Tobias Brunner
|
8b6a5ce5ba
|
We need to include alloca.h on OpenSolaris.
|
2009-08-14 13:25:22 +02:00 |
Andreas Steffen
|
12a699c58d
|
fixed 4.3 refactoring error
|
2009-08-11 08:51:16 +02:00 |
Andreas Steffen
|
87079f58e1
|
added -module -avoid-version LDFLAGS
|
2009-08-11 01:06:45 +02:00 |
Andreas Steffen
|
8ddcac4c48
|
prepare CAMELLIA_CCM ESP encryption
|
2009-08-10 16:30:42 +02:00 |
Andreas Steffen
|
20af53fe33
|
add ikev1/esp-alg-aes-ctr scenario
|
2009-08-08 19:20:53 +02:00 |
Andreas Steffen
|
453c6aea16
|
added ikev2/esp-alg-aes-ctr scenario
|
2009-08-08 19:08:17 +02:00 |
Tobias Brunner
|
3974b2fb07
|
FreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates this function (and the other defined in execinfo.h).
|
2009-08-07 18:46:25 +02:00 |
Martin Willi
|
dd4c14f37c
|
set protocol to ESP for policies installed as a trap
|
2009-08-07 16:05:32 +02:00 |
Martin Willi
|
d9796a4311
|
fixed printf fromat for length limited string
|
2009-08-07 10:31:21 +02:00 |
Andreas Steffen
|
4b5b92bfee
|
%llu correctly prints u_int64_t
|
2009-08-07 09:50:36 +02:00 |
Andreas Steffen
|
4a02deb088
|
printing u_int64_t caused segfault on 32-bit platforms
|
2009-08-07 08:47:29 +02:00 |
Andreas Steffen
|
99dd42918e
|
do not set usetime if query_policy() fails
|
2009-08-07 05:59:09 +02:00 |
Tobias Brunner
|
79ff614144
|
Use LONG_MAX instead of a hard-coded value.
|
2009-08-06 18:22:01 +02:00 |
Tobias Brunner
|
bfca7aa5ed
|
FreeBSD returns the current policy use time only after specifying a hard lifetime when installing the policy.
|
2009-08-06 18:14:44 +02:00 |
Andreas Steffen
|
f53088c657
|
added openssl-ikev2/alg-camellia scenario
|
2009-08-06 16:48:41 +02:00 |
Tobias Brunner
|
c3a78360a8
|
Fixed a race condition when querying stats of a child_sa in different order.
|
2009-08-06 16:47:32 +02:00 |
Andreas Steffen
|
5d8306de68
|
use SS_RC_FIRST and SS_RC_LAST
|
2009-08-06 16:42:44 +02:00 |
Andreas Steffen
|
3646c8a159
|
abort pluto or charon if initialization fails
|
2009-08-06 16:32:52 +02:00 |
Tobias Brunner
|
dd83c6d490
|
Don't query the policy usetime if there was no traffic on the SA.
This helps in cases where a policy is assigned to more than one SA. That
is, SAs now should have different usetimes even if they use the same policy.
|
2009-08-06 15:14:54 +02:00 |
Tobias Brunner
|
b3f8ea8346
|
Reverted the interface changes introduced in 3f720dc7 .
|
2009-08-06 13:31:54 +02:00 |
Martin Willi
|
51c037cc71
|
added support for ipsec.secrets "include" directive
|
2009-08-06 11:48:19 +02:00 |
Tobias Brunner
|
1e7b4b0028
|
Reversed the check for udp.h, fixes compilation on Linux.
|
2009-08-06 10:01:59 +02:00 |
Andreas Steffen
|
994b80b513
|
activated CAMELLIA_CBC cipher in openssl plugin
|
2009-08-05 22:46:53 +02:00 |
Andreas Steffen
|
b6f739c13b
|
support of SHA224-based certificate signatures
|
2009-08-05 22:01:44 +02:00 |
Tobias Brunner
|
7da1f4a0ff
|
Enabling UDP encapsulation via setsockopt fails on Mac OS X (it is also not required as this is done using sysctl).
