ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
11,282 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

11282 Commits

Author SHA1 Message Date
Tobias Brunner 35fe41f7d0 kernel-libipsec: Add a feature to request UDP encapsulation of ESP packets 2013-06-21 17:03:21 +02:00
Tobias Brunner 66aaabf342 tun-device: Packets sent over utun devices on Mac OS X have the protocol family prepended 2013-06-21 17:03:21 +02:00
Tobias Brunner 34b0ad0653 kernel-pfroute: Use DST as nexthop for host routes 
These are created as cache/clone on Mac OS X.
 2013-06-21 17:03:21 +02:00
Tobias Brunner d6c17e96b2 kernel-pfroute: Implement get_source_addr() 2013-06-21 17:03:21 +02:00
Tobias Brunner f58f8bf409 kernel-pfroute: Properly install routes with interface and gateway 2013-06-21 17:03:21 +02:00
Tobias Brunner 1f31a2bc2e kernel-libipsec: Install a gateway for routes on platforms other than Linux 
This seems required e.g. on FreeBSD but doesn't work on Linux.
 2013-06-21 17:03:21 +02:00
Tobias Brunner 93e4df3761 kernel-pfroute: Activate TUN device before setting address 
On FreeBSD, for some reason, we don't learn the interface is up
otherwise.  Even though ifconfig lists it as up at the same time.
 2013-06-21 17:03:21 +02:00
Tobias Brunner c8a56512a6 tun-device: Avoid opening /dev/tunX multiple times (e.g. on FreeBSD) 2013-06-21 17:03:21 +02:00
Tobias Brunner dcaf8d570c kernel-libipsec: Router reads packets from multiple TUN devices 
These devices are collected via kernel_listener_t interface.
 2013-06-21 17:03:21 +02:00
Tobias Brunner 7045defbff kernel-libipsec: Use separate class to route packets between charon, libipsec and TUN device 2013-06-21 17:03:21 +02:00
Tobias Brunner 554c4276a5 kernel-pfroute: Raise tun event when creating/destroying TUN devices for virtual IPs 2013-06-21 17:03:21 +02:00
Tobias Brunner 4868d1c3bc kernel: Add an event kernel interfaces can raise if they create/destroy a TUN device 2013-06-21 17:03:21 +02:00
Tobias Brunner 0d2ad63fe2 printf-hook: Avoid double-free when freeing Vstr config 
Thread-specific objects get freed when the thread value object is
destroyed (wasn't the case earlier, i.e. before 2b19dd35), which
may cause the second call to vstr_free_conf() to fail in an assert
in Vstr (depending on how it was built).
 2013-06-21 17:03:20 +02:00
Tobias Brunner 587bdf8768 kernel-libipsec: Track policies and automatically install routes 
The routes direct traffic matching the remote traffic selector to the
TUN device.

If the remote traffic selector includes the IKE peer a very specific route
is installed to allow IKE traffic.
 2013-06-21 17:03:20 +02:00
Tobias Brunner 44a49681fd kernel-libipsec: Handle packets between charon socket, libipsec and TUN device 2013-06-21 17:03:20 +02:00
Tobias Brunner 59be6ddd08 kernel-libipsec: Create a TUN device and use it to install virtual IPs 2013-06-21 17:03:20 +02:00
Tobias Brunner 279e0d42bd kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsec 2013-06-21 17:03:20 +02:00
Tobias Brunner 3cd7ba4960 kernel-netlink: Routes don't require a gateway/nexthop 2013-06-21 17:03:20 +02:00
Tobias Brunner 1b3b7ba54d charon-cmd: Document auxiliary options 2013-06-21 17:00:49 +02:00
Tobias Brunner 4d62ad7571 charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pages 2013-06-21 16:35:19 +02:00
Tobias Brunner 5991f09565 charon-cmd: Use fixed number of character to align command descriptions 
If the command and argument is longer than that write the first line of
description to the following line.
 2013-06-21 16:04:46 +02:00
Tobias Brunner 5e185047e1 charon-cmd: Shortened and fixed command descriptions 2013-06-21 16:04:45 +02:00
Tobias Brunner 463314b55a charon-cmd: Simplify usage output for authentication profiles 
The man page describes the min full.
 2013-06-21 16:04:45 +02:00
Tobias Brunner e8d6b91ebd charon-cmd: Add Aggressive Mode profiles to man page 2013-06-21 16:04:45 +02:00
Tobias Brunner 0d60489bf8 charon-cmd: Add man page for charon-cmd(8) 2013-06-21 16:04:45 +02:00
Tobias Brunner 295d595b49 charon-cmd: Add --debug argument to set the default log level 2013-06-21 15:55:52 +02:00
Tobias Brunner 4049ec42bf charon-cmd: Handle simple command line arguments like --help before the others 2013-06-21 15:51:42 +02:00
Tobias Brunner 0d25c4ef87 plugin-loader: Move logging of failed features to status() 
Still log an error message if critical features fail, as loaded
plugins/features are not logged in that case.

