Spelling fixes

* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
laforge/swu
Josh Soref 3 years ago committed by Tobias Brunner
parent baf29263d5
commit b3ab7a48cc
  1. 20
      NEWS
  2. 2
      README_LEGACY.md
  3. 4
      conf/plugins/load-tester.opt
  4. 2
      conf/strongswan.conf.5.tail.in
  5. 4
      configure.ac
  6. 2
      src/charon-nm/nm/nm_backend.c
  7. 2
      src/charon-nm/nm/nm_service.c
  8. 2
      src/charon-tkm/src/tkm/tkm_listener.c
  9. 4
      src/conftest/README
  10. 4
      src/conftest/conftest.c
  11. 2
      src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_ipsec.c
  12. 2
      src/frontends/gnome/configure.ac
  13. 6
      src/frontends/gnome/properties/nm-strongswan-dialog.ui
  14. 2
      src/include/linux/xfrm.h
  15. 2
      src/libcharon/attributes/attribute_handler.h
  16. 2
      src/libcharon/attributes/attribute_manager.c
  17. 2
      src/libcharon/attributes/mem_pool.c
  18. 2
      src/libcharon/bus/bus.h
  19. 4
      src/libcharon/config/child_cfg.c
  20. 4
      src/libcharon/config/child_cfg.h
  21. 4
      src/libcharon/config/peer_cfg.c
  22. 2
      src/libcharon/config/peer_cfg.h
  23. 2
      src/libcharon/daemon.h
  24. 14
      src/libcharon/encoding/message.c
  25. 4
      src/libcharon/encoding/parser.c
  26. 2
      src/libcharon/encoding/payloads/cp_payload.h
  27. 2
      src/libcharon/encoding/payloads/eap_payload.c
  28. 10
      src/libcharon/encoding/payloads/encodings.h
  29. 2
      src/libcharon/encoding/payloads/fragment_payload.h
  30. 2
      src/libcharon/encoding/payloads/hash_payload.h
  31. 2
      src/libcharon/encoding/payloads/id_payload.h
  32. 10
      src/libcharon/encoding/payloads/payload.h
  33. 2
      src/libcharon/encoding/payloads/proposal_substructure.h
  34. 2
      src/libcharon/encoding/payloads/traffic_selector_substructure.h
  35. 4
      src/libcharon/kernel/kernel_interface.h
  36. 4
      src/libcharon/kernel/kernel_listener.h
  37. 2
      src/libcharon/network/receiver.c
  38. 2
      src/libcharon/plugins/dhcp/dhcp_provider.h
  39. 10
      src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h
  40. 2
      src/libcharon/plugins/eap_gtc/eap_gtc.c
  41. 2
      src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
  42. 4
      src/libcharon/plugins/eap_radius/eap_radius.c
  43. 6
      src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
  44. 2
      src/libcharon/plugins/forecast/forecast_listener.h
  45. 2
      src/libcharon/plugins/ha/ha_kernel.c
  46. 2
      src/libcharon/plugins/ha/ha_kernel.h
  47. 2
      src/libcharon/plugins/ha/ha_segments.c
  48. 2
      src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
  49. 2
      src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
  50. 2
      src/libcharon/plugins/load_tester/load_tester_config.c
  51. 2
      src/libcharon/plugins/socket_default/socket_default_socket.c
  52. 2
      src/libcharon/plugins/stroke/stroke_ca.h
  53. 2
      src/libcharon/plugins/stroke/stroke_config.c
  54. 2
      src/libcharon/plugins/stroke/stroke_cred.h
  55. 2
      src/libcharon/plugins/uci/uci_creds.c
  56. 2
      src/libcharon/plugins/unity/unity_provider.h
  57. 2
      src/libcharon/plugins/vici/README.md
  58. 2
      src/libcharon/plugins/vici/libvici.h
  59. 2
      src/libcharon/plugins/vici/ruby/vici.gemspec.in
  60. 2
      src/libcharon/plugins/vici/vici_authority.c
  61. 4
      src/libcharon/plugins/vici/vici_logger.c
  62. 2
      src/libcharon/plugins/vici/vici_logger.h
  63. 2
      src/libcharon/plugins/vici/vici_socket.c
  64. 2
      src/libcharon/processing/jobs/delete_ike_sa_job.h
  65. 2
      src/libcharon/processing/jobs/inactivity_job.h
  66. 2
      src/libcharon/sa/child_sa.c
  67. 2
      src/libcharon/sa/child_sa.h
  68. 4
      src/libcharon/sa/eap/eap_method.h
  69. 2
      src/libcharon/sa/ike_sa.c
  70. 10
      src/libcharon/sa/ike_sa.h
  71. 4
      src/libcharon/sa/ike_sa_id.h
  72. 4
      src/libcharon/sa/ike_sa_manager.c
  73. 4
      src/libcharon/sa/ikev1/keymat_v1.h
  74. 2
      src/libcharon/sa/ikev1/phase1.c
  75. 2
      src/libcharon/sa/ikev1/tasks/isakmp_delete.c
  76. 2
      src/libcharon/sa/ikev1/tasks/isakmp_natd.c
  77. 2
      src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h
  78. 2
      src/libcharon/sa/ikev2/connect_manager.c
  79. 2
      src/libcharon/sa/ikev2/keymat_v2.c
  80. 4
      src/libcharon/sa/ikev2/mediation_manager.c
  81. 2
      src/libcharon/sa/ikev2/tasks/ike_auth.c
  82. 2
      src/libcharon/sa/ikev2/tasks/ike_delete.c
  83. 2
      src/libcharon/sa/ikev2/tasks/ike_me.c
  84. 2
      src/libcharon/sa/ikev2/tasks/ike_natd.c
  85. 4
      src/libcharon/sa/task_manager.h
  86. 2
      src/libcharon/tests/suites/test_mem_pool.c
  87. 2
      src/libcharon/tests/utils/exchange_test_asserts.h
  88. 2
      src/libcharon/tests/utils/exchange_test_helper.h
  89. 2
      src/libfast/fast_dispatcher.c
  90. 2
      src/libfast/fast_request.h
  91. 2
      src/libimcv/ietf/ietf_attr_assess_result.h
  92. 2
      src/libimcv/ietf/ietf_attr_attr_request.h
  93. 2
      src/libimcv/ietf/ietf_attr_installed_packages.h
  94. 4
      src/libimcv/ietf/ietf_attr_numeric_version.h
  95. 2
      src/libimcv/ietf/ietf_attr_pa_tnc_error.h
  96. 2
      src/libimcv/ietf/ietf_attr_port_filter.h
  97. 2
      src/libimcv/ietf/ietf_attr_string_version.h
  98. 2
      src/libimcv/imv/imv_workitem.h
  99. 2
      src/libimcv/plugins/imc_swima/imc_swima_state.h
  100. 2
      src/libimcv/pts/components/pts_component.h
  101. Some files were not shown because too many files have changed in this diff Show More

