Tobias Brunner
0acd1ab4d0
stroke: Ensure a minimum message length
2018-03-19 18:06:00 +01:00
Tobias Brunner
6f74b8748a
counters: Move IKE event counter collection from stroke to a separate plugin
2017-11-08 16:28:28 +01:00
Tobias Brunner
4270c8fcb0
stroke: Make 96-bit truncation for SHA-256 configurable
2017-05-26 11:22:28 +02:00
Andreas Steffen
2a2669ee3e
vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk
2016-10-11 17:18:22 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
10c5981d3b
utils: Add enum name for pseudo log group 'any'
2016-02-05 15:41:39 +01:00
Tobias Brunner
517cc501ef
stroke: Change how CA certificates are stored
...
Since 11c14bd2f5
CA certificates referenced in ca sections were
enumerated by two credential sets if they were also stored in
ipsec.d/cacerts. This caused duplicate certificate requests to
get sent. All CA certificates, whether loaded automatically or
via a ca section, are now stored in stroke_ca_t.
Certificates referenced in ca sections are now also reloaded
when `ipsec rereadcacerts` is used.
2015-08-20 19:33:41 +02:00
Martin Willi
751363275f
attributes: Move the configuration attributes framework to libcharon
2015-02-20 13:34:55 +01:00
Tobias Brunner
28a79e4e0c
stroke: Don't log unspecified options of conn and ca sections
2014-06-30 13:29:26 +02:00
Martin Willi
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
Tobias Brunner
5a04056295
stroke: Use proper modifiers to print size_t arguments
2014-02-18 16:46:25 +01:00
Tobias Brunner
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
Tobias Brunner
f44b1eb444
stroke: Ensure the buffer of strings in a stroke_msg_t is null-terminated
...
Otherwise a malicious user could send an unterminated string to cause
unterminated reads.
2014-01-23 10:15:07 +01:00
Tobias Brunner
5ab03863b0
stroke: Add an option to prevent log level changes via stroke socket
2014-01-23 10:15:07 +01:00
Martin Willi
a426851f63
leak-detective: Use callback functions to report leaks and usage information
...
This is more flexible than printing reports to a FILE.
2013-11-06 10:30:59 +01:00
Martin Willi
0576412989
stroke: Configure proposal with AH protocol if 'ah' option set
2013-10-11 10:15:20 +02:00
Martin Willi
065907b99d
stroke: use a stream service to handle stroke requests
2013-07-18 16:00:29 +02:00
Tobias Brunner
a2eb581781
capabilities: Move global capabilities_t instance to libstrongswan
2013-06-25 17:16:32 +02:00
Martin Willi
de2debf8e0
stroke: add exportconn{cert,chain} commands in addition to exportx509
...
The new commands either export a single end entity certificate or the
full trust chain for a specific connection name.
2013-06-19 16:27:19 +02:00
Martin Willi
048872f2f7
Merge branch 'stroke-counters'
...
Extend stroke counters functionality by connection specific counters, and
a resetcounters command to reset the global or connection counters.
2013-03-18 10:12:22 +01:00
Martin Willi
cf729248b2
Add a "resetcounters" command to ipsec, clearing global or connection counters
2013-03-15 10:55:22 +01:00
Martin Willi
d022322bed
Add connection name specific stroke counters
2013-03-15 10:41:04 +01:00
Tobias Brunner
96a2d2077b
Fix 'stroke loglevel any'
...
Before b46a5cd4
this worked if debug_t was unsigned. In that case -1,
as returned by enum_from_name(), would result in a large positive number.
So any unknown debug group (including 'any') had the same effect that
was only intended for 'any'.
2013-02-13 12:18:20 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Martin Willi
0c4b9f7cda
Add a "ipsec listcounters" command to stroke
2012-10-24 11:34:31 +02:00
Martin Willi
8554895b95
Add a stub for IKE event counters in stroke
2012-10-24 11:34:11 +02:00
Tobias Brunner
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
Martin Willi
96c2b3cf89
Support multiple addresses/pools in left/rightsourceip
2012-08-30 16:43:42 +02:00
Martin Willi
63e460542c
Add a stroke attribute_handler requesting DNS servers given with leftdns
2012-08-21 09:38:01 +02:00
Martin Willi
17319aa28d
Add a left/rightdns keyword to configure connection specific DNS attributes
2012-08-21 09:38:00 +02:00
Martin Willi
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
Martin Willi
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
Tobias Brunner
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Andreas Steffen
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Tobias Brunner
ead92870b8
Loggers specify what log messages they want to receive during registration.
...
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).
To update the log levels loggers can simply be registered again.
2012-05-02 14:45:38 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Andreas Steffen
5f1931ada1
added support for raw RSA public keys to stroke
2012-04-30 00:31:42 +02:00
Tobias Brunner
9f1b303afc
Added stroke user-creds command, to set username/password for a connection.
2012-04-17 14:20:58 +02:00
Tobias Brunner
4c31657d2c
Typo fixed.
2012-04-17 14:20:58 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Martin Willi
d94c923648
Support an "any" IKE version for both IKEv1 or IKEv2
2012-03-20 17:31:25 +01:00
Martin Willi
21a4fc832e
Pass ipsec.conf xauth_identity option via stroke to charon configurations
2012-03-20 17:31:23 +01:00
Tobias Brunner
0a43f4b6c4
Log configured IKE version in stroke plugin.
2012-03-20 17:31:20 +01:00
Tobias Brunner
7c0c2349a9
Make number of concurrently handled stroke messages configurable.
2011-12-29 18:41:39 +01:00
Tobias Brunner
8ff513a863
Limit the number of concurrently handled stroke messages.
...
This avoids clogging the thread pool with potentially blocking jobs.
2011-12-29 18:39:34 +01:00
Tobias Brunner
b46a5cd4ef
Fixed check for log groups when debug_t is unsigned.
...
The range and signedness of enum types is up to the compiler.
2011-11-25 09:48:32 +01:00
Tobias Brunner
f7ce74983d
Removed unneeded include.
...
This is not available on Android and redirects to <fcntl.h> on Ubuntu.
2011-10-11 16:30:20 +02:00
Tobias Brunner
0d430d4f54
Migrated stroke_socket_t to INIT/METHOD macros.
2011-10-03 18:56:21 +02:00
Martin Willi
f34ebc845b
Add a closeaction ipsec.conf keyword to configure close action
2011-06-07 12:07:21 +02:00