aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* implemented policy rules for OS IMVAndreas Steffen2013-06-2120-101/+3220
|
* check for zero-length device IDAndreas Steffen2013-06-211-0/+6
|
* ITA-HSR/Device ID attribute & IMV OS state machineAndreas Steffen2013-06-2110-169/+519
|
* execute an _imv_policy scriptAndreas Steffen2013-06-216-10/+127
|
* implemented IMV session controlAndreas Steffen2013-06-2121-429/+953
|
* Manage files and directoriesAndreas Steffen2013-06-214-122/+208
|
* Merge branch 'kernel-libipsec'Tobias Brunner2013-06-2123-42/+2039
|\ | | | | | | | | | | | | | | | | | | | | | | | | Adds a new kernel interface plugin that uses TUN devices and libipsec to provide IPsec process in userland. It works on Linux, FreeBSD and Mac OS X. In particular the latter two platforms may gain from this approach as their respective kernels don't provide support for AES-GCM. kernel-pfroute has been improved (source address lookup) and a second plugin (osx-attr) installs configuration attributes (currently DNS servers only) via SystemConfiguration on Mac OS X.
| * osx-attr: add plugin installing config attributes using SystemConfigurationMartin Willi2013-06-217-0/+468
| | | | | | | | | | Currently installs DNS servers only, by prepending IP addresses to the DNS configuration of the primary networking service.
| * kernel-pfroute: Simplify route lookup after fixing sockaddr parsingTobias Brunner2013-06-211-90/+19
| |
| * kernel-pfroute: Alignment of sockaddrs is not always the sameTobias Brunner2013-06-211-1/+8
| |
| * kernel-pfroute: struct sockaddr arguments are 4 byte alignedTobias Brunner2013-06-211-4/+8
| | | | | | | | | | | | | | | | | | This was noticed on Mac OS X where, if the default route is returned, RTA_NETMASK has sa_len set to 0, but skipping zero bytes to read the next address makes no sense, of course. Using 0 for sa_len seems a bit strange, in particular, because struct sockaddr has by definition a minimum length of 16 bytes. But it seems FreeBSD actually does the same.
| * kernel-libipsec: Ignore failures when installing routes for multicast or ↵Tobias Brunner2013-06-211-1/+23
| | | | | | | | broadcast policies
| * kernel-pfroute: Improve route lookup depending on information we get backTobias Brunner2013-06-211-12/+96
| | | | | | | | Kernels don't provide the same information for all routes.
| * kernel-pfroute: Try to ensure we get a source address or interface nameTobias Brunner2013-06-211-0/+6
| |
| * ike: Force NAT-T/UDP encapsulation if kernel interface requires itTobias Brunner2013-06-212-5/+32
| |
| * kernel-libipsec: Add a feature to request UDP encapsulation of ESP packetsTobias Brunner2013-06-212-0/+9
| |
| * tun-device: Packets sent over utun devices on Mac OS X have the protocol ↵Tobias Brunner2013-06-211-0/+11
| | | | | | | | family prepended
| * kernel-pfroute: Use DST as nexthop for host routesTobias Brunner2013-06-211-0/+6
| | | | | | | | These are created as cache/clone on Mac OS X.
| * kernel-pfroute: Implement get_source_addr()Tobias Brunner2013-06-211-12/+27
| |
| * kernel-pfroute: Properly install routes with interface and gatewayTobias Brunner2013-06-211-5/+6
| |
| * kernel-libipsec: Install a gateway for routes on platforms other than LinuxTobias Brunner2013-06-211-9/+26
| | | | | | | | This seems required e.g. on FreeBSD but doesn't work on Linux.
| * kernel-pfroute: Activate TUN device before setting addressTobias Brunner2013-06-211-1/+1
| | | | | | | | | | On FreeBSD, for some reason, we don't learn the interface is up otherwise. Even though ifconfig lists it as up at the same time.
| * tun-device: Avoid opening /dev/tunX multiple times (e.g. on FreeBSD)Tobias Brunner2013-06-211-2/+6
| |
| * kernel-libipsec: Router reads packets from multiple TUN devicesTobias Brunner2013-06-214-16/+268
| | | | | | | | These devices are collected via kernel_listener_t interface.
