]>
git.ipfire.org Git - thirdparty/strongswan.git/log
Tobias Brunner [Fri, 29 Jun 2012 13:23:46 +0000 (15:23 +0200)]
Added LICENSE file to the distribution
Tobias Brunner [Fri, 29 Jun 2012 13:20:23 +0000 (15:20 +0200)]
Added OpenSSL/GPL exception to LICENSE file
Also updated other parts of the license.
Tobias Brunner [Fri, 29 Jun 2012 14:22:41 +0000 (16:22 +0200)]
Removed superfluous remove_hasher() call in md5 plugin
Martin Willi [Fri, 29 Jun 2012 13:21:57 +0000 (15:21 +0200)]
Pass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9
Martin Willi [Fri, 29 Jun 2012 11:40:05 +0000 (13:40 +0200)]
As a responder, don't start a TRANSACTION request if we expect one from the initiator
Andreas Steffen [Fri, 29 Jun 2012 04:24:02 +0000 (06:24 +0200)]
an IKE daemon needs these plugins but a PDP doesn't
Andreas Steffen [Thu, 28 Jun 2012 20:20:44 +0000 (22:20 +0200)]
added Ubuntu 12.04 LTS i686 measurements
Andreas Steffen [Thu, 28 Jun 2012 15:55:02 +0000 (17:55 +0200)]
IMCs and IMVs might depend on X.509 certificates or trusted public keys
Andreas Steffen [Thu, 28 Jun 2012 12:52:07 +0000 (14:52 +0200)]
added ikev1/virtual-ip scenario
Andreas Steffen [Thu, 28 Jun 2012 12:44:10 +0000 (14:44 +0200)]
corrected description of ikev1/ip-pool-db scenario
Andreas Steffen [Thu, 28 Jun 2012 12:42:34 +0000 (14:42 +0200)]
corrected description of ikev1/ip-pool scenario
Andreas Steffen [Thu, 28 Jun 2012 12:37:04 +0000 (14:37 +0200)]
added ikev1/ip-pool scenario
Andreas Steffen [Thu, 28 Jun 2012 12:23:47 +0000 (14:23 +0200)]
merged xauth-id-rsa and xauth-rsa-config scenarios
Tobias Brunner [Thu, 28 Jun 2012 10:13:05 +0000 (12:13 +0200)]
Defined a macro to replace strerror(3) with calls to thread-safe wrapper
Tobias Brunner [Wed, 27 Jun 2012 16:42:25 +0000 (18:42 +0200)]
Thread-safe wrapper around strerror(3)/strerror_r(3) added
Martin Willi [Thu, 28 Jun 2012 09:56:40 +0000 (11:56 +0200)]
Show some uname() info in "ipsec statusall"
Martin Willi [Thu, 28 Jun 2012 09:56:15 +0000 (11:56 +0200)]
Show some uname() info during charon startup
Andreas Steffen [Thu, 28 Jun 2012 07:30:24 +0000 (09:30 +0200)]
charon automatically removes virtual interfaces
Tobias Brunner [Wed, 27 Jun 2012 10:14:16 +0000 (12:14 +0200)]
libcharon also requires kernel interfaces and a socket implementation
Martin Willi [Tue, 26 Jun 2012 08:36:49 +0000 (10:36 +0200)]
Defer quick mode initiation if we expect a mode config request
Martin Willi [Tue, 26 Jun 2012 08:35:24 +0000 (10:35 +0200)]
Queue a mode config task as responder if we need a virtual IP
Martin Willi [Thu, 14 Jun 2012 14:13:10 +0000 (16:13 +0200)]
Add basic support for XAuth responder authentication
Martin Willi [Thu, 14 Jun 2012 14:08:28 +0000 (16:08 +0200)]
Map XAuth responder authentication methods between IKEv1 and IKEv2
Martin Willi [Wed, 27 Jun 2012 09:40:53 +0000 (11:40 +0200)]
Show remote EAP/XAuth identity in "statusall" on a separate line
Tobias Brunner [Wed, 27 Jun 2012 09:30:55 +0000 (11:30 +0200)]
gcrypt: Register SHA1 first as HASH_PREFERRED depends on it
Tobias Brunner [Wed, 27 Jun 2012 09:27:36 +0000 (11:27 +0200)]
Use static plugin features in libcharon to define essential dependencies
Tobias Brunner [Mon, 25 Jun 2012 16:58:53 +0000 (18:58 +0200)]
Use static plugin features in charon-nm
Martin Willi [Tue, 26 Jun 2012 16:00:40 +0000 (18:00 +0200)]
Ignore a received %any virtual IP for installation
