0c586c0099
.gitignore: add OS X .DS_Store files
2013-05-06 16:06:48 +02:00
922e2d1d62
Merge branch 'charon-cmd'
...
Introduce a simple IKEv1/IKEv2 command line client, charon-cmd. It does
not need any configuration files at all, but takes a few command line arguments
to establish connections as a road warrior.
2013-05-06 16:01:25 +02:00
68fc0fe32e
charon-cmd: add an option to set a different server identity
2013-05-06 15:54:35 +02:00
a0f6f39343
proposals: try next if IKEv2 algorithm could not be mapped to IKEv1
2013-05-06 15:54:32 +02:00
d2e2b9a2da
charon-cmd: add support for different IKEv1/IKEv2 authentication profiles
2013-05-06 15:54:31 +02:00
d6b0c28b25
charon-cmd: support multi-line help text for each option in usage
2013-05-06 15:54:29 +02:00
8e53682cd9
charon-cmd: add --local/remote-ts options to set traffic selectors
2013-05-06 15:54:27 +02:00
7a86bccd50
charon-cmd: Use dynamic ports with the socket-default plugin
2013-05-06 15:28:27 +02:00
69333acee0
settings: Add a set_default_str() to set a different default for a key
...
The value is set only if it is not configured in strongswan.conf or has
not been set() otherwise.
2013-05-06 15:28:27 +02:00
3ca58c32be
charon-cmd: prompt for EAP passwords on-demand using a callback credential set
2013-05-06 15:28:27 +02:00
b48941ae16
charon-cmd: authenticate with EAP if no private key is given
2013-05-06 15:28:27 +02:00
7bcd96e43d
charon-cmd: pass arguments to all handlers, even if already handled
2013-05-06 15:28:27 +02:00
9dfd9275f0
charon-cmd: build long_opts only once when reading arguments in charon-cmd
2013-05-06 15:28:27 +02:00
f0749552a6
charon-cmd: add support for using dynamic ports in charon-cmd
2013-05-06 15:28:26 +02:00
d3874008e8
socket-dynamic: when sending from port zero, allocate a free port dynamically
2013-05-06 15:28:26 +02:00
5e9144a21f
controller: clean up job data if a thread gets cancelled waiting in a function
...
Controller functions are thread cancellation points, so register a cancellation
handler cleaning up job data.
2013-05-06 15:28:26 +02:00
2baa7bbedb
charon-cmd: load certificates and RSA private keys
2013-05-06 15:28:26 +02:00
78d7a0f7e2
charon-cmd: add a connection object and its initiation to charon-cmd
2013-05-06 15:28:26 +02:00
be44723de0
charon-cmd: move command line options to separate file, obsolete short options
2013-05-06 15:28:26 +02:00
1fed10beb2
charon-cmd: add a stub for charon-cmd, a simple command line IKE client
2013-05-06 15:28:26 +02:00
b4e9f74e42
Merge branch 'leak-detective-dlsym'
...
Replaces the use of deprecated glibc malloc hooks by overloading malloc calls
and find the originals using dlsym(RTLD_NEXT).
On OS X, we now support the use of leak detective by changing the default
malloc zone functions, backtraces get resolved using atos.
It seems that the performance bottleneck now is stack unwinding. Unfortunately
a new libunwind based backtrace() is not much faster than the libc variant; we
keep that option nonetheless for platforms without backtrace().
2013-05-06 15:15:58 +02:00
40f2a5306a
scripts: add a simple test utility to do some malloc() benchmarking/profiling
2013-05-06 15:15:24 +02:00
29324299fe
backtrace: use atos instead of addr2line on OS X to resolve source lines
2013-05-06 15:15:24 +02:00
83714577a9
backtrace: add an alternative stack unwinding implementation using libunwind
2013-05-06 15:15:24 +02:00
d8f6f0c01c
leak-detective: add support for OS X by hooking default malloc zone
2013-05-06 15:15:24 +02:00
50fbd32472
leak-detective: remove unused malloc call counters
2013-05-06 15:15:24 +02:00
3117824f55
leak-detective: align allocations on both 32 and 64-bit systems to 32 bytes
2013-05-06 15:15:24 +02:00
7e3f6299d5
leak-detective: call tzset() explicitly before enabling leak detective
...
tzset() is hard to whitelist on some systems, as there is no symbol involved.
