strongswan.git
7 years agoAdded GPL header to scripts
Tobias Brunner [Fri, 29 Jun 2012 14:07:10 +0000 (16:07 +0200)]
Added GPL header to scripts

7 years agoAdded LICENSE file to the distribution
Tobias Brunner [Fri, 29 Jun 2012 13:23:46 +0000 (15:23 +0200)]
Added LICENSE file to the distribution

7 years agoAdded OpenSSL/GPL exception to LICENSE file
Tobias Brunner [Fri, 29 Jun 2012 13:20:23 +0000 (15:20 +0200)]
Added OpenSSL/GPL exception to LICENSE file

Also updated other parts of the license.

7 years agoRemoved superfluous remove_hasher() call in md5 plugin
Tobias Brunner [Fri, 29 Jun 2012 14:22:41 +0000 (16:22 +0200)]
Removed superfluous remove_hasher() call in md5 plugin

7 years agoPass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9
Martin Willi [Fri, 29 Jun 2012 13:21:57 +0000 (15:21 +0200)]
Pass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9

7 years agoAs a responder, don't start a TRANSACTION request if we expect one from the initiator
Martin Willi [Fri, 29 Jun 2012 11:40:05 +0000 (13:40 +0200)]
As a responder, don't start a TRANSACTION request if we expect one from the initiator

7 years agoan IKE daemon needs these plugins but a PDP doesn't
Andreas Steffen [Fri, 29 Jun 2012 04:24:02 +0000 (06:24 +0200)]
an IKE daemon needs these plugins but a PDP doesn't

7 years agoadded Ubuntu 12.04 LTS i686 measurements
Andreas Steffen [Thu, 28 Jun 2012 20:20:44 +0000 (22:20 +0200)]
added Ubuntu 12.04 LTS i686 measurements

7 years agoIMCs and IMVs might depend on X.509 certificates or trusted public keys
Andreas Steffen [Thu, 28 Jun 2012 15:55:02 +0000 (17:55 +0200)]
IMCs and IMVs might depend on X.509 certificates or trusted public keys

7 years agoadded ikev1/virtual-ip scenario
Andreas Steffen [Thu, 28 Jun 2012 12:52:07 +0000 (14:52 +0200)]
added ikev1/virtual-ip scenario

7 years agocorrected description of ikev1/ip-pool-db scenario
Andreas Steffen [Thu, 28 Jun 2012 12:44:10 +0000 (14:44 +0200)]
corrected description of ikev1/ip-pool-db scenario

7 years agocorrected description of ikev1/ip-pool scenario
Andreas Steffen [Thu, 28 Jun 2012 12:42:34 +0000 (14:42 +0200)]
corrected description of ikev1/ip-pool scenario

7 years agoadded ikev1/ip-pool scenario
Andreas Steffen [Thu, 28 Jun 2012 12:37:04 +0000 (14:37 +0200)]
added ikev1/ip-pool scenario

7 years agomerged xauth-id-rsa and xauth-rsa-config scenarios
Andreas Steffen [Thu, 28 Jun 2012 12:23:47 +0000 (14:23 +0200)]
merged xauth-id-rsa and xauth-rsa-config scenarios

7 years agoDefined a macro to replace strerror(3) with calls to thread-safe wrapper
Tobias Brunner [Thu, 28 Jun 2012 10:13:05 +0000 (12:13 +0200)]
Defined a macro to replace strerror(3) with calls to thread-safe wrapper

7 years agoThread-safe wrapper around strerror(3)/strerror_r(3) added
Tobias Brunner [Wed, 27 Jun 2012 16:42:25 +0000 (18:42 +0200)]
Thread-safe wrapper around strerror(3)/strerror_r(3) added

7 years agoShow some uname() info in "ipsec statusall"
Martin Willi [Thu, 28 Jun 2012 09:56:40 +0000 (11:56 +0200)]
Show some uname() info in "ipsec statusall"

