotiate IPComp during Quick Mode.
Tobias Brunner [Thu, 24 May 2012 12:00:44 +0000 (14:00 +0200)]
Added support to negotiate IPComp during Quick Mode.

7 years agoAdded support for IKEv1 IPComp proposals in SA payload.
Tobias Brunner [Thu, 24 May 2012 11:31:53 +0000 (13:31 +0200)]
Added support for IKEv1 IPComp proposals in SA payload.

7 years agoAdded support for IKEv1 IPComp proposals in proposal substructure.
Tobias Brunner [Wed, 23 May 2012 16:44:48 +0000 (18:44 +0200)]
Added support for IKEv1 IPComp proposals in proposal substructure.

7 years agoFix memleak during Quick Mode in case no SPI can be allocated from kernel.
Tobias Brunner [Wed, 23 May 2012 16:09:21 +0000 (18:09 +0200)]
Fix memleak during Quick Mode in case no SPI can be allocated from kernel.

7 years agoProperly filter IKEv1 proposals consisting of multiple proposal payloads.
Tobias Brunner [Wed, 23 May 2012 15:55:41 +0000 (17:55 +0200)]
Properly filter IKEv1 proposals consisting of multiple proposal payloads.

Since a proposal_t object is created for each transform contained in the
proposal payload, it does not work to simply remove the last proposal_t
object added to the list (there may be several other extracted from the
previous proposal payload).

7 years agoFixed check for loaded plugins with feature types that are not compared exactly.
Tobias Brunner [Thu, 24 May 2012 10:58:38 +0000 (12:58 +0200)]
Fixed check for loaded plugins with feature types that are not compared exactly.

Previously e.g. RNGs with weaker strength would have overwritten stronger
ones.

7 years agoget_match() method added to hashtable_t.
Tobias Brunner [Thu, 24 May 2012 10:54:38 +0000 (12:54 +0200)]
get_match() method added to hashtable_t.

7 years agoadded ikev1/xauth-rsa-eap-md5-radius scenario
Andreas Steffen [Thu, 24 May 2012 07:26:00 +0000 (09:26 +0200)]
added ikev1/xauth-rsa-eap-md5-radius scenario

7 years agoUse a hashtable to check for already loaded plugin features.
Tobias Brunner [Wed, 23 May 2012 15:41:11 +0000 (17:41 +0200)]
Use a hashtable to check for already loaded plugin features.

7 years agoHash function for plugin features added.
Tobias Brunner [Wed, 23 May 2012 15:37:53 +0000 (17:37 +0200)]
Hash function for plugin features added.

7 years agoload nonce plugin
Andreas Steffen [Wed, 23 May 2012 13:05:57 +0000 (15:05 +0200)]
load nonce plugin

7 years agoadded ikev1 pluto-charon interoperability scenarios
Andreas Steffen [Wed, 23 May 2012 12:47:41 +0000 (14:47 +0200)]
added ikev1 pluto-charon interoperability scenarios

7 years agoupgraded ikev1 scenarios to 5.0.0
Andreas Steffen [Wed, 23 May 2012 12:45:15 +0000 (14:45 +0200)]
upgraded ikev1 scenarios to 5.0.0

7 years agoApply IDir before deriving keys as aggressive initiator
Martin Willi [Wed, 23 May 2012 10:27:47 +0000 (12:27 +0200)]
Apply IDir before deriving keys as aggressive initiator

7 years agoUse received identity to look up PSK as aggressive responder
Martin Willi [Wed, 23 May 2012 10:18:45 +0000 (12:18 +0200)]
Use received identity to look up PSK as aggressive responder

7 years agoCheck if we actually have an initiating packet to free while processing responses
Martin Willi [Wed, 23 May 2012 09:50:12 +0000 (11:50 +0200)]
Check if we actually have an initiating packet to free while processing responses

7 years agolist IKEv1 Aggressive Mode in ipsec statusall
Andreas Steffen [Wed, 23 May 2012 09:12:27 +0000 (11:12 +0200)]
list IKEv1 Aggressive Mode in ipsec statusall

7 years agoSwitch to alternative peer config in IKEv1 Main and Aggressive Mode.
Tobias Brunner [Mon, 21 May 2012 10:07:17 +0000 (12:07 +0200)]
Switch to alternative peer config in IKEv1 Main and Aggressive Mode.