Tobias Brunner [Tue, 26 Jun 2012 10:50:58 +0000 (12:50 +0200)]
Mask the configured mark value to ensure it is in range
Tobias Brunner [Tue, 26 Jun 2012 10:39:53 +0000 (12:39 +0200)]
Some updates in ipsec.conf(5) for 5.0.0
Tobias Brunner [Tue, 26 Jun 2012 05:58:04 +0000 (07:58 +0200)]
Added MAC wrappers to Android.mk
Tobias Brunner [Fri, 22 Jun 2012 11:33:38 +0000 (13:33 +0200)]
Also build charon's IKEv1 implementation on Android
Tobias Brunner [Fri, 22 Jun 2012 11:32:07 +0000 (13:32 +0200)]
Build nonce plugin on Android
Tobias Brunner [Fri, 22 Jun 2012 11:31:14 +0000 (13:31 +0200)]
Missing source file added to libcharon's Android.mk
Tobias Brunner [Thu, 14 Jun 2012 16:35:58 +0000 (18:35 +0200)]
scepclient: Added support to build it on Android
Tobias Brunner [Thu, 14 Jun 2012 16:20:35 +0000 (18:20 +0200)]
Added support for the curl plugin on Android
Tobias Brunner [Mon, 25 Jun 2012 17:00:00 +0000 (19:00 +0200)]
Avoid SIGSEGV during shutdown if charon is not started as root
Tobias Brunner [Mon, 25 Jun 2012 16:01:23 +0000 (18:01 +0200)]
NEWS about thread pool updates added
Tobias Brunner [Thu, 21 Jun 2012 08:10:25 +0000 (10:10 +0200)]
Make rescheduling a job more predictable
This avoids race conditions between calls to cancel() and jobs that like
to be rescheduled. If jobs were able to reschedule themselves it would
theoretically be possible that two worker threads have the same job
assigned (the one currently executing the job and the one executing the
same but rescheduled job if it already is time to execute it), this means
that cancel() could be called twice for that job.
Creating a new job based on the current one and reschedule that is also
OK, but rescheduling itself is more efficient for jobs that need to be
executed often.
Tobias Brunner [Tue, 19 Jun 2012 11:29:09 +0000 (13:29 +0200)]
Centralized thread cancellation in processor_t
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
Tobias Brunner [Tue, 19 Jun 2012 08:45:17 +0000 (10:45 +0200)]
Give processor_t more control over the lifecycle of a job
Jobs are now destroyed by the processor, but they are allowed to
reschedule themselves. That is, parts of the reschedule functionality
already provided by callback_job_t is moved to the processor. Not yet
fully supported is JOB_REQUEUE_DIRECT and canceling jobs.
Note: job_t.destroy() is now called not only for queued jobs but also
after execution or cancellation of jobs. job_t.status can be used to
decide what to do in said method.
Tobias Brunner [Wed, 20 Jun 2012 09:47:58 +0000 (11:47 +0200)]
Added a method to plugin_loader_t to add 'static' plugin features
This allows daemons and other components to register plugin features
like those provided by plugins (following the same lifecycle).
The added features are internally handled like they were added by a
plugin.
Tobias Brunner [Wed, 20 Jun 2012 09:34:46 +0000 (11:34 +0200)]
Make sure that all features of critical plugins are loaded
Tobias Brunner [Tue, 19 Jun 2012 15:12:53 +0000 (17:12 +0200)]
Added an option to rename the ipsec script during installation
Also rename the man page and adjust all references in the script, the
man page and other files.
Closes #194.
Tobias Brunner [Tue, 19 Jun 2012 15:26:54 +0000 (17:26 +0200)]
Removed -o argument when creating .../ipsec.d with install
This should have been removed with
2b52d5cb41 .
