e57a29c731
Moved X509 ipAddrBlock checking to the addrblock plugin
2010-07-13 10:26:07 +02:00
be715344c2
Added a hook to narrow traffic selectors for CHILD_SAs
2010-07-13 10:26:07 +02:00
88fa56b1ad
Moved bus_t to METHOD/INIT macros
2010-07-13 10:26:07 +02:00
1c8c924610
Moved addrblock plugin to libcharon
2010-07-13 10:26:07 +02:00
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00
2ca7db1337
Move pathlen constraint checking to X509 specific checks
2010-07-13 10:26:06 +02:00
5db798c8e0
Charon uses a generic trunstchain length limit, not only for X509 certificates
2010-07-13 10:26:06 +02:00
01bb70e4ad
Combined the OCSP/CRL options to a signle Online check option
2010-07-13 10:26:06 +02:00
ab635e029e
updated SQL templates to support attribute pool and identity parameters
2010-07-12 20:28:34 +02:00
af7b34b13b
Added missing pool parameter in DHCP attribute provider.
2010-07-12 12:27:49 +02:00
52f97c3893
Do not interpret long class attributes (such as from NPS) as group
2010-07-09 13:53:43 +02:00
cfa1c07604
Group membership constraint is fulfilled if subject is member in one of the groups
2010-07-09 13:51:58 +02:00
ec7adea007
Added support for named attribute groups
...
Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.
2010-07-09 13:09:31 +02:00
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
6f07f5e3d4
The file logger supports a time prefix using a strftime() format specifier
2010-07-08 17:44:19 +02:00
4cc9afe35f
Print identity to a lease address on the same line for simpler greping
2010-07-08 17:44:19 +02:00
6c4cd8fa15
Implemented missing bypass_socket() method in load-testers faked kernel interface
2010-07-07 10:01:32 +02:00
4f99093235
Show mallinfo() data in statusall, if available
2010-07-06 16:28:25 +02:00
f395f28e44
Added missing markt_t in load tester, also migrated to INIT/METHOD macros.
2010-07-06 09:29:18 +02:00
83b23011de
Some Doxygen fixes.
2010-07-05 15:04:30 +02:00
8f7e8e075a
Fixed typo.
2010-07-05 14:53:56 +02:00
a4c0da1669
Added support for group membership information containted in the RADIUS class attribute
2010-07-05 09:41:04 +02:00
4172574bfb
Use the group constraint in a more generic fashion, not only for attribute certificates
2010-07-05 09:41:04 +02:00
53913d764e
Use the responder side configured EAP-Identity directly, if given
2010-07-05 09:41:04 +02:00
ec6caa1367
Copy EAP specific attributes to auth config only
2010-07-05 09:41:04 +02:00
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
02571374c4
Recreate IKE_SA_INIT related tasks only if they have completed
2010-06-30 13:48:47 +02:00
31d0efd7e9
Use enumerator for queued_tasks migration to avoid infinite loop
2010-06-30 13:24:43 +02:00
6d61e334f7
Correct check of traffic selectors before destruction
2010-06-29 09:22:50 +02:00
7f1eb89517
Migrate queued_tasks tasks, to avoid dangling pointers
2010-06-29 09:20:05 +02:00
0f21ebc81d
The signature of keystore_get changed again.
...
With Android 2.2 (Froyo) the interface of keystore_get was changed once
again. The change was made to allow the keys to contain \0 characters.
2010-06-28 17:18:53 +02:00
6f52d3b077
Compiler warning fixed.
2010-06-28 08:50:30 +02:00
6a4a47511f
Show contents of the CP payload in message_t stringification
2010-06-24 15:46:28 +02:00
c0914c457b
Increased the loglevel for the arguments received via Android control socket.
2010-06-24 14:46:25 +02:00
e9e2a4fecf
Terminate charon from the Android plugin if the tunnel goes down after it was initiated successfully.
2010-06-24 14:30:06 +02:00
7913a74c36
Initiate the tunnel in the Android plugin asynchronously.
...
Also track its initiation using the registered listener.
2010-06-24 14:30:05 +02:00
8b775e99ea
Implement the listener_t interface in the Android plugin to track the status of an SA.
2010-06-24 14:30:05 +02:00
94ec9adc10
Helper function added to notify the Android frontend about status changes.
2010-06-24 14:30:05 +02:00
024dd37fa0
Initiate consumes a child_sa reference, so get an additional one.
