sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-08 00:02:03 -04:00
Code Issues Projects Releases Wiki Activity
10,977 Commits 100 Branches 327 Tags
Commit Graph

10977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Willi
e9326eba13 socket-default: Use -1 if socket is not available, as 0 is actually a valid fd 2013-05-06 16:10:10 +02:00
Martin Willi
b0ccd14f2a semaphore: similar to thread_create(), semaphore_create() is used by Mach 
The compiler spits no warning, but the wrong symbol is used when calling
semaphore_create() from strongSwan. Override the name with a #define to force
the use of our semaphore_create().
 2013-05-06 16:06:48 +02:00
Martin Willi
0c586c0099 .gitignore: add OS X .DS_Store files 2013-05-06 16:06:48 +02:00
Martin Willi
922e2d1d62 Merge branch 'charon-cmd' 
Introduce a simple IKEv1/IKEv2 command line client, charon-cmd. It does
not need any configuration files at all, but takes a few command line arguments
to establish connections as a road warrior.
 2013-05-06 16:01:25 +02:00
Martin Willi
68fc0fe32e charon-cmd: add an option to set a different server identity 2013-05-06 15:54:35 +02:00
Martin Willi
a0f6f39343 proposals: try next if IKEv2 algorithm could not be mapped to IKEv1 2013-05-06 15:54:32 +02:00
Martin Willi
d2e2b9a2da charon-cmd: add support for different IKEv1/IKEv2 authentication profiles 2013-05-06 15:54:31 +02:00
Martin Willi
d6b0c28b25 charon-cmd: support multi-line help text for each option in usage 2013-05-06 15:54:29 +02:00
Martin Willi
8e53682cd9 charon-cmd: add --local/remote-ts options to set traffic selectors 2013-05-06 15:54:27 +02:00
Martin Willi
7a86bccd50 charon-cmd: Use dynamic ports with the socket-default plugin 2013-05-06 15:28:27 +02:00
Martin Willi
69333acee0 settings: Add a set_default_str() to set a different default for a key 
The value is set only if it is not configured in strongswan.conf or has
not been set() otherwise.
 2013-05-06 15:28:27 +02:00
Martin Willi
3ca58c32be charon-cmd: prompt for EAP passwords on-demand using a callback credential set 2013-05-06 15:28:27 +02:00
Martin Willi
b48941ae16 charon-cmd: authenticate with EAP if no private key is given 2013-05-06 15:28:27 +02:00
Martin Willi
7bcd96e43d charon-cmd: pass arguments to all handlers, even if already handled 2013-05-06 15:28:27 +02:00
Martin Willi
9dfd9275f0 charon-cmd: build long_opts only once when reading arguments in charon-cmd 2013-05-06 15:28:27 +02:00
Martin Willi
f0749552a6 charon-cmd: add support for using dynamic ports in charon-cmd 2013-05-06 15:28:26 +02:00
Martin Willi
d3874008e8 socket-dynamic: when sending from port zero, allocate a free port dynamically 2013-05-06 15:28:26 +02:00
Martin Willi
5e9144a21f controller: clean up job data if a thread gets cancelled waiting in a function 
Controller functions are thread cancellation points, so register a cancellation
handler cleaning up job data.
 2013-05-06 15:28:26 +02:00
Martin Willi
2baa7bbedb charon-cmd: load certificates and RSA private keys 2013-05-06 15:28:26 +02:00
Martin Willi
78d7a0f7e2 charon-cmd: add a connection object and its initiation to charon-cmd 2013-05-06 15:28:26 +02:00
Martin Willi
be44723de0 charon-cmd: move command line options to separate file, obsolete short options 2013-05-06 15:28:26 +02:00
Martin Willi
1fed10beb2 charon-cmd: add a stub for charon-cmd, a simple command line IKE client 2013-05-06 15:28:26 +02:00
Martin Willi
b4e9f74e42 Merge branch 'leak-detective-dlsym' 
Replaces the use of deprecated glibc malloc hooks by overloading malloc calls
and find the originals using dlsym(RTLD_NEXT).

On OS X, we now support the use of leak detective by changing the default
malloc zone functions, backtraces get resolved using atos.

