aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* eap-radius: Increase buffer for accounting attributes to maximum attribute sizeMartin Willi2014-06-251-1/+1
| | | | Fixes #624.
* kernel-netlink: Cast IPv6 address blobs to the proper typeTobias Brunner2014-06-241-3/+3
| | | | On Android these macros are defined as functions.
* android: Define HAVE_DLADDR as plugin loader checks for itTobias Brunner2014-06-242-2/+1
|
* android: Update Android.mk files to match changes due to the Windows portTobias Brunner2014-06-242-7/+19
| | | | Makes them easier to compare to the original Makefile.am.
* charon: Set CLOEXEC flag on daemon PID file and /dev/(u)random source FDsMartin Willi2014-06-242-0/+15
| | | | | | | | | | | | | On Fedora, SELinux complains about these open file descriptors when the updown script invokes iptables. While it seems difficult to set the flag on all file descriptors, this at least fixes those covered by the SELinux policy. As these two cases are in code executed while the daemon is still single threaded, we avoid the use of atomic but not fully portable fdopen("e") or open(O_CLOEXEC) calls. Fixes #519.
* utils: Add wrappers for memcpy(3), memmove(3) and memset(3)Tobias Brunner2014-06-241-1/+33
| | | | | | | | These wrappers guarantee that calls to these functions are noops if the number of bytes is 0, as calling them with NULL pointers is undefined according to the C standard, even if the number of bytes is 0 (most implementations probably ignore the pointers anyway in this case, but lets make sure).
* pki: Also check for MAX_COMMANDS when building getopt_long argumentsTobias Brunner2014-06-241-1/+1
| | | | Completes 87e53819a6 and 0a8c399a21.
* Auxiliary swid_tagstats table boosts performanceAndreas Steffen2014-06-231-0/+14
|
* unit-tests: Add tests for DH factoryTobias Brunner2014-06-201-0/+157
|
* crypto-factory: Only sort RNGs by algorithm identifierTobias Brunner2014-06-201-5/+13
| | | | | Others remain in the order in which they were added, grouped by algorithm identifier and sorted by benchmarking speed, if provided.
* unit-tests: Add test for crypto_factory_t's rng_create methodTobias Brunner2014-06-203-0/+157
|
* kernel-netlink: Install virtual IPv6 addresses as deprecatedTobias Brunner2014-06-201-0/+11
| | | | | | | | This should prevent the kernel's IPv6 source address selection algorithm from using this address unless it is forced to by our source route. This is helpful if split tunneling is used. Fixes #598.
* vici: Install libvici in ipseclibdir like we do with other librariesTobias Brunner2014-06-191-1/+1
|
* kernel-netlink: Pass prefix when looking up next hop for shunt policiesTobias Brunner2014-06-191-1/+12
|
* kernel-netlink: Add support for destination prefix when determining next hopTobias Brunner2014-06-191-20/+35
|
* kernel-interface: Add destination prefix to get_nexthop()Tobias Brunner2014-06-1910-13/+18
| | | | | This allows to determine the next hop to reach a subnet, for instance, when installing routes for shunt policies.
* shunt-manager: Install passthrough policies with highest priorityTobias Brunner2014-06-191-9/+34
| | | | | | This avoids conflicts with regular IPsec policies. Similarly, use the lowest priority for drop policies.
* libipsec: Add support for new policy priority classTobias Brunner2014-06-191-1/+4
|
* kernel-pfkey: Add support for new policy priority classTobias Brunner2014-06-191-2/+5
|
* kernel-netlink: Add support for new policy priority classTobias Brunner2014-06-191-2/+5
|
* ipsec: Add a fourth priority class for bypass policiesTobias Brunner2014-06-191-1/+3
|
* Remove kernel-klips pluginTobias Brunner2014-06-197-3164/+0
|
* kernel-netlink: Follow RFC 6724 when selecting IPv6 source addressesTobias Brunner2014-06-191-26/+170
| | | | | | | | Instead of using the first address we find on an interface we should consider properties like an address' scope or whether it is temporary or public. Fixes #543.
