strongswan.git
11 years agoDon't query the policy usetime if there was no traffic on the SA.
Tobias Brunner [Thu, 6 Aug 2009 13:14:54 +0000 (15:14 +0200)]
Don't query the policy usetime if there was no traffic on the SA.

This helps in cases where a policy is assigned to more than one SA. That
is, SAs now should have different usetimes even if they use the same policy.

11 years agoReverted the interface changes introduced in 3f720dc7.
Tobias Brunner [Thu, 6 Aug 2009 11:30:16 +0000 (13:30 +0200)]
Reverted the interface changes introduced in 3f720dc7.

11 years agoadded support for ipsec.secrets "include" directive
Martin Willi [Thu, 6 Aug 2009 09:29:55 +0000 (11:29 +0200)]
added support for ipsec.secrets "include" directive

11 years agoReversed the check for udp.h, fixes compilation on Linux.
Tobias Brunner [Thu, 6 Aug 2009 08:01:59 +0000 (10:01 +0200)]
Reversed the check for udp.h, fixes compilation on Linux.

11 years agoactivated CAMELLIA_CBC cipher in openssl plugin
Andreas Steffen [Wed, 5 Aug 2009 20:46:53 +0000 (22:46 +0200)]
activated CAMELLIA_CBC cipher in openssl plugin

11 years agosupport of SHA224-based certificate signatures
Andreas Steffen [Wed, 5 Aug 2009 20:01:13 +0000 (22:01 +0200)]
support of SHA224-based certificate signatures

11 years agoEnabling UDP encapsulation via setsockopt fails on Mac OS X (it is also not required...
Tobias Brunner [Wed, 5 Aug 2009 10:31:10 +0000 (12:31 +0200)]
Enabling UDP encapsulation via setsockopt fails on Mac OS X (it is also not required as this is done using sysctl).

11 years agooutput number of transmitted bytes in closing CHILD_SA statement
Andreas Steffen [Tue, 4 Aug 2009 21:08:42 +0000 (23:08 +0200)]
output number of transmitted bytes in closing CHILD_SA statement

11 years agoFreeBSD only reports a policy's usetime if a lifetime has been specified when the...
Tobias Brunner [Tue, 4 Aug 2009 09:03:39 +0000 (11:03 +0200)]
FreeBSD only reports a policy's usetime if a lifetime has been specified when the policy was added (we only specify a lifetime on the SA, not on the policy).

11 years agoFreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to...
Tobias Brunner [Fri, 31 Jul 2009 16:10:39 +0000 (18:10 +0200)]
FreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to zero, we accept that for now.

11 years agoMissing check for udp.h added.
Tobias Brunner [Fri, 31 Jul 2009 15:02:53 +0000 (17:02 +0200)]
Missing check for udp.h added.

11 years agoparse RDNs in multiple SEQUENCEs in all SETs of a DN
Martin Willi [Mon, 3 Aug 2009 13:24:48 +0000 (15:24 +0200)]
parse RDNs in multiple SEQUENCEs in all SETs of a DN

11 years agocompare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA
Martin Willi [Mon, 3 Aug 2009 12:37:24 +0000 (14:37 +0200)]
compare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA

11 years agofixed dereferencing bug caused by bool type redefinition
Andreas Steffen [Sun, 2 Aug 2009 14:58:32 +0000 (16:58 +0200)]
fixed dereferencing bug caused by bool type redefinition

11 years agoimplemented query_sa() for PFKEYv2
Andreas Steffen [Sun, 2 Aug 2009 09:46:33 +0000 (11:46 +0200)]
implemented query_sa() for PFKEYv2

11 years agocorrected interface definition
Andreas Steffen [Fri, 31 Jul 2009 06:57:55 +0000 (08:57 +0200)]
corrected interface definition

11 years agoupdate usetime only if usebytes increase
Andreas Steffen [Thu, 30 Jul 2009 21:19:42 +0000 (23:19 +0200)]
update usetime only if usebytes increase

11 years agodisplay transmitted bytes per SA
Andreas Steffen [Thu, 30 Jul 2009 19:33:19 +0000 (21:33 +0200)]
display transmitted bytes per SA

11 years agoHandling of unsupported policy directions (FWD) fixed.
Tobias Brunner [Thu, 30 Jul 2009 12:04:17 +0000 (14:04 +0200)]
Handling of unsupported policy directions (FWD) fixed.

