aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* swanctl: Add a --stats command to print daemon infos and statisticsMartin Willi2014-06-173-1/+120
|
* vici: Add a stats command returning various daemon infos and statisticsMartin Willi2014-06-171-0/+104
|
* swanctl: Support private key decryption passhprases in swanctl.confMartin Willi2014-06-172-23/+145
| | | | | | | While there is no real security benefit of storing private keys encrypted if the passphrase is stored along with it, there still seems to be demand for this functionality. We add it for compatibility with ipsec.secrets, even if it is not really recommended.
* swanctl: Document replay_window optionMartin Willi2014-06-171-0/+7
|
* vici: Support a replay_window CHILD_SA optionMartin Willi2014-06-171-0/+16
|
* starter: Add a replay_window connection optionMartin Willi2014-06-178-0/+12
|
* kernel-pfkey: Support connection specific replay window sizes up to 32 packetsMartin Willi2014-06-171-1/+1
|
* kernel-netlink: Support connection specific replay window sizesMartin Willi2014-06-171-39/+16
|
* kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-1712-25/+43
|
* child-cfg: Store connection specific replay window on CHILD_SA configMartin Willi2014-06-172-0/+38
|
* windows: Declare strerror_s()Martin Willi2014-06-171-0/+5
| | | | | Older MinGW versions seem to miss this function declaration. Fixes build on Travis using Ubuntu 12.04.
* windows: Extend strerror_r/s by extended POSIX errno stringsMartin Willi2014-06-172-0/+66
|
* windows: Implement strerror_r using strerror_sMartin Willi2014-06-171-0/+9
|
* windows: Wrap most Winsock2 Posix functions to set errnoMartin Willi2014-06-172-65/+198
| | | | | | While Winsock provides many Posix compatibility functions, they do not set errno, but use WSAGetLastError() for error reporting. The wrapped functions derive an errno from WSAGetLastError() on failure.
* watcher: Prevent race condition spawning multiple watcher threadsMartin Willi2014-06-171-1/+3
| | | | | | | | If file descriptors get added and removed in rapid succession, the active watcher thread might not take notice of it and continues running. However, add() spawns a watcher thread whenever a file descriptor is added to an empty set. This could result in multiple watcher threads, which is fixed by a proper check for running watchers.
* thread-value: Defer cleanup handling to thread termination on WindowsMartin Willi2014-06-173-40/+51
| | | | | | | | | | | Instead of cleaning up all thread-values during destruction, cleanup handler is invoked when a thread detaches. Thread detaching is cough using the Windows DllMain() entry point, and allows us to basically revert 204098a7. Using this mechanism, we make sure that the cleanup handler is invoked by the the correct thread. Further, this mechanism works for externally-spawned threads which run outside of our thread_cb() routine, and works more efficiently with short-running threads.
* socket-win: Use non-overlapped I/O and socket event selectionMartin Willi2014-06-171-31/+13
| | | | | | | | The use of overlapped I/O was incorrect, as we passed stack based buffers, but did not cancel/wait for pending completion on all sockets. Our receive-from-all socket interface is actually tricky to implement using overlapped I/O. Switch to WSAEventSelect() event management, which can be canceled properly while working in a select()-like way.
* bus: Add a handle_vips() hook invoked after handling configuration attributesMartin Willi2014-06-176-0/+53
| | | | | | | | | Similar to assign_vips() used by a peer assigning virtual IPs to the other peer, the handle_vips() hook gets invoked on a peers after receiving attributes. On release of the same attributes the hook gets invoked again. This is useful to inspect handled attributes, as the ike_updown() hook is invoked after authentication, when attributes have not been handled yet.
