Andreas Steffen
1c2416013c
Process TCG/PTS File Measurement attribute incrementally
2014-10-17 16:11:40 +02:00
Andreas Steffen
82d2142f98
Exempt TCG/SEG attributes from unsupported case statement
2014-10-16 13:38:51 +02:00
Andreas Steffen
08385de6e2
Request IF-M segmentation contract for TCG/PTS subtype
2014-10-16 07:49:42 +02:00
Martin Willi
cbb86a2df3
tls: Fix an invalid free on CBC encryption failure
2014-10-15 14:26:03 +02:00
Martin Willi
867d04b72e
tls: Fix a memory leak if AEAD encryption fails
2014-10-15 14:21:01 +02:00
Martin Willi
c0bf721357
tls: Check all bytes of the padding if they equal the padding length
2014-10-15 14:21:01 +02:00
Tobias Brunner
fdeda63df0
android: Fix PA-TNC construction based on data passed via JNI
2014-10-15 13:55:13 +02:00
Tobias Brunner
da241b6c75
libimcv: Add generic constructor for PA-TNC attributes
2014-10-15 13:55:13 +02:00
Tobias Brunner
c71e6820ab
backtrace: Fix symbol lookup in dynamic symtab via libbfd
2014-10-14 17:26:48 +02:00
Tobias Brunner
6de42cd323
swid-inventory: Remove unused variable end_of_tag
2014-10-14 17:11:41 +02:00
Tobias Brunner
f8dc376c77
swanctl: Fix man page build on FreeBSD
...
BSD make seems to only evaluate $< for certain rules (like the suffix rule
used to generate the config template).
2014-10-14 16:49:40 +02:00
Martin Willi
76dc329e47
thread: Test for pending cancellation requests before select()ing on OS X
...
This fixes some vici test cases on OS X, where the test thread tries to cancel
the watcher thread during cleanup, but fails as select() does not honor the
pre-issued cancellation request.
2014-10-14 16:34:44 +02:00
Martin Willi
bdfbecb3e6
vici: Return default value for get_int() if message value is empty string
...
This is the behavior of some strtol() implementations, and it makes sense,
so force it.
2014-10-14 16:33:10 +02:00
Martin Willi
784916e28d
process: Don't use the shells built-in echo in tests
...
On OS X, the /bin/sh built-in echo does not support -n.
2014-10-14 16:33:10 +02:00
Martin Willi
b16ea3415f
process: Don't use absolute path names for true/false/cat in unit tests
...
But use the (builtin) shell commands instead, as on OS X true/false are under
/usr/bin.
2014-10-14 16:33:10 +02:00
Martin Willi
4e37bdbf57
kernel-pfroute: Check for RTM_IFANNOUNCE availability
...
This message is not available on OS X.
2014-10-14 16:33:10 +02:00
Martin Willi
5b2d89b3c3
process: Include missing <signal.h> for raise(3)
...
Fixes OS X build.
2014-10-14 16:33:10 +02:00
Tobias Brunner
9d75a28820
ike: Add IKEv2 in description of fragment_size option in strongswan.conf
2014-10-14 15:41:52 +02:00
Tobias Brunner
15dee933de
ip-packet: Fix removal of TFC padding for IPv6
...
The IPv6 length field denotes the payload length after the 40 bytes header.
Fixes: 293515f95c
("libipsec: remove extra RFC4303 TFC padding appended to inner payload")
2014-10-14 14:10:33 +02:00
Tobias Brunner
283229bcb7
vici: Add vici.gemspec.in and vici.rb to distribution
2014-10-14 11:26:41 +02:00
Martin Willi
05a3f349a7
travis: Build-test updown and ext-auth plugins for Windows
2014-10-14 11:11:34 +02:00
Tobias Brunner
3307de1f8d
android: Implement get_contracts() method in IMC state object
2014-10-14 10:37:55 +02:00
Tobias Brunner
f4e6f89aa9
android: libpts does not exist anymore, don't attempt to load it
2014-10-14 10:12:16 +02:00
Tobias Brunner
bed09f2baf
android: Update receive_message() to new imc_msg_t.receive() signature
2014-10-13 18:16:47 +02:00
Tobias Brunner
668fbd4907
libimcv: Add fallback if IPSEC_SCRIPT is not defined
...
This is the case on Android.
