strongswan.git
5 years agoscripts: Ignore settings-test script
Tobias Brunner [Tue, 20 May 2014 16:56:43 +0000 (18:56 +0200)]
scripts: Ignore settings-test script

5 years agopeer-cfg: Add missing UNIQUE_NEVER to unique_policy_names
Martin Willi [Mon, 19 May 2014 16:04:41 +0000 (18:04 +0200)]
peer-cfg: Add missing UNIQUE_NEVER to unique_policy_names

5 years agounit-tests: Sync threads with main thread in test_cleanup_cancel()
Tobias Brunner [Mon, 19 May 2014 14:06:52 +0000 (16:06 +0200)]
unit-tests: Sync threads with main thread in test_cleanup_cancel()

Without synchronization threads could get canceled before they could
disable their cancelability.

5 years agopfkey: Always include stdint.h
Tobias Brunner [Mon, 19 May 2014 12:53:24 +0000 (14:53 +0200)]
pfkey: Always include stdint.h

On some systems (e.g. on Debian/kFreeBSD) that header is required when
including ipsec.h, on Linux we require it too when including pfkeyv2.h,
so to simplify things we just always include it.

5 years agoMerge branch 'fetcher-response-code'
Tobias Brunner [Mon, 19 May 2014 12:31:22 +0000 (14:31 +0200)]
Merge branch 'fetcher-response-code'

Extends the fetcher API to retrieve the response status code for a request.

5 years agosoup: Add support to retrieve the response code
Tobias Brunner [Fri, 9 May 2014 17:02:28 +0000 (19:02 +0200)]
soup: Add support to retrieve the response code

5 years agounit-tests: Allow some HTTP write operations to fail
Tobias Brunner [Fri, 9 May 2014 16:44:17 +0000 (18:44 +0200)]
unit-tests: Allow some HTTP write operations to fail

Because CURLOPT_FAILONERROR is enabled in the curl plugin an error code
will often (not always) cause the client to close the TCP connection
before the server has written the complete response.

5 years agocurl: Add support to return the response code
Tobias Brunner [Fri, 9 May 2014 16:35:20 +0000 (18:35 +0200)]
curl: Add support to return the response code

5 years agounit-tests: Add a test case for HTTP response codes
Tobias Brunner [Fri, 9 May 2014 16:34:25 +0000 (18:34 +0200)]
unit-tests: Add a test case for HTTP response codes

5 years agofetcher: Add option to retrieve response code from a fetcher
Tobias Brunner [Wed, 7 May 2014 14:59:07 +0000 (16:59 +0200)]
fetcher: Add option to retrieve response code from a fetcher

5 years agounit-tests: Defer failures by worker threads
Tobias Brunner [Fri, 9 May 2014 15:42:37 +0000 (17:42 +0200)]
unit-tests: Defer failures by worker threads

In some cases the main thread is not ready to immediately call siglongjmp(),
e.g. if it currently holds a mutex that is later required during
shutdown.

Therefore, we delay handling errors in worker threads until the main
thread performs the next check itself (or the test function ends).

The same issue remains with SIGALRM.

5 years agounit-tests: Make sure plugins in the builddir are loaded
Tobias Brunner [Fri, 9 May 2014 11:28:06 +0000 (13:28 +0200)]
unit-tests: Make sure plugins in the builddir are loaded

When running the tests in GDB the working directory apparently is
different.  With the relative path used previously the plugins would not
be found and those installed on the system would get used.

5 years agounit-tests: Don't assert failures for unreadable settings files as root
Tobias Brunner [Fri, 16 May 2014 15:43:42 +0000 (17:43 +0200)]
unit-tests: Don't assert failures for unreadable settings files as root

The file can still be read by root even if nobody has read privileges.

