ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,934 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

1798 Commits

Author SHA1 Message Date
Martin Willi 3b71d3d033 Reload strongswan.conf and plugins supporting reloading on SIGHUP 2011-04-15 10:07:13 +02:00
Martin Willi 84f89634ef Moved logger initialization from libcharon to charon 2011-01-05 16:45:40 +01:00
Andreas Steffen ed08f7ce83 use DBG_TNC for TNC debugging output 2010-10-09 16:01:19 +02:00
Andreas Steffen 99dfc3c295 added --debug-tls to charon usage() function 2010-10-07 09:34:56 +02:00
Andreas Steffen 4776500055 added debug-tls comand line option 2010-08-23 17:51:40 +02:00
Martin Willi 0b71bc7af0 Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs 2010-08-03 15:39:25 +02:00
Martin Willi 400df4ca7c Implemented EAP-TLS server functionality 2010-08-03 15:39:25 +02:00
Martin Willi 97abf95412 TLS stack keeps a copy of server/peer identities 2010-08-03 15:39:25 +02:00
Martin Willi c8a2fca58c Limit the number of EAP-TLS packets allowed 2010-08-03 15:39:25 +02:00
Martin Willi 8fef06a683 Use stricter state handling while processing TLS messages 2010-08-03 15:39:25 +02:00
Martin Willi dc9f34be4d Cleaned up the public TLS interface 2010-08-03 15:39:25 +02:00
Martin Willi 84d67ead4e Refactored common used operations into TLS crypto helper 2010-08-03 15:39:25 +02:00
Martin Willi 3e7e777941 Properly send empty EAP-TLS messages 2010-08-03 15:39:25 +02:00
Martin Willi 51313a39d1 Derive MSK for EAP-TLS authentication 2010-08-03 15:39:25 +02:00
Martin Willi 110364b042 Verify Server Finished message 2010-08-03 15:39:25 +02:00
Martin Willi f139b5786f Implemented input record decryption and verification 2010-08-03 15:39:25 +02:00
Martin Willi 84543e6efa Implemented key derivation, output record signing and encryption 2010-08-03 15:39:25 +02:00
Martin Willi 18010de23d Derive master secret, create Finished message 2010-08-03 15:39:25 +02:00
Martin Willi 149b7e6d01 Implemented the TLS specific PRF in its TLSv1.0 and TLSv1.2 variants 2010-08-03 15:39:24 +02:00
Martin Willi 3ddd164e5e Implemented sending of Certificate, ClientKeyExchange, CertificateVerify and ChangeCipherSpec as peer 2010-08-03 15:39:24 +02:00
Martin Willi 3a1640dea1 Implemented a tls_writer class to simplify TLS data generation 2010-08-03 15:39:24 +02:00
Martin Willi 4ef946dd64 Implemented a tls_reader class to simplify TLS data parsing 2010-08-03 15:39:24 +02:00
Martin Willi 3e962b0843 Process ServerHello(Done), Certificate(Request) messages 2010-08-03 15:39:24 +02:00
Martin Willi 698674c7f3 Send a ClientHello to start TLS negotiation 2010-08-03 15:39:24 +02:00
Martin Willi 536dbc00b9 Added TLS crypto helper, currently supports cipher suite selection 2010-08-03 15:39:24 +02:00
Martin Willi 4c0c2283a5 Added stubs for handshake handling, server and peer variants 2010-08-03 15:39:24 +02:00
Martin Willi 4c0124a0a2 Accept follow-up fragments with a TLS message length 2010-08-03 15:39:24 +02:00
Martin Willi 40e384ea01 Added dummy/identity implementations of the different TLS record layers 2010-08-03 15:39:24 +02:00
Martin Willi dcbbeb2d09 Pass TLS records to newly introduced TLS stack 2010-08-03 15:39:24 +02:00
Martin Willi f7f63c52e1 Added some TLS constants 2010-08-03 15:39:24 +02:00
Martin Willi b173819e5d (De-)fragment EAP-TLS packets, pass TLS records to upper layer 2010-08-03 15:39:24 +02:00
Martin Willi 2107953804 Added EAP-TLS plugin stub 2010-08-03 15:39:24 +02:00
Tobias Brunner 4f9b82bc1d Fixed compiler warning. 2010-06-15 19:58:59 +02:00
