aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* testing: Fix URL to TNC@FHH project in scenario descriptionsTobias Brunner2015-05-056-8/+8
|
* testing: Update TKM assert stringsReto Buerki2015-05-057-10/+10
|
* testing: Update alog to version 0.3.1Reto Buerki2015-05-051-1/+1
|
* testing: Update tkm to version 0.1.2Reto Buerki2015-05-051-1/+1
|
* testing: Update tkm-rpc to version 0.2Reto Buerki2015-05-051-1/+1
|
* child-create: Destroy nonceg in migrate()Tobias Brunner2015-05-051-1/+2
| | | | | Since another nonce gets allocated later (if any was allocated already) this would have resulted in a leaked nonce context ID when used in charon-tkm.
* child-create: Fix error handling if nonceg can't be createdTobias Brunner2015-05-051-14/+12
| | | | As with ike-init we can't return NULL in the task constructor.
* ike-init: Fix error handling if nonceg can't be createdTobias Brunner2015-05-051-13/+21
| | | | | | Returning FAILED in the constructor is wrong, but returning NULL doesn't work either as it's currently assumed tasks always can be created. Therefore, delay this check until we actually try to allocate a nonce.
* ike-init: Fix compiler warningTobias Brunner2015-05-051-2/+0
|
* swanctl: Fix --uri optionMartin Willi2015-05-051-9/+36
| | | | | | | As we now pass the vici connection to the command dispatcher callback, we can't parse the --uri option to create the connection from the same callback. Instead pre-process the common command options in a separate loop, and ignore the same options while processing the actual command.
* Merge branch 'tkm-fixes'Tobias Brunner2015-05-0413-96/+230
|\ | | | | | | | | This fixes several issues with charon-tkm (e.g. nonce context ID leaks during rekey collisions).
| * charon-tkm: Also store local SPI in SADAdrian-Ken Rueegsegger2015-05-044-27/+36
| |
| * ike-init: Make nonceg a member of ike_init structReto Buerki2015-05-041-20/+17
| | | | | | | | | | | | | | This allows to control the life-cycle of a nonce in the context of the ike init task. In the TKM use-case the nonce generator cannot be destroyed before the ike init task is finalized, otherwise the created nonce is detected as stale.
| * child-create: Make nonceg a member of child_create structReto Buerki2015-05-041-12/+16
| | | | | | | | | | | | | | | | This allows to control the life-cycle of a nonce in the context of the child create task. In the TKM use-case, it is required to reset the nonce context if the created nonce is not consumed. This happens if the child SA negotiation fails and it is detected before the SA is established via the TKM kernel plugin (i.e. rekey collision).
| * charon-tkm: Reset stale nonce contextsReto Buerki2015-05-042-18/+30
| | | | | | | | | | | | | | | | | | | | | | If the nonce generator detects a stale nonce upon destroy(), it resets the context in the TKM and releases associated resources in the ID manager and chunk map. Also, do not acquire the nonce context ID in tkm_nonceg_create function but rather when the nonce is actually created by get_nonce(). The nonces created with get_nonce must also be registered in the chunk map.
| * charon-tkm: Drop unneeded nonceg get_id functionReto Buerki2015-05-043-16/+0
| |
| * charon-tkm: Remove ESA nonce mappings from chunk mapAdrian-Ken Rueegsegger2015-05-041-0/+2
| |
| * charon-tkm: Drop obsolete TKM_LIMIT defineReto Buerki2015-05-041-2/+0
| |
| * charon-tkm: Select other ESA if any is present upon deletionAdrian-Ken Rueegsegger2015-05-041-1/+12
| | | | | | | | | | In the case that multiple ESAs exist (e.g. rekey collision) for a security policy, make sure to select one of the remaining ESAs.
| * charon-tkm: Add get_other_esa_id function to TKM kernel SADAdrian-Ken Rueegsegger2015-05-043-0/+103
| | | | | | | | | | The function gets the ESA id for another entry associated with the same security policy as the specified ESA.
| * charon-tkm: Only skip creation of first child SAAdrian-Ken Rueegsegger2015-05-041-0/+9
| | | | | | | | | | | | Use the new is_first boolean parameter of the ALERT_KEEP_ON_CHILD_SA_FAILURE alert to determine if the failure was caused by the first CHILD SA.
| * Add bool param to ALERT_KEEP_ON_CHILD_SA_FAILURE alertAdrian-Ken Rueegsegger2015-05-042-3/+8
| | | | | | | | | | The parameter indicates if the alert is raised upon failure to establish the first CHILD SA of an IKE SA.
| * charon-tkm: Fix SAD insertion when adding ESAAdrian-Ken Rueegsegger2015-05-041-1/+1
|/ | | | | Commit f5fc592 added the reqid to the SAD. The insert call swapped the order of the esa_id and reqid parameters.
