5b7ec6d4e0
renamed med_db plugin to medsrv, as we will introduce an additional medcli client plugin
2008-05-08 12:11:30 +00:00
82d8368bd7
build plugins after daemon/libstrongswan
2008-04-15 07:57:01 +00:00
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
9e72d3bcaf
defining ME globally, as we need it in plugins
2008-03-31 15:01:43 +00:00
6b9290ff12
renamed xml plugin to smp to avoid confusion
...
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there
2008-03-28 12:44:01 +00:00
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
dfd5cdcb88
cert_cache_t caches subject-issuer relations and subject certificates
...
ocsp/crl do not benefit yet due missing lookup function
2008-03-20 14:31:36 +00:00
48acfe98ae
refactored trustchain verification, this should fix #33
...
moved auth_info/ocsp_response credset wrapper to separate files
2008-03-19 17:54:54 +00:00
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
663fedbe44
implemented IKEV2 EAP-SIM server and client test module that use triplets stored in a file. For details see the scenario 'ikev2/rw-eap-sim-rsa'
2008-02-04 14:52:06 +00:00
26e2467692
ported EAP-AKA branch into trunk
2007-12-13 10:54:29 +00:00
4b403e7672
merged EAP-MD5 into trunk
2007-12-12 14:29:10 +00:00
cbfb2aff50
added more ./configure build options for
...
EAP-Identity module
ipsec tools (openac, scepclient)
optional charon/pluto build
charon stroke interface
2007-12-03 14:47:15 +00:00
7805ad302d
moved AUTH_LIFETIME handling in its own task (cleaner separation, proper payload order)
2007-12-03 10:52:18 +00:00
8e78e43220
added a "libcharon-" prefix to plugins to avoid conflicts
2007-12-03 09:03:22 +00:00
733f336ad3
socket_t implementation withouth raw sockets
...
--disable-raw-socket configure option
prevents charon/pluto to run in parallel
2007-11-26 11:20:00 +00:00
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
b4979ff724
removed some empty lines
2007-09-18 11:23:52 +00:00
8f561d4409
prototype implemementation of an sqlite configuration backend
2007-09-18 07:12:21 +00:00
17d92e9732
further MOBIKE stuff:
...
kernel properly reports network reconfiguration and informs all IKE_SAs
MOBIKE in IKE_AUTH: MOBIKE_SUPPORTED notify and address exchange
reestablishment of IKE_SAs on network reconfiguration kinda works
not stable yet!
2007-06-21 15:25:28 +00:00
26424f03c3
proper reauthentication:
...
IKE_SA is closed completely before the new is initiated,
resolves some issues when a dynamic IP is requested from a pool
2007-06-14 08:13:05 +00:00
9fe1a1ca76
introduced callback_job:
...
simple asynchronous method invocation
use daemons thread pool for all threads
proper cancellation and cleanups
cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
2007-06-11 10:57:19 +00:00
bcd887781a
removed route_job, handled all in interface_manager
2007-05-16 08:49:10 +00:00
3cd3f48428
properly implemented interface_managers initiate, terminte_[ike|child]
...
proper thread release when stroke is CTRL+C'ed
fixed some permission issues
2007-05-09 12:33:08 +00:00
9c53c47bde
added interface.h
2007-04-27 21:29:31 +00:00
0f00a094b3
added writeable_backend.h
2007-04-27 20:58:45 +00:00
bc1214096b
fixed typo
2007-04-27 18:13:57 +00:00
a84fb01b96
restructuring of configuration backends
...
added propotypes of new control interfaces (xml & dbus)
introduced loadable:
configuration backends
control interfaces
using pluggable modules as in EAP
2007-04-27 14:25:08 +00:00
04a7b6d868
added most problematic linux headers to distribution
...
other/real linux header may be selected using --with-linux-headers=dir
2007-04-19 08:59:36 +00:00
3b138b8422
cleaned up apidoc
...
added some comments
removed configuration.[ch], as it does not make sense like it is
2007-04-11 07:20:39 +00:00
e0fe765152
restructured file layout
...
new configuration structure:
peer_cfg: configuration related to a peer (authenitcation, ...=
ike_cfg: config to use for IKE setup (proposals)
child_Cfg: config for CHILD_SA (proposals, traffic selectors)
a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
2007-04-10 06:01:03 +00:00
4deb89485c
removed send_queue, handled internally in sender_t know
...
do header parsing in receiver, ready for cookie integration
2007-03-28 13:34:02 +00:00
b0f24449dd
added EAP-SIM authentication
...
client side only
uses an external SIM reader library specified with SIM_READER_LIB
untested
2007-03-13 15:01:02 +00:00
7c1b9ab784
moved credential_store.h from charon/config/credentials to libstrongswan
2007-03-09 16:50:19 +00:00
78703918aa
http post fetching using libcurl implemented
2007-03-07 19:28:03 +00:00
c60c7694d2
merged tasking branch into trunk
2007-02-28 14:04:36 +00:00
f27f6296e6
merged EAP framework from branch into trunk
...
includes a lot of other modifications
2007-02-12 15:56:47 +00:00
382b481795
moved typedefs to beginning of files to solve some include problems
...
splitted authenticator to have a separate implementation for each auth_method_t
using va_copy to clone va_lists, should fix proplems on AMD64
some other cleanups
2006-10-30 14:07:05 +00:00
60356f3375
introduced new logging subsystem using bus:
...
passive listeners can register on the bus
active listeners wait for signals actively
multiplexing allows multiple listeners to receive debug signals
a lot more...
2006-10-18 11:46:13 +00:00
47f5027807
introduced printf() specifiers for:
...
host_t (%H)
identification_t (%D)
chunk pointers (%B)
memory pointer/length (%b)
added a signaling bus:
receives event and debug messages, sends them to its listeners
stream_logger, sys_logger, file_logger added, listen to bus
some other tweaks here and there
2006-09-27 14:14:44 +00:00
a655f5c09c
reuse reqid when a ROUTED child_sa gets INSTALLED
...
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
2006-09-05 14:07:25 +00:00
4c23a8c9ec
moved interface enumeration code to socket, where it belongs
...
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
2006-08-28 08:45:22 +00:00
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
ead36455a9
reenabled module tests for charon
2006-07-14 11:16:49 +00:00
698d774918
reimplemented CHILD_SA rekeying & delete
...
no simultanous transaction with CHILD_SAs yet!
2006-07-07 07:04:07 +00:00
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
1396815afb
first merge of NATT code
2006-06-22 06:36:28 +00:00
Martin Willi