identity. For the initiator, each connection attempt uses a different identity
in the form
.BR "\(dqCN=c1-r1, OU=load-test, O=strongSwan\(dq" ,
-where the first number inidicates the client number, the second the
+where the first number indicates the client number, the second the
authentication round (if multiple authentication rounds are used).
.PP
For PSK authentication, FQDN identities are used. The server uses
scenario
rsa_strength: Connection requires a trustchain with RSA keys of given bits
ecdsa_strength: Connection requires a trustchain with ECDSA keys of given bits
- cert_policy: Connection requries a certificate with the given OID policy
+ cert_policy: Connection requires a certificate with the given OID policy
named_pool: Name of an IP pool defined e.g. in a database backend
The following CHILD_SA specific configuration options are supported:
IPSEC_PIDDIR directory containing PID/socket files
IPSEC_SCRIPT name of the ipsec script
IPSEC_NAME name of ipsec distribution
-IPSEC_VERSION version numer of ipsec userland and kernel
+IPSEC_VERSION version number of ipsec userland and kernel
IPSEC_STARTER_PID PID file for ipsec starter
IPSEC_CHARON_PID PID file for IKE keying daemon
.ad
* In-memory IP pool acquire operation.
*/
enum mem_pool_op_t {
- /** Check for an exsiting lease */
+ /** Check for an existing lease */
MEM_POOL_EXISTING,
/** Get a new lease */
MEM_POOL_NEW,
uint32_t over_time;
/**
- * DPD check intervall
+ * DPD check interval
*/
uint32_t dpd;
/**
- * DPD timeout intervall (used for IKEv1 only)
+ * DPD timeout interval (used for IKEv1 only)
*/
uint32_t dpd_timeout;
}
/**
- * Get the currenlty active segments in the kernel for a clusterip file
+ * Get the currently active segments in the kernel for a clusterip file
*/
static segment_mask_t get_active(private_ha_kernel_t *this, char *file)
{
if (update && current_sa)
{ /* check if there are actually any relevant changes, if not, we don't
* send an update to the kernel as e.g. FreeBSD doesn't do that
- * atomically, causing unecessary traffic loss during rekeyings */
+ * atomically, causing unnecessary traffic loss during rekeyings */
update = policy_update_required(current_sa, assigned_sa);
}
if (is_installed)
{ /* check if there are actually any relevant changes, if not, we do
* not send an update to the kernel as e.g. FreeBSD doesn't do that
- * atomically, causing unecessary traffic loss during rekeyings */
+ * atomically, causing unnecessary traffic loss during rekeyings */
policy->used_by->get_first(policy->used_by, (void**)&mapping);
is_installed = policy_update_required(mapping, to_remove);
}
hashtable_t *initiated;
/**
- * IKE_SAs we have completed to initate (success or failure)
+ * IKE_SAs we have completed to initiate (success or failure)
*/
hashtable_t *completed;
return;
}
auth = auth_cfg_create();
- /* for local config, we _copy_ entires from the config, as it contains
+ /* for local config, we _copy_ entries from the config, as it contains
* certificates we must send later. */
auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), local);
this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);
ike_sa_t *ike_sa;
/**
- * Are we the inititator of this task
+ * Are we the initiator of this task
*/
bool initiator;
array_t *packets;
/**
- * type of the initated exchange
+ * type of the initiated exchange
*/
exchange_type_t type;
* Create a new TASK_IKE_AUTH_LIFETIME task.
*
* @param ike_sa IKE_SA this task works for
- * @param initiator TRUE if taks is initiated by us
+ * @param initiator TRUE if task is initiated by us
* @return ike_auth_lifetime task to handle by the task_manager
*/
ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator);
* Create a new ike_mobike task.
*
* @param ike_sa IKE_SA this task works for
- * @param initiator TRUE if taks is initiated by us
+ * @param initiator TRUE if task is initiated by us
* @return ike_mobike task to handle by the task_manager
*/
ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator);
ike_sa_t *ike_sa;
/**
- * Are we the inititator of this task
+ * Are we the initiator of this task
*/
bool initiator;
};
/**
* Interface for a task, an operation handled within exchanges.
*
- * A task is an elemantary operation. It may be handled by a single or by
+ * A task is an elementary operation. It may be handled by a single or by
* multiple exchanges. An exchange may even complete multiple tasks.
* A task has a build() and an process() operation. The build() operation
* creates payloads and adds it to the message. The process() operation
* that the task completed, even when the task completed unsuccessfully. The
* manager then removes the task from the list. A NEED_MORE is returned when
* the task needs further build()/process() calls to complete, the manager
- * leaves the taks in the queue. A returned FAILED indicates a critical failure.
+ * leaves the task in the queue. A returned FAILED indicates a critical failure.
* The manager closes the IKE_SA whenever a task returns FAILED.
*/
struct task_t {
* Migrate a task to a new IKE_SA.
*
* After migrating a task, it goes back to a state where it can be
- * used again to initate an exchange. This is useful when a task
+ * used again to initiate an exchange. This is useful when a task
* has to get migrated to a new IKE_SA.
