ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
11,755 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

11755 Commits

Author SHA1 Message Date
Martin Willi 4edcc86149 xpc: send child_updown events over XPC channel 2013-07-18 12:17:55 +02:00
Martin Willi d60c8d2c74 xpc: support termination of IKE_SAs using XPC RPC on connection channel 2013-07-18 12:17:55 +02:00
Martin Willi 790ad9e677 xpc: move XPC RPC reply creation to command dispatching 2013-07-18 12:17:55 +02:00
Martin Willi a0c125eacb xpc: terminate daemon when last XPC connection to App gone 2013-07-18 12:17:55 +02:00
Martin Willi 6aae6268d7 xpc: fix some refcounting issues related to XPC connections 2013-07-18 12:17:55 +02:00
Martin Willi 22bffc647d xpc: no need to clear channel table, they are bound to IKE_SA lifetime 2013-07-18 12:17:55 +02:00
Martin Willi 1a3f71d97a xpc: add support for logging over XPC channels 2013-07-18 12:17:55 +02:00
Martin Willi fbc89786b5 xpc: don't warn about pointer signedness mismatch (-Wno-pointer-sign) 2013-07-18 12:17:55 +02:00
Martin Willi dcf8a3c78b xpc: add a description of the basic XPC protocol to README 2013-07-18 12:17:55 +02:00
Martin Willi d5966e71e9 xpc: use the same XPC message "type" mechanism on Mach service as on channels 2013-07-18 12:17:55 +02:00
Martin Willi 39d15dde67 xpc: ask App for passwords using connection specific channel 2013-07-18 12:17:55 +02:00
Martin Willi 8279ce99c4 xpc: use IKE_SA specific XPC return channels for further communication 2013-07-18 12:17:55 +02:00
Martin Willi bc74e18223 xpc: don't send certificate requests, there are too many when using keychain 2013-07-18 12:17:55 +02:00
Martin Willi 5016370390 xpc: build with support for the keychain plugin 2013-07-18 12:17:55 +02:00
Martin Willi e73a653451 xpc: add support for initiate simple IKEv2 EAP connections 2013-07-18 12:17:54 +02:00
Martin Willi 3dcc9d7aa7 xpc: move dispatching to dedicated class, using dedicated thread 2013-07-18 12:17:54 +02:00
Martin Willi 4204d1d71a xpc: use non-inlining variant of vstr, compiler does not like it 2013-07-18 12:17:54 +02:00
Martin Willi 6f8c626b81 xpc: add Xcode project for a charon controlled through XPC 2013-07-18 12:17:54 +02:00
Martin Willi 61177388bd syslog: setlogmask() to include LOG_INFO 
LOG_INFO seems to be excluded by default on some systems (OS X).
 2013-07-18 12:17:54 +02:00
Martin Willi 55dacbfac2 keychain: flush certificate cache after reloading System keychain 2013-07-18 12:17:54 +02:00
Martin Willi 57dce77ba6 keychain: monitor changes in the system keychain, reload when necessary 2013-07-18 12:17:54 +02:00
Martin Willi dcd8bdde4f keychain: use SearchCopyNext keychain enumeration for System certs as well 
SecItemCopyMatching seems to be problematic regarding memory management. And
as there does not seem to be a good alternative to enumerate the System Roots
keychain using the SecItemCopyMatching API, we stick to the deprecated
enumeration functions for now.
 2013-07-18 12:17:54 +02:00
Martin Willi 0bdd453392 keychain: load certificates from System Roots Keychain 2013-07-18 12:17:54 +02:00
Martin Willi bc6c7bf39e keychain: load certificates only once during startup, improving performance 2013-07-18 12:17:54 +02:00
Martin Willi 6f00ddb90c keychain: support on-the-fly enumeration of trusted/untrusted certificates 2013-07-18 12:17:54 +02:00
Martin Willi 7b8edabd8a keychain: add a stub for a credential plugin using OS X Keychain Services 2013-07-18 12:17:54 +02:00
Martin Willi 5d36f04ee2 credmgr: stop querying for secrets once we get a perfect match 2013-07-18 12:17:54 +02:00
Martin Willi 69039e83f8 credmgr: don't use pointers for id_match_t enum values 2013-07-18 12:17:54 +02:00
Martin Willi c3e7b3de0b openssl: parse X.509 extended key usage from extension parsing loop 
Otherwise parsing gets aborted if unknown critical extensions are handled as
error.
