ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
14,077 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

413 Commits

Author SHA1 Message Date
Tobias Brunner 79ebdc0788 starter: Merge quoted strings that span multiple lines 2015-03-20 18:37:22 +01:00
Martin Willi eaa964b34e starter: Fail sending stroke message if a string exceeds the buffer size 
Instead of silently setting the string value to NULL, we fail completely in
sending the message to notify the user.

Fixes #844.
 2015-02-06 16:44:27 +01:00
Maks Naumov aa71c19e5c starter: Fix mark_out.mask in starter_cmp_conn() 2015-01-12 11:17:12 +01:00
Shea Levy 90fe4b3f8a starter: Allow specifying the ipsec.conf location in strongswan.conf 2014-10-02 14:33:08 +02:00
Shea Levy 213e02b872 stroke: Allow specifying the ipsec.secrets location in strongswan.conf 2014-10-02 14:31:00 +02:00
Martin Willi 8986e2da47 starter: Do not close all file descriptors after fork() 
As we use libstrongswan and expect that it still works after the fork, we
can't just closefrom() all file descriptors. Watcher, for example, uses
a pipe to notify FDSET changes, which must be kept open.

Reverts 652ddf5ce2.
 2014-08-25 09:47:46 +02:00
Martin Willi 508f90131a starter: Wait indefinitely for charon when using --attach-gdb 
This makes sure the user has time to set break points etc. before it runs
charon under gdb.
 2014-08-08 16:36:00 +02:00
Thomas Egerer f51c923f69 starter: Don't monitor child if debugger is attached 
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2014-08-08 09:59:57 +02:00
Tobias Brunner d962b25bcb starter: Fix memory leaks and warn if conn/ca sections are ignored due to parse errors 2014-07-18 17:15:15 +02:00
Tobias Brunner 3986c1e3fd autoconf: Replace --disable-tools option with --disable-scepclient 
Since using a separate option for pki this was the only tool that was still
enabled by that option.
 2014-06-30 13:25:13 +02:00
Tobias Brunner cc7c4c3dbd starter: Add starter group and fix formatting of conf_parser_section_t enum 
Make use of the Markdown support in recent Doxygen versions.
 2014-06-30 13:16:16 +02:00
Tobias Brunner 04ff5e58e3 starter: Ingore %default conn and ca sections 2014-06-26 12:23:05 +02:00
Tobias Brunner f4d29bf16d starter: Don't directly refer to source files in Makefile for unit tests 
Older versions of automake have trouble recursively cleaning such
constructs properly.
 2014-06-19 14:00:49 +02:00
Tobias Brunner 6719c4c828 starter: Explicitly allow @# at the beginning of strings 
Since we treat everything after # as comment identities of type
ID_KEY_ID couldn't be parsed otherwise, unless quoted.
 2014-06-19 14:00:49 +02:00
Tobias Brunner 2d88617e7d starter: Add --conftest option to test ipsec.conf syntax 2014-06-19 14:00:49 +02:00
Tobias Brunner a953f3ad4a starter: Remove old parser 2014-06-19 14:00:49 +02:00
Tobias Brunner 81ba3c1a5e starter: Use new parser to read config file 2014-06-19 14:00:49 +02:00
Tobias Brunner 640c75bb2e starter: Move kw_entry_t definition 2014-06-19 14:00:49 +02:00
Tobias Brunner 8839796c3e starter: Remove unused ARG_LST argument type 2014-06-19 14:00:49 +02:00
Tobias Brunner f245ac6cc0 starter: Add tests for ipsec.conf parser 2014-06-19 14:00:48 +02:00
Tobias Brunner f609682e5d starter: Add new bison/flex based parser for ipsec.conf 
The parser simply returns key/value pairs of all sections, it already
resolves also= and allows overriding options in all included sections
(not only %default), options set in included section can also be cleared
again (key=).
It provides other improvements too, like quoted strings (with escape
sequences), unlimited includes and better whitespace/comment handling.
 2014-06-19 14:00:48 +02:00
Tobias Brunner 4ef86a849b starter: Remove out of date README 2014-06-19 14:00:48 +02:00
Tobias Brunner 02de66e1bf starter: Use stream abstraction to communicate with stroke plugin 2014-06-19 13:56:37 +02:00
Martin Willi d5367d2262 starter: Add a replay_window connection option 2014-06-17 16:41:31 +02:00
Tobias Brunner 95d13fcc3f starter: Fix build on Android 
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
 2014-05-28 18:20:42 +02:00
Tobias Brunner 10c4f4e1fd libhydra: Remove unused hydra->daemon 2014-02-12 14:34:32 +01:00
Tobias Brunner 34d3bfcf14 lib: Add global config namespace 2014-02-12 14:34:31 +01:00
Tobias Brunner 20c99edab9 android: Remove dependency on libvstr 2013-11-13 11:40:47 +01:00
Tobias Brunner 434e530f75 ipsec_types: Add utility function to parse mark_t from strings 2013-10-11 15:32:44 +02:00
Martin Willi e48e530b44 starter: Reject connections having both 'ah' and 'esp' keywords set 
We currently don't support mixed proposals or bundles, so don't create the
illusion we would.
 2013-10-11 10:15:21 +02:00
Martin Willi 25f74be8f9 starter: Remove obsolete 'auth' option 2013-10-11 10:15:21 +02:00
Martin Willi a07b97e804 starter: Add an 'ah' keyword for Authentication Header Security Associations 2013-10-11 10:15:20 +02:00
Tobias Brunner a2cebbe674 starter: Don't ignore keyingtries with rekey=no 
Since keyingtries also affects the number of retries initially or when
reestablishing an SA it should not be affected by the rekey option.

