3b16c2b55d
libvici: Add missing argument to Doxygen comment
2014-06-30 13:16:16 +02:00
ed01c1afff
Fixed some typos
2014-06-30 13:16:16 +02:00
4431e1e04d
updown: Force subnet address to be numeric
2014-06-25 16:17:15 +02:00
fc8ca5f2f2
eap-radius: Increase buffer for accounting attributes to maximum attribute size
...
Fixes #624 .
2014-06-25 13:11:34 +02:00
8661c56d38
vici: Install libvici in ipseclibdir like we do with other libraries
2014-06-19 14:42:07 +02:00
c005073d0b
kernel-interface: Add destination prefix to get_nexthop()
...
This allows to determine the next hop to reach a subnet, for instance, when
installing routes for shunt policies.
2014-06-19 14:33:40 +02:00
9f950af17a
load-tester: Add a crl option to include a CRL uri in generated certificates
2014-06-19 10:48:27 +02:00
5885ec2a27
vici: Support memory stats without leak-detective on Windows
2014-06-17 17:55:45 +02:00
65689ce76a
vici: Add a stats command returning various daemon infos and statistics
2014-06-17 17:55:45 +02:00
d73a46171d
vici: Support a replay_window CHILD_SA option
2014-06-17 16:41:31 +02:00
d5367d2262
starter: Add a replay_window connection option
2014-06-17 16:41:31 +02:00
30c009c2fe
kernel-interface: Add a replay_window parameter to add_sa()
2014-06-17 16:41:30 +02:00
2d846c2035
socket-win: Use non-overlapped I/O and socket event selection
...
The use of overlapped I/O was incorrect, as we passed stack based buffers, but
did not cancel/wait for pending completion on all sockets. Our receive-from-all
socket interface is actually tricky to implement using overlapped I/O. Switch
to WSAEventSelect() event management, which can be canceled properly while
working in a select()-like way.
2014-06-17 15:19:25 +02:00
dacb75f5c0
Split swanctl --raw mode into single-line and --pretty mode
2014-06-14 15:40:22 +02:00
cab59c73fc
windows: Use WINAPI call convention for Windows API callbacks
...
For x86_64 it does not actually matter, but for i686 builds the call convention
is different with WINAPI.
2014-06-06 16:28:28 +02:00
4b9848a2cc
kernel-wfp: Include Windows header patch for MinGW 4.8.1
2014-06-04 16:32:12 +02:00
75afbeee21
kernel-wfp: Clone acquire traffic selectors only if they exist
2014-06-04 16:32:11 +02:00
78bde29a7c
kernel-wfp: Install routes for trap policies
2014-06-04 16:32:11 +02:00
e36d1d4124
kernel-wfp: Refactor route management to separate function
2014-06-04 16:32:11 +02:00
4a8ba369b6
kernel-wfp: Install tunnel mode policies to appropriate sub-layers
...
While it is unclear if this has any effect at all, we prefer specific sublayers
to install policies as suggested.
2014-06-04 16:32:11 +02:00
be32be01a8
kernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW builds
2014-06-04 16:32:11 +02:00
4b51280344
kernel-wfp: Support multiple traffic selectors on tunnel mode SAs
2014-06-04 16:32:11 +02:00
5e6e214ab4
kernel-iph: Implicitly enable IP forwarding when installing routes
2014-06-04 16:32:11 +02:00
c7d30c2ad1
kernel-wfp: Show a warning for packets the kernel drops in its IPsec layers
2014-06-04 16:32:10 +02:00
a4f3b363da
kernel-wfp: Set flag to get UDP encapsulation with tunnel mode working
...
Having this flag set fixes connections initiated by the Windows host, but
unfortunately does not yet fix incoming connections. Connection state issue?
We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
2014-06-04 16:32:10 +02:00
6de788704b
kernel-wfp: Install tunnel and trap forward policies
2014-06-04 16:32:10 +02:00
1678f0a999
kernel-wfp: Manually create a ProviderContext to attach individual filters
...
This gives us more flexibility than using the intransparent FwpmIPsecTunnelAdd,
and fixes the issues we have seen with trap policies. Forward filters are
still missing, but required for site-to-site tunnels.
2014-06-04 16:32:10 +02:00
1ca2b1615a
kernel-wfp: Print filter weight in "ipsecdump filters"
2014-06-04 16:32:10 +02:00
c6f189e448
kernel-wfp: Add support for trap policies and acquires
2014-06-04 16:32:10 +02:00
11e7d0677c
socket-win: Install IKE bypass policies using bypass_socket()
2014-06-04 16:32:10 +02:00
f206e069f1
kernel-wfp: Implement bypass_socket() using dedicated filter rules
2014-06-04 16:32:09 +02:00
2868314028
kernel-wfp: Register for WFP Net events
2014-06-04 16:32:09 +02:00
6aaa432741
kernel-wfp: Add some missing IPv6 GUIDs, fix IPv6 host conversion
2014-06-04 16:32:09 +02:00
288dc68596
kernel-wfp: Add an ipsecdump "filters" command to print IPsec related filters
2014-06-04 16:32:09 +02:00
489a4f2192
kernel-wfp: Add an ipsecdump utility to show installed SAs/SPs on Windows
2014-06-04 16:32:09 +02:00
9c974c329d
kernel-wfp: Depend on used RNG plugin features
2014-06-04 16:32:09 +02:00
5a5b9925f8
kernel-wfp: Implement update_sa()
2014-06-04 16:32:09 +02:00
1987b70989
kernel-wfp: Configure ports for SAs using UDP encapsulation
2014-06-04 16:32:09 +02:00
9b5c95648f
kernel-wfp: Refactor SA context construction, and use IPsecSaContextCreate1()
2014-06-04 16:32:08 +02:00
3551fdbbdf
kernel-iph: Fire roam events for detected address changes
2014-06-04 16:32:08 +02:00
bbe42a1fa5
kernel-wfp: Allocate SPIs pseudo-randomly using a 0xc prefix
2014-06-04 16:32:08 +02:00
b714746ef0
kernel-wfp: Install appropriate routes for tunnel mode policies
2014-06-04 16:32:08 +02:00
0ef0493b4a
kernel-iph: Implement add/del_route()
2014-06-04 16:32:08 +02:00
13e18cb2fc
kernel-iph: Implement get_nexthop()
2014-06-04 16:32:08 +02:00
0cefd94007
kernel-iph: Implement get_source_addr()
2014-06-04 16:32:08 +02:00
f9e6200d06
kernel-iph: Implement address enumeration
2014-06-04 16:32:08 +02:00
322c341f90
kernel-iph: Implement get_interface() method
2014-06-04 16:32:07 +02:00
96f1978d0e
kernel-iph: Create and maintain a cache of interfaces and associated addresses
2014-06-04 16:32:07 +02:00
00780f0238
kernel-iph: Add a stub for a Windows IP Helper based networking backend
2014-06-04 16:32:07 +02:00
b934929804
kernel-wfp: Disable IPsec policy updates
...
It seems that WFP requires an update of the SA context only, but not for the
filters. This allows us to omit support for (fallback) drop policies.
2014-06-04 16:32:07 +02:00
Tobias Brunner