20
NEWS

@ -188,7 +188,7 @@ strongswan-5.7.0
for low-exponent keys (i.e. with e=3). CVE-2018-16151 has been assigned to
the problem of accepting random bytes after the OID of the hash function in
such signatures, and CVE-2018-16152 has been assigned to the issue of not
verifying that the parameters in the ASN.1 algorithmIdentitifer structure is
verifying that the parameters in the ASN.1 algorithmIdentifier structure is
empty. Other flaws that don't lead to a vulnerability directly (e.g. not
checking for at least 8 bytes of padding) have no separate CVE assigned.
@ -694,7 +694,7 @@ strongswan-5.3.3
- In the bliss plugin the c_indices derivation using a SHA-512 based random
oracle has been fixed, generalized and standardized by employing the MGF1 mask
generation function with SHA-512. As a consequence BLISS signatures unsing the
generation function with SHA-512. As a consequence BLISS signatures using the
improved oracle are not compatible with the earlier implementation.
- Support for auto=route with right=%any for transport mode connections has
@ -1269,7 +1269,7 @@ strongswan-5.0.1
- The PA-TNC and PB-TNC protocols can now process huge data payloads
>64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
and these messages over several PB-TNC batches. As long as no
consolidated recommandation from all IMVs can be obtained, the TNC
consolidated recommendation from all IMVs can be obtained, the TNC
server requests more client data by sending an empty SDATA batch.
- The rightgroups2 ipsec.conf option can require group membership during
@ -1991,7 +1991,7 @@ strongswan-4.3.1
- The nm plugin also accepts CA certificates for gateway authentication. If
a CA certificate is configured, strongSwan uses the entered gateway address
as its idenitity, requiring the gateways certificate to contain the same as
as its identity, requiring the gateways certificate to contain the same as
subjectAltName. This allows a gateway administrator to deploy the same
certificates to Windows 7 and NetworkManager clients.
@ -2038,7 +2038,7 @@ strongswan-4.3.0
Initiators and responders can use several authentication rounds (e.g. RSA
followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
leftauth2/rightauth2 parameters define own authentication rounds or setup
constraints for the remote peer. See the ipsec.conf man page for more detials.
constraints for the remote peer. See the ipsec.conf man page for more details.
- If glibc printf hooks (register_printf_function) are not available,
strongSwan can use the vstr string library to run on non-glibc systems.
@ -2784,7 +2784,7 @@ strongswan-4.0.4
- Added support for preshared keys in IKEv2. PSK keys configured in
ipsec.secrets are loaded. The authby parameter specifies the authentication
method to authentificate ourself, the other peer may use PSK or RSA.
method to authenticate ourself, the other peer may use PSK or RSA.
- Changed retransmission policy to respect the keyingtries parameter.
@ -2922,7 +2922,7 @@ strongswan-2.7.0
left|rightfirewall keyword causes the automatic insertion
and deletion of ACCEPT rules for tunneled traffic upon
the successful setup and teardown of an IPsec SA, respectively.
left|rightfirwall can be used with KLIPS under any Linux 2.4
left|rightfirewall can be used with KLIPS under any Linux 2.4
kernel or with NETKEY under a Linux kernel version >= 2.6.16
in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
kernel version < 2.6.16 which does not support IPsec policy
@ -3043,7 +3043,7 @@ strongswan-2.6.0
to replace the various shell and awk starter scripts (setup, _plutoload,
_plutostart, _realsetup, _startklips, _confread, and auto). Since
ipsec.conf is now parsed only once, the starting of multiple tunnels is
accelerated tremedously.
accelerated tremendously.
- Added support of %defaultroute to the ipsec starter. If the IP address
changes, a HUP signal to the ipsec starter will automatically
@ -3177,9 +3177,9 @@ strongswan-2.5.1
- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
installed either by setting auto=route in ipsec.conf or by
a connection put into hold, generates an XFRM_AQUIRE event
a connection put into hold, generates an XFRM_ACQUIRE event
for each packet that wants to use the not-yet existing
tunnel. Up to now each XFRM_AQUIRE event led to an entry in
tunnel. Up to now each XFRM_ACQUIRE event led to an entry in
the Quick Mode queue, causing multiple IPsec SA to be
established in rapid succession. Starting with strongswan-2.5.1
only a single IPsec SA is established per host-pair connection.

