]>
Commit | Line | Data |
---|---|---|
48dc3934 MW |
1 | strongswan-4.0.4 / R:1289 |
2 | =========================== | |
3 | ||
4 | fixed some compiler warnings | |
5 | extended statusall output | |
6 | added job/event-queue statistics | |
7 | added allocation statistics when using LEAK_DETECTIVE | |
8 | fixed include typo | |
9 | public declaration of all HASH_SIZEs in hasher.h | |
10 | support of encrypted private key files | |
11 | added copyright notice to sha2_hasher | |
12 | included SHA2 in build process | |
13 | implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512 | |
14 | added support for 3DES encryption algorithm in IKE | |
15 | fixed the ids parsing bug | |
16 | fixed the ids parsing bug | |
17 | updated TODOs | |
18 | fixed memleak | |
19 | fixed proper handling of id parsing errors | |
20 | proper return value when no PSK found | |
21 | added HOST_ACCESS for firewall script as default | |
22 | more debugging output for PSK authentication | |
23 | some cleanups here and there | |
24 | added auth_method field | |
25 | added auth_method field | |
26 | cosmetics | |
27 | verify_emsa_pkcs1_signature returns status_t | |
28 | cosmetics | |
29 | added PSK support | |
30 | enabled firewall support | |
31 | proper error handling for socket creation | |
32 | handle certificate parsing error more generous | |
33 | fixed certificate verification bug! | |
34 | fixed memleak when receiving invalid certificate | |
35 | version bump to 4.0.4 | |
36 | version bump to 4.0.4 | |
37 | two new test scenarios | |
38 | fixed path to images directory | |
39 | implemented updown script to handle firewalling | |
40 | add priority management for kernel policy | |
41 | let ROUTED policies installed, until manuall removed | |
42 | introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs | |
43 | ike_sa_manager cleanups | |
44 | implemented handling of dpdaction and dpddelay ipsec.conf parameters | |
45 | reuse reqid when a ROUTED child_sa gets INSTALLED | |
46 | fixed a bug in retransmission code | |
47 | added support for the "keyingtries" ipsec.conf parameter | |
48 | added support for the "dpddelay" ipsec.conf parameter | |
49 | done some work for "dpdaction" behavior | |
50 | some other cleanups and fixes | |
51 | fixed a at-least-one-year-old bug which caused crashed in the scheduler | |
52 | added raw socket filter for IPv6 | |
53 | implemented NAT detection for IPv6 | |
54 | removed unneeded constructor | |
55 | initial support for IPv6 (more testing needed) | |
56 | socket works (without v6 filter) | |
57 | traffic selector handle IPv4/v4 cleanly | |
58 | improvements in traffic selector code | |
59 | kernel interface accepts v6 traffic selectors and hosts | |
60 | host_t class has full IPv6 support | |
61 | added stddef.h include for compilers which do not support the offsetof() directive | |
62 | moved interface enumeration code to socket, where it belongs | |
63 | query interfaces every time we need it to respect changes in network config | |
64 | added address listing on startup and "ipsec statusall" | |
65 | version bump of UML kernel to 2.6.17.11 | |
66 | fixed crash bug when doing "ipsec down" with an unknown connection | |
67 | added name property in CHILD_SA, allows proper status output | |
68 | fixed bug which prevented port float when nat is detected | |
69 | version bumps | |
70 | 'sha' and 'sha1' are now treated as synonyms | |
71 | updated Changelog and other docs | |
72 | ||
73 | ||
a1310b6b MW |
74 | strongswan-4.0.3 / R:1235 |
75 | =========================== | |
76 | ||
77 | fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD) | |
78 | implement proper handling of most simultaneous IKE_SA rekeying cases | |
79 | version bump to 4.0.3 | |
80 | implemented proper refcounting using atomic operations | |
81 | implemented IKE_SA rekeying | |
82 | uses ikelifetime, rekeymargin and rekeyfuzz config settings | |
83 | no handling of simultaneus exchanges yet! | |
84 | added possibility to route CHILD_SAs, without to set them up | |
85 | support for auto=route parameter | |
86 | support for ipsec route and ipsec unroute | |
87 | initiating of CHILD and/or IKE_SAs based on kernel acquires | |
88 | reuse an existing IKE_SA to set up additional CHILD_SAs | |
89 | introduced refcounting on policy and connections | |
90 | aren't stored in the IKE_SA anymore, they are queried on the fly | |
91 | are immutable now, allows it to share them | |
92 | policy selection based on traffic selectors, leads to valid lookup results | |
