Tobias Brunner
ed05a1a3b7
'signal' is a keyword in MySQL 5.5
...
Fixes #251 .
2012-11-07 12:37:23 +01:00
Tobias Brunner
214c081dd6
Log sent vendor IDs for IKEv1
2012-11-02 15:52:19 +01:00
Tobias Brunner
531f32d62a
Compiler warning fixed
2012-11-02 15:39:51 +01:00
Martin Willi
6e8f88dba3
Exclude dynamic TS from Unity Split-Include attributes
2012-10-30 09:14:44 +01:00
Tobias Brunner
f30962de74
Fixed log message when no shared secret is found during IKEv1 Main Mode
2012-10-29 10:04:37 +01:00
Tobias Brunner
f48e727232
Remove all ESP proposals with non-matching DH group during Quick Mode
...
According to RFC 2409, section 5.5, if PFS is used all proposals MUST
include the selected DH group, so we remove proposals without the
proposed group and remove other DH groups from the remaining proposals.
2012-10-24 16:09:42 +02:00
Tobias Brunner
4eba7269b8
proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all
2012-10-24 16:09:42 +02:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
fdee6b5f5a
Moved packet_t and tun_device_t to networking folder
2012-10-24 15:06:18 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
c4894cc172
Send certificate requests in load-tester
2012-10-24 13:25:45 +02:00
Martin Willi
0f3c5f8502
Add load-tester traffic selector configuration options
2012-10-24 13:25:13 +02:00
Martin Willi
1efd6c6f2a
Make use of new CIDR string ts constructor where appropriate
2012-10-24 13:25:08 +02:00
Martin Willi
aa51d5dd25
Increase the limit of acceptable IKEv1 CERTREQ payloads to 20
2012-10-24 13:07:53 +02:00
Martin Willi
4ce55ffb0b
Use explicit, larger buffer sizes for smartcard keyids and modules
2012-10-24 13:07:53 +02:00
Martin Willi
794d713dca
Support loading cacert certificates in ipsec.conf ca sections from smartcard
2012-10-24 13:07:53 +02:00
Martin Willi
2abe404927
Refactored stroke smartcard token parsing, support module and slot in leftcert option
2012-10-24 13:07:53 +02:00
Martin Willi
9687cb5100
Load ipsec.conf %smartcard leftcerts with pkcs11 builder
2012-10-24 13:07:52 +02:00
Martin Willi
7ee16e4b85
Only add an implicit PRF based on the MAC alg if no PRF given in proposal
2012-10-24 11:49:37 +02:00
Martin Willi
a7f5eb1035
Add an interactive mode in lookip tool, demonstrate lasting connections
2012-10-24 11:43:34 +02:00
Martin Willi
9d422bb1b0
Send a lookip NOT_FOUND reply if a lookup yields no results
2012-10-24 11:43:34 +02:00
Martin Willi
f6fb2b98e9
lookup function of lookip listener returns the number of matches
2012-10-24 11:43:34 +02:00
Martin Willi
31576ceddf
Handle multiple lookip connections using a single FDSET
2012-10-24 11:43:34 +02:00
Martin Willi
28683ef137
Renamed list to store listening lookip clients
2012-10-24 11:43:34 +02:00
Martin Willi
bae50c7393
Handle client subscriptions in lookip plugin
2012-10-24 11:43:34 +02:00
Martin Willi
7650dd9a4f
Add a lookip server side UNIX socket processing LOOKUP and DUMP requests
2012-10-24 11:43:34 +02:00
Martin Willi
d59e6db614
Add a simple command line utility to query the lookip plugin
2012-10-24 11:43:34 +02:00
Martin Willi
7877c463ea
Defined on-the-wire format used on lookip socket
2012-10-24 11:43:34 +02:00
Martin Willi
1edaa79c06
Add a lookip function to register virtual IP notification listeners
2012-10-24 11:43:34 +02:00
Martin Willi
9c54b445e2
Add a lookup method to lookip plugin, using a callback to invoke
2012-10-24 11:43:34 +02:00
Martin Willi
2caa27d42e
Add a lookip listener that collects the information we are interested in
2012-10-24 11:43:34 +02:00
Martin Willi
e0d7c1eda7
Add a lookip plugin stub to lookup connections by virtual IP
2012-10-24 11:43:33 +02:00
Martin Willi
0c4b9f7cda
Add a "ipsec listcounters" command to stroke
2012-10-24 11:34:31 +02:00
Martin Willi
f9332e0a8b
Add a print method for stroke counters
2012-10-24 11:34:31 +02:00
Martin Willi
fc4d1568d1
Add stroke message type counters
2012-10-24 11:34:30 +02:00
Martin Willi
5715af7508
Add stroke counters for invalid IKE messages
2012-10-24 11:34:30 +02:00
Martin Willi
81e0e10344
Add stroke CHILD_SA rekeying counter
2012-10-24 11:34:30 +02:00
Martin Willi
a32a8d4a67
Add stroke IKE rekey counters
2012-10-24 11:34:30 +02:00
Martin Willi
418f4bc7a5
Raise a bus alert when IKE message body parsing fails
2012-10-24 11:34:30 +02:00
Martin Willi
2b95ab7620
Raise a bus alert when IKE message header parsing fails
2012-10-24 11:34:30 +02:00
Martin Willi
f6f16131d0
Raise a bus alert when a received message contains unknown SPIs
2012-10-24 11:34:30 +02:00
Martin Willi
47904e3c74
Define stroke counter types to implement
2012-10-24 11:34:11 +02:00
Martin Willi
8554895b95
Add a stub for IKE event counters in stroke
2012-10-24 11:34:11 +02:00
Martin Willi
b2265a2738
Add a load-tester option to define the IKE version to use for testing
2012-10-24 10:19:33 +02:00
Martin Willi
e19b23e0b9
Remove peer_cfg IKE version matching, as it is done in ike_cfg matching
2012-10-24 10:19:33 +02:00
Martin Willi
7910116384
Respect IKE version while selecting an ike_cfg as responder
2012-10-24 10:19:33 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
Martin Willi
cf62d073f1
Move ike_version_t definition from peer_cfg_t to ike_cfg_t
2012-10-24 10:17:36 +02:00