Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Change interface for enumerator_create_filter() callback | Tobias Brunner | 2017-05-26 | 2 | -37/+45 |
| | | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback. | ||||
* | Migrate all enumerators to venumerate() interface change | Tobias Brunner | 2017-05-26 | 2 | -14/+24 |
| | |||||
* | child-cfg: Use flags for boolean options | Tobias Brunner | 2017-05-23 | 1 | -1/+1 |
| | | | | Makes it potentially easier to add new flags. | ||||
* | charon-nm: Fix typo to actually use random NAT-T port | Tobias Brunner | 2017-05-19 | 1 | -1/+1 |
| | | | | Fixes: af16b5afb0ee ("Use random ports in NetworkManager backend") | ||||
* | charon-nm: IKE/ESP proposal customization support | Defunct | 2017-05-08 | 1 | -5/+59 |
| | | | | Closes strongswan/strongswan#69. | ||||
* | daemon: Use separate method to set default loggers | Tobias Brunner | 2017-01-25 | 1 | -1/+1 |
| | | | | | This way it is not necessary to pass the same values to reload the loggers. | ||||
* | nm: Enable IKE fragmentation | Tobias Brunner | 2016-10-20 | 1 | -1/+1 |
| | |||||
* | nm: Add D-Bus policy to the distribution | Tobias Brunner | 2016-10-14 | 1 | -0/+2 |
| | |||||
* | nm: Make global CA directory configurable | Tobias Brunner | 2016-10-04 | 1 | -1/+2 |
| | |||||
* | nm: Remove dummy TUN device | Tobias Brunner | 2016-10-04 | 1 | -36/+0 |
| | | | | | Recent NM releases don't insist on getting a device back from VPN plugins. | ||||
* | nm: Pass external gateway to NM | Tobias Brunner | 2016-09-05 | 1 | -1/+8 |
| | | | | This seems to be required by newer versions. | ||||
* | nm: Enforce min. length for PSKs in backend | Tobias Brunner | 2016-09-05 | 1 | -0/+10 |
| | |||||
* | nm: Don't do <deny send_interface="..." /> in dbus service file | Lubomir Rintel | 2016-09-05 | 1 | -1/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally. This blocks messages completely unrelated to strongSwan's VPN plugin, such as NetworkManager communication with the VPN plugins. From the dbus-daemon manual: Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/> We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway. Closes strongswan/strongswan#42. | ||||
* | nm: Move the D-Bus policy to charon-nm | Lubomir Rintel | 2016-09-05 | 2 | -0/+19 |
| | | | | It's needed for useful use of charon-nm, unlike the GUI. | ||||
* | configure: Check for and explicitly link against -latomic | Martin Willi | 2016-06-14 | 1 | -1/+1 |
| | | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it. | ||||
* | peer-cfg: Use struct to pass data to constructor | Tobias Brunner | 2016-04-09 | 1 | -7/+10 |
| | |||||
* | child-cfg: Use struct to pass data to constructor | Tobias Brunner | 2016-04-09 | 1 | -33/+30 |
| | |||||
* | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -2/+2 |
| | |||||
* | libhydra: Remove empty unused library | Tobias Brunner | 2016-03-03 | 2 | -13/+0 |
| | |||||
* | sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not ↵ | Tobias Brunner | 2015-11-23 | 1 | -5/+4 |
| | | | | | | in the set Fixes #1213. | ||||
* | Replace usages of sigwait(3) with sigwaitinfo(2) | Tobias Brunner | 2015-10-29 | 1 | -5/+5 |
| | | | | | | | This is basically the same call, but it has the advantage of being supported by FreeBSD's valgrind, which sigwait() is not. References #1106. | ||||
* | charon-nm: Disable leak-detective in charon-nm | Tobias Brunner | 2015-05-05 | 1 | -0/+3 |
| | | | | It segfaults immediately if it is enabled, at least on Ubuntu 14.04. | ||||
* | attribute-handler: Pass full IKE_SA to handler backends | Martin Willi | 2015-02-20 | 1 | -3/+2 |
| | |||||
* | attributes: Move the configuration attributes framework to libcharon | Martin Willi | 2015-02-20 | 1 | -3/+3 |
| | |||||
* | plugin-loader: Support a reload() callback for static features | Martin Willi | 2014-09-22 | 1 | -1/+1 |
