Martin Willi
1ba62b5562
loading default modules depending on configure options
2008-05-16 08:52:32 +00:00
Martin Willi
a3d92a3745
plugin load configuration in strongswan.conf
...
some components accept a "component.load" option with a space separated list of plugins to load
libcharon- plugins are now handled the same way as libstrongswan- plugins
2008-05-15 14:01:26 +00:00
Martin Willi
25b12c696b
replaced --with-gid/uid by --with-group/user
...
using named users, groups
fixed capability dropping in pluto
2008-05-08 10:58:04 +00:00
Martin Willi
5d892343fa
using capset version 1 if a newer is available
2008-05-07 08:46:37 +00:00
Martin Willi
b360e3933d
respecting ipsec.conf cachecrls= option
2008-04-17 15:01:57 +00:00
Martin Willi
46a5604a04
splitted IKE_SA manager destroy to allow plugin interaction
2008-04-17 10:46:25 +00:00
Martin Willi
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
Martin Willi
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
Martin Willi
ff867d062e
added ./configure option --with-strongswan-conf=
...
defaults to /etc/strongswan.conf
2008-04-07 06:56:33 +00:00
Tobias Brunner
84b18d5fc7
replaced mutex in leak detective with thread scheduling
2008-04-03 09:24:35 +00:00
Martin Willi
6af29ccf33
configure option in strongswan.conf for thread count
2008-04-03 08:37:24 +00:00
Tobias Brunner
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Martin Willi
733f336ad3
socket_t implementation withouth raw sockets
...
--disable-raw-socket configure option
prevents charon/pluto to run in parallel
2007-11-26 11:20:00 +00:00
Tobias Brunner
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
Martin Willi
92232dab33
fixed stuid()/setgid() and error handling
2007-10-01 09:07:10 +00:00
Martin Willi
055d016b49
changed inheritable capability set to the permitted one to execute firewall script with CAP_NET_ADMIN
2007-09-28 07:04:09 +00:00
Martin Willi
c295d0eb4b
refactored strongswan manager
...
removed buggy request parsing code, use ClearSilvers CGI kit instead
fixed CHILD_SA listing in manager (needs better design)
using secure XML communication through unix sockets
removed images with questionable (non-GPL) license
2007-09-26 14:02:21 +00:00
Martin Willi
39cc6d1ad7
fixed shutdown order to prevent crash when kernel interface schedules events
2007-09-12 07:12:25 +00:00
Andreas Steffen
f5da63e937
correct debug
2007-09-02 15:59:59 +00:00
Andreas Steffen
0bc5a23023
renamed integrity check to integrity test
2007-08-29 10:36:08 +00:00
Andreas Steffen
ab13376877
fips_verify_hmac_signature() now returns a boolean status
2007-08-29 09:43:02 +00:00
Andreas Steffen
2fb15ac606
changed interface of fips_verify_hmac_signature
2007-08-29 05:43:45 +00:00
Andreas Steffen
55434a1ba5
started implementation of libstrongswan code integrity check
2007-08-29 00:37:10 +00:00
Andreas Steffen
84db83336b
support of ipsec rereadsecrets for stroke
2007-08-10 07:16:32 +00:00
Martin Willi
4cb9d7a758
further fixed for mobike roaming
2007-06-25 13:26:02 +00:00
Martin Willi
02b3ec0a10
implemented address change notification (for MOBIKE)
...
implemented up to date address list cache to list interfaces
2007-06-14 15:16:15 +00:00
Martin Willi
9fe1a1ca76
introduced callback_job:
...
simple asynchronous method invocation
use daemons thread pool for all threads
proper cancellation and cleanups
cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
2007-06-11 10:57:19 +00:00
Martin Willi
a6a039aa10
simplified capability dropping
2007-05-09 13:12:06 +00:00
Martin Willi
3cd3f48428
properly implemented interface_managers initiate, terminte_[ike|child]
...
proper thread release when stroke is CTRL+C'ed
fixed some permission issues
2007-05-09 12:33:08 +00:00
Martin Willi
6874bf698c
changing UID/GID after startup of pluto/charon
...
added --with-uid/--with-gid configure option
2007-05-07 12:38:46 +00:00
Martin Willi
66560f4267
reducing capabilities of the threads to a minimum
...
proper flush of pending packets on daemon shutdown
adding local address as gateway address in dynamic route
2007-05-03 14:21:22 +00:00
Martin Willi
a84fb01b96
restructuring of configuration backends
...
added propotypes of new control interfaces (xml & dbus)
introduced loadable:
configuration backends
control interfaces
using pluggable modules as in EAP
2007-04-27 14:25:08 +00:00
Andreas Steffen
4841189b72
implementation of strictcrlpolicy=ifuri
2007-04-20 11:12:08 +00:00
Martin Willi
217e985b41
moved initiate() code to the generic controller_t class
2007-04-16 12:52:49 +00:00
Andreas Steffen
f880eb2dca
started support of X.509 attribute certificates
2007-04-12 17:49:33 +00:00
Martin Willi
3b138b8422
cleaned up apidoc
...
added some comments
removed configuration.[ch], as it does not make sense like it is
2007-04-11 07:20:39 +00:00
Martin Willi
e0fe765152
restructured file layout
...
new configuration structure:
peer_cfg: configuration related to a peer (authenitcation, ...=
ike_cfg: config to use for IKE setup (proposals)
child_Cfg: config for CHILD_SA (proposals, traffic selectors)
a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
2007-04-10 06:01:03 +00:00
Andreas Steffen
8883eef7b8
support cachecrls=yes
2007-04-05 17:07:14 +00:00
Andreas Steffen
e58afb1a0a
support of crlcheckinterval=0 to disable IKEv2 CRL fetching
2007-04-04 07:49:05 +00:00
Martin Willi
4deb89485c
removed send_queue, handled internally in sender_t know
...
do header parsing in receiver, ready for cookie integration
2007-03-28 13:34:02 +00:00
Andreas Steffen
54645fb275
added fetcher_finalize() to clean up libcurl
2007-03-08 17:00:32 +00:00
Andreas Steffen
9149635ffa
support if ocsp signing certificates
2007-03-08 16:47:18 +00:00
Andreas Steffen
78703918aa
http post fetching using libcurl implemented
2007-03-07 19:28:03 +00:00
Martin Willi
373b8a607f
fixed netlink socket receiver code
...
implemented interface enumeration code with netlink: no getifaddrs reqired anymore
2007-03-03 14:56:24 +00:00
Martin Willi
f27f6296e6
merged EAP framework from branch into trunk
...
includes a lot of other modifications
2007-02-12 15:56:47 +00:00
Martin Willi
5347a84f81
fixed HAVE_BACKTRACE checks
...
starter Makefile now uses proper $(COMPILE) to build pluto objects
2006-12-11 09:29:34 +00:00
Martin Willi
e696757c47
made backtrace() calls optional to support uClibc
2006-12-06 13:59:13 +00:00
Martin Willi
db7ef62494
better split up of library files "types.h" & "definitions.h"
...
centralized all printf specifier character definitions
reuse of arginfo handlers
more cleanups
fixed more AMD64 issues
added DEBUG_LEVEL compile flag to exclude DBGn() statements
2006-10-31 12:27:59 +00:00
Martin Willi
b83806d83d
improved signal handling and emitting
2006-10-26 09:46:56 +00:00