Martin Willi
5619d40613
vici: Handle the "trap" action as an alias for "route"
2014-05-07 14:13:39 +02:00
Martin Willi
e0a34ee459
vici: Document errno values to expect from libvici API
2014-05-07 14:13:39 +02:00
Martin Willi
c2b6402eb0
vici: Log owners of a just loaded shared-secret
2014-05-07 14:13:39 +02:00
Martin Willi
41745e24f3
vici: Handle "xauth" as an alias for "eap" secrets
2014-05-07 14:13:38 +02:00
Martin Willi
bc006ac1f4
vici: Return number of matching and closed SAs in terminate command
2014-05-07 14:13:38 +02:00
Martin Willi
021a14b7a4
vici: Complete libvici doxygen comments
2014-05-07 14:13:38 +02:00
Martin Willi
374511c52c
vici: Ensure we have no active users before mangling event client registrations
2014-05-07 14:13:38 +02:00
Martin Willi
65cc8f5581
vici: Properly skip raise_event() for unknown event names
2014-05-07 14:13:38 +02:00
Martin Willi
3a9a46c20f
vici: Increase vici message length header from 16 to 32 bits
...
While we currently have no need for messages larger than 65KB, we should design
the protocol to be future-proof, as we plan to keep at least to lowest protocol
layer stable.
To avoid any allocation issues, we currently keep the message size limit at
512KB.
2014-05-07 14:13:38 +02:00
Martin Willi
f3e1ec4a85
vici: Have an explicit "relaxed" keyword for the default revocation policy
2014-05-07 14:13:38 +02:00
Martin Willi
585814470d
vici: Use a default child rekey time of 1 hour
2014-05-07 14:13:38 +02:00
Martin Willi
046befeca5
vici: Use a default IKE rekey time of 4 hours
2014-05-07 14:13:38 +02:00
Martin Willi
ff3217db4b
vici: Add low-level IPC protocol description
2014-05-07 14:13:38 +02:00
Martin Willi
c193732162
vici: Fix descending into non-matching sections during key find
2014-05-07 14:13:38 +02:00
Martin Willi
eacf864c21
vici: Add an IKE virtual IP and attribute backend
2014-05-07 14:13:38 +02:00
Martin Willi
afb8f492ef
vici: Support referencing external named pools for peer configs
2014-05-07 14:13:37 +02:00
Martin Willi
3ad9c34c92
vici: Actually add configured virtual IPs to peer config
2014-05-07 14:13:37 +02:00
Martin Willi
e651afe67b
vici: Use a default rand_time of the difference between hard and soft lifetimes
2014-05-07 14:13:37 +02:00
Martin Willi
c520510508
vici: Use a default hard lifetime of 110% of the soft lifetime
2014-05-07 14:13:37 +02:00
Martin Willi
93d60c479a
vici: Make unit-tests independent from libcharon and libhydra
...
Fixes monolithic build, as we can't depend on the not yet built libcharon.
2014-05-07 14:13:37 +02:00
Martin Willi
0963a9952c
vici: Don't compare unsigned certificate_type_t to -1
2014-05-07 14:13:37 +02:00
Martin Willi
e00ce378fa
vici: Use non-blocking first read when receiving message during client on_read()
...
As select() and finally the watcher may signal an FD even if it does not
actually have data, we must make a non-block read to avoid hanging in the
read callback.
2014-05-07 14:13:37 +02:00
Martin Willi
7de35b7ff6
vici: Perform specified start_action on connection load, undo it on unload
2014-05-07 14:13:37 +02:00
Martin Willi
96071fdb55
vici: Add a generic log event to raise events for log messages
2014-05-07 14:13:37 +02:00
Martin Willi
2676ffdb9f
vici: Be less verbose about client connections
...
Instead, log the explicit commands at a higher level.
2014-05-07 14:13:37 +02:00
Martin Willi
101dba01ce
vici: Add a list-certs command to query different certificate types
2014-05-07 14:13:37 +02:00
Martin Willi
b57739f721
vici: Support pinning end entity and CA certificates to connections
2014-05-07 14:13:37 +02:00
Martin Willi
e6e975ff9d
vici: Support missing groups option in auth config
2014-05-07 14:13:37 +02:00
Martin Willi
6efa792d22
vici: Add a load-shared command to load shared IKE and EAP secrets
2014-05-07 14:13:37 +02:00
Martin Willi
559ef7de48
vici: Add a load-key command to load private keys
2014-05-07 14:13:36 +02:00
Martin Willi
c12edb2a27
vici: Support loading of different certificate types
2014-05-07 14:13:36 +02:00
Martin Willi
de190f62c2
vici: Add a credential backend
2014-05-07 14:13:36 +02:00
Martin Willi
e1b65630b2
vici: Add a command listing all or specific loaded connections using events
2014-05-07 14:13:36 +02:00
Martin Willi
501ddf127b
vici: Add unload-conn and get-conns commands to manage loaded connections
2014-05-07 14:13:36 +02:00
Martin Willi
37aa250cad
vici: Make dispatcher a little more verbose
2014-05-07 14:13:36 +02:00
Martin Willi
b3d8bd8d26
vici: Add backend providing in-memory connections
2014-05-07 14:13:36 +02:00
Martin Willi
dd5ce0a97a
vici: Add generic callback based vici message parsing
2014-05-07 14:13:36 +02:00
Martin Willi
1f2e63ea41
vici: Add a list-policy command to query trap and shunt policies
2014-05-07 14:13:36 +02:00
Martin Willi
5c6e81dcf8
vici: Add install/uninstall commands to manage trap and shunt policies
2014-05-07 14:13:36 +02:00
Martin Willi
550f3f5646
vici: Extract CHILD_SA config lookup method
2014-05-07 14:13:36 +02:00
Martin Willi
e567675d29
vici: Refactor socket to clean up locking
...
Uses separate locks for socket read and write operations. While holding the
socket reader lock, a different thread can still claim the socket write lock.
This allows to asynchronously send event messages while holding the read
lock.
2014-05-07 14:13:36 +02:00
Martin Willi
9bfa397eba
vici: Fix dispatcher leak when handling unknown request
2014-05-07 14:13:36 +02:00
Martin Willi
e2496bda02
vici: Add a test case raising events during request, checks in-order delivery
2014-05-07 14:13:35 +02:00
Martin Willi
3b5808a0f6
vici: Avoid recursive control log invocations
2014-05-07 14:13:35 +02:00
Martin Willi
993bfe95fb
vici: Add a callback based recursive parser function
2014-05-07 14:13:35 +02:00
Martin Willi
d9ae1c68e5
vici: Add a version command to print daemon and OS version info
2014-05-07 14:13:35 +02:00
Martin Willi
c7d4dad66d
vici: Implement a terminate command to close IKE or CHILD_SAs
2014-05-07 14:13:35 +02:00
Martin Willi
5f95657c65
vici: Add a control backend, currently to initiate connections by name
2014-05-07 14:13:35 +02:00
Martin Willi
ecc4b51048
vici: Support thread cancellation in command callbacks
2014-05-07 14:13:35 +02:00
Martin Willi
045bdf5283
vici: Move dumping to core message class, use it in libvici
2014-05-07 14:13:35 +02:00