aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* unit-tests: Make sure plugins in the builddir are loadedTobias Brunner2014-05-192-2/+2
| | | | | | When running the tests in GDB the working directory apparently is different. With the relative path used previously the plugins would not be found and those installed on the system would get used.
* unit-tests: Don't assert failures for unreadable settings files as rootTobias Brunner2014-05-161-5/+8
| | | | The file can still be read by root even if nobody has read privileges.
* proposal: Don't return a default IKE proposal without encryption/AEAD algsMartin Willi2014-05-161-3/+23
|
* ike: Add an additional but separate AEAD proposal to CHILD configMartin Willi2014-05-1610-2/+22
| | | | | | | This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless.
* ike: Add an additional but separate AEAD proposal to IKE config, if supportedMartin Willi2014-05-1612-10/+37
|
* child-cfg: Allow passing NULL as proposal to add_proposal()Martin Willi2014-05-162-4/+7
| | | | Making the API consistent to the one of ike_cfg.
* ike-cfg: Allow passing NULL to add_proposal()Martin Willi2014-05-162-3/+7
| | | | | This simplifies adding default proposals with constructors potentially returning NULL.
* proposal: Use an additional "default" constructor specific to AEAD algorithmsMartin Willi2014-05-162-0/+31
| | | | | This allows a caller to create a separated proposal for supported AEAD algorithms, as required by RFC 5996.
* proposal: Don't include AEAD algorithms in the default proposalMartin Willi2014-05-161-61/+66
| | | | | | According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms. This was not clear in RFC 5282, hence we previously included both AEAD and non-AEAD algorithms in a single proposal.
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-1627-83/+101
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* enum: Don't directly include enum.hMartin Willi2014-05-169-11/+10
| | | | | To allow enum.h to depend on utils.h definitions, avoid its direct inclusion. Instead include utils.h, which includes enum.h as well.
* libtps: Silence GCC set-but-unused warning in incomplete codeMartin Willi2014-05-161-2/+2
|
* scepclient: Cast OID_UNKNOWN before comparing it to unsigned hash_algorithm_tMartin Willi2014-05-161-1/+1
| | | | clang uses unsigned enums and complains about the always-false -1 check.
* swanctl: Properly initialize return value of --install commandMartin Willi2014-05-161-1/+1
|
* xauth-pam: Fix header include guardMartin Willi2014-05-161-1/+1
|
* eap-peap: Remove dead SoH code from PEAPMartin Willi2014-05-161-15/+0
| | | | clang complains about the unused variables.
* tls: Move variable sized tls_record_t struct to end of tls_t dataMartin Willi2014-05-161-4/+4
| | | | clang complains about the the non-last variable length member.
* kernel-klips: Pass a pointer to a properly sized integer for algorithm lookupMartin Willi2014-05-161-1/+1
|
* auth-cfg: Cast literal default value to pointer typeMartin Willi2014-05-161-1/+1
| | | | Fixes a clang warning.
* unbound: Explicitly cast from ldns RR type/class to our typesMartin Willi2014-05-161-2/+2
| | | | | | These definitions are directly derived from the RFC, so it should be safe to cast them. clang complains about the different types, so cast them explicitly.
* x509: Remove some unused ASN1 OID constantsMartin Willi2014-05-162-25/+0
|
* aes: Remove unused build variantsMartin Willi2014-05-161-622/+65
| | | | | | The AES code historically has different build options for various size/speed trade-offs. We never made use of them, so just drop the obsolete code. The code now has four hard-coded fixed tables, both inverse and original.
* settings: Properly match } and # in include statementsTobias Brunner2014-05-151-6/+16
| | | | | | Found due to %option nodefault. A match for } was actually missing and # was not properly matched if it was part of an include statement on the last line of a file that did not end with a newline.
* settings: Eliminate performance warningTobias Brunner2014-05-151-2/+0
| | | | | This was useful during development, but we accept that matching \n together with %option yylineno impacts performance.
