sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
15,991 Commits 101 Branches 327 Tags
Commit Graph

15991 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
99cf64e960 testing: Add support for counting matching lines in tests 
Specifying an integer instead of YES in evaltest.dat causes the number to get
compared against the actual number of lines matching the pattern.

This may be used to count matching packets or log lines.
 2017-08-07 10:44:05 +02:00
Tobias Brunner
f9fbcbb1a0 bus: Don't trigger child_updown() for rekeyed CHILD_SAs 
We don't trigger it either when they are deleted individually.
 2017-08-07 10:44:05 +02:00
Tobias Brunner
d24b831fe7 charon-tkm: Don't select new outbound SA until the policy is installed 
This tries to avoid packet loss during rekeying by delaying the usage of
the new outbound IKE_SA until the old one is deleted.

Note that esa_select() is a no-op in the current TKM implementation. And
the implementation also doesn't benefit from the delayed deletion of the
inbound SA as it calls esa_reset() when the outbound SA is deleted.
 2017-08-07 10:44:05 +02:00
Tobias Brunner
0d42a76275 charon-tkm: Claim to support SPIs on policies 
This fixes rekeying as the delayed installation of the outbound SA
caused the nonce context to be expired already.
 2017-08-07 10:44:05 +02:00
Tobias Brunner
a146b4c9ef child-sa: Install outbound SA immediately if kernel supports SPIs on policies 2017-08-07 10:44:05 +02:00
Tobias Brunner
2c116ef589 child-sa: Use flags to track installation of outbound SA and policies separately 2017-08-07 10:44:05 +02:00
Tobias Brunner
2699c8387a kernel-netlink: Set SPI on outbound policy 
This should cause the right SA to get used if there are multiple outbound
SAs and the policies are installed properly.
 2017-08-07 10:44:05 +02:00
Tobias Brunner
a46d233c0e kernel-interface: Not all kernel interfaces support SPIs on policies 2017-08-07 10:44:05 +02:00
Andreas Steffen
f0ae8c1761 Version bump to 5.6.0dr4 5.6.0dr4 2017-08-04 21:15:45 +02:00
Andreas Steffen
808be1d57f testing: Added tnc/tnccs-20-ev-pt-tls scenario 2017-08-04 19:15:51 +02:00
Andreas Steffen
88501a64ca swid-gen: Share SWID generator between sw-collector, imc-swima and imc-swid 2017-08-04 19:15:26 +02:00
Andreas Steffen
073c179a88 sw-collector: Added --full option 2017-08-03 09:02:54 +02:00
Andreas Steffen
bea3f5d07f sw-collector: Added --installed/removed options 2017-08-03 09:02:54 +02:00
Tobias Brunner
8f63a36b34 Merge branch 'appveyor' 
Build and run unit tests on AppVeyor Windows containers.
 2017-08-02 16:51:40 +02:00
Tobias Brunner
096626286a appveyor: Build against OpenSSL 
This is mainly for the RNG needed for the exchange tests.
 2017-07-28 11:23:23 +02:00
Tobias Brunner
95ecc11774 unit-tests: Double escape backslashes in Windows paths in settings test 
That's required when these are used as include paths in settings file
strings.
 2017-07-28 11:22:40 +02:00
Tobias Brunner
67ad553a2c unit-tests: Stringify direction in message asserts early 
x86_64-w64-mingw32-gcc on Windows requires this.
 2017-07-28 11:18:59 +02:00
Tobias Brunner
65064cc33b unit-tests: iv_gen_seq has a dependency on RNG_STRONG 
We currently don't have an RNG in Windows builds.
 2017-07-28 11:18:59 +02:00
Tobias Brunner
6eb7dd11ec appveyor: Run tests on AppVeyor Windows containers 
We can't enable leak detective as it is so slow then that we run into a
timeout (60 minutes).
 2017-07-28 11:18:17 +02:00
Tobias Brunner
8d4ebb3ac4 peer-cfg: Use an rwlock instead of a mutex to safely access child-cfgs 
If multiple threads want to enumerate child-cfgs and potentially lock
other locks (e.g. check out IKE_SAs) while doing so a deadlock could
be caused (as was the case with VICI configs with start_action=start).
It should also improve performance for roadwarrior connections and lots
of clients connecting concurrently.

Fixes #2374.
 2017-07-27 13:34:40 +02:00
Tobias Brunner
578d893b4a credential-manager: Log issuer identity if not found 2017-07-27 13:28:13 +02:00
Tobias Brunner
0b756fbe95 auth-cfg: Don't limit subjectAltName check to received certificates 
Otherwise this won't work if the certificate is only locally available.
 2017-07-27 13:27:19 +02:00
Tobias Brunner
4272a3e9d7 swanctl: Read default socket from swanctl.socket option 
Also read from swanctl.plugins.vici.socket so we get
libstrongswan.plugins.vici.socket if it is defined.