|
2009-08-05 12:31:10 +02:00 |
Andreas Steffen
|
fcdf491a21
|
output number of transmitted bytes in closing CHILD_SA statement
|
2009-08-04 23:08:42 +02:00 |
Tobias Brunner
|
524f9ac470
|
FreeBSD only reports a policy's usetime if a lifetime has been specified when the policy was added (we only specify a lifetime on the SA, not on the policy).
|
2009-08-04 11:08:58 +02:00 |
Tobias Brunner
|
56ee8fcc96
|
FreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to zero, we accept that for now.
|
2009-08-04 11:08:58 +02:00 |
Tobias Brunner
|
e8c3cdb25b
|
Missing check for udp.h added.
|
2009-08-04 11:08:57 +02:00 |
Martin Willi
|
3d2f73b92f
|
parse RDNs in multiple SEQUENCEs in all SETs of a DN
|
2009-08-03 15:24:48 +02:00 |
Martin Willi
|
5cb300e795
|
compare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA
|
2009-08-03 14:37:24 +02:00 |
Andreas Steffen
|
10c13ed264
|
fixed dereferencing bug caused by bool type redefinition
|
2009-08-02 16:58:32 +02:00 |
Andreas Steffen
|
f35f229fd6
|
implemented query_sa() for PFKEYv2
|
2009-08-02 11:46:33 +02:00 |
Andreas Steffen
|
47eb87d437
|
corrected interface definition
|
2009-07-31 08:57:55 +02:00 |
Andreas Steffen
|
3f720dc7c3
|
update usetime only if usebytes increase
|
2009-07-30 23:19:42 +02:00 |
Andreas Steffen
|
2ad51539f6
|
display transmitted bytes per SA
|
2009-07-30 21:33:19 +02:00 |
Tobias Brunner
|
eab05274f4
|
Handling of unsupported policy directions (FWD) fixed.
|
2009-07-30 14:06:26 +02:00 |
Tobias Brunner
|
e20bd8b6ea
|
Enabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.
|
2009-07-30 14:06:26 +02:00 |
Tobias Brunner
|
789ba17024
|
Configure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP encapsulated ESP packets in the kernel.
|
2009-07-30 14:06:26 +02:00 |
Tobias Brunner
|
b2117eee20
|
Make accept(2) and recvfrom(2) cancellation points on Mac OS X.
|
2009-07-30 14:06:26 +02:00 |
Andreas Steffen
|
ecff28c5c5
|
fixe KW_END_FIRST..KW_END_LAST keyword range
|
2009-07-28 15:44:24 +02:00 |
Andreas Steffen
|
acb34739e4
|
improved DPD error message
|
2009-07-22 22:30:21 +02:00 |
Andreas Steffen
|
e1089f5906
|
added file and segment lengths to checksum.c
|
2009-07-21 22:23:51 +02:00 |
Andreas Steffen
|
8ce8e19068
|
version bump to 4.3.4
|
2009-07-21 22:21:52 +02:00 |
Andreas Steffen
|
144b433402
|
version bump of Linux UML kernel to 2.6.30.2
|
2009-07-21 15:51:04 +02:00 |
Martin Willi
|
fcac8f6571
|
filter objects for segment checksumming by dlpi_name, excludes rare false positives
|
2009-07-21 15:10:24 +02:00 |
Martin Willi
|
7655843ab5
|
enumerate executable sections only to build checksum
|
2009-07-21 15:00:18 +02:00 |
Martin Willi
|
acd4afc997
|
announce integrity testing only once
|
2009-07-21 14:58:14 +02:00 |
Tobias Brunner
|
6ff7ab850b
|
Fixed GID lookup in cases where the configured group is a prefix of another group.
|
2009-07-20 21:20:03 +02:00 |
Tobias Brunner
|
9af7715c3d
|
Fixed installation of config files in out-of-tree builds.
|
2009-07-20 21:13:45 +02:00 |