@ -639,7 +639,7 @@ following entries are required in `/etc/ipsec.conf`:
conn rw1
right=%any
righsubnet=10.4.0.5/32
rightsubnet=10.4.0.5/32
conn rw2
right=%any

@ -25,7 +25,7 @@ charon.plugins.load-tester.crl
certificates.
charon.plugins.load-tester.delay = 0
Delay between initiatons for each thread.
Delay between initiations for each thread.
charon.plugins.load-tester.delete_after_established = no
Delete an IKE_SA as soon as it has been established.
@ -66,7 +66,7 @@ charon.plugins.load-tester.initiators = 0
Number of concurrent initiator threads to use in load test.
charon.plugins.load-tester.initiator_auth = pubkey
Authentication method(s) the intiator uses.
Authentication method(s) the initiator uses.
charon.plugins.load-tester.initiator_id =
Initiator ID used in load test.

@ -74,7 +74,7 @@ libtls library messages
libipsec library messages
.TP
.B lib
libstrongwan library messages
libstrongswan library messages
.TP
.B tnc
Trusted Network Connect

@ -55,7 +55,7 @@ ARG_WITH_SUBST([piddir], [/var/run], [set path for PID and UNIX sock
ARG_WITH_SUBST([ipsecdir], [${libexecdir%/}/ipsec], [set installation path for ipsec tools])
ARG_WITH_SUBST([ipseclibdir], [${libdir%/}/ipsec], [set installation path for ipsec libraries])
ARG_WITH_SUBST([plugindir], [${ipseclibdir%/}/plugins], [set the installation path of plugins])
ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic librariers])
ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic libraries])
ARG_WITH_SUBST([nm-ca-dir], [/usr/share/ca-certificates], [directory the NM backend uses to look up trusted root certificates])
ARG_WITH_SUBST([swanctldir], [${sysconfdir}/swanctl], [base directory for swanctl configuration files and credentials])
ARG_WITH_SUBST([linux-headers], [\${top_srcdir}/src/include], [set directory of linux header files to use])
@ -1035,7 +1035,7 @@ if test x$tss_tss2 = xtrue; then
AC_SUBST(tss2_LIBS, "$tss2_sys_LIBS")
else
PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Manager])],
[tss2_tabrmd=false])
PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
[tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],

@ -44,7 +44,7 @@ struct nm_backend_t {
nm_creds_t *creds;
/**
* attribute handler regeisterd at the daemon
* attribute handler registered at the daemon
*/
nm_handler_t *handler;
};

@ -561,7 +561,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
return FALSE;
}
}
/* ... or certificate/private key authenitcation */
/* ... or certificate/private key authentication */
else if ((str = nm_setting_vpn_get_data_item(vpn, "usercert")))
{
public_key_t *public;

@ -45,7 +45,7 @@ struct private_tkm_listener_t {
/**
* Return id of remote identity.
*
* TODO: Replace this with the lookup for the remote identitiy id.
* TODO: Replace this with the lookup for the remote identity id.
*
* Currently the reqid of the first child SA in peer config of IKE SA is
* returned. Might choose wrong reqid if IKE SA has multiple child configs

@ -108,7 +108,7 @@ The following CHILD_SA specific configuration options are supported:
lts: Local side traffic selectors, comma separated CIDR subnets
rts: Remote side traffic selectors, comma separated CIDR subnets
transport: Propose IPsec transport mode instead of tunnel mode
tfc_padding: Inject Traffic Flow Confidentialty bytes to align packets to the
tfc_padding: Inject Traffic Flow Confidentiality bytes to align packets to the
given length
proposal: CHILD_SA proposal list, same syntax as IKE_SA proposal list
@ -271,7 +271,7 @@ Currently, the following hooks are defined with the following options:
request: yes to set in request, no in response
id: IKEv2 message identifier of message to mangle
from: proposal number to mangle
to: new porposal number to set instead of from
to: new proposal number to set instead of from
set_reserved: set arbitrary reserved bits/bytes in payloads
request: yes to set in request, no in response
id: IKEv2 message identifier of message to mangle

