ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
13,188 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

403 Commits

Author SHA1 Message Date
Tobias Brunner cc7c4c3dbd starter: Add starter group and fix formatting of conf_parser_section_t enum 
Make use of the Markdown support in recent Doxygen versions.
 2014-06-30 13:16:16 +02:00
Tobias Brunner 04ff5e58e3 starter: Ingore %default conn and ca sections 2014-06-26 12:23:05 +02:00
Tobias Brunner f4d29bf16d starter: Don't directly refer to source files in Makefile for unit tests 
Older versions of automake have trouble recursively cleaning such
constructs properly.
 2014-06-19 14:00:49 +02:00
Tobias Brunner 6719c4c828 starter: Explicitly allow @# at the beginning of strings 
Since we treat everything after # as comment identities of type
ID_KEY_ID couldn't be parsed otherwise, unless quoted.
 2014-06-19 14:00:49 +02:00
Tobias Brunner 2d88617e7d starter: Add --conftest option to test ipsec.conf syntax 2014-06-19 14:00:49 +02:00
Tobias Brunner a953f3ad4a starter: Remove old parser 2014-06-19 14:00:49 +02:00
Tobias Brunner 81ba3c1a5e starter: Use new parser to read config file 2014-06-19 14:00:49 +02:00
Tobias Brunner 640c75bb2e starter: Move kw_entry_t definition 2014-06-19 14:00:49 +02:00
Tobias Brunner 8839796c3e starter: Remove unused ARG_LST argument type 2014-06-19 14:00:49 +02:00
Tobias Brunner f245ac6cc0 starter: Add tests for ipsec.conf parser 2014-06-19 14:00:48 +02:00
Tobias Brunner f609682e5d starter: Add new bison/flex based parser for ipsec.conf 
The parser simply returns key/value pairs of all sections, it already
resolves also= and allows overriding options in all included sections
(not only %default), options set in included section can also be cleared
again (key=).
It provides other improvements too, like quoted strings (with escape
sequences), unlimited includes and better whitespace/comment handling.
 2014-06-19 14:00:48 +02:00
Tobias Brunner 4ef86a849b starter: Remove out of date README 2014-06-19 14:00:48 +02:00
Tobias Brunner 02de66e1bf starter: Use stream abstraction to communicate with stroke plugin 2014-06-19 13:56:37 +02:00
Martin Willi d5367d2262 starter: Add a replay_window connection option 2014-06-17 16:41:31 +02:00
Tobias Brunner 95d13fcc3f starter: Fix build on Android 
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
 2014-05-28 18:20:42 +02:00
Tobias Brunner 10c4f4e1fd libhydra: Remove unused hydra->daemon 2014-02-12 14:34:32 +01:00
Tobias Brunner 34d3bfcf14 lib: Add global config namespace 2014-02-12 14:34:31 +01:00
Tobias Brunner 20c99edab9 android: Remove dependency on libvstr 2013-11-13 11:40:47 +01:00
Tobias Brunner 434e530f75 ipsec_types: Add utility function to parse mark_t from strings 2013-10-11 15:32:44 +02:00
Martin Willi e48e530b44 starter: Reject connections having both 'ah' and 'esp' keywords set 
We currently don't support mixed proposals or bundles, so don't create the
illusion we would.
 2013-10-11 10:15:21 +02:00
Martin Willi 25f74be8f9 starter: Remove obsolete 'auth' option 2013-10-11 10:15:21 +02:00
Martin Willi a07b97e804 starter: Add an 'ah' keyword for Authentication Header Security Associations 2013-10-11 10:15:20 +02:00
Tobias Brunner a2cebbe674 starter: Don't ignore keyingtries with rekey=no 
Since keyingtries also affects the number of retries initially or when
reestablishing an SA it should not be affected by the rekey option.