Tobias Brunner 404960e522 Run as vpn user on Android. 2010-06-15 19:57:31 +02:00
Tobias Brunner b02a03a5dd Truncate the PID file so that even if we fail to unlink it, the daemon can be restarted properly. 2010-06-15 19:57:14 +02:00
Martin Willi 091d178060 Option to skip slow addr2line resolution in leak-detective 2010-05-20 17:37:18 +02:00
Tobias Brunner 9d843ee6fa Do a proper cleanup when printing usage info. 2010-05-04 18:34:27 +02:00
Tobias Brunner 6edbe1652b Integrating libhydra into the Android build system. 2010-04-12 16:47:47 +02:00
Martin Willi 29a46aacad Moved ha plugin to libcharon 2010-04-07 13:55:16 +02:00
Martin Willi 3e8caf6af6 Make resync/monitoring functionality optional 2010-04-07 13:55:16 +02:00
Martin Willi f24ca1dd55 Listen to ike_updown/rekey hook instead of ike_state_change 2010-04-07 13:55:16 +02:00
Martin Willi c866a42737 Request a complete resync after daemon startup 2010-04-07 13:55:16 +02:00
Martin Willi 1466af8556 Do not automatically take over segments, as we need to resync first 2010-04-07 13:55:16 +02:00
Martin Willi ea249cc6f0 Drop overlapping segments only if we have no active SAs on it 2010-04-07 13:55:16 +02:00
Martin Willi a05e388540 Do not install iptables rules, they should stay active after shutdown 2010-04-07 13:55:16 +02:00
Martin Willi e262f4e543 Take over all segments if heartbeat becomes silent 2010-04-07 13:55:15 +02:00
Martin Willi d87489661c Renamed ha-sync plugin to ha 2010-04-07 13:55:15 +02:00
Martin Willi 3c82381296 Try to send HA sync messages synchronously 2010-04-07 13:55:15 +02:00
Martin Willi f4f394e67c Do not sync a delete for a child in a destroying IKE_SA 2010-04-07 13:55:15 +02:00
Martin Willi 5a0a359b88 Include ICMP traffic in sync tunnel 2010-04-07 13:55:15 +02:00
Martin Willi 874c0bd8b8 Refactored segment enabling/disabling 2010-04-07 13:55:15 +02:00
Martin Willi 5d67259042 Use a connected UDP socket 2010-04-07 13:55:15 +02:00
Martin Willi 06308d9ede Removed obsolete socket subclasses 2010-04-07 13:55:15 +02:00
Martin Willi 3912fdb1ec Automatically segment cluster using periodically sent status messages 2010-04-07 13:55:14 +02:00
Martin Willi b7f15be136 Do not enable/disable our own sync tunnel 2010-04-07 13:55:14 +02:00
Martin Willi 9fdf5f712e Enable/disable inactive/active segments only 2010-04-07 13:55:14 +02:00
Martin Willi 310498f3de Deactivate all active segments before shutting down 2010-04-07 13:55:14 +02:00
Martin Willi 4e248733a8 HA kernel interface can mangle netfilter rules, currently with iptables invocation 2010-04-07 13:55:14 +02:00
Martin Willi dbc91f7c84 Added support for kernel segment manipulation 2010-04-07 13:55:14 +02:00
Martin Willi 6921e8d5a9 Moved segment configuration parsing to ha_sync_plugin 2010-04-07 13:55:14 +02:00
Martin Willi 37459ea928 Propagate segment manipulation to cluster node 2010-04-07 13:55:14 +02:00
Martin Willi 3d672d4b0a Segment manipulation in HA sync is thread save 2010-04-07 13:55:14 +02:00
Martin Willi c573b11c55 Passing 0 to segments->(de-)activate enables/disables all segments 2010-04-07 13:55:14 +02:00
Martin Willi 7ceaf50b05 separated auto-tunnel functionality from socket 2010-04-07 13:55:13 +02:00
Martin Willi f5632db953 create external fifo socket only if "fifo_interface" option is set 2010-04-07 13:55:13 +02:00
Martin Willi 47d365deef updated linuxdir include variable 2010-04-07 13:55:13 +02:00
Martin Willi 724736ff1c updated HA sync plugin to new lifetime config 2010-04-07 13:55:13 +02:00
