strongswan.git
12 years agoparse xfrm and pf_key acquire messages and subscribe to migrate messages
Andreas Steffen [Fri, 31 Oct 2008 01:43:23 +0000 (01:43 -0000)]
parse xfrm and pf_key acquire messages and subscribe to migrate messages

12 years agoreverted changeset 4529:
Martin Willi [Thu, 30 Oct 2008 13:21:21 +0000 (13:21 -0000)]
reverted changeset 4529:
Camellia is 22 in IKEv1, but not-yet defined in IKEv2
in IKEv2, 22 is reserved for AES-XTS

12 years agoadded hooks for IKE and CHILD keymat
Martin Willi [Thu, 30 Oct 2008 12:58:54 +0000 (12:58 -0000)]
added hooks for IKE and CHILD keymat

12 years agostore plain skd, not the prf
Martin Willi [Thu, 30 Oct 2008 09:18:52 +0000 (09:18 -0000)]
store plain skd, not the prf

12 years agoadded Camellia CBC to list of encryption algorithms
Andreas Steffen [Thu, 30 Oct 2008 03:31:36 +0000 (03:31 -0000)]
added Camellia CBC to list of encryption algorithms

12 years agocorrected parameter description
Andreas Steffen [Thu, 30 Oct 2008 00:35:37 +0000 (00:35 -0000)]
corrected parameter description

12 years agomoved CHILD_SA key derivation to keymat_t
Martin Willi [Wed, 29 Oct 2008 16:06:16 +0000 (16:06 -0000)]
moved CHILD_SA key derivation to keymat_t
passing key chunks to CHILD_SA, not the PRF

12 years agoprf handles zero-length allocations graceful
Martin Willi [Wed, 29 Oct 2008 14:12:54 +0000 (14:12 -0000)]
prf handles zero-length allocations graceful

12 years agodo not store DH redundant in keymat
Martin Willi [Wed, 29 Oct 2008 13:35:06 +0000 (13:35 -0000)]
do not store DH redundant in keymat

12 years agoreplaced not-maintained ChangeLog
Martin Willi [Wed, 29 Oct 2008 09:27:51 +0000 (09:27 -0000)]
replaced not-maintained ChangeLog

12 years agoupgrade to linux-2.6.28 headers with support for kmaddress struct
Andreas Steffen [Wed, 29 Oct 2008 05:32:38 +0000 (05:32 -0000)]
upgrade to linux-2.6.28 headers with support for kmaddress struct

12 years agomoved key derivation and management into keymat object
Martin Willi [Tue, 28 Oct 2008 16:07:06 +0000 (16:07 -0000)]
moved key derivation and management into keymat object
allows secured implementation of key management (e.g. in kernel or HW)
only IKE keys for now

12 years agostore IKE proposal implicitly during derive_keys
Martin Willi [Tue, 28 Oct 2008 10:12:21 +0000 (10:12 -0000)]
store IKE proposal implicitly during derive_keys

12 years agofixed reauthentication time in statusall
Martin Willi [Tue, 28 Oct 2008 09:41:33 +0000 (09:41 -0000)]
fixed reauthentication time in statusall

12 years agorefining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key
Andreas Steffen [Tue, 28 Oct 2008 01:59:01 +0000 (01:59 -0000)]
refining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key

12 years agouse more generic stats getter, introducing new stats
Martin Willi [Mon, 27 Oct 2008 14:51:00 +0000 (14:51 -0000)]
use more generic stats getter, introducing new stats

12 years agonew release of NM debs
Martin Willi [Mon, 27 Oct 2008 12:01:23 +0000 (12:01 -0000)]
new release of NM debs

12 years agoincluding a "none" tundev to make NM happy
Martin Willi [Mon, 27 Oct 2008 11:30:27 +0000 (11:30 -0000)]
including a "none" tundev to make NM happy

12 years agofixed some compiler warnings
Martin Willi [Mon, 27 Oct 2008 11:13:33 +0000 (11:13 -0000)]
fixed some compiler warnings

12 years agoremove unused local DH_EXPONENT_ENTROPY definition
Andreas Steffen [Mon, 27 Oct 2008 00:02:22 +0000 (00:02 -0000)]
remove unused local DH_EXPONENT_ENTROPY definition

12 years agouse 512 bits of entropy for secret DH exponents
Andreas Steffen [Sun, 26 Oct 2008 23:53:52 +0000 (23:53 -0000)]
use 512 bits of entropy for secret DH exponents