Tobias Brunner [Tue, 19 Jun 2012 14:09:50 +0000 (16:09 +0200)]
Updated ipsec script man page after removing pluto
Tobias Brunner [Mon, 25 Jun 2012 11:00:57 +0000 (13:00 +0200)]
Use mac_t and PRF and signer wrappers in cmac plugin
Tobias Brunner [Mon, 25 Jun 2012 10:50:55 +0000 (12:50 +0200)]
Use mac_t and PRF and signer wrappers in xcbc plugin
Tobias Brunner [Mon, 25 Jun 2012 09:37:04 +0000 (11:37 +0200)]
Make the hmac_t interface a generic interface for message authentication codes
Tobias Brunner [Fri, 22 Jun 2012 09:30:46 +0000 (11:30 +0200)]
Simplified creation of PRFs and signers in openssl and hmac plugins
Tobias Brunner [Fri, 22 Jun 2012 09:28:43 +0000 (11:28 +0200)]
Function to convert PRFs to hash algorithms added
Tobias Brunner [Fri, 22 Jun 2012 09:28:10 +0000 (11:28 +0200)]
hasher_algorithm_from_integrity() optionally returns truncation length
Tobias Brunner [Fri, 22 Jun 2012 08:52:20 +0000 (10:52 +0200)]
Use simple wrappers for HMAC based PRF and signer in openssl plugin
Tobias Brunner [Fri, 22 Jun 2012 08:38:37 +0000 (10:38 +0200)]
Use simple wrappers for HMAC based PRF and signer in hmac plugin
Tobias Brunner [Fri, 22 Jun 2012 07:39:09 +0000 (09:39 +0200)]
Simple wrappers for HMAC based prf_t and signer_t implementations added
Tobias Brunner [Thu, 21 Jun 2012 11:10:26 +0000 (13:10 +0200)]
Refactored OpenSSL based HMAC implementation
Aleksandr Grinberg [Wed, 20 Jun 2012 20:46:21 +0000 (13:46 -0700)]
Adding OpenSSL HMAC signer functions to openssl plugin
Aleksandr Grinberg [Wed, 20 Jun 2012 20:43:47 +0000 (13:43 -0700)]
Adding OpenSSL HMAC pseudo random functions to openssl plugin
Aleksandr Grinberg [Wed, 20 Jun 2012 20:39:37 +0000 (13:39 -0700)]
Adding OpenSSL random number functions to openssl plugin
Tobias Brunner [Mon, 18 Jun 2012 10:01:10 +0000 (12:01 +0200)]
Fixed IPv6 source address lookup
Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for
IPv6 routes we didn't use NLM_F_DUMP to get all routes.
Still routes installed with policies are installed also for IPv6.
So since only one route is returned without DUMP, and we ignore
all routes from our own routing table, no source address was found
during roaming if DST of the installed route included the IKE peer.
With newer kernels we can now use DUMP as we did for IPv4 already,
for older kernels we do so if our own routes are installed in a
separate routing table, otherwise we still use GET.
Andreas Steffen [Mon, 25 Jun 2012 11:04:55 +0000 (13:04 +0200)]
updated default configuration of UML hosts to 5.0.0
Andreas Steffen [Mon, 25 Jun 2012 09:47:40 +0000 (11:47 +0200)]
added charon.cisco_unity to strongswan.conf.5 man page
Andreas Steffen [Mon, 25 Jun 2012 09:00:12 +0000 (11:00 +0200)]
support Cisco Unity VID
Tobias Brunner [Mon, 25 Jun 2012 09:07:49 +0000 (11:07 +0200)]
Enable xauth-generic by default but don't build it if IKEv1 is disabled
Tobias Brunner [Mon, 25 Jun 2012 09:07:35 +0000 (11:07 +0200)]
Remove CREDITS from distribution
Tobias Brunner [Mon, 25 Jun 2012 08:59:27 +0000 (10:59 +0200)]
The AUTHORS file is required by automake
Tobias Brunner [Thu, 21 Jun 2012 16:14:43 +0000 (18:14 +0200)]
LICENSE file updated
Tobias Brunner [Thu, 21 Jun 2012 16:04:18 +0000 (18:04 +0200)]
ldaphost and ldapbase ca section keywords are deprecated
Tobias Brunner [Thu, 21 Jun 2012 15:58:59 +0000 (17:58 +0200)]