5 years agoMerge branch 'aead-proposal'
Martin Willi [Fri, 16 May 2014 14:54:04 +0000 (16:54 +0200)]
Merge branch 'aead-proposal'

Encode default AEAD encryption algorithms to a proposal separate from non-AEAD
algorithms. RFC 4306 and 5282 where less explicit, but RFC 5996 requires
separate proposals for AEAD and non-AEAD algorithms. As responder we still
accept both encoding variants.

Fixes #573.

5 years agoproposal: Don't return a default IKE proposal without encryption/AEAD algs
Martin Willi [Fri, 16 May 2014 14:18:16 +0000 (16:18 +0200)]
proposal: Don't return a default IKE proposal without encryption/AEAD algs

5 years agoike: Add an additional but separate AEAD proposal to CHILD config
Martin Willi [Thu, 24 Apr 2014 12:28:57 +0000 (14:28 +0200)]
ike: Add an additional but separate AEAD proposal to CHILD config

This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.

5 years agoike: Add an additional but separate AEAD proposal to IKE config, if supported
Martin Willi [Thu, 24 Apr 2014 12:24:43 +0000 (14:24 +0200)]
ike: Add an additional but separate AEAD proposal to IKE config, if supported

5 years agochild-cfg: Allow passing NULL as proposal to add_proposal()
Martin Willi [Thu, 24 Apr 2014 12:20:21 +0000 (14:20 +0200)]
child-cfg: Allow passing NULL as proposal to add_proposal()

Making the API consistent to the one of ike_cfg.

5 years agoike-cfg: Allow passing NULL to add_proposal()
Martin Willi [Thu, 24 Apr 2014 12:19:12 +0000 (14:19 +0200)]
ike-cfg: Allow passing NULL to add_proposal()

This simplifies adding default proposals with constructors potentially
returning NULL.

5 years agoproposal: Use an additional "default" constructor specific to AEAD algorithms
Martin Willi [Thu, 24 Apr 2014 12:15:49 +0000 (14:15 +0200)]
proposal: Use an additional "default" constructor specific to AEAD algorithms

This allows a caller to create a separated proposal for supported AEAD
algorithms, as required by RFC 5996.

5 years agoproposal: Don't include AEAD algorithms in the default proposal
Martin Willi [Thu, 24 Apr 2014 12:06:05 +0000 (14:06 +0200)]
proposal: Don't include AEAD algorithms in the default proposal

According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms.
This was not clear in RFC 5282, hence we previously included both AEAD and
non-AEAD algorithms in a single proposal.

5 years agoMerge branch 'clang-fixes'
Martin Willi [Fri, 16 May 2014 13:45:41 +0000 (15:45 +0200)]
Merge branch 'clang-fixes'

Fixes some warnings raised when compiling with clang. Some are cosmetically,
others are worth to fix.

This prepares the Travis build for -Werror, which will force us to fix all
warnings raised by all compilers.

5 years agoenum: Return boolean result for enum_from_name() lookup
Martin Willi [Fri, 16 May 2014 09:57:54 +0000 (11:57 +0200)]
enum: Return boolean result for enum_from_name() lookup

Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.

Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.

This also fixes several clang warnings where enums are unsigned.

5 years agoenum: Don't directly include enum.h
Martin Willi [Fri, 16 May 2014 09:55:53 +0000 (11:55 +0200)]
enum: Don't directly include enum.h

To allow enum.h to depend on utils.h definitions, avoid its direct inclusion.
Instead include utils.h, which includes enum.h as well.

5 years agolibtps: Silence GCC set-but-unused warning in incomplete code
Martin Willi [Fri, 7 Mar 2014 11:24:00 +0000 (12:24 +0100)]
libtps: Silence GCC set-but-unused warning in incomplete code

5 years agoscepclient: Cast OID_UNKNOWN before comparing it to unsigned hash_algorithm_t
Martin Willi [Thu, 8 May 2014 11:54:33 +0000 (13:54 +0200)]
scepclient: Cast OID_UNKNOWN before comparing it to unsigned hash_algorithm_t

clang uses unsigned enums and complains about the always-false -1 check.