This way loaded plugins are printed before failed features and
the relation is easier to make for users.  It also allows programs
to log this message on a different level.
 2013-06-21 15:22:46 +02:00
Tobias Brunner 607f8e9906 plugin-loader: Add method to print loaded plugins on a given log level 2013-06-21 15:17:53 +02:00
Tobias Brunner 34ee14dd28 plugin-loader: Collect statistics while loading features, print them in case features failed to load 
There is no need to explicitly search for failed features in critical
plugins as this is now detected while loading the features.
 2013-06-21 15:13:25 +02:00
Tobias Brunner 681e53c70c plugin-loader: Use different log level if failed feature is in critical plugin 2013-06-21 15:13:25 +02:00
Tobias Brunner 13d2d8f634 plugin-loader: Log message when failing to load plugin 2013-06-21 15:13:25 +02:00
Tobias Brunner 51b9d7513d plugin-loader: Reduce verbosity while loading plugins 2013-06-21 15:13:25 +02:00
Tobias Brunner 0adf165c7e Fix crash if the initiator has no suitable proposal available 
Could be triggered with a typo in the ike or esp options when ! is used.
 2013-06-21 11:09:03 +02:00
Martin Willi 9d6a147c81 Merge branch 'unit-tests-ecdsa' 
Adds support for testing plugin functionality to test-runner. Introduces some
good/bad tests for ECDSA/RSA which would have caught those RSA/ECDSA signature
vulnerabilities.
 2013-06-21 10:53:23 +02:00
Martin Willi 092550b03a leak-detective: (re-)whitelist some OpenSSL functions 
Some static allocations in plugins won't get freed, because in the test case
process the plugins are not destroyed. If a plugin would clean up allocations
done while just using the plugin, these show up as leak in the child process,
letting tests fail.
 2013-06-21 10:53:23 +02:00
Martin Willi ef687db734 unit-tests: load plugins in test-runner from build directory 2013-06-21 10:53:23 +02:00
Martin Willi b950fc48da unit-tests: link test-runner against -lpthread 2013-06-21 10:53:23 +02:00
Martin Willi 1ffdb4f3d0 unit-tester: remove obsolete rsa_gen test, now covered in unit-tests 2013-06-21 10:53:23 +02:00
Martin Willi df1a1a0901 unit-tests: add RSA test cases, very similar to ECDSA 2013-06-21 10:53:23 +02:00
Martin Willi eabf4af0f8 unit-tests: test with /dev/urandom if random plugin is in use 2013-06-21 10:53:22 +02:00
Martin Willi d0c09c84a5 unit-tests: test supported ECDSA schemes only 2013-06-21 10:53:22 +02:00
Martin Willi 2bedb0f270 Move test-runners has_feature() function to plugin loader 2013-06-21 10:53:22 +02:00
Martin Willi df76881f11 unit-tests: enforce CET/CEST timezone to properly test non-UTC time formatting 2013-06-21 10:53:22 +02:00
Martin Willi 44886a0667 unit-tests: don't use ck_assert() to test a cleared chunk, as it allocates data 
The new allocation might be in the freed area, affecting the test result.
 2013-06-21 10:53:22 +02:00
Martin Willi 52bff13848 unit-tests: define 64-bit constats with ULL, fixing compiler warning on 32-bit 2013-06-21 10:53:22 +02:00
Martin Willi a5b63a3e5c Limit cleanup of .gc{no,da} files to src and scripts subfolders 
Other folders in the build tree might not be related to the strongSwan tree,
or are not even accessible.
 2013-06-21 10:53:21 +02:00
Martin Willi a88cab095d unit-tests: test some zeroed ECDSA signatures that never should succeed 2013-06-21 10:53:21 +02:00
Martin Willi 7e23f53242 unit-tests: perform signing/validation with keys ECDSA keys generated or loaded 2013-06-21 10:53:21 +02:00
Martin Willi eabb0befdc unit-tests: add an ECDSA test case loading keys 2013-06-21 10:53:21 +02:00