Tobias Brunner
a477d28017
Move README to README.md so it gets evaluated as Markdown
2014-06-30 13:16:17 +02:00
Tobias Brunner
2eef43f3ee
swid: Fix parameter documentation in Doxygen comments
2014-06-30 13:16:17 +02:00
Tobias Brunner
e351169900
windows: Fix parameter name in Doxygen comment
2014-06-30 13:16:17 +02:00
Tobias Brunner
aad072d517
enum: Replace þ with p in Doxygen comments
2014-06-30 13:16:17 +02:00
Tobias Brunner
3b16c2b55d
libvici: Add missing argument to Doxygen comment
2014-06-30 13:16:16 +02:00
Tobias Brunner
cc7c4c3dbd
starter: Add starter group and fix formatting of conf_parser_section_t enum
...
Make use of the Markdown support in recent Doxygen versions.
2014-06-30 13:16:16 +02:00
Tobias Brunner
1bd175a9ef
swanctl: Fix Doxygen group assignment
2014-06-30 13:16:16 +02:00
Tobias Brunner
00729e16e7
apidoc: Updated Doxyfile.in
2014-06-30 13:16:16 +02:00
Tobias Brunner
ed01c1afff
Fixed some typos
2014-06-30 13:16:16 +02:00
Andreas Steffen
cac71ff00c
Update KVM test framework to 3.15 guest kernel
2014-06-27 10:07:27 +02:00
Andreas Steffen
644fc4e1ff
Added Android 4.4.4 to IMV database
2014-06-27 08:27:28 +02:00
Tobias Brunner
be41910e19
testing: Add sql/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
Tobias Brunner
73211f9b74
testing: Add pfkey/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
Tobias Brunner
f22add05f6
kernel-pfkey: Use address in TS to determine interface for shunt routes
2014-06-26 18:13:17 +02:00
Tobias Brunner
60f5fb2318
kernel-pfkey: Use subnet and prefix when determining nexthop for shunt policy routes
...
This is basically the same as 88f125f560
.
2014-06-26 18:13:09 +02:00
Tobias Brunner
b451303a6c
kernel-pfkey: Install routes for shunt policies
2014-06-26 18:12:05 +02:00
Tobias Brunner
945e1df738
testing: Remove obsolete shunt-policies scenarios
2014-06-26 18:12:00 +02:00
Tobias Brunner
04ff5e58e3
starter: Ingore %default conn and ca sections
2014-06-26 12:23:05 +02:00
Andreas Steffen
d96328fbc4
Updated build-database.sh to 3.13.0-30-generic Ubuntu kernel
2014-06-26 11:09:25 +02:00
Andreas Steffen
75598e5053
Updated description of TNC scenarios concerning RFC 7171 PT-EAP support
2014-06-26 09:47:03 +02:00
Andreas Steffen
21aebe3781
Removed django.db from swid scenarios
2014-06-26 09:45:54 +02:00
Tobias Brunner
4431e1e04d
updown: Force subnet address to be numeric
2014-06-25 16:17:15 +02:00
Martin Willi
07b57e203b
windows: Include <sys/stat.h> explicitly before overloading memset()/memcpy()
...
fstat() in newer MinGWs is defined as non-static inline. With our new static
inline memset()/memcpy() overloads, this raises a warning. To avoid it,
explicitly include <sys/stat.h> once before defining these overloads.
2014-06-25 16:09:42 +02:00
Martin Willi
fc8ca5f2f2
eap-radius: Increase buffer for accounting attributes to maximum attribute size
...
Fixes #624 .
2014-06-25 13:11:34 +02:00
Tobias Brunner
cd6b2af33e
kernel-netlink: Cast IPv6 address blobs to the proper type
...
On Android these macros are defined as functions.
2014-06-24 15:53:25 +02:00
Tobias Brunner
3e4ce88633
android: Define HAVE_DLADDR as plugin loader checks for it
2014-06-24 15:53:25 +02:00
Tobias Brunner
5195416d90
android: Update Android.mk files to match changes due to the Windows port
...
Makes them easier to compare to the original Makefile.am.
2014-06-24 15:53:25 +02:00
Martin Willi
866514c70c
charon: Set CLOEXEC flag on daemon PID file and /dev/(u)random source FDs
...
On Fedora, SELinux complains about these open file descriptors when the
updown script invokes iptables. While it seems difficult to set the flag
on all file descriptors, this at least fixes those covered by the SELinux
policy.
As these two cases are in code executed while the daemon is still single
threaded, we avoid the use of atomic but not fully portable fdopen("e") or
open(O_CLOEXEC) calls.
