strongswan-4.1.4
----------------
-- The pluto IKEv1 daemon now exhibits the same behaviour as its
+- The pluto IKEv1 daemon now exhibits the same behavior as its
IKEv2 companion charon by inserting an explicit route via the
_updown script only if a sourceip exists. This is admissible
since routing through the IPsec tunnel is handled automatically
/**
* Disable the fetcher and abort any future requests.
*
- * The native thread is not cancelable as it is working on an IKE_SA (cancelling the methods of
+ * The native thread is not cancelable as it is working on an IKE_SA (canceling the methods of
* HttpURLConnection is not reliably possible anyway), so to abort while fetching we cancel the
* Future (causing a return from fetch() immediately) and let the executor thread continue its
* thing in the background.
goto fail\r
\r
:init\r
-@rem Get command-line arguments, handling Windowz variants\r
+@rem Get command-line arguments, handling Windows variants\r
\r
if not "%OS%" == "Windows_NT" goto win9xME_args\r
if "%@eval[2+2]" == "4" goto 4NT_args\r
} entry_t;
/**
- * Clean up an entry, cancelling connection
+ * Clean up an entry, canceling connection
*/
static void destroy_entry(entry_t *entry)
{
this->lock->unlock(this->lock);
return NOT_SUPPORTED;
}
- /* receive is blocking and the thread can be cancelled */
+ /* receive is blocking and the thread can be canceled */
thread_cleanup_push((thread_cleanup_t)this->lock->unlock, this->lock);
status = this->socket->receive(this->socket, packet);
thread_cleanup_pop(TRUE);
* SQN with its own locally stored value. This potentially allows an attacker
* to do replay attacks. But since the server has proven his identity via IKE,
* such an attack is only possible between server and AAA (if any).
- * Note that SEQ_CHECK only controls the compile-time default behaviour,
- * but the run-time behaviour can always be controlled by setting the
+ * Note that SEQ_CHECK only controls the compile-time default behavior,
+ * but the run-time behavior can always be controlled by setting the
* charon.plugins.eap-aka-3gpp.seq_check config variable.
*/
struct eap_aka_3gpp_plugin_t {
/**
* Allocate and install a dynamic external address to use
*/
-static host_t *allocate_addr(private_load_tester_config_t *this, uint num)
+static host_t *allocate_addr(private_load_tester_config_t *this, u_int num)
{
enumerator_t *enumerator;
mem_pool_t *pool;
/**
* Generate a new initiator config, num = 0 for responder config
*/
-static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
+static peer_cfg_t* generate_config(private_load_tester_config_t *this, u_int num)
{
ike_cfg_t *ike_cfg;
child_cfg_t *child_cfg;
* - vici_end_list(): Close a previously opened list
* - vici_add_list_item() / vici_add_list_itemf(): Add list item
*
- * Once the request message is complete, it can be sent or cancelled with:
+ * Once the request message is complete, it can be sent or canceled with:
*
* - vici_submit()
* - vici_free_req()
# close vici socket
close($socket);
-=head1 COPYRIGHT AND LICENCE
+=head1 COPYRIGHT AND LICENSE
Copyright (c) 2015 Andreas Steffen
void (*remove_task)(ike_sa_t *this, enumerator_t *enumerator);
/**
- * Flush a task queue, cancelling all tasks in it.
+ * Flush a task queue, canceling all tasks in it.
*
* @param queue queue type to flush
*/
*
* Measures are taken according to the uniqueness policy of the IKE_SA.
* The return value indicates whether duplicates have been found and if
- * further measures should be taken (e.g. cancelling an IKE_AUTH exchange).
+ * further measures should be taken (e.g. canceling an IKE_AUTH exchange).
* check_uniqueness() must be called before the IKE_SA is complete,
* deadlocks occur otherwise.
