Tobias Brunner
2eef43f3ee
swid: Fix parameter documentation in Doxygen comments
2014-06-30 13:16:17 +02:00
Tobias Brunner
e351169900
windows: Fix parameter name in Doxygen comment
2014-06-30 13:16:17 +02:00
Tobias Brunner
aad072d517
enum: Replace þ with p in Doxygen comments
2014-06-30 13:16:17 +02:00
Tobias Brunner
3b16c2b55d
libvici: Add missing argument to Doxygen comment
2014-06-30 13:16:16 +02:00
Tobias Brunner
cc7c4c3dbd
starter: Add starter group and fix formatting of conf_parser_section_t enum
...
Make use of the Markdown support in recent Doxygen versions.
2014-06-30 13:16:16 +02:00
Tobias Brunner
1bd175a9ef
swanctl: Fix Doxygen group assignment
2014-06-30 13:16:16 +02:00
Tobias Brunner
ed01c1afff
Fixed some typos
2014-06-30 13:16:16 +02:00
Andreas Steffen
644fc4e1ff
Added Android 4.4.4 to IMV database
2014-06-27 08:27:28 +02:00
Tobias Brunner
f22add05f6
kernel-pfkey: Use address in TS to determine interface for shunt routes
2014-06-26 18:13:17 +02:00
Tobias Brunner
60f5fb2318
kernel-pfkey: Use subnet and prefix when determining nexthop for shunt policy routes
...
This is basically the same as 88f125f560
.
2014-06-26 18:13:09 +02:00
Tobias Brunner
b451303a6c
kernel-pfkey: Install routes for shunt policies
2014-06-26 18:12:05 +02:00
Tobias Brunner
04ff5e58e3
starter: Ingore %default conn and ca sections
2014-06-26 12:23:05 +02:00
Andreas Steffen
d96328fbc4
Updated build-database.sh to 3.13.0-30-generic Ubuntu kernel
2014-06-26 11:09:25 +02:00
Tobias Brunner
4431e1e04d
updown: Force subnet address to be numeric
2014-06-25 16:17:15 +02:00
Martin Willi
07b57e203b
windows: Include <sys/stat.h> explicitly before overloading memset()/memcpy()
...
fstat() in newer MinGWs is defined as non-static inline. With our new static
inline memset()/memcpy() overloads, this raises a warning. To avoid it,
explicitly include <sys/stat.h> once before defining these overloads.
2014-06-25 16:09:42 +02:00
Martin Willi
fc8ca5f2f2
eap-radius: Increase buffer for accounting attributes to maximum attribute size
...
Fixes #624 .
2014-06-25 13:11:34 +02:00
Tobias Brunner
cd6b2af33e
kernel-netlink: Cast IPv6 address blobs to the proper type
...
On Android these macros are defined as functions.
2014-06-24 15:53:25 +02:00
Tobias Brunner
3e4ce88633
android: Define HAVE_DLADDR as plugin loader checks for it
2014-06-24 15:53:25 +02:00
Tobias Brunner
5195416d90
android: Update Android.mk files to match changes due to the Windows port
...
Makes them easier to compare to the original Makefile.am.
2014-06-24 15:53:25 +02:00
Martin Willi
866514c70c
charon: Set CLOEXEC flag on daemon PID file and /dev/(u)random source FDs
...
On Fedora, SELinux complains about these open file descriptors when the
updown script invokes iptables. While it seems difficult to set the flag
on all file descriptors, this at least fixes those covered by the SELinux
policy.
As these two cases are in code executed while the daemon is still single
threaded, we avoid the use of atomic but not fully portable fdopen("e") or
open(O_CLOEXEC) calls.
Fixes #519 .
2014-06-24 15:26:38 +02:00
Tobias Brunner
6d4654b9f9
utils: Add wrappers for memcpy(3), memmove(3) and memset(3)
...
These wrappers guarantee that calls to these functions are noops if the
number of bytes is 0, as calling them with NULL pointers is undefined
according to the C standard, even if the number of bytes is 0 (most
implementations probably ignore the pointers anyway in this case, but
lets make sure).
2014-06-24 15:11:27 +02:00
Tobias Brunner
bb91109af8
pki: Also check for MAX_COMMANDS when building getopt_long arguments
...
Completes 87e53819a6
and 0a8c399a21
.
2014-06-24 15:11:27 +02:00
Andreas Steffen
d82aa931db
Auxiliary swid_tagstats table boosts performance
2014-06-23 13:32:50 +02:00
Tobias Brunner
aba9ef542e
unit-tests: Add tests for DH factory
2014-06-20 16:21:55 +02:00
Tobias Brunner
94dbbd8079
crypto-factory: Only sort RNGs by algorithm identifier
...
