aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID ↵5.2.1rc1Andreas Steffen2014-10-111-2/+2
| | | | Inventory attribute
* Support of multiple directed segmentation contractsAndreas Steffen2014-10-116-22/+133
|
* unit-tests: Updated MakefileAndreas Steffen2014-10-111-0/+1
|
* unit-tests: Added test for seg_contract_managerAndreas Steffen2014-10-111-0/+74
|
* Added KVM config for 3.16 and 3.17 kernelsAndreas Steffen2014-10-112-0/+4229
|
* Updated build-database.sh script to 3.13.0-37 kernelAndreas Steffen2014-10-111-1/+1
|
* testing: Ensure no guest is running when modifying imagesTobias Brunner2014-10-105-0/+16
| | | | | Sometimes guests are not stopped properly. If images are then modified they will be corrupted.
* testing: Enable virtio console for guestsTobias Brunner2014-10-109-16/+87
| | | | | | | | | | | This allows accessing the guests with `virsh console <name>`. Using a serial console would also be possible but our kernel configs have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though. So to avoid having to recompile the kernels let's do it this way, only requires rebuilding the guest images. References #729.
* Merge branch 'vici-ruby'Martin Willi2014-10-1024-37/+1374
|\ | | | | | | | | Adds a ruby gem for the VICI protocol, along with some documentation improvements and some minor fixes to vici and swanctl.
| * NEWS: Introduce the vici ruby gemMartin Willi2014-10-101-0/+5
| |
| * swanctl: Fix exit codes based on errnoMartin Willi2014-10-1013-20/+45
| | | | | | | | | | As fprintf() most likely sets errno, we should save it before printing the error message.
| * vici: Cancel processor before calling library_deinit()Martin Willi2014-10-101-0/+1
| | | | | | | | | | For non-direct libstrongswan users, the deinitialization segfaults because of the missing worker thread cancellation.
| * vici: Reduce debug level during thread spawningMartin Willi2014-10-101-0/+2
| | | | | | | | We want to avoid libvici users to get a cluttered stderr for no real error.
| * vici: Don't include-depend on libstrongswan for boolean typesMartin Willi2014-10-102-4/+2
| | | | | | | | | | | | | | | | As we want to avoid the libstrongswan include dependencies for libvici, avoid the use of the bool type. Unfortunately this change may break the ABI for vici_dump(). As this function is mostly for debugging purposes, we do it nonetheless; my apologies if somebody already relies on the ABI stability of that function.
| * vici: Document the ruby gem and add some simple examplesMartin Willi2014-10-101-0/+58
| |
| * vici: Add some simple libvici examples to the READMEMartin Willi2014-10-101-2/+116
| |
| * vici: Document the available vici command and event messagesMartin Willi2014-10-101-1/+509
| |
| * vici: Use "gem"-assisted vici ruby gem building and installationMartin Willi2014-10-105-1/+30
| |
| * configure: Add global --enable-ruby-gems and --with-rubygemdir optionsMartin Willi2014-10-101-0/+14
| | | | | | | | | | This provides the options to build and install ruby gems for components providing them, such as vici.
| * vici: Add a ruby gem providing a native vici interfaceMartin Willi2014-10-103-0/+586
| |
| * vici: Return a success result for the clear-creds commandMartin Willi2014-10-101-4/+1
| | | | | | | | | | Even if the command actually can't fail, this looks more aligned to similar commands.
| * vici: Fix message encoding type values in documentationMartin Willi2014-10-101-6/+6
|/
* ikev1: Add fragmentation support for Windows peersVolker Rümelin2014-10-103-13/+58
| | | | | | | | I still think ipsec/l2tp with fragmentation support is a useful fallback option in case the Windows IKEv2 connection fails because of fragmentation problems. Tested with Windows XP, 7 and 8.1.
* eap-radius: Add option to set interval for interim accounting updatesTobias Brunner2014-10-102-1/+15
| | | | | | Any interval returned by the RADIUS server in the Access-Accept message overrides the configured interval. But it might be useful if RADIUS is only used for accounting.
