aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * starter: Explicitly allow @# at the beginning of stringsTobias Brunner2014-06-192-1/+4
| | | | | | | | | | Since we treat everything after # as comment identities of type ID_KEY_ID couldn't be parsed otherwise, unless quoted.
| * starter: Add --conftest option to test ipsec.conf syntaxTobias Brunner2014-06-191-0/+27
| |
| * starter: Remove old parserTobias Brunner2014-06-196-545/+4
| |
| * starter: Use new parser to read config fileTobias Brunner2014-06-194-769/+493
| |
| * starter: Move kw_entry_t definitionTobias Brunner2014-06-192-9/+10
| |
| * starter: Remove unused ARG_LST argument typeTobias Brunner2014-06-192-147/+5
| |
| * starter: Add tests for ipsec.conf parserTobias Brunner2014-06-197-0/+608
| |
| * unit-tests: Make fixture functions optionalTobias Brunner2014-06-191-2/+8
| |
| * starter: Add new bison/flex based parser for ipsec.confTobias Brunner2014-06-197-12/+1257
| | | | | | | | | | | | | | | | | | The parser simply returns key/value pairs of all sections, it already resolves also= and allows overriding options in all included sections (not only %default), options set in included section can also be cleared again (key=). It provides other improvements too, like quoted strings (with escape sequences), unlimited includes and better whitespace/comment handling.
| * starter: Remove out of date READMETobias Brunner2014-06-191-101/+0
| |
| * collections: Add interface for read-only dictionariesTobias Brunner2014-06-192-1/+56
| |
| * hashtable: Add destroy_function methodTobias Brunner2014-06-192-11/+37
|/
* stroke: Add --daemon optionTobias Brunner2014-06-191-124/+154
|
* starter: Use stream abstraction to communicate with stroke pluginTobias Brunner2014-06-191-33/+16
|
* stroke: Use stream abstraction to communicate with stroke pluginTobias Brunner2014-06-191-43/+23
| | | | | Without this changing charon.plugins.stroke.socket would not really work.
* winhttp: Fix a typo to properly release connection handleMartin Willi2014-06-191-1/+1
| | | | Fixes a rather large memory leak in HTTP fetches.
* load-tester: Add a crl option to include a CRL uri in generated certificatesMartin Willi2014-06-191-1/+21
|
* bus: Properly va_copy() argument list before passing it to printf() functionsMartin Willi2014-06-191-1/+3
| | | | | | | | As we later potentially use args again, we can't consume it with printf functions without copying it first. Clone list before passing it to any consuming function. Fixes #621.
* child-sa: Set replay window on both inbound and outbound SAMartin Willi2014-06-181-6/+2
| | | | | | | | While the outbound SA actually does not need a replay window, the kernel rejects zero replay windows on SAs using ESN. The ESN flag is required to use the full sequence number in ICV calculation, hence we set the replay window. This restores the behavior we had before 30c009c2.
* kernel-netlink: Never use XFRMA_REPLAY_ESN_VAL to configure zero replay windowsMartin Willi2014-06-181-1/+1
| | | | | | Trying to disable replay windows using the ESN attribute fails with EINVAL. Use non-ESN legacy format to disable replay windows, even if ESN has been negotiated over IKE.
* Added swanctl/net2net-route scenarioAndreas Steffen2014-06-189-0/+145
|
* Added swanctl/net2net-start scenarioAndreas Steffen2014-06-189-0/+140
|
* Minor changes in swanctl scenariosAndreas Steffen2014-06-187-5/+8
|
* The policy_started check is not needed any moreAndreas Steffen2014-06-181-4/+0
|
* Added swanctl --list-pols and swanctl --stats do scenario logAndreas Steffen2014-06-181-3/+12
|
* testing: Delete accidentally committed test casesTobias Brunner2014-06-1857-920/+0
|
* ikev1: Allow late connection switching based on XAuth usernameTobias Brunner2014-06-181-6/+0
|
* identification: Only use either , or / to separate RDNsTobias Brunner2014-06-182-7/+17
| | | | | If a DN starts with a slash (or whitespace and a slash) slashes will be used, otherwise commas.
* sshkey: Fix loading of ECDSA keys from filesTobias Brunner2014-06-182-3/+3
|
* sshkey: Add support to parse SSH public keys from files with left|rightsigkeyTobias Brunner2014-06-183-3/+59
|
* Merge branch 'vici-stats'Martin Willi2014-06-174-1/+277
|\ | | | | | | | | Add a vici/swanctl "stats" command to print daemon info, similar to the header shown in "ipsec statusall".
| * vici: Support memory stats without leak-detective on WindowsMartin Willi2014-06-171-0/+53
| |
| * swanctl: Add a --stats command to print daemon infos and statisticsMartin Willi2014-06-173-1/+120
| |
| * vici: Add a stats command returning various daemon infos and statisticsMartin Willi2014-06-171-0/+104
|/
* swanctl: Support private key decryption passhprases in swanctl.confMartin Willi2014-06-172-23/+145
| | | | | | | While there is no real security benefit of storing private keys encrypted if the passphrase is stored along with it, there still seems to be demand for this functionality. We add it for compatibility with ipsec.secrets, even if it is not really recommended.
* Merge branch 'conn-specific-replay'Martin Willi2014-06-1725-65/+137
|\ | | | | | | | | | | Introduces a connection specific replay_window option, overriding the global charon.replay_window strongswan.conf option. Original patch courtesy of Zheng Zhong and Christophe Gouault from 6Wind.
| * NEWS: Mention replay_window ipsec.conf optionMartin Willi2014-06-171-0/+4
| |
| * swanctl: Document replay_window optionMartin Willi2014-06-171-0/+7
| |
| * vici: Support a replay_window CHILD_SA optionMartin Willi2014-06-171-0/+16
| |
| * starter: Add a replay_window connection optionMartin Willi2014-06-178-0/+12
| |
| * kernel-pfkey: Support connection specific replay window sizes up to 32 packetsMartin Willi2014-06-171-1/+1
| |
| * kernel-netlink: Support connection specific replay window sizesMartin Willi2014-06-171-39/+16
| |
| * kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-1712-25/+43
| |
| * child-cfg: Store connection specific replay window on CHILD_SA configMartin Willi2014-06-172-0/+38
|/
* Merge branch 'win-errno'Martin Willi2014-06-172-65/+278
|\ | | | | | | Improves errno handling for Winsock2 compatibility functions.
| * windows: Declare strerror_s()Martin Willi2014-06-171-0/+5
| | | | | | | | | | Older MinGW versions seem to miss this function declaration. Fixes build on Travis using Ubuntu 12.04.
| * windows: Extend strerror_r/s by extended POSIX errno stringsMartin Willi2014-06-172-0/+66
| |
| * windows: Implement strerror_r using strerror_sMartin Willi2014-06-171-0/+9
| |
| * windows: Wrap most Winsock2 Posix functions to set errnoMartin Willi2014-06-172-65/+198
|/ | | | | | While Winsock provides many Posix compatibility functions, they do not set errno, but use WSAGetLastError() for error reporting. The wrapped functions derive an errno from WSAGetLastError() on failure.
* watcher: Prevent race condition spawning multiple watcher threadsMartin Willi2014-06-171-1/+3
| | | | | | | | If file descriptors get added and removed in rapid succession, the active watcher thread might not take notice of it and continues running. However, add() spawns a watcher thread whenever a file descriptor is added to an empty set. This could result in multiple watcher threads, which is fixed by a proper check for running watchers.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 06:55:52 +0000