aboutsummaryrefslogtreecommitdiffstats
path: root/src/starter
Commit message (Collapse)AuthorAgeFilesLines
* starter: Allow specifying the ipsec.conf location in strongswan.confShea Levy2014-10-021-1/+2
|
* stroke: Allow specifying the ipsec.secrets location in strongswan.confShea Levy2014-10-021-3/+7
|
* starter: Do not close all file descriptors after fork()Martin Willi2014-08-251-1/+0
| | | | | | | | As we use libstrongswan and expect that it still works after the fork, we can't just closefrom() all file descriptors. Watcher, for example, uses a pipe to notify FDSET changes, which must be kept open. Reverts 652ddf5ce2fad08f6569096dd56a821500cc5ba4.
* starter: Wait indefinitely for charon when using --attach-gdbMartin Willi2014-08-081-3/+7
| | | | | This makes sure the user has time to set break points etc. before it runs charon under gdb.
* starter: Don't monitor child if debugger is attachedThomas Egerer2014-08-081-0/+5
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* starter: Fix memory leaks and warn if conn/ca sections are ignored due to ↵Tobias Brunner2014-07-181-2/+8
| | | | parse errors
* autoconf: Replace --disable-tools option with --disable-scepclientTobias Brunner2014-06-301-1/+1
| | | | | Since using a separate option for pki this was the only tool that was still enabled by that option.
* starter: Add starter group and fix formatting of conf_parser_section_t enumTobias Brunner2014-06-301-2/+4
| | | | Make use of the Markdown support in recent Doxygen versions.
* starter: Ingore %default conn and ca sectionsTobias Brunner2014-06-262-0/+60
|
* starter: Don't directly refer to source files in Makefile for unit testsTobias Brunner2014-06-192-5/+8
| | | | | Older versions of automake have trouble recursively cleaning such constructs properly.
* starter: Explicitly allow @# at the beginning of stringsTobias Brunner2014-06-192-1/+4
| | | | | Since we treat everything after # as comment identities of type ID_KEY_ID couldn't be parsed otherwise, unless quoted.
* starter: Add --conftest option to test ipsec.conf syntaxTobias Brunner2014-06-191-0/+27
|
* starter: Remove old parserTobias Brunner2014-06-196-545/+4
|
* starter: Use new parser to read config fileTobias Brunner2014-06-194-769/+493
|
* starter: Move kw_entry_t definitionTobias Brunner2014-06-192-9/+10
|
* starter: Remove unused ARG_LST argument typeTobias Brunner2014-06-192-147/+5
|
* starter: Add tests for ipsec.conf parserTobias Brunner2014-06-196-0/+607
|
* starter: Add new bison/flex based parser for ipsec.confTobias Brunner2014-06-197-12/+1257
| | | | | | | | | The parser simply returns key/value pairs of all sections, it already resolves also= and allows overriding options in all included sections (not only %default), options set in included section can also be cleared again (key=). It provides other improvements too, like quoted strings (with escape sequences), unlimited includes and better whitespace/comment handling.
* starter: Remove out of date READMETobias Brunner2014-06-191-101/+0
|
* starter: Use stream abstraction to communicate with stroke pluginTobias Brunner2014-06-191-33/+16
|
* starter: Add a replay_window connection optionMartin Willi2014-06-176-0/+7
|
* starter: Fix build on AndroidTobias Brunner2014-05-281-0/+1
| | | | | While the (default) ipsec script does not work on Android starter still passes the script's name to charon if leftfirewall is configured.
* libhydra: Remove unused hydra->daemonTobias Brunner2014-02-121-1/+1
|
* lib: Add global config namespaceTobias Brunner2014-02-121-1/+1
|
* android: Remove dependency on libvstrTobias Brunner2013-11-131-1/+0
|
* ipsec_types: Add utility function to parse mark_t from stringsTobias Brunner2013-10-111-44/+3
|
* starter: Reject connections having both 'ah' and 'esp' keywords setMartin Willi2013-10-111-0/+9
| | | | | We currently don't support mixed proposals or bundles, so don't create the illusion we would.
* starter: Remove obsolete 'auth' optionMartin Willi2013-10-115-7/+0
|
* starter: Add an 'ah' keyword for Authentication Header Security AssociationsMartin Willi2013-10-115-0/+5
|
* starter: Don't ignore keyingtries with rekey=noTobias Brunner2013-09-261-1/+2
| | | | | | | Since keyingtries also affects the number of retries initially or when reestablishing an SA it should not be affected by the rekey option. Fixes #418.
* stroke: re-enable modeconfig keywordMartin Willi2013-09-041-0/+1
|
* starter: Properly refer to the ipsec script if it was renamedTobias Brunner2013-07-223-2/+3
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-18/+16
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* plugin-loader: Removed unused path argument of load() methodTobias Brunner2013-06-281-1/+1
| | | | | Multiple additional search paths can be added with the add_path() method.
* starter: Make ipsec.conf path configurable via command lineTobias Brunner2013-06-211-3/+14
|
* starter: ignore return value of sete[gu]id(), now having warn_unused_resultMartin Willi2013-06-181-5/+4
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-072-5/+7
|
* Use the GEN silent rule when generating gperf filesMartin Willi2013-05-061-1/+1
|
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-201-1/+3
| | | | This avoids huge warnings when building the native code.
* starter: Make daemon name configurableAdrian-Ken Rueegsegger2013-03-194-35/+120
| | | | | | | | A daemon can be specified using the '--daemon' command line parameter. This tells starter to invoke a daemon other than 'charon'. Additionally the ipsec script uses the environment variable DAEMON_NAME to tell the starter which daemon to use.
* Merge branch 'opaque-ports'Martin Willi2013-03-014-10/+37
|\ | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * Optionally support port ranges in leftprotoportMartin Willi2013-02-211-4/+20
| |
| * Support %opaque keyword in leftprotoport for "opaque" portsMartin Willi2013-02-211-0/+5
| |
| * Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-214-9/+13
| |
* | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-065-3/+21
|/
* starter: Add --attach-gdb option to usage textAdrian-Ken Rueegsegger2013-01-221-1/+2
|
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-124-7/+18
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-246-0/+8
|
* Remove MODP groups from default ESP proposalTobias Brunner2012-10-241-1/+1
| | | | | This now actually makes pfs=no the default and it equals the default listed in ipsec.conf.5. efc69e9f preserved the default of pfs=yes.
* Moved debug.[ch] to utils folderTobias Brunner2012-10-248-8/+8
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 00:09:51 +0000