*
message_t *message;
host_t *me, *other;
exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
- bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE;
+ bool new_mid = FALSE, expect_response = FALSE, canceled = FALSE, keep = FALSE;
if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED &&
this->initiating.type != INFORMATIONAL_V1)
/* processed, but task needs another exchange */
continue;
case ALREADY_DONE:
- cancelled = TRUE;
+ canceled = TRUE;
break;
case FAILED:
default:
{ /* tasks completed, no exchange active anymore */
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
}
- if (cancelled)
+ if (canceled)
{
message->destroy(message);
return initiate(this);
task_t *task;
message_t *message;
host_t *me, *other;
- bool delete = FALSE, cancelled = FALSE, expect_request = FALSE;
+ bool delete = FALSE, canceled = FALSE, expect_request = FALSE;
me = request->get_destination(request);
other = request->get_source(request);
}
continue;
case ALREADY_DONE:
- cancelled = TRUE;
+ canceled = TRUE;
break;
case INVALID_ARG:
if (task->get_type(task) == TASK_QUICK_MODE)
enumerator->destroy(enumerator);
clear_packets(this->responding.packets);
- if (cancelled)
+ if (canceled)
{
message->destroy(message);
return initiate(this);
{
if (!charon->bus->authorize(charon->bus, TRUE))
{
- DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling");
+ DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, canceling");
return FALSE;
}
this->ike_sa->queue_task(this->ike_sa,
(task_t*)informational_create(this->ike_sa, notify));
- /* cancel all active/passive tasks in favour of informational */
+ /* cancel all active/passive tasks in favor of informational */
this->ike_sa->flush_queue(this->ike_sa,
this->initiator ? TASK_QUEUE_ACTIVE : TASK_QUEUE_PASSIVE);
return ALREADY_DONE;
{
this->ike_sa->queue_task(this->ike_sa,
(task_t*)isakmp_delete_create(this->ike_sa, TRUE));
- /* cancel all active tasks in favour of informational */
+ /* cancel all active tasks in favor of informational */
this->ike_sa->flush_queue(this->ike_sa,
this->initiator ? TASK_QUEUE_ACTIVE : TASK_QUEUE_PASSIVE);
return ALREADY_DONE;
if (charon->ike_sa_manager->check_uniqueness(
charon->ike_sa_manager, this->ike_sa, FALSE))
{
- DBG1(DBG_IKE, "cancelling Aggressive Mode due to "
+ DBG1(DBG_IKE, "canceling Aggressive Mode due to "
"uniqueness policy");
return send_notify(this, AUTHENTICATION_FAILED);
}
if (!charon->bus->authorize(charon->bus, FALSE))
{
DBG1(DBG_IKE, "Aggressive Mode authorization hook forbids "
- "IKE_SA, cancelling");
+ "IKE_SA, canceling");
charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
if (charon->ike_sa_manager->check_uniqueness(
charon->ike_sa_manager, this->ike_sa, FALSE))
{
- DBG1(DBG_IKE, "cancelling Aggressive Mode due to "
+ DBG1(DBG_IKE, "canceling Aggressive Mode due to "
"uniqueness policy");
return send_delete(this);
}
if (!charon->bus->authorize(charon->bus, FALSE))
{
DBG1(DBG_IKE, "Aggressive Mode authorization hook forbids IKE_SA, "
- "cancelling");
+ "canceling");
return send_notify(this, AUTHENTICATION_FAILED);
}
{
if (!charon->bus->authorize(charon->bus, TRUE))
{
- DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling");
+ DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, canceling");
return FALSE;
}
this->ike_sa->queue_task(this->ike_sa,
(task_t*)informational_create(this->ike_sa, notify));
- /* cancel all active/passive tasks in favour of informational */
+ /* cancel all active/passive tasks in favor of informational */
this->ike_sa->flush_queue(this->ike_sa,
this->initiator ? TASK_QUEUE_ACTIVE : TASK_QUEUE_PASSIVE);
return ALREADY_DONE;
{
this->ike_sa->queue_task(this->ike_sa,
(task_t*)isakmp_delete_create(this->ike_sa, TRUE));
- /* cancel all active tasks in favour of informational */
+ /* cancel all active tasks in favor of informational */
this->ike_sa->flush_queue(this->ike_sa,
this->initiator ? TASK_QUEUE_ACTIVE : TASK_QUEUE_PASSIVE);
return ALREADY_DONE;
if (!charon->bus->authorize(charon->bus, FALSE))
{
DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, "
- "cancelling");
+ "canceling");
charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
if (charon->ike_sa_manager->check_uniqueness(
charon->ike_sa_manager, this->ike_sa, FALSE))
{
- DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness "
+ DBG1(DBG_IKE, "canceling Main Mode due to uniqueness "
"policy");
return send_notify(this, AUTHENTICATION_FAILED);
}
if (!charon->bus->authorize(charon->bus, FALSE))
{
DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, "
- "cancelling");
+ "canceling");
charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
if (charon->ike_sa_manager->check_uniqueness(
charon->ike_sa_manager, this->ike_sa, FALSE))
{
- DBG1(DBG_IKE, "cancelling Main Mode due to uniqueness "
+ DBG1(DBG_IKE, "canceling Main Mode due to uniqueness "
"policy");
return send_delete(this);
}
this->ike_sa->queue_task(this->ike_sa,
(task_t*)informational_create(this->ike_sa, notify));
- /* cancel all active/passive tasks in favour of informational */
+ /* cancel all active/passive tasks in favor of informational */