2010-06-24 14:30:05 +02:00
5eb9eeb130
Use the same error code constants as in the Java frontend.
2010-06-24 14:30:05 +02:00
359063caf7
Flush and destroy the send queue before unloading the socket plugins.
2010-06-24 14:30:05 +02:00
9eb7f46b3d
Do not install routes in the PF_KEY kernel interface if interface lookup failed.
2010-06-23 11:43:31 +02:00
a427e98da1
The signature of keystore_get was changed with Android 2.x.
2010-06-22 16:19:55 +02:00
f283520faf
Avoid a segmentation fault if opening the Android control socket failed.
2010-06-22 16:18:22 +02:00
c03ed4835c
Allow to enable the kernel-pfkey plugin via Android.mk.
2010-06-22 16:14:14 +02:00
b7900d3258
Fixing the PF_KEY kernel interface on Android.
...
In Android's in.h IPPROTO_COMP is not #defined but just an enum member.
2010-06-22 16:12:07 +02:00
169eae5229
Accept IKE packets with any minor version in RAW socket
2010-06-22 11:14:07 +02:00
9b6db5cd2e
Fixed plugin checks in Android.mk files.
2010-06-22 10:40:34 +02:00
499af811c0
Use vpn.dns* to store DNS servers (Android manages net.dns* using these).
2010-06-15 19:58:58 +02:00
be00d219cc
Adding an interface that interacts with the Android Settings frontend.
2010-06-15 19:58:58 +02:00
c373f14947
Adding an Android specific credential set.
2010-06-15 19:58:58 +02:00
51a00fb275
Adding an Android specific logger.
2010-06-15 19:58:58 +02:00
946be4d357
Adding support for the native Linux capabilities interface.
...
Note that this interface is deprecated and mainly added to support
Android. Use libcap, if possible.
2010-06-15 19:58:30 +02:00
b77e493bea
Explicitly refer to LIBCAP in Makefiles.
2010-06-15 19:57:31 +02:00
4e9d313ff8
Explicitly include stdint.h for UINT64_MAX.
...
This is required on FreeBSD 8.
2010-06-15 15:31:46 +02:00
ed76b21652
Check for SADB_X_NAT_T_NEW_MAPPING in PF_KEY kernel interface.
...
FreeBSD 8 does not support SADB_X_NAT_T_NEW_MAPPING whereas Linux and
the previous FreeBSD NAT-T patch both do.
2010-06-15 15:31:10 +02:00
668e84d904
Set the ports of all hosts installed via the PF_KEY kernel interface to zero.
2010-06-15 10:11:57 +02:00
2e8a5e12ef
Adding a basic unit test for hashtable_t.
2010-06-07 16:40:32 +02:00
03ffa88531
Add extra information in debug output for IKE_SA check{out, in}
...
This output helps tracing checkout and checkin of IKE_SAs when there is
more than one IKE_SAs with the same name. I also added the type of
in-air-exchange to the debug output issued by the task_manager in case
a task initiation is delayed, came in handy for me.
2010-06-07 15:12:13 +02:00
5493ffde0b
traffic_selector_t is gone into libstrongswan, migrate printf hook registration, too.
2010-06-07 15:06:09 +02:00
550d9085fa
Flush auth configs, create new keymat during SA reset
2010-06-07 14:59:39 +02:00
dbdb69f908
Recreate IKE_INIT/IKE_NATD/IKE_VENDOR tasks if we reset SA during IKE_AUTH
2010-06-07 14:58:57 +02:00
8b56ec20f3
Reacquire keymat from new IKE_SA during task migration
2010-06-07 14:56:24 +02:00
d5ad6eb1e0
Flush certificate cache on CA delete
2010-06-07 13:51:18 +02:00
a3ffa9edfd
Log non-empty task queues in statusall
2010-06-07 11:59:37 +02:00
ea340ee840
Wrap task enumerator in ike_sa
2010-06-07 11:37:55 +02:00
8bced61b76
Migrated ike_sa_t to INIT/METHOD macros
2010-06-07 09:30:27 +00:00
665c18bd85
Added support for task enumeration in task_manager_t
2010-06-07 10:45:25 +02:00
9560a3166f
Migrated task_manager_t to INIT/METHOD macros
2010-06-07 10:37:00 +02:00
d43775ae58
Accept ARP requests with an ethernet trailer, but trim it
2010-06-03 08:39:33 +02:00
d2c358742a
Added a EAP-SIM/AKA backend reading triplets/quintuplets from a SQL database
2010-06-02 15:59:44 +02:00
2f57e6da0e
Disable close action for a redundant CHILD_SA resulting from a rekey collision
...
