Martin Willi
2671a8fcee
use DBG_ANY to set all loglevels
2008-12-02 08:52:46 +00:00
Andreas Steffen
9a96ccd485
re-established lost default auth sys_logger
2008-12-01 01:24:55 +00:00
Martin Willi
479f295049
fixed compiler warnings issued by:
...
gcc 4.3
curl.h gcc type-checking
glibc with enabled FORTIFY_SOURCE checking
2008-11-11 18:37:19 +00:00
Martin Willi
4252938811
dynamic logging configuration through strongswan.conf
...
fallback to existing ipsec.conf/stroke loglevel configuration
2008-11-11 10:52:37 +00:00
Martin Willi
f7237cf37a
separated backtrace functionality from leak_detective, used in
...
leak_detective
mutex profiling
signal handler
2008-11-05 13:58:19 +00:00
Martin Willi
64ff7a5142
log loaded plugins at startup
2008-11-03 09:44:54 +00:00
Martin Willi
a985db3ff3
reintegrated bus-refactoring branch
2008-10-14 08:52:13 +00:00
Martin Willi
79a878466c
reintegrated two-sim branch providing SIM card plugin API
2008-10-10 08:36:01 +00:00
Tobias Brunner
507f26f685
merging modularized kernel interface back to trunk
2008-09-25 07:56:58 +00:00
Martin Willi
eb3e27059b
use libcap for capability dropping
...
optional, must be enabled --with-capabilities=libcap
will be extended to support --with-capabilities=libcap2
2008-08-29 09:24:14 +00:00
Martin Willi
e609b1cda2
capability API to allow plugin-controlled capability set
2008-08-28 16:27:48 +00:00
Martin Willi
b848f0377c
fixed EAP-GTC secret lookup
...
improved error logging
PAM authentication needs CAP_AUDIT_WRITE capability
2008-08-21 14:40:03 +00:00
Andreas Steffen
af165431d2
fixed libstrongswan integrity test
2008-08-19 18:51:30 +00:00
Martin Willi
a4a3e0c7dc
introduced an additional bus->signal parameter for signal specific data
...
added SIG_IKE/SIG_CHD macros for signal emitting
2008-07-18 15:51:40 +00:00
Martin Willi
035930fc4a
added %P printf handler for poposal_t
...
added some proposal selection debugging code
2008-06-12 11:42:19 +00:00
Tobias Brunner
31430acc1b
correctly initialize the mediation and connection manager
2008-05-22 11:33:35 +00:00
Tobias Brunner
6f2ba57a4e
added a fixup for addresses from shared libraries in segmentation fault handler
2008-05-19 12:49:35 +00:00
Martin Willi
1ba62b5562
loading default modules depending on configure options
2008-05-16 08:52:32 +00:00
Martin Willi
a3d92a3745
plugin load configuration in strongswan.conf
...
some components accept a "component.load" option with a space separated list of plugins to load
libcharon- plugins are now handled the same way as libstrongswan- plugins
2008-05-15 14:01:26 +00:00
Martin Willi
25b12c696b
replaced --with-gid/uid by --with-group/user
...
using named users, groups
fixed capability dropping in pluto
2008-05-08 10:58:04 +00:00
Martin Willi
5d892343fa
using capset version 1 if a newer is available
2008-05-07 08:46:37 +00:00
Martin Willi
b360e3933d
respecting ipsec.conf cachecrls= option
2008-04-17 15:01:57 +00:00
Martin Willi
46a5604a04
splitted IKE_SA manager destroy to allow plugin interaction
2008-04-17 10:46:25 +00:00
Martin Willi
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
Martin Willi
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
Martin Willi
ff867d062e
added ./configure option --with-strongswan-conf=
...
defaults to /etc/strongswan.conf
2008-04-07 06:56:33 +00:00
Tobias Brunner
84b18d5fc7
replaced mutex in leak detective with thread scheduling
2008-04-03 09:24:35 +00:00
Martin Willi
6af29ccf33
configure option in strongswan.conf for thread count
2008-04-03 08:37:24 +00:00
Tobias Brunner
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Martin Willi
733f336ad3
socket_t implementation withouth raw sockets
...
--disable-raw-socket configure option
prevents charon/pluto to run in parallel
2007-11-26 11:20:00 +00:00
Tobias Brunner
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
Martin Willi
92232dab33
fixed stuid()/setgid() and error handling
2007-10-01 09:07:10 +00:00
Martin Willi
055d016b49
changed inheritable capability set to the permitted one to execute firewall script with CAP_NET_ADMIN
2007-09-28 07:04:09 +00:00
Martin Willi
c295d0eb4b
refactored strongswan manager
...
removed buggy request parsing code, use ClearSilvers CGI kit instead
fixed CHILD_SA listing in manager (needs better design)
using secure XML communication through unix sockets
removed images with questionable (non-GPL) license
2007-09-26 14:02:21 +00:00
Martin Willi
39cc6d1ad7
fixed shutdown order to prevent crash when kernel interface schedules events
2007-09-12 07:12:25 +00:00
Andreas Steffen
f5da63e937
correct debug
2007-09-02 15:59:59 +00:00
Andreas Steffen
0bc5a23023
renamed integrity check to integrity test
2007-08-29 10:36:08 +00:00
Andreas Steffen
ab13376877
fips_verify_hmac_signature() now returns a boolean status
2007-08-29 09:43:02 +00:00
Andreas Steffen
2fb15ac606
changed interface of fips_verify_hmac_signature
2007-08-29 05:43:45 +00:00
Andreas Steffen
55434a1ba5
started implementation of libstrongswan code integrity check
2007-08-29 00:37:10 +00:00
Andreas Steffen
84db83336b
support of ipsec rereadsecrets for stroke
2007-08-10 07:16:32 +00:00
Martin Willi
4cb9d7a758
further fixed for mobike roaming
2007-06-25 13:26:02 +00:00
Martin Willi
02b3ec0a10
implemented address change notification (for MOBIKE)
...
implemented up to date address list cache to list interfaces
2007-06-14 15:16:15 +00:00
Martin Willi
9fe1a1ca76
introduced callback_job:
...
simple asynchronous method invocation
use daemons thread pool for all threads
proper cancellation and cleanups
cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
2007-06-11 10:57:19 +00:00
Martin Willi
a6a039aa10
simplified capability dropping
2007-05-09 13:12:06 +00:00
Martin Willi
3cd3f48428
properly implemented interface_managers initiate, terminte_[ike|child]
...
proper thread release when stroke is CTRL+C'ed
fixed some permission issues
2007-05-09 12:33:08 +00:00
Martin Willi
6874bf698c
changing UID/GID after startup of pluto/charon
...
added --with-uid/--with-gid configure option
2007-05-07 12:38:46 +00:00
Martin Willi
66560f4267
reducing capabilities of the threads to a minimum
...
proper flush of pending packets on daemon shutdown
adding local address as gateway address in dynamic route
2007-05-03 14:21:22 +00:00
Martin Willi
a84fb01b96
restructuring of configuration backends
...
added propotypes of new control interfaces (xml & dbus)
introduced loadable:
configuration backends
control interfaces
using pluggable modules as in EAP
2007-04-27 14:25:08 +00:00