93 | rekeying queries the policy based on its traffic selectors | |
94 | cleanups in kernel interface code | |
95 | added proper traffic selector to string conversion | |
96 | some cleanups here & there | |
97 | X.509 certificate trust path verification | |
98 | added | |
99 | fixed UDP decapsulation by adding inbound bypass policy for send socket | |
100 | updated mixed tests to new charon output | |
101 | corrected DPD entry | |
102 | reenabled module tests for charon | |
103 | fixed bug which erroneously detected KE payload when rekeying | |
104 | added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT | |
105 | improved logging on verify errors for some payloads | |
106 | enforcing IKE_SA shutdown, even when transactions are outstanding | |
107 | proper reject of CREATE_CHILD_SA message with KE payload | |
108 | added test cases from NAT team | |
109 | updated all IKEv2 tests to work with new status output | |
110 | added tcpdumpcount function from NATT guys | |
111 | added possibility to mount the strongswan tree into all UMLs | |
112 | added script for installing from shared tree in all UMLs | |
113 | added script to shut down all UMLs properly | |
114 | removed in favour of tests from NAT team | |
115 | fixed CREATE_CHILD_SA transaction dispatching | |
116 | added CHILD_SA states, which allows us to detect further simultaneous transactions | |
117 | reimplemented the buggy message id handling | |
118 | updated some inline docs | |
119 | fixed crypter/signer in/out to conform with standard | |
120 | fixed payload order | |
121 | added message id logging | |
122 | added all currently known notify payload types | |
123 | added policy cache to kernel interface | |
124 | allows refcounting of multiple installed policies | |
125 | finally brings us stable simultaneous rekeying | |
126 | leak detective blanks memory on free & alloc, allows further membug detection | |
127 | code cleanups | |
128 | identification_t.matches() supports multiple wildcard counts | |
129 | identification_t.matches() supports multiple wildcard counts | |
130 | further work done for simultaneous rekeying/delete | |
131 | still some cases which cause trouble | |
132 | fixed compiler warnings in parser when using -O2 | |
133 | reenabled check_expiry | |
134 | updated copyright information | |
135 | reimplemented CHILD_SA rekeying & delete | |
136 | no simultanous transaction with CHILD_SAs yet! | |
137 | removed NAT_TRAVERSAL and VIRTUAL_IP compile options | |
138 | removed NAT_TRAVERSAL compile option | |
139 | removed NAT_TRAVERSAL and VIRTUAL_IP compile options | |
140 | added | |
141 | updated NEWS | |
142 | added support for leftprotoport and rightprotoport | |
143 | improved CHILD_SA output for "ipsec statusall" | |
144 | updated whitelist (getprotobynumber) | |
145 | redesigned IKE_SA using a transaction mechanism: | |
146 | removed old state machine | |
147 | reimplemented IKE_SA setup and delete | |
148 | implemented dead peer detection | |
149 | implemented keep-alives | |
150 | a lot of fixes | |
151 | no rekeying yet | |
152 | fixed compiler warnings | |
153 | made thread ids unsigned again, to avoid negative thread ids on some systems | |
154 | fixed memleak when initiating a connection already up | |
155 | updated leak detective whitelist | |
156 | applied latest NATT patch with some fixes and cleanups | |
157 | test currently without firewall | |
158 | added | |
159 | added | |
160 | added | |
161 | removed | |
162 | removed version information from ipsec.conf | |
163 | log entries start with lowcercase character | |
164 | restored lost IKEv2 packet suppression | |
165 | added USE_LEAK_DETECTIVE option | |
166 | fixed natd_hash memory leak | |
167 | tests with subdirectory structure | |
168 | removed tests | |
169 | introduced subdirectory structure | |
170 | support of cert payloads | |
171 | lowercase log entries | |
172 | distributed by ITA | |
173 | added support of updown parameter | |
174 | generation of default key | |
175 | cosmetics | |
176 | added support of updown parameter | |
177 | version bump to 4.0.2 | |
178 | added X.509 trust chain verification | |
179 | version bump to 4.0.2 | |
180 | ESP packet size changed | |
181 | fixed bad_proposal_syntax bug | |
182 | updated ingorelist for stroke_keywords.c | |
183 | applied new changes from NATT team | |
184 | DPD only done when no IPsec and IKE traffic processed | |
185 | minor changes here and there | |
186 | some message code cleanups | |
187 | fixed identification_t clone to apply function pointers | |
