Tobias Brunner
de4e4687ff
Report test coverage of libcharon and starter
2016-06-17 18:48:08 +02:00
Martin Willi
518a5b2ece
configure: Check for and explicitly link against -latomic
...
Some C libraries, such as uClibc, require an explicit link for some atomic
functions. Check for any libatomic, and explcily link it.
2016-06-14 14:27:20 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
Tobias Brunner
8394ea2a42
libhydra: Move kernel interface to libcharon
...
This moves hydra->kernel_interface to charon->kernel.
2016-03-03 17:36:11 +01:00
Andreas Steffen
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
Tobias Brunner
d8fdd1018e
starter: Don't flush SAs in the kernel
...
If starter is not used we don't do that either. And this allows us to
move the stuff in libhydra back to libcharon.
2015-08-21 18:27:06 +02:00
Tobias Brunner
bd24f87d35
starter: Don't flush policies in the kernel
...
We can't control which policies we flush, so if policies are installed
and used outside of strongSwan for other protocols we'd flush them too.
And if installpolicies=no is used we probably shouldn't flush policies
either. Luckily already existing policies are not treated as fatal
errors anymore, so not flushing policies should not be that much of an
issue (in case of a crash in dynamic setups, e.g. with virtual IPs,
policies could be left behind even after restarting the connections and
properly terminating the daemon).
2015-08-21 18:27:05 +02:00
Tobias Brunner
f809e485fb
Fixed some typos
2015-08-13 15:12:34 +02:00
Tobias Brunner
019ebdafae
starter: Add support for multi-line strings in ipsec.conf
2015-07-28 13:27:32 +02:00
Tobias Brunner
d918410add
starter: Don't replace rarely used special characters in strings in ipsec.conf
2015-07-28 13:27:32 +02:00
Tobias Brunner
2d5b3d34ec
stroke: Add missing include for UINT16_MAX
...
Fixes the build on FreeBSD.
Fixes #988 .
2015-06-09 10:25:33 +02:00
Tobias Brunner
d8fe354a0e
stroke: Dynamically resize stroke messages
...
The maximum size of a stroke message is currently 64k due to the 2 byte
length field.
Fixes #943 .
2015-05-22 10:40:15 +02:00
Tobias Brunner
95faeaa7ed
starter: Ensure the daemon executable exists when starting up
...
The only purpose of starter is to control the IKE daemon, so we
terminate it if the daemon executable is not found (e.g. because
DAEMON_NAME is incorrect).
This removes the charonstart setting (it was not actually configurable
anymore).
2015-05-08 19:05:26 +02:00
Tobias Brunner
5923abc6bf
starter: Remove START_CHARON compile flag
...
Since the removal of pluto this is quite superfluous. The flag itself
might be useful to avoid starting charon if the executable does not
exist for some reason (e.g. if DAEMON_NAME is incorrect).
2015-05-05 17:56:46 +02:00
Tobias Brunner
79ebdc0788
starter: Merge quoted strings that span multiple lines
2015-03-20 18:37:22 +01:00
Martin Willi
eaa964b34e
starter: Fail sending stroke message if a string exceeds the buffer size
...
Instead of silently setting the string value to NULL, we fail completely in
sending the message to notify the user.
Fixes #844 .
2015-02-06 16:44:27 +01:00
Maks Naumov
aa71c19e5c
starter: Fix mark_out.mask in starter_cmp_conn()
2015-01-12 11:17:12 +01:00
Shea Levy
90fe4b3f8a
starter: Allow specifying the ipsec.conf location in strongswan.conf
2014-10-02 14:33:08 +02:00
Shea Levy
213e02b872
stroke: Allow specifying the ipsec.secrets location in strongswan.conf
2014-10-02 14:31:00 +02:00
Martin Willi
8986e2da47
starter: Do not close all file descriptors after fork()
...
As we use libstrongswan and expect that it still works after the fork, we
can't just closefrom() all file descriptors. Watcher, for example, uses
a pipe to notify FDSET changes, which must be kept open.
Reverts 652ddf5ce2
.
2014-08-25 09:47:46 +02:00
Martin Willi
508f90131a
starter: Wait indefinitely for charon when using --attach-gdb
...
