aboutsummaryrefslogtreecommitdiffstats
path: root/src/frontends/android
Commit message (Collapse)AuthorAgeFilesLines
...
* android: Manually load libraries with dlopen() and RTLD_GLOBAL on Android MTobias Brunner2015-07-282-12/+53
| | | | | | | | | | | | | | | | | This fixes an issue when using the Android M preview. Bionic's dynamic linker was changed so that symbols in libraries loaded with RTLD_LOCAL were not found anymore in dlsym(RTLD_DEFAULT, ...). This is the case for libraries loaded with System.loadLibrary(), therefore, the plugin loader in libstrongswan was not able to resolve any symbols defined in other libraries loaded later. While this seems to have been broken unintentionally for existing apps (fix at [1]), it will again be a problem whenever we decide to increase targetSdkVersion beyond 22 (or until that fix makes it into the system/emulator images). Unfortunately, the dynamic loader in releases prior to Android 4.3 can't load libandroidbridge without also loading its dependencies. [1] https://github.com/android/platform_bionic/commit/1913352c6b
* android: Apply configured server portTobias Brunner2015-07-282-1/+5
|
* android: Extend GUI so the server port can be enteredTobias Brunner2015-07-287-1/+30
|
* android: Add field for server port to data modelTobias Brunner2015-07-282-3/+23
|
* android: Apply configured MTUTobias Brunner2015-07-284-7/+22
| | | | | | While it is stored as property of individual profiles it is really a global setting because we currently don't support more than one connection.
* android: Extend GUI so the MTU can be enteredTobias Brunner2015-07-287-3/+103
| | | | | | | | | | | This also adds a new area for advanced settings that is only displayed if the user requests it (or if advanced settings already have been set). The min. MTU for IPv6 is 1280, anything lower lets the TUN device creation fail if an IPv6 address has been assigned. If lower MTUs are necessary we might be able to catch that later when setting the MTU and just use at least 1280 if an IPv6 address was assigned, but let's keep it simple for now.
* android: Add field for MTU to data modelTobias Brunner2015-07-282-4/+30
|
* android: Set preferred language for remediation instructionsTobias Brunner2015-07-282-0/+6
|
* android: Encode connection settings as single Java string argumentTobias Brunner2015-07-284-78/+54
| | | | This makes adding new configuration settings easier.
* android: Add simple utility class to generate settings_t compatible config ↵Tobias Brunner2015-07-281-0/+160
| | | | snippets
* android: Don't pass null as root view to inflate()Tobias Brunner2015-07-281-1/+1
|
* android: Fix a potential NullPointerException in the IMC state fragmentTobias Brunner2015-07-281-1/+7
|
* android: EAP-TNC does not require a client certificateTobias Brunner2015-07-281-1/+1
| | | | | Was incorrectly changed with the refactoring in a64089738d3e ("android: Change how features of VPN types are stored and checked").
* android: Enable charon.initiator_only optionTobias Brunner2015-07-281-0/+2
|
* android: Increase the minSdkVersion to 15 and targetSdkVersion to 22Tobias Brunner2015-07-281-2/+2
| | | | | There are no devices anymore that use API level 14 (4.0-4.0.2) and 22 is the most recent level.
* libipsec: Pass separate inbound/update flags to the IPsec SA managerMartin Willi2015-03-091-2/+3
| | | | | Similar to other kernel interfaces, the libipsec backends uses the flag for different purposes, and therefore should get separate flags.
* attribute-handler: Pass full IKE_SA to handler backendsMartin Willi2015-02-201-4/+3
|
* attributes: Move the configuration attributes framework to libcharonMartin Willi2015-02-201-4/+4
|
* ike: Consistently log CHILD_SAs with their unique_id instead of their reqidMartin Willi2015-02-201-1/+1
|
* ike-sa-manager: Remove IKE_SA checkout by CHILD_SA reqidMartin Willi2015-02-201-2/+1
|
* kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqidMartin Willi2015-02-201-3/+3
|
* kernel-interface: Pass full list of traffic selectors to add_sa()Martin Willi2015-02-201-1/+1
| | | | | | While we can handle the first selector only in BEET mode in kernel-netlink, passing the full list gives the backend more flexibility how to handle this information.