* ikev1: Invoke the assign_vips() bus hook for IKEv1 as wellMartin Willi2014-06-162-3/+7
|
* ike: Create an enumerator for (un-)handled configuration attributes on IKE_SAMartin Willi2014-06-162-0/+32
|
* ike: Store unhandled attributes on IKE_SA as wellMartin Willi2014-06-164-12/+12
|
* Split swanctl --raw mode into single-line and --pretty modeAndreas Steffen2014-06-1418-185/+310
|
* Allow multiple hash values in the file reference databaseAndreas Steffen2014-06-102-32/+60
|
* Added Android 4.3 and 4.4.3 to imv databaseAndreas Steffen2014-06-101-0/+24
|
* Added missing units (s = seconds)Andreas Steffen2014-06-101-1/+1
|
* Fixes in SWID entity supportAndreas Steffen2014-06-082-19/+7
|
* windows: Link against psapi32Martin Willi2014-06-061-1/+1
| | | | | On some version GetModuleFileNameEx/GetModuleInformation is in psapi32 instead of kernel32. We link to both libraries to make sure we have it.
* backtrace: Use GetModuleInformation/GetModuleFileNameEx directly on Win32Martin Willi2014-06-061-2/+10
| | | | The K32 variants are actually needed on 64-bit only.
* windows: Use WINAPI call convention for Windows API callbacksMartin Willi2014-06-068-23/+28
| | | | | For x86_64 it does not actually matter, but for i686 builds the call convention is different with WINAPI.
* Ubuntu 14.04 updated to 3.13.0-29 kernelAndreas Steffen2014-06-061-1/+1
|
* Extended pt-tls-client PLUGINS listAndreas Steffen2014-06-061-1/+1
|
* Updated REST APIAndreas Steffen2014-06-062-7/+17
|
* android: Add all Android.mk files to the tarballTobias Brunner2014-06-063-1/+4
|
* pki: Support complex trustchain and revocation checking in --verifyMartin Willi2014-06-041-48/+86
|
* unit-tests: Zero-initialize chunk to avoid free on non-successful fetchMartin Willi2014-06-041-1/+1
| | | | | If the fetch fails, the fetcher is not required to return an empty chunk. Avoid the resulting invalid free() by initializing data.ptr to NULL.
* winhttp: Support basic authentication for URLs having credentialsMartin Willi2014-06-041-3/+23
|
* winhttp: Support new response code fetcher optionMartin Willi2014-06-041-0/+34
|
* winhttp: Implement a http(s) fetcher based on Microsofts WinHTTP APIMartin Willi2014-06-046-0/+529
|
* kernel-wfp: Include Windows header patch for MinGW 4.8.1Martin Willi2014-06-042-0/+29
|
* kernel-wfp: Clone acquire traffic selectors only if they existMartin Willi2014-06-041-1/+3
|
* kernel-wfp: Install routes for trap policiesMartin Willi2014-06-041-3/+21
|
* kernel-wfp: Refactor route management to separate functionMartin Willi2014-06-041-39/+47
|
* kernel-wfp: Install tunnel mode policies to appropriate sub-layersMartin Willi2014-06-042-6/+22
| | | | | While it is unclear if this has any effect at all, we prefer specific sublayers to install policies as suggested.
* kernel-wfp: Declare GUIDs and auth/cipher configs missing in some MinGW buildsMartin Willi2014-06-041-0/+89
|
* kernel-wfp: Support multiple traffic selectors on tunnel mode SAsMartin Willi2014-06-041-36/+80
|
* child-sa: Pass the number of total policies tied to an SA to the kernelMartin Willi2014-06-042-0/+10
| | | | | This will be useful if the kernel backend has to know how many policies follow an SA install, for example if it must install all policies concurrently.
* kernel-iph: Implicitly enable IP forwarding when installing routesMartin Willi2014-06-041-0/+26
|
* kernel-wfp: Show a warning for packets the kernel drops in its IPsec layersMartin Willi2014-06-041-0/+6
|
* kernel-wfp: Set flag to get UDP encapsulation with tunnel mode workingMartin Willi2014-06-042-0/+22
| | | | | | Having this flag set fixes connections initiated by the Windows host, but unfortunately does not yet fix incoming connections. Connection state issue? We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
* kernel-wfp: Install tunnel and trap forward policiesMartin Willi2014-06-043-136/+275
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 07:09:38 +0000