Martin Willi
|
6dbce9c803
|
reimplemented dbus plugin for NetworkManager 0.7, renamed to nm
|
2008-07-31 11:16:14 +00:00 |
Martin Willi
|
2d87903db9
|
recreating FIFO if it exists
|
2008-07-31 09:04:54 +00:00 |
Martin Willi
|
eb04645c10
|
fixed usage typo
|
2008-07-31 09:01:56 +00:00 |
Martin Willi
|
19ad10b5d3
|
increased stroke socket backlog to 10
|
2008-07-30 14:17:05 +00:00 |
Martin Willi
|
f0a8fa25ba
|
using a entry cache for duplicate checks, avoids deadlocks
|
2008-07-30 14:15:08 +00:00 |
Martin Willi
|
7a4ad866b0
|
use condvar broadcasts to signal threads waiting for an IP, there might be more than one
|
2008-07-30 13:19:12 +00:00 |
Tobias Brunner
|
eadd460f7c
|
the list of addresses on the interface of a guest is not cached anymore, but queried directly from the interface
|
2008-07-30 13:15:18 +00:00 |
Tobias Brunner
|
9901cdb4cd
|
* Guest#exec uses the new exec_str function
* tab completion in irdumm enabled
|
2008-07-30 13:01:04 +00:00 |
Tobias Brunner
|
2e73cd6e87
|
added an extended exec function to guests that allows to get the output of the command as string or by line.
|
2008-07-30 12:58:45 +00:00 |
Martin Willi
|
38a8e39739
|
using shared read locks in credential set enumerators to avoid deadlocks
|
2008-07-30 11:38:44 +00:00 |
Martin Willi
|
21632b76e0
|
added strongswan.conf option "charon.dos_protection" to disable cookies/aggressiveness check
|
2008-07-30 08:27:08 +00:00 |
Andreas Steffen
|
ce91f67f60
|
starter now waits for a maximum of 10s instead of 1s for charon before restarting the daemon
|
2008-07-29 19:44:54 +00:00 |
Andreas Steffen
|
98ba96f185
|
demoted IKE state change output to debug level 2
|
2008-07-28 14:01:45 +00:00 |
Andreas Steffen
|
3fd9c75717
|
ignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier
|
2008-07-28 13:53:04 +00:00 |
Martin Willi
|
7fb2693724
|
switched xterm console title
|
2008-07-28 13:10:34 +00:00 |
Martin Willi
|
bc8f868c99
|
using gnome-terminal in irdumm
|
2008-07-28 12:37:01 +00:00 |
Andreas Steffen
|
5c96dab653
|
version bump to 4.2.6
|
2008-07-28 09:14:07 +00:00 |
Martin Willi
|
7c04589335
|
use XFRM_MSG_UPDPOLICY for existing policies only
|
2008-07-28 08:29:04 +00:00 |
Martin Willi
|
6ef70d2109
|
added tests.h to distribution
|
2008-07-24 12:48:36 +00:00 |
Martin Willi
|
b6bf863459
|
fixed UCI thread cancellation on ARM
|
2008-07-24 08:52:12 +00:00 |
Martin Willi
|
3bc5a137cb
|
added option charon.plugins.sql.lease_history to disable lease history logging
|
2008-07-24 08:28:45 +00:00 |
Martin Willi
|
875a8326b3
|
fixed statistic calcuation for static leases
|
2008-07-24 08:21:55 +00:00 |
Andreas Steffen
|
f6facbe75c
|
completed IKE_SA logging at the AUDIT level
|
2008-07-23 18:46:34 +00:00 |
Martin Willi
|
a01ad99341
|
fixed pool statistics
|
2008-07-23 13:56:07 +00:00 |
Andreas Steffen
|
6410231335
|
IKE_SA rekeying inherits other_host from old IKE_SA
|
2008-07-23 07:44:26 +00:00 |
Andreas Steffen
|
0eede4a31f
|
cosmetics
|
2008-07-23 06:38:24 +00:00 |
Andreas Steffen
|
295826b9f0
|
start default strongSwan UML topology
|
2008-07-22 17:21:01 +00:00 |
Andreas Steffen
|
51c8f8261f
|
some more changes to IKE_SA and CHILD_SA logging
|
2008-07-22 17:10:10 +00:00 |
Martin Willi
|
f7198e7e8c
|
experimental and untested reimplementation of sql based IP pool
uses address preallocation and separate address/lease tables for linear lookup time
|
2008-07-22 14:56:15 +00:00 |
Andreas Steffen
|
32f5ee159e
|
cosmetics
|
2008-07-22 12:13:48 +00:00 |
Andreas Steffen
|
66da78b4bb
|
ipsec status lists IPCOMP CPIs
|
2008-07-22 12:03:58 +00:00 |
Andreas Steffen
|
c3967e779e
|
own CPI was not deleted due to copy-and-paste error
|
2008-07-22 10:53:56 +00:00 |
Andreas Steffen
|
eba7470b76
|
consistent logging of SPIs and CPIs
|
2008-07-22 10:16:45 +00:00 |
Andreas Steffen
|
7db7d06e28
|