2014-10-13 18:16:47 +02:00
Tobias Brunner
ba0355c4ae
libimcv: Updated Android.mk to latest Makefile.am
2014-10-13 18:16:40 +02:00
Tobias Brunner
f502e503fb
android: Remove references to libpts
2014-10-13 17:18:06 +02:00
Tobias Brunner
ffa800ce9d
libimcv: Remove reference to libpts
2014-10-13 17:17:45 +02:00
Tobias Brunner
17eed801e7
libimcv: Fix Doxygen comments after merging libpts into libimcv
2014-10-13 17:11:57 +02:00
Tobias Brunner
4bae9ec8d1
watcher: Doxygen comment fixed
2014-10-13 16:56:30 +02:00
Tobias Brunner
245979abc0
charon-systemd: Typo in log message fixed
2014-10-13 16:51:20 +02:00
Avesh Agarwal
c8719a073d
libimcv: Fix harcoded IMCV_DEFAULT_POLICY_SCRIPT name
...
I came across an issue with src/libimcv/imcv.c where
IMCV_DEFAULT_POLICY_SCRIPT is hardcoded.
It fails where ipsec_script is renamed to, for example, strongswan from
default ipsec.
2014-10-13 16:15:33 +02:00
Tobias Brunner
504bcf71b5
testing: Enable nat table for iptables on 3.17 kernels
2014-10-13 15:48:55 +02:00
Tobias Brunner
472156eea5
ike: Do remote address updates also when behind static NATs
...
We assume that a responder is behind a static NAT (e.g. port forwarding)
and allow remote address updates in such situations.
The problem described in RFC 5996 is only an issue if the NAT mapping
can expire.
2014-10-13 15:20:17 +02:00
Tobias Brunner
f8a565fbcc
ike: Remove redundant check for local NAT when handling changed NAT mappings
2014-10-13 15:20:17 +02:00
Andreas Steffen
cb5ad2ba3d
testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID Inventory attribute
2014-10-11 15:01:21 +02:00
Andreas Steffen
8b812065f0
Support of multiple directed segmentation contracts
2014-10-11 14:50:08 +02:00
Andreas Steffen
ab99939628
unit-tests: Updated Makefile
2014-10-11 14:50:08 +02:00
Andreas Steffen
a05ca71d07
unit-tests: Added test for seg_contract_manager
2014-10-11 14:50:08 +02:00
Andreas Steffen
a5e6a479d4
Added KVM config for 3.16 and 3.17 kernels
2014-10-11 14:50:08 +02:00
Andreas Steffen
4af020be37
Updated build-database.sh script to 3.13.0-37 kernel
2014-10-11 11:40:43 +02:00
Tobias Brunner
83efded313
testing: Ensure no guest is running when modifying images
...
Sometimes guests are not stopped properly. If images are then modified
they will be corrupted.
2014-10-10 19:03:50 +02:00
Tobias Brunner
b7b2f9379d
testing: Enable virtio console for guests
...
This allows accessing the guests with `virsh console <name>`.
Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.
References #729 .
2014-10-10 19:03:28 +02:00
Martin Willi
ef90d5ab15
Merge branch 'vici-ruby'
...
Adds a ruby gem for the VICI protocol, along with some documentation
improvements and some minor fixes to vici and swanctl.
2014-10-10 11:43:43 +02:00
Martin Willi
7431ad0de5
NEWS: Introduce the vici ruby gem
2014-10-10 11:42:18 +02:00
Martin Willi
67f9f09dd3
swanctl: Fix exit codes based on errno
...
As fprintf() most likely sets errno, we should save it before printing the
error message.
2014-10-10 11:42:18 +02:00
Martin Willi
d4d85135c5
vici: Cancel processor before calling library_deinit()
...
For non-direct libstrongswan users, the deinitialization segfaults because
of the missing worker thread cancellation.
2014-10-10 11:42:18 +02:00
Martin Willi
3db58e837c
vici: Reduce debug level during thread spawning
...
We want to avoid libvici users to get a cluttered stderr for no real error.
2014-10-10 11:42:18 +02:00
Martin Willi
046b547a37
vici: Don't include-depend on libstrongswan for boolean types
...
As we want to avoid the libstrongswan include dependencies for libvici, avoid
the use of the bool type. Unfortunately this change may break the ABI for
vici_dump(). As this function is mostly for debugging purposes, we do it
nonetheless; my apologies if somebody already relies on the ABI stability of
that function.
2014-10-10 11:42:18 +02:00
Martin Willi
6f55149335
vici: Document the ruby gem and add some simple examples
2014-10-10 11:42:18 +02:00