It seems that the performance bottleneck now is stack unwinding. Unfortunately
a new libunwind based backtrace() is not much faster than the libc variant; we
keep that option nonetheless for platforms without backtrace().
 2013-05-06 15:15:58 +02:00
Martin Willi
40f2a5306a scripts: add a simple test utility to do some malloc() benchmarking/profiling 2013-05-06 15:15:24 +02:00
Martin Willi
29324299fe backtrace: use atos instead of addr2line on OS X to resolve source lines 2013-05-06 15:15:24 +02:00
Martin Willi
83714577a9 backtrace: add an alternative stack unwinding implementation using libunwind 2013-05-06 15:15:24 +02:00
Martin Willi
d8f6f0c01c leak-detective: add support for OS X by hooking default malloc zone 2013-05-06 15:15:24 +02:00
Martin Willi
50fbd32472 leak-detective: remove unused malloc call counters 2013-05-06 15:15:24 +02:00
Martin Willi
3117824f55 leak-detective: align allocations on both 32 and 64-bit systems to 32 bytes 2013-05-06 15:15:24 +02:00
Martin Willi
7e3f6299d5 leak-detective: call tzset() explicitly before enabling leak detective 
tzset() is hard to whitelist on some systems, as there is no symbol involved.
Call tzset() explicitly before initialization to avoid false positives.
 2013-05-06 15:15:24 +02:00
Martin Willi
17211b6b9a leak-detective: override malloc functions instead of using deprecated hooks 
malloc hooks have become deprecated, and their use has always been problematic,
especially in multi-threaded applications. Replace the functionality by
overriding all malloc functions and query the system allocator functions
using dlsym() with RTLD_NEXT.
 2013-05-06 15:15:24 +02:00
Martin Willi
e9b3bd5434 Merge branch 'silent-automake' 
Adds support for --enable/disable-silent-rules when building with Automake
1.11 or 1.12. make V=0 or V=1 can be used to build with a different verbosity
than ./configured.
 2013-05-06 15:05:40 +02:00
Martin Willi
d0f01a581d Add -s to make if --enable-silent-rules is ./configured 2013-05-06 15:04:56 +02:00
Martin Willi
0be946dce3 Use the GEN silent rule when generating files with sed 2013-05-06 15:04:56 +02:00
Martin Willi
f932677f0c Use the GEN silent rule when generating oid database with perl 2013-05-06 15:04:56 +02:00
Martin Willi
9f1dfd88c8 Use the GEN silent rule when generating gperf files 2013-05-06 15:04:56 +02:00
Martin Willi
84c00e71b7 Provide the --enable-silent-rules ./configure option with automake 1.11 and 1.12 2013-05-06 15:04:56 +02:00
Martin Willi
5f55fd6e61 Introduce an optional logger_t.vlog() method with format string and arguments 
To have more flexibility in the logging backend, receiving the original format
string and do printf() substitution in the logger may be preferable. An
additional but optional logger method does not touch the behavior of existing
loggers.
 2013-05-06 15:00:15 +02:00
Martin Willi
e93f386dbb Raise an ALERT_PROPOSAL_MISMATCH_CHILD also when receiving NO_PROPOSAL_CHOSEN 2013-05-06 14:56:50 +02:00
Martin Willi
00080d2b8b Raise an ALERT_PROPOSAL_MISMATCH_IKE also when receiving NO_PROPOSAL_CHOSEN 2013-05-06 14:56:50 +02:00
Martin Willi
aea7ce3c64 eap-radius: add an option to disable accounting for tunnels without virtual IP 2013-05-06 14:56:01 +02:00
Martin Willi
69620a48e8 eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPs 
Fixes some corner cases if multiple tunnels use the same peer identity.
 2013-05-06 14:56:01 +02:00
Martin Willi
a3854d8371 Don't unset IKE_SA on bus before we released virtual IPs and attributes 2013-05-06 14:56:01 +02:00
Tobias Brunner
55321dcfb6 New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlink 
libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported,
native x86 libraries are built (requires a new Vstr build script).
Also, the existing kernel-netlink plugin now provides the kernel-net
implementation, which should be more stable in case multiple interfaces
are up and have IP addresses installed on them.
 2013-05-03 16:02:39 +02:00
Tobias Brunner
79f42ded50 libipsec: Fix memory leak in event relay 2013-05-03 16:02:39 +02:00
Tobias Brunner
740aedfec1 android: Use stronger ESP proposal including AES-GCM 2013-05-03 16:02:39 +02:00
Tobias Brunner
051fc25d92 libipsec: Add support for AES-GCM 2013-05-03 15:13:57 +02:00
Tobias Brunner
24a8d1253f libipsec: Wrap traditional algorithms in AEAD wrapper 2013-05-03 15:13:57 +02:00
Tobias Brunner
61fb3267b2 android: Remove unused methods on NetworkManager/network_manager_t 2013-05-03 15:11:20 +02:00
Tobias Brunner
70dfac4459 android: Ignore interface 'lo' 
Android adds a default route via 'lo' if no connectivity is available
causing charon to send packets via lo and triggering DPD.
 2013-05-03 15:11:20 +02:00