Fixes #418.
 2013-09-26 10:17:48 +02:00
Martin Willi 2bae838d5e stroke: re-enable modeconfig keyword 2013-09-04 10:33:38 +02:00
Tobias Brunner 517823b466 starter: Properly refer to the ipsec script if it was renamed 2013-07-22 18:00:19 +02:00
Martin Willi 19cb07b890 automake: replace INCLUDES by AM_CPPFLAGS 
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
 2013-07-18 14:59:19 +02:00
Tobias Brunner b18a531715 plugin-loader: Removed unused path argument of load() method 
Multiple additional search paths can be added with the add_path()
method.
 2013-06-28 10:44:15 +02:00
Tobias Brunner 9afc6e6a70 starter: Make ipsec.conf path configurable via command line 2013-06-21 10:08:56 +02:00
Martin Willi 9a00d9aa2f starter: ignore return value of sete[gu]id(), now having warn_unused_result 2013-06-18 08:54:10 +02:00
Tobias Brunner 87692be215 Load any type (RSA/ECDSA) of public key via left|rightsigkey 2013-05-07 17:08:31 +02:00
Martin Willi 9f1dfd88c8 Use the GEN silent rule when generating gperf files 2013-05-06 15:04:56 +02:00
Tobias Brunner e5d819b617 android: Remove/filter header files from LOCAL_SRC_FILES 
This avoids huge warnings when building the native code.
 2013-03-20 15:24:26 +01:00
Adrian-Ken Rueegsegger 4dc3ef94a1 starter: Make daemon name configurable 
A daemon can be specified using the '--daemon' command line parameter. This
tells starter to invoke a daemon other than 'charon'.

Additionally the ipsec script uses the environment variable DAEMON_NAME to tell
the starter which daemon to use.
 2013-03-19 15:23:45 +01:00
Martin Willi a36b49f3cb Merge branch 'opaque-ports' 
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
 2013-03-01 11:27:12 +01:00
Martin Willi 0e7ef7f522 Optionally support port ranges in leftprotoport 2013-02-21 11:52:33 +01:00
Martin Willi fd658bce28 Support %opaque keyword in leftprotoport for "opaque" ports 2013-02-21 11:52:33 +01:00
Martin Willi cd41b951ee Pass complete port range over stroke interface for more flexibility 2013-02-21 11:52:33 +01:00
Martin Willi 7fbe516f88 Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets 2013-02-06 15:36:36 +01:00
Adrian-Ken Rueegsegger 113ff13322 starter: Add --attach-gdb option to usage text 2013-01-22 11:03:19 +01:00
Tobias Brunner 365d9a6f67 Added an option that allows to force IKEv1 fragmentation 2013-01-12 11:54:32 +01:00