Commit Graph

13188 Commits

Author SHA1 Message Date
Tobias Brunner a477d28017 Move README to README.md so it gets evaluated as Markdown 2014-06-30 13:16:17 +02:00
Tobias Brunner 2eef43f3ee swid: Fix parameter documentation in Doxygen comments 2014-06-30 13:16:17 +02:00
Tobias Brunner e351169900 windows: Fix parameter name in Doxygen comment 2014-06-30 13:16:17 +02:00
Tobias Brunner aad072d517 enum: Replace þ with p in Doxygen comments 2014-06-30 13:16:17 +02:00
Tobias Brunner 3b16c2b55d libvici: Add missing argument to Doxygen comment 2014-06-30 13:16:16 +02:00
Tobias Brunner cc7c4c3dbd starter: Add starter group and fix formatting of conf_parser_section_t enum
Make use of the Markdown support in recent Doxygen versions.
2014-06-30 13:16:16 +02:00
Tobias Brunner 1bd175a9ef swanctl: Fix Doxygen group assignment 2014-06-30 13:16:16 +02:00
Tobias Brunner 00729e16e7 apidoc: Updated Doxyfile.in 2014-06-30 13:16:16 +02:00
Tobias Brunner ed01c1afff Fixed some typos 2014-06-30 13:16:16 +02:00
Andreas Steffen cac71ff00c Update KVM test framework to 3.15 guest kernel 2014-06-27 10:07:27 +02:00
Andreas Steffen 644fc4e1ff Added Android 4.4.4 to IMV database 2014-06-27 08:27:28 +02:00
Tobias Brunner be41910e19 testing: Add sql/shunt-policies-nat-rw scenario 2014-06-26 18:13:26 +02:00
Tobias Brunner 73211f9b74 testing: Add pfkey/shunt-policies-nat-rw scenario 2014-06-26 18:13:26 +02:00
Tobias Brunner f22add05f6 kernel-pfkey: Use address in TS to determine interface for shunt routes 2014-06-26 18:13:17 +02:00
Tobias Brunner 60f5fb2318 kernel-pfkey: Use subnet and prefix when determining nexthop for shunt policy routes
This is basically the same as 88f125f560.
2014-06-26 18:13:09 +02:00
Tobias Brunner b451303a6c kernel-pfkey: Install routes for shunt policies 2014-06-26 18:12:05 +02:00
Tobias Brunner 945e1df738 testing: Remove obsolete shunt-policies scenarios 2014-06-26 18:12:00 +02:00
Tobias Brunner 04ff5e58e3 starter: Ingore %default conn and ca sections 2014-06-26 12:23:05 +02:00
Andreas Steffen d96328fbc4 Updated build-database.sh to 3.13.0-30-generic Ubuntu kernel 2014-06-26 11:09:25 +02:00
Andreas Steffen 75598e5053 Updated description of TNC scenarios concerning RFC 7171 PT-EAP support 2014-06-26 09:47:03 +02:00
Andreas Steffen 21aebe3781 Removed django.db from swid scenarios 2014-06-26 09:45:54 +02:00
Tobias Brunner 4431e1e04d updown: Force subnet address to be numeric 2014-06-25 16:17:15 +02:00
Martin Willi 07b57e203b windows: Include <sys/stat.h> explicitly before overloading memset()/memcpy()
fstat() in newer MinGWs is defined as non-static inline. With our new static
inline memset()/memcpy() overloads, this raises a warning. To avoid it,
explicitly include <sys/stat.h> once before defining these overloads.
2014-06-25 16:09:42 +02:00
Martin Willi fc8ca5f2f2 eap-radius: Increase buffer for accounting attributes to maximum attribute size
Fixes #624.
2014-06-25 13:11:34 +02:00
Tobias Brunner cd6b2af33e kernel-netlink: Cast IPv6 address blobs to the proper type
On Android these macros are defined as functions.
2014-06-24 15:53:25 +02:00
Tobias Brunner 3e4ce88633 android: Define HAVE_DLADDR as plugin loader checks for it 2014-06-24 15:53:25 +02:00
Tobias Brunner 5195416d90 android: Update Android.mk files to match changes due to the Windows port
Makes them easier to compare to the original Makefile.am.
2014-06-24 15:53:25 +02:00
Martin Willi 866514c70c charon: Set CLOEXEC flag on daemon PID file and /dev/(u)random source FDs
On Fedora, SELinux complains about these open file descriptors when the
updown script invokes iptables. While it seems difficult to set the flag
on all file descriptors, this at least fixes those covered by the SELinux
policy.