* vici: Default to certificate subject for identityTimo Teräs2015-05-041-0/+37
| | | | | | | | If id is not specified and certificate authentication is used, use the certificate subject name as identity. Simplifies configuration as in most cases this is the right thing to do. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* swanctl: Implement monitoring of IKE_SA and CHILD_SA changesTimo Teräs2015-05-042-2/+84
| | | | Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* vici: Add support for ike_sa and child_sa updown notificationsTimo Teräs2015-05-043-0/+137
| | | | | | Useful for monitoring and management purposes. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* vici: Add function to test if an event should be generatedTimo Teräs2015-05-042-0/+74
| | | | | | | Useful to avoid generating vici messages if they are not needed and their generation is heavy operation. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* swanctl: Add missing unit in install-time logRomain Francoise2015-05-041-1/+1
|
* init: Don't build/install legacy systemd service if charon isn't builtRomain Francoise2015-05-041-0/+2
| | | | | | If the user configures the build to only include charon-systemd the "legacy" systemd service isn't useful, so skip its generation and installation.
* crypt-burn: free() associated data after testMartin Willi2015-05-041-0/+1
|
* testing: Updated carol's certificate from research CA and dave's certificate ↵5.3.1dr1Andreas Steffen2015-04-2652-846/+898
| | | | from sales CA
* testing: Wait for DH crypto tests to completeAndreas Steffen2015-04-268-8/+8
|
* imv_policy_manager: Added capability to execute an allow or block shell ↵Andreas Steffen2015-04-2610-3/+59
| | | | command string
* testing: Migration of KVM framework to Linux 4.x kernelAndreas Steffen2015-04-253-5/+2207
|
* Version bump to 5.3.1dr1Andreas Steffen2015-04-241-1/+1
|
* Fixed PB-TNC directionality debug messageAndreas Steffen2015-04-241-1/+1
|
* ike-vendor: Add some Microsoft vendor IDsTobias Brunner2015-04-211-0/+10
|
* apidoc: Fix rebuild in out-of-tree buildsTobias Brunner2015-04-201-1/+1
|
* leak-detective: Use passed callback to report leaksTobias Brunner2015-04-201-2/+2
| | | | | | | | This prevented `stroke memusage` from reporting the leaks on the console. Instead, they were sent to the callbacks set up by libstrongswan. Fixes a426851f6362 ("leak-detective: Use callback functions to report leaks and usage information").
* openssl: Don't refer to EVP_des_ecb() if OpenSSL is built without DES supportTobias Brunner2015-04-171-0/+2
| | | | | | While DES-ECB is not registered by the plugin in this case (so the function will never actually be called), the compiler still warns about the implicitly declared function.
* apidoc: Fix make target dependency find precedenceMartin Willi2015-04-161-1/+1
|
* Merge branch 'utils-split'Martin Willi2015-04-1626-1757/+2180
|\ | | | | | | | | | | | | | | Split up the almighty utils.[ch] to separate files in the utils/utils subfolder. These are not meant to include manually, but bring back some order to all this functionality included through utils.h. Additionally give some love to apidoc generation.
| * apidoc: Conditionally run doxygen if any header/Markdown files have changedMartin Willi2015-04-161-2/+4
| |
| * apidoc: Set QUIET to YES, suppressing any parsing/generating status outputMartin Willi2015-04-161-1/+1
| | | | | | | | | | As WARNING messages still get printed, this makes spotting any warnings much simpler.
| * apidoc: Enable documentation of static functionsMartin Willi2015-04-161-1/+1
| | | | | | | | | | As we scan for header files only, this does not affect any local functions, but documents any static inlines we define in header files.
| * strerror: Move to its own Doxygen subgroupMartin Willi2015-04-161-1/+2
| |
| * utils: Clean up includesMartin Willi2015-04-162-36/+31
| |
| * align: Move min/max/padding/alignment functions to separate filesMartin Willi2015-04-166-109/+154
| |
| * time: Move time related functions to separate filesMartin Willi2015-04-166-191/+238
| |
| * object: Move OO programming helper macros to a separate header fileMartin Willi2015-04-163-107/+128
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 07:02:04 +0000