| | |||||
* | ike: Add an additional but separate AEAD proposal to CHILD config | Martin Willi | 2014-05-16 | 1 | -0/+1 |
| | | | | | | | This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless. | ||||
* | ike: Add an additional but separate AEAD proposal to IKE config, if supported | Martin Willi | 2014-05-16 | 1 | -0/+1 |
| | |||||
* | nm: Fix NULL-pointer dereference when handling TUN device failure | Tobias Brunner | 2014-04-09 | 1 | -1/+0 |
| | |||||
* | charon-nm: No additional secrets are required once a password has been entered | Tobias Brunner | 2014-03-18 | 1 | -0/+4 |
| | | | | | | | Recent versions of NM will call need_secrets() as long as it returns TRUE, but then fail as the number of calls is limited by an assert. Fixes #547. | ||||
* | libcharon: Remove unused charon->name | Tobias Brunner | 2014-02-12 | 1 | -1/+1 |
| | |||||
* | libhydra: Remove unused hydra->daemon | Tobias Brunner | 2014-02-12 | 1 | -1/+1 |
| | |||||
* | lib: Add global config namespace | Tobias Brunner | 2014-02-12 | 1 | -1/+1 |
| | |||||
* | agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socket | Tobias Brunner | 2014-01-23 | 1 | -12/+0 |
| | | | | This is also required if charon-cmd is used with capability dropping. | ||||
* | nm: Handle PSK option in NM backend | Tobias Brunner | 2013-11-27 | 1 | -4/+12 |
| | |||||
* | ike: support multiple addresses, ranges and subnets in IKE address config | Martin Willi | 2013-09-04 | 1 | -2/+2 |
| | | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets. | ||||
* | peer-cfg: add a pull/push mode option to use with mode config | Martin Willi | 2013-09-04 | 1 | -1/+1 |
| | |||||
* | automake: replace INCLUDES by AM_CPPFLAGS | Martin Willi | 2013-07-18 | 1 | -9/+9 |
| | | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only. | ||||
* | nm: omit deprecated g_type_init() when using >= GLIB 2.36 | Martin Willi | 2013-07-18 | 1 | -0/+2 |
| | |||||
* | capabilities: Make the user and group charon(-nm) changes to configurable | Tobias Brunner | 2013-06-25 | 1 | -6/+19 |
| | |||||
* | capabilities: Move global capabilities_t instance to libstrongswan | Tobias Brunner | 2013-06-25 | 2 | -4/+4 |
| | |||||
* | capabilities: Ensure required capabilities are actually held by the process/user | Tobias Brunner | 2013-06-25 | 1 | -1/+6 |
| | |||||
* | plugin-loader: Add method to print loaded plugins on a given log level | Tobias Brunner | 2013-06-21 | 1 | -0/+1 |
| | |||||
* | charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin features | Tobias Brunner | 2013-03-19 | 1 | -0/+4 |
| | | | | | | This ensures the NM-specific credential set is unloaded before any implementation of certificate/key objects, which causes a segmentation fault during shutdown. | ||||
* | charon-nm: Prevent NM from changing the default route | Tobias Brunner | 2013-03-19 | 1 | -0/+8 |
| | | | | | | This is not required as we install our own (narrow) route(s) in our own routing table. This should allow split tunneling if configured on the gateway. | ||||
* | charon-nm: Use VIP (if any) as local address | Tobias Brunner | 2013-03-19 | 1 | -1/+10 |
| | | | | NM will install this address on the provided device. | ||||
* | charon-nm: Pass a dummy TUN device to NetworkManager | Tobias Brunner | 2013-03-19 | 1 | -5/+37 |
| | | | | | | NetworkManager modifies the addresses etc. on this interface so using "lo" is not optimal. With the dummy interface NM is free to do its thing. | ||||
* | charon-nm: Fix NM plugin utility macros | Tobias Brunner | 2013-03-19 | 1 | -3/+3 |
| | |||||
* | Add a DSCP configuration value to IKE configs | Martin Willi | 2013-02-06 | 1 | -2/+1 |
| | |||||
* | g_thread_init() is deprecated since Glib 2.23 | Tobias Brunner | 2013-01-24 | 1 | -0/+3 |
| | |||||
* | Added an option that allows to force IKEv1 fragmentation | Tobias Brunner | 2013-01-12 | 1 | -1/+2 |
| |