Tobias Brunner
10b116aa13
Properly initialize chunk for extension OID when parsing CRLs
2012-09-28 15:41:32 +02:00
Tobias Brunner
43e0cb6519
Fix parsing of IPv6 headers in ip_packet_t
2012-09-28 15:15:07 +02:00
Tobias Brunner
9fa335cb1b
Properly cleanup varargs in LDAP fetcher's set_option()
2012-09-28 15:13:17 +02:00
Tobias Brunner
b5835ee530
Properly cleanup varargs in enumerators of both SQL backends
2012-09-28 15:10:29 +02:00
Tobias Brunner
a79af394a0
Allow replay windows smaller than the default of 32
2012-09-27 12:43:39 +02:00
Tobias Brunner
9845391a95
Properly initialize cached address map in kernel-pfroute plugin
2012-09-27 12:43:36 +02:00
Tobias Brunner
45178362c8
Clarified error message if enabling UDP decapsulation fails
2012-09-27 10:49:17 +02:00
Tobias Brunner
bfd2cc1cd7
Fixed compilation of kernel-pfroute plugin
2012-09-27 09:23:58 +02:00
Tobias Brunner
358104a47f
Added description for flush_auth_cfg and acct_port plus some minor editorial changes
2012-09-25 12:22:05 +02:00
Tobias Brunner
2d39f79b9b
IKE_AUTH_LIFETIME task is not defined if IKEv2 is disabled
...
Fixes #229 .
2012-09-25 09:31:47 +02:00
Tobias Brunner
012d7382b0
New Android release after fixing private key issues on Jelly Bean
2012-09-24 17:16:29 +02:00
Tobias Brunner
94106ddc85
android: Leak the private key reference on Jelly Bean to avoid a bug in the framework
...
A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.
2012-09-24 17:16:29 +02:00
Tobias Brunner
dfefa2f6dc
android: Added a global variable to check the current SDK version
2012-09-24 17:12:18 +02:00
Tobias Brunner
2e2feffb67
Don't check interface of inbound message if interfaces are not filtered
...
We don't have a proper kernel-net interface on Android yet, so the check
for a usable interface does not work there.
2012-09-24 17:12:18 +02:00
Tobias Brunner
64595464b2
android: Load the private key and certificates separately in android_creds_t
2012-09-24 17:12:18 +02:00
Tobias Brunner
406d680e45
android: Added a method to get the user's private key via JNI
2012-09-24 17:12:18 +02:00
Tobias Brunner
c35d468fb1
android: Added a JNI backed private key implementation
...
This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.
2012-09-24 17:12:18 +02:00
Tobias Brunner
31990a19cc
Documentation about some time values clarified
2012-09-24 16:02:03 +02:00
Andreas Steffen
e97602151a
removed ikev2/dynamic-responder scenario
2012-09-22 17:50:57 +02:00
Tobias Brunner
f65ec0aa90
Make sure the if_name member of cached route entries is initialized to NULL
2012-09-22 08:23:56 +02:00
Andreas Steffen
04bb739578
do not enable integrity and crypto tests in ikev1/rw-cert-unity scenario
2012-09-21 21:26:52 +02:00
Tobias Brunner
4a025539ef
NEWS about kernel interface changes
2012-09-21 18:16:27 +02:00
Tobias Brunner
e811cf152a
Properly handle thread cancelation in rwlock_condvar_t
2012-09-21 18:16:27 +02:00
Tobias Brunner
bdf36dac71
Use an rwlock in kernel-pfroute too
2012-09-21 18:16:27 +02:00
Tobias Brunner
a25d536eea
Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink plugin
2012-09-21 18:16:27 +02:00
Tobias Brunner
16d62305c2
Use a separate mutex for cached routes in kernel-netlink plugin
2012-09-21 18:16:27 +02:00
Tobias Brunner
60dc44648f
Added a condvar implementation that works with rwlock_t
2012-09-21 18:16:27 +02:00
Tobias Brunner
4134108c77
Use a lock to safely check and update the time for the next roam event
2012-09-21 18:16:27 +02:00
Tobias Brunner
e8e9048fee
Added an option to configure the interface on which virtual IP addresses are installed
2012-09-21 18:16:26 +02:00
Tobias Brunner
c6b401581a
Changed how kernel-netlink handles virtual IP addresses
...
Also tried to avoid the use of enumerators.
2012-09-21 18:16:26 +02:00
Tobias Brunner
4106aea8e4
Made IP address enumeration more flexible
...
Also added an option to enumerate addresses on ignored interfaces.
2012-09-21 18:16:26 +02:00
Tobias Brunner
308ec0b7df
Avoid calculating the hash if hashtable is empty
2012-09-21 18:16:26 +02:00
Tobias Brunner
1f97e1aaca
Use a hashtable to quickly check for usable IP addresses/interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
090c556ce8
Drop packets received on ignored interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
940e1b0f66
Filter ignored interfaces in kernel interfaces (for events, address enumeration, etc.)
2012-09-21 18:16:26 +02:00
Tobias Brunner
645d7a5ef3
%any is never on a local interface
2012-09-21 18:16:26 +02:00
Tobias Brunner
e9a7779003
Avoid memset in is_anyaddr()
2012-09-21 18:16:26 +02:00
Tobias Brunner
9ba36c0f7f
Make it easy to check if an address is locally usable via changed get_interface() method
2012-09-21 18:16:26 +02:00
Tobias Brunner
aed33805ce
Don't ignore loopback devices and allow addresses on them being enumerated
2012-09-21 18:16:26 +02:00
Tobias Brunner
9513225e6b
Added options and a lookup function that will allow filtering of network interfaces
2012-09-21 18:16:26 +02:00
Tobias Brunner
a2a28d90ac
Make streq() and strcaseeq() static inline functions so they can be used as callbacks
2012-09-21 18:16:26 +02:00
Tobias Brunner
dad6d904ee
Use source address in get_nexthop() call
...
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
2012-09-21 18:16:25 +02:00
Tobias Brunner
662534657f
Source address lookup refactored
...
Routes matching the destination are now first parsed and sorted by network
prefix length. This list is then used to search for the best route with
a matching preferred source address (if one is specified). This makes sure
we really check all routes for that address.
2012-09-21 18:16:25 +02:00
Tobias Brunner
cef0a8118e
Check routes with equal prefix if preferred source is specified
2012-09-21 18:16:25 +02:00
Tobias Brunner
9d6b02d6c1
Try to find preferred source on interface if returned source does not match
2012-09-21 18:16:25 +02:00
Tobias Brunner
da6d86dd94
Try to keep the given source address when looking up routes
...
This allows to pin the local end of an IKE_SA to an address that is not the
physical address of an interface. Without this patch the local address would
change to the physical address when roam events occur.
2012-09-21 18:16:25 +02:00
Tobias Brunner
6676769e8c
Make sure we propose a dynamic TS if we don't have hosts to derive a TS from
...
7ee37114
removed this behavior.
2012-09-21 18:14:17 +02:00
Tobias Brunner
0d33f428d1
Move rw-eap-dynamic scenario to its proper location
2012-09-21 09:34:10 +02:00
Martin Willi
f0a2fef8a5
In mem_pool, check for an existing ID entry before creating a new one
2012-09-20 11:04:55 +02:00
Martin Willi
a69bc12a3a
Merge branch 'unity'
...
Add Cisco Unity extension support implemented in a dedicated plugin.
2012-09-18 17:22:47 +02:00