7 years agoCancel pending retransmits when flushing active task queue
Martin Willi [Mon, 21 May 2012 12:53:40 +0000 (14:53 +0200)]
Cancel pending retransmits when flushing active task queue

7 years agoCancel active quick mode task when receiving INFORMATIONAL error
Martin Willi [Mon, 21 May 2012 12:48:48 +0000 (14:48 +0200)]
Cancel active quick mode task when receiving INFORMATIONAL error

7 years agoFlush task queues explicitly, not implicitly if task returns ALREADY_DONE
Martin Willi [Mon, 21 May 2012 12:17:09 +0000 (14:17 +0200)]
Flush task queues explicitly, not implicitly if task returns ALREADY_DONE

7 years agoWrap task managers flush_queue() in IKE_SA
Martin Willi [Mon, 21 May 2012 12:05:01 +0000 (14:05 +0200)]
Wrap task managers flush_queue() in IKE_SA

7 years agoMake task managers flush_queue() method public
Martin Willi [Mon, 21 May 2012 12:02:35 +0000 (14:02 +0200)]
Make task managers flush_queue() method public

7 years agoDestroy Netlink socket only after deleting remaining source routes.
Tobias Brunner [Mon, 21 May 2012 11:19:57 +0000 (13:19 +0200)]
Destroy Netlink socket only after deleting remaining source routes.

7 years agoEnumerate correct list while removing nonce_gens, fix deregistration
Martin Willi [Mon, 21 May 2012 10:28:01 +0000 (12:28 +0200)]
Enumerate correct list while removing nonce_gens, fix deregistration

7 years agoAdded a convenience function to dump backtraces for gdb-less debugging
Martin Willi [Mon, 21 May 2012 10:18:49 +0000 (12:18 +0200)]
Added a convenience function to dump backtraces for gdb-less debugging

7 years agoFix IKEv1 DPD clear, destroying IKE_SA even if reestablish not needed
Martin Willi [Mon, 21 May 2012 10:17:32 +0000 (12:17 +0200)]
Fix IKEv1 DPD clear, destroying IKE_SA even if reestablish not needed

7 years agoProperly munmap/close file if loading IMC/IMV fails.
Tobias Brunner [Fri, 18 May 2012 10:26:03 +0000 (12:26 +0200)]
Properly munmap/close file if loading IMC/IMV fails.

7 years agoRemove executable flag from source files.
Tobias Brunner [Fri, 18 May 2012 07:52:52 +0000 (09:52 +0200)]
Remove executable flag from source files.

7 years agoUse separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, tasks etc.).
Tobias Brunner [Fri, 18 May 2012 07:52:15 +0000 (09:52 +0200)]
Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, tasks etc.).

7 years agoRemoved superfluous @param in bus.h.
Tobias Brunner [Fri, 18 May 2012 06:37:32 +0000 (08:37 +0200)]
Removed superfluous @param in bus.h.

7 years agowhitelist: Make sure listed IDs are null-terminated.
Tobias Brunner [Fri, 18 May 2012 07:27:24 +0000 (09:27 +0200)]
whitelist: Make sure listed IDs are null-terminated.

7 years agopkcs8: Initialize salt and IV properly.
Tobias Brunner [Fri, 18 May 2012 06:36:37 +0000 (08:36 +0200)]
pkcs8: Initialize salt and IV properly.

7 years agoList registered nonce generators in statusall output.
Tobias Brunner [Wed, 16 May 2012 16:26:36 +0000 (18:26 +0200)]
List registered nonce generators in statusall output.

7 years agoAdd enumerator for registered nonce generators.
Tobias Brunner [Wed, 16 May 2012 16:25:25 +0000 (18:25 +0200)]
Add enumerator for registered nonce generators.

7 years agoUse nonce_gen instead of rng to generate nonces
Adrian-Ken Rueegsegger [Wed, 2 May 2012 15:49:41 +0000 (17:49 +0200)]
Use nonce_gen instead of rng to generate nonces

Replace usage of rng plugin with nonce generator to create nonces in
IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.

7 years agoAdd create_nonce_gen function to keymat interface
Adrian-Ken Rueegsegger [Wed, 2 May 2012 15:49:35 +0000 (17:49 +0200)]
Add create_nonce_gen function to keymat interface

This function returns a nonce generator object.

