sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-12-15 00:00:26 -05:00
Code Issues Projects Releases Wiki Activity
1,126 Commits 103 Branches 333 Tags
Commit Graph

1126 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Willi
a7371600b0 proper error handling for socket creation 2006-09-18 06:44:38 +00:00
Martin Willi
b9024ee058 handle certificate parsing error more generous 2006-09-14 13:14:58 +00:00
Martin Willi
8a95c322c5 fixed certificate verification bug! 2006-09-14 12:22:08 +00:00
Martin Willi
567e2a7822 fixed memleak when receiving invalid certificate 2006-09-14 12:15:41 +00:00
Andreas Steffen
6725ef5f23 version bump to 4.0.4 2006-09-14 06:47:21 +00:00
Andreas Steffen
7a7390e995 version bump to 4.0.4 2006-09-14 06:45:16 +00:00
Andreas Steffen
dc8ad57aa9 two new test scenarios 2006-09-14 06:39:14 +00:00
Andreas Steffen
1f948f684a fixed path to images directory 2006-09-14 06:38:50 +00:00
Martin Willi
d7934d0cfc implemented updown script to handle firewalling 2006-09-12 13:50:14 +00:00
Martin Willi
a095243f60 add priority management for kernel policy 
let ROUTED policies installed, until manuall removed
introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
ike_sa_manager cleanups
 2006-09-08 13:10:52 +00:00
Martin Willi
1239c6f40b implemented handling of dpdaction and dpddelay ipsec.conf parameters 2006-09-08 06:12:02 +00:00
Martin Willi
a655f5c09c reuse reqid when a ROUTED child_sa gets INSTALLED 
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
 2006-09-05 14:07:25 +00:00
Martin Willi
da8ab11e91 fixed a at-least-one-year-old bug which caused crashed in the scheduler 2006-08-31 06:48:10 +00:00
Martin Willi
c705698293 added raw socket filter for IPv6 2006-08-31 06:18:15 +00:00
Martin Willi
053842f4e7 implemented NAT detection for IPv6 2006-08-31 06:17:41 +00:00
Martin Willi
1f7fd2ced8 removed unneeded constructor 2006-08-31 06:16:52 +00:00
Martin Willi
48d9883a3e initial support for IPv6 (more testing needed) 
socket works (without v6 filter)
  traffic selector handle IPv4/v4 cleanly
    improvements in traffic selector code
  kernel interface accepts v6 traffic selectors and hosts
  host_t class has full IPv6 support
 2006-08-30 17:12:56 +00:00
Martin Willi
51d4876814 added stddef.h include for compilers which do not support the offsetof() directive 2006-08-28 09:02:51 +00:00
Martin Willi
4c23a8c9ec moved interface enumeration code to socket, where it belongs 
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
 2006-08-28 08:45:22 +00:00
Andreas Steffen
834b2ce2e2 version bump of UML kernel to 2.6.17.11 2006-08-25 09:25:12 +00:00
Martin Willi
fa8d578d94 fixed crash bug when doing "ipsec down" with an unknown connection 2006-08-25 09:19:42 +00:00
Martin Willi
9be547c0ed added name property in CHILD_SA, allows proper status output 2006-08-25 09:07:37 +00:00
Martin Willi
7106403bd8 2006-08-25 07:42:48 +00:00
Martin Willi
c3e7aeb102 fixed bug which prevented port float when nat is detected 2006-08-25 07:37:22 +00:00
Andreas Steffen
8ae6a48f94 version bumps 2006-08-25 07:30:29 +00:00
Andreas Steffen
b425d99867 'sha' and 'sha1' are now treated as synonyms 2006-08-23 12:07:15 +00:00
Andreas Steffen
3dc16958dd 'sha' and 'sha1' are now treated as synonyms 2006-08-23 12:07:07 +00:00
Martin Willi
a1310b6b92 updated Changelog and other docs 2006-08-23 11:48:33 +00:00
Martin Willi
d03ab568a6 fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD) 4.0.3 2006-08-23 09:25:41 +00:00
Martin Willi
3183006de2 implement proper handling of most simultaneous IKE_SA rekeying cases 2006-08-23 07:30:43 +00:00
Andreas Steffen
c3f97102f1 version bump to 4.0.3 2006-08-02 12:33:26 +00:00
Martin Willi
f698448ea3 implemented proper refcounting using atomic operations 2006-07-28 09:45:18 +00:00
Martin Willi
fe04e93a8b implemented IKE_SA rekeying 
uses ikelifetime, rekeymargin and rekeyfuzz config settings
	no handling of simultaneus exchanges yet!
 2006-07-27 12:18:40 +00:00
Martin Willi
45f76a7ddd added possibility to route CHILD_SAs, without to set them up 
support for auto=route parameter
	support for ipsec route and ipsec unroute
	initiating of CHILD and/or IKE_SAs based on kernel acquires
 2006-07-21 13:31:53 +00:00
Martin Willi
c0593835f4 reuse an existing IKE_SA to set up additional CHILD_SAs 2006-07-20 14:57:49 +00:00
Martin Willi
8dfbe71b34 introduced refcounting on policy and connections 
aren't stored in the IKE_SA anymore, they are queried on the fly
	are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
	rekeying queries the policy based on its traffic selectors
 2006-07-20 10:09:32 +00:00
Martin Willi
92ee45a0ee cleanups in kernel interface code 
added proper traffic selector to string conversion
some cleanups here & there
 2006-07-18 12:53:54 +00:00
Andreas Steffen
623d3dcf78 X.509 certificate trust path verification 4.0.2 2006-07-14 13:21:19 +00:00
Andreas Steffen
a9ae2c01ed added 2006-07-14 12:58:47 +00:00
Martin Willi
e6cfe0eecc fixed UDP decapsulation by adding inbound bypass policy for send socket 2006-07-14 12:53:06 +00:00
Martin Willi
106e9fc6f8 updated mixed tests to new charon output 2006-07-14 12:29:26 +00:00
Andreas Steffen
bf4df11f44 corrected DPD entry 2006-07-14 11:51:45 +00:00
Martin Willi
ead36455a9 reenabled module tests for charon 2006-07-14 11:16:49 +00:00
Martin Willi
b34be51cef fixed bug which erroneously detected KE payload when rekeying 2006-07-14 08:18:48 +00:00
Martin Willi
e3109c02ac added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT 2006-07-14 08:08:55 +00:00
Martin Willi
325e497798 improved logging on verify errors for some payloads 
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload
 2006-07-13 12:49:35 +00:00
Martin Willi
7af345e11e added test cases from NAT team 
updated all IKEv2 tests to work with new status output
 2006-07-13 12:45:18 +00:00
Martin Willi
1279eda042 added tcpdumpcount function from NATT guys 
added possibility to mount the strongswan tree into all UMLs
added script for installing from shared tree in all UMLs
added script to shut down all UMLs properly
 2006-07-13 12:43:52 +00:00
Martin Willi
be247b817b removed in favour of tests from NAT team 2006-07-13 12:00:36 +00:00
Martin Willi
4c04f30a51 fixed CREATE_CHILD_SA transaction dispatching 2006-07-13 08:51:24 +00:00