Others remain in the order in which they were added, grouped by
algorithm identifier and sorted by benchmarking speed, if provided.
2014-06-20 16:21:55 +02:00
Tobias Brunner
e145f27db7
unit-tests: Add test for crypto_factory_t's rng_create method
2014-06-20 16:21:55 +02:00
Tobias Brunner
90854d289f
kernel-netlink: Install virtual IPv6 addresses as deprecated
...
This should prevent the kernel's IPv6 source address selection algorithm
from using this address unless it is forced to by our source route.
This is helpful if split tunneling is used.
Fixes #598 .
2014-06-20 16:10:40 +02:00
Tobias Brunner
8661c56d38
vici: Install libvici in ipseclibdir like we do with other libraries
2014-06-19 14:42:07 +02:00
Tobias Brunner
88f125f560
kernel-netlink: Pass prefix when looking up next hop for shunt policies
2014-06-19 14:33:40 +02:00
Tobias Brunner
de7cb6de65
kernel-netlink: Add support for destination prefix when determining next hop
2014-06-19 14:33:40 +02:00
Tobias Brunner
c005073d0b
kernel-interface: Add destination prefix to get_nexthop()
...
This allows to determine the next hop to reach a subnet, for instance, when
installing routes for shunt policies.
2014-06-19 14:33:40 +02:00
Tobias Brunner
981466251f
shunt-manager: Install passthrough policies with highest priority
...
This avoids conflicts with regular IPsec policies.
Similarly, use the lowest priority for drop policies.
2014-06-19 14:20:33 +02:00
Tobias Brunner
5b883719a1
libipsec: Add support for new policy priority class
2014-06-19 14:20:33 +02:00
Tobias Brunner
77b6a145a0
kernel-pfkey: Add support for new policy priority class
2014-06-19 14:20:33 +02:00
Tobias Brunner
f1675e4e29
kernel-netlink: Add support for new policy priority class
2014-06-19 14:20:33 +02:00
Tobias Brunner
479060d2d6
ipsec: Add a fourth priority class for bypass policies
2014-06-19 14:20:33 +02:00
Tobias Brunner
566d1a90cd
Remove kernel-klips plugin
2014-06-19 14:20:33 +02:00
Tobias Brunner
3bf98189d7
kernel-netlink: Follow RFC 6724 when selecting IPv6 source addresses
...
Instead of using the first address we find on an interface we should
consider properties like an address' scope or whether it is temporary
or public.
Fixes #543 .
2014-06-19 14:16:41 +02:00
Tobias Brunner
f4d29bf16d
starter: Don't directly refer to source files in Makefile for unit tests
...
Older versions of automake have trouble recursively cleaning such
constructs properly.
2014-06-19 14:00:49 +02:00
Tobias Brunner
6719c4c828
starter: Explicitly allow @# at the beginning of strings
...
Since we treat everything after # as comment identities of type
ID_KEY_ID couldn't be parsed otherwise, unless quoted.
2014-06-19 14:00:49 +02:00
Tobias Brunner
2d88617e7d
starter: Add --conftest option to test ipsec.conf syntax
2014-06-19 14:00:49 +02:00
Tobias Brunner
a953f3ad4a
starter: Remove old parser
2014-06-19 14:00:49 +02:00
Tobias Brunner
81ba3c1a5e
starter: Use new parser to read config file
2014-06-19 14:00:49 +02:00
Tobias Brunner
640c75bb2e
starter: Move kw_entry_t definition
2014-06-19 14:00:49 +02:00
Tobias Brunner
8839796c3e
starter: Remove unused ARG_LST argument type
2014-06-19 14:00:49 +02:00
Tobias Brunner
f245ac6cc0
starter: Add tests for ipsec.conf parser
2014-06-19 14:00:48 +02:00
Tobias Brunner
a1625fdc9b
unit-tests: Make fixture functions optional
2014-06-19 14:00:48 +02:00
Tobias Brunner
f609682e5d
starter: Add new bison/flex based parser for ipsec.conf
...
The parser simply returns key/value pairs of all sections, it already
resolves also= and allows overriding options in all included sections
(not only %default), options set in included section can also be cleared
again (key=).
It provides other improvements too, like quoted strings (with escape
sequences), unlimited includes and better whitespace/comment handling.
2014-06-19 14:00:48 +02:00
Tobias Brunner
4ef86a849b
starter: Remove out of date README
2014-06-19 14:00:48 +02:00
Tobias Brunner
9dbf2019e2
collections: Add interface for read-only dictionaries
2014-06-19 14:00:48 +02:00