7 years agoAdd nonce plugin implementation
Adrian-Ken Rueegsegger [Wed, 2 May 2012 15:49:32 +0000 (17:49 +0200)]
Add nonce plugin implementation

This nonce generator uses an RNG to generate nonces. The RNG quality is
currently set to RNG_WEAK which is the same value used in IKE init.

The plugin is enabled and thus built by default.

7 years agoAdd nonce generator interface
Adrian-Ken Rueegsegger [Wed, 2 May 2012 15:49:26 +0000 (17:49 +0200)]
Add nonce generator interface

Nonce generators (nonce_gen_t) can be used to get or allocate nonces.

Users can request nonce generators from the crypto factory while nonce
plugins register/remove themselves to/from the crypto factory.

7 years agomake IKEv1 DPD timeout configurable in charon
Andreas Steffen [Thu, 17 May 2012 17:49:22 +0000 (19:49 +0200)]
make IKEv1 DPD timeout configurable in charon

7 years agoMoved IKEv1 DPD processing to task manager, fix sequence issues
Martin Willi [Tue, 15 May 2012 14:10:47 +0000 (16:10 +0200)]
Moved IKEv1 DPD processing to task manager, fix sequence issues

7 years agoConsider inbound ESP as a sign of liveness for DPD timeout
Martin Willi [Tue, 15 May 2012 12:58:28 +0000 (14:58 +0200)]
Consider inbound ESP as a sign of liveness for DPD timeout

7 years agoSchedule a DPD timeout job that enforces the IKE message timeout policy
Martin Willi [Tue, 15 May 2012 12:44:30 +0000 (14:44 +0200)]
Schedule a DPD timeout job that enforces the IKE message timeout policy

7 years agoSend unanswered follow up R_U_THERE messages with the same DPD seq
Martin Willi [Tue, 15 May 2012 12:27:16 +0000 (14:27 +0200)]
Send unanswered follow up R_U_THERE messages with the same DPD seq

7 years agoDo not send IKEv1 DPD retransmit, but create a new INFORMATIONAL
Martin Willi [Tue, 15 May 2012 12:26:09 +0000 (14:26 +0200)]
Do not send IKEv1 DPD retransmit, but create a new INFORMATIONAL

7 years agoFree name of application using libcharon.
Tobias Brunner [Tue, 15 May 2012 09:37:07 +0000 (11:37 +0200)]
Free name of application using libcharon.

7 years agostarter: Initialize thread pool so kernel events are consumed.
Tobias Brunner [Tue, 15 May 2012 06:55:19 +0000 (08:55 +0200)]
starter: Initialize thread pool so kernel events are consumed.

7 years agoExplicitly cast from strict_t to crl_policy_t
Martin Willi [Mon, 14 May 2012 12:11:54 +0000 (14:11 +0200)]
Explicitly cast from strict_t to crl_policy_t

7 years agoUse correct integrity_algorithm_t enum type in bench_signer()
Martin Willi [Mon, 14 May 2012 12:11:22 +0000 (14:11 +0200)]
Use correct integrity_algorithm_t enum type in bench_signer()

7 years agoMake function pointer defined with METHOD() macro non-const
Martin Willi [Mon, 14 May 2012 12:10:00 +0000 (14:10 +0200)]
Make function pointer defined with METHOD() macro non-const

clang complains about it being const, and the object code
generated from gcc is the same.

7 years agoRemove unused return value of INIT(), making clang happy
Martin Willi [Mon, 14 May 2012 12:07:00 +0000 (14:07 +0200)]
Remove unused return value of INIT(), making clang happy

7 years agoRegister load-tester faked kernel interface before other kernel interfaces
Martin Willi [Mon, 14 May 2012 11:21:09 +0000 (13:21 +0200)]
Register load-tester faked kernel interface before other kernel interfaces

7 years agoLoad tester can enforce a local IP to use
Martin Willi [Mon, 14 May 2012 08:03:05 +0000 (10:03 +0200)]
Load tester can enforce a local IP to use

7 years agoAdd plugin features support to load-tester plugin
Martin Willi [Mon, 14 May 2012 07:52:53 +0000 (09:52 +0200)]
Add plugin features support to load-tester plugin