If a rekey collision is detected, the winning peer of the nonce compare
will delete the redundant CHILD_SA. The other peer should not enforce the
close action on this CHILD, as it would reestablish the redundat CHILD_SA.
Thanks to Thomas Egerer from secunet for pointing this out and the initial
patchset.
2010-06-02 11:48:52 +02:00
fe02d99b96
Use wrapped getters for close/dpd action
2010-06-02 11:48:51 +02:00
4c401ea216
Wrap getters for dpd/close action into CHILD_SA, allows us to override them
2010-06-02 11:48:44 +02:00
d070e0a6d1
Do not install trap policy if remote host is %any.
2010-05-28 15:43:12 +02:00
2e08be79a3
Send empty SIM/AKA-NOTIFICATION response for non-success codes, too
2010-05-27 15:04:25 +02:00
8029e5efd2
Added generic implementations for crl_is_newer/certificate_is_newer
2010-05-21 16:25:51 +02:00
ea409980b9
Handle collisions between rekey and the following delete properly
2010-05-18 12:21:38 +02:00
d235274486
Added simple conditional packet receive delay
2010-05-18 12:21:05 +02:00
45def2147b
Added simple conditional packet send delay
2010-05-18 12:20:32 +02:00
31b39e5f7c
encoding of MODE_TUNNEL changed
2010-05-15 18:36:14 +02:00
9a0333fa62
moved resolve plugin from libcharon to libhydra
2010-05-04 23:53:08 +02:00
6d7f4e0653
Moved syslog.h include.
2010-05-04 18:34:20 +02:00
6b57f5edff
Compiler warning fixed.
2010-05-04 18:28:28 +02:00
17a02ff1b0
Add 'flush_line' option to filelog section.
...
The new boolean 'flush_line' option in the filelog section of
strongswan.conf specifies if log messages should be flushed to the given
file for each new line.
2010-05-04 14:47:56 +02:00
71a66a623e
Use reqid from connection config if present.
2010-05-04 14:38:34 +02:00
277fcf9f86
Add reqid field and getter function to child_cfg_t.
2010-05-04 14:38:34 +02:00
257e27df07
Fixing out-of-tree build after adding dependency to config.status.
2010-04-29 13:29:53 +02:00
b0e789035c
Users of PLUGINS depend on config.status, rebuilding them if plugin configuration is updated
2010-04-29 11:28:27 +02:00
12821bd674
include dhcp-client-identifier in the DHCP request
2010-04-23 12:57:43 +02:00
19d49af539
make DHCP debug messages consistent
2010-04-23 07:37:16 +02:00
500a6d38ee
fixed typo
2010-04-23 00:02:13 +02:00
1f6a707d10
Ignore DH exchange in CHILD_SA rekeying if the selected proposal contains no DH group
2010-04-21 08:41:46 +02:00
4590260b2d
Added support for DH groups 22, 23 and 24, patch contributed by Joy Latten
2010-04-19 14:41:20 +02:00
f0212e8837
Accept DHCP replies on bootps port, as we act as a relay agent if server address configured
2010-04-19 11:18:58 +02:00
6edbe1652b
Integrating libhydra into the Android build system.
2010-04-12 16:47:47 +02:00
355c3a66b1
When logging to the database, the IDs of an IKE SA are initially NULL.
2010-04-12 13:51:10 +02:00
140418453a
Updated HA plugin to new APIs
2010-04-07 13:55:16 +02:00
647008c8a7
Updated location of traffic selector header
2010-04-07 13:55:16 +02:00
29a46aacad
Moved ha plugin to libcharon
2010-04-07 13:55:16 +02:00
34d240a6e3
manage synced SAs in IKE_SA Manager, tag them with IKE_PASSIVE state
2010-04-07 13:55:12 +02:00
9ed6341d3f
Adding support for debug groups in libstrongswan's logger.
2010-04-06 12:47:40 +02:00
3fdee23f18
Move debug groups from charon's bus.h to libstrongswan's debug.h.
2010-04-06 12:47:40 +02:00
a5ec302547
Moved attr plugin from libcharon to libhydra.
2010-04-06 12:47:40 +02:00
c9235353f8
Use a read-write lock in stroke_attribute to increase concurrency.
2010-04-06 12:47:39 +02:00
8c9f5bad8b
Migrated stroke_attribute_t to METHOD/INIT macros.
