strongswan.git
11 years agoadded time.h include for struct tm
Martin Willi [Tue, 2 Dec 2008 08:46:15 +0000 (08:46 -0000)]
added time.h include for struct tm

11 years agosome task queueing improvements:
Martin Willi [Mon, 1 Dec 2008 18:38:28 +0000 (18:38 -0000)]
some task queueing improvements:
- do not pass CHILD_SAs to task constructor, might not
  be valid anymore during execution (late lookup)
- use sub-tasks to delete CHILD/IKE_SA after rekeying,
  as we want to execute the delete before additional
  queued tasks

11 years agore-established lost default auth sys_logger
Andreas Steffen [Mon, 1 Dec 2008 01:24:55 +0000 (01:24 -0000)]
re-established lost default auth sys_logger

11 years agoschedule rekeying when activating passive IKE_SAs
Martin Willi [Fri, 28 Nov 2008 16:19:19 +0000 (16:19 -0000)]
schedule rekeying when activating passive IKE_SAs

11 years agodo not delete passive IKE_SAs
Martin Willi [Fri, 28 Nov 2008 15:44:25 +0000 (15:44 -0000)]
do not delete passive IKE_SAs

11 years agoadded a PASSIVE IKE_SA state to manage it externally
Martin Willi [Fri, 28 Nov 2008 10:49:14 +0000 (10:49 -0000)]
added a PASSIVE IKE_SA state to manage it externally

11 years agopass SKd to derive_ike_keys() to have a more interoperable API
Martin Willi [Fri, 28 Nov 2008 09:51:44 +0000 (09:51 -0000)]
pass SKd to derive_ike_keys() to have a more interoperable API

11 years agofixed a double-unlock bug, showed up when using rwlocks in backend manager
Martin Willi [Fri, 28 Nov 2008 08:22:55 +0000 (08:22 -0000)]
fixed a double-unlock bug, showed up when using rwlocks in backend manager

11 years agouse rwlocks in backend manager to allow simultaneous access
Martin Willi [Thu, 27 Nov 2008 15:34:17 +0000 (15:34 -0000)]
use rwlocks in backend manager to allow simultaneous access

11 years agouse a rwlock in attribute manager to allow simultaneous access
Martin Willi [Thu, 27 Nov 2008 15:22:41 +0000 (15:22 -0000)]
use a rwlock in attribute manager to allow simultaneous access

11 years agoremove attribute provider in SQL plugin destruction
Martin Willi [Thu, 27 Nov 2008 14:33:41 +0000 (14:33 -0000)]
remove attribute provider in SQL plugin destruction

11 years agoadded an include hack to build starter without gmp.h
Martin Willi [Thu, 27 Nov 2008 10:20:25 +0000 (10:20 -0000)]
added an include hack to build starter without gmp.h

11 years agofixed pluto out-of-tree builds
Martin Willi [Thu, 27 Nov 2008 10:18:38 +0000 (10:18 -0000)]
fixed pluto out-of-tree builds

11 years agotoken enumerator missed the last token if it contains only a single char
Martin Willi [Thu, 27 Nov 2008 09:21:52 +0000 (09:21 -0000)]
token enumerator missed the last token if it contains only a single char

11 years agocheckin of non-existing IKE_SAs
Martin Willi [Wed, 26 Nov 2008 14:32:55 +0000 (14:32 -0000)]
checkin of non-existing IKE_SAs
removed unneeded checkin() return values

11 years agoremoved private parser function pointers, allows compiler to inline
Martin Willi [Wed, 26 Nov 2008 10:54:08 +0000 (10:54 -0000)]
removed private parser function pointers, allows compiler to inline

11 years agoremoved private generator function pointers, allows compiler to inline
Martin Willi [Wed, 26 Nov 2008 10:42:54 +0000 (10:42 -0000)]
removed private generator function pointers, allows compiler to inline

11 years agoinlined some short chunk functions, showed up in the profiler
Martin Willi [Wed, 26 Nov 2008 10:08:36 +0000 (10:08 -0000)]
inlined some short chunk functions, showed up in the profiler

11 years agomemxor() tweaks, as it is heavily used in xcbc
Martin Willi [Wed, 26 Nov 2008 10:06:59 +0000 (10:06 -0000)]
memxor() tweaks, as it is heavily used in xcbc

11 years agoallow to globally disable DOS protection by setting charon.dos_protection to no.
Tobias Brunner [Wed, 26 Nov 2008 09:22:19 +0000 (09:22 -0000)]
allow to globally disable DOS protection by setting charon.dos_protection to no.