@ -129,7 +129,7 @@ static bool load_cert(settings_t *settings, bool trusted)
}
/**
* Load certificates from the confiuguration file
* Load certificates from the configuration file
*/
static bool load_certs(settings_t *settings, char *dir)
{
@ -163,7 +163,7 @@ static bool load_certs(settings_t *settings, char *dir)
}
/**
* Load private keys from the confiuguration file
* Load private keys from the configuration file
*/
static bool load_keys(settings_t *settings, char *dir)
{

@ -38,7 +38,7 @@ struct private_kernel_android_ipsec_t {
};
/**
* Callback registrered with libipsec.
* Callback registered with libipsec.
*/
static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard)
{

@ -68,7 +68,7 @@ AC_ARG_ENABLE(
)
AC_ARG_WITH(
[libnm-glib],
AS_HELP_STRING([--without-libnm-glib], [build NetworkManager-strongswan without libnm-glib comatibility]),
AS_HELP_STRING([--without-libnm-glib], [build NetworkManager-strongswan without libnm-glib compatibility]),
[with_libnm_glib=no],
[with_libnm_glib=yes]
)

@ -27,7 +27,7 @@
</packing>
</child>
<child>
<object class="GtkAlignment" id="gateway-alignement">
<object class="GtkAlignment" id="gateway-alignment">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="left_padding">12</property>
@ -135,7 +135,7 @@
</packing>
</child>
<child>
<object class="GtkAlignment" id="client-aligement">
<object class="GtkAlignment" id="client-alignment">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="left_padding">12</property>
@ -351,7 +351,7 @@
</packing>
</child>
<child>
<object class="GtkAlignment" id="options-alignement">
<object class="GtkAlignment" id="options-alignment">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="left_padding">12</property>

@ -219,7 +219,7 @@ enum {
#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
/*
* Generic LSM security context for comunicating to user space
* Generic LSM security context for communicating to user space
* NOTE: Same format as sadb_x_sec_ctx
*/
struct xfrm_user_sec_ctx {

@ -37,7 +37,7 @@ struct attribute_handler_t {
/**
* Handle a configuration attribute.
*
* After receiving a configuration attriubte, it is passed to each
* After receiving a configuration attribute, it is passed to each
* attribute handler until it is handled.
*
* @param ike_sa IKE_SA under which attribute is received

@ -233,7 +233,7 @@ typedef struct {
enumerator_t *inner;
/** IKE_SA to request attributes for */
ike_sa_t *ike_sa;
/** virtual IPs we are requesting along with attriubutes */
/** virtual IPs we are requesting along with attributes */
linked_list_t *vips;
} initiator_enumerator_t;

@ -85,7 +85,7 @@ typedef struct {
* Lease entry.
*/
typedef struct {
/* identitiy reference */
/* identity reference */
identification_t *id;
/* array of online leases, as unique_lease_t */
array_t *online;

@ -461,7 +461,7 @@ struct bus_t {
* CHILD_SA migration hook.
*
* @param new ID of new SA when called for the old, NULL otherwise
* @param uniue unique ID of new SA when called for the old, 0 otherwise
* @param unique unique ID of new SA when called for the old, 0 otherwise
*/
void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique);

@ -114,12 +114,12 @@ struct private_child_cfg_t {
uint32_t reqid;
/**
* Optionl interface ID to use for inbound CHILD_SA
* Optional interface ID to use for inbound CHILD_SA
*/
uint32_t if_id_in;
/**
* Optionl interface ID to use for outbound CHILD_SA
* Optional interface ID to use for outbound CHILD_SA
*/
uint32_t if_id_out;

@ -96,7 +96,7 @@ struct child_cfg_t {
/**
* Select a proposal from a supplied list.
*
* Returned propsal is newly created and must be destroyed after usage.
* Returned proposal is newly created and must be destroyed after usage.
*
* @param proposals list from which proposals are selected
* @param flags flags to consider during proposal selection
@ -124,7 +124,7 @@ struct child_cfg_t {
* side, one for the remote side.
* If a list with traffic selectors is supplied, these are used to narrow
* down the traffic selector list to the greatest common divisor.
* Some traffic selector may be "dymamic", meaning they are narrowed down
* Some traffic selector may be "dynamic", meaning they are narrowed down
* to a specific address (host-to-host or virtual-IP setups). Use
* the "host" parameter to narrow such traffic selectors to that address.
* Resulted list and its traffic selectors must be destroyed after use.