11 years agoEnabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.
Tobias Brunner [Thu, 30 Jul 2009 11:52:08 +0000 (13:52 +0200)]
Enabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.

11 years agoConfigure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP...
Tobias Brunner [Wed, 29 Jul 2009 09:34:47 +0000 (11:34 +0200)]
Configure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP encapsulated ESP packets in the kernel.

11 years agoMake accept(2) and recvfrom(2) cancellation points on Mac OS X.
Tobias Brunner [Fri, 24 Jul 2009 08:58:27 +0000 (10:58 +0200)]
Make accept(2) and recvfrom(2) cancellation points on Mac OS X.

11 years agofixe KW_END_FIRST..KW_END_LAST keyword range
Andreas Steffen [Tue, 28 Jul 2009 13:44:24 +0000 (15:44 +0200)]
fixe KW_END_FIRST..KW_END_LAST keyword range

11 years agoimproved DPD error message
Andreas Steffen [Wed, 22 Jul 2009 20:30:21 +0000 (22:30 +0200)]
improved DPD error message

11 years agoadded file and segment lengths to checksum.c
Andreas Steffen [Tue, 21 Jul 2009 20:23:51 +0000 (22:23 +0200)]
added file and segment lengths to checksum.c

11 years agoversion bump to 4.3.4
Andreas Steffen [Tue, 21 Jul 2009 20:21:52 +0000 (22:21 +0200)]
version bump to 4.3.4

11 years agoversion bump of Linux UML kernel to 2.6.30.2 4.3.3
Andreas Steffen [Tue, 21 Jul 2009 13:51:04 +0000 (15:51 +0200)]
version bump of Linux UML kernel to 2.6.30.2

11 years agofilter objects for segment checksumming by dlpi_name, excludes rare false positives
Martin Willi [Tue, 21 Jul 2009 13:10:24 +0000 (15:10 +0200)]
filter objects for segment checksumming by dlpi_name, excludes rare false positives

11 years agoenumerate executable sections only to build checksum
Martin Willi [Tue, 21 Jul 2009 13:00:18 +0000 (15:00 +0200)]
enumerate executable sections only to build checksum

11 years agoannounce integrity testing only once
Martin Willi [Tue, 21 Jul 2009 12:58:14 +0000 (14:58 +0200)]
announce integrity testing only once

11 years agoFixed GID lookup in cases where the configured group is a prefix of another group.
Tobias Brunner [Mon, 20 Jul 2009 19:20:03 +0000 (21:20 +0200)]
Fixed GID lookup in cases where the configured group is a prefix of another group.

11 years agoFixed installation of config files in out-of-tree builds.
Tobias Brunner [Mon, 20 Jul 2009 19:13:45 +0000 (21:13 +0200)]
Fixed installation of config files in out-of-tree builds.

11 years agoUse the numerical UID/GID to install the config files and create the ipsec.d directories.
Tobias Brunner [Mon, 20 Jul 2009 19:03:05 +0000 (21:03 +0200)]
Use the numerical UID/GID to install the config files and create the ipsec.d directories.

11 years agoTranslate the configured user and group to a numerical UID and GID.
Tobias Brunner [Mon, 20 Jul 2009 19:01:13 +0000 (21:01 +0200)]
Translate the configured user and group to a numerical UID and GID.

11 years agostreamlined integrity test output some more
Andreas Steffen [Sat, 18 Jul 2009 09:23:27 +0000 (11:23 +0200)]
streamlined integrity test output some more

11 years agoadvertise activated integrity tests
Andreas Steffen [Fri, 17 Jul 2009 22:37:35 +0000 (00:37 +0200)]
advertise activated integrity tests

11 years agoadded latest NEWS
Andreas Steffen [Fri, 17 Jul 2009 20:54:23 +0000 (22:54 +0200)]
added latest NEWS

11 years agoadded ikev1/net2net-pgp-v4 scenario
Andreas Steffen [Fri, 17 Jul 2009 20:36:12 +0000 (22:36 +0200)]
added ikev1/net2net-pgp-v4 scenario

11 years agoadapted scenario description for OpenPGP V3 keys
Andreas Steffen [Fri, 17 Jul 2009 20:33:22 +0000 (22:33 +0200)]
adapted scenario description for OpenPGP V3 keys

