tteras/strongswan/src/libcharon/plugins/unity, branch 5.2.1rc1

unity: Do not bump TS to 0.0.0.0/0 as initiator when no Split-Include received

2014-08-25T08:02:44+00:00

When having the unity plugin enabled and both peers send the Unity Vendor ID,
we proposed 0.0.0.0/0 as traffic selector, even if no Split-Include has been
received on the SA. This can break compatibility with some responders, as
they don't narrow the TS themselves, but expect the configured TS.

unity: Handle narrowing according to roles in the IKE_SA

2014-08-25T07:59:43+00:00

Since the narrow hook types reflect the roles in the Quick Mode exchange
the plugin behaved incorrectly if the server initiated the CHILD_SA
rekeying.

plugins: Don't link with -rdynamic on Windows

2014-06-04T13:53:02+00:00

unity: Send all traffic selectors in a single UNITY_SPLIT_INCLUDE attribute

2014-01-23T09:35:21+00:00

Cisco clients only handle the first such attribute.

unity: Change local TS to 0.0.0.0/0 as responder

2014-01-23T09:35:21+00:00

Cisco clients and Shrew expect a remote TS of 0.0.0.0/0 if Unity is
used, otherwise Quick Mode fails.

unity: Send UNITY_SPLIT_INCLUDE attributes with proper padding

2014-01-23T09:35:21+00:00

The additional 6 bytes are not actually padding but are parsed by the
Cisco client as protocol and src and dst ports (each two bytes but
strangely only the first two in network order).

unity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributes

2013-07-29T19:44:27+00:00

Cisco devices seem to add 6 bytes of padding between each address/mask
pair.

Fixes #366.

automake: replace INCLUDES by AM_CPPFLAGS

2013-07-18T12:59:19+00:00

INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.

unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were received

2013-07-17T16:23:57+00:00

unity: Allow UNITY_LOCAL_LAN to be longer than 8 bytes

2013-07-17T16:23:57+00:00