strongswan.git
12 years agofixing mediation extension
Tobias Brunner [Tue, 11 Nov 2008 13:12:05 +0000 (13:12 -0000)]
fixing mediation extension

12 years agosome typos
Tobias Brunner [Tue, 11 Nov 2008 13:11:44 +0000 (13:11 -0000)]
some typos

12 years agoadded some NEWS for 4.2.9
Martin Willi [Tue, 11 Nov 2008 12:52:55 +0000 (12:52 -0000)]
added some NEWS for 4.2.9

12 years agodynamic logging configuration through strongswan.conf
Martin Willi [Tue, 11 Nov 2008 10:52:37 +0000 (10:52 -0000)]
dynamic logging configuration through strongswan.conf
fallback to existing ipsec.conf/stroke loglevel configuration

12 years agofixed compiler warning
Martin Willi [Tue, 11 Nov 2008 10:29:31 +0000 (10:29 -0000)]
fixed compiler warning

12 years agofixing a memory leak
Tobias Brunner [Tue, 11 Nov 2008 09:56:47 +0000 (09:56 -0000)]
fixing a memory leak

12 years agomerging kernel_klips plugin back into trunk
Tobias Brunner [Tue, 11 Nov 2008 09:22:00 +0000 (09:22 -0000)]
merging kernel_klips plugin back into trunk

12 years agorenamed proxy to proxy_mode in stroke_msg.h
Andreas Steffen [Tue, 11 Nov 2008 07:28:52 +0000 (07:28 -0000)]
renamed proxy to proxy_mode in stroke_msg.h

12 years agodeleted obsolete parameter descriptions
Andreas Steffen [Tue, 11 Nov 2008 07:11:30 +0000 (07:11 -0000)]
deleted obsolete parameter descriptions

12 years agopreliminary support of Mobile IPv6
Andreas Steffen [Tue, 11 Nov 2008 06:37:37 +0000 (06:37 -0000)]
preliminary support of Mobile IPv6

12 years agoadded the MIPv6 options use_proxy_mode and install_policy
Andreas Steffen [Tue, 11 Nov 2008 06:29:25 +0000 (06:29 -0000)]
added the MIPv6 options use_proxy_mode and install_policy

12 years agocosmetics in debug output
Andreas Steffen [Tue, 11 Nov 2008 06:19:37 +0000 (06:19 -0000)]
cosmetics in debug output

12 years agowhitelisting localtime_r
Martin Willi [Mon, 10 Nov 2008 16:44:27 +0000 (16:44 -0000)]
whitelisting localtime_r

12 years agomake load_tester more strict to use it along stroke
Martin Willi [Mon, 10 Nov 2008 16:43:15 +0000 (16:43 -0000)]
make load_tester more strict to use it along stroke

12 years agofixed leak in host_create_from_string("%any")
Martin Willi [Mon, 10 Nov 2008 16:42:05 +0000 (16:42 -0000)]
fixed leak in host_create_from_string("%any")

12 years agofixed some minor issues found when using -DFORTIFY_SOURCE=2
Martin Willi [Mon, 10 Nov 2008 15:45:19 +0000 (15:45 -0000)]
fixed some minor issues found when using -DFORTIFY_SOURCE=2

12 years agoiterations = 0 for infinite iterations
Martin Willi [Mon, 10 Nov 2008 10:10:51 +0000 (10:10 -0000)]
iterations = 0 for infinite iterations

12 years agoadded PEM version of keys
Martin Willi [Mon, 10 Nov 2008 10:09:44 +0000 (10:09 -0000)]
added PEM version of keys

12 years agosettings section enumeration
Martin Willi [Fri, 7 Nov 2008 15:08:53 +0000 (15:08 -0000)]
settings section enumeration
printf style key lookup

12 years agofixed copy/paste error
Martin Willi [Fri, 7 Nov 2008 14:48:54 +0000 (14:48 -0000)]
fixed copy/paste error

12 years agouse of host_create_any() for %any address
Andreas Steffen [Fri, 7 Nov 2008 05:15:19 +0000 (05:15 -0000)]
use of host_create_any() for %any address