7 years agoShow some uname() info during charon startup
Martin Willi [Thu, 28 Jun 2012 09:56:15 +0000 (11:56 +0200)]
Show some uname() info during charon startup

7 years agocharon automatically removes virtual interfaces
Andreas Steffen [Thu, 28 Jun 2012 07:30:24 +0000 (09:30 +0200)]
charon automatically removes virtual interfaces

7 years agolibcharon also requires kernel interfaces and a socket implementation
Tobias Brunner [Wed, 27 Jun 2012 10:14:16 +0000 (12:14 +0200)]
libcharon also requires kernel interfaces and a socket implementation

7 years agoDefer quick mode initiation if we expect a mode config request
Martin Willi [Tue, 26 Jun 2012 08:36:49 +0000 (10:36 +0200)]
Defer quick mode initiation if we expect a mode config request

7 years agoQueue a mode config task as responder if we need a virtual IP
Martin Willi [Tue, 26 Jun 2012 08:35:24 +0000 (10:35 +0200)]
Queue a mode config task as responder if we need a virtual IP

7 years agoAdd basic support for XAuth responder authentication
Martin Willi [Thu, 14 Jun 2012 14:13:10 +0000 (16:13 +0200)]
Add basic support for XAuth responder authentication

7 years agoMap XAuth responder authentication methods between IKEv1 and IKEv2
Martin Willi [Thu, 14 Jun 2012 14:08:28 +0000 (16:08 +0200)]
Map XAuth responder authentication methods between IKEv1 and IKEv2

7 years agoShow remote EAP/XAuth identity in "statusall" on a separate line
Martin Willi [Wed, 27 Jun 2012 09:40:53 +0000 (11:40 +0200)]
Show remote EAP/XAuth identity in "statusall" on a separate line

7 years agogcrypt: Register SHA1 first as HASH_PREFERRED depends on it
Tobias Brunner [Wed, 27 Jun 2012 09:30:55 +0000 (11:30 +0200)]
gcrypt: Register SHA1 first as HASH_PREFERRED depends on it

7 years agoUse static plugin features in libcharon to define essential dependencies
Tobias Brunner [Wed, 27 Jun 2012 09:27:36 +0000 (11:27 +0200)]
Use static plugin features in libcharon to define essential dependencies

7 years agoUse static plugin features in charon-nm
Tobias Brunner [Mon, 25 Jun 2012 16:58:53 +0000 (18:58 +0200)]
Use static plugin features in charon-nm

7 years agoIgnore a received %any virtual IP for installation
Martin Willi [Tue, 26 Jun 2012 16:00:40 +0000 (18:00 +0200)]
Ignore a received %any virtual IP for installation

7 years agoMask the configured mark value to ensure it is in range
Tobias Brunner [Tue, 26 Jun 2012 10:50:58 +0000 (12:50 +0200)]
Mask the configured mark value to ensure it is in range

7 years agoSome updates in ipsec.conf(5) for 5.0.0
Tobias Brunner [Tue, 26 Jun 2012 10:39:53 +0000 (12:39 +0200)]
Some updates in ipsec.conf(5) for 5.0.0

7 years agoAdded MAC wrappers to Android.mk
Tobias Brunner [Tue, 26 Jun 2012 05:58:04 +0000 (07:58 +0200)]
Added MAC wrappers to Android.mk

7 years agoAlso build charon's IKEv1 implementation on Android
Tobias Brunner [Fri, 22 Jun 2012 11:33:38 +0000 (13:33 +0200)]
Also build charon's IKEv1 implementation on Android

7 years agoBuild nonce plugin on Android
Tobias Brunner [Fri, 22 Jun 2012 11:32:07 +0000 (13:32 +0200)]
Build nonce plugin on Android

7 years agoMissing source file added to libcharon's Android.mk
Tobias Brunner [Fri, 22 Jun 2012 11:31:14 +0000 (13:31 +0200)]
Missing source file added to libcharon's Android.mk