Call tzset() explicitly before initialization to avoid false positives.
2013-05-06 15:15:24 +02:00
17211b6b9a
leak-detective: override malloc functions instead of using deprecated hooks
...
malloc hooks have become deprecated, and their use has always been problematic,
especially in multi-threaded applications. Replace the functionality by
overriding all malloc functions and query the system allocator functions
using dlsym() with RTLD_NEXT.
2013-05-06 15:15:24 +02:00
e9b3bd5434
Merge branch 'silent-automake'
...
Adds support for --enable/disable-silent-rules when building with Automake
1.11 or 1.12. make V=0 or V=1 can be used to build with a different verbosity
than ./configured.
2013-05-06 15:05:40 +02:00
d0f01a581d
Add -s to make if --enable-silent-rules is ./configured
2013-05-06 15:04:56 +02:00
0be946dce3
Use the GEN silent rule when generating files with sed
2013-05-06 15:04:56 +02:00
f932677f0c
Use the GEN silent rule when generating oid database with perl
2013-05-06 15:04:56 +02:00
9f1dfd88c8
Use the GEN silent rule when generating gperf files
2013-05-06 15:04:56 +02:00
84c00e71b7
Provide the --enable-silent-rules ./configure option with automake 1.11 and 1.12
2013-05-06 15:04:56 +02:00
5f55fd6e61
Introduce an optional logger_t.vlog() method with format string and arguments
...
To have more flexibility in the logging backend, receiving the original format
string and do printf() substitution in the logger may be preferable. An
additional but optional logger method does not touch the behavior of existing
loggers.
2013-05-06 15:00:15 +02:00
e93f386dbb
Raise an ALERT_PROPOSAL_MISMATCH_CHILD also when receiving NO_PROPOSAL_CHOSEN
2013-05-06 14:56:50 +02:00
00080d2b8b
Raise an ALERT_PROPOSAL_MISMATCH_IKE also when receiving NO_PROPOSAL_CHOSEN
2013-05-06 14:56:50 +02:00
aea7ce3c64
eap-radius: add an option to disable accounting for tunnels without virtual IP
2013-05-06 14:56:01 +02:00
69620a48e8
eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPs
...
Fixes some corner cases if multiple tunnels use the same peer identity.
2013-05-06 14:56:01 +02:00
a3854d8371
Don't unset IKE_SA on bus before we released virtual IPs and attributes
2013-05-06 14:56:01 +02:00
55321dcfb6
New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlink
...
libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported,
native x86 libraries are built (requires a new Vstr build script).
Also, the existing kernel-netlink plugin now provides the kernel-net
implementation, which should be more stable in case multiple interfaces
are up and have IP addresses installed on them.
2013-05-03 16:02:39 +02:00
79f42ded50
libipsec: Fix memory leak in event relay
2013-05-03 16:02:39 +02:00
740aedfec1
android: Use stronger ESP proposal including AES-GCM
2013-05-03 16:02:39 +02:00
051fc25d92
libipsec: Add support for AES-GCM
2013-05-03 15:13:57 +02:00
24a8d1253f
libipsec: Wrap traditional algorithms in AEAD wrapper
2013-05-03 15:13:57 +02:00
61fb3267b2
android: Remove unused methods on NetworkManager/network_manager_t
2013-05-03 15:11:20 +02:00
70dfac4459
android: Ignore interface 'lo'
...
Android adds a default route via 'lo' if no connectivity is available
causing charon to send packets via lo and triggering DPD.
2013-05-03 15:11:20 +02:00
18dab76bfa
android: Repurpose android-net to simply handle connectivity events
...
Using the events by NetworkManager/ConnectivityManager to trigger roam events
instead of the events generated by the kernel-netlink plugin the noise level
is much lower.
2013-05-03 15:11:20 +02:00
37873f9994
kernel-netlink: Add an option to disable roam events
2013-05-03 15:11:19 +02:00
Martin Willi