12 years agoSADB_X_EXT_KMADDRESS is not present in old kernels
Andreas Steffen [Fri, 7 Nov 2008 03:38:56 +0000 (03:38 -0000)]
SADB_X_EXT_KMADDRESS is not present in old kernels

12 years agoadded retrieval of remote kmaddress via PF_KEY
Andreas Steffen [Fri, 7 Nov 2008 03:23:59 +0000 (03:23 -0000)]
added retrieval of remote kmaddress via PF_KEY

12 years agoadded delete_after_established option
Martin Willi [Thu, 6 Nov 2008 14:07:46 +0000 (14:07 -0000)]
added delete_after_established option

12 years agofixed leak
Martin Willi [Thu, 6 Nov 2008 14:05:58 +0000 (14:05 -0000)]
fixed leak
fixed build if !HAVE_BACKTRACE

12 years agouse read-write locks in crypto factory for parallelization
Martin Willi [Wed, 5 Nov 2008 16:21:57 +0000 (16:21 -0000)]
use read-write locks in crypto factory for parallelization

12 years agowrapped all pthread_rwlock_t in profilable rwlock_t
Martin Willi [Wed, 5 Nov 2008 16:12:54 +0000 (16:12 -0000)]
wrapped all pthread_rwlock_t in profilable rwlock_t

12 years agowrapped rwlock with profiling support
Martin Willi [Wed, 5 Nov 2008 15:51:57 +0000 (15:51 -0000)]
wrapped rwlock with profiling support

12 years agothreshhold and ./configure option for lock profiler
Martin Willi [Wed, 5 Nov 2008 14:36:57 +0000 (14:36 -0000)]
threshhold and ./configure option for lock profiler

12 years agoadded missing includes
Martin Willi [Wed, 5 Nov 2008 14:22:58 +0000 (14:22 -0000)]
added missing includes

12 years agoseparated backtrace functionality from leak_detective, used in
Martin Willi [Wed, 5 Nov 2008 13:58:19 +0000 (13:58 -0000)]
separated backtrace functionality from leak_detective, used in
leak_detective
mutex profiling
signal handler

12 years agoproper cleanup of openssl locking code
Martin Willi [Wed, 5 Nov 2008 12:37:37 +0000 (12:37 -0000)]
proper cleanup of openssl locking code

12 years agofixed sender destruction order
Martin Willi [Wed, 5 Nov 2008 12:24:36 +0000 (12:24 -0000)]
fixed sender destruction order

12 years agofixed iterator regression introduced in [4577]
Martin Willi [Wed, 5 Nov 2008 11:55:17 +0000 (11:55 -0000)]
fixed iterator regression introduced in [4577]

12 years agoreplaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant
Martin Willi [Wed, 5 Nov 2008 11:29:56 +0000 (11:29 -0000)]
replaced most pthread_mutex/cond_t by wrapped mutex/condvar_t variant

12 years agoget rid of unused iterator hook functions
Martin Willi [Wed, 5 Nov 2008 08:37:09 +0000 (08:37 -0000)]
get rid of unused iterator hook functions

12 years agogot rid of deprecated create_iterator_locked()
Martin Willi [Wed, 5 Nov 2008 08:32:38 +0000 (08:32 -0000)]
got rid of deprecated create_iterator_locked()

12 years agosimple mutex profiler
Martin Willi [Wed, 5 Nov 2008 07:57:26 +0000 (07:57 -0000)]
simple mutex profiler

12 years agodo not install route if interface lookup failed
Martin Willi [Wed, 5 Nov 2008 07:38:55 +0000 (07:38 -0000)]
do not install route if interface lookup failed

12 years ago%any is IP family neutral
Andreas Steffen [Wed, 5 Nov 2008 05:32:43 +0000 (05:32 -0000)]
%any is IP family neutral

12 years agocorrected typo2
Andreas Steffen [Wed, 5 Nov 2008 05:27:42 +0000 (05:27 -0000)]
corrected typo2

12 years agosupport of %any address string
Andreas Steffen [Wed, 5 Nov 2008 04:53:45 +0000 (04:53 -0000)]
support of %any address string