@ -156,12 +156,12 @@ struct private_peer_cfg_t {
linked_list_t *remote_auth;
/**
* Optionl interface ID to use for inbound CHILD_SA
* Optional interface ID to use for inbound CHILD_SA
*/
uint32_t if_id_in;
/**
* Optionl interface ID to use for outbound CHILD_SA
* Optional interface ID to use for outbound CHILD_SA
*/
uint32_t if_id_out;

@ -134,7 +134,7 @@ struct peer_cfg_t {
ike_version_t (*get_ike_version)(peer_cfg_t *this);
/**
* Get the IKE config to use for initiaton.
* Get the IKE config to use for initiation.
*
* @return the IKE config to use
*/

@ -150,7 +150,7 @@
* synchronization:
* Each IKE_SA must be checked out strictly and checked in again after use. The
* manager guarantees that only one thread may check out a single IKE_SA. This
* allows us to write the (complex) IKE_SAs routines non-threadsave.
* allows us to write the (complex) IKE_SAs routines non-threadsafe.
* The IKE_SA contain the state and the logic of each IKE_SA and handle the
* messages.
*

@ -78,9 +78,9 @@ typedef struct {
/* Payload type */
payload_type_t type;
/* Minimal occurrence of this payload. */
size_t min_occurence;
size_t min_occurrence;
/* Max occurrence of this payload. */
size_t max_occurence;
size_t max_occurrence;
/* TRUE if payload must be encrypted */
bool encrypted;
/* If payload occurs, the message rule is fulfilled */
@ -1653,7 +1653,7 @@ static ike_header_t *create_header(private_message_t *this)
/**
* Generates the message, if needed, wraps the payloads in an encrypted payload.
*
* The generator and the possible enrypted payload are returned. The latter
* The generator and the possible encrypted payload are returned. The latter
* is not yet encrypted (but the transform is set). It is also not added to
* the payload list (so unless there are unencrypted payloads that list will
* be empty afterwards).
@ -2600,11 +2600,11 @@ static status_t verify(private_message_t *this)
found++;
DBG2(DBG_ENC, "found payload of type %N",
payload_type_names, type);
if (found > rule->max_occurence)
if (found > rule->max_occurrence)
{
DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
"occurred in current message", payload_type_names,
type, rule->max_occurence, found);
type, rule->max_occurrence, found);
enumerator->destroy(enumerator);
return VERIFY_ERROR;
}
@ -2612,10 +2612,10 @@ static status_t verify(private_message_t *this)
}
enumerator->destroy(enumerator);
if (!complete && found < rule->min_occurence)
if (!complete && found < rule->min_occurrence)
{
DBG1(DBG_ENC, "payload of type %N not occurred %d times (%d)",
payload_type_names, rule->type, rule->min_occurence, found);
payload_type_names, rule->type, rule->min_occurrence, found);
return VERIFY_ERROR;
}
if (found && rule->sufficient)

@ -391,7 +391,7 @@ METHOD(parser_t, parse_payload, status_t,
/* base pointer for output, avoids casting in every rule */
output = pld;
/* parse the payload with its own rulse */
/* parse the payload with its own rules */
rule_count = pld->get_encoding_rules(pld, &this->rules);
for (rule_number = 0; rule_number < rule_count; rule_number++)
{
@ -618,7 +618,7 @@ METHOD(parser_t, parse_payload, status_t,
return PARSE_ERROR;
}
}
/* process next rulue */
/* process next rule */
rule++;
}

@ -58,7 +58,7 @@ struct cp_payload_t {
/**
* Creates an enumerator of stored configuration_attribute_t objects.
*
* @return enumerator over configration_attribute_T
* @return enumerator over configuration_attribute_t
*/
enumerator_t *(*create_attribute_enumerator) (cp_payload_t *this);

@ -83,7 +83,7 @@ static encoding_rule_t encodings[] = {
{ RESERVED_BIT, offsetof(private_eap_payload_t, reserved[6]) },
/* Length of the whole payload*/
{ PAYLOAD_LENGTH, offsetof(private_eap_payload_t, payload_length) },
/* chunt to data, starting at "code" */
/* chunk to data, starting at "code" */
{ CHUNK_DATA, offsetof(private_eap_payload_t, data) },
};

@ -179,7 +179,7 @@ enum encoding_type_t {
/**
* Representing a spi field.
*
* When generating the content of the chunkt pointing to
* When generating the content of the chunk pointing to
* is written.
*
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
@ -248,7 +248,7 @@ enum encoding_type_t {
* this field is available or missing and so parsed/generated
* or not parsed/not generated.
*
* When generating the content of the chunkt pointing to
* When generating the content of the chunk pointing to
* is written.
*
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
@ -274,7 +274,7 @@ enum encoding_type_t {
* Depending on the last field of type TS_TYPE
* this field is either 4 or 16 byte long.
*
* When generating the content of the chunkt pointing to
* When generating the content of the chunk pointing to
* is written.
*
* When parsing 4 or 16 bytes are read and written into the chunk pointing to.
@ -290,7 +290,7 @@ enum encoding_type_t {
* Representing an IKE_SPI field in an IKEv2 Header.
*
* When generating the value of the uint64_t pointing to
* is written (host and networ order is not changed).
* is written (host and network order is not changed).
*
* When parsing 8 bytes are read and written into the uint64_t pointing to.
*/
@ -302,7 +302,7 @@ enum encoding_type_t {
ENCRYPTED_DATA,
/**
* Reprensenting a field containing a set of wrapped payloads.
* Representing a field containing a set of wrapped payloads.
*
* This type is not used directly, but as an offset to the wrapped payloads.
* The type of the wrapped payload is added to this encoding type.