* parser-helper: Define debug macros depending on DEBUG_LEVELTobias Brunner2014-05-151-3/+20
|
* parser-helper: Make parser_helper_file_t privateTobias Brunner2014-05-153-58/+40
|
* parser-helper: Make parser_helper_log a functionTobias Brunner2014-05-152-9/+28
|
* settings: strongswan.conf must be loaded explicitlyTobias Brunner2014-05-155-9/+20
|
* settings: Replace deprecated YYLEX_PARAM with %lex-paramTobias Brunner2014-05-151-3/+7
| | | | | | | | With Bison 3.x support for YYLEX_PARAM has been removed and %lex-param should be used. Unfortunately, that option does not take expressions. Instead we use a wrapper function that calls the lexer with the proper scanner object, which should also be backward compatible to older Bison versions.
* settings: Include generated header after othersTobias Brunner2014-05-152-4/+4
| | | | | Newer Bison versions declare the parser function in the header, which requires custom types.
* settings: Reduce log verbosity if files can't be openedTobias Brunner2014-05-152-2/+11
| | | | Basically reintroducing 2a38b4556e9fd8102bd6c6c61f2893599a5e8e51.
* settings: Adopt the new order of sections and settings when replacing configsTobias Brunner2014-05-152-7/+119
|
* settings: Only purge sections if necessaryTobias Brunner2014-05-154-55/+115
| | | | | Instead of removing and caching all values of a previous config, we only do this for actually removed sections/settings.
* settings: Maintain order of sections and settings while enumeratingTobias Brunner2014-05-154-66/+59
|
* settings: Don't overwrite values in-placeTobias Brunner2014-05-154-36/+52
| | | | | | | This is not thread safe. If threads are reading from pointers to existing values they could get a partially updated invalid value. Refactored assignment to a separate function.
* settings: Add functions to add sections and key/value pairs to a sectionTobias Brunner2014-05-154-68/+82
|
* unit-tests: Update settings tests to match new parserTobias Brunner2014-05-151-59/+124
| | | | | Empty settings are now ignored, strings are supported, newlines are handled properly (e.g. at the end of files) etc.
* settings: Don't enumerate key/value pairs with NULL valueTobias Brunner2014-05-151-1/+1
|
* settings: Use generated parser instead of our ownTobias Brunner2014-05-151-566/+53
|
* settings: Optionally keep track of removed/replaced valuesTobias Brunner2014-05-153-16/+45
|
* settings: Add flex/bison based parser for strongswan.confTobias Brunner2014-05-155-1/+501
| | | | | | | | | | | This parser features several improvements over the existing one. For instance, quoted strings (with escape sequences), unlimited includes, relaxed newline handling (e.g. at the end of files or before/after { and }), and the difference between empty and unset values (key = vs. key = ""). It also complains a lot more about invalid syntax. The current one accepts pretty odd stuff (like settings or sections without name) without any errors or warnings.
* settings: Extract section and key/value pair types and helper functionsTobias Brunner2014-05-154-6/+294
| | | | This allows us to use them in the upcoming parser.
* parser-helper: Add utility class for flex/bison based parsersTobias Brunner2014-05-154-3/+408
|
* settings: Use glob enumerator to load included filesTobias Brunner2014-05-151-32/+13
|
* enumerator: Add enumerator to enumerate files matching a patternTobias Brunner2014-05-152-3/+140
| | | | | | | | | | | | This enumerator is a wrapper around glob(3). If that function is not supported NULL is returned. If no files match or an error occurs during the pattern expansion an error is logged and the enumerator simply returns no items. RFC: if GLOB_ERR is not supplied glob returns GLOB_NOMATCH if e.g. the base directory of the pattern does not exist, which would otherwise result in an error. This way there is at least a clear error message in case of a typo.
* settings: Move to a separate folderTobias Brunner2014-05-156-13/+15
|
* array: Allocate initial data properly if esize is 0Tobias Brunner2014-05-151-1/+1
|
* swanctl: Increase default debug level to 1Martin Willi2014-05-141-1/+1
| | | | | We initially intended to silence debugging only during thread initialization, not for swanctl in general.
* vici: Support the close_action keyword, as we have it documentedMartin Willi2014-05-141-1/+6
|
* ikev1: Fix debugging log when remote traffic selector selection failsMartin Willi2014-05-141-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 11:48:29 +0000