aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * collections: Add interface for read-only dictionariesTobias Brunner2014-06-192-1/+56
| |
| * hashtable: Add destroy_function methodTobias Brunner2014-06-192-11/+37
|/
* stroke: Add --daemon optionTobias Brunner2014-06-191-124/+154
|
* starter: Use stream abstraction to communicate with stroke pluginTobias Brunner2014-06-191-33/+16
|
* stroke: Use stream abstraction to communicate with stroke pluginTobias Brunner2014-06-191-43/+23
| | | | | Without this changing charon.plugins.stroke.socket would not really work.
* winhttp: Fix a typo to properly release connection handleMartin Willi2014-06-191-1/+1
| | | | Fixes a rather large memory leak in HTTP fetches.
* load-tester: Add a crl option to include a CRL uri in generated certificatesMartin Willi2014-06-191-1/+21
|
* bus: Properly va_copy() argument list before passing it to printf() functionsMartin Willi2014-06-191-1/+3
| | | | | | | | As we later potentially use args again, we can't consume it with printf functions without copying it first. Clone list before passing it to any consuming function. Fixes #621.
* child-sa: Set replay window on both inbound and outbound SAMartin Willi2014-06-181-6/+2
| | | | | | | | While the outbound SA actually does not need a replay window, the kernel rejects zero replay windows on SAs using ESN. The ESN flag is required to use the full sequence number in ICV calculation, hence we set the replay window. This restores the behavior we had before 30c009c2.
* kernel-netlink: Never use XFRMA_REPLAY_ESN_VAL to configure zero replay windowsMartin Willi2014-06-181-1/+1
| | | | | | Trying to disable replay windows using the ESN attribute fails with EINVAL. Use non-ESN legacy format to disable replay windows, even if ESN has been negotiated over IKE.
* Added swanctl/net2net-route scenarioAndreas Steffen2014-06-189-0/+145
|
* Added swanctl/net2net-start scenarioAndreas Steffen2014-06-189-0/+140
|
* Minor changes in swanctl scenariosAndreas Steffen2014-06-187-5/+8
|
* The policy_started check is not needed any moreAndreas Steffen2014-06-181-4/+0
|
* Added swanctl --list-pols and swanctl --stats do scenario logAndreas Steffen2014-06-181-3/+12
|
* testing: Delete accidentally committed test casesTobias Brunner2014-06-1857-920/+0
|
* ikev1: Allow late connection switching based on XAuth usernameTobias Brunner2014-06-181-6/+0
|
* identification: Only use either , or / to separate RDNsTobias Brunner2014-06-182-7/+17
| | | | | If a DN starts with a slash (or whitespace and a slash) slashes will be used, otherwise commas.
* sshkey: Fix loading of ECDSA keys from filesTobias Brunner2014-06-182-3/+3
|
* sshkey: Add support to parse SSH public keys from files with left|rightsigkeyTobias Brunner2014-06-183-3/+59
|
* Merge branch 'vici-stats'Martin Willi2014-06-174-1/+277
|\ | | | | | | | | Add a vici/swanctl "stats" command to print daemon info, similar to the header shown in "ipsec statusall".
| * vici: Support memory stats without leak-detective on WindowsMartin Willi2014-06-171-0/+53
| |
| * swanctl: Add a --stats command to print daemon infos and statisticsMartin Willi2014-06-173-1/+120
| |
| * vici: Add a stats command returning various daemon infos and statisticsMartin Willi2014-06-171-0/+104
|/
* swanctl: Support private key decryption passhprases in swanctl.confMartin Willi2014-06-172-23/+145
| | | | | | | While there is no real security benefit of storing private keys encrypted if the passphrase is stored along with it, there still seems to be demand for this functionality. We add it for compatibility with ipsec.secrets, even if it is not really recommended.