12 years agohandle 0.0.0.0 string and af == AF_INET6
Andreas Steffen [Wed, 5 Nov 2008 00:41:46 +0000 (00:41 -0000)]
handle 0.0.0.0 string and af == AF_INET6

12 years agotwo new load_testing options:
Martin Willi [Tue, 4 Nov 2008 14:55:22 +0000 (14:55 -0000)]
two new load_testing options:
request_virtual_ip: request a INTERNAL_IPV4_ADDR as client
pool: provide addresses from a named virtual IP pool

12 years agoOpenSSL requires a signature length of exactly RSA_size()
Martin Willi [Tue, 4 Nov 2008 14:05:42 +0000 (14:05 -0000)]
OpenSSL requires a signature length of exactly RSA_size()

12 years agoremoved superfluous get_other_public_value in diffie_hellman_t interface
Martin Willi [Tue, 4 Nov 2008 13:12:11 +0000 (13:12 -0000)]
removed superfluous get_other_public_value in diffie_hellman_t interface

12 years agofixed bignum export if BN_num_bytes() != DH_size()
Martin Willi [Tue, 4 Nov 2008 13:05:00 +0000 (13:05 -0000)]
fixed bignum export if BN_num_bytes() != DH_size()

12 years agofixed memleak
Martin Willi [Tue, 4 Nov 2008 13:01:36 +0000 (13:01 -0000)]
fixed memleak

12 years agoadded a delay option to delay initiations
Martin Willi [Tue, 4 Nov 2008 12:59:53 +0000 (12:59 -0000)]
added a delay option to delay initiations

12 years agocorrected a copy-and-paste error
Andreas Steffen [Mon, 3 Nov 2008 23:46:42 +0000 (23:46 -0000)]
corrected a copy-and-paste error

12 years agoupdated copyright of kernel interface code
Andreas Steffen [Mon, 3 Nov 2008 23:34:23 +0000 (23:34 -0000)]
updated copyright of kernel interface code

12 years agoadded support for xfrm remote kmaddress
Andreas Steffen [Mon, 3 Nov 2008 23:29:34 +0000 (23:29 -0000)]
added support for xfrm remote kmaddress

12 years agoadded locking mechanism for multithreaded use of OpenSSL
Martin Willi [Mon, 3 Nov 2008 16:14:12 +0000 (16:14 -0000)]
added locking mechanism for multithreaded use of OpenSSL

12 years agoadded fake_kernel option to make dummy kernel implementation optional
Martin Willi [Mon, 3 Nov 2008 15:11:01 +0000 (15:11 -0000)]
added fake_kernel option to make dummy kernel implementation optional

12 years agoremoved accidently checked in debug code
Martin Willi [Mon, 3 Nov 2008 12:40:42 +0000 (12:40 -0000)]
removed accidently checked in debug code

12 years agoload testing between different hosts
Martin Willi [Mon, 3 Nov 2008 10:02:39 +0000 (10:02 -0000)]
load testing between different hosts

12 years agolog loaded plugins at startup
Martin Willi [Mon, 3 Nov 2008 09:44:54 +0000 (09:44 -0000)]
log loaded plugins at startup

12 years agoreverted 4541, does not fix the problem
Martin Willi [Mon, 3 Nov 2008 09:44:20 +0000 (09:44 -0000)]
reverted 4541, does not fix the problem

12 years agomigrate job creates a new IKE_SA
Andreas Steffen [Mon, 3 Nov 2008 07:08:59 +0000 (07:08 -0000)]
migrate job creates a new IKE_SA

12 years agoreplace tab by spaces
Andreas Steffen [Mon, 3 Nov 2008 06:56:22 +0000 (06:56 -0000)]
replace tab by spaces

12 years agoremoved unused variables
Andreas Steffen [Mon, 3 Nov 2008 03:56:03 +0000 (03:56 -0000)]
removed unused variables

12 years agomigrate_job() finds a matching child_cfg
Andreas Steffen [Mon, 3 Nov 2008 02:05:41 +0000 (02:05 -0000)]
migrate_job() finds a matching child_cfg