11 years agooptimized the scheduler for performance by replacing the linked list with a heap.
Tobias Brunner [Tue, 25 Nov 2008 19:56:05 +0000 (19:56 -0000)]
optimized the scheduler for performance by replacing the linked list with a heap.

11 years agoreplacing the pthread_mutex in scheduler_t with the wrapped implementation.
Tobias Brunner [Tue, 25 Nov 2008 19:30:02 +0000 (19:30 -0000)]
replacing the pthread_mutex in scheduler_t with the wrapped implementation.
added a method to condvar_t which allows to wait for an absolute timeout.

11 years agoperformance optimization for the DOS protection.
Tobias Brunner [Tue, 25 Nov 2008 13:16:05 +0000 (13:16 -0000)]
performance optimization for the DOS protection.
 * half-open SAs per peer are tracked in a hash table
 * charon.dos_protection setting replaced with charon.cookie_threshold and charon.block_threshold
 * chunk_hash function added

11 years agofixed crash due to missing function call parameter
Andreas Steffen [Tue, 25 Nov 2008 08:11:57 +0000 (08:11 -0000)]
fixed crash due to missing function call parameter

11 years agouse static IPsec policy iptables rule for alice in mobike scenario
Andreas Steffen [Tue, 25 Nov 2008 08:11:14 +0000 (08:11 -0000)]
use static IPsec policy iptables rule for alice in mobike scenario

11 years agofixed set_message_id() on IKE_SA
Martin Willi [Mon, 24 Nov 2008 13:59:30 +0000 (13:59 -0000)]
fixed set_message_id() on IKE_SA
added missing bus->message() hook invocation
whitespace cleanups

11 years agoset message IDs on IKE_SAs
Martin Willi [Mon, 24 Nov 2008 12:46:06 +0000 (12:46 -0000)]
set message IDs on IKE_SAs

11 years agomoved the IPV6_IPSEC_POLICY definition to the ipsec plugins, fixes uClibc build
Martin Willi [Mon, 24 Nov 2008 08:22:05 +0000 (08:22 -0000)]
moved the IPV6_IPSEC_POLICY definition to the ipsec plugins, fixes uClibc build

11 years agoadded a "load_tester.auth" option: "pubkey" (default) or "psk"
Martin Willi [Sun, 23 Nov 2008 11:58:41 +0000 (11:58 -0000)]
added a "load_tester.auth" option: "pubkey" (default) or "psk"

11 years agoproper cancellation of load-testing initiators
Martin Willi [Sun, 23 Nov 2008 11:17:30 +0000 (11:17 -0000)]
proper cancellation of load-testing initiators

11 years agoadded a MODP_NULL Diffie Hellman group to avoid calculation overhead in load-testing
Martin Willi [Sat, 22 Nov 2008 16:14:55 +0000 (16:14 -0000)]
added a MODP_NULL Diffie Hellman group to avoid calculation overhead in load-testing

11 years agoexpecting int sized length arguments to chunk_split, as vararg functions use integers
Martin Willi [Fri, 21 Nov 2008 08:11:24 +0000 (08:11 -0000)]
expecting int sized length arguments to chunk_split, as vararg functions use integers

11 years agofixing Makefile of the nm plugin (avoids including a .svn directory in the distribution)
Tobias Brunner [Thu, 20 Nov 2008 14:46:03 +0000 (14:46 -0000)]
fixing Makefile of the nm plugin (avoids including a .svn directory in the distribution)

11 years agooptimized ike_sa_manager for concurrent access (default behavior is still as before...
Tobias Brunner [Thu, 20 Nov 2008 13:30:23 +0000 (13:30 -0000)]
optimized ike_sa_manager for concurrent access (default behavior is still as before, needs configuration in strongswan.conf).

