testing: Use alternative approach for retransmits in ikev1/dpd-restart scenario
With a long delay, the retransmit might not get sent before further tests
are evaluated on faster machines, while more retransmits should still allow
the scenario to succeed on slower ones.
orbea [Tue, 5 Mar 2024 23:46:30 +0000 (15:46 -0800)]
nm: Don't set DL_LIBS to 'none required' in configure script
This copies the AC_SEARCH_LIBS check from the main strongSwan
configure.ac.
When building networkmanager-strongswan with slibtool if fails.
ld: cannot find none: No such file or directory
ld: cannot find required: No such file or directory
This is because configure.ac uses AC_SEARCH_LIBS to find dlopen which
sets the value of $ac_cv_search_dlopen to 'none required' which then
gets set in DL_LIBS and passed to slibtool.
With GNU libtool it silently ignores the unknown arguments.
Tobias Brunner [Mon, 2 Jun 2025 12:58:36 +0000 (14:58 +0200)]
android: Don't mention IKEv1 and L2TP in app description
Also removed on Play so the app does not show up when people search
for these keywords (they tend to not read the actual description and
then are surprised that neither protocol is supported).
Tobias Brunner [Fri, 6 Jun 2025 09:17:38 +0000 (11:17 +0200)]
testing: Make sure ML-KEM scenarios use our ml plugin
We now support OpenSSL's implementation in the openssl plugin. This
makes sure our plugin is used on at least one of the hosts if we ever
switch to an OpenSSL version that supports ML-KEM.
In the ikev2/rw-mlkem scenario the logic is reversed. There the ml plugin
is preferred on moon to test the responder side (and carol for the
initiator) and dave will switch to OpenSSL if it ever provides ML-KEM.
wolfssl: Unlock keys if necessary when using FIPS module
Wrap the functions that require it in PRIVATE_KEY_UNLOCK/PRIVATE_KEY_LOCK.
This can't be done at plugin initialization because it needs to be done
for every thread. strongSwan currently doesn't provide on-thread-create
callbacks for plugins so we need to wrap each direct call. Another reason
to do so is that some functions we call (e.g. wc_EccKeyToDer) internally
call PRIVATE_KEY_UNLOCK/PRIVATE_KEY_LOCK and would leave the keys locked
for that particular thread.
Tobias Brunner [Tue, 18 Feb 2025 13:24:08 +0000 (14:24 +0100)]
test-vectors: Remove HMAC PRF test vectors with key size 4
Some implementations enforce a minimum key size (e.g. wolfSSL in FIPS
mode) and in practice, the keys will be longer anyway (e.g. our nonces
are 32 bytes).
Tobias Brunner [Wed, 28 May 2025 14:48:42 +0000 (16:48 +0200)]
Merge branch 'iptfs'
This adds basic support for IP-TFS/AGGFRAG (RFC 9347). The Linux kernel,
since 6.14, only supports aggregation/fragmentation so far. The actual
TFS features will get added later.
Tests transport mode and UDP encapsulation with random source ports.
Interestingly, the responder always uses the same SA to respond (maybe
due to the cache on the policy).
kernel-netlink: Suppress NAT mapping updates for per-CPU SAs
As we set the remote port to 0, we'd get a mapping change message with
every packet. Setting the threshold avoids all kernel messages after the
first, which we suppress explicitly as well.
Tobias Brunner [Thu, 20 May 2021 07:41:54 +0000 (09:41 +0200)]
ike-sa: Sort CHILD_SAs by CPU ID
This might make debugging easier and also ensures that a possible
fallback SA without CPU ID is established first when reestablishing
an IKE_SA. Because even if such an SA is established first initially,
that might change later depending on when per-CPU SAs are rekeyed.
Tobias Brunner [Mon, 31 May 2021 13:21:46 +0000 (15:21 +0200)]
forecast: Ignore per-CPU CHILD_SAs
Not sure if this combination does make sense as the plugin itself would
be a major bottleneck.
Similar to the connmark plugin, PREROUTING rules list SPIs or UDP ports,
which would be necessary for all SAs while the OUTPUT rules would only be
required once.
Tobias Brunner [Mon, 31 May 2021 13:06:41 +0000 (15:06 +0200)]
connmark: Ignore per-CPU CHILD_SAs
The combination probably doesn't make much sense.
The OUTPUT rules would definitely only be required once, while the INPUT
and PREROUTING rules list individual SPIs and/or UDP ports, which would
be necessary for all SAs.
By the way, the rules in PREROUTING might actually not be necessary
anymore if the set_mark_in option was used for such SAs.
Tobias Brunner [Wed, 28 May 2025 14:30:56 +0000 (16:30 +0200)]
Merge branch 'acquires-seq'
This uses the sequence number from acquires when installing the SA. This
allows handling narrowing properly by changing the reqid and still
removing the temporary state in the kernel. It also changes that
traffic selectors are reused during rekeying/recreation/reauthentication,
so narrowed selectors won't return to the wider configured TS because
there won't be any TS from triggering packets to narrow again.
child-create: Use more generic method to pass information from previous SA
Besides the previous key exchange method, this will allow us to also
reuse the previous traffic selectors. Some data is still passed in
separate methods as some are set even when there is no previous SA and
others are not set in all cases.
The interface for queue_child() now optionally takes the previous
Child SA to handle both recreations and initiations from scratch.
Tobias Brunner [Mon, 24 Mar 2025 17:03:42 +0000 (18:03 +0100)]
trap-manager: Set seq. no. for CHILD_SAs not initiated by an acquire
This fixes cases where `start_action = trap|start` is used and an acquire
is triggered while the SA is initiated (granted if narrowing is expected,
that's not a recommended configuration as the responder can only use
the first config when there is no packet TS). The resulting second
create-child task will potentially get dropped by the duplicate check,
so the temporary state won't get removed and traffic is blocked until
that expires, neither can acquires get triggered for traffic that doesn't
match the initial SA's policies.