de4e4687ff
Report test coverage of libcharon and starter
2016-06-17 18:48:08 +02:00
518a5b2ece
configure: Check for and explicitly link against -latomic
...
Some C libraries, such as uClibc, require an explicit link for some atomic
functions. Check for any libatomic, and explcily link it.
2016-06-14 14:27:20 +02:00
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
8394ea2a42
libhydra: Move kernel interface to libcharon
...
This moves hydra->kernel_interface to charon->kernel.
2016-03-03 17:36:11 +01:00
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
d8fdd1018e
starter: Don't flush SAs in the kernel
...
If starter is not used we don't do that either. And this allows us to
move the stuff in libhydra back to libcharon.
2015-08-21 18:27:06 +02:00
bd24f87d35
starter: Don't flush policies in the kernel
...
We can't control which policies we flush, so if policies are installed
and used outside of strongSwan for other protocols we'd flush them too.
And if installpolicies=no is used we probably shouldn't flush policies
either. Luckily already existing policies are not treated as fatal
errors anymore, so not flushing policies should not be that much of an
issue (in case of a crash in dynamic setups, e.g. with virtual IPs,
policies could be left behind even after restarting the connections and
properly terminating the daemon).
2015-08-21 18:27:05 +02:00
f809e485fb
Fixed some typos
2015-08-13 15:12:34 +02:00
019ebdafae
starter: Add support for multi-line strings in ipsec.conf
2015-07-28 13:27:32 +02:00
d918410add
starter: Don't replace rarely used special characters in strings in ipsec.conf
2015-07-28 13:27:32 +02:00
2d5b3d34ec
stroke: Add missing include for UINT16_MAX
...
Fixes the build on FreeBSD.
Fixes #988 .
2015-06-09 10:25:33 +02:00
d8fe354a0e
stroke: Dynamically resize stroke messages
...
The maximum size of a stroke message is currently 64k due to the 2 byte
length field.
Fixes #943 .
2015-05-22 10:40:15 +02:00
95faeaa7ed
starter: Ensure the daemon executable exists when starting up
...
The only purpose of starter is to control the IKE daemon, so we
terminate it if the daemon executable is not found (e.g. because
DAEMON_NAME is incorrect).
This removes the charonstart setting (it was not actually configurable
anymore).
2015-05-08 19:05:26 +02:00
5923abc6bf
starter: Remove START_CHARON compile flag
...
Since the removal of pluto this is quite superfluous. The flag itself
might be useful to avoid starting charon if the executable does not
exist for some reason (e.g. if DAEMON_NAME is incorrect).
2015-05-05 17:56:46 +02:00
79ebdc0788
starter: Merge quoted strings that span multiple lines
2015-03-20 18:37:22 +01:00
eaa964b34e
starter: Fail sending stroke message if a string exceeds the buffer size
...
Instead of silently setting the string value to NULL, we fail completely in
sending the message to notify the user.
Fixes #844 .
2015-02-06 16:44:27 +01:00
aa71c19e5c
starter: Fix mark_out.mask in starter_cmp_conn()
2015-01-12 11:17:12 +01:00
90fe4b3f8a
starter: Allow specifying the ipsec.conf location in strongswan.conf
2014-10-02 14:33:08 +02:00
213e02b872
stroke: Allow specifying the ipsec.secrets location in strongswan.conf
2014-10-02 14:31:00 +02:00
8986e2da47
starter: Do not close all file descriptors after fork()
...
As we use libstrongswan and expect that it still works after the fork, we
can't just closefrom() all file descriptors. Watcher, for example, uses
a pipe to notify FDSET changes, which must be kept open.
Reverts 652ddf5ce2
2014-08-25 09:47:46 +02:00
508f90131a
starter: Wait indefinitely for charon when using --attach-gdb
...
This makes sure the user has time to set break points etc. before it runs
charon under gdb.
2014-08-08 16:36:00 +02:00
f51c923f69
starter: Don't monitor child if debugger is attached
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-08-08 09:59:57 +02:00
d962b25bcb
starter: Fix memory leaks and warn if conn/ca sections are ignored due to parse errors
2014-07-18 17:15:15 +02:00
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
cc7c4c3dbd
starter: Add starter group and fix formatting of conf_parser_section_t enum
...
Make use of the Markdown support in recent Doxygen versions.
2014-06-30 13:16:16 +02:00
04ff5e58e3
starter: Ingore %default conn and ca sections
2014-06-26 12:23:05 +02:00
f4d29bf16d
starter: Don't directly refer to source files in Makefile for unit tests
...
Older versions of automake have trouble recursively cleaning such
constructs properly.
2014-06-19 14:00:49 +02:00
6719c4c828
starter: Explicitly allow @# at the beginning of strings
...
Since we treat everything after # as comment identities of type
ID_KEY_ID couldn't be parsed otherwise, unless quoted.
2014-06-19 14:00:49 +02:00
2d88617e7d
starter: Add --conftest option to test ipsec.conf syntax
2014-06-19 14:00:49 +02:00
a953f3ad4a
starter: Remove old parser
2014-06-19 14:00:49 +02:00
81ba3c1a5e
starter: Use new parser to read config file
2014-06-19 14:00:49 +02:00
640c75bb2e
starter: Move kw_entry_t definition
2014-06-19 14:00:49 +02:00
8839796c3e
starter: Remove unused ARG_LST argument type
2014-06-19 14:00:49 +02:00
f245ac6cc0
starter: Add tests for ipsec.conf parser
2014-06-19 14:00:48 +02:00
f609682e5d
starter: Add new bison/flex based parser for ipsec.conf
...
The parser simply returns key/value pairs of all sections, it already
resolves also= and allows overriding options in all included sections
(not only %default), options set in included section can also be cleared
again (key=).
It provides other improvements too, like quoted strings (with escape
sequences), unlimited includes and better whitespace/comment handling.
2014-06-19 14:00:48 +02:00
4ef86a849b
starter: Remove out of date README
2014-06-19 14:00:48 +02:00
02de66e1bf
starter: Use stream abstraction to communicate with stroke plugin
2014-06-19 13:56:37 +02:00
d5367d2262
starter: Add a replay_window connection option
2014-06-17 16:41:31 +02:00
95d13fcc3f
starter: Fix build on Android
...
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
2014-05-28 18:20:42 +02:00
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
434e530f75
ipsec_types: Add utility function to parse mark_t from strings
2013-10-11 15:32:44 +02:00
e48e530b44
starter: Reject connections having both 'ah' and 'esp' keywords set
...
We currently don't support mixed proposals or bundles, so don't create the
illusion we would.
2013-10-11 10:15:21 +02:00
25f74be8f9
starter: Remove obsolete 'auth' option
2013-10-11 10:15:21 +02:00
a07b97e804
starter: Add an 'ah' keyword for Authentication Header Security Associations
2013-10-11 10:15:20 +02:00
a2cebbe674
starter: Don't ignore keyingtries with rekey=no
...
Since keyingtries also affects the number of retries initially or when
reestablishing an SA it should not be affected by the rekey option.
Fixes #418 .
2013-09-26 10:17:48 +02:00
2bae838d5e
stroke: re-enable modeconfig keyword
2013-09-04 10:33:38 +02:00
517823b466
starter: Properly refer to the ipsec script if it was renamed
2013-07-22 18:00:19 +02:00
Tobias Brunner