2010-04-06 12:47:38 +02:00
ac5fb545c5
Extracted in-memory IP address pool from stroke plugin to libhydra.
2010-04-06 12:47:38 +02:00
84aa96e5f5
Invoke updown hook if IKE_SA delete is enforced in deleting state
2010-04-06 12:11:28 +02:00
360ef1606f
Fixed handling of IKE_SAs without a virtual IP in farp plugin
2010-03-30 10:24:47 +02:00
28df533393
Accept messages with a "sufficient" payload if other payloads (such as V) follow
2010-03-26 16:26:09 +01:00
18c68f22c7
Revert "Use the same formatting as in the Makefiles of the other plugins. Makes refactorings easier."
...
This reverts commit e91b116a6289bf11d204
2010-03-26 10:47:09 +01:00
e91b116a62
Use the same formatting as in the Makefiles of the other plugins. Makes refactorings easier.
2010-03-26 10:40:14 +01:00
89bf11d204
Respect line with in Makefile.am's, other cosmetics
2010-03-25 14:54:56 +01:00
e40a629d4c
Added libhydra include to farp plugin
2010-03-25 14:41:51 +01:00
f8e99e012a
Implemented ARP sniffing and spoofing functionality
2010-03-25 14:39:32 +01:00
dc70a5bb0b
Use message hook to catch virtual IP, as it is not yet set in ike_updown
2010-03-25 14:39:32 +01:00
479a7b7d17
Added locking to farp listener
2010-03-25 14:39:32 +01:00
660e16f5b2
Added a listener to the farp plugin that keeps track of active virtual IPs
2010-03-25 14:39:32 +01:00
0d7b48a388
Added a farp plugin stop to spoof ARP requests
2010-03-25 14:39:32 +01:00
0e1689e98f
Migrated dhcp plugin to moved attribute manager
2010-03-25 14:33:22 +01:00
b262429e0b
Include configuration payloads for DNS/WINS server received via DHCP
2010-03-25 14:29:10 +01:00
913eb69692
Send DHCP RELEASE on virtual IP release
2010-03-25 14:29:10 +01:00
045833c79d
Release virtual IPs with the same identity as we acquired it
2010-03-25 14:29:10 +01:00
e06a6154e2
Added identity_lease option to create random or identity based DHCP leases
2010-03-25 14:28:29 +01:00
4f0932ecfe
Added DHCP request construction, ACK processing
2010-03-25 14:28:29 +01:00
20ee54d06f
Added reception of DHCP responses via PACKET socket
2010-03-25 14:28:29 +01:00
ddc93db612
DHCP plugin framework, send DHCP Discover upon IP request
2010-03-25 14:28:28 +01:00
beaa048eed
Added DHCP plugin stub.
2010-03-25 14:28:28 +01:00
58f86d0f0f
Changed all usages of lib->attributes to hydra->attributes.
2010-03-24 18:54:26 +01:00
567d3f1463
Attributes moved from libstrongswan to libhydra.
...
The attribute_manager_t instance is now located on the new hydra object
instead of the lib object.
2010-03-24 18:53:10 +01:00
52bff307e1
Init/deinit libhydra in charon and pluto.
2010-03-24 18:53:10 +01:00
75dc019252
Moving attr-sql plugin from libstrongswan to libhydra.
2010-03-24 18:53:09 +01:00
dc9ddba6e3
Adapted test_pool to the libstrongswan threading.
2010-03-24 18:51:52 +01:00
d7e977aced
Fixed some Doxygen warnings.
2010-03-24 15:45:06 +01:00
cf46ff6875
Use vstr/gmp as shared libraries in the Android build.
2010-03-23 11:39:58 +01:00
d92b337fe9
Do not indent the source file lists in Android.mk files so we can easily compare them to the lists in the Makefile.am files.
2010-03-19 13:34:53 +01:00
0f5a043989
Use wildcards to gather plugin source files.
2010-03-19 13:34:53 +01:00
52c7257366
Adding support for the build of libcharon (and charon) on Android.
2010-03-19 13:34:53 +01:00
78060ba063
Do not link libcharon to libstrongswan.
...
Linking to libstrongswan breaks the integrity-tests because libtool
relinks libcharon to libstrongswan on install, thus changing the
checksum.
2010-03-19 13:34:53 +01:00
bd3f8ea30b
Convert charon into libcharon.
2010-03-19 13:34:52 +01:00
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00
Martin Willi