Forward incoming calls to default ikev2 keymat instance. This is needed
to make a stepwise migration to TKM keymat possible. It will be removed
once the corresponding parts are implemented in the TKM.
Instead of storing the acquired context ids in a linked list, use an
array of booleans for the job. A boolean value of true in the array
designates an available context id.
The tkm_diffie_hellman_t plugin acquires a DH context from the Trusted
Key Manager and uses it to get a DH public value and the calculated
shared secret. Proper context handling is still missing though, the
plugin currently uses context ID 1.
The get_shared_secret function will be removed as soon as the TKM
specific keymat is ready.
Analogous to charon-nm the charon-tkm daemon is a specialized charon
instance used in combination with the trusted key manager (TKM) written
in Ada.
The charon-tkm is basically a copy of the charon-nm code which will
register it's own TKM specific plugins.
The daemon binary is built using the gprbuild utility. This is needed
because it uses the tkm-rpc Ada library and consequently the Ada
runtime. gprbuild takes care of the complete binding and linker steps
required to properly initialize the Ada runtime.
A daemon can be specified using the '--daemon' command line parameter. This
tells starter to invoke a daemon other than 'charon'.
Additionally the ipsec script uses the environment variable DAEMON_NAME to tell
the starter which daemon to use.
This configure option enables check-based unit testing. Check is a unit
test framework for C [1].
The unit tests can be executed by issuing the following command in the
toplevel build directory:
make check
[1] - http://check.sourceforge.net/
This simplifies capturing traffic with Wireshark on the host as each of
the guest's interfaces is clearly identified.
The three bridges were previously numbered starting from 0, this scheme
is restored here.
This XAuth backend does not do any authentication of client credentials
but simply sends a successful XAuth status to the client, thereby
concluding the XAuth exchange. This can be useful to fallback to basic
RSA authentication with clients that can not be configured without XAuth
authentication.
Bring some extensions to eap-radius, namely a virtual IP address provider based
on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting
updates and the reporting of sent/received packets.
Adrian-Ken Rueegsegger