7 years agoscepclient: Added support to build it on Android
Tobias Brunner [Thu, 14 Jun 2012 16:35:58 +0000 (18:35 +0200)]
scepclient: Added support to build it on Android

7 years agoAdded support for the curl plugin on Android
Tobias Brunner [Thu, 14 Jun 2012 16:20:35 +0000 (18:20 +0200)]
Added support for the curl plugin on Android

7 years agoAvoid SIGSEGV during shutdown if charon is not started as root
Tobias Brunner [Mon, 25 Jun 2012 17:00:00 +0000 (19:00 +0200)]
Avoid SIGSEGV during shutdown if charon is not started as root

7 years agoNEWS about thread pool updates added
Tobias Brunner [Mon, 25 Jun 2012 16:01:23 +0000 (18:01 +0200)]
NEWS about thread pool updates added

7 years agoMake rescheduling a job more predictable
Tobias Brunner [Thu, 21 Jun 2012 08:10:25 +0000 (10:10 +0200)]
Make rescheduling a job more predictable

This avoids race conditions between calls to cancel() and jobs that like
to be rescheduled.  If jobs were able to reschedule themselves it would
theoretically be possible that two worker threads have the same job
assigned (the one currently executing the job and the one executing the
same but rescheduled job if it already is time to execute it), this means
that cancel() could be called twice for that job.

Creating a new job based on the current one and reschedule that is also
OK, but rescheduling itself is more efficient for jobs that need to be
executed often.

7 years agoCentralized thread cancellation in processor_t
Tobias Brunner [Tue, 19 Jun 2012 11:29:09 +0000 (13:29 +0200)]
Centralized thread cancellation in processor_t

This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.

callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t.  The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.

7 years agoGive processor_t more control over the lifecycle of a job
Tobias Brunner [Tue, 19 Jun 2012 08:45:17 +0000 (10:45 +0200)]
Give processor_t more control over the lifecycle of a job

Jobs are now destroyed by the processor, but they are allowed to
reschedule themselves.  That is, parts of the reschedule functionality
already provided by callback_job_t is moved to the processor.  Not yet
fully supported is JOB_REQUEUE_DIRECT and canceling jobs.

Note: job_t.destroy() is now called not only for queued jobs but also
after execution or cancellation of jobs.  job_t.status can be used to
decide what to do in said method.

7 years agoAdded a method to plugin_loader_t to add 'static' plugin features
Tobias Brunner [Wed, 20 Jun 2012 09:47:58 +0000 (11:47 +0200)]
Added a method to plugin_loader_t to add 'static' plugin features

This allows daemons and other components to register plugin features
like those provided by plugins (following the same lifecycle).

The added features are internally handled like they were added by a
plugin.

7 years agoMake sure that all features of critical plugins are loaded
Tobias Brunner [Wed, 20 Jun 2012 09:34:46 +0000 (11:34 +0200)]
Make sure that all features of critical plugins are loaded

7 years agoAdded an option to rename the ipsec script during installation
Tobias Brunner [Tue, 19 Jun 2012 15:12:53 +0000 (17:12 +0200)]
Added an option to rename the ipsec script during installation

Also rename the man page and adjust all references in the script, the
man page and other files.

Closes #194.

7 years agoRemoved -o argument when creating .../ipsec.d with install
Tobias Brunner [Tue, 19 Jun 2012 15:26:54 +0000 (17:26 +0200)]
Removed -o argument when creating .../ipsec.d with install

This should have been removed with 2b52d5cb41.

