aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* vici: Invoke dispatcher outside of connection log, allowing events from commandsMartin Willi2014-05-071-4/+13
|
* vici: Add a query class, currently implementing a list-sas commandMartin Willi2014-05-074-1/+440
|
* vici: Add a libvici low-level client libraryMartin Willi2014-05-076-0/+1413
|
* vici: Provide a command dispatcher handling request and event registrationMartin Willi2014-05-079-128/+1105
|
* vici: Add a fully asynchronous IPC socket segmenting messages on/from streamMartin Willi2014-05-078-0/+1538
|
* vici: Add a test runner for pluginMartin Willi2014-05-074-0/+87
|
* vici: Add a plugin stub for the "Versatile IKE Control Interface" pluginMartin Willi2014-05-073-0/+145
|
* load-tester: Fix race condition issuing same SPIChristophe Gouault2014-04-241-2/+2
| | | | | | | | | | Due to an unprotected incrementation, two load-tester initiators occasionally use the same SPI under high load, and hence generate 2 IPsec SAs with the same identifier. The responder IPsec stack will refuse to configure the second SA. Use an atomic incrementation to avoid this race condition. Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
* load-tester: Fix race condition issuing same identityChristophe Gouault2014-04-241-2/+2
| | | | | | | | | | Due to an unprotected incrementation, two load-tester initiators occasionally use the same identifier under high load. The responder typically drops one of the connections. Use an atomic incrementation to avoid this race condition. Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
* ikev2: Add inherit_pre() to apply config and hosts before IKE_SA rekeyingMartin Willi2014-04-171-8/+2
|
* eap-mschapv2: Fix potential leaks in case of invalid messages from serversTobias Brunner2014-04-091-0/+4
|
* stroke: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* tls: Support a maximum TLS version to negotiate using TLS socket abstractionMartin Willi2014-04-011-1/+1
|
* tls: Support a null encryption flag on TLS socket abstractionMartin Willi2014-04-011-2/+2
|
* Properly hash pointers for hash tables where appropriateTobias Brunner2014-03-313-54/+5
| | | | | Simply using the pointer is not optimal for our hash table implementation, which simply masks the key to determine the bucket.
* eap-radius: Add option to not close IKE_SAs on timeouts during interim ↵Tobias Brunner2014-03-311-1/+6
| | | | | | accouting updates Fixes #528.
* x509: Replace fixed acert group string getter by a more dynamic group enumeratorMartin Willi2014-03-311-16/+68
|
* tnc-pdp: Fix monolithic buildTobias Brunner2014-03-201-1/+2
|
* tnc-ifmap: Get a reference to the client cert as it is also used in an auth ↵Tobias Brunner2014-03-101-1/+1
| | | | config
* stroke: Use thread-safe dirname(3)Tobias Brunner2014-02-241-6/+4
|
* stroke: Use dirname(3) correctlyTobias Brunner2014-02-241-5/+5
|
* stroke: Use proper modifiers to print size_t argumentsTobias Brunner2014-02-181-1/+1
|
* lookip: Properly return from disconnect callback jobTobias Brunner2014-02-181-1/+3
| | | | References #518.
* lookip: Disconnect asynchronously to avoid dead-locking watcher unregistrationMartin Willi2014-02-171-3/+30
| | | | | | | | | While it really would be desirable to allow stream destruction during on_read() callbacks, this does not work anymore since e49b2998. Until we have a proper solution for this issue, use asynchronous disconnects for the only user doing so. Fixes #518.
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-1258-205/+201
|
* libhydra: Use lib->ns instead of hydra->daemonTobias Brunner2014-02-121-1/+1
|
* pool: Install SQL schemas from src/poolTobias Brunner2014-02-123-567/+0
| | | | | This allows us to install the schemas if either the attr-sql or sql plugin is enabled, since both use the same schema (at least in parts).
* sql: Set default values for some fields in addresses tableTobias Brunner2014-02-122-6/+6
|
* sql: Install SQL schemas in /usr/share/strongswan/templates/databaseTobias Brunner2014-02-121-0/+3
|
* sql: Remove unused cred.sql snippetTobias Brunner2014-02-121-24/+0
|
* updown: Return an empty DNS server enumerator if no IKE_SA availableMartin Willi2014-02-061-1/+1
| | | | | The one existing caller does not handle a NULL return and always expects an enumerator; and returning FALSE does not make sense anyway.
* xauth-pam: Open/close a PAM session for each connected clientAndrea Bonomi2014-01-234-9/+265
| | | | Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
* xauth-pam: Sanitize XAuth attributes before passing them to PAMMartin Willi2014-01-231-1/+5
|
* stroke: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-30/+6
|
* radattr: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-40/+8
|
* chunk: Externalize error reporting in chunk_write()Martin Willi2014-01-231-1/+10
| | | | | This avoids passing that arbitrary label just for error messages, and gives greater flexibility in handling errors.