12 years agoadditional getters for ipcomp and UDP encap
Martin Willi [Fri, 24 Oct 2008 09:51:48 +0000 (09:51 -0000)]
additional getters for ipcomp and UDP encap

12 years agomore CHILD_SA refactorings
Martin Willi [Fri, 24 Oct 2008 08:02:35 +0000 (08:02 -0000)]
more CHILD_SA refactorings

12 years agoinitiate connections simultaneously in load tester
Martin Willi [Wed, 22 Oct 2008 09:01:36 +0000 (09:01 -0000)]
initiate connections simultaneously in load tester

12 years agoinclude updown plugin in sql scenarios
Andreas Steffen [Tue, 21 Oct 2008 22:28:29 +0000 (22:28 -0000)]
include updown plugin in sql scenarios

12 years agoa load testing plugin, to:
Martin Willi [Tue, 21 Oct 2008 13:00:38 +0000 (13:00 -0000)]
a load testing plugin, to:
find multi-threading issues
do performance profiling

12 years agofixed enumeration of CHILD_SA traffic selectors
Martin Willi [Tue, 21 Oct 2008 10:57:40 +0000 (10:57 -0000)]
fixed enumeration of CHILD_SA traffic selectors

12 years agouse old algorithm nameagain in pfkey/alg-aes-xcbc scenario
Andreas Steffen [Tue, 21 Oct 2008 03:42:32 +0000 (03:42 -0000)]
use old algorithm nameagain in pfkey/alg-aes-xcbc scenario

12 years agoreset threads IKE_SA after checking other IKE_SAs
Martin Willi [Mon, 20 Oct 2008 11:38:16 +0000 (11:38 -0000)]
reset threads IKE_SA after checking other IKE_SAs
invoke updown script only if we have valid IKE_SA

12 years agore-established all previous AUD level messages
Andreas Steffen [Fri, 17 Oct 2008 03:44:06 +0000 (03:44 -0000)]
re-established all previous AUD level messages

12 years agofixed perl oid generation
Martin Willi [Thu, 16 Oct 2008 15:38:48 +0000 (15:38 -0000)]
fixed perl oid generation

12 years agoloading updown plugin if required
Martin Willi [Thu, 16 Oct 2008 12:48:27 +0000 (12:48 -0000)]
loading updown plugin if required

12 years agomoved updown script invocation to an optional plugin
Martin Willi [Thu, 16 Oct 2008 11:48:18 +0000 (11:48 -0000)]
moved updown script invocation to an optional plugin

12 years agobus uses finally recusive locking
Martin Willi [Thu, 16 Oct 2008 11:32:43 +0000 (11:32 -0000)]
bus uses finally recusive locking
other small fixes

12 years agocondvar->wait() can handle recursive mutex
Martin Willi [Thu, 16 Oct 2008 11:29:42 +0000 (11:29 -0000)]
condvar->wait() can handle recursive mutex

12 years agoadded missing EAP-AKA RFC
Martin Willi [Thu, 16 Oct 2008 07:21:30 +0000 (07:21 -0000)]
added missing EAP-AKA RFC

12 years agoadded a guest.mconsole() method to script mconsole (e.g. add additional conX=)
Martin Willi [Wed, 15 Oct 2008 14:47:52 +0000 (14:47 -0000)]
added a guest.mconsole() method to script mconsole (e.g. add additional conX=)

12 years agocache keys for in and outbound ESP SAs
Martin Willi [Wed, 15 Oct 2008 12:24:44 +0000 (12:24 -0000)]
cache keys for in and outbound ESP SAs
removed redundant storing of traffic selectors in CHILD_SA (sa_policy_t)
creating TS pairs dynamically using create_policy_enumerator()

12 years agotypedef fixed
Tobias Brunner [Wed, 15 Oct 2008 11:34:29 +0000 (11:34 -0000)]
typedef fixed

12 years agoreverted changeset [4440], [4443] uses old algorithm name again
Martin Willi [Wed, 15 Oct 2008 08:50:14 +0000 (08:50 -0000)]
reverted changeset [4440], [4443] uses old algorithm name again

12 years agostore ESP keys in CHILD_SA
Martin Willi [Wed, 15 Oct 2008 08:37:56 +0000 (08:37 -0000)]
store ESP keys in CHILD_SA