5 years agoswanctl: Properly initialize return value of --install command
Martin Willi [Thu, 8 May 2014 12:02:26 +0000 (14:02 +0200)]
swanctl: Properly initialize return value of --install command

5 years agoxauth-pam: Fix header include guard
Martin Willi [Thu, 8 May 2014 11:44:37 +0000 (13:44 +0200)]
xauth-pam: Fix header include guard

5 years agoeap-peap: Remove dead SoH code from PEAP
Martin Willi [Thu, 8 May 2014 11:43:07 +0000 (13:43 +0200)]
eap-peap: Remove dead SoH code from PEAP

clang complains about the unused variables.

5 years agotls: Move variable sized tls_record_t struct to end of tls_t data
Martin Willi [Thu, 8 May 2014 11:31:18 +0000 (13:31 +0200)]
tls: Move variable sized tls_record_t struct to end of tls_t data

clang complains about the the non-last variable length member.

5 years agokernel-klips: Pass a pointer to a properly sized integer for algorithm lookup
Martin Willi [Thu, 8 May 2014 11:28:25 +0000 (13:28 +0200)]
kernel-klips: Pass a pointer to a properly sized integer for algorithm lookup

5 years agoauth-cfg: Cast literal default value to pointer type
Martin Willi [Thu, 8 May 2014 11:27:35 +0000 (13:27 +0200)]
auth-cfg: Cast literal default value to pointer type

Fixes a clang warning.

5 years agounbound: Explicitly cast from ldns RR type/class to our types
Martin Willi [Thu, 8 May 2014 11:24:03 +0000 (13:24 +0200)]
unbound: Explicitly cast from ldns RR type/class to our types

These definitions are directly derived from the RFC, so it should be safe
to cast them. clang complains about the different types, so cast them
explicitly.

5 years agox509: Remove some unused ASN1 OID constants
Martin Willi [Thu, 8 May 2014 11:18:27 +0000 (13:18 +0200)]
x509: Remove some unused ASN1 OID constants

5 years agoaes: Remove unused build variants
Martin Willi [Thu, 8 May 2014 12:29:16 +0000 (14:29 +0200)]
aes: Remove unused build variants

The AES code historically has different build options for various size/speed
trade-offs. We never made use of them, so just drop the obsolete code. The code
now has four hard-coded fixed tables, both inverse and original.

5 years agoMinor changes in the test environment 5.2.0dr4
Andreas Steffen [Thu, 15 May 2014 19:30:37 +0000 (21:30 +0200)]
Minor changes in the test environment

5 years agoMerge branch 'settings-parser'
Tobias Brunner [Thu, 15 May 2014 10:03:25 +0000 (12:03 +0200)]
Merge branch 'settings-parser'

Adds a flex/bison based parser for settings_t.  It provides several
improvements over the previous parser e.g. quoted strings (with escape
sequences), unlimited includes, more relaxed newline handling, better
syntax error reporting, and a distinction between empty and unset
values (key = vs. key = "").

5 years agosettings: Properly match } and # in include statements
Tobias Brunner [Thu, 15 May 2014 09:55:23 +0000 (11:55 +0200)]
settings: Properly match } and # in include statements

Found due to %option nodefault.  A match for } was actually missing
and # was not properly matched if it was part of an include statement
on the last line of a file that did not end with a newline.

5 years agosettings: Eliminate performance warning
Tobias Brunner [Thu, 15 May 2014 09:53:03 +0000 (11:53 +0200)]
settings: Eliminate performance warning

This was useful during development, but we accept that matching \n together
with %option yylineno impacts performance.

