ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
11,403 Commits 7 Branches 233 Tags 88 MiB
Commit Graph

11403 Commits

Author SHA1 Message Date
Andreas Steffen 2964562199 add overall recommendation to session database entry 2013-06-21 23:25:22 +02:00
Andreas Steffen 4f6bf1a843 don't define a default database URI 2013-06-21 23:25:22 +02:00
Andreas Steffen 1ecff25917 created a simple IMV Policy Manager 2013-06-21 23:25:22 +02:00
Andreas Steffen 1571a11fa4 register received scanner attributes 2013-06-21 23:25:22 +02:00
Andreas Steffen 9d63ad17d4 used tnc_policy_update functions for default policy 2013-06-21 23:25:22 +02:00
Andreas Steffen a6266485be refactored IMV policy management 2013-06-21 23:25:22 +02:00
Andreas Steffen 4f9aabbfd7 implemented policy rules for OS IMV 2013-06-21 23:25:22 +02:00
Andreas Steffen 7daf6d8cc5 check for zero-length device ID 2013-06-21 23:25:22 +02:00
Andreas Steffen 033834719d ITA-HSR/Device ID attribute & IMV OS state machine 2013-06-21 23:25:22 +02:00
Andreas Steffen bb9d8b1853 execute an _imv_policy script 2013-06-21 23:25:22 +02:00
Andreas Steffen b8db66de15 implemented IMV session control 2013-06-21 23:25:21 +02:00
Andreas Steffen 1f179c63b3 Manage files and directories 2013-06-21 23:25:21 +02:00
Tobias Brunner b61c78d3c2 Merge branch 'kernel-libipsec' 
Adds a new kernel interface plugin that uses TUN devices and libipsec to
provide IPsec process in userland.

It works on Linux, FreeBSD and Mac OS X.  In particular the latter two
platforms may gain from this approach as their respective kernels don't
provide support for AES-GCM.

kernel-pfroute has been improved (source address lookup) and a second
plugin (osx-attr) installs configuration attributes (currently DNS
servers only) via SystemConfiguration on Mac OS X.
 2013-06-21 17:07:41 +02:00
Martin Willi 45dcf4df57 osx-attr: add plugin installing config attributes using SystemConfiguration 
Currently installs DNS servers only, by prepending IP addresses to the
DNS configuration of the primary networking service.
 2013-06-21 17:03:22 +02:00
Tobias Brunner 12488efa78 kernel-pfroute: Simplify route lookup after fixing sockaddr parsing 2013-06-21 17:03:22 +02:00
Tobias Brunner 4b3fea3d54 kernel-pfroute: Alignment of sockaddrs is not always the same 2013-06-21 17:03:22 +02:00
Tobias Brunner aa33d2e6eb kernel-pfroute: struct sockaddr arguments are 4 byte aligned 
This was noticed on Mac OS X where, if the default route is returned,
RTA_NETMASK has sa_len set to 0, but skipping zero bytes to read the
next address makes no sense, of course.  Using 0 for sa_len seems
a bit strange, in particular, because struct sockaddr has by definition
a minimum length of 16 bytes.  But it seems FreeBSD actually does the
same.
 2013-06-21 17:03:22 +02:00
Tobias Brunner 23ea59a95c kernel-libipsec: Ignore failures when installing routes for multicast or broadcast policies 2013-06-21 17:03:22 +02:00
Tobias Brunner b0629f7d9b kernel-pfroute: Improve route lookup depending on information we get back 
Kernels don't provide the same information for all routes.
 2013-06-21 17:03:22 +02:00
Tobias Brunner 1c697ff1c5 kernel-pfroute: Try to ensure we get a source address or interface name 2013-06-21 17:03:22 +02:00
Tobias Brunner 01955eec71 ike: Force NAT-T/UDP encapsulation if kernel interface requires it 2013-06-21 17:03:21 +02:00
Tobias Brunner 35fe41f7d0 kernel-libipsec: Add a feature to request UDP encapsulation of ESP packets 2013-06-21 17:03:21 +02:00
Tobias Brunner 66aaabf342 tun-device: Packets sent over utun devices on Mac OS X have the protocol family prepended 2013-06-21 17:03:21 +02:00
Tobias Brunner 34b0ad0653 kernel-pfroute: Use DST as nexthop for host routes 
These are created as cache/clone on Mac OS X.
 2013-06-21 17:03:21 +02:00
Tobias Brunner d6c17e96b2 kernel-pfroute: Implement get_source_addr() 2013-06-21 17:03:21 +02:00
Tobias Brunner f58f8bf409 kernel-pfroute: Properly install routes with interface and gateway 2013-06-21 17:03:21 +02:00
Tobias Brunner 1f31a2bc2e kernel-libipsec: Install a gateway for routes on platforms other than Linux 
This seems required e.g. on FreeBSD but doesn't work on Linux.
 2013-06-21 17:03:21 +02:00
Tobias Brunner 93e4df3761 kernel-pfroute: Activate TUN device before setting address 
On FreeBSD, for some reason, we don't learn the interface is up
otherwise.  Even though ifconfig lists it as up at the same time.
 2013-06-21 17:03:21 +02:00
Tobias Brunner c8a56512a6 tun-device: Avoid opening /dev/tunX multiple times (e.g. on FreeBSD) 2013-06-21 17:03:21 +02:00
Tobias Brunner dcaf8d570c kernel-libipsec: Router reads packets from multiple TUN devices 
These devices are collected via kernel_listener_t interface.
 2013-06-21 17:03:21 +02:00
Tobias Brunner 7045defbff kernel-libipsec: Use separate class to route packets between charon, libipsec and TUN device 2013-06-21 17:03:21 +02:00
Tobias Brunner 554c4276a5 kernel-pfroute: Raise tun event when creating/destroying TUN devices for virtual IPs 2013-06-21 17:03:21 +02:00
Tobias Brunner 4868d1c3bc kernel: Add an event kernel interfaces can raise if they create/destroy a TUN device 2013-06-21 17:03:21 +02:00
Tobias Brunner 0d2ad63fe2 printf-hook: Avoid double-free when freeing Vstr config 
Thread-specific objects get freed when the thread value object is
destroyed (wasn't the case earlier, i.e. before 2b19dd35), which
may cause the second call to vstr_free_conf() to fail in an assert
in Vstr (depending on how it was built).
 2013-06-21 17:03:20 +02:00
Tobias Brunner 587bdf8768 kernel-libipsec: Track policies and automatically install routes 
The routes direct traffic matching the remote traffic selector to the
TUN device.

