12488efa78
kernel-pfroute: Simplify route lookup after fixing sockaddr parsing
2013-06-21 17:03:22 +02:00
4b3fea3d54
kernel-pfroute: Alignment of sockaddrs is not always the same
2013-06-21 17:03:22 +02:00
aa33d2e6eb
kernel-pfroute: struct sockaddr arguments are 4 byte aligned
...
This was noticed on Mac OS X where, if the default route is returned,
RTA_NETMASK has sa_len set to 0, but skipping zero bytes to read the
next address makes no sense, of course. Using 0 for sa_len seems
a bit strange, in particular, because struct sockaddr has by definition
a minimum length of 16 bytes. But it seems FreeBSD actually does the
same.
2013-06-21 17:03:22 +02:00
23ea59a95c
kernel-libipsec: Ignore failures when installing routes for multicast or broadcast policies
2013-06-21 17:03:22 +02:00
b0629f7d9b
kernel-pfroute: Improve route lookup depending on information we get back
...
Kernels don't provide the same information for all routes.
2013-06-21 17:03:22 +02:00
1c697ff1c5
kernel-pfroute: Try to ensure we get a source address or interface name
2013-06-21 17:03:22 +02:00
01955eec71
ike: Force NAT-T/UDP encapsulation if kernel interface requires it
2013-06-21 17:03:21 +02:00
35fe41f7d0
kernel-libipsec: Add a feature to request UDP encapsulation of ESP packets
2013-06-21 17:03:21 +02:00
66aaabf342
tun-device: Packets sent over utun devices on Mac OS X have the protocol family prepended
2013-06-21 17:03:21 +02:00
34b0ad0653
kernel-pfroute: Use DST as nexthop for host routes
...
These are created as cache/clone on Mac OS X.
2013-06-21 17:03:21 +02:00
d6c17e96b2
kernel-pfroute: Implement get_source_addr()
2013-06-21 17:03:21 +02:00
f58f8bf409
kernel-pfroute: Properly install routes with interface and gateway
2013-06-21 17:03:21 +02:00
1f31a2bc2e
kernel-libipsec: Install a gateway for routes on platforms other than Linux
...
This seems required e.g. on FreeBSD but doesn't work on Linux.
2013-06-21 17:03:21 +02:00
93e4df3761
kernel-pfroute: Activate TUN device before setting address
...
On FreeBSD, for some reason, we don't learn the interface is up
otherwise. Even though ifconfig lists it as up at the same time.
2013-06-21 17:03:21 +02:00
c8a56512a6
tun-device: Avoid opening /dev/tunX multiple times (e.g. on FreeBSD)
2013-06-21 17:03:21 +02:00
dcaf8d570c
kernel-libipsec: Router reads packets from multiple TUN devices
...
These devices are collected via kernel_listener_t interface.
2013-06-21 17:03:21 +02:00
7045defbff
kernel-libipsec: Use separate class to route packets between charon, libipsec and TUN device
2013-06-21 17:03:21 +02:00
554c4276a5
kernel-pfroute: Raise tun event when creating/destroying TUN devices for virtual IPs
2013-06-21 17:03:21 +02:00
4868d1c3bc
kernel: Add an event kernel interfaces can raise if they create/destroy a TUN device
2013-06-21 17:03:21 +02:00
0d2ad63fe2
printf-hook: Avoid double-free when freeing Vstr config
...
Thread-specific objects get freed when the thread value object is
destroyed (wasn't the case earlier, i.e. before 2b19dd35
2013-06-21 17:03:20 +02:00
587bdf8768
kernel-libipsec: Track policies and automatically install routes
...
The routes direct traffic matching the remote traffic selector to the
TUN device.
If the remote traffic selector includes the IKE peer a very specific route
is installed to allow IKE traffic.