@ -61,7 +61,7 @@ struct fragment_payload_t {
/**
* Get the fragment data.
*
* @return chunkt to internal fragment data
* @return chunk to internal fragment data
*/
chunk_t (*get_data)(fragment_payload_t *this);

@ -46,7 +46,7 @@ struct hash_payload_t {
/**
* Get the hash value.
*
* @return chunkt to internal hash data
* @return chunk to internal hash data
*/
chunk_t (*get_hash) (hash_payload_t *this);

@ -89,7 +89,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type,
* Create an IKEv1 ID_ADDR_SUBNET/RANGE identity from a traffic selector.
*
* @param ts traffic selector
* @return PLV1_ID id_paylad_t object.
* @return PLV1_ID id_payload_t object.
*/
id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts);

@ -168,7 +168,7 @@ enum payload_type_t {
PLV2_NONCE = 40,
/**
* Notify paylaod (N).
* Notify payload (N).
*/
PLV2_NOTIFY = 41,
@ -178,7 +178,7 @@ enum payload_type_t {
PLV2_DELETE = 42,
/**
* Vendor id paylpoad (V).
* Vendor id payload (V).
*/
PLV2_VENDOR_ID = 43,
@ -382,9 +382,9 @@ struct payload_t {
size_t (*get_length) (payload_t *this);
/**
* Verifies payload structure and makes consistence check.
* Verifies payload structure and makes consistency check.
*
* @return SUCCESS, FAILED if consistence not given
* @return SUCCESS, FAILED if consistency not given
*/
status_t (*verify) (payload_t *this);
@ -399,7 +399,7 @@ struct payload_t {
*
* Useful for the parser, who wants a generic constructor for all payloads.
* It supports all payload_t methods. If a payload type is not known,
* an unknwon_paylod is created with the chunk of data in it.
* an unknown_payload is created with the chunk of data in it.
*
* @param type type of the payload to create
* @return payload_t object

@ -117,7 +117,7 @@ struct proposal_substructure_t {
bool (*get_cpi) (proposal_substructure_t *this, uint16_t *cpi);
/**
* Get proposals contained in a propsal_substructure_t.
* Get proposals contained in a proposal_substructure_t.
*
* @param list list to add created proposals to
*/

@ -134,7 +134,7 @@ struct traffic_selector_substructure_t {
traffic_selector_substructure_t *traffic_selector_substructure_create(void);
/**
* Creates an initialized traffif selector substructure using
* Creates an initialized traffic selector substructure using
* the values from a traffic_selector_t.
*
* @param traffic_selector traffic_selector_t to use for initialization

@ -361,7 +361,7 @@ struct kernel_interface_t {
*
* @param virtual_ip virtual ip address to remove
* @param prefix prefix length of the IP to uninstall, -1 for auto
* @param wait TRUE to wait untily IP is gone
* @param wait TRUE to wait until IP is gone
* @return SUCCESS if operation completed
*/
status_t (*del_ip) (kernel_interface_t *this, host_t *virtual_ip,
@ -433,7 +433,7 @@ struct kernel_interface_t {
/**
* Check if interfaces are excluded by config.
*
* @return TRUE if no interfaces are exclued by config
* @return TRUE if no interfaces are excluded by config
*/
bool (*all_interfaces_usable)(kernel_interface_t *this);

@ -47,7 +47,7 @@ struct kernel_listener_t {
traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
/**
* Hook called if an exire event for an IPsec SA is received.
* Hook called if an expire event for an IPsec SA is received.
*
* @param protocol protocol of the expired SA
* @param spi spi of the expired SA
@ -63,7 +63,7 @@ struct kernel_listener_t {
*
* @param protocol IPsec protocol of affected SA
* @param spi spi of the SA
* @param dst old destinatino address of SA
* @param dst old destination address of SA
* @param remote new remote host
* @return TRUE to remain registered, FALSE to unregister
*/

@ -302,7 +302,7 @@ static bool cookie_required(private_receiver_t *this,
/* We don't disable cookies unless we haven't seen IKE_SA_INITs
* for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between
* cookie on / cookie off states, which is problematic. Consider the
* following: A legitimiate initiator sends a IKE_SA_INIT while we
* following: A legitimate initiator sends a IKE_SA_INIT while we
* are under a DoS attack. If we toggle our cookie behavior,
* multiple retransmits of this IKE_SA_INIT might get answered with
* and without cookies. The initiator goes on and retries with

@ -33,7 +33,7 @@ typedef struct dhcp_provider_t dhcp_provider_t;
struct dhcp_provider_t {
/**
* Implements attribute_provier_t interface.
* Implements attribute_provider_t interface.
*/
attribute_provider_t provider;

