aboutsummaryrefslogtreecommitdiffstats
path: root/src/starter
Commit message (Collapse)AuthorAgeFilesLines
* starter: Add the correct keywords header file to EXTRA_DISTTobias Brunner2017-10-121-2/+2
| | | | | | | | | | | The fix for gperf in 0ae19f0ced8d added the generated header to EXTRA_DIST but that's already added to the distribution because it is contained in *_SOURCES, what was not added, though, was the .h.in file. Also fixes the reference to the header file in the .c rule here and for stroke in out-of-tree builds. Fixes: 0ae19f0ced8d ("configure: Fix gperf length parameter determination")
* starter: Don't define any hard-coded proposal stringsTobias Brunner2017-10-101-9/+0
| | | | | | | | Just rely on the default proposals by charon if nothing is defined. The hard-coded IKE proposal used curve25519, which depends on an optional plugin (while enabled by default it might still not be loaded, or, like on Debian, shipped in an optional package). With charon's default proposal only loaded algorithms are proposed for IKE avoiding this issue.
* configure: Fix gperf length parameter determinationTobias Brunner2017-10-025-8/+15
| | | | | | | | | | gperf is not actually a build dependency as the generated files are shipped in the tarball. So the type depends on the gperf version on the host that ran gperf and created the tarball, which might not be the same as that on the actual build host, and gperf might not even be installed there, leaving the type undetermined. Fixes: e0e43229736a ("configure: Detect type of length parameter for gperf generated function")
* configure: Detect type of length parameter for gperf generated functionTobias Brunner2017-09-191-4/+4
| | | | | Since 3.1 gperf uses size_t for the length parameter instead of an unsigned int.
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-14/+33
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-261-2/+6
|
* stroke: Make 96-bit truncation for SHA-256 configurableTobias Brunner2017-05-265-0/+6
|
* Add an option to announce support for IKE fragmentation but not sending ↵Tobias Brunner2017-05-232-0/+2
| | | | fragments
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-141-1/+1
|
* starter: Install an empty ipsec.secrets fileTobias Brunner2016-10-042-1/+3
|
* starter: Don't generate a key/certificate if ipsec.secrets does not existTobias Brunner2016-10-042-70/+0
|
* starter: Enable IKE fragmentation by defaultTobias Brunner2016-10-041-0/+1
|
* Report test coverage of libcharon and starterTobias Brunner2016-06-171-0/+3
|
* configure: Check for and explicitly link against -latomicMartin Willi2016-06-141-1/+1
| | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it.
* Use standard unsigned integer typesAndreas Steffen2016-03-242-11/+11
|
* libhydra: Remove empty unused libraryTobias Brunner2016-03-033-8/+1
|
* libhydra: Move kernel interface to libcharonTobias Brunner2016-03-032-1/+2
| | | | This moves hydra->kernel_interface to charon->kernel.
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-141-2/+2
|
* starter: Don't flush SAs in the kernelTobias Brunner2015-08-213-14/+0
| | | | | If starter is not used we don't do that either. And this allows us to move the stuff in libhydra back to libcharon.
* starter: Don't flush policies in the kernelTobias Brunner2015-08-211-1/+0
| | | | | | | | | | | We can't control which policies we flush, so if policies are installed and used outside of strongSwan for other protocols we'd flush them too. And if installpolicies=no is used we probably shouldn't flush policies either. Luckily already existing policies are not treated as fatal errors anymore, so not flushing policies should not be that much of an issue (in case of a crash in dynamic setups, e.g. with virtual IPs, policies could be left behind even after restarting the connections and properly terminating the daemon).
* Fixed some typosTobias Brunner2015-08-131-1/+1
|
* starter: Add support for multi-line strings in ipsec.confTobias Brunner2015-07-283-8/+6
|
* starter: Don't replace rarely used special characters in strings in ipsec.confTobias Brunner2015-07-281-2/+0
|
* stroke: Add missing include for UINT16_MAXTobias Brunner2015-06-091-0/+1
| | | | | | Fixes the build on FreeBSD. Fixes #988.
* stroke: Dynamically resize stroke messagesTobias Brunner2015-05-221-144/+164
| | | | | | | The maximum size of a stroke message is currently 64k due to the 2 byte length field. Fixes #943.
