sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-04 00:00:51 -05:00
Code Issues Projects Releases Wiki Activity
10,169 Commits 103 Branches 331 Tags
Commit Graph

10169 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Willi
2b95ab7620 Raise a bus alert when IKE message header parsing fails 2012-10-24 11:34:30 +02:00
Martin Willi
f6f16131d0 Raise a bus alert when a received message contains unknown SPIs 2012-10-24 11:34:30 +02:00
Martin Willi
47904e3c74 Define stroke counter types to implement 2012-10-24 11:34:11 +02:00
Martin Willi
8554895b95 Add a stub for IKE event counters in stroke 2012-10-24 11:34:11 +02:00
Martin Willi
b2265a2738 Add a load-tester option to define the IKE version to use for testing 2012-10-24 10:19:33 +02:00
Martin Willi
e19b23e0b9 Remove peer_cfg IKE version matching, as it is done in ike_cfg matching 2012-10-24 10:19:33 +02:00
Martin Willi
7910116384 Respect IKE version while selecting an ike_cfg as responder 2012-10-24 10:19:33 +02:00
Martin Willi
1fdd62ffce Remove version argument on peer_cfg constructor, use ike_cfg version instead 2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b Add IKE version information to ike_cfg_t 2012-10-24 10:18:35 +02:00
Martin Willi
cf62d073f1 Move ike_version_t definition from peer_cfg_t to ike_cfg_t 2012-10-24 10:17:36 +02:00
Tobias Brunner
23ca39010e android: Enable ECC in the app as our custom built libcrypto supports it 2012-10-23 18:13:58 +02:00
Andreas Steffen
d8e62ae9b4 version bump to 5.0.2dr2 2012-10-20 10:49:27 +02:00
Andreas Steffen
c2a5e7bcf9 updated NEWS 2012-10-19 08:52:35 +02:00
Andreas Steffen
a9c9414d58 implemented IETF Numeric Version attribute 2012-10-18 22:33:26 +02:00
Andreas Steffen
ef315c5a1c implemented IETF Remediation Instructions attribute 2012-10-18 18:24:26 +02:00
Tobias Brunner
d2c8bc4df0 Handle type of first EAP-RADIUS response more sophisticated 2012-10-18 14:48:11 +02:00
Tobias Brunner
a5436657e9 Starter ignores non-fatal errors when reloading config 2012-10-18 14:42:11 +02:00
Tobias Brunner
9e730ef9df Starter unroutes removed or changed connections before loading and routing new ones 2012-10-18 14:42:11 +02:00
Tobias Brunner
21037942e8 Update routed connections in trap manager 
Before this change, modified configs that have been updated with ipsec reload,
could properly be started manually, but the old config would get used if
triggered via trap policies.
 2012-10-18 14:42:10 +02:00
Tobias Brunner
3555bacac7 Reload logger configuration on SIGHUP 
Besides changing the configuration this allows to easily rotate log files.

Also moved logger initialization back to daemon_t.
 2012-10-18 14:42:10 +02:00
Tobias Brunner
d35d669180 Make syslog and file loggers configurable at runtime 2012-10-18 14:42:10 +02:00
Tobias Brunner
18a8893e8e Store loggers in conftest separately, not on charon 2012-10-18 14:42:10 +02:00
Tobias Brunner
3c4d383443 Added an option to reload certificates from PKCS#11 tokens on SIGHUP 2012-10-18 14:42:09 +02:00
Tobias Brunner
ca1c2ee281 Copy the name of pkcs11_library_t objects 
Strings returned by settings_t.create_section_enumerator will be freed
when the config is reloaded.
 2012-10-18 14:42:09 +02:00
Tobias Brunner
c30573467b New Android release after adding MOBIKE support 2012-10-18 14:03:38 +02:00
Tobias Brunner
8bd00205f4 Merge branch 'android-mobility' 
This brings support for MOBIKE to the Android app.  The app also tries
to keep the connection up as long as possible.