@ -63,7 +63,7 @@ typedef struct eap_aka_3gpp_functions_t eap_aka_3gpp_functions_t;
* @param id user identity
* @param[out] k (16 byte) scratchpad to receive secret key K
* @param[out] opc (16 byte) scratchpad to receive operator variant key
* derivate OPc
* derivative OPc
*/
bool eap_aka_3gpp_get_k_opc(identification_t *id, uint8_t k[AKA_K_LEN],
uint8_t opc[AKA_OPC_LEN]);
@ -88,7 +88,7 @@ struct eap_aka_3gpp_functions_t {
* f1 : Calculate MAC-A from RAND, SQN, AMF using K and OPc
*
* @param k (128 bit) secret key K
* @param opc (128 bit) operator variant key derivate OPc
* @param opc (128 bit) operator variant key derivative OPc
* @param rand (128 bit) random value RAND
* @param sqn (48 bit) sequence number SQN
* @param amf (16 bit) authentication management field AMF
@ -106,7 +106,7 @@ struct eap_aka_3gpp_functions_t {
* f1* : Calculate MAC-S from RAND, SQN, AMF using K and OPc
*
* @param k (128 bit) secret key K
* @param opc (128 bit) operator variant key derivate OPc
* @param opc (128 bit) operator variant key derivative OPc
* @param rand (128 bit) random value RAND
* @param sqn (48 bit) sequence number SQN
* @param amf (16 bit) authentication management field AMF
@ -127,7 +127,7 @@ struct eap_aka_3gpp_functions_t {
* f5 : Calculates AK from RAND using K and OPc
*
* @param k (128 bit) secret key K
* @param opc (128 bit) operator variant key derivate OPc
* @param opc (128 bit) operator variant key derivative OPc
* @param rand (128 bit) random value RAND
* @param[out] res (64 bit) scratchpad to receive signed response RES
* @param[out] ck (128 bit) scratchpad to receive encryption key CK
@ -146,7 +146,7 @@ struct eap_aka_3gpp_functions_t {
* f5* : Calculates resync AKS from RAND using K and OPc
*
* @param k (128 bit) secret key K
* @param opc (128 bit) operator variant key derivate OPc
* @param opc (128 bit) operator variant key derivative OPc
* @param rand (128 bit) random value RAND
* @param[out] aks (48 bit) scratchpad to receive resync anonymity key AKS
* @return TRUE if calculations successful

@ -44,7 +44,7 @@ struct private_eap_gtc_t {
identification_t *peer;
/**
* EAP message identififier
* EAP message identifier
*/
uint8_t identifier;
};

@ -1161,7 +1161,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this,
/* delay the response for some time to make brute-force attacks harder */
sleep(RETRY_DELAY);
/* since the error is retryable the state does not change, we still
/* since the error is retriable the state does not change, we still
* expect an MSCHAPV2_RESPONSE from the peer */
return NEED_MORE;
}

@ -383,7 +383,7 @@ static void process_filter_id(radius_message_t *msg)
}
/**
* Handle Session-Timeout attribte and Interim updates
* Handle Session-Timeout attribute and Interim updates
*/
static void process_timeout(radius_message_t *msg)
{
@ -502,7 +502,7 @@ static void add_unity_split_attribute(eap_radius_provider_t *provider,
}
writer->write_data(writer, net->get_address(net));
writer->write_data(writer, mask->get_address(mask));
padding = writer->skip(writer, 6); /* 6 bytes pdding */
padding = writer->skip(writer, 6); /* 6 bytes padding */
memset(padding.ptr, 0, padding.len);
mask->destroy(mask);
net->destroy(net);

@ -18,8 +18,8 @@
* @{ @ingroup eap_simaka_pseudonym
*/
#ifndef EAP_SIMAKA_PSEDUONYM_PROVIDER_H_
#define EAP_SIMAKA_PSEDUONYM_PROVIDER_H_
#ifndef EAP_SIMAKA_PSEUDONYM_PROVIDER_H_
#define EAP_SIMAKA_PSEUDONYM_PROVIDER_H_
#include <simaka_provider.h>
@ -46,4 +46,4 @@ struct eap_simaka_pseudonym_provider_t {
*/
eap_simaka_pseudonym_provider_t *eap_simaka_pseudonym_provider_create();
#endif /** EAP_SIMAKA_PSEDUONYM_PROVIDER_H_ @}*/
#endif /** EAP_SIMAKA_PSEUDONYM_PROVIDER_H_ @}*/

@ -39,7 +39,7 @@ struct forecast_listener_t {
* Create an enumerator over active tunnels.
*
* The enumerator enumerates over local or remote traffic selectors,
* associated firewall marks and if decasulated packets should get
* associated firewall marks and if decapsulated packets should get
* reinjected into other tunnels.
*
* @param local TRUE to enumerate local, FALSE to enumerate remote TS

@ -160,7 +160,7 @@ static uint32_t jhash(jhash_version_t version, uint32_t a, uint32_t b)
}
/**
* Segmentate a calculated hash
* Segment a calculated hash
*/
static u_int hash2segment(private_ha_kernel_t *this, uint64_t hash)
{

@ -50,7 +50,7 @@ struct ha_kernel_t {
/**
* Get the segment an arbitrary integer is in.
*
* @param n integer to segmentate
* @param n integer to segment
*/
u_int (*get_segment_int)(ha_kernel_t *this, int n);

