Tobias Brunner
|
0d5c6a28d5
|
Adding an object-oriented wrapper for threads.
|
2009-12-23 17:02:26 +01:00 |
Tobias Brunner
|
070ac5b0b7
|
Check if libpthread is required or not.
|
2009-12-23 17:02:26 +01:00 |
Tobias Brunner
|
866dc0134a
|
Check for pthread_condattr_init added to configure script.
|
2009-12-23 17:02:25 +01:00 |
Tobias Brunner
|
5fe538504e
|
Moved implementation of condvar_t to mutex.c because it requires access to private_mutex_t.
|
2009-12-23 17:02:25 +01:00 |
Tobias Brunner
|
eba64cef41
|
Separated the public interfaces of the threading primitives.
|
2009-12-23 17:01:53 +01:00 |
Tobias Brunner
|
f36143b0ba
|
Implemented a read-write lock using only mutex_t and condvar_t (in case the pthread_rwlock_* group of functions is not available).
|
2009-12-23 17:01:30 +01:00 |
Tobias Brunner
|
b1f35d0695
|
Threading primitives separated.
|
2009-12-23 17:01:30 +01:00 |
Tobias Brunner
|
14f7091280
|
Moved mutex.c to a separate folder in order to cleanly wrap other threading primitives (and utils/mutex.h is now threading.h).
|
2009-12-23 17:00:58 +01:00 |
Andreas Steffen
|
32d8f44229
|
verify RFC3779 IP address blocks along X.509 certificate trust chain
|
2009-12-23 14:21:31 +01:00 |
Martin Willi
|
f8f4f31a77
|
Fixed untoh32 function
|
2009-12-23 13:08:56 +01:00 |
Andreas Steffen
|
925eadba5f
|
do not recalculate netbits for true subnets
|
2009-12-22 17:07:08 +01:00 |
Andreas Steffen
|
e16a01a5e6
|
X509_IP_ADDR_BLOCKS flag signals the presence of an ipAddrBlock certificate extension
|
2009-12-22 13:18:27 +01:00 |
Andreas Steffen
|
91e35b7c9e
|
added create_ipAddrBlock_enumerator() method to x509_t
|
2009-12-22 11:58:30 +01:00 |
Andreas Steffen
|
7686f981a4
|
cosmetics
|
2009-12-22 09:53:53 +01:00 |
Andreas Steffen
|
194c3cedc5
|
fixed IPv6 bug in calc_range()
|
2009-12-22 00:49:23 +01:00 |
Andreas Steffen
|
3f4d8815a4
|
fixed initialization of netbits
|
2009-12-21 23:03:14 +01:00 |
Andreas Steffen
|
252f38f6f8
|
fixed distribution list
|
2009-12-21 22:28:08 +01:00 |
Andreas Steffen
|
157125e4c9
|
traffic_selector supports RFC 3779 address range format
|
2009-12-21 21:29:01 +01:00 |
Martin Willi
|
2fcb2cc653
|
Migrated identification_t to INIT/METHOD macros
|
2009-12-21 15:24:08 +01:00 |
Andreas Steffen
|
678aab7850
|
this->type is set by traffic_selector_create()
|
2009-12-20 20:01:18 +01:00 |
Andreas Steffen
|
513eb95e60
|
parse RFC 3779 addressFamily
|
2009-12-20 19:26:28 +01:00 |
Andreas Steffen
|
7d379a786c
|
plugin name is x509
|
2009-12-20 16:01:35 +01:00 |
Andreas Steffen
|
28c25485ba
|
discard certificate with unknown critical extensions
|
2009-12-20 15:53:39 +01:00 |
Andreas Steffen
|
f3e366a9a0
|
use traffic_selector_t object to represent ipAddrBlocks
|
2009-12-20 15:15:02 +01:00 |