7 years agoUpdated ipsec script man page after removing pluto
Tobias Brunner [Tue, 19 Jun 2012 14:09:50 +0000 (16:09 +0200)]
Updated ipsec script man page after removing pluto

7 years agoUse mac_t and PRF and signer wrappers in cmac plugin
Tobias Brunner [Mon, 25 Jun 2012 11:00:57 +0000 (13:00 +0200)]
Use mac_t and PRF and signer wrappers in cmac plugin

7 years agoUse mac_t and PRF and signer wrappers in xcbc plugin
Tobias Brunner [Mon, 25 Jun 2012 10:50:55 +0000 (12:50 +0200)]
Use mac_t and PRF and signer wrappers in xcbc plugin

7 years agoMake the hmac_t interface a generic interface for message authentication codes
Tobias Brunner [Mon, 25 Jun 2012 09:37:04 +0000 (11:37 +0200)]
Make the hmac_t interface a generic interface for message authentication codes

7 years agoSimplified creation of PRFs and signers in openssl and hmac plugins
Tobias Brunner [Fri, 22 Jun 2012 09:30:46 +0000 (11:30 +0200)]
Simplified creation of PRFs and signers in openssl and hmac plugins

7 years agoFunction to convert PRFs to hash algorithms added
Tobias Brunner [Fri, 22 Jun 2012 09:28:43 +0000 (11:28 +0200)]
Function to convert PRFs to hash algorithms added

7 years agohasher_algorithm_from_integrity() optionally returns truncation length
Tobias Brunner [Fri, 22 Jun 2012 09:28:10 +0000 (11:28 +0200)]
hasher_algorithm_from_integrity() optionally returns truncation length

7 years agoUse simple wrappers for HMAC based PRF and signer in openssl plugin
Tobias Brunner [Fri, 22 Jun 2012 08:52:20 +0000 (10:52 +0200)]
Use simple wrappers for HMAC based PRF and signer in openssl plugin

7 years agoUse simple wrappers for HMAC based PRF and signer in hmac plugin
Tobias Brunner [Fri, 22 Jun 2012 08:38:37 +0000 (10:38 +0200)]
Use simple wrappers for HMAC based PRF and signer in hmac plugin

7 years agoSimple wrappers for HMAC based prf_t and signer_t implementations added
Tobias Brunner [Fri, 22 Jun 2012 07:39:09 +0000 (09:39 +0200)]
Simple wrappers for HMAC based prf_t and signer_t implementations added

7 years agoRefactored OpenSSL based HMAC implementation
Tobias Brunner [Thu, 21 Jun 2012 11:10:26 +0000 (13:10 +0200)]
Refactored OpenSSL based HMAC implementation

7 years agoAdding OpenSSL HMAC signer functions to openssl plugin
Aleksandr Grinberg [Wed, 20 Jun 2012 20:46:21 +0000 (13:46 -0700)]
Adding OpenSSL HMAC signer functions to openssl plugin

7 years agoAdding OpenSSL HMAC pseudo random functions to openssl plugin
Aleksandr Grinberg [Wed, 20 Jun 2012 20:43:47 +0000 (13:43 -0700)]
Adding OpenSSL HMAC pseudo random functions to openssl plugin

7 years agoAdding OpenSSL random number functions to openssl plugin
Aleksandr Grinberg [Wed, 20 Jun 2012 20:39:37 +0000 (13:39 -0700)]
Adding OpenSSL random number functions to openssl plugin

7 years agoFixed IPv6 source address lookup
Tobias Brunner [Mon, 18 Jun 2012 10:01:10 +0000 (12:01 +0200)]
Fixed IPv6 source address lookup

Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for
IPv6 routes we didn't use NLM_F_DUMP to get all routes.
Still routes installed with policies are installed also for IPv6.
So since only one route is returned without DUMP, and we ignore
all routes from our own routing table, no source address was found
during roaming if DST of the installed route included the IKE peer.

With newer kernels we can now use DUMP as we did for IPv4 already,
for older kernels we do so if our own routes are installed in a
separate routing table, otherwise we still use GET.

