sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
10,993 Commits 101 Branches 327 Tags
Commit Graph

10993 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Willi
9650bf3cc7 kernel-pfroute: use INIT() macro for allocations 2013-05-06 16:10:12 +02:00
Martin Willi
0e107f03ac kernel-pfroute: use only a single PF_ROUTE socket for both events and queries 2013-05-06 16:10:12 +02:00
Martin Willi
e8002956c9 kernel-pfroute: fix length check when receiving PF_ROUTE messages 2013-05-06 16:10:12 +02:00
Martin Willi
64f309e735 kernel-pfkey: remove obsolete pluto specific behavior 2013-05-06 16:10:12 +02:00
Martin Willi
bc6275d21c kernel-netlink: remove obsolete pluto specific behavior 2013-05-06 16:10:11 +02:00
Martin Willi
2af65b26d9 tun_device: add a getter for the address previously passed to set_address() 2013-05-06 16:10:11 +02:00
Martin Willi
60babe0236 tun_device: add a getter for the underlying file descriptor 2013-05-06 16:10:11 +02:00
Martin Willi
d947d0d61a tun-device: use host_create_netmask() to calculate interface netmask 2013-05-06 16:10:11 +02:00
Martin Willi
2d8a01d1c6 host: add a netmask constructor taking the number of network bits 2013-05-06 16:10:11 +02:00
Martin Willi
4dc83e9fac host: remove unused host_t.get_differences() method 2013-05-06 16:10:11 +02:00
Martin Willi
7749eb0d2a host: print %#H format specifiers not as %any, but with the port 2013-05-06 16:10:11 +02:00
Martin Willi
344a4e54be host: initialize sockaddr->sa_len if it is available 2013-05-06 16:10:11 +02:00
Martin Willi
60ed88b2c7 child-sa: pass traffic selector to add_sa() regardless of IPsec mode 
This lets the kernel backend decide what to do with it, and in fact all kernel
interfaces already handle this correctly.
 2013-05-06 16:10:11 +02:00
Martin Willi
dc35d097b3 socket-default: to bind to one dynamic port on OS X, create v4 socket before v6 
It seems that the order of binding sockets of different address families to the
same dynamic port must be v6-before-v4 on Linux, but v4-before-v6 on OS X.
 2013-05-06 16:10:11 +02:00
Martin Willi
a30727fe2b socket-default: refactor socket pair opening to a function 2013-05-06 16:10:11 +02:00
Martin Willi
6948df3220 socket-default: Don't try to send packet if we haven't a socket for given family 2013-05-06 16:10:10 +02:00
Martin Willi
e9326eba13 socket-default: Use -1 if socket is not available, as 0 is actually a valid fd 2013-05-06 16:10:10 +02:00
Martin Willi
b0ccd14f2a semaphore: similar to thread_create(), semaphore_create() is used by Mach 
The compiler spits no warning, but the wrong symbol is used when calling
semaphore_create() from strongSwan. Override the name with a #define to force
the use of our semaphore_create().
 2013-05-06 16:06:48 +02:00
Martin Willi
0c586c0099 .gitignore: add OS X .DS_Store files 2013-05-06 16:06:48 +02:00
Martin Willi
922e2d1d62 Merge branch 'charon-cmd' 
Introduce a simple IKEv1/IKEv2 command line client, charon-cmd. It does
not need any configuration files at all, but takes a few command line arguments
to establish connections as a road warrior.
 2013-05-06 16:01:25 +02:00
Martin Willi
68fc0fe32e charon-cmd: add an option to set a different server identity 2013-05-06 15:54:35 +02:00
Martin Willi
a0f6f39343 proposals: try next if IKEv2 algorithm could not be mapped to IKEv1 2013-05-06 15:54:32 +02:00
Martin Willi
d2e2b9a2da charon-cmd: add support for different IKEv1/IKEv2 authentication profiles 2013-05-06 15:54:31 +02:00
Martin Willi
d6b0c28b25 charon-cmd: support multi-line help text for each option in usage 2013-05-06 15:54:29 +02:00
Martin Willi
8e53682cd9 charon-cmd: add --local/remote-ts options to set traffic selectors 2013-05-06 15:54:27 +02:00
Martin Willi
7a86bccd50 charon-cmd: Use dynamic ports with the socket-default plugin 2013-05-06 15:28:27 +02:00
Martin Willi
69333acee0 settings: Add a set_default_str() to set a different default for a key 
The value is set only if it is not configured in strongswan.conf or has
not been set() otherwise.
 2013-05-06 15:28:27 +02:00
Martin Willi
3ca58c32be charon-cmd: prompt for EAP passwords on-demand using a callback credential set 2013-05-06 15:28:27 +02:00
Martin Willi
b48941ae16 charon-cmd: authenticate with EAP if no private key is given 2013-05-06 15:28:27 +02:00
Martin Willi
7bcd96e43d charon-cmd: pass arguments to all handlers, even if already handled 2013-05-06 15:28:27 +02:00
Martin Willi
9dfd9275f0 charon-cmd: build long_opts only once when reading arguments in charon-cmd 2013-05-06 15:28:27 +02:00
Martin Willi
f0749552a6 charon-cmd: add support for using dynamic ports in charon-cmd 2013-05-06 15:28:26 +02:00
Martin Willi
d3874008e8 socket-dynamic: when sending from port zero, allocate a free port dynamically 2013-05-06 15:28:26 +02:00
Martin Willi
5e9144a21f controller: clean up job data if a thread gets cancelled waiting in a function 
Controller functions are thread cancellation points, so register a cancellation
handler cleaning up job data.
 2013-05-06 15:28:26 +02:00
Martin Willi
2baa7bbedb charon-cmd: load certificates and RSA private keys 2013-05-06 15:28:26 +02:00
Martin Willi
78d7a0f7e2 charon-cmd: add a connection object and its initiation to charon-cmd 2013-05-06 15:28:26 +02:00
Martin Willi
be44723de0 charon-cmd: move command line options to separate file, obsolete short options 2013-05-06 15:28:26 +02:00
Martin Willi
1fed10beb2 charon-cmd: add a stub for charon-cmd, a simple command line IKE client 2013-05-06 15:28:26 +02:00
Martin Willi
b4e9f74e42 Merge branch 'leak-detective-dlsym' 
Replaces the use of deprecated glibc malloc hooks by overloading malloc calls
and find the originals using dlsym(RTLD_NEXT).