This makes sure the user has time to set break points etc. before it runs
charon under gdb.
2014-08-08 16:36:00 +02:00
Thomas Egerer
f51c923f69
starter: Don't monitor child if debugger is attached
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-08-08 09:59:57 +02:00
Tobias Brunner
d962b25bcb
starter: Fix memory leaks and warn if conn/ca sections are ignored due to parse errors
2014-07-18 17:15:15 +02:00
Tobias Brunner
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
Tobias Brunner
cc7c4c3dbd
starter: Add starter group and fix formatting of conf_parser_section_t enum
...
Make use of the Markdown support in recent Doxygen versions.
2014-06-30 13:16:16 +02:00
Tobias Brunner
04ff5e58e3
starter: Ingore %default conn and ca sections
2014-06-26 12:23:05 +02:00
Tobias Brunner
f4d29bf16d
starter: Don't directly refer to source files in Makefile for unit tests
...
Older versions of automake have trouble recursively cleaning such
constructs properly.
2014-06-19 14:00:49 +02:00
Tobias Brunner
6719c4c828
starter: Explicitly allow @# at the beginning of strings
...
Since we treat everything after # as comment identities of type
ID_KEY_ID couldn't be parsed otherwise, unless quoted.
2014-06-19 14:00:49 +02:00
Tobias Brunner
2d88617e7d
starter: Add --conftest option to test ipsec.conf syntax
2014-06-19 14:00:49 +02:00
Tobias Brunner
a953f3ad4a
starter: Remove old parser
2014-06-19 14:00:49 +02:00
Tobias Brunner
81ba3c1a5e
starter: Use new parser to read config file
2014-06-19 14:00:49 +02:00
Tobias Brunner
640c75bb2e
starter: Move kw_entry_t definition
2014-06-19 14:00:49 +02:00
Tobias Brunner
8839796c3e
starter: Remove unused ARG_LST argument type
2014-06-19 14:00:49 +02:00
Tobias Brunner
f245ac6cc0
starter: Add tests for ipsec.conf parser
2014-06-19 14:00:48 +02:00
Tobias Brunner
f609682e5d
starter: Add new bison/flex based parser for ipsec.conf
...
The parser simply returns key/value pairs of all sections, it already
resolves also= and allows overriding options in all included sections
(not only %default), options set in included section can also be cleared
again (key=).
It provides other improvements too, like quoted strings (with escape
sequences), unlimited includes and better whitespace/comment handling.
2014-06-19 14:00:48 +02:00
Tobias Brunner
4ef86a849b
starter: Remove out of date README
2014-06-19 14:00:48 +02:00
Tobias Brunner
02de66e1bf
starter: Use stream abstraction to communicate with stroke plugin
2014-06-19 13:56:37 +02:00
Martin Willi
d5367d2262
starter: Add a replay_window connection option
2014-06-17 16:41:31 +02:00
Tobias Brunner
95d13fcc3f
starter: Fix build on Android
...
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
2014-05-28 18:20:42 +02:00
Tobias Brunner
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Tobias Brunner
434e530f75
ipsec_types: Add utility function to parse mark_t from strings
2013-10-11 15:32:44 +02:00
Martin Willi
e48e530b44
starter: Reject connections having both 'ah' and 'esp' keywords set
...
We currently don't support mixed proposals or bundles, so don't create the
illusion we would.
2013-10-11 10:15:21 +02:00
Martin Willi
25f74be8f9
starter: Remove obsolete 'auth' option
2013-10-11 10:15:21 +02:00
Martin Willi
a07b97e804
starter: Add an 'ah' keyword for Authentication Header Security Associations
2013-10-11 10:15:20 +02:00
Tobias Brunner
a2cebbe674
starter: Don't ignore keyingtries with rekey=no
...
Since keyingtries also affects the number of retries initially or when
reestablishing an SA it should not be affected by the rekey option.
Fixes #418 .
2013-09-26 10:17:48 +02:00
Martin Willi
2bae838d5e
stroke: re-enable modeconfig keyword
2013-09-04 10:33:38 +02:00
Tobias Brunner
517823b466
starter: Properly refer to the ipsec script if it was renamed
2013-07-22 18:00:19 +02:00