aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * Add configure option --enable-unit-testsAdrian-Ken Rueegsegger2013-03-192-0/+11
|/ | | | | | | | | | | | This configure option enables check-based unit testing. Check is a unit test framework for C [1]. The unit tests can be executed by issuing the following command in the toplevel build directory: make check [1] - http://check.sourceforge.net/
* Load arbitrary (non-host) attributes from strongswan.confTobias Brunner2013-03-191-21/+32
| | | | This allows to e.g. load Cisco-specific attributes that contain FQDNs.
* Don't try to mmap() empty ipsec.secret filesMartin Willi2013-03-191-1/+5
|
* Delete IKE_SAs if responder does not initiate XAuth exchange within a ↵Tobias Brunner2013-03-193-3/+27
| | | | certain time frame
* testing: Rename interfaces and bridges so they are easier to identifyTobias Brunner2013-03-1912-5/+16
| | | | | | | This simplifies capturing traffic with Wireshark on the host as each of the guest's interfaces is clearly identified. The three bridges were previously numbered starting from 0, this scheme is restored here.
* testing: Don't use a specific version for the QEMU machine typeTobias Brunner2013-03-198-8/+8
| | | | | The previously used pc-1.1 is not yet available on e.g. Ubuntu 12.04. With 'pc' the most current supported version of that type is used.
* NEWS about xauth-noauth addedTobias Brunner2013-03-191-0/+6
|
* Make sure that xauth-noauth is not used accidentallyTobias Brunner2013-03-191-2/+5
| | | | It has to be selected explicitly with rightauth2=xauth-noauth.
* Added xauth-noauth pluginTobias Brunner2013-03-198-29/+309
| | | | | | | | This XAuth backend does not do any authentication of client credentials but simply sends a successful XAuth status to the client, thereby concluding the XAuth exchange. This can be useful to fallback to basic RSA authentication with clients that can not be configured without XAuth authentication.
* In stroke counters, check if we have an IKE_SA before getting the name from itMartin Willi2013-03-191-3/+6
| | | | | Fixes a segfault when receiving an invalid IKE SPI, where we don't have an IKE_SA for the raised alert.
* Add an "esp" load-tester option to configure custom CHILD_SA ESP proposalMartin Willi2013-03-181-3/+16
|
* Algorithms are not really specific to an IKE versionTobias Brunner2013-03-181-1/+1
| | | | | | But not all of them can be used with IKEv1. Fixes #314.
* Add some 5.0.3 NEWSMartin Willi2013-03-181-0/+22
|
* Merge branch 'radius-ext'Martin Willi2013-03-1831-114/+1333
|\ | | | | | | | | | | Bring some extensions to eap-radius, namely a virtual IP address provider based on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting updates and the reporting of sent/received packets.
| * Don't create interim update entries if RADIUS accounting is disabledMartin Willi2013-03-142-7/+7
| |
| * Add support for RADIUS Interim accounting updatesMartin Willi2013-03-143-39/+269
| |
| * Add an option to delete any established IKE_SA if RADIUS server is not ↵Martin Willi2013-03-144-7/+67
| | | | | | | | responding
| * Make check whether to use IKEv1 fragmentation more readableMartin Willi2013-03-141-5/+14
| |
| * Send Acct-Terminate-Cause based on some alerts catched on the busMartin Willi2013-03-141-0/+62
| | | | | | | | | | Currently supported are user disconnects, session timeouts and if the peer does not respond on IKE packets or DPDs.
| * When IKEv1 DPD times out, raise missing SEND_RETRANSMIT_TIMOUT alertMartin Willi2013-03-142-1/+2
| |
| * Raise an alert if an IKE_SA could not have been reauthenticated and expiresMartin Willi2013-03-142-0/+6
| |
| * Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Accounting-RequestsMartin Willi2013-03-141-4/+33
| |
| * Support RADIUS accounting of sent/received packetsMartin Willi2013-03-141-13/+23
| |
| * Report the number of processed packets in "ipsec statusall"Martin Willi2013-03-141-5/+9
| |
| * child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-149-16/+20
| | | | | | | | packets
| * Pass correclty sized pointer to lookup_algorithm() in PF_KEYMartin Willi2013-03-141-1/+1
| |
| * kernel_ipsec_t.query_sa() additionally returns the number of processed packetsMartin Willi2013-03-149-16/+50
| |
| * Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-RequestMartin Willi2013-03-132-10/+56
| |
| * Forward Cisco Banner received from RADIUS to Unity capable clientsMartin Willi2013-03-123-5/+176
| |
| * Add a radius message method to enumerate vendor specific attributesMartin Willi2013-03-122-0/+92
| |
| * Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000Martin Willi2013-03-122-1/+4
| |
| * In eap-radius, hand out received Framed-IP-Address attributes as virtual IPMartin Willi2013-03-125-2/+460
| |
* | Merge branch 'stroke-counters'Martin Willi2013-03-188-23/+223
|\ \ | | | | | | | | | | | | Extend stroke counters functionality by connection specific counters, and a resetcounters command to reset the global or connection counters.
| * | Add a "resetcounters" command to ipsec, clearing global or connection countersMartin Willi2013-03-158-14/+53
| | |
| * | Add connection name specific stroke countersMartin Willi2013-03-157-20/+181
| | |
| * | Add a chunk_from_str() initializer that does not include 0-terminatorMartin Willi2013-03-151-0/+5
| | |
* | | Merge branch 'stroke-timeout'Martin Willi2013-03-182-22/+94
|\ \ \ | | | | | | | | | | | | Add a strongswan.conf timeout option for stroke control commands.
| * | | If controller operations have a callback, don't succeed before hook gets calledMartin Willi2013-03-071-4/+12
| | | |
| * | | Add a stroke command timeout option, and report status of completed commandMartin Willi2013-03-071-18/+82
| |/ /
* | | Merge branch 'netlink-align'Martin Willi2013-03-183-268/+151
|\ \ \ | |_|/ |/| | | | | | | | Fixes some Netlink alignment issues, and then refactors Netlink XFRM message attribute handling.
| * | Use netlink_add_attribute() to copy over attributes during update_sa()Martin Willi2013-03-151-9/+6
| | |
| * | Use a helper function to add XFRM_MARK attributeMartin Willi2013-03-151-81/+37
| | |
| * | Use netlink_reserve() helper function in XFRM to simplify message constructionMartin Willi2013-03-151-175/+72
| | |
| * | Add a Netlink utility function to add a RTA header and reserve space for dataMartin Willi2013-03-152-0/+32
| | |
| * | Correctly check buffer length in netlink_add_attribute()Martin Willi2013-03-152-7/+9
| | |
| * | Avoid unneeded termination of netlink algorithm name arrays with END_OF_LISTMartin Willi2013-03-151-13/+14
| | |
| * | When adding Netlink attributes, increase header length with potential alignmentMartin Willi2013-03-111-32/+30
| | | | | | | | | | | | | | | If the payload is unaligned, we must make sure the total netlink message length includes the added alignment for the first attribute.
* | | Add missing XAuthRespPSK switch case to IKEv1 key derivationMartin Willi2013-03-121-0/+1
| | |
* | | strdup() iface passed to queue_route_reinstall(), fixing double-freeMartin Willi2013-03-111-1/+1
| | |
* | | Support mutliple subnets and ranges as external load-tester addressesMartin Willi2013-03-111-15/+59
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 15:31:36 +0000