aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * ike-sa: use arrays instead of linked lists in long lived collectionsMartin Willi2013-07-171-116/+98
| | | | | | | | This saves about 1.5KB of memory per IKE_SA.
| * unit-tests: implement tests for array collectionMartin Willi2013-07-174-1/+363
| |
| * array: introduce an array collection storing elements very efficientlyMartin Willi2013-07-174-2/+613
|/ | | | | | | | | | | | | | | | | | | | | | | | | | Currently we use the very versatile linked-list collection to store elements with variable count. This is fine, but very inefficient: Due to the many methods in the linked list, on 64-bit platforms an empty list alone is more than 200 bytes. As we currently have about 50 lists per IKE_SA/CHILD_SA pair, this takes up to 10KB just for managing the empty lists. This is about the half of memory used by an IKE_SA/CHILD_SA pair, and obviously way too much. The new array type is not an object, but a collection of functions on an abstract type. The following lists are per IKE_SA and should be considered for a replacement with more efficient arrays (this uses load-testers on-demand created dynamic configurations, other scenarios have different lists): 14 -> ike_sa_create() @ src/libcharon/sa/ike_sa.c:2198 10 -> auth_cfg_create() @ src/libstrongswan/credentials/auth_cfg.c:1088 6 -> task_manager_v2_create() @ src/libcharon/sa/ikev2/task_manager_v2.c:1505 6 -> proposal_create() @ src/libcharon/config/proposal.c:592 5 -> peer_cfg_create() @ src/libcharon/config/peer_cfg.c:657 4 -> child_sa_create() @ src/libcharon/sa/child_sa.c:1090 2 -> child_cfg_create() @ src/libcharon/config/child_cfg.c:536 1 -> ike_cfg_create() @ src/libcharon/config/ike_cfg.c:330 1 -> put_connected_peers() @ src/libcharon/sa/ike_sa_manager.c:854
* kernel-libipsec: Log error if no local address is found when installing routesTobias Brunner2013-07-151-0/+5
|
* dumm: Sort templates by nameTobias Brunner2013-07-152-1/+3
|
* testing: Don't load certificates explicitly and delete CA certificates in ↵Tobias Brunner2013-07-156-4/+6
| | | | | | PKCS#12 scenarios Certificates are now properly extracted from PKCS#12 files.
* stroke: Add certificates extracted from PKCS#12 files to correct credential setTobias Brunner2013-07-151-4/+4
| | | | | Only keys and shared secrets are moved from the temporary credential set after loading all secrets.
* pkcs12: Add plugin dependencies with soft dependencies on the most common ↵Tobias Brunner2013-07-151-0/+6
| | | | algorithms
* leak-detective: remove hdr entry when reallocating zero bytesMartin Willi2013-07-121-0/+6
|
* leak-detective: print total of allocated/leaked bytes in usage/reportMartin Willi2013-07-121-5/+13
|
* dumm: add include for in.h, if_bridge.h now uses struct in6_addrMartin Willi2013-07-121-1/+1
|
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-123-1/+8
|
* Override policy recommendation in enforcementAndreas Steffen2013-07-113-17/+17
|
* openssl plugin can replace random, hmac, and gcm pluginsAndreas Steffen2013-07-102-2/+2
|
* Added openssl-ikev2/net2net-pkcs12 scenarioAndreas Steffen2013-07-1013-0/+116
|
* Added ikev2/net2net-pkcs12 scenarioAndreas Steffen2013-07-1013-0/+116
|
* Version bump to 5.1.0dr3Andreas Steffen2013-07-101-1/+1
|
* conntrack -F makes ikev2/nat-rw scenario to work alwaysAndreas Steffen2013-07-101-0/+1
|
* leak-detective: add a usage threshold option based on the number of allocationsMartin Willi2013-07-101-6/+11
|
* leak-detective: set_state() only affects the calling threadMartin Willi2013-07-102-15/+2
| | | | | The only user (bfd backtraces) is fine with that, and we really should not mess the enable flag while doing allocations with other threads.
* leak-detective: take a copy of backtrace while printing tracesMartin Willi2013-07-101-2/+3
| | | | | As we don't want to hold the lock, we must make sure backtraces keep valid while printing them.