* libipsec: Remove unused src/dst_ts parameters from ipsec_sa_mgr_t.add_sa()Martin Willi2015-02-201-2/+1
|
* kernel-interface: Remove reqid parameter from get_spi/get_cpi() methodsMartin Willi2015-02-201-2/+2
| | | | | | | | | | The reqid is not strictly required, as we set the reqid with the update call when installing the negotiated SA. If we don't need a reqid at this stage, we can later allocate the reqid in the kernel backend once the SA parameters have been fully negotaited. This allows us to assign the same reqid for the same selectors to avoid conflicts on backends this is necessary.
* libipsec: Remove unused reqid parameter from ipsec_sa_mgr_t.get_spi()Martin Willi2015-02-191-1/+1
|
* android: New release based on 5.2.1 and after adding EAP-TLSTobias Brunner2014-11-061-3/+3
| | | | | Also enables support for IKEv2 fragmentation, provides improved MOBIKE handling and optionally enables PFS for CHILD_SAs.
* android: Build binaries for MIPSTobias Brunner2014-11-061-1/+1
|
* android: Increase fragment sizeTobias Brunner2014-11-061-0/+3
| | | | We use the same value we use as MTU on TUN devices.
* android: Enable IKEv2 fragmentationTobias Brunner2014-11-061-1/+1
|
* android: Use %any as AAA identity, but disable EAP-only authenticationTobias Brunner2014-11-061-5/+3
| | | | | | | Without verification of the identity we can't prevent a malicious user with a valid certificate from impersonating the AAA server and thus the VPN gateway. So unless we make the AAA identity configurable we have to prevent EAP-only authentication.
* android: Add support for signature schemes used by EAP-TLSTobias Brunner2014-11-061-19/+34
|
* android: Allow enumeration of untrusted certificatesTobias Brunner2014-11-061-1/+1
|
* android: Handle EAP-TLS in Android serviceTobias Brunner2014-11-061-6/+19
|
* android: Enable EAP-TLS plugin in the appTobias Brunner2014-11-061-1/+1
|
* android: Add EAP-TLS VPN type to the GUITobias Brunner2014-11-066-1/+7
|
* android: Change how features of VPN types are stored and checkedTobias Brunner2014-11-065-59/+41
|
* android: Fix PA-TNC construction based on data passed via JNITobias Brunner2014-10-151-3/+2
|
* android: Implement get_contracts() method in IMC state objectTobias Brunner2014-10-141-0/+14
|
* android: libpts does not exist anymore, don't attempt to load itTobias Brunner2014-10-141-1/+0
|
* android: Update receive_message() to new imc_msg_t.receive() signatureTobias Brunner2014-10-131-2/+4
|
* android: Remove references to libptsTobias Brunner2014-10-133-8/+2
|
* plugin-loader: Support a reload() callback for static featuresMartin Willi2014-09-221-2/+2
|
* android: Reduce CHILD_SA lifetimeTobias Brunner2014-09-121-2/+2
|
* android: Add DH groups to ESP proposalsTobias Brunner2014-09-121-2/+12
|
* android: Reestablish IKE_SA if CHILD_SA rekeying failedTobias Brunner2014-09-121-3/+36
|
* android: Report error if CHILD_SA rekeying failsTobias Brunner2014-09-121-0/+6
|
* android: Add support for querying use stats of a CHILD_SATobias Brunner2014-09-091-1/+2
|
* dns-proxy: Don't use proxy socket if we fail to bypass itTobias Brunner2014-07-301-0/+2
| | | | | | | | | This will result in an infinite loop as packets sent over that socket will again pass through the TUN device and the DNS proxy. Apparently, bypassing fails when airplane mode is enabled. Fixes #662.
* android: New release after adding certificate import, DNS proxy and GUI changesTobias Brunner2014-07-221-2/+2
|
* android: For keyingtries > 0 notify the GUI if the limit is reached when ↵Tobias Brunner2014-07-221-0/+17
| | | | | | | | | | reestablishing The IKE_SA is destroyed anyway, so letting the GUI remain in "connecting" state would be incorrect. We still use keyingtries=0 for now, though. And we still abort after the first failed attempt initially, in case there is a configuration error.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-23 12:28:08 +0000