aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* stroke: Don't log unspecified options of conn and ca sectionsTobias Brunner2014-06-301-37/+50
|
* utils: Helper macros to define overloaded macros based on number of argumentsTobias Brunner2014-06-301-0/+26
|
* pki: Document --online option for pki --verify and all exit codesTobias Brunner2014-06-301-5/+11
|
* autoconf: Replace --disable-tools option with --disable-scepclientTobias Brunner2014-06-304-4/+4
| | | | | Since using a separate option for pki this was the only tool that was still enabled by that option.
* checksum: Fix checksum generation for pki if tools are disabledTobias Brunner2014-06-301-0/+3
|
* swid: Fix parameter documentation in Doxygen commentsTobias Brunner2014-06-302-2/+2
|
* windows: Fix parameter name in Doxygen commentTobias Brunner2014-06-301-1/+1
|
* enum: Replace þ with p in Doxygen commentsTobias Brunner2014-06-301-2/+2
|
* libvici: Add missing argument to Doxygen commentTobias Brunner2014-06-301-0/+1
|
* starter: Add starter group and fix formatting of conf_parser_section_t enumTobias Brunner2014-06-301-2/+4
| | | | Make use of the Markdown support in recent Doxygen versions.
* swanctl: Fix Doxygen group assignmentTobias Brunner2014-06-301-1/+1
|
* Fixed some typosTobias Brunner2014-06-305-5/+5
|
* Added Android 4.4.4 to IMV databaseAndreas Steffen2014-06-271-0/+12
|
* kernel-pfkey: Use address in TS to determine interface for shunt routesTobias Brunner2014-06-261-6/+9
|
* kernel-pfkey: Use subnet and prefix when determining nexthop for shunt ↵Tobias Brunner2014-06-261-2/+12
| | | | | | policy routes This is basically the same as 88f125f5605e54b38cf8913df79e32ec6bddff10.
* kernel-pfkey: Install routes for shunt policiesTobias Brunner2014-06-261-4/+4
|
* starter: Ingore %default conn and ca sectionsTobias Brunner2014-06-262-0/+60
|
* Updated build-database.sh to 3.13.0-30-generic Ubuntu kernelAndreas Steffen2014-06-261-1/+1
|
* updown: Force subnet address to be numericTobias Brunner2014-06-251-2/+2
|
* windows: Include <sys/stat.h> explicitly before overloading memset()/memcpy()Martin Willi2014-06-251-0/+1
| | | | | | fstat() in newer MinGWs is defined as non-static inline. With our new static inline memset()/memcpy() overloads, this raises a warning. To avoid it, explicitly include <sys/stat.h> once before defining these overloads.
* eap-radius: Increase buffer for accounting attributes to maximum attribute sizeMartin Willi2014-06-251-1/+1
| | | | Fixes #624.
* kernel-netlink: Cast IPv6 address blobs to the proper typeTobias Brunner2014-06-241-3/+3
| | | | On Android these macros are defined as functions.
* android: Define HAVE_DLADDR as plugin loader checks for itTobias Brunner2014-06-242-2/+1
|
* android: Update Android.mk files to match changes due to the Windows portTobias Brunner2014-06-242-7/+19
| | | | Makes them easier to compare to the original Makefile.am.
* charon: Set CLOEXEC flag on daemon PID file and /dev/(u)random source FDsMartin Willi2014-06-242-0/+15
| | | | | | | | | | | | | On Fedora, SELinux complains about these open file descriptors when the updown script invokes iptables. While it seems difficult to set the flag on all file descriptors, this at least fixes those covered by the SELinux policy. As these two cases are in code executed while the daemon is still single threaded, we avoid the use of atomic but not fully portable fdopen("e") or open(O_CLOEXEC) calls. Fixes #519.
* utils: Add wrappers for memcpy(3), memmove(3) and memset(3)Tobias Brunner2014-06-241-1/+33
| | | | | | | | These wrappers guarantee that calls to these functions are noops if the number of bytes is 0, as calling them with NULL pointers is undefined according to the C standard, even if the number of bytes is 0 (most implementations probably ignore the pointers anyway in this case, but lets make sure).
* pki: Also check for MAX_COMMANDS when building getopt_long argumentsTobias Brunner2014-06-241-1/+1
| | | | Completes 87e53819a6 and 0a8c399a21.
* Auxiliary swid_tagstats table boosts performanceAndreas Steffen2014-06-231-0/+14
|
* unit-tests: Add tests for DH factoryTobias Brunner2014-06-201-0/+157
|
* crypto-factory: Only sort RNGs by algorithm identifierTobias Brunner2014-06-201-5/+13
| | | | | Others remain in the order in which they were added, grouped by algorithm identifier and sorted by benchmarking speed, if provided.
* unit-tests: Add test for crypto_factory_t's rng_create methodTobias Brunner2014-06-203-0/+157
|
* kernel-netlink: Install virtual IPv6 addresses as deprecatedTobias Brunner2014-06-201-0/+11
| | | | | | | | This should prevent the kernel's IPv6 source address selection algorithm from using this address unless it is forced to by our source route. This is helpful if split tunneling is used. Fixes #598.
* vici: Install libvici in ipseclibdir like we do with other librariesTobias Brunner2014-06-191-1/+1
|
* kernel-netlink: Pass prefix when looking up next hop for shunt policiesTobias Brunner2014-06-191-1/+12
|
* kernel-netlink: Add support for destination prefix when determining next hopTobias Brunner2014-06-191-20/+35
|
* kernel-interface: Add destination prefix to get_nexthop()Tobias Brunner2014-06-1910-13/+18
| | | | | This allows to determine the next hop to reach a subnet, for instance, when installing routes for shunt policies.
* shunt-manager: Install passthrough policies with highest priorityTobias Brunner2014-06-191-9/+34
| | | | | | This avoids conflicts with regular IPsec policies. Similarly, use the lowest priority for drop policies.
* libipsec: Add support for new policy priority classTobias Brunner2014-06-191-1/+4
|
* kernel-pfkey: Add support for new policy priority classTobias Brunner2014-06-191-2/+5
|
* kernel-netlink: Add support for new policy priority classTobias Brunner2014-06-191-2/+5
|
* ipsec: Add a fourth priority class for bypass policiesTobias Brunner2014-06-191-1/+3
|
* Remove kernel-klips pluginTobias Brunner2014-06-197-3164/+0
|
* kernel-netlink: Follow RFC 6724 when selecting IPv6 source addressesTobias Brunner2014-06-191-26/+170
| | | | | | | | Instead of using the first address we find on an interface we should consider properties like an address' scope or whether it is temporary or public. Fixes #543.
* starter: Don't directly refer to source files in Makefile for unit testsTobias Brunner2014-06-192-5/+8
| | | | | Older versions of automake have trouble recursively cleaning such constructs properly.
* starter: Explicitly allow @# at the beginning of stringsTobias Brunner2014-06-192-1/+4
| | | | | Since we treat everything after # as comment identities of type ID_KEY_ID couldn't be parsed otherwise, unless quoted.
* starter: Add --conftest option to test ipsec.conf syntaxTobias Brunner2014-06-191-0/+27
|
* starter: Remove old parserTobias Brunner2014-06-196-545/+4
|
* starter: Use new parser to read config fileTobias Brunner2014-06-194-769/+493
|
* starter: Move kw_entry_t definitionTobias Brunner2014-06-192-9/+10
|
* starter: Remove unused ARG_LST argument typeTobias Brunner2014-06-192-147/+5
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 13:44:19 +0000