12 years agocorrected parameter description
Andreas Steffen [Mon, 3 Nov 2008 00:24:38 +0000 (00:24 -0000)]
corrected parameter description

12 years agocorrected captions
Andreas Steffen [Sun, 2 Nov 2008 22:13:17 +0000 (22:13 -0000)]
corrected captions

12 years agofully implemented the parsing of XFRM and PF_KEY MIGRATE messages
Andreas Steffen [Sun, 2 Nov 2008 21:34:52 +0000 (21:34 -0000)]
fully implemented the parsing of XFRM and PF_KEY MIGRATE messages

12 years agoremoved 0-byte truncation, fixes random Openssl RSA signature verification failures
Martin Willi [Fri, 31 Oct 2008 17:07:04 +0000 (17:07 -0000)]
removed 0-byte truncation, fixes random Openssl RSA signature verification failures

12 years agofixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)
Martin Willi [Fri, 31 Oct 2008 17:05:40 +0000 (17:05 -0000)]
fixed crash in openssl signature verification if sizeof(size_t) != sizeof(int) (64bit)

12 years agoidentify attributes of XFRM ACQUIRE and MIGRATE messages
Andreas Steffen [Fri, 31 Oct 2008 06:18:48 +0000 (06:18 -0000)]
identify attributes of XFRM ACQUIRE and MIGRATE messages

12 years agosubscribing XFRM socket for MIGRATE messages
Andreas Steffen [Fri, 31 Oct 2008 02:50:01 +0000 (02:50 -0000)]
subscribing XFRM socket for MIGRATE messages

12 years agoadapted evaltest.dat to extended acquire job message
Andreas Steffen [Fri, 31 Oct 2008 01:46:37 +0000 (01:46 -0000)]
adapted evaltest.dat to extended acquire job message

12 years agoparse xfrm and pf_key acquire messages and subscribe to migrate messages
Andreas Steffen [Fri, 31 Oct 2008 01:43:23 +0000 (01:43 -0000)]
parse xfrm and pf_key acquire messages and subscribe to migrate messages

12 years agoreverted changeset 4529:
Martin Willi [Thu, 30 Oct 2008 13:21:21 +0000 (13:21 -0000)]
reverted changeset 4529:
Camellia is 22 in IKEv1, but not-yet defined in IKEv2
in IKEv2, 22 is reserved for AES-XTS

12 years agoadded hooks for IKE and CHILD keymat
Martin Willi [Thu, 30 Oct 2008 12:58:54 +0000 (12:58 -0000)]
added hooks for IKE and CHILD keymat

12 years agostore plain skd, not the prf
Martin Willi [Thu, 30 Oct 2008 09:18:52 +0000 (09:18 -0000)]
store plain skd, not the prf

12 years agoadded Camellia CBC to list of encryption algorithms
Andreas Steffen [Thu, 30 Oct 2008 03:31:36 +0000 (03:31 -0000)]
added Camellia CBC to list of encryption algorithms

12 years agocorrected parameter description
Andreas Steffen [Thu, 30 Oct 2008 00:35:37 +0000 (00:35 -0000)]
corrected parameter description

12 years agomoved CHILD_SA key derivation to keymat_t
Martin Willi [Wed, 29 Oct 2008 16:06:16 +0000 (16:06 -0000)]
moved CHILD_SA key derivation to keymat_t
passing key chunks to CHILD_SA, not the PRF

12 years agoprf handles zero-length allocations graceful
Martin Willi [Wed, 29 Oct 2008 14:12:54 +0000 (14:12 -0000)]
prf handles zero-length allocations graceful

12 years agodo not store DH redundant in keymat
Martin Willi [Wed, 29 Oct 2008 13:35:06 +0000 (13:35 -0000)]
do not store DH redundant in keymat

12 years agoreplaced not-maintained ChangeLog
Martin Willi [Wed, 29 Oct 2008 09:27:51 +0000 (09:27 -0000)]
replaced not-maintained ChangeLog

12 years agoupgrade to linux-2.6.28 headers with support for kmaddress struct
Andreas Steffen [Wed, 29 Oct 2008 05:32:38 +0000 (05:32 -0000)]
upgrade to linux-2.6.28 headers with support for kmaddress struct

