aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * android: Make TrustedCertificateManager an ObservableTobias Brunner2016-04-271-8/+28
| | | | | | | | | | Observers are notified when the manager is reset (and initially when the certificates are first loaded).
| * android: Switch to AppCompat/Material theme for dialogsTobias Brunner2016-04-2710-61/+117
| | | | | | | | | | | | | | There is no AppCompatProgressDialog class as the use of ProgressDialog is discouraged (instead progress bars should be placed in the layout directly). To display the current ProgressDialog instances correctly on systems < 21 we modify the window background color.
| * android: Switch to AppCompat/Material theme and use custom Toolbar as AppBarTobias Brunner2016-04-2716-157/+184
| | | | | | | | | | Also includes some whitespace/formatting changes due to the switch to Android Studio.
| * android: Ignore build/ in project directoryTobias Brunner2016-04-271-0/+1
| |
| * android: Update platform tools and pull in support libsTobias Brunner2016-04-271-2/+4
| | | | | | | | | | | | | | We'll have to change some stuff that Google deprecated (e.g. the tabs in the ActionBar) and that requires changing the theme at least in activities. Since that would look a bit inconsistent we'll change it globally and use parts of the support library.
| * android: Update Android Gradle plugin and wrapperTobias Brunner2016-04-272-3/+3
|/
* testing: Use absolute path of imv_policy_managerAndreas Steffen2016-04-268-8/+9
|
* Updated products in IMV databaseAndreas Steffen2016-04-261-1/+146
|
* swanctl: list EAP type in --list-connsAndreas Steffen2016-04-261-3/+10
|
* testing: -D and -u options in sfdisk are not supported any moreAndreas Steffen2016-04-261-1/+1
|
* identification: Add support for dmdName RDN (2.5.4.54)Yannick Cann2016-04-253-0/+5
| | | | | | | It's listed in RFC 2256 but was later removed with RFC 4519, but there are still some certs that use it. Closes strongswan/strongswan#43.
* leak-detective: added _IO_file_doallocate to whitelistAndreas Steffen2016-04-241-0/+1
|
* swanctl: log errors to stderrAndreas Steffen2016-04-243-3/+3
|
* testing: updated testing.confAndreas Steffen2016-04-244-3/+7000
|
* pool: Use correct name to remove index for CHILD_SA TS in SQLite scriptTobias Brunner2016-04-181-1/+1
| | | | Fixes #1415.
* kernel-pfkey: Add support for manual prioritiesTobias Brunner2016-04-151-7/+24
| | | | Also orders policies with equals priorities by their automatic priority.
* kernel-pfkey: Update priority calculation formula to the new one in ↵Tobias Brunner2016-04-151-14/+25
| | | | | | | kernel-netlink Since the selectors are not exactly the same (no port masks, no interface) some small tweaks have been applied.
* kernel-netlink: Order policies with equal priorities by their automatic priorityTobias Brunner2016-04-151-11/+24
| | | | | | | | | | | | This allows using manual priorities for traps, which have a lower base priority than the resulting IPsec policies. This could otherwise be problematic if, for example, swanctl --install/uninstall is used while an SA is established combined with e.g. IPComp, where the trap policy does not look the same as the IPsec policy (which is now otherwise often the case as the reqids stay the same). It also orders policies by selector size if manual priorities are configured and narrowing occurs.
* Merge branch 'boringssl'Tobias Brunner2016-04-157-7/+12
|\ | | | | | | | | | | Adds some fixes to the openssl plugin to build against BoringSSL. Fixes #1374.
| * curl: Add TLS support if libcurl is built against BoringSSLTobias Brunner2016-04-151-1/+2
| | | | | | | | | | We don't have to rely on the openssl plugin and its threading initialization as BoringSSL is thread-safe out of the box.
| * openssl: BoringSSL does not support configurationTobias Brunner2016-04-151-0/+4
| | | | | | | | | | The other initialization functions are still defined but many are apparently no-ops (this is also true for the threading initialization).
| * openssl: The member storing the DH exponent length has been renamed in BoringSSLTobias Brunner2016-04-151-0/+4
| |
| * openssl: Use proper EVP macro to determine size of a hashTobias Brunner2016-04-152-2/+2
| |
| * android: Remove OPENSSL_NO_EC* definesTobias Brunner2016-04-151-3/+0
| | | | | | | | Current versions of OpenSSL/BoringSSL shipped with Android support ECC.
| * android: OPENSSL_NO_ENGINE is now properly defined in the headersTobias Brunner2016-04-151-1/+0
|/
* curl: Handle LibreSSL like OpenSSL in regards to multi-threadingTobias Brunner2016-04-151-1/+1
| | | | | LibreSSL is API compatible so our openssl plugin does not need any changes and it works fine with the curl plugin.