5 years agoscripts: Add test script for settings_t
Tobias Brunner [Mon, 10 Mar 2014 13:51:48 +0000 (14:51 +0100)]
scripts: Add test script for settings_t

5 years agoparser-helper: Define debug macros depending on DEBUG_LEVEL
Tobias Brunner [Wed, 14 May 2014 16:38:35 +0000 (18:38 +0200)]
parser-helper: Define debug macros depending on DEBUG_LEVEL

5 years agoparser-helper: Make parser_helper_file_t private
Tobias Brunner [Wed, 14 May 2014 15:21:04 +0000 (17:21 +0200)]
parser-helper: Make parser_helper_file_t private

5 years agoparser-helper: Make parser_helper_log a function
Tobias Brunner [Wed, 14 May 2014 15:19:41 +0000 (17:19 +0200)]
parser-helper: Make parser_helper_log a function

5 years agosettings: strongswan.conf must be loaded explicitly
Tobias Brunner [Wed, 14 May 2014 14:05:02 +0000 (16:05 +0200)]
settings: strongswan.conf must be loaded explicitly

5 years agosettings: Replace deprecated YYLEX_PARAM with %lex-param
Tobias Brunner [Tue, 13 May 2014 08:50:36 +0000 (10:50 +0200)]
settings: Replace deprecated YYLEX_PARAM with %lex-param

With Bison 3.x support for YYLEX_PARAM has been removed and %lex-param
should be used.  Unfortunately, that option does not take expressions.
Instead we use a wrapper function that calls the lexer with the proper
scanner object, which should also be backward compatible to older Bison
versions.

5 years agosettings: Include generated header after others
Tobias Brunner [Tue, 13 May 2014 07:54:49 +0000 (09:54 +0200)]
settings: Include generated header after others

Newer Bison versions declare the parser function in the header, which
requires custom types.

5 years agosettings: Reduce log verbosity if files can't be opened
Tobias Brunner [Tue, 29 Apr 2014 09:39:57 +0000 (11:39 +0200)]
settings: Reduce log verbosity if files can't be opened

Basically reintroducing 2a38b4556e9fd8102bd6c6c61f2893599a5e8e51.

5 years agosettings: Adopt the new order of sections and settings when replacing configs
Tobias Brunner [Tue, 29 Apr 2014 14:04:43 +0000 (16:04 +0200)]
settings: Adopt the new order of sections and settings when replacing configs

5 years agosettings: Only purge sections if necessary
Tobias Brunner [Thu, 13 Mar 2014 15:44:45 +0000 (16:44 +0100)]
settings: Only purge sections if necessary

Instead of removing and caching all values of a previous config, we only
do this for actually removed sections/settings.

5 years agocoverage: Make genhtml not fail if sources are not found
Tobias Brunner [Tue, 11 Mar 2014 13:19:59 +0000 (14:19 +0100)]
coverage: Make genhtml not fail if sources are not found

For some reason the .y and .l files of the settings parser are searched in
the wrong directory.

5 years agosettings: Maintain order of sections and settings while enumerating
Tobias Brunner [Tue, 11 Mar 2014 11:33:43 +0000 (12:33 +0100)]
settings: Maintain order of sections and settings while enumerating

5 years agosettings: Don't overwrite values in-place
Tobias Brunner [Tue, 11 Mar 2014 10:08:15 +0000 (11:08 +0100)]
settings: Don't overwrite values in-place

This is not thread safe.  If threads are reading from pointers to existing
values they could get a partially updated invalid value.

Refactored assignment to a separate function.

5 years agosettings: Add functions to add sections and key/value pairs to a section
Tobias Brunner [Tue, 11 Mar 2014 09:58:03 +0000 (10:58 +0100)]
settings: Add functions to add sections and key/value pairs to a section

5 years agounit-tests: Update settings tests to match new parser
Tobias Brunner [Mon, 10 Mar 2014 13:50:43 +0000 (14:50 +0100)]
unit-tests: Update settings tests to match new parser

Empty settings are now ignored, strings are supported, newlines are
handled properly (e.g. at the end of files) etc.