188 | cleaner error handling on UDP encapsultion sockopt failure | |
189 | added mysterious UDP encapsulation socket option to get encapsulation working | |
190 | fixed BAD_PROPOSAL_SYNTAX vulnerability | |
191 | first merge of NATT code | |
192 | fixed testing build | |
193 | updated for 4.0.1 release | |
194 | updated news for 4.0.1 release | |
195 | fixed whitelist detection | |
196 | ||
197 | ||
e986c40b MW |
198 | strongswan-4.0.1 / R:1144 |
199 | =========================== | |
200 | ||
201 | fixed whitelist detection | |
202 | reworked function ignore mechanism to not-report whitelist | |
203 | rather than overriding functions | |
204 | fixed execv call args to work when using strictcrl and syslog | |
205 | fixed bug: usage of already freed mem | |
206 | readded local_credential_store | |
207 | added sendcert policy to connection | |
208 | some other cleanups | |
209 | implemented rereadcrls rereadcacerts | |
210 | implemented rereadcrls rereadcacerts | |
211 | implemented rereadcrls rereadcacerts | |
212 | removed local_credential_store | |
213 | fixed SPI when acting as initiator of rekeying | |
214 | fixed SPI when rekeying and deleting CHILD_SAs | |
215 | change key derivation order to fullfill RFC | |
216 | added crl support | |
217 | added listcrls | |
218 | added chunk_equals_or_null() | |
219 | added crl support | |
220 | changed tabs from 8 to 4 spaces | |
221 | added crl support | |
222 | cosmetics | |
223 | cosmetics (space) | |
224 | fixed compilation error | |
225 | updated for release | |
226 | fixed aes code, we support now aes128, aes192, aes256 in IKE | |
227 | added support for "ike" and "esp" keywords | |
228 | fixed bugs in proposal code | |
229 | algorithm selection for charon works now with ipsec.conf | |
230 | a lot of other fixes | |
231 | implemented clean spi allocation behavior when using multiple proposals | |
232 | fixed logleve(l) keyword typo | |
233 | handling of "rekey=no" parameter added | |
234 | changed default algorithms to: | |
235 | ike: aes128-sha-modp2048 | |
236 | esp: aes128-sha1, 3des-md5 | |
237 | added default CRL directory path | |
238 | added strictcrlpolicy command line argument | |
239 | added option parsing | |
240 | added local CRLs | |
241 | added rekeying parameters | |
242 | corrected some descriptions | |
243 | moved RSA key size constraints to definitions.h | |
244 | fixed down keyword | |
245 | debug and logging improvements | |
246 | support for stroke listcerts|listcacerts|listcrls|listall | |
247 | support for stroke listcerts|listcacerts|listall and left|rightca= | |
248 | gperf creates optimum hash table for stroke keywords | |
249 | using same reqid if a child sa rekeys an existing one | |
250 | NULL string argument is treated as %any | |
251 | add_certificate() now returns pointer to added cert | |
252 | cosmetics | |
253 | single tests now start up faster | |
254 | workaround for peers rekeying at the same time | |
255 | loading lifetime policies from ipsec.conf | |
256 | old child_sa gets deleted after rekeying | |
257 | rekeying almost complete, but: | |
258 | IKE_SA get in an invalid state when both initiate rekeying at the same time, | |
259 | corrected type | |
260 | improved kernel interface logging | |
261 | fixed clone/destroy behavior when not using CAs | |
262 | specifying keysize in bits, as it is required in IKEv2 | |
263 | added generic kernel SA algorithm handling, which brings us: | |
264 | aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs | |
265 | added support for leftsendcert= and left|rightca= parameters | |
266 | discard cert if CA basic constraints flag is not set and warn if cert is not valide | |
267 | added public methods is_ca() and is_valid() | |
268 | changed ASN.1 CONTROL log output to LEVEL2 | |
269 | cosmetics | |
270 | removed unused Makefile | |
271 | stroke.h requires libstrongswan/types.h | |
272 | fixed compile warnings when using -Wall | |
273 | further CHILD_SA rekeying work done: | |
274 | creation of a new CHILD_SA on a expire from a kernel works | |
275 | delete of old CHILD_SA still missing | |
276 | some issues when both initiate rekeing | |
277 | updated INSTALL to conform with autotools | |
278 | added a short HACKING introduction | |
279 | further work for rekeying: | |
280 | get liftimes from policy | |
281 | added new state | |
282 | initiation of rekeying done | |
283 | proposal redone: | |
284 | removed support for AH+ESP proposals | |
285 | proper leak detective hook for realloc | |