Andreas Steffen
|
1125a0be81
|
moved traffic_selectors from charon to libstrongswan
|
2009-12-20 14:57:38 +01:00 |
Andreas Steffen
|
ad858aee15
|
parse ipAddrBlocks
|
2009-12-17 17:32:55 +01:00 |
Andreas Steffen
|
9789d3a9b9
|
fixed updown plugin for mixed IPv4/IPv6 tunnels
|
2009-12-17 17:32:55 +01:00 |
Martin Willi
|
83b760cb42
|
Migrated curl_fetcher to INIT/METHOD macros
|
2009-12-17 13:53:25 +01:00 |
Martin Willi
|
1a1ff9d127
|
Added a METHOD() macro to define methods with both public and private signatures
|
2009-12-17 13:53:24 +01:00 |
Martin Willi
|
74eed73a40
|
Added a INIT() macro to initialize class instances
|
2009-12-17 13:53:24 +01:00 |
Martin Willi
|
6ec949e022
|
Fixed BEET mode by installing SAs with negotiated address in traffic selector
|
2009-12-17 10:52:07 +01:00 |
Andreas Steffen
|
b6623e87b4
|
IKEv1 daemon supports DNS and NBNS server assignment from database
|
2009-12-16 21:49:51 +01:00 |
Andreas Steffen
|
645f3865b2
|
ipsec pool manages dns and nbns servers
|
2009-12-16 18:11:57 +01:00 |
Andreas Steffen
|
3747f0f2e7
|
cosmetics
|
2009-12-16 13:33:09 +01:00 |
Andreas Steffen
|
a461e20dd8
|
provide attributes from SQL database
|
2009-12-16 12:31:41 +01:00 |
Andreas Steffen
|
de962d6e7d
|
add IKEv1 support for the Camellia cipher
|
2009-12-15 19:13:06 +01:00 |
Martin Willi
|
0be12e3546
|
Added htoun16/32 and untoh16/32 to read/write unaligned network order integers
|
2009-12-15 13:39:01 +01:00 |
Martin Willi
|
fc85786921
|
Install v6 routes via outgoing interface for now
|
2009-12-14 14:44:24 +01:00 |
Andreas Steffen
|
353b829177
|
fixed IKEv1 support of HMAC_SHA2_256_96
|
2009-12-09 09:33:32 +01:00 |
Andreas Steffen
|
ee2679ec25
|
if end id is missing assign IP address to raw public key
|
2009-12-09 07:24:43 +01:00 |
Andreas Steffen
|
a07531250e
|
IKEv1 support of ESP SHA2_HMAC with correct truncation
|
2009-12-09 00:24:42 +01:00 |
Andreas Steffen
|
4b615edab4
|
some code optimizations
|
2009-12-09 00:24:42 +01:00 |
Andreas Steffen
|
e1573b3fe8
|
added ipAddrBlocks OID
|
2009-12-09 00:24:41 +01:00 |
Martin Willi
|
a6225e4936
|
Improved libfast session management, using a hashtable
|
2009-12-08 19:31:02 +01:00 |
Martin Willi
|
4e90d9de9f
|
Removed obsolete curl interface specific destructor
|
2009-12-08 16:21:58 +01:00 |
Martin Willi
|
89d236f0da
|
Support "_" and "-" variants of NetworkManager pkg-config packages
|
2009-12-08 14:36:22 +01:00 |
Martin Willi
|
f469754f7f
|
Undef PACKAGE_BUG/URL of strongSwan before including ruby variants
|
2009-12-08 14:36:22 +01:00 |
Martin Willi
|
88dbccc842
|
Remove generated config.h.in from source tree
|
2009-12-08 14:36:21 +01:00 |
Tobias Brunner
|
268911a5cc
|
The attribute manager was moved from daemon_t to libstrongswan.
