aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* libimcv: Add fallback if IPSEC_SCRIPT is not definedTobias Brunner2014-10-131-0/+4
| | | | This is the case on Android.
* libimcv: Updated Android.mk to latest Makefile.amTobias Brunner2014-10-132-0/+4
|
* android: Remove references to libptsTobias Brunner2014-10-133-8/+2
|
* libimcv: Remove reference to libptsTobias Brunner2014-10-131-1/+0
|
* libimcv: Fix Doxygen comments after merging libpts into libimcvTobias Brunner2014-10-1313-14/+20
|
* watcher: Doxygen comment fixedTobias Brunner2014-10-131-1/+1
|
* charon-systemd: Typo in log message fixedTobias Brunner2014-10-131-1/+1
|
* libimcv: Fix harcoded IMCV_DEFAULT_POLICY_SCRIPT nameAvesh Agarwal2014-10-132-2/+3
| | | | | | | | I came across an issue with src/libimcv/imcv.c where IMCV_DEFAULT_POLICY_SCRIPT is hardcoded. It fails where ipsec_script is renamed to, for example, strongswan from default ipsec.
* testing: Enable nat table for iptables on 3.17 kernelsTobias Brunner2014-10-131-2/+5
|
* ike: Do remote address updates also when behind static NATsTobias Brunner2014-10-131-4/+7
| | | | | | | | We assume that a responder is behind a static NAT (e.g. port forwarding) and allow remote address updates in such situations. The problem described in RFC 5996 is only an issue if the NAT mapping can expire.
* ike: Remove redundant check for local NAT when handling changed NAT mappingsTobias Brunner2014-10-131-6/+1
|
* testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID ↵5.2.1rc1Andreas Steffen2014-10-111-2/+2
| | | | Inventory attribute
* Support of multiple directed segmentation contractsAndreas Steffen2014-10-116-22/+133
|
* unit-tests: Updated MakefileAndreas Steffen2014-10-111-0/+1
|
* unit-tests: Added test for seg_contract_managerAndreas Steffen2014-10-111-0/+74
|
* Added KVM config for 3.16 and 3.17 kernelsAndreas Steffen2014-10-112-0/+4229
|
* Updated build-database.sh script to 3.13.0-37 kernelAndreas Steffen2014-10-111-1/+1
|
* testing: Ensure no guest is running when modifying imagesTobias Brunner2014-10-105-0/+16
| | | | | Sometimes guests are not stopped properly. If images are then modified they will be corrupted.
* testing: Enable virtio console for guestsTobias Brunner2014-10-109-16/+87
| | | | | | | | | | | This allows accessing the guests with `virsh console <name>`. Using a serial console would also be possible but our kernel configs have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though. So to avoid having to recompile the kernels let's do it this way, only requires rebuilding the guest images. References #729.
* Merge branch 'vici-ruby'Martin Willi2014-10-1024-37/+1374
|\ | | | | | | | | Adds a ruby gem for the VICI protocol, along with some documentation improvements and some minor fixes to vici and swanctl.
| * NEWS: Introduce the vici ruby gemMartin Willi2014-10-101-0/+5
| |
| * swanctl: Fix exit codes based on errnoMartin Willi2014-10-1013-20/+45
| | | | | | | | | | As fprintf() most likely sets errno, we should save it before printing the error message.
| * vici: Cancel processor before calling library_deinit()Martin Willi2014-10-101-0/+1
| | | | | | | | | | For non-direct libstrongswan users, the deinitialization segfaults because of the missing worker thread cancellation.
| * vici: Reduce debug level during thread spawningMartin Willi2014-10-101-0/+2
| | | | | | | | We want to avoid libvici users to get a cluttered stderr for no real error.
| * vici: Don't include-depend on libstrongswan for boolean typesMartin Willi2014-10-102-4/+2
| | | | | | | | | | | | | | | | As we want to avoid the libstrongswan include dependencies for libvici, avoid the use of the bool type. Unfortunately this change may break the ABI for vici_dump(). As this function is mostly for debugging purposes, we do it nonetheless; my apologies if somebody already relies on the ABI stability of that function.