this->ike_sa->flush_queue(this->ike_sa,
this->initiator ? TASK_QUEUE_ACTIVE : TASK_QUEUE_PASSIVE);
return ALREADY_DONE;
if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
this->ike_sa, FALSE))
{
- DBG1(DBG_IKE, "cancelling XAuth due to uniqueness policy");
+ DBG1(DBG_IKE, "canceling XAuth due to uniqueness policy");
return FALSE;
}
if (!charon->bus->authorize(charon->bus, FALSE))
{
- DBG1(DBG_IKE, "XAuth authorization hook forbids IKE_SA, cancelling");
+ DBG1(DBG_IKE, "XAuth authorization hook forbids IKE_SA, canceling");
return FALSE;
}
if (!charon->bus->authorize(charon->bus, TRUE))
{
- DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling");
+ DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, canceling");
return FALSE;
}
return TRUE;
/* another auth round done, invoke authorize hook */
if (!charon->bus->authorize(charon->bus, FALSE))
{
- DBG1(DBG_IKE, "authorization hook forbids IKE_SA, cancelling");
+ DBG1(DBG_IKE, "authorization hook forbids IKE_SA, canceling");
this->authentication_failed = TRUE;
return NEED_MORE;
}
if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager,
this->ike_sa, this->initial_contact))
{
- DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy");
+ DBG1(DBG_IKE, "canceling IKE_SA setup due to uniqueness policy");
charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP);
message->add_notify(message, TRUE, AUTHENTICATION_FAILED,
chunk_empty);
}
if (!charon->bus->authorize(charon->bus, TRUE))
{
- DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling");
+ DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, canceling");
goto peer_auth_failed;
}
if (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_REDIRECTION) &&
/* another auth round done, invoke authorize hook */
if (!charon->bus->authorize(charon->bus, FALSE))
{
- DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling");
+ DBG1(DBG_IKE, "authorization forbids IKE_SA, canceling");
goto peer_auth_failed;
}
if (!charon->bus->authorize(charon->bus, TRUE))
{
DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, "
- "cancelling");
+ "canceling");
goto peer_auth_failed;
}
DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
void (*flush)(task_manager_t *this);
/**
- * Flush a queue, cancelling all tasks.
+ * Flush a queue, canceling all tasks.
*
* @param queue queue to flush
*/
*
* The fetcher returns NOT_SUPPORTED to indicate that it is uncappable
* to handle such URLs. Other return values indicate a failure, and
- * fetching of that URL gets cancelled.
+ * fetching of that URL gets canceled.
* If no FETCH_CALLBACK function is set as option, userdata must be
* a chunk_t*. This chunk gets allocated, accumulated data using the
* fetcher_default_callback() function.
{
this->loop = CFRunLoopGetCurrent();
- /* does not return until cancelled */
+ /* does not return until canceled */
CFRunLoopRun();
this->loop = NULL;
rv = entry->lib->f->C_WaitForSlotEvent(0, &slot, NULL);
if (rv == CKR_FUNCTION_NOT_SUPPORTED || rv == CKR_NO_EVENT)
{
- DBG1(DBG_CFG, "module '%s' does not support hot-plugging, cancelled",
+ DBG1(DBG_CFG, "module '%s' does not support hot-plugging, canceled",
entry->lib->get_name(entry->lib));
return JOB_REQUEUE_NONE;
}
}
if (!this->cb(user, chunk_create(buf, received)))
{
- DBG1(DBG_LIB, "processing response failed or cancelled");
+ DBG1(DBG_LIB, "processing response failed or canceled");
return FALSE;
}
}
}
/**
- * Cleanup function if callback gets cancelled
+ * Cleanup function if callback gets canceled
*/
static void unregister(notify_data_t *data)
{
- /* if a thread processing a callback gets cancelled, we mark the entry
- * as cancelled, like the callback would return FALSE. This is required
+ /* if a thread processing a callback gets canceled, we mark the entry
+ * as canceled, like the callback would return FALSE. This is required
* to not queue this watcher again if all threads have been gone. */
data->keep = FALSE;
}
{
entry_t *entry;
- /* When the watcher thread gets cancelled, we have to reactivate any entry
+ /* When the watcher thread gets canceled, we have to reactivate any entry
* and signal threads in remove() to go on. */
this->mutex->lock(this->mutex);
if (res == -1 && errno == EINTR)
{
/* LinuxThreads interrupts poll(), but does not make it a
- * cancellation point. Manually test if we got cancelled. */
+ * cancellation point. Manually test if we got canceled. */
thread_cancellation_point();
}
thread_cancelability(FALSE);
data->cancellable = FALSE;
- /* we should not get cancelled here */
+ /* we should not get canceled here */
data->sem->wait(data->sem);
data->cancellable = TRUE;
bool detached_or_joined;
/**
- * TRUE if the threads has terminated (cancelled, via thread_exit or
+ * TRUE if the threads has terminated (canceled, via thread_exit or
* returned from the main function)
*/
bool terminated;
#endif
/* the signal handler for SIG_CANCEL uses pthread_exit to terminate the
- * "cancelled" thread */
+ * "canceled" thread */
static void cancel_signal_handler(int sig)
{
pthread_exit(NULL);
/**
* Push a function onto the current thread's cleanup handler stack.