|
2009-12-07 16:00:27 +01:00 |
Martin Willi
|
cd51437e43
|
Do not execute the callback job if it has been cancelled since registration
|
2009-12-03 08:00:43 +01:00 |
Martin Willi
|
c636bc7e17
|
Cleanup library if daemon initialization fails
|
2009-12-03 08:00:43 +01:00 |
Martin Willi
|
376a11db3c
|
Do not install invalid 0.0.0.0 DNS servers
|
2009-12-01 15:46:56 +01:00 |
Martin Willi
|
5b4d0de7d4
|
Prefer EAP-Identity for provider attribute/address lookup
|
2009-12-01 14:24:07 +01:00 |
Martin Willi
|
f6116e61fc
|
Save EAP-Identity on auth config
|
2009-12-01 14:24:06 +01:00 |
Martin Willi
|
44ce749360
|
Store completed authentication rounds permanently on IKE_SA, with flush option
|
2009-12-01 11:35:30 +01:00 |
Martin Willi
|
5b2b4d190a
|
Removed obsolete and unused [gs]et_eap_identity() methods
|
2009-11-30 16:59:23 +01:00 |
Martin Willi
|
5351e51951
|
Do not propose transport mode as initiator if connection is NATed
|
2009-11-30 11:32:26 +01:00 |
Martin Willi
|
bff9f824ed
|
Verify EAP-SIM/AKA AT_MAC before processing any attributes
|
2009-11-30 10:00:06 +01:00 |
Martin Willi
|
b04e72c21c
|
SIM/AKA/Request/Reauthentication AT_MAC does not include NONCE_S, only the response
|
2009-11-30 09:27:39 +01:00 |
Martin Willi
|
5a91fd4536
|
Invoke attribute/key hooks from libsimaka
|
2009-11-30 09:27:34 +01:00 |
Martin Willi
|
8434c88b5e
|
Extended SIM manager by hooks, currently featuring attribute and key hooks
|
2009-11-30 09:27:26 +01:00 |
Martin Willi
|
fb1ae8da52
|
Added a get_sa() method to the bus, allowing a thread to lookup its IKE_SA
|
2009-11-30 09:27:14 +01:00 |
Martin Willi
|
c56d958243
|
Handle NOT_SUPPORTED or other errors properly in get_quintuplet
|
2009-11-30 09:26:35 +01:00 |
Martin Willi
|
2b2c69e992
|
Use transport mode ESP SA if IPcomp is used, IPcomp already applies outer IP header
|
2009-11-26 16:03:06 +01:00 |
Martin Willi
|
6780edc07e
|
Use full algorithm name for SHA384/512 HMACs
|
2009-11-26 10:39:26 +01:00 |
Martin Willi
|
6546482a68
|
Support the Linux specific SHA256 96 bit truncation HMAC via "sha256_96" keyword
|
2009-11-26 10:39:25 +01:00 |
Martin Willi
|
eebfa73fd5
|
Install SHA256_128 auth algorithm with specified 128 bit truncation
|
2009-11-26 10:39:25 +01:00 |
Martin Willi
|
2379fdba1e
|
Updated XFRM linux header, includes specified truncations for auth algos
|
2009-11-26 10:39:25 +01:00 |
Martin Willi
|
5be75c2cb1
|
Added support for IPv6 source route installation
|
2009-11-26 10:31:00 +01:00 |
Martin Willi
|
387a6e6c32
|
Check existing path in mobike probing only if we still have a route
|
2009-11-26 10:30:59 +01:00 |
Andreas Steffen
|
4b55cf5d09
|
put identities in single quotes
|
2009-11-25 09:02:09 +01:00 |
Andreas Steffen
|
653da7c907
|
added more debugging in configuration attribute handling
|
2009-11-24 23:17:07 +01:00 |
Andreas Steffen
|
eba568563c
|
changed error messages in the case of faulty esp and ike strings
|
2009-11-24 16:45:52 +01:00 |
Andreas Steffen
|
2eeab939a0
|
do not send all available kernel algorithms if esp string is faulty
|
2009-11-24 16:38:10 +01:00 |
Elmar Vonlanthen
|
792876ff87
|
check if alg_info_esp exists
|