7 years agocheck for ESP in UDP encapsulation
Andreas Steffen [Sat, 12 May 2012 10:15:58 +0000 (12:15 +0200)]
check for ESP in UDP encapsulation

7 years agoupgraded ikev2 scenarios to 5.0.0
Andreas Steffen [Fri, 11 May 2012 09:00:32 +0000 (11:00 +0200)]
upgraded ikev2 scenarios to 5.0.0

7 years agosuppress leak detective output
Andreas Steffen [Fri, 11 May 2012 03:48:11 +0000 (05:48 +0200)]
suppress leak detective output

7 years agoFix route reinstallation if preferred source IP is not on outgoing interface.
Tobias Brunner [Mon, 7 May 2012 09:24:07 +0000 (11:24 +0200)]
Fix route reinstallation if preferred source IP is not on outgoing interface.

7 years agoFixed #include in tnc-ifmap plugin.
Tobias Brunner [Mon, 7 May 2012 09:22:51 +0000 (11:22 +0200)]
Fixed #include in tnc-ifmap plugin.

7 years agoupgraded ha scenario for 5.0.0
Andreas Steffen [Sun, 6 May 2012 13:03:26 +0000 (15:03 +0200)]
upgraded ha scenario for 5.0.0

7 years agoadded gcrypt-ikev1 pluto interoperability tests
Andreas Steffen [Sun, 6 May 2012 07:51:19 +0000 (09:51 +0200)]
added gcrypt-ikev1 pluto interoperability tests

7 years agoupgraded gcrypt-ikev1 scenarios to 5.0.0
Andreas Steffen [Sun, 6 May 2012 07:25:31 +0000 (09:25 +0200)]
upgraded gcrypt-ikev1 scenarios to 5.0.0

7 years agoupgraded gcrypt-ikev2 scenarios to 5.0.0
Andreas Steffen [Sun, 6 May 2012 07:23:09 +0000 (09:23 +0200)]
upgraded gcrypt-ikev2 scenarios to 5.0.0

7 years agoallow private algorithms
Andreas Steffen [Sat, 5 May 2012 21:25:51 +0000 (23:25 +0200)]
allow private algorithms

7 years agofixed mapping of IKEv1 algorithms
Andreas Steffen [Sat, 5 May 2012 21:25:34 +0000 (23:25 +0200)]
fixed mapping of IKEv1 algorithms

7 years agovendor ID cosmetics
Andreas Steffen [Sat, 5 May 2012 16:13:05 +0000 (18:13 +0200)]
vendor ID cosmetics

7 years agoinserted space
Andreas Steffen [Sat, 5 May 2012 13:51:24 +0000 (15:51 +0200)]
inserted space

7 years agoupgraded pfkey scenarios to 5.0.0
Andreas Steffen [Sat, 5 May 2012 09:55:48 +0000 (11:55 +0200)]
upgraded pfkey scenarios to 5.0.0

7 years agomissing references to daemon.h
Andreas Steffen [Sat, 5 May 2012 09:36:38 +0000 (11:36 +0200)]
missing references to daemon.h

7 years agoremoved leftover ipsec.conf parameters
Andreas Steffen [Sat, 5 May 2012 07:20:42 +0000 (09:20 +0200)]
removed leftover ipsec.conf parameters

7 years agoupgraded sql scenarios to 5.0.0
Andreas Steffen [Sat, 5 May 2012 07:16:15 +0000 (09:16 +0200)]
upgraded sql scenarios to 5.0.0

7 years agofixed feature dependencies for CERT_TRUSTED_PUBKEY
Andreas Steffen [Sat, 5 May 2012 06:54:36 +0000 (08:54 +0200)]
fixed feature dependencies for CERT_TRUSTED_PUBKEY

7 years agoupgrade p2pnat scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 12:56:09 +0000 (14:56 +0200)]
upgrade p2pnat scenarios to 5.0.0

7 years agoupdated af-alg scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:15:30 +0000 (12:15 +0200)]
updated af-alg scenarios to 5.0.0

7 years agoadded openssl-ikev1 pluto interoperability tests
Andreas Steffen [Fri, 4 May 2012 10:12:39 +0000 (12:12 +0200)]
added openssl-ikev1 pluto interoperability tests

7 years agodeleted unneeded openssl-ikev1 files
Andreas Steffen [Fri, 4 May 2012 10:11:57 +0000 (12:11 +0200)]
deleted unneeded openssl-ikev1 files