286 | excluded pthread_setspecific from leak detective | |
287 | fixed a memleak | |
288 | cosmetics | |
289 | ipv6-host2host scenario added | |
290 | created IPv6 environment | |
291 | job management: | |
292 | moved job code from thread_pool to job, jobs have an "execute" method now | |
293 | added two new jobs: delete_child_sa & rekey_child_sa | |
294 | kernel interface: | |
295 | listens now for ACQUIRE & EXPIRE | |
296 | supports hard and soft lifetimes | |
297 | fires jobs for delete and rekey child sa | |
298 | ike sa manager: | |
299 | can checkout IKE SAs by requid of owned CHILD SAs | |
300 | we have now the infrastructure to do the rekeying... :-) | |
301 | fixed some memleaks/freebugs | |
302 | leak detective works almost usable now (?!) | |
303 | added host2host test for ikev2 | |
304 | fixed host-host tunnel traffic selection, host-host works now | |
305 | bug fixed circumventing an assertion in delete_connection when ikev1 is not set | |
306 | minimized prefixed on stroke logger output | |
307 | charon outputs strongSwan version | |
308 | tests with subjectAltNames now | |
309 | fixed event queue for events >36min | |
310 | included charons module tests to build & dist | |
311 | full support of ikev1 and ikev2 connection flags | |
312 | cosmetics in log_status output | |
313 | use of streq | |
314 | added testing files to dist | |
315 | required the use of the "ustar" format to support | |
316 | filenames longer than 99 chars | |
317 | lookup of private key based on keyid of public key | |
318 | new functions to add certificates and retrieve private and public keys | |
319 | changed log level | |
320 | list ca certificates | |
321 | computation of SHA-1 hash over publicKeyInfo object | |
322 | moved abbreviated thread_id in front of brackets | |
323 | added has_key parameter to log_certificates() | |
324 | log_certificates() now shows keyid and availability of matching private key | |
325 | indented loaded file log entry | |
326 | moved TIMETOA_BUF definition to types.h | |
327 | moved TIMETOA_BUF definition from asn1.h | |
328 | define default CA_CERTIFICATE_DIR | |
329 | load all ca certificates | |
330 | fixed daemon destruction order to prevent | |
331 | crashes on termination | |
332 | fixed memleak when deleting a connection | |
333 | updated todo list | |
334 | policies contain a connections name now | |
335 | used for initiate and delete | |
336 | connections won't get initiated twice anymore | |
337 | deleting of connections is now possible, which allows us to use | |
338 | ipsec update and ipsec reload | |
339 | changed iterator->remove behavior | |
340 | ipsec up|down|route|delete require a connection name | |
341 | stroke now uses constant size string buffer | |
342 | changed to standard connection log output | |
343 | reworked parsing and matching of subjectAltNames | |
344 | added memeq() macro | |
345 | moved timetoa() from asn1.c to types.c | |
346 | corrected type | |
347 | some logging improvements and cosmetics | |
348 | handle IKE_SA setup without a piggy-packed CHILD_SA | |
349 | more IKEv2 conform | |
350 | initiate IKE_SA deletion befor manager destruction | |
351 | improved code of chunk_equals | |
352 | added streq() macro and defined default BUF_LEN | |
353 | typo | |
354 | build gets perl and gperf from configure now | |
355 | moved built sources to maintainer-clean | |
356 | show connection templates in status & statusall | |
357 | don't complain on termination of IKEv1 connections | |
358 | updated ipsec.conf manual to reflect actual state of | |
359 | keyexchange-parameter | |
360 | using hubs instead of switches, which allows us | |
361 | to sniff the traffic from the host system. | |
362 | changed config load strategy: | |
363 | starter loads both connections in charon & pluto, | |
364 | charon ignores anything with keyexchange!=ikev2. | |
365 | pluto needs the same behavior. | |
366 | changed build order to fix build error after distclean | |
367 | load_end_certificate() now loads certificates | |
368 | cosmetics | |
369 | moved definition of generalNames_t to identification.h; initialized subjectKeyID, authKeyID and authKeySerialNumber | |
370 | moved definition of generalNames_t to identification.h | |
371 | corrrected description | |
372 | reimplemented proper IKE SA deletion using a seperate state, | |
373 | should conform now to IKEv2 | |
374 | fixed build when using --enable-leak-detective | |
375 | added removed files to svn:ignore | |
376 | fixed bug in pluto/Makefile.am | |
377 | removed perl-generated oid.c/h from svn, | |