12 years agoactivate compilation of the kernel_pfkey plugin
Andreas Steffen [Wed, 15 Oct 2008 00:22:51 +0000 (00:22 -0000)]
activate compilation of the kernel_pfkey plugin

12 years agoadded PFKEYv2 UML scenarios
Andreas Steffen [Wed, 15 Oct 2008 00:11:00 +0000 (00:11 -0000)]
added PFKEYv2 UML scenarios

12 years agoname of ESP algorithm changed to AES_XCBC_96-128
Andreas Steffen [Tue, 14 Oct 2008 23:55:19 +0000 (23:55 -0000)]
name of ESP algorithm changed to AES_XCBC_96-128

12 years agopassing chunks, not prf+, to kernel interface
Martin Willi [Tue, 14 Oct 2008 15:17:44 +0000 (15:17 -0000)]
passing chunks, not prf+, to kernel interface
gives us better control of keymat in CHILD_SA

12 years agotypos
Tobias Brunner [Tue, 14 Oct 2008 12:18:53 +0000 (12:18 -0000)]
typos

12 years agodirectory 'build' renamed as 'packages'
Tobias Brunner [Tue, 14 Oct 2008 11:53:23 +0000 (11:53 -0000)]
directory 'build' renamed as 'packages'

12 years agoreintegrated bus-refactoring branch
Martin Willi [Tue, 14 Oct 2008 08:52:13 +0000 (08:52 -0000)]
reintegrated bus-refactoring branch

12 years agomerging kernel_pfkey plugin back from kernel-interface branch
Tobias Brunner [Tue, 14 Oct 2008 08:46:31 +0000 (08:46 -0000)]
merging kernel_pfkey plugin back from kernel-interface branch

12 years agoversion bump to 4.2.9
Andreas Steffen [Tue, 14 Oct 2008 01:53:37 +0000 (01:53 -0000)]
version bump to 4.2.9

12 years agocorrected typo 4.2.8
Andreas Steffen [Mon, 13 Oct 2008 22:54:09 +0000 (22:54 -0000)]
corrected typo

12 years agoadded bug fix for addr_in_subnet() to NEWS
Andreas Steffen [Mon, 13 Oct 2008 00:15:16 +0000 (00:15 -0000)]
added bug fix for addr_in_subnet() to NEWS

12 years agoadd support of --enable-eap-sim-file and --enable-kernel-pfkey configuration options
Andreas Steffen [Mon, 13 Oct 2008 00:09:44 +0000 (00:09 -0000)]
add support of --enable-eap-sim-file and --enable-kernel-pfkey configuration options

12 years agoset guest-specific kernel parameters
Martin Willi [Fri, 10 Oct 2008 11:20:04 +0000 (11:20 -0000)]
set guest-specific kernel parameters
removed memory setting, use mem= instead

12 years agoreintegrated two-sim branch providing SIM card plugin API
Martin Willi [Fri, 10 Oct 2008 08:36:01 +0000 (08:36 -0000)]
reintegrated two-sim branch providing SIM card plugin API

12 years agotrimming additial / in some cases
Martin Willi [Fri, 10 Oct 2008 07:33:37 +0000 (07:33 -0000)]
trimming additial / in some cases

12 years agouse busybox compatible kill
Martin Willi [Fri, 10 Oct 2008 06:59:03 +0000 (06:59 -0000)]
use busybox compatible kill

12 years agoremove intermediate CA certs after UML test
Andreas Steffen [Thu, 9 Oct 2008 22:20:56 +0000 (22:20 -0000)]
remove intermediate CA certs after UML test

12 years agofixed MOBIKE roaming if clients address changes
Martin Willi [Thu, 9 Oct 2008 08:25:11 +0000 (08:25 -0000)]
fixed MOBIKE roaming if clients address changes

12 years agofaster implementation of addr_in_subnet()
Andreas Steffen [Thu, 9 Oct 2008 05:44:00 +0000 (05:44 -0000)]
faster implementation of addr_in_subnet()

12 years agoadded proposal parsing of uncommon DH groups 3072/6144
Martin Willi [Wed, 8 Oct 2008 12:57:11 +0000 (12:57 -0000)]
added proposal parsing of uncommon DH groups 3072/6144

12 years agosome mobike improvement NEWS
Martin Willi [Wed, 8 Oct 2008 12:24:08 +0000 (12:24 -0000)]
some mobike improvement NEWS