Martin Willi f825238594 print "none" if not serving any segments 2010-04-07 13:55:13 +02:00
Martin Willi a33eb8631c automatically establish a PSK authenticated SA between cluster nodes 2010-04-07 13:55:13 +02:00
Martin Willi 80624c79d5 fixed memleak when installing synced virtual IPs 2010-04-07 13:55:13 +02:00
Martin Willi b1d495f469 do not sync CHILD_SAs without an IKE_SA 2010-04-07 13:55:13 +02:00
Martin Willi 5b7c0f4409 removed $Id$ from ha plugin 2010-04-07 13:55:13 +02:00
Martin Willi 26d08a241a fixed ike_sa condition/extension parsing 2010-04-07 13:55:12 +02:00
Martin Willi 1e977438af fixed sync of CHILD_SA delete 2010-04-07 13:55:12 +02:00
Martin Willi 9ffcbea6f1 added HA resync option to (re-)integrate nodes to a cluster 2010-04-07 13:55:12 +02:00
Martin Willi c81f4fa29d apply peer config during rekeying 2010-04-07 13:55:12 +02:00
Martin Willi 34d240a6e3 manage synced SAs in IKE_SA Manager, tag them with IKE_PASSIVE state 2010-04-07 13:55:12 +02:00
Martin Willi d4113a42e9 support for IKE_SA rekeying sync 2010-04-07 13:55:12 +02:00
Martin Willi aa98188af5 IKE_SA activation/deactivation magic using a fifo socket 2010-04-07 13:55:12 +02:00
Martin Willi c94fe198e9 syncing of complete IKE/CHILD_SAs works 2010-04-07 13:55:11 +02:00
Martin Willi 7999be5b0e pushing basic CHILD_SA sync data to backup node 2010-04-07 13:55:11 +02:00
Martin Willi 765935c8f6 basic syncing of IKE_SAs 
recreating SAs with keymat derivation
 2010-04-07 13:55:11 +02:00
Martin Willi 190edaf527 added a dispatcher class to receive HA sync messages 
simple attribute parser enumerator (probably needs a cleaner implementation)
 2010-04-07 13:55:11 +02:00
Martin Willi 12ec91ba3a generating basic IKE_SA sync messages 
pushing to statically configured failover node
 2010-04-07 13:55:11 +02:00
Martin Willi e5e91eec29 set up basic infrastructure ha_sync plugin 2010-04-07 13:55:11 +02:00
Martin Willi e16d76f9a4 added child_sa serialization to ha_sync plugin 2010-04-07 13:55:11 +02:00
Martin Willi e67f5136c0 HA sync plugin stub 2010-04-07 13:55:11 +02:00
Tobias Brunner 9ed6341d3f Adding support for debug groups in libstrongswan's logger. 2010-04-06 12:47:40 +02:00
Tobias Brunner facf887253 Store the name of the daemon that initialized libhydra to load daemon-specific settings. 2010-04-06 12:47:40 +02:00
Tobias Brunner a1f90c7a85 Fixed deinit for charon --version. 2010-03-24 18:53:10 +01:00
Tobias Brunner 52bff307e1 Init/deinit libhydra in charon and pluto. 2010-03-24 18:53:10 +01:00
Tobias Brunner 39856897e6 Link pluto and charon to libhydra, fixes monolithic build. 2010-03-24 18:53:10 +01:00
Tobias Brunner c92c94542a Missed to include charon's Android.mk in the distribution. 2010-03-22 11:32:20 +01:00
Martin Willi 6150efa885 Added charon to .gitignore 2010-03-19 17:17:54 +01:00
Tobias Brunner d92b337fe9 Do not indent the source file lists in Android.mk files so we can easily compare them to the lists in the Makefile.am files. 2010-03-19 13:34:53 +01:00
Tobias Brunner 52c7257366 Adding support for the build of libcharon (and charon) on Android. 2010-03-19 13:34:53 +01:00
Tobias Brunner ef87a61efd Explicitly link charon to libstrongswan. 
Also fixed the reference to the pthread library.
 2010-03-19 13:34:53 +01:00
Tobias Brunner 349fa52852 Replacing the original charon with a small wrapper around libcharon. 2010-03-19 13:34:52 +01:00
Tobias Brunner 08c5572602 Moving charon to libcharon. 2010-03-19 13:34:52 +01:00
Martin Willi f0da32c58d Introduced ipsec.conf NTLM keyword for NT hashes 2010-03-17 18:51:00 +01:00