ad59f3a91a
added ikev1 pluto-charon interoperability scenarios
2012-05-23 14:47:41 +02:00
148b643880
upgraded ikev1 scenarios to 5.0.0
2012-05-23 14:45:15 +02:00
3c475660c5
Apply IDir before deriving keys as aggressive initiator
2012-05-23 12:27:47 +02:00
523ce7c20c
Use received identity to look up PSK as aggressive responder
2012-05-23 12:18:45 +02:00
51754f6654
Check if we actually have an initiating packet to free while processing responses
2012-05-23 11:50:12 +02:00
2ac996cb71
list IKEv1 Aggressive Mode in ipsec statusall
2012-05-23 11:12:27 +02:00
1a624ff45a
Switch to alternative peer config in IKEv1 Main and Aggressive Mode.
2012-05-21 15:49:25 +02:00
17949695bf
Cancel pending retransmits when flushing active task queue
2012-05-21 14:57:33 +02:00
4ce92ef350
Cancel active quick mode task when receiving INFORMATIONAL error
2012-05-21 14:57:33 +02:00
7ce504e182
Flush task queues explicitly, not implicitly if task returns ALREADY_DONE
2012-05-21 14:17:09 +02:00
cbc1a20ffe
Wrap task managers flush_queue() in IKE_SA
2012-05-21 14:05:01 +02:00
a5c799602f
Make task managers flush_queue() method public
2012-05-21 14:02:35 +02:00
9e19cb912d
Destroy Netlink socket only after deleting remaining source routes.
2012-05-21 13:33:13 +02:00
75d4e01c4a
Enumerate correct list while removing nonce_gens, fix deregistration
2012-05-21 12:28:01 +02:00
32400cd91a
Added a convenience function to dump backtraces for gdb-less debugging
2012-05-21 12:18:49 +02:00
b5341bb07c
Fix IKEv1 DPD clear, destroying IKE_SA even if reestablish not needed
2012-05-21 12:17:32 +02:00
769696450a
Properly munmap/close file if loading IMC/IMV fails.
2012-05-18 12:32:31 +02:00
7a56c35fc9
Remove executable flag from source files.
2012-05-18 10:04:08 +02:00
22bf44c8b9
Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, tasks etc.).
2012-05-18 10:04:08 +02:00
7959a3faec
Removed superfluous @param in bus.h.
2012-05-18 09:57:01 +02:00
7684ca2e8c
whitelist: Make sure listed IDs are null-terminated.
2012-05-18 09:57:01 +02:00
816f7f238f
pkcs8: Initialize salt and IV properly.
2012-05-18 08:36:37 +02:00
5c162dd944
List registered nonce generators in statusall output.
2012-05-18 08:15:41 +02:00
b826b192ba
Add enumerator for registered nonce generators.
2012-05-18 08:15:41 +02:00
afaf1bdf5e
Use nonce_gen instead of rng to generate nonces
...
Replace usage of rng plugin with nonce generator to create nonces in
IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
2012-05-18 08:15:41 +02:00
5338fe5e79
Add create_nonce_gen function to keymat interface
...
This function returns a nonce generator object.
2012-05-18 08:15:41 +02:00
04024b5de8
Add nonce plugin implementation
...
This nonce generator uses an RNG to generate nonces. The RNG quality is
currently set to RNG_WEAK which is the same value used in IKE init.
The plugin is enabled and thus built by default.
2012-05-18 08:15:40 +02:00
e2fc09c186
Add nonce generator interface
...
Nonce generators (nonce_gen_t) can be used to get or allocate nonces.
Users can request nonce generators from the crypto factory while nonce
plugins register/remove themselves to/from the crypto factory.
2012-05-18 08:15:40 +02:00
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
24742c0f83
Moved IKEv1 DPD processing to task manager, fix sequence issues
2012-05-15 17:00:12 +02:00
b7dafb3f5b
Consider inbound ESP as a sign of liveness for DPD timeout
2012-05-15 14:58:28 +02:00
4b38c22c00
Schedule a DPD timeout job that enforces the IKE message timeout policy
2012-05-15 14:46:02 +02:00
ebf829f2eb
Send unanswered follow up R_U_THERE messages with the same DPD seq
2012-05-15 14:46:02 +02:00
57a8418c88
Do not send IKEv1 DPD retransmit, but create a new INFORMATIONAL
2012-05-15 14:46:02 +02:00
b3089ab74c
Free name of application using libcharon.
2012-05-15 11:37:07 +02:00
d3590016e9
starter: Initialize thread pool so kernel events are consumed.
2012-05-15 08:55:19 +02:00
9e25007646
Explicitly cast from strict_t to crl_policy_t
2012-05-14 14:11:54 +02:00
1b82fdb2e5
Use correct integrity_algorithm_t enum type in bench_signer()
2012-05-14 14:11:22 +02:00
d185b6acee
Make function pointer defined with METHOD() macro non-const
...
clang complains about it being const, and the object code
generated from gcc is the same.
2012-05-14 14:10:00 +02:00
2e1f4a4631
Remove unused return value of INIT(), making clang happy
2012-05-14 14:07:00 +02:00
29b56078ea
Register load-tester faked kernel interface before other kernel interfaces
2012-05-14 13:21:35 +02:00
d4078ca796
Load tester can enforce a local IP to use
2012-05-14 10:03:05 +02:00
d684242510
Add plugin features support to load-tester plugin
2012-05-14 09:52:53 +02:00
5cc6dc8b39
check for ESP in UDP encapsulation
2012-05-12 12:15:58 +02:00
a56fdff194
upgraded ikev2 scenarios to 5.0.0
2012-05-11 11:00:32 +02:00
0e1c6fa2a9
suppress leak detective output
2012-05-11 05:48:11 +02:00
c732e22019
Fix route reinstallation if preferred source IP is not on outgoing interface.
2012-05-07 19:00:47 +02:00
5de5b04ce4
Fixed #include in tnc-ifmap plugin.
2012-05-07 11:22:51 +02:00
86aab92248
upgraded ha scenario for 5.0.0
2012-05-06 15:03:26 +02:00
922e0d0975
added gcrypt-ikev1 pluto interoperability tests
2012-05-06 09:51:19 +02:00
Andreas Steffen