Tobias Brunner
6cc13cd9c5
Removing the plugin constructor declarations from the header files.
2010-03-02 09:10:19 +01:00
Andreas Steffen
3cfbc91a98
renewed Authorization Authority certificate
2010-02-27 22:16:36 +01:00
Martin Willi
3e6b50ed4a
NEWS about the android plugin
2010-02-26 11:57:59 +01:00
Martin Willi
00c60592f2
NEWS about the dynamic socket implementation
2010-02-26 11:52:54 +01:00
Martin Willi
5acb97cebb
Link libstrongswan to the new plugins, too
2010-02-26 11:49:04 +01:00
Martin Willi
f16ca9e89c
Add support for dynamic ports in load tester
2010-02-26 11:44:34 +01:00
Martin Willi
347488bd67
Process ike_vendor task before ike_init, fixes support for private algs in IKE
2010-02-26 11:44:34 +01:00
Martin Willi
ed5fc4cafe
Use message instead of attributes in hook
2010-02-26 11:44:34 +01:00
Martin Willi
b3b74e479b
Set UDP encapsulation option on all sockets
2010-02-26 11:44:34 +01:00
Martin Willi
da2303ca69
Fixed starter left-/rightikeport keyword
2010-02-26 11:44:34 +01:00
Martin Willi
9cb2360e4f
Added locking to dynamic socket list
2010-02-26 11:44:34 +01:00
Martin Willi
af2c43fdc7
Include ports in ike_cfg equality check
2010-02-26 11:44:34 +01:00
Martin Willi
9ed1bb4842
Added an initiator-only socket implementation which binds ports on demand
2010-02-26 11:44:34 +01:00
Martin Willi
40706b6027
Removed obsolete daemon kill
2010-02-26 11:44:34 +01:00
Martin Willi
d6a27ec64e
Do not kill daemon, just not use pluggable kernel interface if initialization failed
2010-02-26 11:44:33 +01:00
Martin Willi
54f818590e
Pass sockets to bypass to kernel interface, allowing us to register them dynamically
2010-02-26 11:44:33 +01:00
Martin Willi
3e631491a0
Migrated kernel_klips_ipsec to METHOD/INIT macros
2010-02-26 11:44:33 +01:00
Martin Willi
44791b75f5
Migrated kernel_pfkey_ipsec to METHOD/INIT macros
2010-02-26 11:44:33 +01:00
Martin Willi
98ed9c6cf2
Migrated kernel_netlink_ipsec to METHOD/INIT macros
2010-02-26 11:44:33 +01:00
Martin Willi
2d49f74e28
Migrated kernel_interface wrapper to METHOD/INIT macros
2010-02-26 11:44:33 +01:00
Martin Willi
667b73721a
Added left-/rightikeport ipsec.conf options to use custom IKE ports
2010-02-26 11:44:33 +01:00
Martin Willi
cc2eaddee4
Use src/dst ports as configured in ike_cfg
2010-02-26 11:44:33 +01:00
Martin Willi
4e18490ea8
Store custom IKE src/dst ports on ike_cfg
2010-02-26 11:44:33 +01:00
Martin Willi
deac3a0a5d
Migrated ike_cfg_t to METHOD/INIT macros
2010-02-26 11:44:32 +01:00
Martin Willi
147dd96376
Migrated packet_t to METHOD/INIT macros
2010-02-26 11:44:32 +01:00
Martin Willi
dab0560497
Moved socket and socket-raw implementations to plugins
2010-02-26 11:44:32 +01:00
Tobias Brunner
c711687c00
Force libdl if the android plugin is enabled. AC_SEARCH_LIBS thinks it's not required, but on Android 2.0 it is.
2010-02-25 13:51:05 +01:00
Tobias Brunner
eba28948a5
Link all plugins to libstrongswan.
2010-02-25 13:51:05 +01:00
Tobias Brunner
608af0a445
Avoid a race condition that could lead to a segmentation fault.
...
Let's assume the callback function of a callback job returns
JOB_REQUEUE_FAIR in one call and JOB_REQUEUE_NONE in the next. Before
this fix, the thread executing the callback job would requeue the job
before unregistering itself. If there was a context switch right after
the job got requeued, and if the thread that requeued the job never got
resumed until a second thread executed the job and, due to the return
value of JOB_REQUEUE_NONE, destroyed it, then when the first thread
eventually got resumed and tried to lock the mutex to unregister itself
the pointer wouldn't be valid anymore, thus resulting in a segmentation fault.
2010-02-25 09:26:16 +01:00
Martin Willi
3e35a6e7a1
Use side-channel secured mpz_powm_sec of libgmp 5, if available
2010-02-18 17:38:59 +01:00
Martin Willi
7d3a830a71
Updated debian package for NetworkManager-strongswan-1.1.2
2010-02-18 09:51:45 +01:00
Martin Willi
e159cd1d1a
Version bump and NEWS for NetworkManager-strongswan-1.1.2 release
2010-02-18 09:51:44 +01:00
Martin Willi
0209179a30
Updated german translation
2010-02-18 09:51:40 +01:00
Martin Willi
7613a68f33
Tooltips are translatable
2010-02-18 09:20:13 +01:00
Martin Willi
d178eee895
Newer glade requires explicit vertical vboxes
2010-02-18 09:03:17 +01:00
Martin Willi
71070c88b7
Fixed lost renaimings in android plugin
2010-02-18 08:31:10 +01:00
Martin Willi
55699f037f
Added Android plugin, currently provides DNS handling on Android
2010-02-17 18:24:11 +01:00
Martin Willi
63b0bc9c2d
Invoke missing message() hook for incoming responses
2010-02-17 18:23:14 +01:00
Andreas Steffen
b65d7f8a15
version bump to 4.4.0
2010-02-15 20:58:41 +01:00
Tobias Brunner
38da64fe12
Detect windows hosts to add specific workarounds.
2010-02-12 10:57:39 +01:00
Tobias Brunner
71baf5a8f0
Adding support for AES GMAC (RFC4543).
2010-02-12 10:57:39 +01:00
Martin Willi
2aa553d773
Do not build own authentication data before we've verified others, we need the other identity in EAP
2010-02-09 16:11:07 +01:00
Andreas Steffen
2d07095e01
hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
2010-02-06 12:34:41 +01:00
Andreas Steffen
dd0b1b9a16
generated hash-and-url files for rfc3779 certs
2010-02-06 11:41:44 +01:00
Andreas Steffen
76fe5500c4
hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
2010-02-06 11:39:33 +01:00
Andreas Steffen
5094bfd85f
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 20:39:13 +01:00
Andreas Steffen
61d7ff0c19
IPv6 fragment and http access are not needed in PSK scenario
2010-02-05 20:27:03 +01:00
Andreas Steffen
699c47a9be
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 20:16:26 +01:00
Tobias Brunner
3cc0cc4332
Increased the buffer for netlink responses.
...
If an error occurs while manipulating policies in the kernel, the
original netlink request gets attached to the response.
Prior to Linux 2.6.32 the size in the netlink header of the response was
wrong.
2010-02-05 20:10:54 +01:00
Andreas Steffen
1f2da75069
IPv6 frag netfilter rule not needed anymore
2010-02-05 20:04:01 +01:00