Tobias Brunner
79ebdc0788
starter: Merge quoted strings that span multiple lines
2015-03-20 18:37:22 +01:00
Martin Willi
eaa964b34e
starter: Fail sending stroke message if a string exceeds the buffer size
...
Instead of silently setting the string value to NULL, we fail completely in
sending the message to notify the user.
Fixes #844 .
2015-02-06 16:44:27 +01:00
Maks Naumov
aa71c19e5c
starter: Fix mark_out.mask in starter_cmp_conn()
2015-01-12 11:17:12 +01:00
Shea Levy
90fe4b3f8a
starter: Allow specifying the ipsec.conf location in strongswan.conf
2014-10-02 14:33:08 +02:00
Shea Levy
213e02b872
stroke: Allow specifying the ipsec.secrets location in strongswan.conf
2014-10-02 14:31:00 +02:00
Martin Willi
8986e2da47
starter: Do not close all file descriptors after fork()
...
As we use libstrongswan and expect that it still works after the fork, we
can't just closefrom() all file descriptors. Watcher, for example, uses
a pipe to notify FDSET changes, which must be kept open.
Reverts 652ddf5ce2
.
2014-08-25 09:47:46 +02:00
Martin Willi
508f90131a
starter: Wait indefinitely for charon when using --attach-gdb
...
This makes sure the user has time to set break points etc. before it runs
charon under gdb.
2014-08-08 16:36:00 +02:00
Thomas Egerer
f51c923f69
starter: Don't monitor child if debugger is attached
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-08-08 09:59:57 +02:00
Tobias Brunner
d962b25bcb
starter: Fix memory leaks and warn if conn/ca sections are ignored due to parse errors
2014-07-18 17:15:15 +02:00
Tobias Brunner
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
Tobias Brunner
cc7c4c3dbd
starter: Add starter group and fix formatting of conf_parser_section_t enum
...
Make use of the Markdown support in recent Doxygen versions.
2014-06-30 13:16:16 +02:00
Tobias Brunner
04ff5e58e3
starter: Ingore %default conn and ca sections
2014-06-26 12:23:05 +02:00
Tobias Brunner
f4d29bf16d
starter: Don't directly refer to source files in Makefile for unit tests
...
Older versions of automake have trouble recursively cleaning such
constructs properly.
2014-06-19 14:00:49 +02:00
Tobias Brunner
6719c4c828
starter: Explicitly allow @# at the beginning of strings
...
Since we treat everything after # as comment identities of type
ID_KEY_ID couldn't be parsed otherwise, unless quoted.
2014-06-19 14:00:49 +02:00
Tobias Brunner
2d88617e7d
starter: Add --conftest option to test ipsec.conf syntax
2014-06-19 14:00:49 +02:00
Tobias Brunner
a953f3ad4a
starter: Remove old parser
2014-06-19 14:00:49 +02:00
Tobias Brunner
81ba3c1a5e
starter: Use new parser to read config file
2014-06-19 14:00:49 +02:00
Tobias Brunner
640c75bb2e
starter: Move kw_entry_t definition
2014-06-19 14:00:49 +02:00
Tobias Brunner
8839796c3e
starter: Remove unused ARG_LST argument type
2014-06-19 14:00:49 +02:00
Tobias Brunner
f245ac6cc0
starter: Add tests for ipsec.conf parser
2014-06-19 14:00:48 +02:00
Tobias Brunner
f609682e5d
starter: Add new bison/flex based parser for ipsec.conf
...
The parser simply returns key/value pairs of all sections, it already
resolves also= and allows overriding options in all included sections
(not only %default), options set in included section can also be cleared
again (key=).
It provides other improvements too, like quoted strings (with escape
sequences), unlimited includes and better whitespace/comment handling.
2014-06-19 14:00:48 +02:00
Tobias Brunner
4ef86a849b
starter: Remove out of date README
2014-06-19 14:00:48 +02:00
Tobias Brunner
02de66e1bf
starter: Use stream abstraction to communicate with stroke plugin
2014-06-19 13:56:37 +02:00
Martin Willi
d5367d2262
starter: Add a replay_window connection option
2014-06-17 16:41:31 +02:00
Tobias Brunner
95d13fcc3f
starter: Fix build on Android
...
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
2014-05-28 18:20:42 +02:00
Tobias Brunner
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Tobias Brunner
434e530f75
ipsec_types: Add utility function to parse mark_t from strings
2013-10-11 15:32:44 +02:00
Martin Willi
e48e530b44
starter: Reject connections having both 'ah' and 'esp' keywords set
...
We currently don't support mixed proposals or bundles, so don't create the
illusion we would.
2013-10-11 10:15:21 +02:00
Martin Willi
25f74be8f9
starter: Remove obsolete 'auth' option
2013-10-11 10:15:21 +02:00
Martin Willi
a07b97e804
starter: Add an 'ah' keyword for Authentication Header Security Associations
2013-10-11 10:15:20 +02:00
Tobias Brunner
a2cebbe674
starter: Don't ignore keyingtries with rekey=no
...
Since keyingtries also affects the number of retries initially or when
reestablishing an SA it should not be affected by the rekey option.
Fixes #418 .
2013-09-26 10:17:48 +02:00
Martin Willi
2bae838d5e
stroke: re-enable modeconfig keyword
2013-09-04 10:33:38 +02:00
Tobias Brunner
517823b466
starter: Properly refer to the ipsec script if it was renamed
2013-07-22 18:00:19 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
Tobias Brunner
9afc6e6a70
starter: Make ipsec.conf path configurable via command line
2013-06-21 10:08:56 +02:00
Martin Willi
9a00d9aa2f
starter: ignore return value of sete[gu]id(), now having warn_unused_result
2013-06-18 08:54:10 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Martin Willi
9f1dfd88c8
Use the GEN silent rule when generating gperf files
2013-05-06 15:04:56 +02:00
Tobias Brunner
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
Adrian-Ken Rueegsegger
4dc3ef94a1
starter: Make daemon name configurable
...
A daemon can be specified using the '--daemon' command line parameter. This
tells starter to invoke a daemon other than 'charon'.
Additionally the ipsec script uses the environment variable DAEMON_NAME to tell
the starter which daemon to use.
2013-03-19 15:23:45 +01:00
Martin Willi
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
Martin Willi
0e7ef7f522
Optionally support port ranges in leftprotoport
2013-02-21 11:52:33 +01:00
Martin Willi
fd658bce28
Support %opaque keyword in leftprotoport for "opaque" ports
2013-02-21 11:52:33 +01:00
Martin Willi
cd41b951ee
Pass complete port range over stroke interface for more flexibility
2013-02-21 11:52:33 +01:00
Martin Willi
7fbe516f88
Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
2013-02-06 15:36:36 +01:00
Adrian-Ken Rueegsegger
113ff13322
starter: Add --attach-gdb option to usage text
2013-01-22 11:03:19 +01:00
Tobias Brunner
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00