On OS X, we now support the use of leak detective by changing the default
malloc zone functions, backtraces get resolved using atos.

It seems that the performance bottleneck now is stack unwinding. Unfortunately
a new libunwind based backtrace() is not much faster than the libc variant; we
keep that option nonetheless for platforms without backtrace().
 2013-05-06 15:15:58 +02:00
Martin Willi
40f2a5306a scripts: add a simple test utility to do some malloc() benchmarking/profiling 2013-05-06 15:15:24 +02:00
Martin Willi
29324299fe backtrace: use atos instead of addr2line on OS X to resolve source lines 2013-05-06 15:15:24 +02:00
Martin Willi
83714577a9 backtrace: add an alternative stack unwinding implementation using libunwind 2013-05-06 15:15:24 +02:00
Martin Willi
d8f6f0c01c leak-detective: add support for OS X by hooking default malloc zone 2013-05-06 15:15:24 +02:00
Martin Willi
50fbd32472 leak-detective: remove unused malloc call counters 2013-05-06 15:15:24 +02:00
Martin Willi
3117824f55 leak-detective: align allocations on both 32 and 64-bit systems to 32 bytes 2013-05-06 15:15:24 +02:00
Martin Willi
7e3f6299d5 leak-detective: call tzset() explicitly before enabling leak detective 
tzset() is hard to whitelist on some systems, as there is no symbol involved.
Call tzset() explicitly before initialization to avoid false positives.
 2013-05-06 15:15:24 +02:00
Martin Willi
17211b6b9a leak-detective: override malloc functions instead of using deprecated hooks 
malloc hooks have become deprecated, and their use has always been problematic,
especially in multi-threaded applications. Replace the functionality by
overriding all malloc functions and query the system allocator functions
using dlsym() with RTLD_NEXT.
 2013-05-06 15:15:24 +02:00
Martin Willi
e9b3bd5434 Merge branch 'silent-automake' 
Adds support for --enable/disable-silent-rules when building with Automake
1.11 or 1.12. make V=0 or V=1 can be used to build with a different verbosity
than ./configured.
 2013-05-06 15:05:40 +02:00
Martin Willi
d0f01a581d Add -s to make if --enable-silent-rules is ./configured 2013-05-06 15:04:56 +02:00
Martin Willi
0be946dce3 Use the GEN silent rule when generating files with sed 2013-05-06 15:04:56 +02:00