1c2416013c
Process TCG/PTS File Measurement attribute incrementally
2014-10-17 16:11:40 +02:00
82d2142f98
Exempt TCG/SEG attributes from unsupported case statement
2014-10-16 13:38:51 +02:00
08385de6e2
Request IF-M segmentation contract for TCG/PTS subtype
2014-10-16 07:49:42 +02:00
cbb86a2df3
tls: Fix an invalid free on CBC encryption failure
2014-10-15 14:26:03 +02:00
867d04b72e
tls: Fix a memory leak if AEAD encryption fails
2014-10-15 14:21:01 +02:00
c0bf721357
tls: Check all bytes of the padding if they equal the padding length
2014-10-15 14:21:01 +02:00
fdeda63df0
android: Fix PA-TNC construction based on data passed via JNI
2014-10-15 13:55:13 +02:00
da241b6c75
libimcv: Add generic constructor for PA-TNC attributes
2014-10-15 13:55:13 +02:00
c71e6820ab
backtrace: Fix symbol lookup in dynamic symtab via libbfd
2014-10-14 17:26:48 +02:00
6de42cd323
swid-inventory: Remove unused variable end_of_tag
2014-10-14 17:11:41 +02:00
f8dc376c77
swanctl: Fix man page build on FreeBSD
...
BSD make seems to only evaluate $< for certain rules (like the suffix rule
used to generate the config template).
2014-10-14 16:49:40 +02:00
76dc329e47
thread: Test for pending cancellation requests before select()ing on OS X
...
This fixes some vici test cases on OS X, where the test thread tries to cancel
the watcher thread during cleanup, but fails as select() does not honor the
pre-issued cancellation request.
2014-10-14 16:34:44 +02:00
bdfbecb3e6
vici: Return default value for get_int() if message value is empty string
...
This is the behavior of some strtol() implementations, and it makes sense,
so force it.
2014-10-14 16:33:10 +02:00
784916e28d
process: Don't use the shells built-in echo in tests
...
On OS X, the /bin/sh built-in echo does not support -n.
2014-10-14 16:33:10 +02:00
b16ea3415f
process: Don't use absolute path names for true/false/cat in unit tests
...
But use the (builtin) shell commands instead, as on OS X true/false are under
/usr/bin.
2014-10-14 16:33:10 +02:00
4e37bdbf57
kernel-pfroute: Check for RTM_IFANNOUNCE availability
...
This message is not available on OS X.
2014-10-14 16:33:10 +02:00
5b2d89b3c3
process: Include missing <signal.h> for raise(3)
...
Fixes OS X build.
2014-10-14 16:33:10 +02:00
9d75a28820
ike: Add IKEv2 in description of fragment_size option in strongswan.conf
2014-10-14 15:41:52 +02:00
15dee933de
ip-packet: Fix removal of TFC padding for IPv6
...
The IPv6 length field denotes the payload length after the 40 bytes header.
Fixes: 293515f95c
2014-10-14 14:10:33 +02:00
283229bcb7
vici: Add vici.gemspec.in and vici.rb to distribution
2014-10-14 11:26:41 +02:00
05a3f349a7
travis: Build-test updown and ext-auth plugins for Windows
2014-10-14 11:11:34 +02:00
3307de1f8d
android: Implement get_contracts() method in IMC state object
2014-10-14 10:37:55 +02:00
f4e6f89aa9
android: libpts does not exist anymore, don't attempt to load it
2014-10-14 10:12:16 +02:00
bed09f2baf
android: Update receive_message() to new imc_msg_t.receive() signature
2014-10-13 18:16:47 +02:00
668fbd4907
libimcv: Add fallback if IPSEC_SCRIPT is not defined
...
This is the case on Android.