* Merge branch 'conn-specific-replay'Martin Willi2014-06-1725-65/+137
|\ | | | | | | | | | | Introduces a connection specific replay_window option, overriding the global charon.replay_window strongswan.conf option. Original patch courtesy of Zheng Zhong and Christophe Gouault from 6Wind.
| * NEWS: Mention replay_window ipsec.conf optionMartin Willi2014-06-171-0/+4
| |
| * swanctl: Document replay_window optionMartin Willi2014-06-171-0/+7
| |
| * vici: Support a replay_window CHILD_SA optionMartin Willi2014-06-171-0/+16
| |
| * starter: Add a replay_window connection optionMartin Willi2014-06-178-0/+12
| |
| * kernel-pfkey: Support connection specific replay window sizes up to 32 packetsMartin Willi2014-06-171-1/+1
| |
| * kernel-netlink: Support connection specific replay window sizesMartin Willi2014-06-171-39/+16
| |
| * kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-1712-25/+43
| |
| * child-cfg: Store connection specific replay window on CHILD_SA configMartin Willi2014-06-172-0/+38
|/
* Merge branch 'win-errno'Martin Willi2014-06-172-65/+278
|\ | | | | | | Improves errno handling for Winsock2 compatibility functions.
| * windows: Declare strerror_s()Martin Willi2014-06-171-0/+5
| | | | | | | | | | Older MinGW versions seem to miss this function declaration. Fixes build on Travis using Ubuntu 12.04.
| * windows: Extend strerror_r/s by extended POSIX errno stringsMartin Willi2014-06-172-0/+66
| |
| * windows: Implement strerror_r using strerror_sMartin Willi2014-06-171-0/+9
| |
| * windows: Wrap most Winsock2 Posix functions to set errnoMartin Willi2014-06-172-65/+198
|/ | | | | | While Winsock provides many Posix compatibility functions, they do not set errno, but use WSAGetLastError() for error reporting. The wrapped functions derive an errno from WSAGetLastError() on failure.
* watcher: Prevent race condition spawning multiple watcher threadsMartin Willi2014-06-171-1/+3
| | | | | | | | If file descriptors get added and removed in rapid succession, the active watcher thread might not take notice of it and continues running. However, add() spawns a watcher thread whenever a file descriptor is added to an empty set. This could result in multiple watcher threads, which is fixed by a proper check for running watchers.
* thread-value: Defer cleanup handling to thread termination on WindowsMartin Willi2014-06-173-40/+51
| | | | | | | | | | | Instead of cleaning up all thread-values during destruction, cleanup handler is invoked when a thread detaches. Thread detaching is cough using the Windows DllMain() entry point, and allows us to basically revert 204098a7. Using this mechanism, we make sure that the cleanup handler is invoked by the the correct thread. Further, this mechanism works for externally-spawned threads which run outside of our thread_cb() routine, and works more efficiently with short-running threads.
* socket-win: Use non-overlapped I/O and socket event selectionMartin Willi2014-06-171-31/+13
| | | | | | | | The use of overlapped I/O was incorrect, as we passed stack based buffers, but did not cancel/wait for pending completion on all sockets. Our receive-from-all socket interface is actually tricky to implement using overlapped I/O. Switch to WSAEventSelect() event management, which can be canceled properly while working in a select()-like way.
* Merge branch 'attr-enum'Martin Willi2014-06-177-15/+104
|\ | | | | | | | | | | Introduces a handle_vips() hook very similar to assign_vips(), but for clients handling virtual IPs and other configuration attributes. Non-handled attributes are stored on the IKE_SA as well and can be enumerated.
| * bus: Add a handle_vips() hook invoked after handling configuration attributesMartin Willi2014-06-176-0/+53
| | | | | | | | | | | | | | | | | | Similar to assign_vips() used by a peer assigning virtual IPs to the other peer, the handle_vips() hook gets invoked on a peers after receiving attributes. On release of the same attributes the hook gets invoked again. This is useful to inspect handled attributes, as the ike_updown() hook is invoked after authentication, when attributes have not been handled yet.
| * ikev1: Invoke the assign_vips() bus hook for IKEv1 as wellMartin Willi2014-06-162-3/+7
| |
| * ike: Create an enumerator for (un-)handled configuration attributes on IKE_SAMartin Willi2014-06-162-0/+32
| |
| * ike: Store unhandled attributes on IKE_SA as wellMartin Willi2014-06-164-12/+12
|/
* Version bump to 5.2.0rc1Andreas Steffen2014-06-151-1/+1
|
* Mentioned first six swanctl scenarios in NEWS5.2.0dr6Andreas Steffen2014-06-141-0/+1
|
* Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenariosAndreas Steffen2014-06-1422-0/+441
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 00:50:19 +0000