12 years agoignore routing events for our own routes
Martin Willi [Wed, 8 Oct 2008 08:29:49 +0000 (08:29 -0000)]
ignore routing events for our own routes

12 years agomobike: try to keep existing source address before switching to another
Martin Willi [Wed, 8 Oct 2008 08:23:46 +0000 (08:23 -0000)]
mobike: try to keep existing source address before switching to another

12 years agoraw public key support for charon
Andreas Steffen [Wed, 8 Oct 2008 07:03:39 +0000 (07:03 -0000)]
raw public key support for charon

12 years agoimplemented ipsec listalgs as a stroke command
Andreas Steffen [Wed, 8 Oct 2008 07:00:13 +0000 (07:00 -0000)]
implemented ipsec listalgs as a stroke command

12 years agocorrect fix that replaces Changeset 4378
Andreas Steffen [Wed, 8 Oct 2008 06:57:52 +0000 (06:57 -0000)]
correct fix that replaces Changeset 4378

12 years agoremoving fix applied by Changeset 4378
Andreas Steffen [Wed, 8 Oct 2008 06:15:41 +0000 (06:15 -0000)]
removing fix applied by Changeset 4378

12 years agoadded the sql/rw-rsa and sql/rw-rsa-keyid scenarios using raw RSA public keys
Andreas Steffen [Wed, 8 Oct 2008 03:37:40 +0000 (03:37 -0000)]
added the sql/rw-rsa and sql/rw-rsa-keyid scenarios using raw RSA public keys

12 years agoget_subject() of a CERT_TRUSTED_PUBKEY object returns ID_PUBKEY_INFO_SHA1 hash consis...
Andreas Steffen [Wed, 8 Oct 2008 03:35:52 +0000 (03:35 -0000)]
get_subject() of a CERT_TRUSTED_PUBKEY object returns ID_PUBKEY_INFO_SHA1 hash consistent with the IKEv2 keyid philosophy

12 years agoImplemented BUILD_BLOB_ASN1_DER for the CERT_TRUSTED_PUBKEY subtype
Andreas Steffen [Wed, 8 Oct 2008 01:19:26 +0000 (01:19 -0000)]
Implemented BUILD_BLOB_ASN1_DER for the CERT_TRUSTED_PUBKEY subtype

12 years agofixed loop termination criterion in addr_in_subnet(). Thanks go to Wolfgang Steudel...
Andreas Steffen [Tue, 7 Oct 2008 21:41:45 +0000 (21:41 -0000)]
fixed loop termination criterion in addr_in_subnet(). Thanks go to Wolfgang Steudel, TU Ilmenau

12 years agoguest bootup waits for init, not for network stack (fixes 2.6.27 guest kernels)
Martin Willi [Tue, 7 Oct 2008 16:31:41 +0000 (16:31 -0000)]
guest bootup waits for init, not for network stack (fixes 2.6.27 guest kernels)

12 years agoported mconsole-exec patch to 2.6.27-rc7
Martin Willi [Tue, 7 Oct 2008 09:09:34 +0000 (09:09 -0000)]
ported mconsole-exec patch to 2.6.27-rc7

12 years agouserland support to process notifies for new NAT mappings detected in UDP encapsulation
Martin Willi [Tue, 7 Oct 2008 07:55:28 +0000 (07:55 -0000)]
userland support to process notifies for new NAT mappings detected in UDP encapsulation

12 years agowait 5 seconds before deactivating eth1 interface on alice
Andreas Steffen [Tue, 7 Oct 2008 04:56:50 +0000 (04:56 -0000)]
wait 5 seconds before deactivating eth1 interface on alice

12 years agoexplicitly load kernel-netlink plugin in UML scenarios
Andreas Steffen [Tue, 7 Oct 2008 04:51:20 +0000 (04:51 -0000)]
explicitly load kernel-netlink plugin in UML scenarios

12 years agouse MOBIKE enabled DPD if we are NATed
Martin Willi [Mon, 6 Oct 2008 13:37:04 +0000 (13:37 -0000)]
use MOBIKE enabled DPD if we are NATed
update SAs if we detect changes in NAT mappings

12 years agofixed builder_cancel macro to return NULL on failed build
Martin Willi [Mon, 6 Oct 2008 13:08:49 +0000 (13:08 -0000)]
fixed builder_cancel macro to return NULL on failed build