* backtrace: add a clone() methodMartin Willi2013-07-102-7/+44
|
* leak-detective: remove hdr from the allocation list during realloc()Martin Willi2013-07-101-39/+60
| | | | | | | If realloc moves an allocation, the original allocation gets freed. We therefore must remove the hdr from the list, as it is invalid. We can add it afterwards once it has been updated, allowing us to unlock the list during reallocation.
* Fixed alignment of device ID column5.1.0dr2Andreas Steffen2013-07-101-2/+2
|
* android: New release after adding support for EAP-TNCTobias Brunner2013-07-081-2/+2
| | | | | Also disabled listening on IPv6 because the Linux kernel currently does not support UDP encapsulation for IPv6.
* Merge branch 'android-byod'Tobias Brunner2013-07-0886-117/+4227
|\ | | | | | | | | | | | | | | | | | | Adds support for EAP-TNC with a custom Android-specific IMC that collects data such as installed packages, file hashes or system settings. Some parts of the implementation are based on the bachelor semester project 'strongSwan Android 4 Client with Endpoint Assessment' by Christoph Bühler and Patrick Lötscher.
| * android: Properly handle dotted-quad notation of IPv6 addressesTobias Brunner2013-07-081-1/+1
| | | | | | | | | | For nestat output like ::ffff:127.0.0.1:9876 we shall not treat 127 as port but 9876 instead.
| * android: Allow IMC state to be dismissed with a swipe gestureTobias Brunner2013-07-081-0/+30
| |
| * android: Use explicit locale when converting settings namesTobias Brunner2013-07-081-2/+4
| | | | | | | | | | | | Apparently, these functions use the user's default locale which might not yield the expected result (e.g. lowercase I is not i in the Turkish locale but ı instead).
| * android: Add information about transmitted data if EAP-TNC is selectedTobias Brunner2013-07-087-0/+57
| |
| * android: Reuse certificate selector as generic two line buttonTobias Brunner2013-07-082-2/+2
| |
| * android: Add device ID in BeginHandshakeTobias Brunner2013-07-081-0/+2
| |
| * android: Add new VpnType to enable BYOD featuresTobias Brunner2013-07-088-5/+42
| |
| * Use strpfx() helper where appropriateTobias Brunner2013-07-0811-29/+28
| |
| * utils: Add helper function to check a string for a given prefixTobias Brunner2013-07-081-0/+8
| |
| * utils: Convert string helper macros to static inline functionsTobias Brunner2013-07-081-6/+15
| |
| * android: Use a different set of plugins if BYOD features are enabledTobias Brunner2013-07-084-11/+28
| |
| * android: IMC state fragment is a button that shows remediation instructions ↵Tobias Brunner2013-07-082-16/+66
| | | | | | | | or log
| * android: Show remediation instructions instead of log on failureTobias Brunner2013-07-086-3/+26
| |
| * android: Properly hide the IMC state fragment initiallyTobias Brunner2013-07-081-1/+4
| |
| * android: Add activity that displays a list of remediation instructionsTobias Brunner2013-07-0811-1/+212
| | | | | | | | | | On large displays a two-pane layout is used that displays the list next to the actual instructions.
| * android: Add fragment for a list of remediation instructionsTobias Brunner2013-07-081-0/+121
| | | | | | | | This fragment can later be used in one- or two-pane layouts.
| * android: Add adapter for remediation instructionsTobias Brunner2013-07-082-0/+118
| |
| * android: Add fragment that displays a single remediation instructionTobias Brunner2013-07-082-0/+164
| |
| * android: RemediationInstruction implements Parcelable interfaceTobias Brunner2013-07-081-1/+45
| |
| * android: Background for state panels provides separatorTobias Brunner2013-07-084-19/+27
| |
| * android: Add fragment that displays the IMC stateTobias Brunner2013-07-089-7/+210
| | | | | | | | | | The fragment hides itself if the state is unknown or the assessment succeeded.
| * android: Handle and store IETF remediation instructionsTobias Brunner2013-07-085-0/+121
| |
| * android: Add a parser for XML remediation instructionsTobias Brunner2013-07-081-0/+229
| |
| * android: Show different error message depending on IMC stateTobias Brunner2013-07-086-3/+26
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 12:24:42 +0000