DNS queries are now handled by a new class that uses independent threads to
resolve them, this allows to cancel them e.g. if no network connectivity is
available (otherwise the app would block until the DNS query returns).
 2012-10-18 12:28:14 +02:00
Tobias Brunner
25a413cb96 Use a shortcut to resolve numeric IP addresses (no need for separate threads) 2012-10-18 12:27:32 +02:00
Tobias Brunner
d377556863 Use native threads in host resolver so that it works even if processor has no threads 2012-10-18 12:26:49 +02:00
Tobias Brunner
b4f6c39e55 Terminate unused resolver threads after a timeout 2012-10-18 12:26:00 +02:00
Tobias Brunner
49e2d109a3 Only create more threads if needed in host_resolver_t 2012-10-18 12:26:00 +02:00
Tobias Brunner
eecd41e349 Use a helper function to add milliseconds to timeval structs 2012-10-18 12:25:59 +02:00
Tobias Brunner
2b6088c718 android: Ignore if peer is unreachable when reestablishing an SA 2012-10-18 12:25:59 +02:00
Tobias Brunner
901f6ac403 android: Use a shorter timeout for retransmits 2012-10-18 10:57:55 +02:00
Tobias Brunner
8658e87b35 android: Use keyingtries=%forever and dpd|closeaction=restart 
We also ignore the CHILD_SA_DOWN event.

This should allow us to keep the connection up as long as the user does
not manually disconnect.
 2012-10-18 10:57:55 +02:00
Tobias Brunner
292d8f41c3 Resolve hosts by DNS name in separate threads so we can cancel them 
getaddrinfo(3) may block a long time so proper termination of the daemon may
block if DNS servers are not reachable.

getaddrinfo(3) is an optional cancellation point in posix threads so it
might still block a shutdown but at least on Android (with the signal based
pthread_cancel implementation) it works, on Linux starter will kill charon
anyway after a while.
 2012-10-18 10:57:55 +02:00
Andreas Steffen
bbf90fcc79 no need to include pa_tnc_msg.h 2012-10-18 07:00:32 +02:00
Andreas Steffen
6a61b79583 refactored PA-TNC message handling by IMVs 2012-10-17 23:15:14 +02:00
Andreas Steffen
f8a70254a9 refactored PA-TNC message handling by IMCs 2012-10-17 10:02:53 +02:00
Andreas Steffen
154cae09e3 increased IMC/IMV debug level to 3 2012-10-17 10:02:53 +02:00
Andreas Steffen
c8b88ba733 removed unused variable 2012-10-17 10:02:52 +02:00
Tobias Brunner
272ce5b580 android: Handle unreachable peers via alert 2012-10-16 14:16:17 +02:00
Tobias Brunner
1d6dc62727 Added a new alert that is raised if peer does not respond to initial IKE message 2012-10-16 14:16:17 +02:00
Tobias Brunner
b00806cf85 android: Use 0.0.0.0/0 as local traffic selector 
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
 2012-10-16 14:16:17 +02:00
Tobias Brunner
488b1cad13 Log IP addresses for discarded inbound IPsec packets 2012-10-16 14:16:17 +02:00
Tobias Brunner
45885ca613 android: Bypass/protect previously bypassed sockets if connectivity changes 2012-10-16 14:16:17 +02:00
Tobias Brunner
9167ca8b2b android: Support for IPsec SA update added 2012-10-16 14:16:17 +02:00
Tobias Brunner
51823c1f31 Use pointers for lookups in IPsec SA manager 2012-10-16 14:16:17 +02:00
Tobias Brunner
4785fbbc9c IPsec SA manager implements update_sa() 2012-10-16 14:16:17 +02:00
Tobias Brunner
7622c5e97e Setter for src and destination address of ipsec_sa_t added 2012-10-16 14:16:17 +02:00
Tobias Brunner
5b88d80f22 android: Trigger roam events in case connectivity changes 2012-10-16 14:16:17 +02:00