Fixes #519 .
2014-06-24 15:26:38 +02:00
Tobias Brunner
6d4654b9f9
utils: Add wrappers for memcpy(3), memmove(3) and memset(3)
...
These wrappers guarantee that calls to these functions are noops if the
number of bytes is 0, as calling them with NULL pointers is undefined
according to the C standard, even if the number of bytes is 0 (most
implementations probably ignore the pointers anyway in this case, but
lets make sure).
2014-06-24 15:11:27 +02:00
Tobias Brunner
bb91109af8
pki: Also check for MAX_COMMANDS when building getopt_long arguments
...
Completes 87e53819a6
and 0a8c399a21
.
2014-06-24 15:11:27 +02:00
Andreas Steffen
d82aa931db
Auxiliary swid_tagstats table boosts performance
2014-06-23 13:32:50 +02:00
Tobias Brunner
a4844dbc8f
Merge branch 'algorithm-order'
...
Restores the behavior we had before 2e22333fb
(except for RNGs), that is,
algorithms are stored in the registration order again. Which is not optimal
as we must rely on plugins to register them in a sensible order, but ordering
them by identifier definitely caused weaker algorithms to be proposed first
in the default proposal, which was even worse.
2014-06-20 16:34:29 +02:00
Tobias Brunner
aba9ef542e
unit-tests: Add tests for DH factory
2014-06-20 16:21:55 +02:00
Tobias Brunner
94dbbd8079
crypto-factory: Only sort RNGs by algorithm identifier
...
Others remain in the order in which they were added, grouped by
algorithm identifier and sorted by benchmarking speed, if provided.
2014-06-20 16:21:55 +02:00
Tobias Brunner
e145f27db7
unit-tests: Add test for crypto_factory_t's rng_create method
2014-06-20 16:21:55 +02:00
Tobias Brunner
90854d289f
kernel-netlink: Install virtual IPv6 addresses as deprecated
...
This should prevent the kernel's IPv6 source address selection algorithm
from using this address unless it is forced to by our source route.
This is helpful if split tunneling is used.
Fixes #598 .
2014-06-20 16:10:40 +02:00
Tobias Brunner
8661c56d38
vici: Install libvici in ipseclibdir like we do with other libraries
2014-06-19 14:42:07 +02:00
Tobias Brunner
93c68fcd26
Merge branch 'shunt-policies-routes'
...
Fixes #599 .
2014-06-19 14:33:50 +02:00
Tobias Brunner
88f125f560
kernel-netlink: Pass prefix when looking up next hop for shunt policies
2014-06-19 14:33:40 +02:00
Tobias Brunner
de7cb6de65
kernel-netlink: Add support for destination prefix when determining next hop
2014-06-19 14:33:40 +02:00
Tobias Brunner
c005073d0b
kernel-interface: Add destination prefix to get_nexthop()
...
This allows to determine the next hop to reach a subnet, for instance, when
installing routes for shunt policies.
2014-06-19 14:33:40 +02:00
Tobias Brunner
73b22aa842
Merge branch 'passthrough-policies-priority'
...
Introduces a new priority class for policies, which allows us to install
passthrough policies with a strictly higher priority than IPsec
policies, which was not the case previously depending on the traffic
selectors.
2014-06-19 14:24:48 +02:00
Tobias Brunner
2ef6f57456
testing: Add ikev2/shunt-policies-nat-rw scenario
2014-06-19 14:23:07 +02:00
Tobias Brunner
d93987ce24
testing: Remove ikev2/shunt-policies scenario
...
This scenario doesn't really apply anymore (especially its use of drop
policies).
2014-06-19 14:23:07 +02:00
Tobias Brunner
981466251f
shunt-manager: Install passthrough policies with highest priority
...
This avoids conflicts with regular IPsec policies.
Similarly, use the lowest priority for drop policies.
2014-06-19 14:20:33 +02:00
Tobias Brunner
5b883719a1
libipsec: Add support for new policy priority class
2014-06-19 14:20:33 +02:00
Tobias Brunner
77b6a145a0
kernel-pfkey: Add support for new policy priority class
2014-06-19 14:20:33 +02:00
Tobias Brunner
f1675e4e29
kernel-netlink: Add support for new policy priority class
2014-06-19 14:20:33 +02:00
Tobias Brunner
479060d2d6
ipsec: Add a fourth priority class for bypass policies
2014-06-19 14:20:33 +02:00
Tobias Brunner
566d1a90cd
Remove kernel-klips plugin
2014-06-19 14:20:33 +02:00