If the remote traffic selector includes the IKE peer a very specific route
is installed to allow IKE traffic.
 2013-06-21 17:03:20 +02:00
Tobias Brunner 44a49681fd kernel-libipsec: Handle packets between charon socket, libipsec and TUN device 2013-06-21 17:03:20 +02:00
Tobias Brunner 59be6ddd08 kernel-libipsec: Create a TUN device and use it to install virtual IPs 2013-06-21 17:03:20 +02:00
Tobias Brunner 279e0d42bd kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsec 2013-06-21 17:03:20 +02:00
Tobias Brunner 3cd7ba4960 kernel-netlink: Routes don't require a gateway/nexthop 2013-06-21 17:03:20 +02:00
Tobias Brunner 1b3b7ba54d charon-cmd: Document auxiliary options 2013-06-21 17:00:49 +02:00
Tobias Brunner 4d62ad7571 charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pages 2013-06-21 16:35:19 +02:00
Tobias Brunner 5991f09565 charon-cmd: Use fixed number of character to align command descriptions 
If the command and argument is longer than that write the first line of
description to the following line.
 2013-06-21 16:04:46 +02:00
Tobias Brunner 5e185047e1 charon-cmd: Shortened and fixed command descriptions 2013-06-21 16:04:45 +02:00
Tobias Brunner 463314b55a charon-cmd: Simplify usage output for authentication profiles 
The man page describes the min full.
 2013-06-21 16:04:45 +02:00
Tobias Brunner e8d6b91ebd charon-cmd: Add Aggressive Mode profiles to man page 2013-06-21 16:04:45 +02:00
Tobias Brunner 0d60489bf8 charon-cmd: Add man page for charon-cmd(8) 2013-06-21 16:04:45 +02:00
Tobias Brunner 295d595b49 charon-cmd: Add --debug argument to set the default log level 2013-06-21 15:55:52 +02:00
Tobias Brunner 4049ec42bf charon-cmd: Handle simple command line arguments like --help before the others 2013-06-21 15:51:42 +02:00
Tobias Brunner 0d25c4ef87 plugin-loader: Move logging of failed features to status() 
Still log an error message if critical features fail, as loaded
plugins/features are not logged in that case.

This way loaded plugins are printed before failed features and
the relation is easier to make for users.  It also allows programs
to log this message on a different level.
 2013-06-21 15:22:46 +02:00
Tobias Brunner 607f8e9906 plugin-loader: Add method to print loaded plugins on a given log level 2013-06-21 15:17:53 +02:00