5 years agosettings: Don't enumerate key/value pairs with NULL value
Tobias Brunner [Mon, 10 Mar 2014 09:53:52 +0000 (10:53 +0100)]
settings: Don't enumerate key/value pairs with NULL value

5 years agosettings: Use generated parser instead of our own
Tobias Brunner [Fri, 7 Mar 2014 17:20:28 +0000 (18:20 +0100)]
settings: Use generated parser instead of our own

5 years agosettings: Optionally keep track of removed/replaced values
Tobias Brunner [Fri, 7 Mar 2014 16:51:36 +0000 (17:51 +0100)]
settings: Optionally keep track of removed/replaced values

5 years agosettings: Add flex/bison based parser for strongswan.conf
Tobias Brunner [Fri, 7 Mar 2014 16:21:19 +0000 (17:21 +0100)]
settings: Add flex/bison based parser for strongswan.conf

This parser features several improvements over the existing one.
For instance, quoted strings (with escape sequences), unlimited includes,
relaxed newline handling (e.g. at the end of files or before/after { and }),
and the difference between empty and unset values (key = vs. key = "").

It also complains a lot more about invalid syntax. The current one accepts
pretty odd stuff (like settings or sections without name) without any
errors or warnings.

5 years agosettings: Extract section and key/value pair types and helper functions
Tobias Brunner [Fri, 7 Mar 2014 16:13:31 +0000 (17:13 +0100)]
settings: Extract section and key/value pair types and helper functions

This allows us to use them in the upcoming parser.

5 years agoparser-helper: Add utility class for flex/bison based parsers
Tobias Brunner [Fri, 7 Mar 2014 16:04:01 +0000 (17:04 +0100)]
parser-helper: Add utility class for flex/bison based parsers

5 years agosettings: Use glob enumerator to load included files
Tobias Brunner [Wed, 4 Sep 2013 16:23:07 +0000 (18:23 +0200)]
settings: Use glob enumerator to load included files

5 years agoenumerator: Add enumerator to enumerate files matching a pattern
Tobias Brunner [Wed, 4 Sep 2013 16:14:29 +0000 (18:14 +0200)]
enumerator: Add enumerator to enumerate files matching a pattern

This enumerator is a wrapper around glob(3).  If that function is not
supported NULL is returned.  If no files match or an error occurs during
the pattern expansion an error is logged and the enumerator simply returns
no items.

RFC: if GLOB_ERR is not supplied glob returns GLOB_NOMATCH if e.g. the
base directory of the pattern does not exist, which would otherwise
result in an error. This way there is at least a clear error message in
case of a typo.

5 years agosettings: Move to a separate folder
Tobias Brunner [Tue, 4 Mar 2014 13:18:42 +0000 (14:18 +0100)]
settings: Move to a separate folder

5 years agoarray: Allocate initial data properly if esize is 0
Tobias Brunner [Mon, 29 Jul 2013 16:05:33 +0000 (18:05 +0200)]
array: Allocate initial data properly if esize is 0

5 years agoswanctl: Increase default debug level to 1
Martin Willi [Wed, 14 May 2014 14:27:12 +0000 (16:27 +0200)]
swanctl: Increase default debug level to 1

We initially intended to silence debugging only during thread initialization,
not for swanctl in general.

5 years agovici: Support the close_action keyword, as we have it documented
Martin Willi [Wed, 14 May 2014 14:26:53 +0000 (16:26 +0200)]
vici: Support the close_action keyword, as we have it documented

5 years agoikev1: Fix debugging log when remote traffic selector selection fails
Martin Willi [Wed, 14 May 2014 08:00:20 +0000 (10:00 +0200)]
ikev1: Fix debugging log when remote traffic selector selection fails

5 years agoVersion bump to 5.2.0dr4
Andreas Steffen [Wed, 14 May 2014 07:57:08 +0000 (09:57 +0200)]
Version bump to 5.2.0dr4

5 years agoresult destructor at the wrong level
Andreas Steffen [Wed, 14 May 2014 07:43:54 +0000 (09:43 +0200)]
result destructor at the wrong level

5 years agoconf: Fix sorting of options with Python 3
Tobias Brunner [Tue, 13 May 2014 09:10:11 +0000 (11:10 +0200)]
conf: Fix sorting of options with Python 3

__cmp__() is not supported anymore with Python 3 and cmp() is deprecated.
Instead rich comparisons should be used (only __lt__() is required for
sorting).

