ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
2,613 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

70 Commits

Author SHA1 Message Date
Martin Willi 1ba62b5562 loading default modules depending on configure options 2008-05-16 08:52:32 +00:00
Martin Willi a3d92a3745 plugin load configuration in strongswan.conf 
some components accept a "component.load" option with a space separated list of plugins to load
  libcharon- plugins are now handled the same way as libstrongswan- plugins
 2008-05-15 14:01:26 +00:00
Martin Willi 25b12c696b replaced --with-gid/uid by --with-group/user 
using named users, groups
fixed capability dropping in pluto
 2008-05-08 10:58:04 +00:00
Martin Willi 5d892343fa using capset version 1 if a newer is available 2008-05-07 08:46:37 +00:00
Martin Willi b360e3933d respecting ipsec.conf cachecrls= option 2008-04-17 15:01:57 +00:00
Martin Willi 46a5604a04 splitted IKE_SA manager destroy to allow plugin interaction 2008-04-17 10:46:25 +00:00
Martin Willi 6a365f0740 added API for random number generators, served through credential factory 
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
 2008-04-15 05:56:35 +00:00
Martin Willi cdcfe777f4 implementation of an CFG attribute framework, currently supporting virtual IPs 
updated ipsec.conf sourceip parameter to support
	CIDR notatation to serve from a pool
	%poolname to query a separate (database?) pool
 2008-04-09 12:54:47 +00:00
Martin Willi ff867d062e added ./configure option --with-strongswan-conf= 
defaults to /etc/strongswan.conf
 2008-04-07 06:56:33 +00:00
Tobias Brunner 84b18d5fc7 replaced mutex in leak detective with thread scheduling 2008-04-03 09:24:35 +00:00
Martin Willi 6af29ccf33 configure option in strongswan.conf for thread count 2008-04-03 08:37:24 +00:00
Tobias Brunner dc04b7c743 mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed 2008-03-26 18:40:19 +00:00
Martin Willi 552cc11b1f merged the modularization branch (credentials) back to trunk 2008-03-13 14:14:44 +00:00
Martin Willi 733f336ad3 socket_t implementation withouth raw sockets 
--disable-raw-socket configure option
  prevents charon/pluto to run in parallel
 2007-11-26 11:20:00 +00:00
Tobias Brunner d5cc175833 experimental P2P-NAT-T for IKEv2 merged back from branch 2007-10-03 15:10:41 +00:00
Martin Willi 92232dab33 fixed stuid()/setgid() and error handling 2007-10-01 09:07:10 +00:00
Martin Willi 055d016b49 changed inheritable capability set to the permitted one to execute firewall script with CAP_NET_ADMIN 2007-09-28 07:04:09 +00:00
Martin Willi c295d0eb4b refactored strongswan manager 
removed buggy request parsing code, use ClearSilvers CGI kit instead
fixed CHILD_SA listing in manager (needs better design)
using secure XML communication through unix sockets
removed images with questionable (non-GPL) license
 2007-09-26 14:02:21 +00:00
Martin Willi 39cc6d1ad7 fixed shutdown order to prevent crash when kernel interface schedules events 2007-09-12 07:12:25 +00:00
Andreas Steffen f5da63e937 correct debug 2007-09-02 15:59:59 +00:00
Andreas Steffen 0bc5a23023 renamed integrity check to integrity test 2007-08-29 10:36:08 +00:00
Andreas Steffen ab13376877 fips_verify_hmac_signature() now returns a boolean status 2007-08-29 09:43:02 +00:00
Andreas Steffen 2fb15ac606 changed interface of fips_verify_hmac_signature 2007-08-29 05:43:45 +00:00
Andreas Steffen 55434a1ba5 started implementation of libstrongswan code integrity check 2007-08-29 00:37:10 +00:00
Andreas Steffen 84db83336b support of ipsec rereadsecrets for stroke 2007-08-10 07:16:32 +00:00
Martin Willi 4cb9d7a758 further fixed for mobike roaming 2007-06-25 13:26:02 +00:00
