1a2c5e916d91b6efe0d57595b7b783dfdc15ad7d |
|
10-Mar-2017 |
Robin Lee <rgl@google.com> |
Use NetdClient to exempt racoon sockets from VPN So that if we create a networkRejectNonSecureVpn rule, racoon doesn't get its connection shut down. This means we can drop the special-cased firewall code for racoon from Android, and just use the same set of VPN ip rules as for third-party apps. Later on it might be possible to protect the socket without depending on libnetd_client, see bug 34524989 Test: manual - enable always-on VPN with a legacy Ipsec PSK VPN on 464xlat network Bug: 33159037 Change-Id: I89740d110cff8e67eb661b0b3d191eb49aa1e9d8
/external/ipsec-tools/src/racoon/isakmp.c
|
bf24d08c08e934cdc3896e276b2dd12dd4f02935 |
|
26-Oct-2015 |
Chih-Hung Hsieh <chh@google.com> |
Back port 0.8.0 fixes of function prototypes. Now these functions can compile cleanly with clang. * Only the changes related to function prototypes in pfkey.c are ported from 0.8.0. There is no feature change. * isakmp.c and remoteconf.c are fixed similarly, although they are not fixed upstream. BUG: 18651079 Change-Id: I4f9dadae59a65758d098385aa5c57efa60e24198
/external/ipsec-tools/src/racoon/isakmp.c
|
d925f0978024cd6435abb1c4e1f09349dad6e77c |
|
22-Sep-2015 |
Elliott Hughes <enh@google.com> |
Use <netinet/udp.h> instead of <linux/udp.h> on Android. Change-Id: I8bb54aa5520dee1c81c2af3daa4c721fbdee98f3
/external/ipsec-tools/src/racoon/isakmp.c
|
a029281fff6b28b379bd69602f8f5649f0a2740d |
|
01-Oct-2014 |
Adam Langley <agl@google.com> |
ipsec-tools: update for BoringSSL. BoringSSL is Google's version of OpenSSL[1] with lots of things cleaned up and removed. This change makes ipsec-tools work with both BoringSSL and Android's existing version of OpenSSL. Some changes are generally applicable but upstream ipsec-tools appears to be dead. I've followed the existing practice of #ifdef'ing the changes but, if there's no upstream, then I'd be happy to be more aggressive about that. Otherwise, apart from a couple of tweaks, the big changes are to the way that the ENGINE works and to replace the PKCS#7 parsing code. [1] https://www.imperialviolet.org/2014/06/20/boringssl.html Change-Id: I32d7eb4e0e0a90f92cf5e8f9675dac4a8edc7a4a
/external/ipsec-tools/src/racoon/isakmp.c
|
a0315adb1214a45a323e1ddf7c09faaa8ba0cdf5 |
|
17-Sep-2012 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: fix possible SEGV in isakmp_cfg_setenv(). Bug: 6840474 Change-Id: Ic4e20e04f3f7b3b7857f32b8b7d9e4ebc6d8a0fe
/external/ipsec-tools/src/racoon/isakmp.c
|
c91307af2622f6625525f3c1f9c954376df950ad |
|
26-Mar-2012 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: back-port 0.7.3 to Android. Lots of checks and features were added to ipsec-tools 0.8.0. However, they broke the compatibility with existing VPN servers. I was unable to fix all of them in 0.8.0, so I chose to port 0.7.3 back with the new VPN types we added in ICS release. Bug: 6191668 Change-Id: I86a7218f7f5146d4a9b129d46c89839a82b0008f
/external/ipsec-tools/src/racoon/isakmp.c
|
f8a6a7636d53a5730c58ae041e4e09ae12e1657c |
|
05-Jul-2011 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: Update to 0.8.0. This change updates ipsec-tools to 0.8.0. However, a quick test reveals a regression in IPSec PSK sessions. The server rejects the first packet of phase 2 negotiation with INVALID-ID-INFORMATION error. After testing files one by one, it turns out that using the old ipsec_doi.c fixes the problem. Then the next error shows that identity check is failed. This can be fixed by marking few lines in isakmp_quick.c just like 0.7.3. This change adds ipsec_doi-0.7.3.c as a temporary fix. I will come back and see if I can find the real problem. IPSec RSA sessions will be covered in the next change. Change-Id: I48f0026c3be07f506b3901b59202081bf88f41c9
/external/ipsec-tools/src/racoon/isakmp.c
|
458fe1ef88671dfe580c488973d5573194839087 |
|
26-Jun-2009 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: Integrate racoon with Android framework.
/external/ipsec-tools/src/racoon/isakmp.c
|
837a1c77bab77bd62cccb33a15163a962f8dfb97 |
|
26-Jun-2009 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: Make racoon an easy-to-use command line tool and reduce its size. The original executable is ~350KB and now it is ~160KB. Removing debug messages reduces about 20KB. Others are mainly contributed by removing lex/yacc generated code, which was used to parse configuration files.
/external/ipsec-tools/src/racoon/isakmp.c
|
1c71527b277e2dc256262da2ed2169c566c5bf4d |
|
21-Jun-2009 |
Chia-chi Yeh <chiachi@android.com> |
ipsec-tools: Update to 0.7.2. Android specific files will be added in the next change.
/external/ipsec-tools/src/racoon/isakmp.c
|
0a1907d434839af6a9cb6329bbde60b237bf53dc |
|
22-Apr-2009 |
Chung-yih Wang <cywang@google.com> |
Migrate from perforce repository.
/external/ipsec-tools/src/racoon/isakmp.c
|