 2013-07-18 12:17:53 +02:00
Martin Willi 3f55f203ee openssl: show which critical X.509 extension is not supported 2013-07-18 12:17:53 +02:00
Martin Willi 437a6feb07 hashtable: add common hashtable hash/equals functions for pointer/string keys 2013-07-18 12:17:53 +02:00
Martin Willi 01c0267778 thread: implicitly create thread_t if an external thread calls thread_current() 2013-07-18 12:17:53 +02:00
Tobias Brunner 07a9d5c91a ike: Fix reestablishing SAs if no child-creating tasks are queued 2013-07-18 10:40:08 +02:00
Martin Willi 2b0c8ee37d ike-sa: uninstall CHILD_SAs before removing virtual IPs 
a3854d83 changed cleanup order. But we should remove CHILD_SAs first, as routes
for CHILD_SAs might get deleted while removing virtual IPs, resulting in
an error when a CHILD_SA tries to uninstall its route.
 2013-07-18 10:35:38 +02:00
Tobias Brunner 79b6ead1e4 unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were received 2013-07-17 18:23:57 +02:00
Tobias Brunner 56b0fac8c9 unity: Allow UNITY_LOCAL_LAN to be longer than 8 bytes 2013-07-17 18:23:57 +02:00
Tobias Brunner c7d0b80abb unity: Fix memory leak in provider 2013-07-17 18:23:57 +02:00
Tobias Brunner b2dfa0624d ipsec.conf.5: closeaction is now supported for IKEv1 2013-07-17 18:18:57 +02:00
Tobias Brunner a9ffb48f21 ikev1: Reestablish IKE_SA/CHILD_SAs if it gets deleted by the peer 
We call ike_sa_t.reestablish() so the IKE_SA is only recreated if any
CHILD_SA requires it.
 2013-07-17 18:16:59 +02:00
Tobias Brunner 68db844f99 ike: Migrate queued CHILD_SA-creating tasks when reestablishing an IKE_SA 2013-07-17 18:16:58 +02:00
Oliver Smith b79fdab878 ikev1: Support closeaction of CHILD_SA. 
When a CHILD_SA is closed in IKEv1, if it is not being rekeyed and
closeaction has been set, we can now perform a restart or hold as is
currently done for IKEv2.
 2013-07-17 18:16:58 +02:00
Tobias Brunner 6b99e4b7e0 Merge branch 'kernel-pfroute-mobility' 
This improves the behavior of the kernel-pfroute plugin (and sometimes
the kernel-pfkey plugin) in case of mobility, mostly when used as as
client but also as gateway, if clients are mobile.
 2013-07-17 17:49:26 +02:00
Tobias Brunner fae4d67adc kernel-pfroute: Ignore IP address changes if address is %any 2013-07-17 17:45:18 +02:00
Tobias Brunner b308a97944 kernel-pfroute: Properly enumerate sockaddrs in interface messages 
The ifa_msghdr and rt_msghdr structs are not compatible (at least not on
FreeBSD).
 2013-07-17 17:45:18 +02:00
Tobias Brunner 5310f485d9 kernel-pfroute: Provide name of interfaces on which virtual IPs are installed 2013-07-17 17:45:18 +02:00
Tobias Brunner e9c1ca0278 kernel-pfroute: Ignore virtual IPs in address map 
As the virtual flag is set after the address has been added to the map,
we make sure we ignore virtual IPs when doing lookups.
 2013-07-17 17:45:18 +02:00
Tobias Brunner cb082d15ef kernel-pfroute: Make sure source addresses are not virtual and usable 
It seems we sometimes get the virtual IP as source (with
rightsubnet=0.0.0.0/0) even if the exclude route is already
installed.  Might be a timing issue because shortly afterwards the
lookup seems to succeed.
 2013-07-17 17:45:18 +02:00
Tobias Brunner 527663d6b6 kernel-pfroute: Don't report an error when trying to reinstall a route 2013-07-17 17:45:18 +02:00
Tobias Brunner 8afd0f05e3 kernel-pfkey: Provide interface name when installing exclude route 2013-07-17 17:45:18 +02:00
Tobias Brunner 0745f846d0 kernel-pfroute: Reinstall routes on interface/address changes 2013-07-17 17:45:17 +02:00