missing FETCH_END caused SEGFAULT in ikev2/rw-hash-and-url scenario
|
2008-07-22 06:24:00 +00:00 |
Andreas Steffen
|
af18c84ffb
|
display protoport in dynamic/32 traffic selectors
|
2008-07-21 19:08:03 +00:00 |
Martin Willi
|
ee93541783
|
fixed bus args copy on non i386 archs
|
2008-07-21 14:23:43 +00:00 |
Andreas Steffen
|
fb34475b5c
|
consistent logging of IKE and CHILD SAs
|
2008-07-21 12:47:59 +00:00 |
Martin Willi
|
0a625fde3e
|
pool performance testing
|
2008-07-21 11:17:20 +00:00 |
Martin Willi
|
6b64fe2684
|
loading unit-tester plugin as the last one
|
2008-07-21 11:16:07 +00:00 |
Martin Willi
|
c7314e68ab
|
reverted bus to non-recursive mutex due instability
|
2008-07-21 11:15:16 +00:00 |
Martin Willi
|
fc861b0b7e
|
added a driver type getter for database implementations
|
2008-07-21 11:13:06 +00:00 |
Martin Willi
|
a4a3e0c7dc
|
introduced an additional bus->signal parameter for signal specific data
added SIG_IKE/SIG_CHD macros for signal emitting
|
2008-07-18 15:51:40 +00:00 |
Martin Willi
|
2f725443e5
|
removed testing app, this is scriptable with irdumm now
|
2008-07-18 12:14:43 +00:00 |
Martin Willi
|
a98793adfe
|
allow but filter recursive listener invocation
|
2008-07-18 11:05:01 +00:00 |
Martin Willi
|
1082b06121
|
fixed compiler warning
|
2008-07-18 10:54:49 +00:00 |
Martin Willi
|
12b1c1a1bc
|
extended UCI plugin by a simple control interface using a fifo
|
2008-07-18 10:34:44 +00:00 |
Andreas Steffen
|
bb7b613b83
|
eliminated bashisms in _updown scripts
|
2008-07-18 10:04:40 +00:00 |
Martin Willi
|
bd07b59079
|
avoid heap allocation in bus->signal for performance reasons
|
2008-07-17 11:45:58 +00:00 |
Martin Willi
|
5353f22ed7
|
fixed potential segfault in resolve_hosts
|
2008-07-17 11:06:31 +00:00 |
Martin Willi
|
d61d1913e1
|
ignore IPCOMP acquires, fixes additional CHILD_SA setup with acquired SAs using compression
|
2008-07-17 08:25:34 +00:00 |
Martin Willi
|
7ca49551c8
|
do not distinguish different policy protocols in userland cache
|
2008-07-16 12:33:19 +00:00 |
Martin Willi
|
7b9e1ff0fd
|
do not complain about existing routes
|
2008-07-16 12:30:47 +00:00 |
Andreas Steffen
|
08ab369b8c
|
included Thomas in copyright statement
|
2008-07-16 12:28:29 +00:00 |
Martin Willi
|
7beea2e99f
|
fixed acquire-delay bug by:
installing policies before states
updating policies if protocol has changed
|
2008-07-16 11:51:37 +00:00 |
Andreas Steffen
|
519e87b078
|
updated copyright statement
|
2008-07-16 10:17:04 +00:00 |
Andreas Steffen
|
872aa6ea51
|
fixed bashism in ipsec.in
|
2008-07-16 06:59:08 +00:00 |
Andreas Steffen
|
326bfd0450
|
set XFRM_STATE_AF_UNSPEC flag only in IPsec tunnel mode
|
2008-07-15 21:35:55 +00:00 |
Andreas Steffen
|
eb0cc33886
|
The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels
|
2008-07-15 15:28:00 +00:00 |
Martin Willi
|
66d4745f8e
|
ported patch to final 2.6.26 release, including UML Makefile fixes
|
2008-07-15 14:41:12 +00:00 |
Andreas Steffen
|
6d58c2be9a
|
cosmetics
|
2008-07-15 13:09:09 +00:00 |
Andreas Steffen
|
0ef961b878
|
added pfsgroup to ipsec.conf.5 man page
|
2008-07-15 13:07:27 +00:00 |
Martin Willi
|
ef3f717bfe
|
reverted [4125],[4166], reimplemented the proper way
|
2008-07-11 08:54:56 +00:00 |
Martin Willi
|
6b5d95919c
|
setting ike_sa on bus in checkout_new
|
2008-07-11 08:47:18 +00:00 |
Andreas Steffen
|
858a9fd584
|
update_peerid() does not accept %any as a certificate's subjectAltName
|
2008-07-09 22:13:39 +00:00 |
Martin Willi
|
e7991a2eef
|
do a route lookup to allow routing of left=%any connections
|
2008-07-09 14:16:19 +00:00 |
Martin Willi
|
6c652e6b55
|
added /usr/local/[s]bin to uml exec path
|
2008-07-09 12:39:11 +00:00 |
Martin Willi
|
ddf944be3e
|
loading ruby scripts specified at command line
|
2008-07-09 12:18:06 +00:00 |
Martin Willi
|
a9c46ace99
|
ruby bindings/fixes for template loading