As these two cases are in code executed while the daemon is still single
threaded, we avoid the use of atomic but not fully portable fdopen("e") or
open(O_CLOEXEC) calls.

Fixes #519.
2014-06-24 15:26:38 +02:00
Tobias Brunner 6d4654b9f9 utils: Add wrappers for memcpy(3), memmove(3) and memset(3)
These wrappers guarantee that calls to these functions are noops if the
number of bytes is 0, as calling them with NULL pointers is undefined
according to the C standard, even if the number of bytes is 0 (most
implementations probably ignore the pointers anyway in this case, but
lets make sure).
2014-06-24 15:11:27 +02:00
Tobias Brunner bb91109af8 pki: Also check for MAX_COMMANDS when building getopt_long arguments
Completes 87e53819a6 and 0a8c399a21.
2014-06-24 15:11:27 +02:00
Andreas Steffen d82aa931db Auxiliary swid_tagstats table boosts performance 2014-06-23 13:32:50 +02:00
Tobias Brunner a4844dbc8f Merge branch 'algorithm-order'
Restores the behavior we had before 2e22333fb (except for RNGs), that is,
algorithms are stored in the registration order again.  Which is not optimal
as we must rely on plugins to register them in a sensible order, but ordering
them by identifier definitely caused weaker algorithms to be proposed first
in the default proposal, which was even worse.
2014-06-20 16:34:29 +02:00
Tobias Brunner aba9ef542e unit-tests: Add tests for DH factory 2014-06-20 16:21:55 +02:00
Tobias Brunner 94dbbd8079 crypto-factory: Only sort RNGs by algorithm identifier
Others remain in the order in which they were added, grouped by
algorithm identifier and sorted by benchmarking speed, if provided.
2014-06-20 16:21:55 +02:00
Tobias Brunner e145f27db7 unit-tests: Add test for crypto_factory_t's rng_create method 2014-06-20 16:21:55 +02:00
Tobias Brunner 90854d289f kernel-netlink: Install virtual IPv6 addresses as deprecated
This should prevent the kernel's IPv6 source address selection algorithm
from using this address unless it is forced to by our source route.
This is helpful if split tunneling is used.

Fixes #598.
2014-06-20 16:10:40 +02:00
Tobias Brunner 8661c56d38 vici: Install libvici in ipseclibdir like we do with other libraries 2014-06-19 14:42:07 +02:00
Tobias Brunner 93c68fcd26 Merge branch 'shunt-policies-routes'
Fixes #599.
2014-06-19 14:33:50 +02:00
Tobias Brunner 88f125f560 kernel-netlink: Pass prefix when looking up next hop for shunt policies 2014-06-19 14:33:40 +02:00
Tobias Brunner de7cb6de65 kernel-netlink: Add support for destination prefix when determining next hop 2014-06-19 14:33:40 +02:00
Tobias Brunner c005073d0b kernel-interface: Add destination prefix to get_nexthop()
This allows to determine the next hop to reach a subnet, for instance, when
installing routes for shunt policies.
2014-06-19 14:33:40 +02:00
Tobias Brunner 73b22aa842 Merge branch 'passthrough-policies-priority'
Introduces a new priority class for policies, which allows us to install
passthrough policies with a strictly higher priority than IPsec
policies, which was not the case previously depending on the traffic
selectors.
2014-06-19 14:24:48 +02:00
Tobias Brunner 2ef6f57456 testing: Add ikev2/shunt-policies-nat-rw scenario 2014-06-19 14:23:07 +02:00
Tobias Brunner d93987ce24 testing: Remove ikev2/shunt-policies scenario
This scenario doesn't really apply anymore (especially its use of drop
policies).
2014-06-19 14:23:07 +02:00
Tobias Brunner 981466251f shunt-manager: Install passthrough policies with highest priority
This avoids conflicts with regular IPsec policies.

Similarly, use the lowest priority for drop policies.
2014-06-19 14:20:33 +02:00
Tobias Brunner 5b883719a1 libipsec: Add support for new policy priority class 2014-06-19 14:20:33 +02:00
Tobias Brunner 77b6a145a0 kernel-pfkey: Add support for new policy priority class 2014-06-19 14:20:33 +02:00
Tobias Brunner f1675e4e29 kernel-netlink: Add support for new policy priority class 2014-06-19 14:20:33 +02:00
Tobias Brunner 479060d2d6 ipsec: Add a fourth priority class for bypass policies 2014-06-19 14:20:33 +02:00
Tobias Brunner 566d1a90cd Remove kernel-klips plugin 2014-06-19 14:20:33 +02:00