2014-10-13 18:16:47 +02:00
ba0355c4ae
libimcv: Updated Android.mk to latest Makefile.am
2014-10-13 18:16:40 +02:00
f502e503fb
android: Remove references to libpts
2014-10-13 17:18:06 +02:00
ffa800ce9d
libimcv: Remove reference to libpts
2014-10-13 17:17:45 +02:00
17eed801e7
libimcv: Fix Doxygen comments after merging libpts into libimcv
2014-10-13 17:11:57 +02:00
4bae9ec8d1
watcher: Doxygen comment fixed
2014-10-13 16:56:30 +02:00
245979abc0
charon-systemd: Typo in log message fixed
2014-10-13 16:51:20 +02:00
c8719a073d
libimcv: Fix harcoded IMCV_DEFAULT_POLICY_SCRIPT name
...
I came across an issue with src/libimcv/imcv.c where
IMCV_DEFAULT_POLICY_SCRIPT is hardcoded.
It fails where ipsec_script is renamed to, for example, strongswan from
default ipsec.
2014-10-13 16:15:33 +02:00
504bcf71b5
testing: Enable nat table for iptables on 3.17 kernels
2014-10-13 15:48:55 +02:00
472156eea5
ike: Do remote address updates also when behind static NATs
...
We assume that a responder is behind a static NAT (e.g. port forwarding)
and allow remote address updates in such situations.
The problem described in RFC 5996 is only an issue if the NAT mapping
can expire.
2014-10-13 15:20:17 +02:00
f8a565fbcc
ike: Remove redundant check for local NAT when handling changed NAT mappings
2014-10-13 15:20:17 +02:00
cb5ad2ba3d
testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID Inventory attribute
2014-10-11 15:01:21 +02:00
8b812065f0
Support of multiple directed segmentation contracts
2014-10-11 14:50:08 +02:00
ab99939628
unit-tests: Updated Makefile
2014-10-11 14:50:08 +02:00
a05ca71d07
unit-tests: Added test for seg_contract_manager
2014-10-11 14:50:08 +02:00
a5e6a479d4
Added KVM config for 3.16 and 3.17 kernels
2014-10-11 14:50:08 +02:00
4af020be37
Updated build-database.sh script to 3.13.0-37 kernel
2014-10-11 11:40:43 +02:00
83efded313
testing: Ensure no guest is running when modifying images
...
Sometimes guests are not stopped properly. If images are then modified
they will be corrupted.
2014-10-10 19:03:50 +02:00
b7b2f9379d
testing: Enable virtio console for guests
...
This allows accessing the guests with `virsh console <name>`.
Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.
References #729 .
2014-10-10 19:03:28 +02:00
ef90d5ab15
Merge branch 'vici-ruby'
...
Adds a ruby gem for the VICI protocol, along with some documentation
improvements and some minor fixes to vici and swanctl.
2014-10-10 11:43:43 +02:00
7431ad0de5
NEWS: Introduce the vici ruby gem
2014-10-10 11:42:18 +02:00
67f9f09dd3
swanctl: Fix exit codes based on errno
...
As fprintf() most likely sets errno, we should save it before printing the
error message.
2014-10-10 11:42:18 +02:00
d4d85135c5
vici: Cancel processor before calling library_deinit()
...
For non-direct libstrongswan users, the deinitialization segfaults because
of the missing worker thread cancellation.
2014-10-10 11:42:18 +02:00
3db58e837c
vici: Reduce debug level during thread spawning
...
We want to avoid libvici users to get a cluttered stderr for no real error.
2014-10-10 11:42:18 +02:00
046b547a37
vici: Don't include-depend on libstrongswan for boolean types
...
As we want to avoid the libstrongswan include dependencies for libvici, avoid
the use of the bool type. Unfortunately this change may break the ABI for
vici_dump(). As this function is mostly for debugging purposes, we do it
nonetheless; my apologies if somebody already relies on the ABI stability of
that function.
2014-10-10 11:42:18 +02:00
6f55149335
vici: Document the ruby gem and add some simple examples
2014-10-10 11:42:18 +02:00
Andreas Steffen