11 years agofixed lock-profiler help message
Martin Willi [Wed, 19 Nov 2008 15:37:46 +0000 (15:37 -0000)]
fixed lock-profiler help message

11 years agorefactored and cleaned up child_sa interface
Martin Willi [Wed, 19 Nov 2008 15:31:27 +0000 (15:31 -0000)]
refactored and cleaned up child_sa interface
replaced add/update calls by a install() call
allocating SPIs always externally
support installation of non-allocated CHILD_SAs
some other cleanups

11 years agofixing compilation on systems lacking linux/xfrm.h
Tobias Brunner [Tue, 18 Nov 2008 14:28:05 +0000 (14:28 -0000)]
fixing compilation on systems lacking linux/xfrm.h

11 years agosetting default port of own address to have a proper fallback if src addr lookup...
Martin Willi [Tue, 18 Nov 2008 10:10:36 +0000 (10:10 -0000)]
setting default port of own address to have a proper fallback if src addr lookup fails

11 years agoconsider interfaces we do not monitor as up (e.g. lo)
Martin Willi [Tue, 18 Nov 2008 09:52:28 +0000 (09:52 -0000)]
consider interfaces we do not monitor as up (e.g. lo)
fixes load-testing against 127.0.0.1

11 years agoversion bump to 4.2.10
Andreas Steffen [Tue, 18 Nov 2008 00:02:59 +0000 (00:02 -0000)]
version bump to 4.2.10

11 years agoseparated updown listener to its own class 4.2.9
Martin Willi [Mon, 17 Nov 2008 09:29:27 +0000 (09:29 -0000)]
separated updown listener to its own class
caching interface names to properly remove rules if interface has changed

11 years agofixed virtual IP re-installation failure in MOBIKE scenarios introduced with changese...
Andreas Steffen [Mon, 17 Nov 2008 00:01:34 +0000 (00:01 -0000)]
fixed virtual IP re-installation failure in MOBIKE scenarios introduced with changeset 4662

11 years agoset release number back to 4.2.9
Andreas Steffen [Sun, 16 Nov 2008 22:25:16 +0000 (22:25 -0000)]
set release number back to 4.2.9

11 years agoadded migration to NEWS
Andreas Steffen [Sun, 16 Nov 2008 21:23:56 +0000 (21:23 -0000)]
added migration to NEWS

11 years agocompleted migration of MIPv6 connections
Andreas Steffen [Sun, 16 Nov 2008 21:19:58 +0000 (21:19 -0000)]
completed migration of MIPv6 connections

11 years agoshow TRANSPORT_PROXY mode in ipsec status
Andreas Steffen [Sun, 16 Nov 2008 21:19:17 +0000 (21:19 -0000)]
show TRANSPORT_PROXY mode in ipsec status

11 years agousing aligned buffers for netlink
Martin Willi [Fri, 14 Nov 2008 14:23:11 +0000 (14:23 -0000)]
using aligned buffers for netlink

11 years agofallback to reauthentication if peer does not support CHILD_SA rekeying
Martin Willi [Fri, 14 Nov 2008 14:05:47 +0000 (14:05 -0000)]
fallback to reauthentication if peer does not support CHILD_SA rekeying

11 years agofall back to reauthentication if IKE rekeying fails with NO_ADDITIONAL_SAS
Martin Willi [Fri, 14 Nov 2008 13:58:16 +0000 (13:58 -0000)]
fall back to reauthentication if IKE rekeying fails with NO_ADDITIONAL_SAS

11 years agoalso use correct encap parameter in PF_KEY
Martin Willi [Fri, 14 Nov 2008 13:15:26 +0000 (13:15 -0000)]
also use correct encap parameter in PF_KEY

11 years agofixed encap enabling in xfrm (using new encap state, not the old one)
Martin Willi [Fri, 14 Nov 2008 13:12:07 +0000 (13:12 -0000)]
fixed encap enabling in xfrm (using new encap state, not the old one)

11 years agodo not use a route if outgoing interface is down
Martin Willi [Fri, 14 Nov 2008 13:04:22 +0000 (13:04 -0000)]
do not use a route if outgoing interface is down
other cleanups

11 years agorta->rta_len is NOT the payload data length, use RTA_PAYLOAD(rta) instead!
Martin Willi [Fri, 14 Nov 2008 10:30:26 +0000 (10:30 -0000)]
rta->rta_len is NOT the payload data length, use RTA_PAYLOAD(rta) instead!

11 years agodo not use public interface for functions which are local anyway
Martin Willi [Fri, 14 Nov 2008 09:38:49 +0000 (09:38 -0000)]
do not use public interface for functions which are local anyway

11 years agoreset IKE_SA on bus during child_sa destruction
Martin Willi [Fri, 14 Nov 2008 08:38:53 +0000 (08:38 -0000)]
reset IKE_SA on bus during child_sa destruction

11 years agoadapted evaltest.dat to changed debug output
Andreas Steffen [Thu, 13 Nov 2008 21:38:16 +0000 (21:38 -0000)]
adapted evaltest.dat to changed debug output

