Tobias Brunner
12488efa78
kernel-pfroute: Simplify route lookup after fixing sockaddr parsing
2013-06-21 17:03:22 +02:00
Tobias Brunner
4b3fea3d54
kernel-pfroute: Alignment of sockaddrs is not always the same
2013-06-21 17:03:22 +02:00
Tobias Brunner
aa33d2e6eb
kernel-pfroute: struct sockaddr arguments are 4 byte aligned
...
This was noticed on Mac OS X where, if the default route is returned,
RTA_NETMASK has sa_len set to 0, but skipping zero bytes to read the
next address makes no sense, of course. Using 0 for sa_len seems
a bit strange, in particular, because struct sockaddr has by definition
a minimum length of 16 bytes. But it seems FreeBSD actually does the
same.
2013-06-21 17:03:22 +02:00
Tobias Brunner
23ea59a95c
kernel-libipsec: Ignore failures when installing routes for multicast or broadcast policies
2013-06-21 17:03:22 +02:00
Tobias Brunner
b0629f7d9b
kernel-pfroute: Improve route lookup depending on information we get back
...
Kernels don't provide the same information for all routes.
2013-06-21 17:03:22 +02:00
Tobias Brunner
1c697ff1c5
kernel-pfroute: Try to ensure we get a source address or interface name
2013-06-21 17:03:22 +02:00
Tobias Brunner
01955eec71
ike: Force NAT-T/UDP encapsulation if kernel interface requires it
2013-06-21 17:03:21 +02:00
Tobias Brunner
35fe41f7d0
kernel-libipsec: Add a feature to request UDP encapsulation of ESP packets
2013-06-21 17:03:21 +02:00
Tobias Brunner
66aaabf342
tun-device: Packets sent over utun devices on Mac OS X have the protocol family prepended
2013-06-21 17:03:21 +02:00
Tobias Brunner
34b0ad0653
kernel-pfroute: Use DST as nexthop for host routes
...
These are created as cache/clone on Mac OS X.
2013-06-21 17:03:21 +02:00
Tobias Brunner
d6c17e96b2
kernel-pfroute: Implement get_source_addr()
2013-06-21 17:03:21 +02:00
Tobias Brunner
f58f8bf409
kernel-pfroute: Properly install routes with interface and gateway
2013-06-21 17:03:21 +02:00
Tobias Brunner
1f31a2bc2e
kernel-libipsec: Install a gateway for routes on platforms other than Linux
...
This seems required e.g. on FreeBSD but doesn't work on Linux.
2013-06-21 17:03:21 +02:00
Tobias Brunner
93e4df3761
kernel-pfroute: Activate TUN device before setting address
...
On FreeBSD, for some reason, we don't learn the interface is up
otherwise. Even though ifconfig lists it as up at the same time.
2013-06-21 17:03:21 +02:00
Tobias Brunner
c8a56512a6
tun-device: Avoid opening /dev/tunX multiple times (e.g. on FreeBSD)
2013-06-21 17:03:21 +02:00
Tobias Brunner
dcaf8d570c
kernel-libipsec: Router reads packets from multiple TUN devices
...
These devices are collected via kernel_listener_t interface.
2013-06-21 17:03:21 +02:00
Tobias Brunner
7045defbff
kernel-libipsec: Use separate class to route packets between charon, libipsec and TUN device
2013-06-21 17:03:21 +02:00
Tobias Brunner
554c4276a5
kernel-pfroute: Raise tun event when creating/destroying TUN devices for virtual IPs
2013-06-21 17:03:21 +02:00
Tobias Brunner
4868d1c3bc
kernel: Add an event kernel interfaces can raise if they create/destroy a TUN device
2013-06-21 17:03:21 +02:00
Tobias Brunner
0d2ad63fe2
printf-hook: Avoid double-free when freeing Vstr config
...
Thread-specific objects get freed when the thread value object is
destroyed (wasn't the case earlier, i.e. before 2b19dd35
), which
may cause the second call to vstr_free_conf() to fail in an assert
in Vstr (depending on how it was built).
2013-06-21 17:03:20 +02:00
Tobias Brunner
587bdf8768
kernel-libipsec: Track policies and automatically install routes
...
The routes direct traffic matching the remote traffic selector to the
TUN device.
If the remote traffic selector includes the IKE peer a very specific route
is installed to allow IKE traffic.