11 years agoenable crypt debugging in ikev1/esp-alg-camellia scenario
Andreas Steffen [Fri, 17 Jul 2009 19:27:54 +0000 (21:27 +0200)]
enable crypt debugging in ikev1/esp-alg-camellia scenario

11 years agoadded strongswan-2.8.11 and strongswan-4.2.17 VIDs
Andreas Steffen [Fri, 17 Jul 2009 19:19:32 +0000 (21:19 +0200)]
added strongswan-2.8.11 and strongswan-4.2.17 VIDs

11 years agoenable integrity test in all rw-cert scenarios
Andreas Steffen [Fri, 17 Jul 2009 18:52:14 +0000 (20:52 +0200)]
enable integrity test in all rw-cert scenarios

11 years agofix test vector error output
Andreas Steffen [Fri, 17 Jul 2009 18:36:21 +0000 (20:36 +0200)]
fix test vector error output

11 years agostop strongswan if integrity check of libstrongswan or daemon fails
Andreas Steffen [Fri, 17 Jul 2009 18:33:19 +0000 (20:33 +0200)]
stop strongswan if integrity check of libstrongswan or daemon fails

11 years agostreamlined debug output of integrity tests
Andreas Steffen [Fri, 17 Jul 2009 15:00:17 +0000 (17:00 +0200)]
streamlined debug output of integrity tests

11 years agoenforce strongSwan coding rules
Andreas Steffen [Fri, 17 Jul 2009 14:57:07 +0000 (16:57 +0200)]
enforce strongSwan coding rules

11 years agoshortened cypto test output
Andreas Steffen [Fri, 17 Jul 2009 14:36:01 +0000 (16:36 +0200)]
shortened cypto test output

11 years agoaccelerate lookup in non-concatenated pools
Andreas Steffen [Fri, 17 Jul 2009 11:58:29 +0000 (13:58 +0200)]
accelerate lookup in non-concatenated pools

11 years agoadded scenario ikev2/ip-split-pools-db
Andreas Steffen [Fri, 17 Jul 2009 11:38:57 +0000 (13:38 +0200)]
added scenario ikev2/ip-split-pools-db

11 years agoadded sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios
Andreas Steffen [Fri, 17 Jul 2009 09:50:59 +0000 (11:50 +0200)]
added sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios

11 years agocheck for an existing lease over all assigned pools first
Andreas Steffen [Fri, 17 Jul 2009 09:48:35 +0000 (11:48 +0200)]
check for an existing lease over all assigned pools first

11 years agofixed problem with static leases over multiple pools
Andreas Steffen [Thu, 16 Jul 2009 19:53:46 +0000 (21:53 +0200)]
fixed problem with static leases over multiple pools

11 years agoFixing distribution build (checksum.c is created on the user's system).
Tobias Brunner [Thu, 16 Jul 2009 14:50:55 +0000 (16:50 +0200)]
Fixing distribution build (checksum.c is created on the user's system).

11 years agofixed memleak in SQL config lookup
Martin Willi [Thu, 16 Jul 2009 13:59:56 +0000 (15:59 +0200)]
fixed memleak in SQL config lookup

11 years agoCheck for gperf version added to configure script.
Tobias Brunner [Thu, 16 Jul 2009 12:59:30 +0000 (14:59 +0200)]
Check for gperf version added to configure script.

11 years agoraise an alert() if the RADIUS server is not responding
Martin Willi [Wed, 15 Jul 2009 14:13:51 +0000 (16:13 +0200)]
raise an alert() if the RADIUS server is not responding

11 years agoadded an alert() bus hook to raise critical system errors and notifications
Martin Willi [Wed, 15 Jul 2009 14:12:02 +0000 (16:12 +0200)]
added an alert() bus hook to raise critical system errors and notifications

11 years agoTypo fixed.
Tobias Brunner [Thu, 16 Jul 2009 08:59:20 +0000 (10:59 +0200)]
Typo fixed.

11 years agoAdded an option to the configure script to disable building the scripts.
Tobias Brunner [Thu, 16 Jul 2009 08:52:14 +0000 (10:52 +0200)]
Added an option to the configure script to disable building the scripts.

11 years agoRevert "gperf under FreeBSD does not know the -m option."
Tobias Brunner [Thu, 16 Jul 2009 08:09:23 +0000 (10:09 +0200)]
Revert "gperf under FreeBSD does not know the -m option."

