aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version bump to 5.3.4dr35.3.4dr3Andreas Steffen2015-11-101-1/+1
|
* testing: Fixed some more timing issuesAndreas Steffen2015-11-1010-8/+10
|
* kernel-netlink: Allow IPsec policies to replace shunt policiesTobias Brunner2015-11-101-3/+3
| | | | | Shunt policies don't have a reqid set, so we allow unequal reqids in this particular case (i.e. if one of the reqids is 0).
* kernel-pfkey: Make absolutely sure we always delete the right policy cache entryTobias Brunner2015-11-101-3/+8
|
* kernel-netlink: Make absolutely sure we always delete the right policy cache ↵Tobias Brunner2015-11-101-2/+9
| | | | entry
* kernel-interface: Pass the same data to del_policy() that was passed to ↵Tobias Brunner2015-11-1012-150/+162
| | | | | | | add_policy() The additional data can be helpful to identify the exact policy to delete.
* kernel-netlink: Remove the unused policy_history flagTobias Brunner2015-11-101-41/+20
| | | | This was used with pluto, which had its own policy tracking.
* kernel-interface: Return bool for kernel interface registrationThomas Egerer2015-11-104-20/+40
| | | | | | | | If the (un)registering of a kernel interface (net or ipsec) fails, the plugin loader will never know, since the appropriate functions always returns TRUE. By making the (un)register functions return a boolean value, the loader can detect a failure during initializing the kernel interface and abort charon startup if desired.
* trap-manager: Also clean up remote address in error casesTobias Brunner2015-11-101-0/+2
| | | | Fixes #1201.
* traffic-selector: Don't end printf'ed list of traffic selectors with a spaceTobias Brunner2015-11-1011-22/+21
|
* swanctl: Add option to query leases with --get-poolsTobias Brunner2015-11-101-3/+29
|
* vici: Add option to query leases of poolsTobias Brunner2015-11-102-3/+36
| | | | | We could later perhaps add filter parameters similar to those of the `ipsec leases` command (pool name/virtual IP).
* swanctl: List virtual IPs in --list-sasTobias Brunner2015-11-101-1/+11
|
* vici: Return local and remote virtual IPs when listing SAsTobias Brunner2015-11-102-0/+36
|
* socket-dynamic: Refactor setting source address when sending messagesTobias Brunner2015-11-091-32/+62
| | | | Basically the same change as the one for the socket-default plugin.
* socket-default: Refactor setting source address when sending messagesTobias Brunner2015-11-091-46/+107
| | | | | | | | | | | This ensures we don't pass data (via msg_control) defined in a different scope to sendmsg(). Actually, some compilers (e.g. GCC 5.2.1) might optimize the memcpy() call away causing the packets not to get sent from the intended source address. It also makes the code clearer than with all these ifdefs. Fixes #1171.
* socket-default: Refactor retrieval of destination address of received packetsTobias Brunner2015-11-091-39/+89
| | | | This makes the code a bit clearer than with the interleaved ifdefs.
* Merge branch 'medsrv-js-css'Tobias Brunner2015-11-098-376/+18
|\ | | | | | | | | | | | | Removes the outdated version of MooTools and actually all JavaScript code as that stuff can now be done with CSS directly. Fixes #1190.
| * medsrv: Replace remaining JavaScript code with CSSTobias Brunner2015-11-094-371/+14
| |
| * medsrv: Replace the JavaScript focus() calls with HTML5's autofocusTobias Brunner2015-11-095-5/+4
|/
* conftest: Add configuration option to report milliseconds in file loggerTobias Brunner2015-11-091-2/+4
|
* file-logger: Add option to print milliseconds within the current second ↵Tobias Brunner2015-11-095-13/+40
| | | | | | | | after timestamp For this to look right time_format should end with %S or %T. Closes strongswan/strongswan#18.
* ike-natd: Create fake NAT-D payloads in a more static wayTobias Brunner2015-11-091-20/+8
| | | | | | | | | | | | | | | In some scenarios an IKE_SA might get restarted multiple times (e.g. due to retransmits and delayed INVALID_KE_PAYLOAD notifies) so that two IKE_SA_INIT messages might be sent that only differ in the previously randomly generated NAT_DETECTION_SOURCE_IP payload. This could cause an authentication failure on the responder if the two peers don't use the same IKE_SA_INIT message in their InitiatorSignedOctets. While the payload is generated in a reproducible way it will still change when the daemon is restarted, which should make detecting the payloads as fake a bit harder (compared to e.g. just using 0.0.0.0:0 as address). Fixes #1131.
