aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon-nm
Commit message (Collapse)AuthorAgeFilesLines
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-262-37/+45
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-262-14/+24
|
* child-cfg: Use flags for boolean optionsTobias Brunner2017-05-231-1/+1
| | | | Makes it potentially easier to add new flags.
* charon-nm: Fix typo to actually use random NAT-T portTobias Brunner2017-05-191-1/+1
| | | | Fixes: af16b5afb0ee ("Use random ports in NetworkManager backend")
* charon-nm: IKE/ESP proposal customization supportDefunct2017-05-081-5/+59
| | | | Closes strongswan/strongswan#69.
* daemon: Use separate method to set default loggersTobias Brunner2017-01-251-1/+1
| | | | | This way it is not necessary to pass the same values to reload the loggers.
* nm: Enable IKE fragmentationTobias Brunner2016-10-201-1/+1
|
* nm: Add D-Bus policy to the distributionTobias Brunner2016-10-141-0/+2
|
* nm: Make global CA directory configurableTobias Brunner2016-10-041-1/+2
|
* nm: Remove dummy TUN deviceTobias Brunner2016-10-041-36/+0
| | | | | Recent NM releases don't insist on getting a device back from VPN plugins.
* nm: Pass external gateway to NMTobias Brunner2016-09-051-1/+8
| | | | This seems to be required by newer versions.
* nm: Enforce min. length for PSKs in backendTobias Brunner2016-09-051-0/+10
|
* nm: Don't do <deny send_interface="..." /> in dbus service fileLubomir Rintel2016-09-051-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally. This blocks messages completely unrelated to strongSwan's VPN plugin, such as NetworkManager communication with the VPN plugins. From the dbus-daemon manual: Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/> We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway. Closes strongswan/strongswan#42.
* nm: Move the D-Bus policy to charon-nmLubomir Rintel2016-09-052-0/+19
| | | | It's needed for useful use of charon-nm, unlike the GUI.
* configure: Check for and explicitly link against -latomicMartin Willi2016-06-141-1/+1
| | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it.
* peer-cfg: Use struct to pass data to constructorTobias Brunner2016-04-091-7/+10
|
* child-cfg: Use struct to pass data to constructorTobias Brunner2016-04-091-33/+30
|
* Use standard unsigned integer typesAndreas Steffen2016-03-241-2/+2
|
* libhydra: Remove empty unused libraryTobias Brunner2016-03-032-13/+0
|
* sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not ↵Tobias Brunner2015-11-231-5/+4
| | | | | | in the set Fixes #1213.
* Replace usages of sigwait(3) with sigwaitinfo(2)Tobias Brunner2015-10-291-5/+5
| | | | | | | This is basically the same call, but it has the advantage of being supported by FreeBSD's valgrind, which sigwait() is not. References #1106.
* charon-nm: Disable leak-detective in charon-nmTobias Brunner2015-05-051-0/+3
| | | | It segfaults immediately if it is enabled, at least on Ubuntu 14.04.
* attribute-handler: Pass full IKE_SA to handler backendsMartin Willi2015-02-201-3/+2
|
* attributes: Move the configuration attributes framework to libcharonMartin Willi2015-02-201-3/+3
|
* plugin-loader: Support a reload() callback for static featuresMartin Willi2014-09-221-1/+1
|
* ike: Add an additional but separate AEAD proposal to CHILD configMartin Willi2014-05-161-0/+1
| | | | | | | This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless.
* ike: Add an additional but separate AEAD proposal to IKE config, if supportedMartin Willi2014-05-161-0/+1
|
* nm: Fix NULL-pointer dereference when handling TUN device failureTobias Brunner2014-04-091-1/+0
|
* charon-nm: No additional secrets are required once a password has been enteredTobias Brunner2014-03-181-0/+4
| | | | | | | Recent versions of NM will call need_secrets() as long as it returns TRUE, but then fail as the number of calls is limited by an assert. Fixes #547.
* libcharon: Remove unused charon->nameTobias Brunner2014-02-121-1/+1
|
* libhydra: Remove unused hydra->daemonTobias Brunner2014-02-121-1/+1
|
* lib: Add global config namespaceTobias Brunner2014-02-121-1/+1
|
* agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socketTobias Brunner2014-01-231-12/+0
| | | | This is also required if charon-cmd is used with capability dropping.
* nm: Handle PSK option in NM backendTobias Brunner2013-11-271-4/+12
|
* ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-041-2/+2
| | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
* peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-041-1/+1
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-9/+9
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* nm: omit deprecated g_type_init() when using >= GLIB 2.36Martin Willi2013-07-181-0/+2
|
* capabilities: Make the user and group charon(-nm) changes to configurableTobias Brunner2013-06-251-6/+19
|
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-252-4/+4
|
* capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-251-1/+6
|
* plugin-loader: Add method to print loaded plugins on a given log levelTobias Brunner2013-06-211-0/+1
|
* charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin featuresTobias Brunner2013-03-191-0/+4
| | | | | | This ensures the NM-specific credential set is unloaded before any implementation of certificate/key objects, which causes a segmentation fault during shutdown.
* charon-nm: Prevent NM from changing the default routeTobias Brunner2013-03-191-0/+8
| | | | | | This is not required as we install our own (narrow) route(s) in our own routing table. This should allow split tunneling if configured on the gateway.
* charon-nm: Use VIP (if any) as local addressTobias Brunner2013-03-191-1/+10
| | | | NM will install this address on the provided device.
* charon-nm: Pass a dummy TUN device to NetworkManagerTobias Brunner2013-03-191-5/+37
| | | | | | NetworkManager modifies the addresses etc. on this interface so using "lo" is not optimal. With the dummy interface NM is free to do its thing.
* charon-nm: Fix NM plugin utility macrosTobias Brunner2013-03-191-3/+3
|
* Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-2/+1
|
* g_thread_init() is deprecated since Glib 2.23Tobias Brunner2013-01-241-0/+3
|
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-121-1/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 03:25:19 +0000