This reverts commit 0ead254919c66a1b6a9e39b175f0b92f2a076c12.

11 years agoRemoved an unnecessary include of a header that is not available on Mac OS X.
Tobias Brunner [Wed, 15 Jul 2009 20:39:40 +0000 (22:39 +0200)]
Removed an unnecessary include of a header that is not available on Mac OS X.

11 years agoconversion from ECDSA_WITH_SHAxxx OIDs to signature schemes
Andreas Steffen [Wed, 15 Jul 2009 16:12:40 +0000 (18:12 +0200)]
conversion from ECDSA_WITH_SHAxxx OIDs to signature schemes

11 years agomoved the CFLAGS mangling AC_LIB_PREFIX macro behind CFLAG test
Martin Willi [Wed, 15 Jul 2009 14:04:37 +0000 (16:04 +0200)]
moved the CFLAGS mangling AC_LIB_PREFIX macro behind CFLAG test

11 years agoupdated debian package
Martin Willi [Wed, 15 Jul 2009 12:09:49 +0000 (14:09 +0200)]
updated debian package

11 years agoupdated Standards-Version to 3.8.2
Martin Willi [Wed, 15 Jul 2009 12:01:47 +0000 (14:01 +0200)]
updated Standards-Version to 3.8.2

11 years agoadded ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning
Martin Willi [Wed, 15 Jul 2009 12:00:42 +0000 (14:00 +0200)]
added ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning

11 years agoadded copyright information, fixes copyright-without-copyright-notice lintian warning
Martin Willi [Wed, 15 Jul 2009 11:59:25 +0000 (13:59 +0200)]
added copyright information, fixes copyright-without-copyright-notice lintian warning

11 years agocast pointers to uintptr_t for alignement check
Martin Willi [Wed, 15 Jul 2009 08:07:15 +0000 (10:07 +0200)]
cast pointers to uintptr_t for alignement check

11 years agogperf under FreeBSD does not know the -m option.
Tobias Brunner [Tue, 14 Jul 2009 10:03:12 +0000 (12:03 +0200)]
gperf under FreeBSD does not know the -m option.

We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.

11 years agoCorrected check for valid ASN1 types in rdn_enumerate.
Tobias Brunner [Tue, 14 Jul 2009 09:55:09 +0000 (11:55 +0200)]
Corrected check for valid ASN1 types in rdn_enumerate.

Because of the range of u_char the comparison was always TRUE before.

11 years agoAdded --with-lib-prefix option to the configure script.
Tobias Brunner [Tue, 14 Jul 2009 09:50:24 +0000 (11:50 +0200)]
Added --with-lib-prefix option to the configure script.

This option enables users to add additional search paths for include
files and libraries.

11 years agoadded SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs
Andreas Steffen [Tue, 14 Jul 2009 03:35:01 +0000 (05:35 +0200)]
added SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs

11 years agodouble free caused strange side effects
Andreas Steffen [Mon, 13 Jul 2009 18:28:36 +0000 (20:28 +0200)]
double free caused strange side effects

11 years agoreport installation failure of inbound and/or outbound IPsec SA, separately
Andreas Steffen [Mon, 13 Jul 2009 13:13:12 +0000 (15:13 +0200)]
report installation failure of inbound and/or outbound IPsec SA, separately

11 years agogreat, I got my comma back
Andreas Steffen [Sun, 12 Jul 2009 19:08:37 +0000 (21:08 +0200)]
great, I got my comma back

11 years agoecp_x_coordinate_only option and IKEv1 AEAD support
Andreas Steffen [Sat, 11 Jul 2009 18:04:38 +0000 (20:04 +0200)]
ecp_x_coordinate_only option and IKEv1 AEAD support

11 years agoaddes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios
Andreas Steffen [Sat, 11 Jul 2009 16:44:50 +0000 (18:44 +0200)]
addes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios

11 years agopluto supports AES_CCM and AES_GCM ESP algorithms
Andreas Steffen [Sat, 11 Jul 2009 16:43:09 +0000 (18:43 +0200)]
pluto supports AES_CCM and AES_GCM ESP algorithms

11 years agoput variable definitions up front
Andreas Steffen [Fri, 10 Jul 2009 20:58:47 +0000 (22:58 +0200)]
put variable definitions up front

