added propotypes of new control interfaces (xml & dbus)
introduced loadable:
configuration backends
control interfaces
using pluggable modules as in EAP
new configuration structure:
peer_cfg: configuration related to a peer (authenitcation, ...=
ike_cfg: config to use for IKE setup (proposals)
child_Cfg: config for CHILD_SA (proposals, traffic selectors)
a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
splitted authenticator to have a separate implementation for each auth_method_t
using va_copy to clone va_lists, should fix proplems on AMD64
some other cleanups
passive listeners can register on the bus
active listeners wait for signals actively
multiplexing allows multiple listeners to receive debug signals
a lot more...
host_t (%H)
identification_t (%D)
chunk pointers (%B)
memory pointer/length (%b)
added a signaling bus:
receives event and debug messages, sends them to its listeners
stream_logger, sys_logger, file_logger added, listen to bus
some other tweaks here and there
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
further CHILD_SA rekeying work done:
creation of a new CHILD_SA on a expire from a kernel works
delete of old CHILD_SA still missing
some issues when both initiate rekeing
moved job code from thread_pool to job, jobs have an "execute" method now
added two new jobs: delete_child_sa & rekey_child_sa
kernel interface:
listens now for ACQUIRE & EXPIRE
supports hard and soft lifetimes
fires jobs for delete and rekey child sa
ike sa manager:
can checkout IKE SAs by requid of owned CHILD SAs
we have now the infrastructure to do the rekeying... :-)