Andreas Steffen
438df3d696
Extended pt-tls-client PLUGINS list
2014-06-06 11:18:17 +02:00
Andreas Steffen
b23c7d6a38
Updated REST API
2014-06-06 10:56:12 +02:00
Tobias Brunner
35e08cde3c
android: Add all Android.mk files to the tarball
2014-06-06 10:12:26 +02:00
Andreas Steffen
18ba2a3035
Fixed typo in strongswan.conf
2014-06-05 11:26:54 +02:00
Martin Willi
4c5e52f52c
NEWS: Introduce Windows support
2014-06-04 16:41:50 +02:00
Martin Willi
c81a03e300
Merge branch 'win-fetcher'
...
Implements a HTTP/HTTPS fetcher for the Windows platform using the native
WinHTTP API.
2014-06-04 16:35:33 +02:00
Martin Willi
c572401b34
travis: Build "all" tests without Windows HTTP fetcher
...
We don't include it in the Windows build test either, as MinGW does not come
with -lwinhttp.
2014-06-04 16:34:16 +02:00
Martin Willi
f48c26bce3
pki: Support complex trustchain and revocation checking in --verify
2014-06-04 16:34:16 +02:00
Martin Willi
74eedc8061
unit-tests: Zero-initialize chunk to avoid free on non-successful fetch
...
If the fetch fails, the fetcher is not required to return an empty chunk. Avoid
the resulting invalid free() by initializing data.ptr to NULL.
2014-06-04 16:34:16 +02:00
Martin Willi
8a072fc50a
winhttp: Support basic authentication for URLs having credentials
2014-06-04 16:34:16 +02:00
Martin Willi
2e0816e1df
winhttp: Support new response code fetcher option
2014-06-04 16:34:15 +02:00
Martin Willi
6f90fc8061
winhttp: Implement a http(s) fetcher based on Microsofts WinHTTP API
2014-06-04 16:34:15 +02:00
Martin Willi
d2859f5251
Merge branch 'win-kernel'
...
Adds the kernel-iph and kernel-wfp kernel backends for the Windows platform.
kernel-iph provides a networking backend using the IP Helper native Windows
API, while the kernel-wfp backend implements an interface to the Windows Kernel
IPsec layer using the Windows Filtering Platform API.
2014-06-04 16:32:23 +02:00
Martin Willi
4732e29a1d
travis: Build "all" tests without Windows kernel backends
2014-06-04 16:32:12 +02:00
Martin Willi
4b9848a2cc
kernel-wfp: Include Windows header patch for MinGW 4.8.1
2014-06-04 16:32:12 +02:00
Martin Willi
75afbeee21
kernel-wfp: Clone acquire traffic selectors only if they exist
2014-06-04 16:32:11 +02:00
Martin Willi
78bde29a7c
kernel-wfp: Install routes for trap policies
2014-06-04 16:32:11 +02:00
Martin Willi
e36d1d4124
kernel-wfp: Refactor route management to separate function
2014-06-04 16:32:11 +02:00
Martin Willi
4a8ba369b6
kernel-wfp: Install tunnel mode policies to appropriate sub-layers
...
While it is unclear if this has any effect at all, we prefer specific sublayers
to install policies as suggested.
2014-06-04 16:32:11 +02:00
Martin Willi
be32be01a8
kernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW builds
2014-06-04 16:32:11 +02:00
Martin Willi
4b51280344
kernel-wfp: Support multiple traffic selectors on tunnel mode SAs
2014-06-04 16:32:11 +02:00
Martin Willi
4b09bd6c29
child-sa: Pass the number of total policies tied to an SA to the kernel
...
This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.
2014-06-04 16:32:11 +02:00
Martin Willi
5e6e214ab4
kernel-iph: Implicitly enable IP forwarding when installing routes
2014-06-04 16:32:11 +02:00
Martin Willi
c7d30c2ad1
kernel-wfp: Show a warning for packets the kernel drops in its IPsec layers
2014-06-04 16:32:10 +02:00
Martin Willi
a4f3b363da
kernel-wfp: Set flag to get UDP encapsulation with tunnel mode working
...