7 years agoupdated default configuration of UML hosts to 5.0.0
Andreas Steffen [Mon, 25 Jun 2012 11:04:55 +0000 (13:04 +0200)]
updated default configuration of UML hosts to 5.0.0

7 years agoadded charon.cisco_unity to strongswan.conf.5 man page
Andreas Steffen [Mon, 25 Jun 2012 09:47:40 +0000 (11:47 +0200)]
added charon.cisco_unity to strongswan.conf.5 man page

7 years agosupport Cisco Unity VID
Andreas Steffen [Mon, 25 Jun 2012 09:00:12 +0000 (11:00 +0200)]
support Cisco Unity VID

7 years agoEnable xauth-generic by default but don't build it if IKEv1 is disabled
Tobias Brunner [Mon, 25 Jun 2012 09:07:49 +0000 (11:07 +0200)]
Enable xauth-generic by default but don't build it if IKEv1 is disabled

7 years agoRemove CREDITS from distribution
Tobias Brunner [Mon, 25 Jun 2012 09:07:35 +0000 (11:07 +0200)]
Remove CREDITS from distribution

7 years agoThe AUTHORS file is required by automake
Tobias Brunner [Mon, 25 Jun 2012 08:59:27 +0000 (10:59 +0200)]
The AUTHORS file is required by automake

7 years agoLICENSE file updated
Tobias Brunner [Thu, 21 Jun 2012 16:14:43 +0000 (18:14 +0200)]
LICENSE file updated

7 years agoldaphost and ldapbase ca section keywords are deprecated
Tobias Brunner [Thu, 21 Jun 2012 16:04:18 +0000 (18:04 +0200)]
ldaphost and ldapbase ca section keywords are deprecated

7 years agoRemoved pluto-specifics from ipsec script
Tobias Brunner [Thu, 21 Jun 2012 15:58:59 +0000 (17:58 +0200)]
Removed pluto-specifics from ipsec script

7 years agoREADME file cleaned up and updated
Tobias Brunner [Thu, 21 Jun 2012 15:55:08 +0000 (17:55 +0200)]
README file cleaned up and updated

7 years agoEnforce uniqueids=keep based on XAuth identity
Martin Willi [Thu, 14 Jun 2012 13:25:11 +0000 (15:25 +0200)]
Enforce uniqueids=keep based on XAuth identity

7 years agoDon't send XAUTH_OK if a hook prevents SA to establish
Martin Willi [Thu, 14 Jun 2012 13:23:57 +0000 (15:23 +0200)]
Don't send XAUTH_OK if a hook prevents SA to establish

7 years agoEnforce uniqueids=keep only for non-XAuth Main/Agressive Modes
Martin Willi [Thu, 14 Jun 2012 13:08:37 +0000 (15:08 +0200)]
Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes

7 years agoShow EAP/XAuth identity in "ipsec status", if available
Martin Willi [Thu, 14 Jun 2012 13:07:44 +0000 (15:07 +0200)]
Show EAP/XAuth identity in "ipsec status", if available

7 years agoUse XAuth/EAP remote identity for uniqueness check
Martin Willi [Thu, 14 Jun 2012 12:47:40 +0000 (14:47 +0200)]
Use XAuth/EAP remote identity for uniqueness check

7 years agoAdd missing XAuth name variable when complaining about missing XAuth backend
Martin Willi [Mon, 25 Jun 2012 08:09:27 +0000 (10:09 +0200)]
Add missing XAuth name variable when complaining about missing XAuth backend

7 years agoremoved AUTHORS and CREDITS
Andreas Steffen [Mon, 25 Jun 2012 06:45:10 +0000 (08:45 +0200)]
removed AUTHORS and CREDITS

7 years agosome copyright additions
Andreas Steffen [Sat, 23 Jun 2012 10:09:29 +0000 (12:09 +0200)]
some copyright additions

7 years agoupdate copyright
Andreas Steffen [Sat, 23 Jun 2012 09:57:42 +0000 (11:57 +0200)]
update copyright

7 years agoversion bump to 5.0.0
Andreas Steffen [Sat, 23 Jun 2012 09:32:54 +0000 (11:32 +0200)]
version bump to 5.0.0

7 years agoFix SIGSEGV if kernel install fails during Quick Mode as responder.
Tobias Brunner [Thu, 7 Jun 2012 12:59:20 +0000 (14:59 +0200)]
Fix SIGSEGV if kernel install fails during Quick Mode as responder.

