a655f5c09c
reuse reqid when a ROUTED child_sa gets INSTALLED
...
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
2006-09-05 14:07:25 +00:00
da8ab11e91
fixed a at-least-one-year-old bug which caused crashed in the scheduler
2006-08-31 06:48:10 +00:00
c705698293
added raw socket filter for IPv6
2006-08-31 06:18:15 +00:00
053842f4e7
implemented NAT detection for IPv6
2006-08-31 06:17:41 +00:00
1f7fd2ced8
removed unneeded constructor
2006-08-31 06:16:52 +00:00
48d9883a3e
initial support for IPv6 (more testing needed)
...
socket works (without v6 filter)
traffic selector handle IPv4/v4 cleanly
improvements in traffic selector code
kernel interface accepts v6 traffic selectors and hosts
host_t class has full IPv6 support
2006-08-30 17:12:56 +00:00
51d4876814
added stddef.h include for compilers which do not support the offsetof() directive
2006-08-28 09:02:51 +00:00
4c23a8c9ec
moved interface enumeration code to socket, where it belongs
...
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
2006-08-28 08:45:22 +00:00
834b2ce2e2
version bump of UML kernel to 2.6.17.11
2006-08-25 09:25:12 +00:00
fa8d578d94
fixed crash bug when doing "ipsec down" with an unknown connection
2006-08-25 09:19:42 +00:00
9be547c0ed
added name property in CHILD_SA, allows proper status output
2006-08-25 09:07:37 +00:00
7106403bd8
2006-08-25 07:42:48 +00:00
c3e7aeb102
fixed bug which prevented port float when nat is detected
2006-08-25 07:37:22 +00:00
8ae6a48f94
version bumps
2006-08-25 07:30:29 +00:00
b425d99867
'sha' and 'sha1' are now treated as synonyms
2006-08-23 12:07:15 +00:00
3dc16958dd
'sha' and 'sha1' are now treated as synonyms
2006-08-23 12:07:07 +00:00
a1310b6b92
updated Changelog and other docs
2006-08-23 11:48:33 +00:00
d03ab568a6
fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD)
2006-08-23 09:25:41 +00:00
3183006de2
implement proper handling of most simultaneous IKE_SA rekeying cases
2006-08-23 07:30:43 +00:00
c3f97102f1
version bump to 4.0.3
2006-08-02 12:33:26 +00:00
f698448ea3
implemented proper refcounting using atomic operations
2006-07-28 09:45:18 +00:00
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
8dfbe71b34
introduced refcounting on policy and connections
...
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
2006-07-20 10:09:32 +00:00
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
623d3dcf78
X.509 certificate trust path verification
2006-07-14 13:21:19 +00:00
a9ae2c01ed
added
2006-07-14 12:58:47 +00:00
e6cfe0eecc
fixed UDP decapsulation by adding inbound bypass policy for send socket
2006-07-14 12:53:06 +00:00
106e9fc6f8
updated mixed tests to new charon output
2006-07-14 12:29:26 +00:00
bf4df11f44
corrected DPD entry
2006-07-14 11:51:45 +00:00
ead36455a9
reenabled module tests for charon
2006-07-14 11:16:49 +00:00
b34be51cef
fixed bug which erroneously detected KE payload when rekeying
2006-07-14 08:18:48 +00:00
e3109c02ac
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT
2006-07-14 08:08:55 +00:00
325e497798
improved logging on verify errors for some payloads
...
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload
2006-07-13 12:49:35 +00:00
7af345e11e
added test cases from NAT team
...
updated all IKEv2 tests to work with new status output
2006-07-13 12:45:18 +00:00
1279eda042
added tcpdumpcount function from NATT guys
...
added possibility to mount the strongswan tree into all UMLs
added script for installing from shared tree in all UMLs
added script to shut down all UMLs properly
2006-07-13 12:43:52 +00:00
be247b817b
removed in favour of tests from NAT team
2006-07-13 12:00:36 +00:00
4c04f30a51
fixed CREATE_CHILD_SA transaction dispatching
2006-07-13 08:51:24 +00:00
bcb95ced3d
added CHILD_SA states, which allows us to detect further simultaneous transactions
...
reimplemented the buggy message id handling
2006-07-13 08:26:54 +00:00
cb5c41cde9
updated some inline docs
2006-07-12 14:08:52 +00:00
0d379627de
fixed crypter/signer in/out to conform with standard
2006-07-12 14:08:13 +00:00
b68afb7bd8
fixed payload order
2006-07-12 14:07:30 +00:00
a846ffdb48
added message id logging
2006-07-12 14:06:25 +00:00
e7356568b2
added all currently known notify payload types
2006-07-12 14:05:57 +00:00
aeeb4f4f97
added policy cache to kernel interface
...
allows refcounting of multiple installed policies
finally brings us stable simultaneous rekeying
2006-07-12 11:42:36 +00:00
269f7f448b
leak detective blanks memory on free & alloc, allows further membug detection
2006-07-12 11:15:31 +00:00
4c19900ce8
code cleanups
2006-07-12 11:13:48 +00:00
c361cc8c51
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:12:45 +00:00
40f29769fa
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:11:59 +00:00
Martin Willi