Flexible configuration of logging subsystem allowing to log to multiple syslog facilities or to files using fine-grained log levels for each target.
Load testing plugin to do stress testing of the IKEv2 daemon against self or another host. Found and fixed issues during tests in the multi-threaded use of the OpenSSL plugin.
Added profiling code to synchronization primitives to find bottlenecks if running on multiple cores. Found and fixed an issue where parts of the Diffie-Hellman calculation acquired an exclusive lock. This greatly improves parallelization to multiple cores.
updown script invocation has been separated into a plugin of its own to further slim down the daemon core.
Separated IKE_SA/CHILD_SA key derivation process into a closed system, allowing future implementations to use a secured environment in e.g. kernel memory or hardware.
The kernel interface of charon has been modularized. XFRM NETLINK (default) and PFKEY (--enable-kernel-pfkey) interface plugins for the native IPsec stack of the Linux 2.6 kernel as well as a PFKEY interface for the KLIPS IPsec stack (--enable-kernel-klips) are provided.
Basic Mobile IPv6 support has been introduced, securing Binding Update messages as well as tunneled traffic between Mobile Node and Home Agent. The installpolicy=no option allows peaceful cooperation with a dominant mip6d daemon and the new type=transport_proxy implements the special MIPv6 IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address but the IPsec SA is set up for the Home Adress.
Implemented migration of Mobile IPv6 connections using the KMADDRESS field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon via the Linux 2.6.28 (or appropriately patched) kernel.