* starter: Ensure the daemon executable exists when starting upTobias Brunner2015-05-083-18/+8
| | | | | | | | | The only purpose of starter is to control the IKE daemon, so we terminate it if the daemon executable is not found (e.g. because DAEMON_NAME is incorrect). This removes the charonstart setting (it was not actually configurable anymore).
* starter: Remove START_CHARON compile flagTobias Brunner2015-05-053-13/+2
| | | | | | Since the removal of pluto this is quite superfluous. The flag itself might be useful to avoid starting charon if the executable does not exist for some reason (e.g. if DAEMON_NAME is incorrect).
* starter: Merge quoted strings that span multiple linesTobias Brunner2015-03-201-3/+2
|
* starter: Fail sending stroke message if a string exceeds the buffer sizeMartin Willi2015-02-061-1/+13
| | | | | | | Instead of silently setting the string value to NULL, we fail completely in sending the message to notify the user. Fixes #844.
* starter: Fix mark_out.mask in starter_cmp_conn()Maks Naumov2015-01-121-1/+1
|
* starter: Allow specifying the ipsec.conf location in strongswan.confShea Levy2014-10-021-1/+2
|
* stroke: Allow specifying the ipsec.secrets location in strongswan.confShea Levy2014-10-021-3/+7
|
* starter: Do not close all file descriptors after fork()Martin Willi2014-08-251-1/+0
| | | | | | | | As we use libstrongswan and expect that it still works after the fork, we can't just closefrom() all file descriptors. Watcher, for example, uses a pipe to notify FDSET changes, which must be kept open. Reverts 652ddf5ce2fad08f6569096dd56a821500cc5ba4.
* starter: Wait indefinitely for charon when using --attach-gdbMartin Willi2014-08-081-3/+7
| | | | | This makes sure the user has time to set break points etc. before it runs charon under gdb.
* starter: Don't monitor child if debugger is attachedThomas Egerer2014-08-081-0/+5
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* starter: Fix memory leaks and warn if conn/ca sections are ignored due to ↵Tobias Brunner2014-07-181-2/+8
| | | | parse errors
* autoconf: Replace --disable-tools option with --disable-scepclientTobias Brunner2014-06-301-1/+1
| | | | | Since using a separate option for pki this was the only tool that was still enabled by that option.
* starter: Add starter group and fix formatting of conf_parser_section_t enumTobias Brunner2014-06-301-2/+4
| | | | Make use of the Markdown support in recent Doxygen versions.
* starter: Ingore %default conn and ca sectionsTobias Brunner2014-06-262-0/+60
|
* starter: Don't directly refer to source files in Makefile for unit testsTobias Brunner2014-06-192-5/+8
| | | | | Older versions of automake have trouble recursively cleaning such constructs properly.
* starter: Explicitly allow @# at the beginning of stringsTobias Brunner2014-06-192-1/+4
| | | | | Since we treat everything after # as comment identities of type ID_KEY_ID couldn't be parsed otherwise, unless quoted.
* starter: Add --conftest option to test ipsec.conf syntaxTobias Brunner2014-06-191-0/+27
|
* starter: Remove old parserTobias Brunner2014-06-196-545/+4
|
* starter: Use new parser to read config fileTobias Brunner2014-06-194-769/+493
|
* starter: Move kw_entry_t definitionTobias Brunner2014-06-192-9/+10
|
* starter: Remove unused ARG_LST argument typeTobias Brunner2014-06-192-147/+5
|
* starter: Add tests for ipsec.conf parserTobias Brunner2014-06-196-0/+607
|
* starter: Add new bison/flex based parser for ipsec.confTobias Brunner2014-06-197-12/+1257
| | | | | | | | | The parser simply returns key/value pairs of all sections, it already resolves also= and allows overriding options in all included sections (not only %default), options set in included section can also be cleared again (key=). It provides other improvements too, like quoted strings (with escape sequences), unlimited includes and better whitespace/comment handling.
* starter: Remove out of date READMETobias Brunner2014-06-191-101/+0
|
* starter: Use stream abstraction to communicate with stroke pluginTobias Brunner2014-06-191-33/+16
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 09:13:04 +0000