5 years agoconf: print is a function in Python 3
Tobias Brunner [Tue, 13 May 2014 09:06:51 +0000 (11:06 +0200)]
conf: print is a function in Python 3

5 years agobuild-database.sh finds all *.so files in /usr/lib
Andreas Steffen [Tue, 13 May 2014 08:08:04 +0000 (10:08 +0200)]
build-database.sh finds all *.so files in /usr/lib

5 years agoDefined BIOS and EFI event types and log event info
Andreas Steffen [Mon, 12 May 2014 13:24:55 +0000 (15:24 +0200)]
Defined BIOS and EFI event types and log event info

On debug level 2 log EV_ACTION and EV_EFI_ACTION strings
and on level 3 dump raw event information

5 years agolibpts: Updated Android.mk
Tobias Brunner [Mon, 12 May 2014 09:46:08 +0000 (11:46 +0200)]
libpts: Updated Android.mk

5 years agoVersion bump to 5.2.0dr3 5.2.0dr3
Andreas Steffen [Mon, 12 May 2014 05:39:33 +0000 (07:39 +0200)]
Version bump to 5.2.0dr3

5 years agoAdded implementation of RFC 7171 to NEWS
Andreas Steffen [Mon, 12 May 2014 04:52:36 +0000 (06:52 +0200)]
Added implementation of RFC 7171 to NEWS

5 years agoImplemented PT-EAP protocol (RFC 7171)
Andreas Steffen [Sun, 11 May 2014 18:49:21 +0000 (20:49 +0200)]
Implemented PT-EAP protocol (RFC 7171)

5 years agoExtended build-database.sh
Andreas Steffen [Sun, 11 May 2014 10:14:34 +0000 (12:14 +0200)]
Extended build-database.sh

5 years agoattest now maintains multiple versions of a file hash
Andreas Steffen [Sat, 10 May 2014 18:06:41 +0000 (20:06 +0200)]
attest now maintains multiple versions of a file hash

5 years agoChanged default value to libimcv.imc-attestation.pcr_info = no
Andreas Steffen [Mon, 5 May 2014 08:51:51 +0000 (10:51 +0200)]
Changed default value to libimcv.imc-attestation.pcr_info = no

5 years agochild-sa: Reclaim old state if SA updating is not supported
Martin Willi [Fri, 9 May 2014 06:39:55 +0000 (08:39 +0200)]
child-sa: Reclaim old state if SA updating is not supported

If the state stays at UPDATING, the fallback using IKEv1 rekeying fails as
the task manager refuses to rekey a CHILD_SA in non-INSTALLED state.

5 years agoNEWS: Add swanctl news
Martin Willi [Thu, 8 May 2014 07:35:59 +0000 (09:35 +0200)]
NEWS: Add swanctl news

5 years agoMerge branch 'swanctl'
Martin Willi [Wed, 7 May 2014 14:05:39 +0000 (16:05 +0200)]
Merge branch 'swanctl'

Adds a swanctl command line tool to manage the IKE daemon charon using the
VICI interface provided by the vici plugin.

5 years agoswanctl: By default print local swanctl version with --version
Martin Willi [Tue, 6 May 2014 08:56:07 +0000 (10:56 +0200)]
swanctl: By default print local swanctl version with --version

But add a --daemon option to query the IKE daemon for its version.