Removed pluto-specifics from ipsec script
Tobias Brunner [Thu, 21 Jun 2012 15:55:08 +0000 (17:55 +0200)]
README file cleaned up and updated
Martin Willi [Thu, 14 Jun 2012 13:25:11 +0000 (15:25 +0200)]
Enforce uniqueids=keep based on XAuth identity
Martin Willi [Thu, 14 Jun 2012 13:23:57 +0000 (15:23 +0200)]
Don't send XAUTH_OK if a hook prevents SA to establish
Martin Willi [Thu, 14 Jun 2012 13:08:37 +0000 (15:08 +0200)]
Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes
Martin Willi [Thu, 14 Jun 2012 13:07:44 +0000 (15:07 +0200)]
Show EAP/XAuth identity in "ipsec status", if available
Martin Willi [Thu, 14 Jun 2012 12:47:40 +0000 (14:47 +0200)]
Use XAuth/EAP remote identity for uniqueness check
Martin Willi [Mon, 25 Jun 2012 08:09:27 +0000 (10:09 +0200)]
Add missing XAuth name variable when complaining about missing XAuth backend
Andreas Steffen [Mon, 25 Jun 2012 06:45:10 +0000 (08:45 +0200)]
removed AUTHORS and CREDITS
Andreas Steffen [Sat, 23 Jun 2012 10:09:29 +0000 (12:09 +0200)]
some copyright additions
Andreas Steffen [Sat, 23 Jun 2012 09:57:42 +0000 (11:57 +0200)]
update copyright
Andreas Steffen [Sat, 23 Jun 2012 09:32:54 +0000 (11:32 +0200)]
version bump to 5.0.0
Tobias Brunner [Thu, 7 Jun 2012 12:59:20 +0000 (14:59 +0200)]
Fix SIGSEGV if kernel install fails during Quick Mode as responder.
Andreas Steffen [Fri, 22 Jun 2012 07:53:25 +0000 (09:53 +0200)]
adapted description to IKEv2
Tobias Brunner [Thu, 21 Jun 2012 11:59:18 +0000 (13:59 +0200)]
Fixed compile error because of charon->name in certexpire plugin.
Andreas Steffen [Wed, 20 Jun 2012 09:15:09 +0000 (11:15 +0200)]
fixed typo
Andreas Steffen [Wed, 20 Jun 2012 09:13:20 +0000 (11:13 +0200)]
added ipv6/rw-ip6-in-ip4-ikev1 scenario
Andreas Steffen [Wed, 20 Jun 2012 09:03:51 +0000 (11:03 +0200)]
added ipv6/rw-ip6-in-ip4-ikev2 scenario
Martin Willi [Wed, 20 Jun 2012 08:01:05 +0000 (10:01 +0200)]
Select requested virtual IP family based on remote TS, if no local TS available
Andreas Steffen [Tue, 19 Jun 2012 17:34:26 +0000 (19:34 +0200)]
upgraded UML options to 5.0.0
Tobias Brunner [Tue, 19 Jun 2012 11:32:24 +0000 (13:32 +0200)]
Doxygen fix in PKCS#7 wrapper
Andreas Steffen [Tue, 19 Jun 2012 04:18:05 +0000 (06:18 +0200)]
sleep one second more
Andreas Steffen [Tue, 19 Jun 2012 04:17:37 +0000 (06:17 +0200)]
use socket-default in scenario
Andreas Steffen [Mon, 18 Jun 2012 20:51:50 +0000 (22:51 +0200)]
added ikev1/xauth-id-rsa-hybrid scenario
Andreas Steffen [Mon, 18 Jun 2012 20:30:26 +0000 (22:30 +0200)]
added ikev1/xauth-id-rsa-aggressive scenario
Andreas Steffen [Mon, 18 Jun 2012 20:11:18 +0000 (22:11 +0200)]
added secret as valid authby argument
Andreas Steffen [Mon, 18 Jun 2012 20:03:36 +0000 (22:03 +0200)]
rsasig is not recognized as authentication method
Andreas Steffen [Mon, 18 Jun 2012 19:34:48 +0000 (21:34 +0200)]
enable potentially unsafe aggressive mode
Andreas Steffen [Mon, 18 Jun 2012 19:22:01 +0000 (21:22 +0200)]
change ikev1/xauth scenarios to modern notation
Tobias Brunner [Fri, 15 Jun 2012 13:19:23 +0000 (15:19 +0200)]
testing: List IPv6 routing table in IPv6 test cases.
Tobias Brunner [Fri, 15 Jun 2012 10:50:30 +0000 (12:50 +0200)]
NLM_F_DUMP includes NLM_F_ROOT.
Tobias Brunner [Fri, 15 Jun 2012 10:27:26 +0000 (12:27 +0200)]
Don't create roam jobs based on cached/cloned routes.