Having this flag set fixes connections initiated by the Windows host, but
unfortunately does not yet fix incoming connections. Connection state issue?
We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
2014-06-04 16:32:10 +02:00
Martin Willi
6de788704b
kernel-wfp: Install tunnel and trap forward policies
2014-06-04 16:32:10 +02:00
Martin Willi
1678f0a999
kernel-wfp: Manually create a ProviderContext to attach individual filters
...
This gives us more flexibility than using the intransparent FwpmIPsecTunnelAdd,
and fixes the issues we have seen with trap policies. Forward filters are
still missing, but required for site-to-site tunnels.
2014-06-04 16:32:10 +02:00
Martin Willi
1ca2b1615a
kernel-wfp: Print filter weight in "ipsecdump filters"
2014-06-04 16:32:10 +02:00
Martin Willi
c6f189e448
kernel-wfp: Add support for trap policies and acquires
2014-06-04 16:32:10 +02:00
Martin Willi
11e7d0677c
socket-win: Install IKE bypass policies using bypass_socket()
2014-06-04 16:32:10 +02:00
Martin Willi
f206e069f1
kernel-wfp: Implement bypass_socket() using dedicated filter rules
2014-06-04 16:32:09 +02:00
Martin Willi
2868314028
kernel-wfp: Register for WFP Net events
2014-06-04 16:32:09 +02:00
Martin Willi
6aaa432741
kernel-wfp: Add some missing IPv6 GUIDs, fix IPv6 host conversion
2014-06-04 16:32:09 +02:00
Martin Willi
288dc68596
kernel-wfp: Add an ipsecdump "filters" command to print IPsec related filters
2014-06-04 16:32:09 +02:00
Martin Willi
489a4f2192
kernel-wfp: Add an ipsecdump utility to show installed SAs/SPs on Windows
2014-06-04 16:32:09 +02:00
Martin Willi
9c974c329d
kernel-wfp: Depend on used RNG plugin features
2014-06-04 16:32:09 +02:00
Martin Willi
5a5b9925f8
kernel-wfp: Implement update_sa()
2014-06-04 16:32:09 +02:00
Martin Willi
1987b70989
kernel-wfp: Configure ports for SAs using UDP encapsulation
2014-06-04 16:32:09 +02:00
Martin Willi
9b5c95648f
kernel-wfp: Refactor SA context construction, and use IPsecSaContextCreate1()
2014-06-04 16:32:08 +02:00
Martin Willi
3551fdbbdf
kernel-iph: Fire roam events for detected address changes
2014-06-04 16:32:08 +02:00
Martin Willi
bbe42a1fa5
kernel-wfp: Allocate SPIs pseudo-randomly using a 0xc prefix
2014-06-04 16:32:08 +02:00
Martin Willi
b714746ef0
kernel-wfp: Install appropriate routes for tunnel mode policies
2014-06-04 16:32:08 +02:00
Martin Willi
0ef0493b4a
kernel-iph: Implement add/del_route()
2014-06-04 16:32:08 +02:00
Martin Willi
13e18cb2fc
kernel-iph: Implement get_nexthop()
2014-06-04 16:32:08 +02:00
Martin Willi
0cefd94007
kernel-iph: Implement get_source_addr()
2014-06-04 16:32:08 +02:00
Martin Willi
f9e6200d06
kernel-iph: Implement address enumeration
2014-06-04 16:32:08 +02:00
Martin Willi
322c341f90
kernel-iph: Implement get_interface() method
2014-06-04 16:32:07 +02:00
Martin Willi
96f1978d0e
kernel-iph: Create and maintain a cache of interfaces and associated addresses
2014-06-04 16:32:07 +02:00
Martin Willi
00780f0238
kernel-iph: Add a stub for a Windows IP Helper based networking backend
2014-06-04 16:32:07 +02:00
Martin Willi
b934929804
kernel-wfp: Disable IPsec policy updates
...
It seems that WFP requires an update of the SA context only, but not for the
filters. This allows us to omit support for (fallback) drop policies.
2014-06-04 16:32:07 +02:00