aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* swanctl: Fix man page build on FreeBSDTobias Brunner2014-10-141-1/+1
| | | | | BSD make seems to only evaluate $< for certain rules (like the suffix rule used to generate the config template).
* thread: Test for pending cancellation requests before select()ing on OS XMartin Willi2014-10-141-0/+28
| | | | | | This fixes some vici test cases on OS X, where the test thread tries to cancel the watcher thread during cleanup, but fails as select() does not honor the pre-issued cancellation request.
* vici: Return default value for get_int() if message value is empty stringMartin Willi2014-10-142-1/+5
| | | | | This is the behavior of some strtol() implementations, and it makes sense, so force it.
* process: Don't use the shells built-in echo in testsMartin Willi2014-10-141-1/+1
| | | | On OS X, the /bin/sh built-in echo does not support -n.
* process: Don't use absolute path names for true/false/cat in unit testsMartin Willi2014-10-141-4/+10
| | | | | But use the (builtin) shell commands instead, as on OS X true/false are under /usr/bin.
* kernel-pfroute: Check for RTM_IFANNOUNCE availabilityMartin Willi2014-10-142-0/+22
| | | | This message is not available on OS X.
* process: Include missing <signal.h> for raise(3)Martin Willi2014-10-141-0/+1
| | | | Fixes OS X build.
* ike: Add IKEv2 in description of fragment_size option in strongswan.confTobias Brunner2014-10-141-3/+4
|
* ip-packet: Fix removal of TFC padding for IPv6Tobias Brunner2014-10-141-1/+1
| | | | | | The IPv6 length field denotes the payload length after the 40 bytes header. Fixes: 293515f95cf5 ("libipsec: remove extra RFC4303 TFC padding appended to inner payload")
* vici: Add vici.gemspec.in and vici.rb to distributionTobias Brunner2014-10-141-0/+2
|
* travis: Build-test updown and ext-auth plugins for WindowsMartin Willi2014-10-141-0/+1
|
* android: Implement get_contracts() method in IMC state objectTobias Brunner2014-10-141-0/+14
|
* android: libpts does not exist anymore, don't attempt to load itTobias Brunner2014-10-141-1/+0
|
* android: Update receive_message() to new imc_msg_t.receive() signatureTobias Brunner2014-10-131-2/+4
|
* libimcv: Add fallback if IPSEC_SCRIPT is not definedTobias Brunner2014-10-131-0/+4
| | | | This is the case on Android.
* libimcv: Updated Android.mk to latest Makefile.amTobias Brunner2014-10-132-0/+4
|
* android: Remove references to libptsTobias Brunner2014-10-133-8/+2
|
* libimcv: Remove reference to libptsTobias Brunner2014-10-131-1/+0
|
* libimcv: Fix Doxygen comments after merging libpts into libimcvTobias Brunner2014-10-1313-14/+20
|
* watcher: Doxygen comment fixedTobias Brunner2014-10-131-1/+1
|
* charon-systemd: Typo in log message fixedTobias Brunner2014-10-131-1/+1
|
* libimcv: Fix harcoded IMCV_DEFAULT_POLICY_SCRIPT nameAvesh Agarwal2014-10-132-2/+3
| | | | | | | | I came across an issue with src/libimcv/imcv.c where IMCV_DEFAULT_POLICY_SCRIPT is hardcoded. It fails where ipsec_script is renamed to, for example, strongswan from default ipsec.
* testing: Enable nat table for iptables on 3.17 kernelsTobias Brunner2014-10-131-2/+5
|
* ike: Do remote address updates also when behind static NATsTobias Brunner2014-10-131-4/+7
| | | | | | | | We assume that a responder is behind a static NAT (e.g. port forwarding) and allow remote address updates in such situations. The problem described in RFC 5996 is only an issue if the NAT mapping can expire.
