Tobias Brunner
6364219281
Merge branch 'ipsec.conf-parser'
...
Replaces the ipsec.conf parser in starter. The new parser is also based
on flex/bison but it simply returns key/value collections of all sections.
It already resolves also= and allows overriding options in all included
sections (not only %default), options set in included section can also
be cleared again (key=). It provides other improvements too, like quoted
strings (with escape sequences), unlimited includes and better
whitespace/comment handling.
Fixes #423 .
Fixes #560 .
2014-06-19 14:09:09 +02:00
Tobias Brunner
f4d29bf16d
starter: Don't directly refer to source files in Makefile for unit tests
...
Older versions of automake have trouble recursively cleaning such
constructs properly.
2014-06-19 14:00:49 +02:00
Tobias Brunner
6719c4c828
starter: Explicitly allow @# at the beginning of strings
...
Since we treat everything after # as comment identities of type
ID_KEY_ID couldn't be parsed otherwise, unless quoted.
2014-06-19 14:00:49 +02:00
Tobias Brunner
2d88617e7d
starter: Add --conftest option to test ipsec.conf syntax
2014-06-19 14:00:49 +02:00
Tobias Brunner
a953f3ad4a
starter: Remove old parser
2014-06-19 14:00:49 +02:00
Tobias Brunner
81ba3c1a5e
starter: Use new parser to read config file
2014-06-19 14:00:49 +02:00
Tobias Brunner
640c75bb2e
starter: Move kw_entry_t definition
2014-06-19 14:00:49 +02:00
Tobias Brunner
8839796c3e
starter: Remove unused ARG_LST argument type
2014-06-19 14:00:49 +02:00
Tobias Brunner
f245ac6cc0
starter: Add tests for ipsec.conf parser
2014-06-19 14:00:48 +02:00
Tobias Brunner
a1625fdc9b
unit-tests: Make fixture functions optional
2014-06-19 14:00:48 +02:00
Tobias Brunner
f609682e5d
starter: Add new bison/flex based parser for ipsec.conf
...
The parser simply returns key/value pairs of all sections, it already
resolves also= and allows overriding options in all included sections
(not only %default), options set in included section can also be cleared
again (key=).
It provides other improvements too, like quoted strings (with escape
sequences), unlimited includes and better whitespace/comment handling.
2014-06-19 14:00:48 +02:00
Tobias Brunner
4ef86a849b
starter: Remove out of date README
2014-06-19 14:00:48 +02:00
Tobias Brunner
9dbf2019e2
collections: Add interface for read-only dictionaries
2014-06-19 14:00:48 +02:00
Tobias Brunner
3c206f2e81
hashtable: Add destroy_function method
2014-06-19 14:00:48 +02:00
Tobias Brunner
dcb168413f
stroke: Add --daemon option
2014-06-19 13:56:38 +02:00
Tobias Brunner
02de66e1bf
starter: Use stream abstraction to communicate with stroke plugin
2014-06-19 13:56:37 +02:00
Tobias Brunner
906a409608
stroke: Use stream abstraction to communicate with stroke plugin
...
Without this changing charon.plugins.stroke.socket would not really
work.
2014-06-19 13:56:37 +02:00
Martin Willi
b384daafde
winhttp: Fix a typo to properly release connection handle
...
Fixes a rather large memory leak in HTTP fetches.
2014-06-19 11:09:20 +02:00
Martin Willi
9f950af17a
load-tester: Add a crl option to include a CRL uri in generated certificates
2014-06-19 10:48:27 +02:00
Martin Willi
8b855a97c2
bus: Properly va_copy() argument list before passing it to printf() functions
...
As we later potentially use args again, we can't consume it with printf
functions without copying it first. Clone list before passing it to any
consuming function.
Fixes #621 .
2014-06-19 10:10:54 +02:00
Martin Willi
758dc8a953
child-sa: Set replay window on both inbound and outbound SA
...
While the outbound SA actually does not need a replay window, the kernel rejects
zero replay windows on SAs using ESN. The ESN flag is required to use the full
sequence number in ICV calculation, hence we set the replay window.
This restores the behavior we had before 30c009c2
.
2014-06-18 16:54:19 +02:00
Martin Willi
8b9b11919d
kernel-netlink: Never use XFRMA_REPLAY_ESN_VAL to configure zero replay windows
...
Trying to disable replay windows using the ESN attribute fails with EINVAL.
Use non-ESN legacy format to disable replay windows, even if ESN has been
negotiated over IKE.
