ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
14,682 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

57 Commits

Author SHA1 Message Date
Tobias Brunner 88b85e022a sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not in the set 
Fixes #1213.
 2015-11-23 11:37:19 +01:00
Tobias Brunner 858148092d Replace usages of sigwait(3) with sigwaitinfo(2) 
This is basically the same call, but it has the advantage of being
supported by FreeBSD's valgrind, which sigwait() is not.

References #1106.
 2015-10-29 15:38:37 +01:00
Tobias Brunner 9b4f6cfa23 charon-nm: Disable leak-detective in charon-nm 
It segfaults immediately if it is enabled, at least on Ubuntu 14.04.
 2015-05-05 17:53:47 +02:00
Martin Willi b9be25ea39 attribute-handler: Pass full IKE_SA to handler backends 2015-02-20 13:34:56 +01:00
Martin Willi 751363275f attributes: Move the configuration attributes framework to libcharon 2015-02-20 13:34:55 +01:00
Martin Willi 5421092b75 plugin-loader: Support a reload() callback for static features 2014-09-22 13:55:12 +02:00
Martin Willi 8d74ec9e80 ike: Add an additional but separate AEAD proposal to CHILD config 
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
 2014-05-16 16:51:19 +02:00
Martin Willi 879e3d12ca ike: Add an additional but separate AEAD proposal to IKE config, if supported 2014-05-16 16:51:19 +02:00
Tobias Brunner f738753abc nm: Fix NULL-pointer dereference when handling TUN device failure 2014-04-09 16:35:46 +02:00
Tobias Brunner c489c5881a charon-nm: No additional secrets are required once a password has been entered 
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.

Fixes #547.
 2014-03-18 14:53:40 +01:00
Tobias Brunner 1c306c0ee9 libcharon: Remove unused charon->name 2014-02-12 14:34:33 +01:00
Tobias Brunner 10c4f4e1fd libhydra: Remove unused hydra->daemon 2014-02-12 14:34:32 +01:00
Tobias Brunner 34d3bfcf14 lib: Add global config namespace 2014-02-12 14:34:31 +01:00
Tobias Brunner 54ca25800c agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socket 
This is also required if charon-cmd is used with capability dropping.
 2014-01-23 10:08:23 +01:00
Tobias Brunner 5ae822cfcd nm: Handle PSK option in NM backend 2013-11-27 18:36:58 +01:00
Martin Willi 3070697f9f ike: support multiple addresses, ranges and subnets in IKE address config 
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
 2013-09-04 10:38:37 +02:00
Martin Willi 9aeaa7396e peer-cfg: add a pull/push mode option to use with mode config 2013-09-04 10:33:37 +02:00
Martin Willi 19cb07b890 automake: replace INCLUDES by AM_CPPFLAGS 
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
 2013-07-18 14:59:19 +02:00
Martin Willi 896abbefc5 nm: omit deprecated g_type_init() when using >= GLIB 2.36 2013-07-18 14:21:17 +02:00
Tobias Brunner 68b7448eab capabilities: Make the user and group charon(-nm) changes to configurable 2013-06-25 17:16:33 +02:00
Tobias Brunner a2eb581781 capabilities: Move global capabilities_t instance to libstrongswan 2013-06-25 17:16:32 +02:00
Tobias Brunner 2e21bac19a capabilities: Ensure required capabilities are actually held by the process/user 2013-06-25 17:16:32 +02:00
Tobias Brunner 607f8e9906 plugin-loader: Add method to print loaded plugins on a given log level 2013-06-21 15:17:53 +02:00
Tobias Brunner 1b33e6c4ca charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin features 
This ensures the NM-specific credential set is unloaded before any
implementation of certificate/key objects, which causes a segmentation
fault during shutdown.
 2013-03-19 16:25:26 +01:00
Tobias Brunner 3651c8dcd5 charon-nm: Prevent NM from changing the default route 
This is not required as we install our own (narrow) route(s) in our own
routing table. This should allow split tunneling if configured on the
gateway.
 2013-03-19 16:25:26 +01:00
Tobias Brunner 9cf09ecad7 charon-nm: Use VIP (if any) as local address 
NM will install this address on the provided device.
 2013-03-19 16:25:26 +01:00
Tobias Brunner c15eea7306 charon-nm: Pass a dummy TUN device to NetworkManager 
NetworkManager modifies the addresses etc. on this interface so using
"lo" is not optimal. With the dummy interface NM is free to do its
thing.
 2013-03-19 16:25:26 +01:00
Tobias Brunner b7645a5d30 charon-nm: Fix NM plugin utility macros 2013-03-19 16:25:26 +01:00
Martin Willi 306a269e34 Add a DSCP configuration value to IKE configs 2013-02-06 15:20:32 +01:00
Tobias Brunner 69c6a60176 g_thread_init() is deprecated since Glib 2.23 2013-01-24 19:13:40 +01:00
Tobias Brunner 365d9a6f67 Added an option that allows to force IKEv1 fragmentation 2013-01-12 11:54:32 +01:00
Tobias Brunner 97973f8609 Use a connection specific option to en-/disable IKEv1 fragmentation 2012-12-24 13:00:01 +01:00
Tobias Brunner 2e7cc07ecd Moved host_t and host_resolver_t to a new networking subfolder 2012-10-24 15:06:18 +02:00
Martin Willi 1fdd62ffce Remove version argument on peer_cfg constructor, use ike_cfg version instead 2012-10-24 10:19:33 +02:00
Martin Willi 9fc7cc6f9b Add IKE version information to ike_cfg_t 2012-10-24 10:18:35 +02:00
Tobias Brunner 3555bacac7 Reload logger configuration on SIGHUP 
Besides changing the configuration this allows to easily rotate log files.

Also moved logger initialization back to daemon_t.
 2012-10-18 14:42:10 +02:00
Tobias Brunner d35d669180 Make syslog and file loggers configurable at runtime 2012-10-18 14:42:10 +02:00
Tobias Brunner a2a28d90ac Make streq() and strcaseeq() static inline functions so they can be used as callbacks 2012-09-21 18:16:26 +02:00
Tobias Brunner af16b5afb0 Use random ports in NetworkManager backend 2012-09-18 14:57:05 +02:00
Tobias Brunner e6fcc172f8 Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backend 2012-09-18 14:40:40 +02:00
Martin Willi feb8550401 Pass a list instead of a single virtual IP to attribute enumerators 2012-08-30 16:43:42 +02:00
Martin Willi 497ce2cf51 Support multiple address pools configured on a peer_cfg 2012-08-30 16:43:42 +02:00
Martin Willi 101d26babe Support multiple virtual IPs on peer_cfg and ike_sa classes 2012-08-30 16:43:42 +02:00
Tobias Brunner b223d517c8 Replaced usages of CHARON_*_PORT with calls to get_port(). 2012-08-08 15:12:25 +02:00
Tobias Brunner e7ea057fd2 Make the UDP ports charon listens for packets on (and uses as source ports) configurable. 2012-08-08 15:07:43 +02:00
Tobias Brunner 63ac6d00b0 Proper fallback if capability dropping is not available 2012-07-27 14:46:42 +02:00
Martin Willi 0619ddfaa4 Refactored heavily #ifdefd capability code to its own libstrongswan class 2012-07-04 11:01:40 +02:00
Martin Willi ce938e5cfa Add charon-nm to .gitignore 2012-07-03 17:41:14 +02:00
Martin Willi d12635c77d Pass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9 2012-06-29 15:21:57 +02:00
Tobias Brunner aa54ecef44 Use static plugin features in libcharon to define essential dependencies 2012-06-27 11:31:16 +02:00