5 years agoswanctl: Install empty credential folders with appropriate permissions
Martin Willi [Tue, 29 Apr 2014 14:03:44 +0000 (16:03 +0200)]
swanctl: Install empty credential folders with appropriate permissions

5 years agoswanctl: Document most swanctl.conf options in manpage
Martin Willi [Mon, 28 Apr 2014 14:18:24 +0000 (16:18 +0200)]
swanctl: Document most swanctl.conf options in manpage

5 years agoswanctl: Keep swanctl.conf man/template section order as defined
Martin Willi [Tue, 29 Apr 2014 10:15:06 +0000 (12:15 +0200)]
swanctl: Keep swanctl.conf man/template section order as defined

5 years agoconf: Add a format-options --nosort option to keep order of sections as defined
Martin Willi [Tue, 29 Apr 2014 10:13:33 +0000 (12:13 +0200)]
conf: Add a format-options --nosort option to keep order of sections as defined

5 years agoswanctl: Add a swanctl command overview manpage
Martin Willi [Mon, 28 Apr 2014 14:57:22 +0000 (16:57 +0200)]
swanctl: Add a swanctl command overview manpage

5 years agoswanctl: Generate swanctl.conf(5) man page
Tobias Brunner [Thu, 17 Apr 2014 17:23:48 +0000 (19:23 +0200)]
swanctl: Generate swanctl.conf(5) man page

5 years agoswanctl: Generate man page snippet with config options
Tobias Brunner [Thu, 17 Apr 2014 17:15:10 +0000 (19:15 +0200)]
swanctl: Generate man page snippet with config options

5 years agoconf: Properly propagate whether a section is commented or not
Tobias Brunner [Thu, 17 Apr 2014 17:06:34 +0000 (19:06 +0200)]
conf: Properly propagate whether a section is commented or not

5 years agoswanctl: Convert swanctl.conf to an options file and generate config
Tobias Brunner [Thu, 17 Apr 2014 16:59:42 +0000 (18:59 +0200)]
swanctl: Convert swanctl.conf to an options file and generate config

5 years agoswanctl: Install swanctl.conf if it does not exist yet
Tobias Brunner [Thu, 17 Apr 2014 16:34:38 +0000 (18:34 +0200)]
swanctl: Install swanctl.conf if it does not exist yet

5 years agoswanctl: Change syntax of secrets to accept identities with special chars
Martin Willi [Fri, 25 Apr 2014 09:22:45 +0000 (11:22 +0200)]
swanctl: Change syntax of secrets to accept identities with special chars

Having identity strings in the settings key is problematic, as the parser can't
handle arbitrary characters in it. Further, the space separation makes it
impossible to define identities with spaces.

The new format uses key prefixes, similar to those used in local/remote auth
sections of connections. The secrets section takes subsections with type
prefixes, and each subsection uses "id" prefixes to define an arbitrary
number of identities.

5 years agoswanctl: List local and remote addresses in list-conns
Martin Willi [Wed, 16 Apr 2014 12:55:43 +0000 (14:55 +0200)]
swanctl: List local and remote addresses in list-conns

5 years agoswanctl: Add a list-pools command to summarize pool status
Martin Willi [Wed, 16 Apr 2014 10:07:14 +0000 (12:07 +0200)]
swanctl: Add a list-pools command to summarize pool status

5 years agoswanctl: Add a load-pools command to (re-)load pool configurations from file
Martin Willi [Wed, 16 Apr 2014 09:20:27 +0000 (11:20 +0200)]
swanctl: Add a load-pools command to (re-)load pool configurations from file

5 years agoswanctl: Encode connection "pools" as list items
Martin Willi [Tue, 15 Apr 2014 11:33:11 +0000 (13:33 +0200)]
swanctl: Encode connection "pools" as list items

5 years agoswanctl: Fix enumeration of registered commands if MAX_COMMANDS is hit
Martin Willi [Wed, 9 Apr 2014 11:25:13 +0000 (13:25 +0200)]
swanctl: Fix enumeration of registered commands if MAX_COMMANDS is hit