| * vici: Document the ruby gem and add some simple examplesMartin Willi2014-10-101-0/+58
| |
| * vici: Add some simple libvici examples to the READMEMartin Willi2014-10-101-2/+116
| |
| * vici: Document the available vici command and event messagesMartin Willi2014-10-101-1/+509
| |
| * vici: Use "gem"-assisted vici ruby gem building and installationMartin Willi2014-10-105-1/+30
| |
| * configure: Add global --enable-ruby-gems and --with-rubygemdir optionsMartin Willi2014-10-101-0/+14
| | | | | | | | | | This provides the options to build and install ruby gems for components providing them, such as vici.
| * vici: Add a ruby gem providing a native vici interfaceMartin Willi2014-10-103-0/+586
| |
| * vici: Return a success result for the clear-creds commandMartin Willi2014-10-101-4/+1
| | | | | | | | | | Even if the command actually can't fail, this looks more aligned to similar commands.
| * vici: Fix message encoding type values in documentationMartin Willi2014-10-101-6/+6
|/
* ikev1: Add fragmentation support for Windows peersVolker Rümelin2014-10-103-13/+58
| | | | | | | | I still think ipsec/l2tp with fragmentation support is a useful fallback option in case the Windows IKEv2 connection fails because of fragmentation problems. Tested with Windows XP, 7 and 8.1.
* eap-radius: Add option to set interval for interim accounting updatesTobias Brunner2014-10-102-1/+15
| | | | | | Any interval returned by the RADIUS server in the Access-Accept message overrides the configured interval. But it might be useful if RADIUS is only used for accounting.
* NEWS: IKEv2 fragmentation mentionedTobias Brunner2014-10-101-0/+3
|
* Merge branch 'ikev2-fragmentation'Tobias Brunner2014-10-1036-1211/+2658
|\ | | | | | | This adds support for IKEv2 fragmentation as per RFC 7383.
| * testing: Add ikev2/net2net-fragmentation scenarioTobias Brunner2014-10-109-0/+116
| |
| * testing: Update ikev1/net2net-fragmentation scenarioTobias Brunner2014-10-101-2/+2
| |
| * message: Limit maximum number of IKEv2 fragmentsTobias Brunner2014-10-101-1/+11
| | | | | | | | | | | | | | | | The maximum for IKEv1 is already 255 due to the 8-bit fragment number. With an overhead of 17 bytes (x64) per fragment and a default maximum of 10000 bytes per packet the maximum memory required is 14 kB for a fragmented message.
| * packet: Define a global default maximum size for IKE packetsTobias Brunner2014-10-105-18/+9
| |
| * message: Ensure a minimum fragment lengthTobias Brunner2014-10-101-8/+18
| |
| * ikev2: Send retransmits using the latest known addressesTobias Brunner2014-10-101-1/+3
| | | | | | | | | | | | | | For instance, if a DPD exchange is initiated by the gateway when a mobile client is roaming and it then gets a new IP address and sends an address update via MOBIKE, the DPD retransmits would still be sent to the old address and the SA would eventually get closed.
| * ikev2: Send and receive fragmented IKE messagesTobias Brunner2014-10-101-44/+169
| | | | | | | | | | If a fragmented message is retransmitted only the first packet is passed to the alert() hook.
| * ike: IKE_SA may fragment IKEv2 messagesTobias Brunner2014-10-101-1/+1
| |
| * ike: Do not cache MID of IKEv2 fragmentsTobias Brunner2014-10-101-2/+3
| | | | | | | | | | This fails if there are unencrypted payloads before an encrypted fragment payload in the first fragment.
| * message: Fragment and reassemble IKEv2 messagesTobias Brunner2014-10-102-133/+366
| |
| * message: Handle encrypted fragment payload similar to the encrypted payloadTobias Brunner2014-10-101-16/+91
| |
| * ikev2: Add encrypted fragment payloadTobias Brunner2014-10-105-12/+455
| |
| * encrypted_payload: Encrypted payload can be constructed from plaintextTobias Brunner2014-10-102-0/+38
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-17 17:59:47 +0000