11 years agoupdated API doc for socket.h
Martin Willi [Thu, 13 Nov 2008 07:48:27 +0000 (07:48 -0000)]
updated API doc for socket.h

11 years agoported socket enumerator to raw-socket.c
Martin Willi [Thu, 13 Nov 2008 07:15:45 +0000 (07:15 -0000)]
ported socket enumerator to raw-socket.c
some cleanups in socket.c

11 years agoadded type=transport_proxy and installpolicy=yes|no to man page
Andreas Steffen [Thu, 13 Nov 2008 06:29:53 +0000 (06:29 -0000)]
added type=transport_proxy and installpolicy=yes|no to man page

11 years agoadded MIPv6 functionality to NEWS
Andreas Steffen [Thu, 13 Nov 2008 05:46:51 +0000 (05:46 -0000)]
added MIPv6 functionality to NEWS

11 years agocorrected unwanted deletion in comment
Andreas Steffen [Wed, 12 Nov 2008 22:57:46 +0000 (22:57 -0000)]
corrected unwanted deletion in comment

11 years agoBEET mode might want forwarding policies
Martin Willi [Wed, 12 Nov 2008 16:47:19 +0000 (16:47 -0000)]
BEET mode might want forwarding policies

11 years agoremoved some obsolete includes
Martin Willi [Wed, 12 Nov 2008 16:10:34 +0000 (16:10 -0000)]
removed some obsolete includes

11 years agomoved ike_initiator flag to IKE_SAs condition bitfield
Martin Willi [Wed, 12 Nov 2008 16:07:17 +0000 (16:07 -0000)]
moved ike_initiator flag to IKE_SAs condition bitfield

11 years agoported some hard-to-merge cherries back to trunk :-/
Martin Willi [Wed, 12 Nov 2008 15:09:24 +0000 (15:09 -0000)]
ported some hard-to-merge cherries back to trunk :-/
shame, svn, shame: this was ways to complicated
we should consider a switch to git...

11 years agofixing keylength bug at the right place:
Martin Willi [Wed, 12 Nov 2008 08:27:48 +0000 (08:27 -0000)]
fixing keylength bug at the right place:
we usually don't touch output parameters if operations fails

11 years agoimproved fix
Andreas Steffen [Wed, 12 Nov 2008 04:08:30 +0000 (04:08 -0000)]
improved fix

11 years agofixed AES-CCM/GCM authenticated encryption by eliminating generation of superfluous...
Andreas Steffen [Wed, 12 Nov 2008 04:02:10 +0000 (04:02 -0000)]
fixed AES-CCM/GCM authenticated encryption by eliminating generation of superfluous generation of integrity keying material

11 years agofixed compiler warnings issued by:
Martin Willi [Tue, 11 Nov 2008 18:37:19 +0000 (18:37 -0000)]
fixed compiler warnings issued by:
gcc 4.3
curl.h gcc type-checking
glibc with enabled FORTIFY_SOURCE checking

11 years ago#defing out compress algs to avoid compiler warning
Martin Willi [Tue, 11 Nov 2008 18:35:10 +0000 (18:35 -0000)]
#defing out compress algs to avoid compiler warning

11 years agoupdated method signature of add_policy
Martin Willi [Tue, 11 Nov 2008 18:33:48 +0000 (18:33 -0000)]
updated method signature of add_policy

11 years agofixed compilation of medcli plugin
Martin Willi [Tue, 11 Nov 2008 15:20:25 +0000 (15:20 -0000)]
fixed compilation of medcli plugin

11 years agoadded missing include for ULONG_MAX
Martin Willi [Tue, 11 Nov 2008 15:19:13 +0000 (15:19 -0000)]
added missing include for ULONG_MAX

11 years agoannouncing the kernel plugins
Tobias Brunner [Tue, 11 Nov 2008 13:35:51 +0000 (13:35 -0000)]
announcing the kernel plugins

11 years agofixing mediation extension
Tobias Brunner [Tue, 11 Nov 2008 13:12:05 +0000 (13:12 -0000)]
fixing mediation extension

11 years agosome typos
Tobias Brunner [Tue, 11 Nov 2008 13:11:44 +0000 (13:11 -0000)]
some typos

11 years agoadded some NEWS for 4.2.9
Martin Willi [Tue, 11 Nov 2008 12:52:55 +0000 (12:52 -0000)]
added some NEWS for 4.2.9

11 years agodynamic logging configuration through strongswan.conf
Martin Willi [Tue, 11 Nov 2008 10:52:37 +0000 (10:52 -0000)]
dynamic logging configuration through strongswan.conf
fallback to existing ipsec.conf/stroke loglevel configuration

