ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
9,893 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

9893 Commits

Author SHA1 Message Date
Tobias Brunner 10b116aa13 Properly initialize chunk for extension OID when parsing CRLs 2012-09-28 15:41:32 +02:00
Tobias Brunner 43e0cb6519 Fix parsing of IPv6 headers in ip_packet_t 2012-09-28 15:15:07 +02:00
Tobias Brunner 9fa335cb1b Properly cleanup varargs in LDAP fetcher's set_option() 2012-09-28 15:13:17 +02:00
Tobias Brunner b5835ee530 Properly cleanup varargs in enumerators of both SQL backends 2012-09-28 15:10:29 +02:00
Tobias Brunner a79af394a0 Allow replay windows smaller than the default of 32 2012-09-27 12:43:39 +02:00
Tobias Brunner 9845391a95 Properly initialize cached address map in kernel-pfroute plugin 2012-09-27 12:43:36 +02:00
Tobias Brunner 45178362c8 Clarified error message if enabling UDP decapsulation fails 2012-09-27 10:49:17 +02:00
Tobias Brunner bfd2cc1cd7 Fixed compilation of kernel-pfroute plugin 2012-09-27 09:23:58 +02:00
Tobias Brunner 358104a47f Added description for flush_auth_cfg and acct_port plus some minor editorial changes 2012-09-25 12:22:05 +02:00
Tobias Brunner 2d39f79b9b IKE_AUTH_LIFETIME task is not defined if IKEv2 is disabled 
Fixes #229.
 2012-09-25 09:31:47 +02:00
Tobias Brunner 012d7382b0 New Android release after fixing private key issues on Jelly Bean 2012-09-24 17:16:29 +02:00
Tobias Brunner 94106ddc85 android: Leak the private key reference on Jelly Bean to avoid a bug in the framework 
A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.
 2012-09-24 17:16:29 +02:00
Tobias Brunner dfefa2f6dc android: Added a global variable to check the current SDK version 2012-09-24 17:12:18 +02:00
Tobias Brunner 2e2feffb67 Don't check interface of inbound message if interfaces are not filtered 
We don't have a proper kernel-net interface on Android yet, so the check
for a usable interface does not work there.
 2012-09-24 17:12:18 +02:00
Tobias Brunner 64595464b2 android: Load the private key and certificates separately in android_creds_t 2012-09-24 17:12:18 +02:00
Tobias Brunner 406d680e45 android: Added a method to get the user's private key via JNI 2012-09-24 17:12:18 +02:00
Tobias Brunner c35d468fb1 android: Added a JNI backed private key implementation 
This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.
 2012-09-24 17:12:18 +02:00
Tobias Brunner 31990a19cc Documentation about some time values clarified 2012-09-24 16:02:03 +02:00
Andreas Steffen e97602151a removed ikev2/dynamic-responder scenario 2012-09-22 17:50:57 +02:00
Tobias Brunner f65ec0aa90 Make sure the if_name member of cached route entries is initialized to NULL 2012-09-22 08:23:56 +02:00
Andreas Steffen 04bb739578 do not enable integrity and crypto tests in ikev1/rw-cert-unity scenario 2012-09-21 21:26:52 +02:00
Tobias Brunner 4a025539ef NEWS about kernel interface changes 2012-09-21 18:16:27 +02:00
Tobias Brunner e811cf152a Properly handle thread cancelation in rwlock_condvar_t 2012-09-21 18:16:27 +02:00
Tobias Brunner bdf36dac71 Use an rwlock in kernel-pfroute too 2012-09-21 18:16:27 +02:00
Tobias Brunner a25d536eea Use rwlock and rwlock_condvar to increase concurrency in kernel-netlink plugin 2012-09-21 18:16:27 +02:00
Tobias Brunner 16d62305c2 Use a separate mutex for cached routes in kernel-netlink plugin 2012-09-21 18:16:27 +02:00
Tobias Brunner 60dc44648f Added a condvar implementation that works with rwlock_t 2012-09-21 18:16:27 +02:00
Tobias Brunner 4134108c77 Use a lock to safely check and update the time for the next roam event 2012-09-21 18:16:27 +02:00
Tobias Brunner e8e9048fee Added an option to configure the interface on which virtual IP addresses are installed 2012-09-21 18:16:26 +02:00
Tobias Brunner c6b401581a Changed how kernel-netlink handles virtual IP addresses 
Also tried to avoid the use of enumerators.
 2012-09-21 18:16:26 +02:00
Tobias Brunner 4106aea8e4 Made IP address enumeration more flexible 
Also added an option to enumerate addresses on ignored interfaces.
 2012-09-21 18:16:26 +02:00
Tobias Brunner 308ec0b7df Avoid calculating the hash if hashtable is empty 2012-09-21 18:16:26 +02:00
Tobias Brunner 1f97e1aaca Use a hashtable to quickly check for usable IP addresses/interfaces 2012-09-21 18:16:26 +02:00
Tobias Brunner 090c556ce8 Drop packets received on ignored interfaces 2012-09-21 18:16:26 +02:00
Tobias Brunner 940e1b0f66 Filter ignored interfaces in kernel interfaces (for events, address enumeration, etc.) 2012-09-21 18:16:26 +02:00
Tobias Brunner 645d7a5ef3 %any is never on a local interface 2012-09-21 18:16:26 +02:00
Tobias Brunner e9a7779003 Avoid memset in is_anyaddr() 2012-09-21 18:16:26 +02:00
Tobias Brunner 9ba36c0f7f Make it easy to check if an address is locally usable via changed get_interface() method 2012-09-21 18:16:26 +02:00
Tobias Brunner aed33805ce Don't ignore loopback devices and allow addresses on them being enumerated 2012-09-21 18:16:26 +02:00
Tobias Brunner 9513225e6b Added options and a lookup function that will allow filtering of network interfaces 2012-09-21 18:16:26 +02:00
Tobias Brunner a2a28d90ac Make streq() and strcaseeq() static inline functions so they can be used as callbacks 2012-09-21 18:16:26 +02:00
Tobias Brunner dad6d904ee Use source address in get_nexthop() call 
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
 2012-09-21 18:16:25 +02:00
Tobias Brunner 662534657f Source address lookup refactored 
Routes matching the destination are now first parsed and sorted by network
prefix length.  This list is then used to search for the best route with
a matching preferred source address (if one is specified).  This makes sure
we really check all routes for that address.
 2012-09-21 18:16:25 +02:00
Tobias Brunner cef0a8118e Check routes with equal prefix if preferred source is specified 2012-09-21 18:16:25 +02:00
Tobias Brunner 9d6b02d6c1 Try to find preferred source on interface if returned source does not match 2012-09-21 18:16:25 +02:00
Tobias Brunner da6d86dd94 Try to keep the given source address when looking up routes 
This allows to pin the local end of an IKE_SA to an address that is not the
physical address of an interface.  Without this patch the local address would
change to the physical address when roam events occur.
 2012-09-21 18:16:25 +02:00
Tobias Brunner 6676769e8c Make sure we propose a dynamic TS if we don't have hosts to derive a TS from 
7ee37114 removed this behavior.
 2012-09-21 18:14:17 +02:00
Tobias Brunner 0d33f428d1 Move rw-eap-dynamic scenario to its proper location 2012-09-21 09:34:10 +02:00
Martin Willi f0a2fef8a5 In mem_pool, check for an existing ID entry before creating a new one 2012-09-20 11:04:55 +02:00
Martin Willi a69bc12a3a Merge branch 'unity' 
Add Cisco Unity extension support implemented in a dedicated plugin.
 2012-09-18 17:22:47 +02:00