* A special usage is when a INVALID_KE_PAYLOAD is received. A call
* to reset resets the task, but uses another DH group for the next
#include <collections/linked_list.h>
#include <collections/hashtable.h>
-/** Intervall to check for expired sessions, in seconds */
+/** Interval to check for expired sessions, in seconds */
#define CLEANUP_INTERVAL 30
typedef struct private_fast_dispatcher_t private_fast_dispatcher_t;
* The first controller added serves as default controller. Client's
* get redirected to it if no other controller matches.
*
- * @param constructor constructor function to the conntroller
+ * @param constructor constructor function to the controller
* @param param param to pass to constructor
*/
void (*add_controller)(fast_dispatcher_t *this,
extern enum_name_t *pt_tls_message_type_names;
/**
- * Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT
+ * Result code for a single SASL mechanism, as sent in PT_TLS_SASL_RESULT
*/
enum pt_tls_sasl_result_t {
PT_TLS_SASL_RESULT_SUCCESS = 0,
* Read a chunk of len bytes from the end of the buffer, reduce remaining.
*
* @param len number of bytes to read
- * @param res ponter to result, not cloned
+ * @param res pointer to result, not cloned
* @return TRUE if data read successfully
*/
bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res);
* RFC4739 defines multiple authentication rounds. This class defines such
* a round from a configuration perspective, either for the local or the remote
* peer. Local configs are called "rulesets". They define how we authenticate.
- * Remote peer configs are called "constraits". They define what is needed to
+ * Remote peer configs are called "constraints". They define what is needed to
* complete the authentication round successfully.
*
* @verbatim
*
* @param f file where print output is directed to (usually stdout)
* @param detailed print more detailed certificate information
- * @param utc print time inforamtion in UTC
+ * @param utc print time information in UTC
*/
certificate_printer_t* certificate_printer_create(FILE *f, bool detailed,
bool utc);
* Register a crypter constructor.
*
* @param algo algorithm to constructor
- * @param key size key size to peform benchmarking for
+ * @param key size key size to perform benchmarking for
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
* @return TRUE if registered, FALSE if test vector failed
* Register a aead constructor.
*
* @param algo algorithm to constructor
- * @param key size key size to peform benchmarking for
+ * @param key size key size to perform benchmarking for
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
* @return TRUE if registered, FALSE if test vector failed
};
/**
- * Find a suiteable word size and network order conversion functions
+ * Find a suitable word size and network order conversion functions
*/
#if ULONG_MAX == 18446744073709551615UL && defined(htobe64)
# define htobeword htobe64
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
{
- DBG1(DBG_LIB, "could not instatiate random source");
+ DBG1(DBG_LIB, "could not instantiate random source");
return FALSE;
}
if (!rng->get_bytes(rng, seed_len, a_seed.ptr))
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
{
- DBG1(DBG_LIB, "could not instatiate random source");
+ DBG1(DBG_LIB, "could not instantiate random source");
goto end;
}
if (!rng->get_bytes(rng, seed_len, noise_seed.ptr))
};
/**
- * Create and instantiate a new DRBG objet.
+ * Create and instantiate a new DRBG object.
*
* @param strength security strength in bits
* @param pers_str personalization string
void (*get_array)(ntru_poly_t *this, uint16_t *array);
/**
- * Multiply polynomial a with ntru_poly_t object b having sparse coeffients
+ * Multiply polynomial a with ntru_poly_t object b having sparse coefficients
* to form result polynomial c = a * b
*
* @param a input polynomial a
* greater or equal to 256 they are assumed to be type and code as defined
* for traffic_selector_t.
*
- * @param protocol upper layer protocl to allow
+ * @param protocol upper layer protocol to allow
* @param from_port start of allowed port range
* @param to_port end of range
* @return
/* use start conditions stack */
%option stack
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
%option noinput noyywrap
/* don't use global variables, and interact properly with bison */
tcase_add_test(tc, test_printf_err);
suite_add_tcase(s, tc);
- tc = tcase_create("unsiged");
+ tc = tcase_create("unsigned");
tcase_add_test(tc, test_printf_unsigned);
suite_add_tcase(s, tc);
thread_set_active_condvar(&this->cv);
/* while a CriticalSection is recursive, waiting in a condvar releases
- * only one mutex. So release (and reaquire) all locks except the last. */
+ * only one mutex. So release (and reacquire) all locks except the last. */
times = mutex->times;
while (mutex->times-- > 1)
{
* @param peer client identity, NULL for no client authentication
* @param fd socket to read/write from
* @param cache session cache to use, or NULL
- * @param max_version maximun TLS version to negotiate
+ * @param max_version maximum TLS version to negotiate
* @param nullok accept NULL encryption ciphers
* @return TLS socket wrapper
*/
/* use start conditions stack */
%option stack
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
%option noinput noyywrap
/* don't use global variables, and interact properly with bison */
{"--child <name> [--ike <name>] [--timeout <s>] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
- {"child", 'c', 1, "initate a CHILD_SA configuration"},
+ {"child", 'c', 1, "initiate a CHILD_SA configuration"},
{"ike", 'i', 1, "name of the connection to which the child belongs"},
{"timeout", 't', 1, "timeout in seconds before detaching"},
{"raw", 'r', 0, "dump raw response message"},