- * The callback function is called whenever the thread is cancelled, exits or
+ * The callback function is called whenever the thread is canceled, exits or
* thread_cleanup_pop is called with TRUE as execute argument.
*
* @param cleanup function called on thread exit
bool cancelability;
/**
- * Has the thread been cancelled by thread->cancel()?
+ * Has the thread been canceled by thread->cancel()?
*/
bool canceled;
* - ID_RFC822_ADDR: alice@wonderland.org
* - ID_DER_ASN1_DN: C=CH, O=Linux strongSwan, CN=bob
*
- * In favour of pluto, domainnames are prepended with an @, since
+ * In favor of pluto, domainnames are prepended with an @, since
* pluto resolves domainnames without an @ to IPv4 addresses. Since
* we use a separate host_t class for addresses, this doesn't
* make sense for us.
default:
break;
}
- DBG2(DBG_TLS, "sending %N acknowledgement packet",
+ DBG2(DBG_TLS, "sending %N acknowledgment packet",
eap_type_names, this->type);
return chunk_clone(chunk_from_thing(pkt));
}
{
if (in.len == sizeof(eap_tls_packet_t))
{
- DBG2(DBG_TLS, "received %N acknowledgement packet",
+ DBG2(DBG_TLS, "received %N acknowledgment packet",
eap_type_names, this->type);
status = build_pkt(this, out);
if (status == INVALID_STATE && this->tls->is_complete(this->tls))
DBG1(DBG_TLS, "%N not supported", hash_algorithm_names,
hash_algorithm);
}
- DBG1(DBG_TLS, "unable to initialise HKDF");
+ DBG1(DBG_TLS, "unable to initialize HKDF");
destroy(this);
return NULL;
}
this->mutex->lock(this->mutex);
if (this->batch)
{
- DBG1(DBG_TNC, "cancelling TNCCS batch");
+ DBG1(DBG_TNC, "canceling TNCCS batch");
this->batch->destroy(this->batch);
this->batch_id--;
}
{
if (this->batch_type != PB_BATCH_NONE)
{
- DBG1(DBG_TNC, "cancelling PB-TNC %N batch",
+ DBG1(DBG_TNC, "canceling PB-TNC %N batch",
pb_tnc_batch_type_names, this->batch_type);
while (this->messages->remove_last(this->messages,
{
if (this->batch_type != PB_BATCH_NONE)
{
- DBG1(DBG_TNC, "cancelling PB-TNC %N batch",
+ DBG1(DBG_TNC, "canceling PB-TNC %N batch",
pb_tnc_batch_type_names, this->batch_type);
while (this->messages->remove_last(this->messages,
});
/*
* A number of helper functions used for managing events.
- * Many of the ideas behind this code orignated from
+ * Many of the ideas behind this code originated from
* Dean Edwards' addEvent library.
*/
jQuery.event = {
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
to the virtual gateway <b>mars</b> implemented by the two real gateways
<b>alice</b> and <b>moon</b> in a <b>High Availability</b> (HA) setup
-based on <b>ClusterIP</b>. The HA synchronisation link between the two
+based on <b>ClusterIP</b>. The HA synchronization link between the two
gateways is secured by an IPsec transport connection. At the outset
<b>alice</b> is the active and <b>moon</b> is the passive gateway.
After <b>alice</b> gets killed <b>moon</b> automatically takes over
-TThe roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>vips = 0.0.0.0</b>
parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server
information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically
projects / thirdparty / strongswan.git / commitdiff
