Tobias Brunner
cc7c4c3dbd
starter: Add starter group and fix formatting of conf_parser_section_t enum
...
Make use of the Markdown support in recent Doxygen versions.
2014-06-30 13:16:16 +02:00
Tobias Brunner
04ff5e58e3
starter: Ingore %default conn and ca sections
2014-06-26 12:23:05 +02:00
Tobias Brunner
f4d29bf16d
starter: Don't directly refer to source files in Makefile for unit tests
...
Older versions of automake have trouble recursively cleaning such
constructs properly.
2014-06-19 14:00:49 +02:00
Tobias Brunner
6719c4c828
starter: Explicitly allow @# at the beginning of strings
...
Since we treat everything after # as comment identities of type
ID_KEY_ID couldn't be parsed otherwise, unless quoted.
2014-06-19 14:00:49 +02:00
Tobias Brunner
2d88617e7d
starter: Add --conftest option to test ipsec.conf syntax
2014-06-19 14:00:49 +02:00
Tobias Brunner
a953f3ad4a
starter: Remove old parser
2014-06-19 14:00:49 +02:00
Tobias Brunner
81ba3c1a5e
starter: Use new parser to read config file
2014-06-19 14:00:49 +02:00
Tobias Brunner
640c75bb2e
starter: Move kw_entry_t definition
2014-06-19 14:00:49 +02:00
Tobias Brunner
8839796c3e
starter: Remove unused ARG_LST argument type
2014-06-19 14:00:49 +02:00
Tobias Brunner
f245ac6cc0
starter: Add tests for ipsec.conf parser
2014-06-19 14:00:48 +02:00
Tobias Brunner
f609682e5d
starter: Add new bison/flex based parser for ipsec.conf
...
The parser simply returns key/value pairs of all sections, it already
resolves also= and allows overriding options in all included sections
(not only %default), options set in included section can also be cleared
again (key=).
It provides other improvements too, like quoted strings (with escape
sequences), unlimited includes and better whitespace/comment handling.
2014-06-19 14:00:48 +02:00
Tobias Brunner
4ef86a849b
starter: Remove out of date README
2014-06-19 14:00:48 +02:00
Tobias Brunner
02de66e1bf
starter: Use stream abstraction to communicate with stroke plugin
2014-06-19 13:56:37 +02:00
Martin Willi
d5367d2262
starter: Add a replay_window connection option
2014-06-17 16:41:31 +02:00
Tobias Brunner
95d13fcc3f
starter: Fix build on Android
...
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
2014-05-28 18:20:42 +02:00
Tobias Brunner
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Tobias Brunner
434e530f75
ipsec_types: Add utility function to parse mark_t from strings
2013-10-11 15:32:44 +02:00
Martin Willi
e48e530b44
starter: Reject connections having both 'ah' and 'esp' keywords set
...
We currently don't support mixed proposals or bundles, so don't create the
illusion we would.
2013-10-11 10:15:21 +02:00
Martin Willi
25f74be8f9
starter: Remove obsolete 'auth' option
2013-10-11 10:15:21 +02:00
Martin Willi
a07b97e804
starter: Add an 'ah' keyword for Authentication Header Security Associations
2013-10-11 10:15:20 +02:00
Tobias Brunner
a2cebbe674
starter: Don't ignore keyingtries with rekey=no
...
Since keyingtries also affects the number of retries initially or when
reestablishing an SA it should not be affected by the rekey option.
Fixes #418 .
2013-09-26 10:17:48 +02:00
Martin Willi
2bae838d5e
stroke: re-enable modeconfig keyword
2013-09-04 10:33:38 +02:00
Tobias Brunner
517823b466
starter: Properly refer to the ipsec script if it was renamed
2013-07-22 18:00:19 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
Tobias Brunner
9afc6e6a70
starter: Make ipsec.conf path configurable via command line
2013-06-21 10:08:56 +02:00
Martin Willi
9a00d9aa2f
starter: ignore return value of sete[gu]id(), now having warn_unused_result
2013-06-18 08:54:10 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Martin Willi
9f1dfd88c8
Use the GEN silent rule when generating gperf files
2013-05-06 15:04:56 +02:00
Tobias Brunner
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
Adrian-Ken Rueegsegger
4dc3ef94a1
starter: Make daemon name configurable
...
A daemon can be specified using the '--daemon' command line parameter. This
tells starter to invoke a daemon other than 'charon'.
Additionally the ipsec script uses the environment variable DAEMON_NAME to tell
the starter which daemon to use.
2013-03-19 15:23:45 +01:00
Martin Willi
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
Martin Willi
0e7ef7f522
Optionally support port ranges in leftprotoport
2013-02-21 11:52:33 +01:00
Martin Willi
fd658bce28
Support %opaque keyword in leftprotoport for "opaque" ports
2013-02-21 11:52:33 +01:00
Martin Willi
cd41b951ee
Pass complete port range over stroke interface for more flexibility
2013-02-21 11:52:33 +01:00
Martin Willi
7fbe516f88
Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
2013-02-06 15:36:36 +01:00
Adrian-Ken Rueegsegger
113ff13322
starter: Add --attach-gdb option to usage text
2013-01-22 11:03:19 +01:00
Tobias Brunner
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Tobias Brunner
e74f184cb4
Remove MODP groups from default ESP proposal
...
This now actually makes pfs=no the default and it equals the default
listed in ipsec.conf.5. efc69e9f
preserved the default of pfs=yes.
2012-10-24 16:09:42 +02:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
a5436657e9
Starter ignores non-fatal errors when reloading config
2012-10-18 14:42:11 +02:00
Tobias Brunner
9e730ef9df
Starter unroutes removed or changed connections before loading and routing new ones
2012-10-18 14:42:11 +02:00
Tobias Brunner
dc80ef0cde
starter: Added --nolog option to suppress logging in starter itself
...
Fixes #224 .
2012-09-12 17:15:14 +02:00
Tobias Brunner
23b4d3a52f
starter: Allow %any also for protocol in left|rightprotoport
2012-09-12 16:53:45 +02:00
Tobias Brunner
f4cc7ea11b
Add uniqueids=never to ignore INITIAL_CONTACT notifies
...
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received. With this new option
it also ignores these notifies.
2012-09-10 17:37:18 +02:00
Tobias Brunner
4c91845452
starter: Load config again when restarting charon
...
This got lost in 041e763b
.
2012-09-05 16:43:34 +02:00
Martin Willi
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00