11 years agofixed compiler warning
Martin Willi [Tue, 11 Nov 2008 10:29:31 +0000 (10:29 -0000)]
fixed compiler warning

11 years agofixing a memory leak
Tobias Brunner [Tue, 11 Nov 2008 09:56:47 +0000 (09:56 -0000)]
fixing a memory leak

11 years agomerging kernel_klips plugin back into trunk
Tobias Brunner [Tue, 11 Nov 2008 09:22:00 +0000 (09:22 -0000)]
merging kernel_klips plugin back into trunk

11 years agorenamed proxy to proxy_mode in stroke_msg.h
Andreas Steffen [Tue, 11 Nov 2008 07:28:52 +0000 (07:28 -0000)]
renamed proxy to proxy_mode in stroke_msg.h

11 years agodeleted obsolete parameter descriptions
Andreas Steffen [Tue, 11 Nov 2008 07:11:30 +0000 (07:11 -0000)]
deleted obsolete parameter descriptions

11 years agopreliminary support of Mobile IPv6
Andreas Steffen [Tue, 11 Nov 2008 06:37:37 +0000 (06:37 -0000)]
preliminary support of Mobile IPv6

11 years agoadded the MIPv6 options use_proxy_mode and install_policy
Andreas Steffen [Tue, 11 Nov 2008 06:29:25 +0000 (06:29 -0000)]
added the MIPv6 options use_proxy_mode and install_policy

11 years agocosmetics in debug output
Andreas Steffen [Tue, 11 Nov 2008 06:19:37 +0000 (06:19 -0000)]
cosmetics in debug output

11 years agowhitelisting localtime_r
Martin Willi [Mon, 10 Nov 2008 16:44:27 +0000 (16:44 -0000)]
whitelisting localtime_r

11 years agomake load_tester more strict to use it along stroke
Martin Willi [Mon, 10 Nov 2008 16:43:15 +0000 (16:43 -0000)]
make load_tester more strict to use it along stroke

11 years agofixed leak in host_create_from_string("%any")
Martin Willi [Mon, 10 Nov 2008 16:42:05 +0000 (16:42 -0000)]
fixed leak in host_create_from_string("%any")

11 years agofixed some minor issues found when using -DFORTIFY_SOURCE=2
Martin Willi [Mon, 10 Nov 2008 15:45:19 +0000 (15:45 -0000)]
fixed some minor issues found when using -DFORTIFY_SOURCE=2

11 years agoiterations = 0 for infinite iterations
Martin Willi [Mon, 10 Nov 2008 10:10:51 +0000 (10:10 -0000)]
iterations = 0 for infinite iterations

11 years agoadded PEM version of keys
Martin Willi [Mon, 10 Nov 2008 10:09:44 +0000 (10:09 -0000)]
added PEM version of keys

11 years agosettings section enumeration
Martin Willi [Fri, 7 Nov 2008 15:08:53 +0000 (15:08 -0000)]
settings section enumeration
printf style key lookup

11 years agofixed copy/paste error
Martin Willi [Fri, 7 Nov 2008 14:48:54 +0000 (14:48 -0000)]
fixed copy/paste error

11 years agouse of host_create_any() for %any address
Andreas Steffen [Fri, 7 Nov 2008 05:15:19 +0000 (05:15 -0000)]
use of host_create_any() for %any address

11 years agoSADB_X_EXT_KMADDRESS is not present in old kernels
Andreas Steffen [Fri, 7 Nov 2008 03:38:56 +0000 (03:38 -0000)]
SADB_X_EXT_KMADDRESS is not present in old kernels

11 years agoadded retrieval of remote kmaddress via PF_KEY
Andreas Steffen [Fri, 7 Nov 2008 03:23:59 +0000 (03:23 -0000)]
added retrieval of remote kmaddress via PF_KEY

11 years agoadded delete_after_established option
Martin Willi [Thu, 6 Nov 2008 14:07:46 +0000 (14:07 -0000)]
added delete_after_established option

11 years agofixed leak
Martin Willi [Thu, 6 Nov 2008 14:05:58 +0000 (14:05 -0000)]
fixed leak
fixed build if !HAVE_BACKTRACE

11 years agouse read-write locks in crypto factory for parallelization
Martin Willi [Wed, 5 Nov 2008 16:21:57 +0000 (16:21 -0000)]
use read-write locks in crypto factory for parallelization