* testing: Added Debian 7.9 to IMV database5.3.4dr2Andreas Steffen2015-11-091-0/+48
|
* testing: Reduce runtime of all tests that use SQLite databases by storing ↵Tobias Brunner2015-11-09161-312/+319
| | | | them in ramfs
* testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNCTobias Brunner2015-11-094-114/+1
|
* testing: Add test config to create and remove a directory for DBs stored in ↵Tobias Brunner2015-11-091-1/+23
| | | | ramfs
* testing: Improve runtime of TNC tests by storing the SQLite DB in ramfsTobias Brunner2015-11-0914-9/+30
| | | | This saves about 50%-70% of the time needed for scenarios that use a DB.
* testing: Fix test constraints in ikev2/rw-ntru-bliss scenarioTobias Brunner2015-11-091-4/+4
| | | | | Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes").
* testing: Use sha3 plugin in ikev2/rw-cert scenarioAndreas Steffen2015-11-093-3/+3
|
* mediation: Reschedule initiate mediation job if SA is not yet foundTobias Brunner2015-11-091-0/+4
| | | | | | | | | If the job gets queued for a newly created IKE_SA it might not yet be checked in when the job is running, reschedule the job in that case. This should fix the two p2pnat test scenarios, which occasionally failed because one of the peers did not initiate the connection to the mediation server.
* testing: Report the actual strongSwan and kernel versionsTobias Brunner2015-11-091-0/+6
|
* testing: Record strongSwan version when building from tarballTobias Brunner2015-11-091-0/+1
|
* testing: Record strongSwan version when building from source treeTobias Brunner2015-11-091-0/+11
|
* testing: Report time required for all scenarios on test overview pageTobias Brunner2015-11-091-4/+13
|
* ike-sa-manager: Signal entries that we don't actually check outTobias Brunner2015-11-091-1/+8
| | | | | | | | | In some cases we call wait_for_entry() but don't actually check out the entry afterwards (e.g. because it doesn't match certain criteria). So there won't be a call to checkin() for such entries causing waiting threads to get signaled. Instead, such threads would be blocked until another thread properly checks out/in the entry (or does a blocking enumeration).
* ike-sa-manager: Signal waiting threads after check out/in for uniqueness checkTobias Brunner2015-11-091-0/+3
| | | | Fixes 758b1caa0e75 ("ikev1: Prevent deadlock when checking for duplicate IKEv1 SAs")
* testing: Remove old SWID tags when building from repositoryTobias Brunner2015-11-091-0/+3
| | | | This fixes the TNC-PDP scenarios.
* testing: Don't log anything to the console if auth.log or daemon.log do not ↵Tobias Brunner2015-11-091-2/+2
| | | | exist
* testing: Simplify fetching of swanctl --list-* outputTobias Brunner2015-11-091-20/+8
|
* testing: Don't run redundant crypto tests in sql/rw-cert scenarioTobias Brunner2015-11-091-4/+1
| | | | | They run in all other rw-cert scenarios but in the SQL version there is no change in the loaded crypto plugins.
* testing: Fix CRL URIs in ipv6/net2net-ip4-in-ip6-ikev* scenariosTobias Brunner2015-11-092-2/+2
|
* testing: Speed up OCSP scenariosTobias Brunner2015-11-093-4/+4
| | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately.
* testing: Speed up ifdown calls in ikev2/mobike scenariosTobias Brunner2015-11-093-1/+13
| | | | | | ifdown calls bind's rndc, which tries to access TCP port 953 on lo. If these packets are dropped by the firewall we have to wait for the TCP connections to time out, which takes quite a while.
* testing: Avoid delays with ping by using -W and -i optionsTobias Brunner2015-11-0933-55/+55
| | | | | | With -W we reduce timeouts when we don't expect a response. With -i the interval between pings is reduced (mostly in case of auto=route where the first ping yields no reply).
* testing: Remove nearly all sleep calls from pretest and posttest scriptsTobias Brunner2015-11-09303-452/+500
| | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
* ikev1: Fix calculation of DPD timeoutTobias Brunner2015-11-091-0/+2
| | | | | A DPD timeout job is queued whenever a DPD is sent, i.e. after the DPD delay already has elapsed, so we have to compensate for that.
* testing: Adapt tests to retransmission settings and reduce DPD delay/timeoutTobias Brunner2015-11-0926-43/+43
|
* ipsec: Quit script quicker for ipsec stopTobias Brunner2015-11-091-2/+2
| | | | | | | It rarely takes 1 second or longer to terminate the daemon. This decreases the runtime of the post test step a lot where `ipsec stop` is called for multiple hosts in each test case (10-15 minutes over all test cases).
* testing: Only send two retransmits after 1 second each to fail negative ↵Tobias Brunner2015-11-091-0/+6
| | | | tests earlier
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 10:30:40 +0000