Fixes #418.
 2013-09-26 10:17:48 +02:00
Martin Willi 2bae838d5e stroke: re-enable modeconfig keyword 2013-09-04 10:33:38 +02:00
Tobias Brunner 517823b466 starter: Properly refer to the ipsec script if it was renamed 2013-07-22 18:00:19 +02:00
Martin Willi 19cb07b890 automake: replace INCLUDES by AM_CPPFLAGS 
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
 2013-07-18 14:59:19 +02:00
Tobias Brunner b18a531715 plugin-loader: Removed unused path argument of load() method 
Multiple additional search paths can be added with the add_path()
method.
 2013-06-28 10:44:15 +02:00
Tobias Brunner 9afc6e6a70 starter: Make ipsec.conf path configurable via command line 2013-06-21 10:08:56 +02:00
Martin Willi 9a00d9aa2f starter: ignore return value of sete[gu]id(), now having warn_unused_result 2013-06-18 08:54:10 +02:00
Tobias Brunner 87692be215 Load any type (RSA/ECDSA) of public key via left|rightsigkey 2013-05-07 17:08:31 +02:00
Martin Willi 9f1dfd88c8 Use the GEN silent rule when generating gperf files 2013-05-06 15:04:56 +02:00
Tobias Brunner e5d819b617 android: Remove/filter header files from LOCAL_SRC_FILES 
This avoids huge warnings when building the native code.
 2013-03-20 15:24:26 +01:00
Adrian-Ken Rueegsegger 4dc3ef94a1 starter: Make daemon name configurable 
A daemon can be specified using the '--daemon' command line parameter. This
tells starter to invoke a daemon other than 'charon'.

Additionally the ipsec script uses the environment variable DAEMON_NAME to tell
the starter which daemon to use.
 2013-03-19 15:23:45 +01:00
Martin Willi a36b49f3cb Merge branch 'opaque-ports' 
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
 2013-03-01 11:27:12 +01:00
Martin Willi 0e7ef7f522 Optionally support port ranges in leftprotoport 2013-02-21 11:52:33 +01:00
Martin Willi fd658bce28 Support %opaque keyword in leftprotoport for "opaque" ports 2013-02-21 11:52:33 +01:00
Martin Willi cd41b951ee Pass complete port range over stroke interface for more flexibility 2013-02-21 11:52:33 +01:00
Martin Willi 7fbe516f88 Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets 2013-02-06 15:36:36 +01:00
Adrian-Ken Rueegsegger 113ff13322 starter: Add --attach-gdb option to usage text 2013-01-22 11:03:19 +01:00
Tobias Brunner 365d9a6f67 Added an option that allows to force IKEv1 fragmentation 2013-01-12 11:54:32 +01:00
Tobias Brunner 97973f8609 Use a connection specific option to en-/disable IKEv1 fragmentation 2012-12-24 13:00:01 +01:00
Tobias Brunner e74f184cb4 Remove MODP groups from default ESP proposal 
This now actually makes pfs=no the default and it equals the default
listed in ipsec.conf.5. efc69e9f preserved the default of pfs=yes.
 2012-10-24 16:09:42 +02:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Tobias Brunner a5436657e9 Starter ignores non-fatal errors when reloading config 2012-10-18 14:42:11 +02:00
Tobias Brunner 9e730ef9df Starter unroutes removed or changed connections before loading and routing new ones 2012-10-18 14:42:11 +02:00
Tobias Brunner dc80ef0cde starter: Added --nolog option to suppress logging in starter itself 
Fixes #224.
 2012-09-12 17:15:14 +02:00
Tobias Brunner 23b4d3a52f starter: Allow %any also for protocol in left|rightprotoport 2012-09-12 16:53:45 +02:00
Tobias Brunner f4cc7ea11b Add uniqueids=never to ignore INITIAL_CONTACT notifies 
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received.  With this new option
it also ignores these notifies.
 2012-09-10 17:37:18 +02:00
Tobias Brunner 4c91845452 starter: Load config again when restarting charon 
This got lost in 041e763b.
 2012-09-05 16:43:34 +02:00
Martin Willi 1323dc1138 Merge branch 'multi-vip' 
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
 2012-08-31 12:55:56 +02:00