aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * Factor out building of strongswan into own MakefileReto Buerki2012-12-183-382/+117
| | | | | | | | | | Small Makefiles (recipes) are used to install software from source into the root UML image.
| * testing: Switch to Debian based guest imagesReto Buerki2012-12-1816-655/+189
| | | | | | | | | | | | | | | | | | | | Instead of extracting a downloaded Gentoo filesystem tree into a file containing a reiserfs filesystem, create an ext3 filesystem inside a sparse file, mount it and debootstrap an up-to-date Debian system. Use this image as base for all UML guest images. Also, drop support for the various consoles and use xterm unconditionally.
* | Reseed rdrand after every 128bit sample onlyMartin Willi2013-01-151-2/+2
| |
* | version bump to 5.0.2rc1Andreas Steffen2013-01-151-1/+1
| |
* | android: Properly escape apostrophes in Ukrainian translation5.0.2dr4Tobias Brunner2013-01-141-8/+8
| |
* | android: Implement kernel_net_t.get_interface via JNITobias Brunner2013-01-144-6/+92
| | | | | | | | | | | | This is now required to properly accept/install a virtual IP address. Fixes #275.
* | android: Moved chunk_from_byte_array and byte_array_from_chunk helper functionsTobias Brunner2013-01-142-24/+32
| |
* | android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h ↵Tobias Brunner2013-01-142-0/+2
| | | | | | | | on Android
* | Properly send IKEv1 packets if no ike_cfg is known yetTobias Brunner2013-01-141-2/+5
| | | | | | | | This applies for error notifies.
* | Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
| |
* | Respect given address family when resolving "%any"Martin Willi2013-01-141-1/+5
| |
* | Android.mk of libstrongswan updatedTobias Brunner2013-01-141-2/+2
| |
* | Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-1237-59/+882
|\ \ | | | | | | | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * | NEWS for fragmentation extension addedTobias Brunner2013-01-121-0/+4
| | | | | | | | | | | | | | | Conflicts: NEWS
| * | Added an option to configure the maximum size of a fragmentTobias Brunner2013-01-122-3/+14
| | |
| * | Properly detect fragmentation capabilitiesTobias Brunner2013-01-121-3/+27
| | | | | | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately.
| * | Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-1220-33/+76
| | |
| * | Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-2425-33/+69
| | |
| * | Include source port in init hash for fragmented messagesTobias Brunner2012-12-241-1/+8
| | |
| * | Add an option to en-/disable IKE fragmentationTobias Brunner2012-12-243-5/+25
| | | | | | | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled.
| * | Split larger messages into fragments if IKE fragmentation is supported by peerTobias Brunner2012-12-241-14/+114
| | |
| * | Log message size for in- and outbound IKE messagesTobias Brunner2012-12-242-4/+7
| | |
| * | Add support to create IKE fragmentsTobias Brunner2012-12-242-0/+30
| | | | | | | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing.
| * | Log added NAT-T vendor IDsTobias Brunner2012-12-241-0/+1
| | |
| * | Detect a peer's support for IKE fragmentationTobias Brunner2012-12-242-0/+9
| | | | | | | | | | | | Fragments are accepted even if this vendor ID is not seen.
| * | Map fragmented initial initial Main or Aggressive Mode messages to the same ↵Tobias Brunner2012-12-241-1/+17
| | | | | | | | | | | | IKE_SA
| * | Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵Tobias Brunner2012-12-241-1/+2
| | | | | | | | | | | | | | | | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
| * | Don't handle fragmented messages larger than charon.max_packetTobias Brunner2012-12-241-4/+39
| | |
| * | Don't update an IKE_SA-entry's cached message ID when handling fragmentsTobias Brunner2012-12-241-1/+4
| | |
| * | Store inbound IKE fragments and reassemble the message when all fragments ↵Tobias Brunner2012-12-241-3/+166
| | | | | | | | | | | | are received
| * | Add message rules to properly handle IKE fragmentsTobias Brunner2012-12-241-0/+8
| | | | | | | | | | | | | | | These are sent in unencrypted messages and are the only payload contained in such messages.
| * | Reset the encrypted flag when handling IKE messages that contain a fragmentTobias Brunner2012-12-241-0/+6
| | | | | | | | | | | | | | | Racoon sets the encrypted bit for messages containing a fragment, but these messages are not really encrypted (the fragmented message is though).
| * | Payload added to handle IKE fragmentsTobias Brunner2012-12-246-11/+314
| | |
* | | Don't use bio_writer_t.skip() to write length field when appending more dataMartin Willi2013-01-112-6/+9
| | | | | | | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation.
* | | Add rdrand NEWSMartin Willi2013-01-111-0/+3
| | |
* | | Use raw opcodes for rdrand to build with older binutilsMartin Willi2013-01-111-6/+6
| | |
* | | Provide RNG_TRUE quality in rdrand by mixing reseeded outputs using AESMartin Willi2013-01-112-8/+108
| | |
* | | Provide RNG_STRONG quality in rdrand by forcing PRNG reseed after every sampleMartin Willi2013-01-112-1/+69
| | |
* | | Provide RNG_WEAK quality random generator in rdrandMartin Willi2013-01-114-2/+342
| | |
* | | Add a rdrand plugin stub detecting availability of RDRAND instructionsMartin Willi2013-01-115-0/+187
| | |
* | | Add NEWS about improved Windows IKEv1 compatibilityMartin Willi2013-01-111-0/+4
| | |
* | | Streamline debug output when receiving intermediate CA certificates in IKEv1Martin Willi2013-01-111-1/+1
| | |
* | | Refactored IKEv2 cert/certreq payload processing to multiple functionsMartin Willi2013-01-111-112/+141
| | |
* | | Refactored IKEv1 cert payload processing to multiple functionsMartin Willi2013-01-111-73/+102
| | |
* | | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-113-0/+96
| | |
* | | Fixed some typos in commentsVolker Rümelin2013-01-114-6/+6
| | |
* | | Fixed some typos in Ukrainian translationPavel Kopchyk2013-01-091-15/+16
| | |
* | | conftest: Add support for time_format and ike_name options in log sectionsThomas Klute2013-01-081-1/+18
| | | | | | | | | | | | | | | | | | Both options are well supported for normal operation but were completely ignored by conftest, which used hard coded defaults. File options are still missing but could be added in a similar way.
* | | conftest: Fix log level settings for stdoutThomas Klute2013-01-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes bug #272 ("conftest ignores log settings for stdout"). http://wiki.strongswan.org/issues/272 According to the documentation of add_logger in src/libcharon/bus/bus.h, the relevant log levels of a logger are registered with the logging subsystem when adding the logger. If the log levels change later, the logger must be re-added to propagate the new settings. In conftest.c, the stdout logger is initialized and added before reading the logging settings, but wasn't re-added after reading the settings.
* | | conftest: Make outgoing sequence number set by reset_seq configurableThomas Klute2013-01-082-8/+70
| | | | | | | | | | | | | | | | | | | | | | | | This is useful for certain test cases. Passing the sequence number to the callback requires a new struct that contains both the number and the xfrm_usersa_id. The new configuration parameter is called oseq in accordance with the kernel name, see the comment in the reset_cb callback function for details.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 12:06:15 +0000