2014-06-18 15:04:57 +02:00
Andreas Steffen
d345f0b75d
Added swanctl/net2net-route scenario
2014-06-18 14:57:33 +02:00
Andreas Steffen
3f5f0b8940
Added swanctl/net2net-start scenario
2014-06-18 14:35:59 +02:00
Andreas Steffen
4402bae77d
Minor changes in swanctl scenarios
2014-06-18 14:35:36 +02:00
Andreas Steffen
927dff2366
The policy_started check is not needed any more
2014-06-18 14:01:02 +02:00
Andreas Steffen
ed42874645
Added swanctl --list-pols and swanctl --stats do scenario log
2014-06-18 13:16:18 +02:00
Tobias Brunner
d6f0372daf
testing: Delete accidentally committed test cases
2014-06-18 09:38:53 +02:00
Tobias Brunner
abe116cdf8
ikev1: Allow late connection switching based on XAuth username
2014-06-18 09:30:07 +02:00
Tobias Brunner
aba55fdffe
identification: Only use either , or / to separate RDNs
...
If a DN starts with a slash (or whitespace and a slash) slashes will
be used, otherwise commas.
2014-06-18 09:24:03 +02:00
Tobias Brunner
846fd70eec
sshkey: Fix loading of ECDSA keys from files
2014-06-18 09:16:24 +02:00
Tobias Brunner
1cda692110
sshkey: Add support to parse SSH public keys from files with left|rightsigkey
2014-06-18 09:16:24 +02:00
Martin Willi
97dafa16a0
Merge branch 'vici-stats'
...
Add a vici/swanctl "stats" command to print daemon info, similar to the header
shown in "ipsec statusall".
2014-06-17 17:56:05 +02:00
Martin Willi
5885ec2a27
vici: Support memory stats without leak-detective on Windows
2014-06-17 17:55:45 +02:00
Martin Willi
df93458685
swanctl: Add a --stats command to print daemon infos and statistics
2014-06-17 17:55:45 +02:00
Martin Willi
65689ce76a
vici: Add a stats command returning various daemon infos and statistics
2014-06-17 17:55:45 +02:00
Martin Willi
19ea055092
swanctl: Support private key decryption passhprases in swanctl.conf
...
While there is no real security benefit of storing private keys encrypted if
the passphrase is stored along with it, there still seems to be demand for this
functionality. We add it for compatibility with ipsec.secrets, even if it is
not really recommended.
2014-06-17 17:52:14 +02:00
Martin Willi
28e0f9b57d
Merge branch 'conn-specific-replay'
...
Introduces a connection specific replay_window option, overriding the global
charon.replay_window strongswan.conf option. Original patch courtesy of
Zheng Zhong and Christophe Gouault from 6Wind.
2014-06-17 16:50:14 +02:00
Martin Willi
52d77f3290
NEWS: Mention replay_window ipsec.conf option
2014-06-17 16:49:02 +02:00
Martin Willi
5b7725f3b0
swanctl: Document replay_window option
2014-06-17 16:49:02 +02:00
Martin Willi
d73a46171d
vici: Support a replay_window CHILD_SA option
2014-06-17 16:41:31 +02:00
Martin Willi
d5367d2262
starter: Add a replay_window connection option
2014-06-17 16:41:31 +02:00
Martin Willi
823ce4a37f
kernel-pfkey: Support connection specific replay window sizes up to 32 packets
2014-06-17 16:41:30 +02:00
Martin Willi
44098fbaca
kernel-netlink: Support connection specific replay window sizes
2014-06-17 16:41:30 +02:00
Martin Willi
30c009c2fe
kernel-interface: Add a replay_window parameter to add_sa()
2014-06-17 16:41:30 +02:00
Martin Willi
bdcaa5e680
child-cfg: Store connection specific replay window on CHILD_SA config
2014-06-17 15:42:02 +02:00
Martin Willi
a2c2ce9693
Merge branch 'win-errno'
...
Improves errno handling for Winsock2 compatibility functions.
2014-06-17 15:24:06 +02:00
Martin Willi
dff39a4c5b
windows: Declare strerror_s()
...
Older MinGW versions seem to miss this function declaration. Fixes build on
Travis using Ubuntu 12.04.
2014-06-17 15:23:33 +02:00
Martin Willi
1bcf850738
windows: Extend strerror_r/s by extended POSIX errno strings
2014-06-17 15:23:33 +02:00
Martin Willi
c2119cded4
windows: Implement strerror_r using strerror_s
2014-06-17 15:23:33 +02:00