aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * charon-cmd: Document new proposal options in manpageMartin Willi2014-02-061-0/+18
| |
| * charon-cmd: Add --esp/--ah-proposal options to specify CHILD_SA proposalsMartin Willi2014-02-063-1/+43
| |
| * charon-cmd: Add an --ike-proposal option to specify non-default IKE proposalsMartin Willi2014-02-063-1/+34
| |
| * charon-cmd: Block SIGUSR1 on worker threadsMartin Willi2014-02-061-0/+1
|/ | | | | | To properly shut down charon-cmd with leak reports, only the main thread should catch SIGUSR1 to shut down the application. Work threads should ignore SIGUSR1 to avoid any hard application termination.
* Document ipsec attest --session commandAndreas Steffen2014-02-051-2/+5
|
* Allow output of session time in UTCAndreas Steffen2014-02-051-2/+2
|
* Added missing semicolon in SQL statementsAndreas Steffen2014-02-052-12/+12
|
* Added Android 4.3.1 to products database tableAndreas Steffen2014-02-042-4/+28
|
* Added new Android versions to PTS databaseAndreas Steffen2014-02-042-0/+120
|
* testing: Fetch the FreeRADIUS tarball from the "old" directoryMartin Willi2014-01-311-1/+1
| | | | Fixes #483.
* unit-tests: Add some test cases for HTTP GET/POST fetchesMartin Willi2014-01-313-1/+275
|
* unit-tests: Fix test_runner_run() apidocMartin Willi2014-01-291-1/+1
|
* pki: Declare correct section in pki --issue man pageTobias Brunner2014-01-241-1/+1
|
* NEWS: Add unit testing improvementsMartin Willi2014-01-241-0/+5
|
* ike: Restart inactivity counter after doing a CHILD_SA rekeyMartin Willi2014-01-232-3/+6
| | | | | | | | | | | | When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity job is queued for a time unrelated to the rekey time, so it might happen that the inactivity job gets executed just after rekeying. If this happens, inactivity is detected even if we had traffic on the rekeyed CHILD_SA just before rekeying. This change implies that inactivity checks can't handle inactivity timeouts for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter than the rekey time to have any effect.
* child-sa: Add a getter for CHILD_SA install timeMartin Willi2014-01-232-0/+20
|
* Merge branch 'pam-session'Martin Willi2014-01-237-10/+276
|\ | | | | | | Add support for PAM session management in xauth-pam.
| * NEWS: Introduce PAM session managementMartin Willi2014-01-231-0/+3
| |
| * man: Document xauth-pam session optionMartin Willi2014-01-231-0/+3
| |
| * xauth-pam: Open/close a PAM session for each connected clientAndrea Bonomi2014-01-234-9/+265
| | | | | | | | Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
| * xauth-pam: Sanitize XAuth attributes before passing them to PAMMartin Willi2014-01-231-1/+5
|/
* Merge branch 'vendor-ids'Martin Willi2014-01-231-16/+63
|\ | | | | | | | | Refactors IKEv2 vendor ID handling, and introduces some IDs seen when talking to Cisco devices.
| * ikev2: Add Cisco FRAGMENTATION vendor IDMartin Willi2014-01-231-0/+2
| | | | | | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
| * ikev2: Add Cisco Copyright vendor IDMartin Willi2014-01-231-0/+2
| | | | | | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
| * ikev2: Add Cisco Delete Reason vendor IDMartin Willi2014-01-231-0/+2
| | | | | | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
| * ikev2: Use a more dynamic vendor ID database, as we use with IKEv1Martin Willi2014-01-231-16/+57
|/
* Merge branch 'chunk-mmap'Martin Willi2014-01-2321-270/+475
|\ | | | | | | | | Introduces file mmap/munmap() wrappers and provides a fallback if mmap() is not supported. Replaces all mmap() uses by the new functions.
| * libpts: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-29/+5
| |
| * tnccs: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-232-27/+6
| |
| * pem: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-29/+6
| |
| * stroke: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-30/+6
| |
| * radattr: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-40/+8
| |
| * libfast: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-29/+10
| |
| * integrity-checker: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-31/+6
| |
| * chunk: Externalize error reporting in chunk_write()Martin Willi2014-01-236-30/+52
| | | | | | | | | | This avoids passing that arbitrary label just for error messages, and gives greater flexibility in handling errors.
| * chunk: Provide a fallback chunk_map() if mmap is not availableMartin Willi2014-01-232-2/+47
| |
| * chunk: Use dynamically allocated buffer in chunk_from_fd()Martin Willi2014-01-2310-25/+183
| | | | | | | | | | | | | | | | When acting on files, we can use fstat() to estimate the buffer size. On non-file FDs, we dynamically increase an allocated buffer. Additionally we slightly change the function signature to properly handle zero-length files and add appropriate unit tests.
| * chunk: Add functions to map file contents to a chunkMartin Willi2014-01-233-1/+149
|/
* Merge branch 'unity-fixes'Tobias Brunner2014-01-232-34/+54
|\ | | | | | | | | | | Improves compatibility with the Cisco and Shrew clients. Fixes #445.
| * unity: Send all traffic selectors in a single UNITY_SPLIT_INCLUDE attributeTobias Brunner2014-01-231-35/+47
| | | | | | | | Cisco clients only handle the first such attribute.
| * unity: Change local TS to 0.0.0.0/0 as responderTobias Brunner2014-01-231-4/+7
| | | | | | | | | | Cisco clients and Shrew expect a remote TS of 0.0.0.0/0 if Unity is used, otherwise Quick Mode fails.
| * unity: Send UNITY_SPLIT_INCLUDE attributes with proper paddingTobias Brunner2014-01-231-11/+16
|/ | | | | | The additional 6 bytes are not actually padding but are parsed by the Cisco client as protocol and src and dst ports (each two bytes but strangely only the first two in network order).
* Merge branch 'ipcomp'Tobias Brunner2014-01-2341-11/+522
|\ | | | | | | | | | | | | | | Fixes compatibility issues between firewall rules (leftfirewall=yes) and IPComp (compress=yes), plus issues with IPComp when used with multiple subnets in left|rightsubnet. Fixes #436.
| * testing: Add ikev2/host2host-transport-nat scenarioTobias Brunner2014-01-239-0/+146
| |
| * testing: Add ipv6/rw-compress-ikev2 scenarioTobias Brunner2014-01-239-0/+125
| |
| * testing: Add ikev2/compress-nat scenarioTobias Brunner2014-01-2312-0/+187
| |
| * testing: Enable firewall for ikev2/compress scenarioTobias Brunner2014-01-238-7/+14
| | | | | | | | | | Additionally, send a regular (small) ping as the kernel does not compress small packets and handles those differently inbound.
| * kernel-netlink: Set selector on transport mode IPComp SAsTobias Brunner2014-01-231-1/+1
| |
| * kernel-netlink: Selectively add selector on SAs that use IPCompTobias Brunner2014-01-231-1/+7
| | | | | | | | | | | | Don't add a selector to tunnel mode SAs, these might serve multiple traffic selectors but with only one selector on the SA only the traffic matching the first one would actually get tunneled.
| * updown: Increase buffer size for script and environment variablesTobias Brunner2014-01-231-1/+1
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-10 16:22:23 +0000