|
2008-07-09 11:43:48 +00:00 |
Martin Willi
|
ee70c94835
|
passing a block to guest.exec() processes output lines
|
2008-07-09 10:51:10 +00:00 |
Martin Willi
|
bf44108019
|
uml "exec" writes stdout/stderr back to mconsole
guest->exec() accepts a callback for output
sligtly refactored mconsole.c
|
2008-07-08 14:58:20 +00:00 |
Martin Willi
|
02a6083633
|
guest interface/address management using hackish mconsole exec patch, ruby bindings
|
2008-07-07 14:56:04 +00:00 |
Martin Willi
|
36beca7cef
|
disconnecting interfaces properly on bridge destruction
|
2008-07-05 09:32:55 +00:00 |
Martin Willi
|
c4d72bdb01
|
throwing proper exeptions on errors, correct return values
mixin enumerable in classes/objects with .each
|
2008-07-04 16:42:54 +00:00 |
Martin Willi
|
ca275ae2ca
|
prototype of irdumm - interactive ruby shell for dumm
|
2008-07-04 14:21:41 +00:00 |
Martin Willi
|
4302d4f012
|
some stability improvements
|
2008-07-04 06:58:04 +00:00 |
Andreas Steffen
|
2c258d7373
|
ipsec statusall displays dpd options
|
2008-07-02 10:48:57 +00:00 |
Martin Willi
|
4a231f1a2e
|
changed medcli settings keys
|
2008-07-02 09:02:38 +00:00 |
Martin Willi
|
d932435e18
|
sql plugin supports a list of pools to fall back, specified by e.g. rightsourceip=%pool1,pool2
|
2008-07-02 08:31:48 +00:00 |
Martin Willi
|
11e855179e
|
using token enumerator to parser plugin list
|
2008-07-02 08:19:43 +00:00 |
Martin Willi
|
fca4d3ee03
|
implementation of a simple "token enumerator"
|
2008-07-02 08:09:07 +00:00 |
Andreas Steffen
|
1dec30625e
|
check if parsing of ipsec update was successful
|
2008-07-02 05:51:49 +00:00 |
Martin Willi
|
ab89517218
|
fixed medsrv database uri key
|
2008-07-01 13:57:47 +00:00 |
Andreas Steffen
|
556e426fd8
|
renamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP
|
2008-07-01 13:47:26 +00:00 |
Martin Willi
|
131064995a
|
added a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote virtual ip
|
2008-07-01 12:48:56 +00:00 |
Martin Willi
|
d01783dba4
|
logging peer addresses in peer_cfg lookup
|
2008-07-01 11:10:37 +00:00 |
Martin Willi
|
9eeaa25f5d
|
added host match prio to debugging output
|
2008-07-01 11:01:27 +00:00 |
Martin Willi
|
62bd123952
|
peer_cfg lookup takes peer addresses into account
|
2008-07-01 09:05:20 +00:00 |
Martin Willi
|
866ba8e0b6
|
strongswan.conf's charon.close_ike_on_child_failure closes IKE_SA if CHILD_SA setup in IKE_AUTH fails
|
2008-07-01 07:54:09 +00:00 |
Martin Willi
|
fe5d7c43be
|
whitelisting leaks of ENGINE_load_builtin_engines
|
2008-07-01 07:53:03 +00:00 |
Martin Willi
|
d510eaea47
|
sending INTERNAL_ADDRESS_FAILURE if virtual IP requested but none found
|
2008-07-01 06:36:52 +00:00 |
Andreas Steffen
|
5397a7f91d
|
show authentication method in ipsec statusall
|
2008-06-30 17:08:47 +00:00 |
Martin Willi
|
b119f89a4e
|
fixed chunk_increment, fixes reuse of already assigned addresses
|
2008-06-30 12:33:38 +00:00 |
Martin Willi
|
7da767f773
|
sqlite plugin requires libsqlite3 => 3.3.1 to share connections
use recursive locking if libsqlite3 < 3.5.0
|
2008-06-30 11:06:18 +00:00 |
Martin Willi
|
aafe8ced39
|
added strongswan.conf option charon.reuse_iksa=no to create each CHILD_SA in a new IKE_SA
|
2008-06-30 08:45:11 +00:00 |
Andreas Steffen
|
125aaf1ab1
|
log received vendor id as a hex value
|
2008-06-27 17:11:54 +00:00 |
Andreas Steffen
|
dc04f16e26
|
corrected vendor_id_payload diagram
|
2008-06-27 15:22:27 +00:00 |
Andreas Steffen
|
615611afc1
|
version bump to 4.2.5
|
2008-06-26 09:59:55 +00:00 |
Martin Willi
|
c66a1b757f
|
ike/kernel protocol identifier conversion functions
|
2008-06-26 08:59:39 +00:00 |
Martin Willi
|
854a2e1760
|
fixed ifndef typo for MYSQL_DATA_TRUNCATED check
|
2008-06-26 07:31:52 +00:00 |
Martin Willi
|
236083cb56
|
fixed plugin loader destruction
|
2008-06-25 14:53:49 +00:00 |