11 years agocosmetics
Andreas Steffen [Fri, 10 Jul 2009 20:18:26 +0000 (22:18 +0200)]
cosmetics

11 years agoadded listener.h to charon_SOURCES
Andreas Steffen [Fri, 10 Jul 2009 19:43:21 +0000 (21:43 +0200)]
added listener.h to charon_SOURCES

11 years agouse the configured NM connection id as configuration/IKE_SA name
Martin Willi [Fri, 10 Jul 2009 09:01:44 +0000 (11:01 +0200)]
use the configured NM connection id as configuration/IKE_SA name

11 years agofixed state check if establishing the CHILD_SA fails
Martin Willi [Fri, 10 Jul 2009 07:40:02 +0000 (09:40 +0200)]
fixed state check if establishing the CHILD_SA fails

11 years agouse the new updown()/rekey() hooks to track the state of NetworkManager connections
Martin Willi [Fri, 10 Jul 2009 07:37:27 +0000 (09:37 +0200)]
use the new updown()/rekey() hooks to track the state of NetworkManager connections

11 years agoupdate libfreeswan/pfkeyv2.h
Andreas Steffen [Fri, 10 Jul 2009 05:15:08 +0000 (07:15 +0200)]
update libfreeswan/pfkeyv2.h

11 years agoadded AES_CTR, AES_CCM, and AES_GCM strings
Andreas Steffen [Fri, 10 Jul 2009 04:53:54 +0000 (06:53 +0200)]
added AES_CTR, AES_CCM, and AES_GCM strings

11 years agoimplemented ike_down() bus hook
Martin Willi [Thu, 9 Jul 2009 12:44:08 +0000 (14:44 +0200)]
implemented ike_down() bus hook

11 years agoimplemented ike_up() bus hook
Martin Willi [Thu, 9 Jul 2009 11:44:06 +0000 (13:44 +0200)]
implemented ike_up() bus hook

11 years agoimplemented child_down() bus hook
Martin Willi [Thu, 9 Jul 2009 11:35:33 +0000 (13:35 +0200)]
implemented child_down() bus hook

11 years agoimplemented child_up() bus hook
Martin Willi [Thu, 9 Jul 2009 11:11:46 +0000 (13:11 +0200)]
implemented child_up() bus hook

11 years agoimplemented ike_rekey()/child_rekey() bus hooks
Martin Willi [Wed, 8 Jul 2009 12:33:24 +0000 (14:33 +0200)]
implemented ike_rekey()/child_rekey() bus hooks

11 years agoadded new listener callbacks to track SAs
Martin Willi [Wed, 8 Jul 2009 12:08:31 +0000 (14:08 +0200)]
added new listener callbacks to track SAs

11 years agomoved listener_t interface definition to a separate file
Martin Willi [Wed, 8 Jul 2009 07:00:02 +0000 (09:00 +0200)]
moved listener_t interface definition to a separate file

11 years agoenforced strongSwan coding rules
Andreas Steffen [Thu, 9 Jul 2009 13:02:51 +0000 (15:02 +0200)]
enforced strongSwan coding rules

11 years agoadded a RADIUS id_prefix option to prefix the IMSI
Martin Willi [Tue, 7 Jul 2009 13:47:09 +0000 (15:47 +0200)]
added a RADIUS id_prefix option to prefix the IMSI

11 years agoupdated ikev2bis draft from 03 to 04
Martin Willi [Thu, 9 Jul 2009 09:17:43 +0000 (11:17 +0200)]
updated ikev2bis draft from 03 to 04

11 years agomemxor does not access unaligned words anymore, but still uses words if possible
Martin Willi [Wed, 8 Jul 2009 15:19:49 +0000 (17:19 +0200)]
memxor does not access unaligned words anymore, but still uses words if possible

11 years agofixed doxygen section pgp
Martin Willi [Wed, 8 Jul 2009 08:29:12 +0000 (10:29 +0200)]
fixed doxygen section pgp

11 years agofixed two doxygen warnings
Martin Willi [Wed, 8 Jul 2009 08:28:54 +0000 (10:28 +0200)]
fixed two doxygen warnings

11 years agoupdated HACKING info
Martin Willi [Tue, 7 Jul 2009 15:26:16 +0000 (17:26 +0200)]
updated HACKING info