7 years agoupgraded openssl-ikev1 scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:06:45 +0000 (12:06 +0200)]
upgraded openssl-ikev1 scenarios to 5.0.0

7 years agoupgraded openssl-ikev2 scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:03:05 +0000 (12:03 +0200)]
upgraded openssl-ikev2 scenarios to 5.0.0

7 years agoupgraded tnc scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 09:57:31 +0000 (11:57 +0200)]
upgraded tnc scenarios to 5.0.0

7 years agocharon is now an IKE daemon
Andreas Steffen [Thu, 3 May 2012 18:48:01 +0000 (20:48 +0200)]
charon is now an IKE daemon

7 years agoIt seems charon-nm has to be linked against libnm-util.
Tobias Brunner [Thu, 3 May 2012 13:16:08 +0000 (15:16 +0200)]
It seems charon-nm has to be linked against libnm-util.

That's at least the case for NetworkManager 0.9.4 in Ubuntu 12.04.

7 years agoUse proper getter for settings in sender and receiver.
Tobias Brunner [Tue, 24 Apr 2012 13:06:31 +0000 (15:06 +0200)]
Use proper getter for settings in sender and receiver.

7 years agoUse name from initialization to access settings in libcharon.
Tobias Brunner [Tue, 24 Apr 2012 12:10:06 +0000 (14:10 +0200)]
Use name from initialization to access settings in libcharon.

Also fixes several whitespace errors.

7 years agoStore the name of the binary using libcharon to enable specific settings.
Tobias Brunner [Tue, 24 Apr 2012 09:07:56 +0000 (11:07 +0200)]
Store the name of the binary using libcharon to enable specific settings.

7 years agoChanged default path to charon for NM frontend.
Tobias Brunner [Thu, 19 Apr 2012 15:23:48 +0000 (17:23 +0200)]
Changed default path to charon for NM frontend.

7 years agoIntegrate nm plugin directly in charon-nm.
Tobias Brunner [Thu, 19 Apr 2012 14:40:21 +0000 (16:40 +0200)]
Integrate nm plugin directly in charon-nm.

7 years agoAdded a small libcharon wrapper intended to directly host the nm plugin.
Tobias Brunner [Thu, 19 Apr 2012 14:35:44 +0000 (16:35 +0200)]
Added a small libcharon wrapper intended to directly host the nm plugin.

For this reason it reclaims the --enable-nm configure option.

7 years agoProvide plugin list from charon, not internally in libcharon.
Tobias Brunner [Thu, 19 Apr 2012 11:32:51 +0000 (13:32 +0200)]
Provide plugin list from charon, not internally in libcharon.

7 years agodisplay (soft) same as (not loaded)
Andreas Steffen [Thu, 3 May 2012 09:54:56 +0000 (11:54 +0200)]
display (soft) same as (not loaded)

7 years agocharon is now an IKE daemon
Andreas Steffen [Thu, 3 May 2012 09:49:30 +0000 (11:49 +0200)]
charon is now an IKE daemon

7 years agoIf we load new features from a plugin, restart loading from first plugin
Martin Willi [Thu, 3 May 2012 09:08:09 +0000 (11:08 +0200)]
If we load new features from a plugin, restart loading from first plugin

7 years agostroke plugin sdepends on building CERT_ANY certificates
Martin Willi [Thu, 3 May 2012 09:07:21 +0000 (11:07 +0200)]
stroke plugin sdepends on building CERT_ANY certificates

7 years agoBuilding CERT_ANY through PEM requires either a CERT_X509 or a CERT_PGP builder
Martin Willi [Thu, 3 May 2012 07:39:35 +0000 (09:39 +0200)]
Building CERT_ANY through PEM requires either a CERT_X509 or a CERT_PGP builder

7 years agoUpdated Android.mk for 5.0 (no IKEv1 support yet).
Tobias Brunner [Thu, 3 May 2012 07:37:35 +0000 (09:37 +0200)]
Updated Android.mk for 5.0 (no IKEv1 support yet).

7 years agoupdated tnc-pdp plugin for 5.0.0
Andreas Steffen [Wed, 2 May 2012 20:53:45 +0000 (22:53 +0200)]
updated tnc-pdp plugin for 5.0.0