378 | added them to "dist" and "distclean" | |
379 | removed lex, yacc and gperf output from svn, | |
380 | added them to "dist" and "distclean" | |
381 | storing release revision in svn property "release-revision", because I forget it all the times | |
382 | fixed ignorelist, should work now | |
383 | added ingorelist for builded files | |
384 | re-added doxygen apidoc, buildable with "make apidoc" | |
385 | added missing ipsec.conf.5 to distribution :-/ | |
386 | fixed another typo | |
387 | added missing ipsec.conf ipsec.conf.5 | |
388 | existing ipsec.conf won't get overwritten anymore | |
389 | fixed typo in Makefile which corrupted the build | |
390 | applied patch from the NAT-T team fixing several typos | |
391 | applied patch from andreas, which allows certificate listing via stroke | |
392 | added ipsec.conf template and man page back | |
393 | removed old Makefiles | |
394 | added new strongswan KDevelop project & startup hack | |
395 | fixed Revision in changelog fo 4.0.0 | |
396 | started ChangeLog | |
397 | simple script for ChangeLog update via "svn log" | |
398 | fixed compliation error using --enable-smartcard | |
399 | added test for ikev1-ikev2 mixed mode | |
400 | added test ikev2 roadwarrior scenario | |
401 | applied andreas's patch | |
402 | logger output improvements | |
403 | testin gupdates | |
404 | and a lot more | |
405 | updated testsuite to autotools | |
406 | added random source ./configure options | |
407 | fixed default-pkcs11 option | |
408 | testcommit | |
409 | fixed errors when --enable-pkcs11 | |
410 | added autogen script | |
411 | introduced autotools | |
412 | first working version | |
413 | make dist should work | |
414 | things to do: | |
415 | UML testing! | |
416 | more cleanups | |
417 | fixed build | |
418 | started to rebuild source layout | |
419 | fixed stroke error output to starter | |
420 | using random SPIs now, but without collision checks | |
421 | applied some -W's from strongswan | |
422 | fixed that warnings | |
423 | removed IKEV2 ifdefs | |
424 | applied patch from andreas | |
425 | added charonstart option to config | |
426 | new ikev2 tests for UML | |
427 | ||
d7272314 MW |
428 | strongSwan-4.0.0 / R:967 |
429 | ========================== | |
8ba04040 | 430 | |
22ff6f57 MW |
431 | removed IKEV2 ifdefs |
432 | applied patch from andreas | |
433 | added charonstart option to config | |
434 | new ikev2 tests for UML | |
435 | applied patch from andreas | |
436 | pem loading | |
437 | secrets file parsing | |
438 | ikev2 testcase | |
439 | some other additions here and there | |
440 | connection termination is handled cleanly by name now | |
441 | fixed bad bug, certs load now cleanly again | |
442 | fixed make install (subdir order) | |
443 | fixed include path | |
444 | added missing script | |
445 | finished initial import of strongswan file tree | |
446 | removed a lot of old and unused stuff | |
447 | moved RFCs from ikev2 into doc dir | |
448 | added missing files for starter | |
449 | applied patch for charon (this time really) | |
450 | import of strongswan-2.7.0 | |
451 | applied patch for charon | |
452 | renamed get_block_size of hasher | |
453 | reworked usage of IDs in various states | |
454 | using ID_ANY for any, not NULL as before | |
455 | initiator sends IDr payload in IKE_AUTH when ID unique | |
456 | fixed charon checks | |
457 | using status & statusall | |
458 | patch for 2.7.0 | |
459 | add connection names to connections | |
460 | stroke status / ipsec status shows them | |
461 | added statusall for stroke | |
462 | added status by connection name | |
463 | some tests repaired, more to come | |
464 | fixed spi conversion | |
465 | improved "stroke status" output | |
466 | setup PID file after daemon initilization, to correctly inform | |
8ba04040 | 467 | starter about daemon startup |
22ff6f57 MW |
468 | added separate implementation for connection_store, credential_store, policy_store |
469 | added folder structure to config | |
470 | credentials are fetched solely on IDs now | |
471 | identification_t supports now almost all id types | |
472 | x509 certificates work with identification_t now | |
473 | fixes here, fixes there | |
474 | fixed doxygen build | |
475 | seperates now in lib and charon | |
476 | library initialization done at a central point (library.c) | |
477 | some leak_detective fixes | |
478 | updated Todos | |
479 | fixed log-to-syslog behavior | |
480 | added patch against strongswan-2.6.4 | |
481 | x509 certificate loading with pluto asn1 code | |
