aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* socket-dynamic: Properly initialize IPv6 addressTobias Brunner2013-07-241-1/+1
|
* unit-tests: Add test for host_create_netmask()Tobias Brunner2013-07-244-1/+100
|
* host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128Tobias Brunner2013-07-241-5/+7
|
* imv-attestation: Use proper cast for length when using %.*sTobias Brunner2013-07-241-2/+2
|
* tnc-ifmap: Use proper cast for length when using %.*sTobias Brunner2013-07-241-5/+6
|
* capabilities: Proper error handling when reading groupsTobias Brunner2013-07-241-1/+8
|
* strongswan.conf: Moved some stuff aroundTobias Brunner2013-07-231-23/+24
|
* ipsec: Add --piddir to retrieve the PID/socket directoryTobias Brunner2013-07-222-3/+11
|
* starter: Properly refer to the ipsec script if it was renamedTobias Brunner2013-07-223-2/+3
|
* coupling: Fix call to call_hook()Tobias Brunner2013-07-221-1/+1
|
* strongswan.conf: Add missing optionsTobias Brunner2013-07-221-10/+47
|
* charon-xpc: Use correct namespace when setting default settingsTobias Brunner2013-07-221-3/+3
|
* tnc-pdp: Fix reading port setting from strongswan.confTobias Brunner2013-07-221-1/+1
|
* fixed typo5.1.0rc1Andreas Steffen2013-07-191-1/+1
|
* updated some TNC scenariosAndreas Steffen2013-07-194-18/+59
|
* processor: force synchronous execute_job() if set_threads(0) has been calledMartin Willi2013-07-191-1/+1
| | | | | | During daemon shutdown, some idle threads might be lingering around even if set_threads(0) already has been called. To avoid any races, we enforce synchronous execution of the job.
* proposal: correctly enumerate registered AEADs to build default IKE proposalMartin Willi2013-07-191-6/+22
| | | | AEADs are not returned (anymore) with the encryption enumerator.
* Version bump to 5.1.0rc1Andreas Steffen2013-07-191-1/+1
|
* tkm: Properly refer to includes now that AM_CPPFLAGS is usedTobias Brunner2013-07-191-1/+1
|
* keychain: Use AM_CPPFLAGS instead of INCLUDESTobias Brunner2013-07-191-1/+1
|
* Fix various API doc issues and typosTobias Brunner2013-07-1826-49/+55
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* identification: parse identities having a "@@" prefix as ID_RFC822_ADDRMartin Willi2013-07-181-11/+10
| | | | Original patch by Gerald Richter.
* NEWS: mention watcher and stream servicesMartin Willi2013-07-181-0/+9
|
* Merge branch 'ipc-service'Martin Willi2013-07-1856-1106/+3141
|\ | | | | | | | | | | | | Adds network transparency and TCP support to the IPC interfaces of different plugins using the new stream and stream service classes. A central watcher thread can watch multiple file descriptors to handle connection requests for these and other services using only a single thread.
| * stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-187-39/+7
| | | | | | | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
| * processor: remove the now unused get_threads() method againMartin Willi2013-07-182-17/+0
| |
| * watcher: use processors new execute_job() to notify FDsMartin Willi2013-07-181-9/+1
| | | | | | | | | | Just queueing is problematic, as all threads might be busy waiting for events that the queued (but never executed) job delivers.
| * processor: add an execute_job() method to directly execute an important jobMartin Willi2013-07-182-0/+36
| | | | | | | | | | | | | | If all worker threads are busy and waiting for an event, we must ensure that a job delivering that event gets executed. This new method has this property for CRITICAL jobs, using a worker if we have one, but executing the job directly if not.
| * watcher: properly support multiple watch callback types for the same FDMartin Willi2013-07-182-36/+45
| |
| * watcher: read multiple notifications if availableMartin Willi2013-07-181-2/+15
| | | | | | | | | | Use non-blocking I/O on the read end of the notify pipe. This also makes sure the read does not block should select() signal data while there is none.
| * certexpire: add an option to enforce exporting trustchains having a private keyMartin Willi2013-07-181-15/+83
| |
| * error-notify: catch and forward some alerts related to certificate validationMartin Willi2013-07-182-0/+25
| |
| * bus: raise certificate validation alerts using credential manager hookMartin Willi2013-07-182-0/+43
| |
| * credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-187-7/+120
| |
| * lookip: double size of id field in messageMartin Willi2013-07-181-1/+1
| |
| * error-notify: increase size of string/identity fields in messagesMartin Willi2013-07-181-2/+2
| |
| * whitelist: use a read-copy when listing entriesMartin Willi2013-07-181-19/+44
| | | | | | | | | | While this requires a little more overhead, we can free the lock should the stream block, allowing other threads to add/remove entries.
| * whitelist: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
| |
| * lookip: fix error handling when creating the socket failsMartin Willi2013-07-181-1/+7
| |
| * error-notify: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
| |
| * kernel-pfroute: use watcher to receive kernel eventsMartin Willi2013-07-181-17/+13
| |
| * kernel-pfkey: use watcher to receive networking eventsMartin Willi2013-07-181-19/+13
| |
| * kernel-netlink: use watcher to receive kernel events for net/ipsecMartin Willi2013-07-182-35/+24
| |
| * eap-radius: use watcher instead of receiver thread on DAE socketMartin Willi2013-07-181-11/+7
| |
| * dhcp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-10/+8
| |
| * farp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-11/+6
| |
| * load-tester: use a stream service to dispatch control connectionsMartin Willi2013-07-182-93/+27
| |
| * whitelist: use a stream service to accept client connectionsMartin Willi2013-07-183-121/+106
| | | | | | | | | | Use SOCK_STREAM, as we don't have SOCK_SEQPACKET on TCP. To have network transparency, the message now uses network byte order.
| * lookip: use stream service with async I/O dispatchingMartin Willi2013-07-185-256/+294
| | | | | | | | | | Now uses SOCK_STREAM, as SOCK_SEQPACKET is not available over TCP. To have network transparency, the message now uses network byte order.
| * error-notify: use a stream service to accept client connectionsMartin Willi2013-07-184-122/+103
| | | | | | | | | | As TCP does not have SOCK_SEQPACKET, we now use SOCK_STREAM for the error-notify socket. To have network transparency, the message now uses network byte order.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 06:38:53 +0000