Imported Upstream version 5.3.3

10 files changed, 112 insertions, 8 deletions

diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index b98b195d1..e81041b25 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -7,12 +7,12 @@ eap-radius {
     # updates.
     # accounting_close_on_timeout = yes
 
-    # Interval for interim RADIUS accounting updates, if not specified by the
-    # RADIUS server in the Access-Accept message.
+    # Interval in seconds for interim RADIUS accounting updates, if not
+    # specified by the RADIUS server in the Access-Accept message.
     # accounting_interval = 0
 
     # If enabled, accounting is disabled unless an IKE_SA has at least one
-    # virtual IP.
+    # virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
     # accounting_requires_vip = no
 
     # Use class attributes in Access-Accept messages as group membership
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index 2a6786dd9..929931a28 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -6,12 +6,12 @@ charon.plugins.eap-radius.accounting_close_on_timeout = yes
 	updates.
 
 charon.plugins.eap-radius.accounting_interval = 0
-	Interval for interim RADIUS accounting updates, if not specified by the
-	RADIUS server in the Access-Accept message.
+	Interval in seconds for interim RADIUS accounting updates, if not specified
+	by the RADIUS server in the Access-Accept message.
 
 charon.plugins.eap-radius.accounting_requires_vip = no
 	If enabled, accounting is disabled unless an IKE_SA has at least one
-	virtual IP.
+	virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
 
 charon.plugins.eap-radius.class_group = no
 	Use class attributes in Access-Accept messages as group membership
diff --git a/conf/plugins/imc-hcd.conf b/conf/plugins/imc-hcd.conf
new file mode 100644
index 000000000..b4a5080d3
--- /dev/null
+++ b/conf/plugins/imc-hcd.conf
@@ -0,0 +1,8 @@
+imc-hcd {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/conf/plugins/imc-hcd.opt b/conf/plugins/imc-hcd.opt
new file mode 100644
index 000000000..d69b06c4a
--- /dev/null
+++ b/conf/plugins/imc-hcd.opt
@@ -0,0 +1,71 @@
+libimcv.plugins.imc-hcd.push_info = yes
+	Send quadruple info without being prompted.
+
+libimcv.plugins.imc-hcd.subtypes
+	Section to define PWG HCD PA subtypes.
+
+libimcv.plugins.imc-hcd.subtypes.<section>
+	Defines a PWG HCD PA subtype section. Recognized subtype section names are
+    _system_, _control_, _marker_, _finisher_, _interface_ and _scanner_.
+
+libimcv.plugins.imc-hcd.subtypes.<section>.attributes_natural_language = en
+	Variable length natural language tag conforming to RFC 5646 specifies
+	the language to be used in the health assessment message of a given subtype.
+
+libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>
+	Defines a software type section. Recognized software type section names are
+	_firmware_, _resident_application_ and _user_application_.
+
+libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software>
+	Defines a software section having an arbitrary name.
+
+libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software>.name
+	Name of the software installed on the hardcopy device.
+
+libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software>.patches
+	String describing all patches applied to the given software on this
+	hardcopy device. The individual patches are separated by a newline
+	character '\\n'.
+
+libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software>.string_version
+	String describing the version of the given software on this hardcopy device.
+
+libimcv.plugins.imc-hcd.subtypes.<section>.<sw_type>.<software>.version
+	Hex-encoded version string with a length of 16 octets consisting of the
+	fields major version number (4 octets), minor version number (4 octets),
+	build number (4 octets), service pack major number (2 octets) and service
+	pack minor number (2 octets).
+
+libimcv.plugins.imc-hcd.subtypes.system.certification_state
+	Hex-encoded certification state.
+
+libimcv.plugins.imc-hcd.subtypes.system.configuration_state
+	Hex-encoded configuration state.
+
+libimcv.plugins.imc-hcd.subtypes.system.machine_type_model
+	String specifying the machine type and model of the hardcopy device.
+
+libimcv.plugins.imc-hcd.subtypes.system.pstn_fax_enabled = no
+	Specifies if a PSTN facsimile interface is installed and enabled on the
+	hardcopy device.
+
+libimcv.plugins.imc-hcd.subtypes.system.time_source
+	String specifying the hostname of the network time server used by the
+	hardcopy device.
+
+libimcv.plugins.imc-hcd.subtypes.system.user_application_enabled = no
+	Specifies if users can dynamically download and execute applications on
+	the hardcopy device.
+
+libimcv.plugins.imc-hcd.subtypes.system.user_application_persistence_enabled = no
+	Specifies if user dynamically downloaded applications can persist outside
+	the boundaries of a single job on the hardcopy device.
+
+libimcv.plugins.imc-hcd.subtypes.system.vendor_name
+	String specifying the manufacturer of the hardcopy device.
+
+libimcv.plugins.imc-hcd.subtypes.system.vendor_smi_code
+	Integer specifying the globally unique 24-bit SMI code assigned to the
+	manufacturer of the hardcopy device.
+
+
diff --git a/conf/plugins/kernel-netlink.conf b/conf/plugins/kernel-netlink.conf
index 6ea341fbe..3997dc7d9 100644
--- a/conf/plugins/kernel-netlink.conf
+++ b/conf/plugins/kernel-netlink.conf
@@ -1,7 +1,7 @@
 kernel-netlink {
 