482 | x509 needs a lot more attention! | |
483 | renamed some files | |
484 | using asn1 pluto stuff now | |
485 | removed, since we use pluto asn1 stuff | |
486 | leak detective is usable, but does not show static function names | |
487 | a script which gets address via ldd and resolves address via addr2line would be nice | |
488 | fixed a leak in child_sa with new detective ;-) | |
489 | some improvements to new asn1 stuff | |
490 | to be continued | |
491 | fixed bad bugs in kernel interface | |
492 | added some logging info | |
493 | works now much more stable | |
494 | startet importing pluto ASN1 stuff | |
495 | der PKCS#1 key loading works (as it did with der_decoder) | |
496 | split up in libstrong, charon, stroke, testing done | |
497 | new leak detective with malloc hook in library | |
498 | useable, but needs improvements | |
499 | logger_manager has now a single instance per library | |
500 | allows use of loggers from any linking prog | |
501 | a LOT of other things | |
8ba04040 | 502 | ../svn-commit.tmp |
22ff6f57 MW |
503 | added misssing stroke.h |
504 | improved strokeing | |
505 | down connection | |
506 | status | |
507 | some other tweaks | |
508 | rewrote a lot of RSA stuff | |
509 | done major work for ASN1/decoder | |
510 | allow loading of ASN1 der encoded private keys, public keys and certificates | |
511 | extracting public key from certificates | |
512 | passing certificates from stroke to charon | |
8ba04040 | 513 | => basic authentication with RSA certificates works! |
22ff6f57 MW |
514 | starter work on asn1 with der de/encoder |
515 | RSA private and public key can load read key from ASN1 DER | |
516 | some other fixes here and there | |
517 | rewrite of logger_manager, uses now one instance per context | |
518 | cleanups for logger here and there | |
519 | removed critical flag check in payload verification (conformance to IKEv2) | |
520 | so thats and theres everywere... ;-) | |
521 | patch for strongswan-2.6.3 | |
522 | added charon support for strongswan build process | |
523 | ipsec starter supports charon startup and control | |
524 | removed old diploma thesis scripts | |
525 | some cleanups | |
526 | compatibility to strongswan, Makefile can be called by "make programs" | |
8ba04040 | 527 | and "make install" (ikev2 patch must be applied to strongswan) |
22ff6f57 MW |
528 | first version of stroke control utility |
529 | moved output to doc/api, since doc is used for other docs now | |
530 | some first documentation in english | |
531 | removed old eclipse project files | |
532 | works quite well now with ipsec.conf & ipsec starter | |
533 | belongs to previous commit ;-) | |
534 | reworked configuration framework completly | |
535 | configuration is now split up in: connections, policies, credentials and daemon config | |
536 | further alloc/free fixes needed! | |
537 | first attempt for connection loading and starting via "stroke" | |
538 | some improvements here and there | |
539 | configuration_manager replaced by configuration_t interface | |
540 | current configuration_manager is now static_configuration (testing) | |
541 | first draft of starter_configuration, which should once interact with ipsec starter (via whack?) | |
542 | some cleanups | |
543 | socket_t uses RAW socket, which allows parallel service of pluto/charon | |
544 | comments and cleanups | |
545 | working policy installation and removal | |
546 | fixed policy setup bug | |
547 | proposal setup implementation begun | |
548 | fixed socket code, so we know on which address we receive traffic | |
549 | AH/ESP setup in kernel is working now!!! :-))) | |
550 | installing of child sa works | |
551 | need correct IP adresses to actually use IPsec | |
552 | new RFCs of IKEv2, IKEv2 algs and IPSec arch added | |
553 | update of IKEv2 clarification document | |
554 | refactored ike proposal | |
555 | uses now proposal_t, wich is also used by child proposals | |
556 | ike key derivation refactored | |
557 | crypter_t api has get_key_size now | |
558 | some other improvements here and there | |
559 | config uses uml hosts alice and bob | |
560 | key derivation for child_sa works | |
561 | some fixes here and there | |
562 | fixed memleaks | |
563 | works with new proposal code | |
564 | still some(!) memleaks | |
565 | fixed alot of bugs in child_proposal | |
566 | near to working state ;-) | |
567 | dead end implementation | |
8ba04040 | 568 | |
22ff6f57 | 569 | ... there is a lot more of it, but nothing of interest |