* NEWS: IKEv2 fragmentation mentionedTobias Brunner2014-10-101-0/+3
|
* Merge branch 'ikev2-fragmentation'Tobias Brunner2014-10-1036-1211/+2658
|\ | | | | | | This adds support for IKEv2 fragmentation as per RFC 7383.
| * testing: Add ikev2/net2net-fragmentation scenarioTobias Brunner2014-10-109-0/+116
| |
| * testing: Update ikev1/net2net-fragmentation scenarioTobias Brunner2014-10-101-2/+2
| |
| * message: Limit maximum number of IKEv2 fragmentsTobias Brunner2014-10-101-1/+11
| | | | | | | | | | | | | | | | The maximum for IKEv1 is already 255 due to the 8-bit fragment number. With an overhead of 17 bytes (x64) per fragment and a default maximum of 10000 bytes per packet the maximum memory required is 14 kB for a fragmented message.
| * packet: Define a global default maximum size for IKE packetsTobias Brunner2014-10-105-18/+9
| |
| * message: Ensure a minimum fragment lengthTobias Brunner2014-10-101-8/+18
| |
| * ikev2: Send retransmits using the latest known addressesTobias Brunner2014-10-101-1/+3
| | | | | | | | | | | | | | For instance, if a DPD exchange is initiated by the gateway when a mobile client is roaming and it then gets a new IP address and sends an address update via MOBIKE, the DPD retransmits would still be sent to the old address and the SA would eventually get closed.
| * ikev2: Send and receive fragmented IKE messagesTobias Brunner2014-10-101-44/+169
| | | | | | | | | | If a fragmented message is retransmitted only the first packet is passed to the alert() hook.
| * ike: IKE_SA may fragment IKEv2 messagesTobias Brunner2014-10-101-1/+1
| |
| * ike: Do not cache MID of IKEv2 fragmentsTobias Brunner2014-10-101-2/+3
| | | | | | | | | | This fails if there are unencrypted payloads before an encrypted fragment payload in the first fragment.
| * message: Fragment and reassemble IKEv2 messagesTobias Brunner2014-10-102-133/+366
| |
| * message: Handle encrypted fragment payload similar to the encrypted payloadTobias Brunner2014-10-101-16/+91
| |
| * ikev2: Add encrypted fragment payloadTobias Brunner2014-10-105-12/+455
| |
| * encrypted_payload: Encrypted payload can be constructed from plaintextTobias Brunner2014-10-102-0/+38
| |
| * encrypted_payload: Expose generate() to generate the plaintextTobias Brunner2014-10-102-1/+17
| |
| * encrypted_payload: Extract some utility functionsTobias Brunner2014-10-101-74/+110
| |
| * message: Split generate() in multiple functionsTobias Brunner2014-10-101-67/+122
| |
| * ikev2: Negotiate support for IKEv2 fragmentationTobias Brunner2014-10-102-1/+24
| |
| * ikev2: Add notify for IKEv2 fragmentationTobias Brunner2014-10-102-7/+15
| |
| * ikev1: Move defragmentation to message_tTobias Brunner2014-10-103-169/+240
| |
| * ike: Move fragmentation to ike_sa_tTobias Brunner2014-10-103-62/+94
| | | | | | | | | | | | | | | | | | The message() hook on bus_t is now called exactly once before (plain) and once after fragmenting (!plain), not twice for the complete message and again for each individual fragment, as was the case in earlier iterations. For inbound messages the hook is called once for each fragment (!plain) and twice for the reassembled message.
| * message: fragment() generates message and fragments and caches themTobias Brunner2014-10-103-58/+109
| |
| * message: Make packet argument optional in generate()Tobias Brunner2014-10-101-1/+4
| |
| * ikev1: Move fragment generation to message_tTobias Brunner2014-10-105-139/+251
| |
| * ike: Rename encryption_payload to encrypted_payloadTobias Brunner2014-10-1010-102/+98
|/
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 09:10:55 +0000