Martin Willi
a655f5c09c
reuse reqid when a ROUTED child_sa gets INSTALLED
...
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
2006-09-05 14:07:25 +00:00
Martin Willi
da8ab11e91
fixed a at-least-one-year-old bug which caused crashed in the scheduler
2006-08-31 06:48:10 +00:00
Martin Willi
c705698293
added raw socket filter for IPv6
2006-08-31 06:18:15 +00:00
Martin Willi
053842f4e7
implemented NAT detection for IPv6
2006-08-31 06:17:41 +00:00
Martin Willi
1f7fd2ced8
removed unneeded constructor
2006-08-31 06:16:52 +00:00
Martin Willi
48d9883a3e
initial support for IPv6 (more testing needed)
...
socket works (without v6 filter)
traffic selector handle IPv4/v4 cleanly
improvements in traffic selector code
kernel interface accepts v6 traffic selectors and hosts
host_t class has full IPv6 support
2006-08-30 17:12:56 +00:00
Martin Willi
51d4876814
added stddef.h include for compilers which do not support the offsetof() directive
2006-08-28 09:02:51 +00:00
Martin Willi
4c23a8c9ec
moved interface enumeration code to socket, where it belongs
...
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
2006-08-28 08:45:22 +00:00
Andreas Steffen
834b2ce2e2
version bump of UML kernel to 2.6.17.11
2006-08-25 09:25:12 +00:00
Martin Willi
fa8d578d94
fixed crash bug when doing "ipsec down" with an unknown connection
2006-08-25 09:19:42 +00:00
Martin Willi
9be547c0ed
added name property in CHILD_SA, allows proper status output
2006-08-25 09:07:37 +00:00
Martin Willi
7106403bd8
2006-08-25 07:42:48 +00:00
Martin Willi
c3e7aeb102
fixed bug which prevented port float when nat is detected
2006-08-25 07:37:22 +00:00
Andreas Steffen
8ae6a48f94
version bumps
2006-08-25 07:30:29 +00:00
Andreas Steffen
b425d99867
'sha' and 'sha1' are now treated as synonyms
2006-08-23 12:07:15 +00:00
Andreas Steffen
3dc16958dd
'sha' and 'sha1' are now treated as synonyms
2006-08-23 12:07:07 +00:00
Martin Willi
a1310b6b92
updated Changelog and other docs
2006-08-23 11:48:33 +00:00
Martin Willi
d03ab568a6
fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD)
2006-08-23 09:25:41 +00:00
Martin Willi
3183006de2
implement proper handling of most simultaneous IKE_SA rekeying cases
2006-08-23 07:30:43 +00:00
Andreas Steffen
c3f97102f1
version bump to 4.0.3
2006-08-02 12:33:26 +00:00
Martin Willi
f698448ea3
implemented proper refcounting using atomic operations
2006-07-28 09:45:18 +00:00
Martin Willi
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
Martin Willi
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
Martin Willi
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
Martin Willi
8dfbe71b34
introduced refcounting on policy and connections
...
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
2006-07-20 10:09:32 +00:00
Martin Willi
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
Andreas Steffen
623d3dcf78
X.509 certificate trust path verification
2006-07-14 13:21:19 +00:00
Andreas Steffen
a9ae2c01ed
added
2006-07-14 12:58:47 +00:00
Martin Willi
e6cfe0eecc
fixed UDP decapsulation by adding inbound bypass policy for send socket
2006-07-14 12:53:06 +00:00
Martin Willi
106e9fc6f8
updated mixed tests to new charon output
2006-07-14 12:29:26 +00:00
Andreas Steffen
bf4df11f44
corrected DPD entry
2006-07-14 11:51:45 +00:00
Martin Willi
ead36455a9
reenabled module tests for charon
2006-07-14 11:16:49 +00:00
Martin Willi
b34be51cef
fixed bug which erroneously detected KE payload when rekeying
2006-07-14 08:18:48 +00:00
Martin Willi
e3109c02ac
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT
2006-07-14 08:08:55 +00:00
Martin Willi
325e497798
improved logging on verify errors for some payloads
...
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload
2006-07-13 12:49:35 +00:00
Martin Willi
7af345e11e
added test cases from NAT team
...
updated all IKEv2 tests to work with new status output
2006-07-13 12:45:18 +00:00
Martin Willi
1279eda042
added tcpdumpcount function from NATT guys
...
added possibility to mount the strongswan tree into all UMLs
added script for installing from shared tree in all UMLs
added script to shut down all UMLs properly
2006-07-13 12:43:52 +00:00
Martin Willi
be247b817b
removed in favour of tests from NAT team
2006-07-13 12:00:36 +00:00
Martin Willi
4c04f30a51
fixed CREATE_CHILD_SA transaction dispatching
2006-07-13 08:51:24 +00:00
Martin Willi
bcb95ced3d
added CHILD_SA states, which allows us to detect further simultaneous transactions
...
reimplemented the buggy message id handling
2006-07-13 08:26:54 +00:00
Martin Willi
cb5c41cde9
updated some inline docs
2006-07-12 14:08:52 +00:00
Martin Willi
0d379627de
fixed crypter/signer in/out to conform with standard
2006-07-12 14:08:13 +00:00
Martin Willi
b68afb7bd8
fixed payload order
2006-07-12 14:07:30 +00:00
Martin Willi
a846ffdb48
added message id logging
2006-07-12 14:06:25 +00:00
Martin Willi
e7356568b2
added all currently known notify payload types
2006-07-12 14:05:57 +00:00
Martin Willi
aeeb4f4f97
added policy cache to kernel interface
...
allows refcounting of multiple installed policies
finally brings us stable simultaneous rekeying
2006-07-12 11:42:36 +00:00
Martin Willi
269f7f448b
leak detective blanks memory on free & alloc, allows further membug detection
2006-07-12 11:15:31 +00:00
Martin Willi
4c19900ce8
code cleanups
2006-07-12 11:13:48 +00:00
Andreas Steffen
c361cc8c51
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:12:45 +00:00
Andreas Steffen
40f29769fa
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:11:59 +00:00