* unity: Send all traffic selectors in a single UNITY_SPLIT_INCLUDE attributeTobias Brunner2014-01-231-35/+47
| | | | Cisco clients only handle the first such attribute.
* unity: Change local TS to 0.0.0.0/0 as responderTobias Brunner2014-01-231-4/+7
| | | | | Cisco clients and Shrew expect a remote TS of 0.0.0.0/0 if Unity is used, otherwise Quick Mode fails.
* unity: Send UNITY_SPLIT_INCLUDE attributes with proper paddingTobias Brunner2014-01-231-11/+16
| | | | | | The additional 6 bytes are not actually padding but are parsed by the Cisco client as protocol and src and dst ports (each two bytes but strangely only the first two in network order).
* updown: Increase buffer size for script and environment variablesTobias Brunner2014-01-231-1/+1
|
* updown: Add PLUTO_IPCOMP to indicate if IPComp was negotiatedTobias Brunner2014-01-231-1/+7
|
* stroke: Ensure the buffer of strings in a stroke_msg_t is null-terminatedTobias Brunner2014-01-231-2/+5
| | | | | Otherwise a malicious user could send an unterminated string to cause unterminated reads.
* stroke: Add an option to prevent log level changes via stroke socketTobias Brunner2014-01-231-2/+15
|
* dhcp: Allow binding of socket to particular interfaceThomas Egerer2014-01-201-0/+34
| | | | | | | | | In certain situations it is desirable to bind the send/receive sockets for the DHCP address allocation to a particular interface. With this patch the strongswan.conf option charon.plugins.dhcp.interface can be used to restrict the DHCP communication to a configurable interface. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* stroke: Fix error message if parsing leftsourceip failsTobias Brunner2014-01-061-1/+1
|
* leak-detective: Use callback functions to report leaks and usage informationMartin Willi2013-11-061-1/+22
| | | | This is more flexible than printing reports to a FILE.
* updown: fix segfault when interface name can't be resolvedAnsis Atteka2013-10-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The child_updown() function sets up environment variables to the updown script. Sometimes call to hydra->kernel_interface->get_interface() could fail and iface variable could be left uninitialized. This patch fixes this issue by passing "unknown" as interface name. Here is the stacktrace: 0 0x00007fa90791f445 in raise () from /lib/x86_64-linux-gnu/libc.so.6 1 0x00007fa907922bab in abort () from /lib/x86_64-linux-gnu/libc.so.6 2 0x0000000000401ed7 in segv_handler (signal=11) at charon.c:183 3 <signal handler called> 4 0x00007fa90793221f in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6 5 0x00007fa9079f0580 in __vsnprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 6 0x00007fa9079f04c8 in __snprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 7 0x00007fa8f9b95b86 in snprintf ( __fmt=0x7fa8f9b961b8 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='%s%s%s' PLUTO_CONNECTION='%s' PLUTO_INTERFACE='%s' PLUTO_REQID='%u' PLUTO_ME='%H' PLUTO_MY_ID='%Y' PLUTO_MY_CLIENT='%H/%u' PLUTO_MY_PORT='%u' PLUTO_MY_PROTOCOL='%u"..., __n=1024, __s=0x7fa8f7923440 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='remote-40.0.0.40' PLUTO_INTERFACE='\367\250\177") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:65 8 child_updown (this=0x8486b0, ike_sa=0x7fa8e4005f80, child_sa=0x7fa8d4008290, up=true) at updown_listener.c:308 9 0x00007fa907ecc11c in ?? () from /usr/lib/strongswan/libcharon.so.0 10 0x00007fa907ef89bf in ?? () from /usr/lib/strongswan/libcharon.so.0 11 0x00007fa907ef2fc8 in ?? () from /usr/lib/strongswan/libcharon.so.0 12 0x00007fa907ee84ff in ?? () from /usr/lib/strongswan/libcharon.so.0 13 0x00007fa907ee3067 in ?? () from /usr/lib/strongswan/libcharon.so.0 14 0x00007fa90835e8fb in ?? () from /usr/lib/strongswan/libstrongswan.so.0 15 0x00007fa908360d30 in ?? () from /usr/lib/strongswan/libstrongswan.so.0 16 0x00007fa907cade9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 17 0x00007fa9079db4bd in clone () from /lib/x86_64-linux-gnu/libc.so.6 18 0x0000000000000000 in ?? () Signed-Off-By: Ansis Atteka <aatteka@nicira.com>
* Use exact mask when calling umask(2)Tobias Brunner2013-10-292-2/+2
| | | | | | Due to the previous negation the high bits of the mask were set, which at least some versions of the Android build system prevent with a compile-time check.
* whitelist: Read multiple commands until client closes connectionMartin Willi2013-10-291-30/+28
| | | | | This restores the same behavior we had before e11c02c8, and fixes the whitelist add/remove-from command.
* Fixed some typosTobias Brunner2013-10-291-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 01:16:23 +0000