* configure: Replace two remaining usages of AC_HAVE_LIBRARY with AC_CHECK_LIBTobias Brunner2016-04-151-2/+2
|
* thread: Don't hold mutex when calling cleanup handlers while terminatingTobias Brunner2016-04-131-12/+14
| | | | | | | | | | This could interfere with cleanup handlers that try to acquire mutexes while other threads holding these try to e.g. cancel the threads. As cleanup handlers are only queued by the threads themselves we don't need any synchronization to access the list. Fixes #1401.
* testing: Added swanctl/rw-multi-ciphers-ikev1 scenarioAndreas Steffen2016-04-1211-0/+238
|
* Ignore Qt Creator project filesTobias Brunner2016-04-111-0/+5
| | | | Closes strongswan/strongswan#32.
* Version bump to 5.4.1dr15.4.1dr1Andreas Steffen2016-04-111-1/+1
|
* Merge branch 'kernel-policies'Andreas Steffen2016-04-1156-1653/+2565
|\
| * Extended IPsec kernel policy schemeAndreas Steffen2016-04-091-18/+53
| | | | | | | | | | | | | | | | The kernel policy now considers src and dst port masks as well as restictions to a given network interface. The base priority is 100'000 for passthrough shunts, 200'000 for IPsec policies, 300'000 for IPsec policy traps and 400'000 for fallback drop shunts. The values 1..30'000 can be used for manually set priorities.
| * testing: Added swanctl/manual_prio scenarioAndreas Steffen2016-04-0911-0/+277
| |
| * Include manual policy priorities and restriction to interfaces in vici ↵Andreas Steffen2016-04-092-1/+27
| | | | | | | | list-conn command
| * Implemented IPsec policies restricted to given network interfaceAndreas Steffen2016-04-098-14/+66
| |
| * Support manually-set IPsec policy prioritiesAndreas Steffen2016-04-098-22/+84
| |
| * peer-cfg: Use struct to pass data to constructorTobias Brunner2016-04-0916-200/+266
| |
| * child-cfg: Use struct to pass data to constructorTobias Brunner2016-04-0916-366/+362
| |
| * kernel-pfkey: Prefer policies with reqid over those withoutTobias Brunner2016-04-091-1/+7
| |
| * kernel-pfkey: Only install templates for regular IPsec policies with reqidTobias Brunner2016-04-091-32/+35
| |
| * testing: Add swanctl/net2net-gw scenarioTobias Brunner2016-04-0911-0/+204
| |
| * shunt-manager: Install "outbound" FWD policyTobias Brunner2016-04-091-2/+8
| | | | | | | | | | | | If there is a default drop policy forwarded traffic might otherwise not be allowed by a specific passthrough policy (while local traffic is allowed).
| * kernel-netlink: Prefer policies with reqid over those withoutTobias Brunner2016-04-091-1/+7
| | | | | | | | | | | | | | This allows two CHILD_SAs with reversed subnets to install two FWD policies each. Since the outbound policy won't have a reqid set we will end up with the two inbound FWD policies installed in the kernel, with the correct templates to allow decrypted traffic.
| * kernel-netlink: Only associate templates with inbound FWD policiesTobias Brunner2016-04-091-1/+1
| | | | | | | | | | | | We can't set a template on the outbound FWD policy (or we'd have to make it optional). Because if the traffic does not come from another (matching) IPsec tunnel it would get dropped due to the template mismatch.
| * child-sa: Install "outbound" FWD policyTobias Brunner2016-04-091-0/+16
| | | | | | | | | | | | | | If there is a DROP shunt that matches outbound forwarded traffic it would get dropped as the FWD policy we install only matches decrypted inbound traffic. That's because the Linux kernel first checks the FWD policies before looking up the OUT policy and SA to encrypt the packets.
| * kernel-netlink: Associate routes with IN policies instead of FWD policiesTobias Brunner2016-04-091-21/+21
| | | | | | | | | | | | This allows us to install more than one FWD policy. We already do this in the kernel-pfkey plugin (there the original reason was that not all kernels support FWD policies).
| * kernel: Use structs to pass information to the kernel-ipsec interfaceTobias Brunner2016-04-0912-983/+1140
|/
* testing: List conntrack table on sun in ikev2/host2host-transport-connmark ↵Tobias Brunner2016-04-061-0/+1
| | | | scenario
* testing: Version bump to 5.4.0Tobias Brunner2016-04-061-1/+1
| | | | References #1382.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 09:20:44 +0000