12 years agomoved key derivation and management into keymat object
Martin Willi [Tue, 28 Oct 2008 16:07:06 +0000 (16:07 -0000)]
moved key derivation and management into keymat object
allows secured implementation of key management (e.g. in kernel or HW)
only IKE keys for now

12 years agostore IKE proposal implicitly during derive_keys
Martin Willi [Tue, 28 Oct 2008 10:12:21 +0000 (10:12 -0000)]
store IKE proposal implicitly during derive_keys

12 years agofixed reauthentication time in statusall
Martin Willi [Tue, 28 Oct 2008 09:41:33 +0000 (09:41 -0000)]
fixed reauthentication time in statusall

12 years agorefining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key
Andreas Steffen [Tue, 28 Oct 2008 01:59:01 +0000 (01:59 -0000)]
refining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key

12 years agouse more generic stats getter, introducing new stats
Martin Willi [Mon, 27 Oct 2008 14:51:00 +0000 (14:51 -0000)]
use more generic stats getter, introducing new stats

12 years agonew release of NM debs
Martin Willi [Mon, 27 Oct 2008 12:01:23 +0000 (12:01 -0000)]
new release of NM debs

12 years agoincluding a "none" tundev to make NM happy
Martin Willi [Mon, 27 Oct 2008 11:30:27 +0000 (11:30 -0000)]
including a "none" tundev to make NM happy

12 years agofixed some compiler warnings
Martin Willi [Mon, 27 Oct 2008 11:13:33 +0000 (11:13 -0000)]
fixed some compiler warnings

12 years agoremove unused local DH_EXPONENT_ENTROPY definition
Andreas Steffen [Mon, 27 Oct 2008 00:02:22 +0000 (00:02 -0000)]
remove unused local DH_EXPONENT_ENTROPY definition

12 years agouse 512 bits of entropy for secret DH exponents
Andreas Steffen [Sun, 26 Oct 2008 23:53:52 +0000 (23:53 -0000)]
use 512 bits of entropy for secret DH exponents

12 years agoadditional getters for ipcomp and UDP encap
Martin Willi [Fri, 24 Oct 2008 09:51:48 +0000 (09:51 -0000)]
additional getters for ipcomp and UDP encap

12 years agomore CHILD_SA refactorings
Martin Willi [Fri, 24 Oct 2008 08:02:35 +0000 (08:02 -0000)]
more CHILD_SA refactorings

12 years agoinitiate connections simultaneously in load tester
Martin Willi [Wed, 22 Oct 2008 09:01:36 +0000 (09:01 -0000)]
initiate connections simultaneously in load tester

12 years agoinclude updown plugin in sql scenarios
Andreas Steffen [Tue, 21 Oct 2008 22:28:29 +0000 (22:28 -0000)]
include updown plugin in sql scenarios

12 years agoa load testing plugin, to:
Martin Willi [Tue, 21 Oct 2008 13:00:38 +0000 (13:00 -0000)]
a load testing plugin, to:
find multi-threading issues
do performance profiling

12 years agofixed enumeration of CHILD_SA traffic selectors
Martin Willi [Tue, 21 Oct 2008 10:57:40 +0000 (10:57 -0000)]
fixed enumeration of CHILD_SA traffic selectors

12 years agouse old algorithm nameagain in pfkey/alg-aes-xcbc scenario
Andreas Steffen [Tue, 21 Oct 2008 03:42:32 +0000 (03:42 -0000)]
use old algorithm nameagain in pfkey/alg-aes-xcbc scenario

12 years agoreset threads IKE_SA after checking other IKE_SAs
Martin Willi [Mon, 20 Oct 2008 11:38:16 +0000 (11:38 -0000)]
reset threads IKE_SA after checking other IKE_SAs
invoke updown script only if we have valid IKE_SA

12 years agore-established all previous AUD level messages
Andreas Steffen [Fri, 17 Oct 2008 03:44:06 +0000 (03:44 -0000)]
re-established all previous AUD level messages