f59240e9ae
Added OpenSSL/GPL exception to LICENSE file
...
Also updated other parts of the license.
2012-06-29 16:51:29 +02:00
e516068965
Removed superfluous remove_hasher() call in md5 plugin
2012-06-29 16:23:20 +02:00
d12635c77d
Pass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9
2012-06-29 15:21:57 +02:00
9d2968e272
As a responder, don't start a TRANSACTION request if we expect one from the initiator
2012-06-29 13:40:31 +02:00
4271838f9c
an IKE daemon needs these plugins but a PDP doesn't
2012-06-29 06:24:02 +02:00
36df6113fa
added Ubuntu 12.04 LTS i686 measurements
2012-06-28 22:20:44 +02:00
5f451f2d6a
IMCs and IMVs might depend on X.509 certificates or trusted public keys
2012-06-28 17:55:02 +02:00
1c959e4479
added ikev1/virtual-ip scenario
2012-06-28 14:52:07 +02:00
5a86589d0c
corrected description of ikev1/ip-pool-db scenario
2012-06-28 14:44:10 +02:00
5c0d1bccb0
corrected description of ikev1/ip-pool scenario
2012-06-28 14:42:34 +02:00
788e512d58
added ikev1/ip-pool scenario
2012-06-28 14:37:04 +02:00
f39a2f275e
merged xauth-id-rsa and xauth-rsa-config scenarios
2012-06-28 14:23:47 +02:00
bbbffac3ab
Defined a macro to replace strerror(3) with calls to thread-safe wrapper
2012-06-28 13:14:52 +02:00
2a59527659
Thread-safe wrapper around strerror(3)/strerror_r(3) added
2012-06-28 13:14:52 +02:00
0f018a7324
Show some uname() info in "ipsec statusall"
2012-06-28 11:56:40 +02:00
b8e17eb36f
Show some uname() info during charon startup
2012-06-28 11:56:15 +02:00
8cad9ed42c
charon automatically removes virtual interfaces
2012-06-28 09:30:24 +02:00
bd858af851
libcharon also requires kernel interfaces and a socket implementation
2012-06-27 12:15:09 +02:00
271377905d
Defer quick mode initiation if we expect a mode config request
2012-06-27 11:42:56 +02:00
8ff45cfd99
Queue a mode config task as responder if we need a virtual IP
2012-06-27 11:42:56 +02:00
c2a391746c
Add basic support for XAuth responder authentication
2012-06-27 11:42:56 +02:00
a9aa75b90e
Map XAuth responder authentication methods between IKEv1 and IKEv2
2012-06-27 11:42:56 +02:00
dc6d259635
Show remote EAP/XAuth identity in "statusall" on a separate line
2012-06-27 11:42:00 +02:00
8122ae8cd8
gcrypt: Register SHA1 first as HASH_PREFERRED depends on it
2012-06-27 11:31:16 +02:00
aa54ecef44
Use static plugin features in libcharon to define essential dependencies
2012-06-27 11:31:16 +02:00
ec3b332bf8
Use static plugin features in charon-nm
2012-06-27 11:31:16 +02:00
5def45b890
Ignore a received %any virtual IP for installation
2012-06-26 18:00:40 +02:00
f102c5f341
Mask the configured mark value to ensure it is in range
2012-06-26 12:50:58 +02:00
66e12b926e
Some updates in ipsec.conf(5) for 5.0.0
2012-06-26 12:39:53 +02:00
92250a48a9
Added MAC wrappers to Android.mk
2012-06-26 07:58:04 +02:00
9866c26c5b
Also build charon's IKEv1 implementation on Android
2012-06-26 07:56:15 +02:00
43d01ab2f6
Build nonce plugin on Android
2012-06-26 07:56:15 +02:00
8497c5d147
Missing source file added to libcharon's Android.mk
2012-06-26 07:56:15 +02:00
67307ad724
scepclient: Added support to build it on Android
2012-06-26 07:56:15 +02:00
197dbf5f72
Added support for the curl plugin on Android
2012-06-26 07:56:14 +02:00
63afd833b9
Avoid SIGSEGV during shutdown if charon is not started as root
2012-06-25 19:00:00 +02:00
f97c269e0c
NEWS about thread pool updates added
2012-06-25 18:18:07 +02:00
e0efd7c121
Make rescheduling a job more predictable
...
This avoids race conditions between calls to cancel() and jobs that like
to be rescheduled. If jobs were able to reschedule themselves it would
theoretically be possible that two worker threads have the same job
assigned (the one currently executing the job and the one executing the
same but rescheduled job if it already is time to execute it), this means
that cancel() could be called twice for that job.
Creating a new job based on the current one and reschedule that is also
OK, but rescheduling itself is more efficient for jobs that need to be
executed often.
2012-06-25 17:49:12 +02:00
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
7fec83af28
Give processor_t more control over the lifecycle of a job
...
Jobs are now destroyed by the processor, but they are allowed to
reschedule themselves. That is, parts of the reschedule functionality
already provided by callback_job_t is moved to the processor. Not yet
fully supported is JOB_REQUEUE_DIRECT and canceling jobs.
Note: job_t.destroy() is now called not only for queued jobs but also
after execution or cancellation of jobs. job_t.status can be used to
decide what to do in said method.
2012-06-25 17:10:28 +02:00
18d21a57df
Added a method to plugin_loader_t to add 'static' plugin features
...
This allows daemons and other components to register plugin features
like those provided by plugins (following the same lifecycle).
The added features are internally handled like they were added by a
plugin.
2012-06-25 17:03:07 +02:00
e07122436c
Make sure that all features of critical plugins are loaded
2012-06-25 17:03:07 +02:00
bc6d944705
Added an option to rename the ipsec script during installation
...
Also rename the man page and adjust all references in the script, the
man page and other files.
Closes #194 .
2012-06-25 16:53:38 +02:00
d86cf32b4b
Removed -o argument when creating .../ipsec.d with install
...
This should have been removed with 2b52d5cb41
2012-06-25 16:37:34 +02:00
34a80708e2
Updated ipsec script man page after removing pluto
2012-06-25 16:37:34 +02:00
738b9121cb
Use mac_t and PRF and signer wrappers in cmac plugin
2012-06-25 16:35:06 +02:00
83cb52b044
Use mac_t and PRF and signer wrappers in xcbc plugin
2012-06-25 16:35:06 +02:00
c4a3c9672a
Make the hmac_t interface a generic interface for message authentication codes
2012-06-25 16:35:06 +02:00
228d096e42
Simplified creation of PRFs and signers in openssl and hmac plugins
2012-06-25 16:35:06 +02:00
01850f5d55
Function to convert PRFs to hash algorithms added
2012-06-25 16:35:06 +02:00
Tobias Brunner