Martin Willi 02b3ec0a10 implemented address change notification (for MOBIKE) 
implemented up to date address list cache to list interfaces
 2007-06-14 15:16:15 +00:00
Martin Willi 9fe1a1ca76 introduced callback_job: 
simple asynchronous method invocation
  use daemons thread pool for all threads
  proper cancellation and cleanups
  cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
 2007-06-11 10:57:19 +00:00
Martin Willi a6a039aa10 simplified capability dropping 2007-05-09 13:12:06 +00:00
Martin Willi 3cd3f48428 properly implemented interface_managers initiate, terminte_[ike|child] 
proper thread release when stroke is CTRL+C'ed
fixed some permission issues
 2007-05-09 12:33:08 +00:00
Martin Willi 6874bf698c changing UID/GID after startup of pluto/charon 
added --with-uid/--with-gid configure option
 2007-05-07 12:38:46 +00:00
Martin Willi 66560f4267 reducing capabilities of the threads to a minimum 
proper flush of pending packets on daemon shutdown
adding local address as gateway address in dynamic route
 2007-05-03 14:21:22 +00:00
Martin Willi a84fb01b96 restructuring of configuration backends 
added propotypes of new control interfaces (xml & dbus)
introduced loadable:
  configuration backends
  control interfaces
using pluggable modules as in EAP
 2007-04-27 14:25:08 +00:00
Andreas Steffen 4841189b72 implementation of strictcrlpolicy=ifuri 2007-04-20 11:12:08 +00:00
Martin Willi 217e985b41 moved initiate() code to the generic controller_t class 2007-04-16 12:52:49 +00:00
Andreas Steffen f880eb2dca started support of X.509 attribute certificates 2007-04-12 17:49:33 +00:00
Martin Willi 3b138b8422 cleaned up apidoc 
added some comments
removed configuration.[ch], as it does not make sense like it is
 2007-04-11 07:20:39 +00:00
Martin Willi e0fe765152 restructured file layout 
new configuration structure:
  peer_cfg: configuration related to a peer (authenitcation, ...=
  ike_cfg: config to use for IKE setup (proposals)
  child_Cfg: config for CHILD_SA (proposals, traffic selectors)
  a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
 2007-04-10 06:01:03 +00:00
Andreas Steffen 8883eef7b8 support cachecrls=yes 2007-04-05 17:07:14 +00:00
Andreas Steffen e58afb1a0a support of crlcheckinterval=0 to disable IKEv2 CRL fetching 2007-04-04 07:49:05 +00:00
Martin Willi 4deb89485c removed send_queue, handled internally in sender_t know 
do header parsing in receiver, ready for cookie integration
 2007-03-28 13:34:02 +00:00
Andreas Steffen 54645fb275 added fetcher_finalize() to clean up libcurl 2007-03-08 17:00:32 +00:00
Andreas Steffen 9149635ffa support if ocsp signing certificates 2007-03-08 16:47:18 +00:00
Andreas Steffen 78703918aa http post fetching using libcurl implemented 2007-03-07 19:28:03 +00:00
Martin Willi 373b8a607f fixed netlink socket receiver code 
implemented interface enumeration code with netlink: no getifaddrs reqired anymore
 2007-03-03 14:56:24 +00:00
Martin Willi f27f6296e6 merged EAP framework from branch into trunk 
includes a lot of other modifications
 2007-02-12 15:56:47 +00:00
Martin Willi 5347a84f81 fixed HAVE_BACKTRACE checks 
starter Makefile now uses proper $(COMPILE) to build pluto objects
 2006-12-11 09:29:34 +00:00
Martin Willi e696757c47 made backtrace() calls optional to support uClibc 2006-12-06 13:59:13 +00:00
Martin Willi db7ef62494 better split up of library files "types.h" & "definitions.h" 
centralized all printf specifier character definitions
reuse of arginfo handlers
more cleanups
fixed more AMD64 issues
added DEBUG_LEVEL compile flag to exclude DBGn() statements
 2006-10-31 12:27:59 +00:00
Martin Willi b83806d83d improved signal handling and emitting 2006-10-26 09:46:56 +00:00