| * kernel-libipsec: Use separate class to route packets between charon, ↵Tobias Brunner2013-06-214-74/+188
| | | | | | | | libipsec and TUN device
| * kernel-pfroute: Raise tun event when creating/destroying TUN devices for ↵Tobias Brunner2013-06-211-1/+6
| | | | | | | | virtual IPs
| * kernel: Add an event kernel interfaces can raise if they create/destroy a ↵Tobias Brunner2013-06-213-5/+43
| | | | | | | | TUN device
| * printf-hook: Avoid double-free when freeing Vstr configTobias Brunner2013-06-211-1/+0
| | | | | | | | | | | | | | Thread-specific objects get freed when the thread value object is destroyed (wasn't the case earlier, i.e. before 2b19dd35), which may cause the second call to vstr_free_conf() to fail in an assert in Vstr (depending on how it was built).
| * kernel-libipsec: Track policies and automatically install routesTobias Brunner2013-06-211-5/+455
| | | | | | | | | | | | | | | | The routes direct traffic matching the remote traffic selector to the TUN device. If the remote traffic selector includes the IKE peer a very specific route is installed to allow IKE traffic.
| * kernel-libipsec: Handle packets between charon socket, libipsec and TUN deviceTobias Brunner2013-06-211-0/+85
| |
| * kernel-libipsec: Create a TUN device and use it to install virtual IPsTobias Brunner2013-06-212-0/+40
| |
| * kernel-libipsec: Add plugin that implements kernel_ipsec_t using libipsecTobias Brunner2013-06-217-0/+400
| |
| * kernel-netlink: Routes don't require a gateway/nexthopTobias Brunner2013-06-211-5/+9
|/
* charon-cmd: Document auxiliary optionsTobias Brunner2013-06-211-0/+15
|
* charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pagesTobias Brunner2013-06-212-4/+33
|
* charon-cmd: Use fixed number of character to align command descriptionsTobias Brunner2013-06-211-16/+15
| | | | | If the command and argument is longer than that write the first line of description to the following line.
* charon-cmd: Shortened and fixed command descriptionsTobias Brunner2013-06-211-2/+2
|
* charon-cmd: Simplify usage output for authentication profilesTobias Brunner2013-06-211-11/+3
| | | | The man page describes the min full.
* charon-cmd: Add Aggressive Mode profiles to man pageTobias Brunner2013-06-211-6/+10
|
* charon-cmd: Add man page for charon-cmd(8)Tobias Brunner2013-06-212-0/+123
|
* charon-cmd: Add --debug argument to set the default log levelTobias Brunner2013-06-213-2/+13
|
* charon-cmd: Handle simple command line arguments like --help before the othersTobias Brunner2013-06-211-3/+14
|
* plugin-loader: Move logging of failed features to status()Tobias Brunner2013-06-211-7/+11
| | | | | | | | | Still log an error message if critical features fail, as loaded plugins/features are not logged in that case. This way loaded plugins are printed before failed features and the relation is easier to make for users. It also allows programs to log this message on a different level.
* plugin-loader: Add method to print loaded plugins on a given log levelTobias Brunner2013-06-2110-4/+26
|
* plugin-loader: Collect statistics while loading features, print them in case ↵Tobias Brunner2013-06-211-69/+40
| | | | | | | features failed to load There is no need to explicitly search for failed features in critical plugins as this is now detected while loading the features.
* plugin-loader: Use different log level if failed feature is in critical pluginTobias Brunner2013-06-211-2/+16
|
* plugin-loader: Log message when failing to load pluginTobias Brunner2013-06-211-0/+8
|
* plugin-loader: Reduce verbosity while loading pluginsTobias Brunner2013-06-211-4/+4
|
* Fix crash if the initiator has no suitable proposal availableTobias Brunner2013-06-211-0/+5
| | | | Could be triggered with a typo in the ike or esp options when ! is used.
* Merge branch 'unit-tests-ecdsa'Martin Willi2013-06-2117-160/+866
|\ | | | | | | | | | | Adds support for testing plugin functionality to test-runner. Introduces some good/bad tests for ECDSA/RSA which would have caught those RSA/ECDSA signature vulnerabilities.
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-07 05:21:48 +0000