Martin Willi
cfa1c07604
Group membership constraint is fulfilled if subject is member in one of the groups
2010-07-09 13:51:58 +02:00
Heiko Hund
ec7adea007
Added support for named attribute groups
...
Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.
2010-07-09 13:09:31 +02:00
Andreas Steffen
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
Martin Willi
6f07f5e3d4
The file logger supports a time prefix using a strftime() format specifier
2010-07-08 17:44:19 +02:00
Martin Willi
4cc9afe35f
Print identity to a lease address on the same line for simpler greping
2010-07-08 17:44:19 +02:00
Martin Willi
6c4cd8fa15
Implemented missing bypass_socket() method in load-testers faked kernel interface
2010-07-07 10:01:32 +02:00
Martin Willi
4f99093235
Show mallinfo() data in statusall, if available
2010-07-06 16:28:25 +02:00
Tobias Brunner
f395f28e44
Added missing markt_t in load tester, also migrated to INIT/METHOD macros.
2010-07-06 09:29:18 +02:00
Tobias Brunner
83b23011de
Some Doxygen fixes.
2010-07-05 15:04:30 +02:00
Tobias Brunner
8f7e8e075a
Fixed typo.
2010-07-05 14:53:56 +02:00
Martin Willi
a4c0da1669
Added support for group membership information containted in the RADIUS class attribute
2010-07-05 09:41:04 +02:00
Martin Willi
4172574bfb
Use the group constraint in a more generic fashion, not only for attribute certificates
2010-07-05 09:41:04 +02:00
Martin Willi
53913d764e
Use the responder side configured EAP-Identity directly, if given
2010-07-05 09:41:04 +02:00
Martin Willi
ec6caa1367
Copy EAP specific attributes to auth config only
2010-07-05 09:41:04 +02:00
Andreas Steffen
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
Martin Willi
02571374c4
Recreate IKE_SA_INIT related tasks only if they have completed
2010-06-30 13:48:47 +02:00
Thomas Egerer
31d0efd7e9
Use enumerator for queued_tasks migration to avoid infinite loop
2010-06-30 13:24:43 +02:00
Thomas Egerer
6d61e334f7
Correct check of traffic selectors before destruction
2010-06-29 09:22:50 +02:00
Thomas Egerer
7f1eb89517
Migrate queued_tasks tasks, to avoid dangling pointers
2010-06-29 09:20:05 +02:00
Tobias Brunner
0f21ebc81d
The signature of keystore_get changed again.
...
With Android 2.2 (Froyo) the interface of keystore_get was changed once
again. The change was made to allow the keys to contain \0 characters.
2010-06-28 17:18:53 +02:00
Tobias Brunner
6f52d3b077
Compiler warning fixed.
2010-06-28 08:50:30 +02:00
Martin Willi
6a4a47511f
Show contents of the CP payload in message_t stringification
2010-06-24 15:46:28 +02:00
Tobias Brunner
c0914c457b
Increased the loglevel for the arguments received via Android control socket.
2010-06-24 14:46:25 +02:00
Tobias Brunner
e9e2a4fecf
Terminate charon from the Android plugin if the tunnel goes down after it was initiated successfully.
2010-06-24 14:30:06 +02:00
Tobias Brunner
7913a74c36
Initiate the tunnel in the Android plugin asynchronously.
...
Also track its initiation using the registered listener.
2010-06-24 14:30:05 +02:00
Tobias Brunner
8b775e99ea
Implement the listener_t interface in the Android plugin to track the status of an SA.
2010-06-24 14:30:05 +02:00
Tobias Brunner
94ec9adc10
Helper function added to notify the Android frontend about status changes.
2010-06-24 14:30:05 +02:00
Tobias Brunner
024dd37fa0
Initiate consumes a child_sa reference, so get an additional one.
2010-06-24 14:30:05 +02:00
Tobias Brunner
5eb9eeb130
Use the same error code constants as in the Java frontend.
2010-06-24 14:30:05 +02:00
Tobias Brunner
359063caf7
Flush and destroy the send queue before unloading the socket plugins.
2010-06-24 14:30:05 +02:00
Tobias Brunner
9eb7f46b3d
Do not install routes in the PF_KEY kernel interface if interface lookup failed.
2010-06-23 11:43:31 +02:00
Tobias Brunner
a427e98da1
The signature of keystore_get was changed with Android 2.x.
2010-06-22 16:19:55 +02:00
Tobias Brunner
f283520faf
Avoid a segmentation fault if opening the Android control socket failed.
2010-06-22 16:18:22 +02:00
Tobias Brunner
c03ed4835c
Allow to enable the kernel-pfkey plugin via Android.mk.
2010-06-22 16:14:14 +02:00
Tobias Brunner
b7900d3258
Fixing the PF_KEY kernel interface on Android.
...
In Android's in.h IPPROTO_COMP is not #defined but just an enum member.
2010-06-22 16:12:07 +02:00
Martin Willi
169eae5229
Accept IKE packets with any minor version in RAW socket
2010-06-22 11:14:07 +02:00
Tobias Brunner
9b6db5cd2e
Fixed plugin checks in Android.mk files.
2010-06-22 10:40:34 +02:00
Tobias Brunner
499af811c0
Use vpn.dns* to store DNS servers (Android manages net.dns* using these).
2010-06-15 19:58:58 +02:00
Tobias Brunner
be00d219cc
Adding an interface that interacts with the Android Settings frontend.
2010-06-15 19:58:58 +02:00
Tobias Brunner
c373f14947
Adding an Android specific credential set.
2010-06-15 19:58:58 +02:00
Tobias Brunner
51a00fb275
Adding an Android specific logger.
2010-06-15 19:58:58 +02:00
Tobias Brunner
946be4d357
Adding support for the native Linux capabilities interface.
...
Note that this interface is deprecated and mainly added to support
Android. Use libcap, if possible.
2010-06-15 19:58:30 +02:00
Tobias Brunner
b77e493bea
Explicitly refer to LIBCAP in Makefiles.
2010-06-15 19:57:31 +02:00
Tobias Brunner
4e9d313ff8
Explicitly include stdint.h for UINT64_MAX.
...
This is required on FreeBSD 8.
2010-06-15 15:31:46 +02:00
Tobias Brunner
ed76b21652
Check for SADB_X_NAT_T_NEW_MAPPING in PF_KEY kernel interface.
...
FreeBSD 8 does not support SADB_X_NAT_T_NEW_MAPPING whereas Linux and
the previous FreeBSD NAT-T patch both do.
2010-06-15 15:31:10 +02:00
Tobias Brunner
668e84d904
Set the ports of all hosts installed via the PF_KEY kernel interface to zero.
2010-06-15 10:11:57 +02:00
Tobias Brunner
2e8a5e12ef
Adding a basic unit test for hashtable_t.
2010-06-07 16:40:32 +02:00
Thomas Egerer
03ffa88531
Add extra information in debug output for IKE_SA check{out, in}
...
This output helps tracing checkout and checkin of IKE_SAs when there is
more than one IKE_SAs with the same name. I also added the type of
in-air-exchange to the debug output issued by the task_manager in case
a task initiation is delayed, came in handy for me.
2010-06-07 15:12:13 +02:00
Martin Willi
5493ffde0b
traffic_selector_t is gone into libstrongswan, migrate printf hook registration, too.
2010-06-07 15:06:09 +02:00
Martin Willi
550d9085fa
Flush auth configs, create new keymat during SA reset
2010-06-07 14:59:39 +02:00