7 years agoadapted description to IKEv2
Andreas Steffen [Fri, 22 Jun 2012 07:53:25 +0000 (09:53 +0200)]
adapted description to IKEv2

7 years agoFixed compile error because of charon->name in certexpire plugin.
Tobias Brunner [Thu, 21 Jun 2012 11:59:18 +0000 (13:59 +0200)]
Fixed compile error because of charon->name in certexpire plugin.

7 years agofixed typo
Andreas Steffen [Wed, 20 Jun 2012 09:15:09 +0000 (11:15 +0200)]
fixed typo

7 years agoadded ipv6/rw-ip6-in-ip4-ikev1 scenario
Andreas Steffen [Wed, 20 Jun 2012 09:13:20 +0000 (11:13 +0200)]
added ipv6/rw-ip6-in-ip4-ikev1 scenario

7 years agoadded ipv6/rw-ip6-in-ip4-ikev2 scenario
Andreas Steffen [Wed, 20 Jun 2012 09:03:51 +0000 (11:03 +0200)]
added ipv6/rw-ip6-in-ip4-ikev2 scenario

7 years agoSelect requested virtual IP family based on remote TS, if no local TS available
Martin Willi [Wed, 20 Jun 2012 08:01:05 +0000 (10:01 +0200)]
Select requested virtual IP family based on remote TS, if no local TS available

7 years agoupgraded UML options to 5.0.0
Andreas Steffen [Tue, 19 Jun 2012 17:34:26 +0000 (19:34 +0200)]
upgraded UML options to 5.0.0

7 years agoDoxygen fix in PKCS#7 wrapper
Tobias Brunner [Tue, 19 Jun 2012 11:32:24 +0000 (13:32 +0200)]
Doxygen fix in PKCS#7 wrapper

7 years agosleep one second more
Andreas Steffen [Tue, 19 Jun 2012 04:18:05 +0000 (06:18 +0200)]
sleep one second more

7 years agouse socket-default in scenario
Andreas Steffen [Tue, 19 Jun 2012 04:17:37 +0000 (06:17 +0200)]
use socket-default in scenario

7 years agoadded ikev1/xauth-id-rsa-hybrid scenario
Andreas Steffen [Mon, 18 Jun 2012 20:51:50 +0000 (22:51 +0200)]
added ikev1/xauth-id-rsa-hybrid scenario

7 years agoadded ikev1/xauth-id-rsa-aggressive scenario
Andreas Steffen [Mon, 18 Jun 2012 20:30:26 +0000 (22:30 +0200)]
added ikev1/xauth-id-rsa-aggressive scenario

7 years agoadded secret as valid authby argument
Andreas Steffen [Mon, 18 Jun 2012 20:11:18 +0000 (22:11 +0200)]
added secret as valid authby argument

7 years agorsasig is not recognized as authentication method
Andreas Steffen [Mon, 18 Jun 2012 20:03:36 +0000 (22:03 +0200)]
rsasig is not recognized as authentication method

7 years agoenable potentially unsafe aggressive mode
Andreas Steffen [Mon, 18 Jun 2012 19:34:48 +0000 (21:34 +0200)]
enable potentially unsafe aggressive mode

7 years agochange ikev1/xauth scenarios to modern notation
Andreas Steffen [Mon, 18 Jun 2012 19:22:01 +0000 (21:22 +0200)]
change ikev1/xauth scenarios to modern notation

7 years agotesting: List IPv6 routing table in IPv6 test cases.
Tobias Brunner [Fri, 15 Jun 2012 13:19:23 +0000 (15:19 +0200)]
testing: List IPv6 routing table in IPv6 test cases.

7 years agoNLM_F_DUMP includes NLM_F_ROOT.
Tobias Brunner [Fri, 15 Jun 2012 10:50:30 +0000 (12:50 +0200)]
NLM_F_DUMP includes NLM_F_ROOT.