* starter: Don't directly refer to source files in Makefile for unit testsTobias Brunner2014-06-192-5/+8
| | | | | Older versions of automake have trouble recursively cleaning such constructs properly.
* starter: Explicitly allow @# at the beginning of stringsTobias Brunner2014-06-192-1/+4
| | | | | Since we treat everything after # as comment identities of type ID_KEY_ID couldn't be parsed otherwise, unless quoted.
* starter: Add --conftest option to test ipsec.conf syntaxTobias Brunner2014-06-191-0/+27
|
* starter: Remove old parserTobias Brunner2014-06-196-545/+4
|
* starter: Use new parser to read config fileTobias Brunner2014-06-194-769/+493
|
* starter: Move kw_entry_t definitionTobias Brunner2014-06-192-9/+10
|
* starter: Remove unused ARG_LST argument typeTobias Brunner2014-06-192-147/+5
|
* starter: Add tests for ipsec.conf parserTobias Brunner2014-06-196-0/+607
|
* unit-tests: Make fixture functions optionalTobias Brunner2014-06-191-2/+8
|
* starter: Add new bison/flex based parser for ipsec.confTobias Brunner2014-06-197-12/+1257
| | | | | | | | | The parser simply returns key/value pairs of all sections, it already resolves also= and allows overriding options in all included sections (not only %default), options set in included section can also be cleared again (key=). It provides other improvements too, like quoted strings (with escape sequences), unlimited includes and better whitespace/comment handling.
* starter: Remove out of date READMETobias Brunner2014-06-191-101/+0
|
* collections: Add interface for read-only dictionariesTobias Brunner2014-06-192-1/+56
|
* hashtable: Add destroy_function methodTobias Brunner2014-06-192-11/+37
|
* stroke: Add --daemon optionTobias Brunner2014-06-191-124/+154
|
* starter: Use stream abstraction to communicate with stroke pluginTobias Brunner2014-06-191-33/+16
|
* stroke: Use stream abstraction to communicate with stroke pluginTobias Brunner2014-06-191-43/+23
| | | | | Without this changing charon.plugins.stroke.socket would not really work.
* winhttp: Fix a typo to properly release connection handleMartin Willi2014-06-191-1/+1
| | | | Fixes a rather large memory leak in HTTP fetches.
* load-tester: Add a crl option to include a CRL uri in generated certificatesMartin Willi2014-06-191-1/+21
|
* bus: Properly va_copy() argument list before passing it to printf() functionsMartin Willi2014-06-191-1/+3
| | | | | | | | As we later potentially use args again, we can't consume it with printf functions without copying it first. Clone list before passing it to any consuming function. Fixes #621.
* child-sa: Set replay window on both inbound and outbound SAMartin Willi2014-06-181-6/+2
| | | | | | | | While the outbound SA actually does not need a replay window, the kernel rejects zero replay windows on SAs using ESN. The ESN flag is required to use the full sequence number in ICV calculation, hence we set the replay window. This restores the behavior we had before 30c009c2.
* kernel-netlink: Never use XFRMA_REPLAY_ESN_VAL to configure zero replay windowsMartin Willi2014-06-181-1/+1
| | | | | | Trying to disable replay windows using the ESN attribute fails with EINVAL. Use non-ESN legacy format to disable replay windows, even if ESN has been negotiated over IKE.
* The policy_started check is not needed any moreAndreas Steffen2014-06-181-4/+0
|
* ikev1: Allow late connection switching based on XAuth usernameTobias Brunner2014-06-181-6/+0
|
* identification: Only use either , or / to separate RDNsTobias Brunner2014-06-182-7/+17
| | | | | If a DN starts with a slash (or whitespace and a slash) slashes will be used, otherwise commas.
* sshkey: Fix loading of ECDSA keys from filesTobias Brunner2014-06-182-3/+3
|
* sshkey: Add support to parse SSH public keys from files with left|rightsigkeyTobias Brunner2014-06-183-3/+59
|
* vici: Support memory stats without leak-detective on WindowsMartin Willi2014-06-171-0/+53
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 04:58:13 +0000