     # Buffer size for received Netlink messages.
-    # buflen = 4096
+    # buflen = <min(PAGE_SIZE, 8192)>
 
     # Firewall mark to set on the routing rule that directs traffic to our
     # routing table.
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt
index 4338a5fbd..6adefd8de 100644
--- a/conf/plugins/kernel-netlink.opt
+++ b/conf/plugins/kernel-netlink.opt
@@ -1,4 +1,4 @@
-charon.plugins.kernel-netlink.buflen = 4096
+charon.plugins.kernel-netlink.buflen = <min(PAGE_SIZE, 8192)>
 	Buffer size for received Netlink messages.
 
 charon.plugins.kernel-netlink.fwmark =
diff --git a/conf/plugins/osx-attr.conf b/conf/plugins/osx-attr.conf
new file mode 100644
index 000000000..e20b41b67
--- /dev/null
+++ b/conf/plugins/osx-attr.conf
@@ -0,0 +1,12 @@
+osx-attr {
+
+    # Whether DNS servers are appended to existing entries, instead of replacing
+    # them.
+    # append = yes
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+}
+
diff --git a/conf/plugins/osx-attr.opt b/conf/plugins/osx-attr.opt
new file mode 100644
index 000000000..70bd19716
--- /dev/null
+++ b/conf/plugins/osx-attr.opt
@@ -0,0 +1,3 @@
+charon.plugins.osx-attr.append = yes
+	Whether DNS servers are appended to existing entries, instead of replacing
+	them.
diff --git a/conf/plugins/stroke.conf b/conf/plugins/stroke.conf
index 3d8ee0acc..ea6d87b14 100644
--- a/conf/plugins/stroke.conf
+++ b/conf/plugins/stroke.conf
@@ -1,5 +1,10 @@
 stroke {
 
+    # Analyze addresses/hostnames in left|right to detect which side is local
+    # and swap configuration options if necessary. If disabled left is always
+    # local.
+    # allow_swap = yes
+
     # Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA
     # certificates even if they don't contain a CA basic constraint.
     # ignore_missing_ca_basic_constraint = no
diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt
index 4b49b1f04..ad5e62dc4 100644
--- a/conf/plugins/stroke.opt
+++ b/conf/plugins/stroke.opt
@@ -1,3 +1,8 @@
+charon.plugins.stroke.allow_swap = yes
+	Analyze addresses/hostnames in _left|right_ to detect which side is local
+	and swap configuration options if necessary. If disabled _left_ is always
+	_local_.
+
 charon.plugins.stroke.ignore_missing_ca_basic_constraint = no
 	Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA
 	certificates even if they don't contain a CA basic constraint.