2013-06-21 17:03:20 +02:00
Tobias Brunner
44a49681fd
kernel-libipsec: Handle packets between charon socket, libipsec and TUN device
2013-06-21 17:03:20 +02:00
Tobias Brunner
59be6ddd08
kernel-libipsec: Create a TUN device and use it to install virtual IPs
2013-06-21 17:03:20 +02:00
Tobias Brunner
279e0d42bd
kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsec
2013-06-21 17:03:20 +02:00
Tobias Brunner
3cd7ba4960
kernel-netlink: Routes don't require a gateway/nexthop
2013-06-21 17:03:20 +02:00
Tobias Brunner
1b3b7ba54d
charon-cmd: Document auxiliary options
2013-06-21 17:00:49 +02:00
Tobias Brunner
4d62ad7571
charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pages
2013-06-21 16:35:19 +02:00
Tobias Brunner
5991f09565
charon-cmd: Use fixed number of character to align command descriptions
...
If the command and argument is longer than that write the first line of
description to the following line.
2013-06-21 16:04:46 +02:00
Tobias Brunner
5e185047e1
charon-cmd: Shortened and fixed command descriptions
2013-06-21 16:04:45 +02:00
Tobias Brunner
463314b55a
charon-cmd: Simplify usage output for authentication profiles
...
The man page describes the min full.
2013-06-21 16:04:45 +02:00
Tobias Brunner
e8d6b91ebd
charon-cmd: Add Aggressive Mode profiles to man page
2013-06-21 16:04:45 +02:00
Tobias Brunner
0d60489bf8
charon-cmd: Add man page for charon-cmd(8)
2013-06-21 16:04:45 +02:00
Tobias Brunner
295d595b49
charon-cmd: Add --debug argument to set the default log level
2013-06-21 15:55:52 +02:00
Tobias Brunner
4049ec42bf
charon-cmd: Handle simple command line arguments like --help before the others
2013-06-21 15:51:42 +02:00
Tobias Brunner
0d25c4ef87
plugin-loader: Move logging of failed features to status()
...
Still log an error message if critical features fail, as loaded
plugins/features are not logged in that case.
This way loaded plugins are printed before failed features and
the relation is easier to make for users. It also allows programs
to log this message on a different level.
2013-06-21 15:22:46 +02:00
Tobias Brunner
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
Tobias Brunner
34ee14dd28
plugin-loader: Collect statistics while loading features, print them in case features failed to load
...
There is no need to explicitly search for failed features in critical
plugins as this is now detected while loading the features.
2013-06-21 15:13:25 +02:00
Tobias Brunner
681e53c70c
plugin-loader: Use different log level if failed feature is in critical plugin
2013-06-21 15:13:25 +02:00
Tobias Brunner
13d2d8f634
plugin-loader: Log message when failing to load plugin
2013-06-21 15:13:25 +02:00
Tobias Brunner
51b9d7513d
plugin-loader: Reduce verbosity while loading plugins
2013-06-21 15:13:25 +02:00
Tobias Brunner
0adf165c7e
Fix crash if the initiator has no suitable proposal available
...
Could be triggered with a typo in the ike or esp options when ! is used.
2013-06-21 11:09:03 +02:00
Martin Willi
9d6a147c81
Merge branch 'unit-tests-ecdsa'
...
Adds support for testing plugin functionality to test-runner. Introduces some
good/bad tests for ECDSA/RSA which would have caught those RSA/ECDSA signature
vulnerabilities.
2013-06-21 10:53:23 +02:00
Martin Willi
092550b03a
leak-detective: (re-)whitelist some OpenSSL functions
...
Some static allocations in plugins won't get freed, because in the test case
process the plugins are not destroyed. If a plugin would clean up allocations
done while just using the plugin, these show up as leak in the child process,
letting tests fail.
2013-06-21 10:53:23 +02:00
Martin Willi
ef687db734
unit-tests: load plugins in test-runner from build directory
2013-06-21 10:53:23 +02:00
Martin Willi
b950fc48da
unit-tests: link test-runner against -lpthread
2013-06-21 10:53:23 +02:00
Martin Willi
1ffdb4f3d0
unit-tester: remove obsolete rsa_gen test, now covered in unit-tests
2013-06-21 10:53:23 +02:00
Martin Willi
df1a1a0901
unit-tests: add RSA test cases, very similar to ECDSA
2013-06-21 10:53:23 +02:00
Martin Willi
eabf4af0f8
unit-tests: test with /dev/urandom if random plugin is in use
2013-06-21 10:53:22 +02:00
Martin Willi
d0c09c84a5
unit-tests: test supported ECDSA schemes only
2013-06-21 10:53:22 +02:00
Martin Willi
2bedb0f270
Move test-runners has_feature() function to plugin loader
2013-06-21 10:53:22 +02:00