12 years agodo not run CHILD_SA delete action if rekeying
Martin Willi [Fri, 3 Oct 2008 16:01:14 +0000 (16:01 -0000)]
do not run CHILD_SA delete action if rekeying

12 years agoadded --disable-kernel-netlink configure option
Andreas Steffen [Fri, 3 Oct 2008 03:27:42 +0000 (03:27 -0000)]
added --disable-kernel-netlink configure option

12 years agouse dpd_action also for remotely closed tunnels
Martin Willi [Thu, 2 Oct 2008 13:47:19 +0000 (13:47 -0000)]
use dpd_action also for remotely closed tunnels

12 years agoalso respect the mobike=no setting as responder
Martin Willi [Tue, 30 Sep 2008 12:36:58 +0000 (12:36 -0000)]
also respect the mobike=no setting as responder

12 years agousing signed return value for read()
Martin Willi [Tue, 30 Sep 2008 06:27:50 +0000 (06:27 -0000)]
using signed return value for read()

12 years agomerging renaming of mode_t to ipsec_mode_t back to trunk
Tobias Brunner [Thu, 25 Sep 2008 13:56:23 +0000 (13:56 -0000)]
merging renaming of mode_t to ipsec_mode_t back to trunk

12 years agomerging modularized kernel interface back to trunk
Tobias Brunner [Thu, 25 Sep 2008 07:56:58 +0000 (07:56 -0000)]
merging modularized kernel interface back to trunk

12 years agomissing '_' added
Tobias Brunner [Fri, 19 Sep 2008 13:20:09 +0000 (13:20 -0000)]
missing '_' added

12 years agoversion bump to 4.2.8
Andreas Steffen [Thu, 18 Sep 2008 00:42:22 +0000 (00:42 -0000)]
version bump to 4.2.8

12 years agocompleted NEWS for 4.2.7 release 4.2.7
Andreas Steffen [Thu, 18 Sep 2008 00:34:31 +0000 (00:34 -0000)]
completed NEWS for 4.2.7 release

12 years agofixed DH value range testing
Martin Willi [Wed, 17 Sep 2008 09:02:30 +0000 (09:02 -0000)]
fixed DH value range testing

12 years agochecking mpz_export return value properly
Martin Willi [Wed, 17 Sep 2008 08:10:48 +0000 (08:10 -0000)]
checking mpz_export return value properly
fixes a potential DoS attack if a DH value of zero gets processed

12 years agostroke parses and lists AC groups
Andreas Steffen [Wed, 17 Sep 2008 02:17:01 +0000 (02:17 -0000)]
stroke parses and lists AC groups

12 years agoupdated ubuntu packages for release compatible with NM svn20080908
Martin Willi [Fri, 12 Sep 2008 13:48:11 +0000 (13:48 -0000)]
updated ubuntu packages for release compatible with NM svn20080908

12 years agoported NM plugin to upstream NetworkManager changes
Martin Willi [Fri, 12 Sep 2008 13:28:31 +0000 (13:28 -0000)]
ported NM plugin to upstream NetworkManager changes
splitted secrets (4031)
using uuid in auth-dialog (4053)

12 years agoallow multiple DELETE payloads in an informational message
Martin Willi [Thu, 11 Sep 2008 11:14:09 +0000 (11:14 -0000)]
allow multiple DELETE payloads in an informational message

12 years agoupdated NEWS
Martin Willi [Fri, 5 Sep 2008 15:10:56 +0000 (15:10 -0000)]
updated NEWS

12 years agofixed ubuntu distribution/typos
Martin Willi [Fri, 5 Sep 2008 14:44:21 +0000 (14:44 -0000)]
fixed ubuntu distribution/typos

12 years agonew ubuntu package release
Martin Willi [Fri, 5 Sep 2008 14:01:47 +0000 (14:01 -0000)]
new ubuntu package release

12 years agoNM plugin supports (encrypted) private key files
Martin Willi [Fri, 5 Sep 2008 13:26:58 +0000 (13:26 -0000)]
NM plugin supports (encrypted) private key files

12 years agotime values in strongswan.conf can be optionally specified in days (d), hours (h...
Andreas Steffen [Thu, 4 Sep 2008 16:19:46 +0000 (16:19 -0000)]
time values in strongswan.conf can be optionally specified in days (d), hours (h), minutes (m), or seconds (s)