6cc13cd9c5
Removing the plugin constructor declarations from the header files.
2010-03-02 09:10:19 +01:00
3cfbc91a98
renewed Authorization Authority certificate
2010-02-27 22:16:36 +01:00
3e6b50ed4a
NEWS about the android plugin
2010-02-26 11:57:59 +01:00
00c60592f2
NEWS about the dynamic socket implementation
2010-02-26 11:52:54 +01:00
5acb97cebb
Link libstrongswan to the new plugins, too
2010-02-26 11:49:04 +01:00
f16ca9e89c
Add support for dynamic ports in load tester
2010-02-26 11:44:34 +01:00
347488bd67
Process ike_vendor task before ike_init, fixes support for private algs in IKE
2010-02-26 11:44:34 +01:00
ed5fc4cafe
Use message instead of attributes in hook
2010-02-26 11:44:34 +01:00
b3b74e479b
Set UDP encapsulation option on all sockets
2010-02-26 11:44:34 +01:00
da2303ca69
Fixed starter left-/rightikeport keyword
2010-02-26 11:44:34 +01:00
9cb2360e4f
Added locking to dynamic socket list
2010-02-26 11:44:34 +01:00
af2c43fdc7
Include ports in ike_cfg equality check
2010-02-26 11:44:34 +01:00
9ed1bb4842
Added an initiator-only socket implementation which binds ports on demand
2010-02-26 11:44:34 +01:00
40706b6027
Removed obsolete daemon kill
2010-02-26 11:44:34 +01:00
d6a27ec64e
Do not kill daemon, just not use pluggable kernel interface if initialization failed
2010-02-26 11:44:33 +01:00
54f818590e
Pass sockets to bypass to kernel interface, allowing us to register them dynamically
2010-02-26 11:44:33 +01:00
3e631491a0
Migrated kernel_klips_ipsec to METHOD/INIT macros
2010-02-26 11:44:33 +01:00
44791b75f5
Migrated kernel_pfkey_ipsec to METHOD/INIT macros
2010-02-26 11:44:33 +01:00
98ed9c6cf2
Migrated kernel_netlink_ipsec to METHOD/INIT macros
2010-02-26 11:44:33 +01:00
2d49f74e28
Migrated kernel_interface wrapper to METHOD/INIT macros
2010-02-26 11:44:33 +01:00
667b73721a
Added left-/rightikeport ipsec.conf options to use custom IKE ports
2010-02-26 11:44:33 +01:00
cc2eaddee4
Use src/dst ports as configured in ike_cfg
2010-02-26 11:44:33 +01:00
4e18490ea8
Store custom IKE src/dst ports on ike_cfg
2010-02-26 11:44:33 +01:00
deac3a0a5d
Migrated ike_cfg_t to METHOD/INIT macros
2010-02-26 11:44:32 +01:00
147dd96376
Migrated packet_t to METHOD/INIT macros
2010-02-26 11:44:32 +01:00
dab0560497
Moved socket and socket-raw implementations to plugins
2010-02-26 11:44:32 +01:00
c711687c00
Force libdl if the android plugin is enabled. AC_SEARCH_LIBS thinks it's not required, but on Android 2.0 it is.
2010-02-25 13:51:05 +01:00
eba28948a5
Link all plugins to libstrongswan.
2010-02-25 13:51:05 +01:00
608af0a445
Avoid a race condition that could lead to a segmentation fault.
...
Let's assume the callback function of a callback job returns
JOB_REQUEUE_FAIR in one call and JOB_REQUEUE_NONE in the next. Before
this fix, the thread executing the callback job would requeue the job
before unregistering itself. If there was a context switch right after
the job got requeued, and if the thread that requeued the job never got
resumed until a second thread executed the job and, due to the return
value of JOB_REQUEUE_NONE, destroyed it, then when the first thread
eventually got resumed and tried to lock the mutex to unregister itself
the pointer wouldn't be valid anymore, thus resulting in a segmentation fault.
2010-02-25 09:26:16 +01:00
3e35a6e7a1
Use side-channel secured mpz_powm_sec of libgmp 5, if available
2010-02-18 17:38:59 +01:00
7d3a830a71
Updated debian package for NetworkManager-strongswan-1.1.2
2010-02-18 09:51:45 +01:00
e159cd1d1a
Version bump and NEWS for NetworkManager-strongswan-1.1.2 release
2010-02-18 09:51:44 +01:00
0209179a30
Updated german translation
2010-02-18 09:51:40 +01:00
7613a68f33
Tooltips are translatable
2010-02-18 09:20:13 +01:00
d178eee895
Newer glade requires explicit vertical vboxes
2010-02-18 09:03:17 +01:00
71070c88b7
Fixed lost renaimings in android plugin
2010-02-18 08:31:10 +01:00
55699f037f
Added Android plugin, currently provides DNS handling on Android
2010-02-17 18:24:11 +01:00
63b0bc9c2d
Invoke missing message() hook for incoming responses
2010-02-17 18:23:14 +01:00
b65d7f8a15
version bump to 4.4.0
2010-02-15 20:58:41 +01:00
38da64fe12
Detect windows hosts to add specific workarounds.
2010-02-12 10:57:39 +01:00
71baf5a8f0
Adding support for AES GMAC (RFC4543).
2010-02-12 10:57:39 +01:00
2aa553d773
Do not build own authentication data before we've verified others, we need the other identity in EAP
2010-02-09 16:11:07 +01:00
2d07095e01
hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
2010-02-06 12:34:41 +01:00
dd0b1b9a16
generated hash-and-url files for rfc3779 certs
2010-02-06 11:41:44 +01:00
76fe5500c4
hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
2010-02-06 11:39:33 +01:00
5094bfd85f
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 20:39:13 +01:00
61d7ff0c19
IPv6 fragment and http access are not needed in PSK scenario
2010-02-05 20:27:03 +01:00
699c47a9be
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 20:16:26 +01:00
3cc0cc4332
Increased the buffer for netlink responses.
...
If an error occurs while manipulating policies in the kernel, the
original netlink request gets attached to the response.
Prior to Linux 2.6.32 the size in the netlink header of the response was
wrong.
2010-02-05 20:10:54 +01:00
1f2da75069
IPv6 frag netfilter rule not needed anymore
2010-02-05 20:04:01 +01:00
Tobias Brunner