@ -82,7 +82,7 @@ struct private_ha_segments_t {
bool heartbeat_active;
/**
* Interval we send hearbeats
* Interval we send heartbeats
*/
int heartbeat_delay;

@ -432,7 +432,7 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
.prefixlen = policy->dst.mask,
);
#ifndef __linux__
/* on Linux we cant't install a gateway */
/* on Linux we can't install a gateway */
route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src,
NULL);
#endif

@ -145,7 +145,7 @@ static bool equals_sa(sa_entry_t *a, sa_entry_t *b)
typedef struct {
/** policy source addresses */
traffic_selector_t *src;
/** policy destinaiton addresses */
/** policy destination addresses */
traffic_selector_t *dst;
/** WFP allocated LUID for inbound filter ID */
uint64_t policy_in;

@ -327,7 +327,7 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str,
if (this->initiator_id)
{
if (this->initiator_match && (!local && !num))
{ /* as responder, use the secified identity that matches
{ /* as responder, use the specified identity that matches
* all used initiator identities, if given. */
snprintf(buf, sizeof(buf), this->initiator_match, rnd);
id = identification_create_from_string(buf);

@ -142,7 +142,7 @@ struct private_socket_default_socket_t {
bool set_source;
/**
* TRUE to force sending source interface on outbound packetrs
* TRUE to force sending source interface on outbound packets
*/
bool set_sourceif;

@ -63,7 +63,7 @@ struct stroke_ca_t {
* otherwise returns the same certificate.
*
* @param cert certificate to check
* @return reference to stored CA certifiate, or original
* @return reference to stored CA certificate, or original
*/
certificate_t *(*get_cert_ref)(stroke_ca_t *this, certificate_t *cert);

@ -176,7 +176,7 @@ static bool add_proposals(private_stroke_config_t *this, char *string,
{
return TRUE;
}
/* add default porposal to the end if not strict */
/* add default proposal to the end if not strict */
}
if (ike_cfg)
{

@ -47,7 +47,7 @@ struct stroke_cred_t {
* Reread secrets from config files.
*
* @param msg stroke message
* @param prompt I/O channel to prompt for private key passhprase
* @param prompt I/O channel to prompt for private key passphrase
*/
void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt);

@ -41,7 +41,7 @@ struct private_uci_creds_t {
typedef struct {
/** implements enumerator */
enumerator_t public;
/** inneer UCI enumerator */
/** inner UCI enumerator */
enumerator_t *inner;
/** currently enumerated shared shared */
shared_key_t *current;

@ -31,7 +31,7 @@ typedef struct unity_provider_t unity_provider_t;
struct unity_provider_t {
/**
* Implements attribute_provier_t interface.
* Implements attribute_provider_t interface.
*/
attribute_provider_t provider;

@ -1271,7 +1271,7 @@ subdirectory, and gets built and installed if strongSwan has been
The _Vici::Session_ module provides a _new()_ constructor for a high level
interface, the underlying _Vici::Packet_ and _Vici::Transport_ classes are
usually not required to build Perl applications using VICI. The _Vici::Session_
class provides methods for the supported VICI commands. The auxiliare
class provides methods for the supported VICI commands. The auxiliary
_Vici::Message_ class is used to encode configuration parameters sent to
the daemon and decode data returned by the daemon.

@ -324,7 +324,7 @@ vici_parse_t vici_parse(vici_res_t *res);
char* vici_parse_name(vici_res_t *res);
/**
* Compare name tag / key of a previusly parsed element.
* Compare name tag / key of a previously parsed element.
*
* This call is valid only after vici_parse() returned VICI_PARSE_KEY_VALUE,
* VICI_PARSE_BEGIN_SECTION or VICI_PARSE_BEGIN_LIST.

@ -7,7 +7,7 @@ Gem::Specification.new do |s|
The strongSwan VICI protocol allows external application to monitor,
configure and control the IKE daemon charon. This Ruby Gem provides a
native client side implementation of the VICI protocol, well suited to
script automated tasks in a relaible way.
script automated tasks in a reliable way.
}
s.summary = "Native Ruby interface for strongSwan VICI"
s.homepage = "https://wiki.strongswan.org/projects/strongswan/wiki/Vici"

@ -68,7 +68,7 @@ typedef struct authority_t authority_t;
struct authority_t {
/**
* Name of the certification authoritiy
* Name of the certification authority
*/
char *name;

@ -80,7 +80,7 @@ static job_requeue_t raise_events(private_vici_logger_t *this)
/**
* Queue a message for async processing
*/
static void queue_messsage(private_vici_logger_t *this, vici_message_t *message)
static void queue_message(private_vici_logger_t *this, vici_message_t *message)
{
this->queue->insert_last(this->queue, message);
if (this->queue->get_count(this->queue) == 1)
@ -124,7 +124,7 @@ METHOD(logger_t, log_, void,
message = builder->finalize(builder);
if (message)
{
queue_messsage(this, message);
queue_message(this, message);
}
}
this->recursive--;