2009-11-24 16:15:12 +01:00 |
Andreas Steffen
|
cda8ec7afc
|
added some parentheses
|
2009-11-24 14:36:17 +01:00 |
Andreas Steffen
|
93e2377c7f
|
allow ECP DH groups in pfsgroup definition
|
2009-11-24 14:35:25 +01:00 |
Andreas Steffen
|
c4570d188e
|
issue error message for expired certificates in OCSP trust chain checking
|
2009-11-24 12:37:38 +01:00 |
Andreas Steffen
|
227583ba59
|
updated IKEv2 notification messages assigned by IANA
|
2009-11-24 09:21:00 +01:00 |
Martin Willi
|
06f02f993c
|
Do not recreate existing create_child subtask when retrying with different DH group
|
2009-11-23 13:50:01 +01:00 |
Martin Willi
|
0d1d19b99d
|
Avoid potentially unaligned half-word read
|
2009-11-23 13:49:19 +01:00 |
Eric Mertens
|
ad78bb13c8
|
Correctly set host number to zero when computing traffic selector range
|
2009-11-23 10:34:30 +01:00 |
Martin Willi
|
dd326c114f
|
Use abort() instead of raising SIGKILL, gives us proper core dumps if enabled
|
2009-11-20 14:36:24 +01:00 |
Martin Willi
|
832f283150
|
Use status_t return value for get_quintuplet() dummy implementations
|
2009-11-20 11:02:06 +01:00 |
Martin Willi
|
80b44cd71a
|
Message stringification supports more detailed EAP payload information
|
2009-11-18 10:37:46 +01:00 |
Martin Willi
|
1860bfa2ea
|
Correctly enumerate attributes to request as initiator with the actually requesting handler
|
2009-11-17 17:51:30 +01:00 |
Martin Willi
|
1427c93fcd
|
Fixed memleak in attribute handling
|
2009-11-17 15:55:45 +00:00 |
Martin Willi
|
d674c2ace0
|
attr plugin supports any custom attribute type having a v4/v6 IP under the charon.plugins.attr namespace
|
2009-11-17 15:53:57 +00:00 |
Martin Willi
|
3797b8e767
|
Support enumeration of key/value pairs in a section of strongswan.conf
|
2009-11-17 15:52:36 +00:00 |
Martin Willi
|
86813bef12
|
Whitelist register_printf_specifier in leak detective
|
2009-11-17 15:51:57 +00:00 |
Martin Willi
|
b5a2055fb1
|
Give plugins more control of which configuration attributes to request, and pass received attributes back to the requesting handler
|
2009-11-17 14:51:50 +01:00 |
Martin Willi
|
e6cf060275
|
Encrypt payloads with missing rule, fix insertion of non-encrypted payloads
|
2009-11-12 14:52:12 +00:00 |
Martin Willi
|
074444972a
|
Build libsimaka with libtool, as we require a PIC-enabled version
|
2009-11-12 13:37:07 +00:00 |
Martin Willi
|
098466039f
|
Fix word alignement in memxor() on 64-bit architectures
|
2009-11-12 13:37:06 +00:00 |
Martin Willi
|
addfeeff9c
|
Do not complain about missing payload order rules for private use payloads
|
2009-11-12 13:37:06 +00:00 |
Martin Willi
|
5bfe1b2529
|
Properly initialize attribute encoding/length values
|
2009-11-12 13:37:06 +00:00 |
Martin Willi
|
733538a421
|
Identation/whitespace cleanups
|
2009-11-12 13:37:06 +00:00 |
Martin Willi
|
82713deafd
|
Simplified vendor ID payload interface
|
2009-11-12 13:37:06 +00:00 |
Martin Willi
|
20d144e72f
|
Invoke message hook before generation, allowing plugins to mangle it
|
2009-11-12 13:37:06 +00:00 |
Martin Willi
|
ee3d4ef801
|
Prefer MODP2048/1536 over ECP Diffie-Hellman groups
|
2009-11-12 13:10:30 +00:00 |