Fixes #2372.
 2017-07-27 13:22:57 +02:00
Tobias Brunner
ae48325a59 swanctl: Include config snippets from conf.d subdirectory 
Fixes #2371.
 2017-07-27 13:20:24 +02:00
Tobias Brunner
fb8c9b3d08 conf: Add support to generate include statements in .conf files 2017-07-27 13:19:38 +02:00
Tobias Brunner
67402ec77b curl: Enable following redirects 
The maximum number of redirects can be limited. The functionality can also
be disabled.

Fixes #2366.
 2017-07-27 13:15:43 +02:00
Tobias Brunner
791cfe82a1 ikev2: AES-CMAC-PRF-128 only uses the first 64 bits of each nonce 
References #2377.
 2017-07-27 13:09:26 +02:00
Tobias Brunner
ed926a73df error-notify: Don't stop sending notifies after removing a disconnected listener 
This prevented new listeners from receiving notifies if they joined
after another listener disconnected previously, and if they themselves
disconnected their old connection would prevent them again from getting
notifies.
 2017-07-27 13:07:24 +02:00
Tobias Brunner
6138b8d629 farp: Only remove one tracked entry 
Multiple CHILD_SAs sharing the same traffic selectors (e.g. during
make-before-break reauthentication) also have the same reqid assigned.
If all matching entries are removed we could end up without entry even
though an SA exists that still uses these traffic selectors.

Fixes #2373.
 2017-07-27 13:07:23 +02:00
Tobias Brunner
a0cde76958 ike: Trigger CHILD_INSTALLED state change after corresponding log message 
This way we get the log message in stroke and swanctl as last message
when establishing a connection. It's already like this for the IKE_SA
where IKE_ESTABLISHED is set after the corresponding log message.

Fixes #2364.
 2017-07-27 13:07:23 +02:00
Andreas Steffen
f35fbb2b5f sw-collector: sw-collector.first_file setting retrieves creation date from file stats 2017-07-26 19:51:21 +02:00
Tobias Brunner
6b69a66379 swima-collector: Fix compile error if SWID_DIRECTORY is not defined 2017-07-24 11:34:39 +02:00
Tobias Brunner
bf565b650c libimcv: Add missing files to Android.mk 2017-07-24 11:31:19 +02:00
Andreas Steffen
05f8e64d79 Version bump to 5.6.0dr3 5.6.0dr3 2017-07-18 20:53:35 +02:00
Andreas Steffen
a3b3538630 testing: Fixed the path of pt-tls-client 2017-07-18 20:43:03 +02:00
Andreas Steffen
a9383c2b46 checksum: Compile sw-collector before checksum 2017-07-18 20:02:21 +02:00
Andreas Steffen
8362378a15 checksum: Added pt-tls-client and sw-collector 2017-07-18 07:25:46 +02:00
Andreas Steffen
964bf73237 sw-collector: Moved to its own directory and added man page 2017-07-18 07:25:45 +02:00
Andreas Steffen
34cade8b84 pt-tls-client: Added man page 2017-07-16 15:37:03 +02:00
Andreas Steffen
693705c74e Version bump to 5.6.0dr2 5.6.0dr2 2017-07-13 14:24:32 +02:00
Andreas Steffen
cab4cc3a10 sw-collector: strip arch suffix from package names 2017-07-13 12:03:27 +02:00
Andreas Steffen
5b1dbc3a8d sw-collector: Check for epoch-less Debian package versions 2017-07-12 19:12:22 +02:00
Andreas Steffen
eab650d62f libtpmtss: Support of Intel TABRMD interface 2017-07-12 17:07:34 +02:00
Andreas Steffen
991703007a Version bump to 5.6.0dr1 
This major version includes the new SWIMA IMC/IMV pair which
implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft.
Full compliance to the ISO 19770-2:2015 SWID tag standard has
been achieved.
5.6.0dr1 		2017-07-08 23:21:56 +02:00
Andreas Steffen
803ac56626 Merge branch 'swima' 2017-07-08 23:20:32 +02:00
Andreas Steffen
23e0d6dca3 testing: Added tnc/tnccs-20-nea-pt-tls scenario 2017-07-08 23:19:51 +02:00
Andreas Steffen
facf1c76ea testing: Adaptation to ISO 19770-2:2015 SWID standard 2017-07-08 23:19:51 +02:00
Andreas Steffen
3bf8392d36 pt-tls-client: Support for TPM keyids 2017-07-08 23:19:51 +02:00
Andreas Steffen
49d56e1b39 imv-swima: Implemented SW event processing 2017-07-08 23:19:51 +02:00
Andreas Steffen
74aa1626d2 sw-collector: Query central collector database 2017-07-08 23:19:51 +02:00