2013-06-21 17:03:20 +02:00
44a49681fd
kernel-libipsec: Handle packets between charon socket, libipsec and TUN device
2013-06-21 17:03:20 +02:00
59be6ddd08
kernel-libipsec: Create a TUN device and use it to install virtual IPs
2013-06-21 17:03:20 +02:00
279e0d42bd
kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsec
2013-06-21 17:03:20 +02:00
3cd7ba4960
kernel-netlink: Routes don't require a gateway/nexthop
2013-06-21 17:03:20 +02:00
1b3b7ba54d
charon-cmd: Document auxiliary options
2013-06-21 17:00:49 +02:00
4d62ad7571
charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pages
2013-06-21 16:35:19 +02:00
5991f09565
charon-cmd: Use fixed number of character to align command descriptions
...
If the command and argument is longer than that write the first line of
description to the following line.
2013-06-21 16:04:46 +02:00
5e185047e1
charon-cmd: Shortened and fixed command descriptions
2013-06-21 16:04:45 +02:00
463314b55a
charon-cmd: Simplify usage output for authentication profiles
...
The man page describes the min full.
2013-06-21 16:04:45 +02:00
e8d6b91ebd
charon-cmd: Add Aggressive Mode profiles to man page
2013-06-21 16:04:45 +02:00
0d60489bf8
charon-cmd: Add man page for charon-cmd(8)
2013-06-21 16:04:45 +02:00
295d595b49
charon-cmd: Add --debug argument to set the default log level
2013-06-21 15:55:52 +02:00
4049ec42bf
charon-cmd: Handle simple command line arguments like --help before the others
2013-06-21 15:51:42 +02:00
0d25c4ef87
plugin-loader: Move logging of failed features to status()
...
Still log an error message if critical features fail, as loaded
plugins/features are not logged in that case.
This way loaded plugins are printed before failed features and
the relation is easier to make for users. It also allows programs
to log this message on a different level.
2013-06-21 15:22:46 +02:00
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
34ee14dd28
plugin-loader: Collect statistics while loading features, print them in case features failed to load
...
There is no need to explicitly search for failed features in critical
plugins as this is now detected while loading the features.
2013-06-21 15:13:25 +02:00
681e53c70c
plugin-loader: Use different log level if failed feature is in critical plugin
2013-06-21 15:13:25 +02:00
13d2d8f634
plugin-loader: Log message when failing to load plugin
2013-06-21 15:13:25 +02:00
51b9d7513d
plugin-loader: Reduce verbosity while loading plugins
2013-06-21 15:13:25 +02:00
0adf165c7e
Fix crash if the initiator has no suitable proposal available
...
Could be triggered with a typo in the ike or esp options when ! is used.
2013-06-21 11:09:03 +02:00
9d6a147c81
Merge branch 'unit-tests-ecdsa'
...
Adds support for testing plugin functionality to test-runner. Introduces some
good/bad tests for ECDSA/RSA which would have caught those RSA/ECDSA signature
vulnerabilities.
2013-06-21 10:53:23 +02:00
092550b03a
leak-detective: (re-)whitelist some OpenSSL functions
...
Some static allocations in plugins won't get freed, because in the test case
process the plugins are not destroyed. If a plugin would clean up allocations
done while just using the plugin, these show up as leak in the child process,
letting tests fail.
2013-06-21 10:53:23 +02:00
ef687db734
unit-tests: load plugins in test-runner from build directory
2013-06-21 10:53:23 +02:00
b950fc48da
unit-tests: link test-runner against -lpthread
2013-06-21 10:53:23 +02:00
1ffdb4f3d0
unit-tester: remove obsolete rsa_gen test, now covered in unit-tests
2013-06-21 10:53:23 +02:00
df1a1a0901
unit-tests: add RSA test cases, very similar to ECDSA
2013-06-21 10:53:23 +02:00
eabf4af0f8
unit-tests: test with /dev/urandom if random plugin is in use
2013-06-21 10:53:22 +02:00
d0c09c84a5
unit-tests: test supported ECDSA schemes only
2013-06-21 10:53:22 +02:00
2bedb0f270
Move test-runners has_feature() function to plugin loader
2013-06-21 10:53:22 +02:00
Tobias Brunner