* ike: Remove redundant check for local NAT when handling changed NAT mappingsTobias Brunner2014-10-131-6/+1
|
* testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID ↵5.2.1rc1Andreas Steffen2014-10-111-2/+2
| | | | Inventory attribute
* Support of multiple directed segmentation contractsAndreas Steffen2014-10-116-22/+133
|
* unit-tests: Updated MakefileAndreas Steffen2014-10-111-0/+1
|
* unit-tests: Added test for seg_contract_managerAndreas Steffen2014-10-111-0/+74
|
* Added KVM config for 3.16 and 3.17 kernelsAndreas Steffen2014-10-112-0/+4229
|
* Updated build-database.sh script to 3.13.0-37 kernelAndreas Steffen2014-10-111-1/+1
|
* testing: Ensure no guest is running when modifying imagesTobias Brunner2014-10-105-0/+16
| | | | | Sometimes guests are not stopped properly. If images are then modified they will be corrupted.
* testing: Enable virtio console for guestsTobias Brunner2014-10-109-16/+87
| | | | | | | | | | | This allows accessing the guests with `virsh console <name>`. Using a serial console would also be possible but our kernel configs have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though. So to avoid having to recompile the kernels let's do it this way, only requires rebuilding the guest images. References #729.
* Merge branch 'vici-ruby'Martin Willi2014-10-1024-37/+1374
|\ | | | | | | | | Adds a ruby gem for the VICI protocol, along with some documentation improvements and some minor fixes to vici and swanctl.
| * NEWS: Introduce the vici ruby gemMartin Willi2014-10-101-0/+5
| |
| * swanctl: Fix exit codes based on errnoMartin Willi2014-10-1013-20/+45
| | | | | | | | | | As fprintf() most likely sets errno, we should save it before printing the error message.
| * vici: Cancel processor before calling library_deinit()Martin Willi2014-10-101-0/+1
| | | | | | | | | | For non-direct libstrongswan users, the deinitialization segfaults because of the missing worker thread cancellation.
| * vici: Reduce debug level during thread spawningMartin Willi2014-10-101-0/+2
| | | | | | | | We want to avoid libvici users to get a cluttered stderr for no real error.
| * vici: Don't include-depend on libstrongswan for boolean typesMartin Willi2014-10-102-4/+2
| | | | | | | | | | | | | | | | As we want to avoid the libstrongswan include dependencies for libvici, avoid the use of the bool type. Unfortunately this change may break the ABI for vici_dump(). As this function is mostly for debugging purposes, we do it nonetheless; my apologies if somebody already relies on the ABI stability of that function.
| * vici: Document the ruby gem and add some simple examplesMartin Willi2014-10-101-0/+58
| |
| * vici: Add some simple libvici examples to the READMEMartin Willi2014-10-101-2/+116
| |
| * vici: Document the available vici command and event messagesMartin Willi2014-10-101-1/+509
| |
| * vici: Use "gem"-assisted vici ruby gem building and installationMartin Willi2014-10-105-1/+30
| |
| * configure: Add global --enable-ruby-gems and --with-rubygemdir optionsMartin Willi2014-10-101-0/+14
| | | | | | | | | | This provides the options to build and install ruby gems for components providing them, such as vici.
| * vici: Add a ruby gem providing a native vici interfaceMartin Willi2014-10-103-0/+586
| |
| * vici: Return a success result for the clear-creds commandMartin Willi2014-10-101-4/+1
| | | | | | | | | | Even if the command actually can't fail, this looks more aligned to similar commands.
| * vici: Fix message encoding type values in documentationMartin Willi2014-10-101-6/+6
|/
* ikev1: Add fragmentation support for Windows peersVolker Rümelin2014-10-103-13/+58
| | | | | | | | I still think ipsec/l2tp with fragmentation support is a useful fallback option in case the Windows IKEv2 connection fails because of fragmentation problems. Tested with Windows XP, 7 and 8.1.
* eap-radius: Add option to set interval for interim accounting updatesTobias Brunner2014-10-102-1/+15
| | | | | | Any interval returned by the RADIUS server in the Access-Accept message overrides the configured interval. But it might be useful if RADIUS is only used for accounting.
* NEWS: IKEv2 fragmentation mentionedTobias Brunner2014-10-101-0/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 05:00:05 +0000