Martin Willi
5b7ec6d4e0
renamed med_db plugin to medsrv, as we will introduce an additional medcli client plugin
2008-05-08 12:11:30 +00:00
Martin Willi
82d8368bd7
build plugins after daemon/libstrongswan
2008-04-15 07:57:01 +00:00
Martin Willi
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
Martin Willi
9e72d3bcaf
defining ME globally, as we need it in plugins
2008-03-31 15:01:43 +00:00
Martin Willi
6b9290ff12
renamed xml plugin to smp to avoid confusion
...
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there
2008-03-28 12:44:01 +00:00
Tobias Brunner
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
Martin Willi
dfd5cdcb88
cert_cache_t caches subject-issuer relations and subject certificates
...
ocsp/crl do not benefit yet due missing lookup function
2008-03-20 14:31:36 +00:00
Martin Willi
48acfe98ae
refactored trustchain verification, this should fix #33
...
moved auth_info/ocsp_response credset wrapper to separate files
2008-03-19 17:54:54 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Andreas Steffen
663fedbe44
implemented IKEV2 EAP-SIM server and client test module that use triplets stored in a file. For details see the scenario 'ikev2/rw-eap-sim-rsa'
2008-02-04 14:52:06 +00:00
Martin Willi
26e2467692
ported EAP-AKA branch into trunk
2007-12-13 10:54:29 +00:00
Martin Willi
4b403e7672
merged EAP-MD5 into trunk
2007-12-12 14:29:10 +00:00
Martin Willi
cbfb2aff50
added more ./configure build options for
...
EAP-Identity module
ipsec tools (openac, scepclient)
optional charon/pluto build
charon stroke interface
2007-12-03 14:47:15 +00:00
Martin Willi
7805ad302d
moved AUTH_LIFETIME handling in its own task (cleaner separation, proper payload order)
2007-12-03 10:52:18 +00:00
Martin Willi
8e78e43220
added a "libcharon-" prefix to plugins to avoid conflicts
2007-12-03 09:03:22 +00:00
Martin Willi
733f336ad3
socket_t implementation withouth raw sockets
...
--disable-raw-socket configure option
prevents charon/pluto to run in parallel
2007-11-26 11:20:00 +00:00
Tobias Brunner
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
Andreas Steffen
b4979ff724
removed some empty lines
2007-09-18 11:23:52 +00:00
Martin Willi
8f561d4409
prototype implemementation of an sqlite configuration backend
2007-09-18 07:12:21 +00:00
Martin Willi
17d92e9732
further MOBIKE stuff:
...
kernel properly reports network reconfiguration and informs all IKE_SAs
MOBIKE in IKE_AUTH: MOBIKE_SUPPORTED notify and address exchange
reestablishment of IKE_SAs on network reconfiguration kinda works
not stable yet!
2007-06-21 15:25:28 +00:00
Martin Willi
26424f03c3
proper reauthentication:
...
IKE_SA is closed completely before the new is initiated,
resolves some issues when a dynamic IP is requested from a pool
2007-06-14 08:13:05 +00:00
Martin Willi
9fe1a1ca76
introduced callback_job:
...
simple asynchronous method invocation
use daemons thread pool for all threads
proper cancellation and cleanups
cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
2007-06-11 10:57:19 +00:00
Martin Willi
bcd887781a
removed route_job, handled all in interface_manager
2007-05-16 08:49:10 +00:00
Martin Willi
3cd3f48428
properly implemented interface_managers initiate, terminte_[ike|child]
...
proper thread release when stroke is CTRL+C'ed
fixed some permission issues
2007-05-09 12:33:08 +00:00
Andreas Steffen
9c53c47bde
added interface.h
2007-04-27 21:29:31 +00:00
Andreas Steffen
0f00a094b3
added writeable_backend.h
2007-04-27 20:58:45 +00:00
Andreas Steffen
bc1214096b
fixed typo
2007-04-27 18:13:57 +00:00
Martin Willi
a84fb01b96
restructuring of configuration backends
...
added propotypes of new control interfaces (xml & dbus)
introduced loadable:
configuration backends
control interfaces
using pluggable modules as in EAP
2007-04-27 14:25:08 +00:00
Martin Willi
04a7b6d868
added most problematic linux headers to distribution
...
other/real linux header may be selected using --with-linux-headers=dir
2007-04-19 08:59:36 +00:00
Martin Willi
3b138b8422
cleaned up apidoc
...
added some comments
removed configuration.[ch], as it does not make sense like it is
2007-04-11 07:20:39 +00:00
Martin Willi
e0fe765152
restructured file layout
...
new configuration structure:
peer_cfg: configuration related to a peer (authenitcation, ...=
ike_cfg: config to use for IKE setup (proposals)
child_Cfg: config for CHILD_SA (proposals, traffic selectors)
a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
2007-04-10 06:01:03 +00:00
Martin Willi
4deb89485c
removed send_queue, handled internally in sender_t know
...
do header parsing in receiver, ready for cookie integration
2007-03-28 13:34:02 +00:00
Martin Willi
b0f24449dd
added EAP-SIM authentication
...
client side only
uses an external SIM reader library specified with SIM_READER_LIB
untested
2007-03-13 15:01:02 +00:00
Andreas Steffen
7c1b9ab784
moved credential_store.h from charon/config/credentials to libstrongswan
2007-03-09 16:50:19 +00:00
Andreas Steffen
78703918aa
http post fetching using libcurl implemented
2007-03-07 19:28:03 +00:00
Martin Willi
c60c7694d2
merged tasking branch into trunk
2007-02-28 14:04:36 +00:00
Martin Willi
f27f6296e6
merged EAP framework from branch into trunk
...
includes a lot of other modifications
2007-02-12 15:56:47 +00:00
Martin Willi
382b481795
moved typedefs to beginning of files to solve some include problems
...
splitted authenticator to have a separate implementation for each auth_method_t
using va_copy to clone va_lists, should fix proplems on AMD64
some other cleanups
2006-10-30 14:07:05 +00:00
Martin Willi
60356f3375
introduced new logging subsystem using bus:
...
passive listeners can register on the bus
active listeners wait for signals actively
multiplexing allows multiple listeners to receive debug signals
a lot more...
2006-10-18 11:46:13 +00:00
Martin Willi
47f5027807
introduced printf() specifiers for:
...
host_t (%H)
identification_t (%D)
chunk pointers (%B)
memory pointer/length (%b)
added a signaling bus:
receives event and debug messages, sends them to its listeners
stream_logger, sys_logger, file_logger added, listen to bus
some other tweaks here and there
2006-09-27 14:14:44 +00:00
Martin Willi
a655f5c09c
reuse reqid when a ROUTED child_sa gets INSTALLED
...
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
2006-09-05 14:07:25 +00:00
Martin Willi
4c23a8c9ec
moved interface enumeration code to socket, where it belongs
...
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
2006-08-28 08:45:22 +00:00
Martin Willi
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
Martin Willi
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
Martin Willi
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
Martin Willi
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
Martin Willi
ead36455a9
reenabled module tests for charon
2006-07-14 11:16:49 +00:00
Martin Willi
698d774918
reimplemented CHILD_SA rekeying & delete
...
no simultanous transaction with CHILD_SAs yet!
2006-07-07 07:04:07 +00:00
Martin Willi
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
Martin Willi
1396815afb
first merge of NATT code
2006-06-22 06:36:28 +00:00