aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ipsec: Add --piddir to retrieve the PID/socket directoryTobias Brunner2013-07-222-3/+11
|
* starter: Properly refer to the ipsec script if it was renamedTobias Brunner2013-07-223-2/+3
|
* coupling: Fix call to call_hook()Tobias Brunner2013-07-221-1/+1
|
* strongswan.conf: Add missing optionsTobias Brunner2013-07-221-10/+47
|
* charon-xpc: Use correct namespace when setting default settingsTobias Brunner2013-07-221-3/+3
|
* tnc-pdp: Fix reading port setting from strongswan.confTobias Brunner2013-07-221-1/+1
|
* fixed typo5.1.0rc1Andreas Steffen2013-07-191-1/+1
|
* updated some TNC scenariosAndreas Steffen2013-07-194-18/+59
|
* processor: force synchronous execute_job() if set_threads(0) has been calledMartin Willi2013-07-191-1/+1
| | | | | | During daemon shutdown, some idle threads might be lingering around even if set_threads(0) already has been called. To avoid any races, we enforce synchronous execution of the job.
* proposal: correctly enumerate registered AEADs to build default IKE proposalMartin Willi2013-07-191-6/+22
| | | | AEADs are not returned (anymore) with the encryption enumerator.
* Version bump to 5.1.0rc1Andreas Steffen2013-07-191-1/+1
|
* tkm: Properly refer to includes now that AM_CPPFLAGS is usedTobias Brunner2013-07-191-1/+1
|
* keychain: Use AM_CPPFLAGS instead of INCLUDESTobias Brunner2013-07-191-1/+1
|
* Fix various API doc issues and typosTobias Brunner2013-07-1826-49/+55
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* identification: parse identities having a "@@" prefix as ID_RFC822_ADDRMartin Willi2013-07-181-11/+10
| | | | Original patch by Gerald Richter.
* NEWS: mention watcher and stream servicesMartin Willi2013-07-181-0/+9
|
* Merge branch 'ipc-service'Martin Willi2013-07-1856-1106/+3141
|\ | | | | | | | | | | | | Adds network transparency and TCP support to the IPC interfaces of different plugins using the new stream and stream service classes. A central watcher thread can watch multiple file descriptors to handle connection requests for these and other services using only a single thread.
| * stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-187-39/+7
| | | | | | | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
| * processor: remove the now unused get_threads() method againMartin Willi2013-07-182-17/+0
| |
| * watcher: use processors new execute_job() to notify FDsMartin Willi2013-07-181-9/+1
| | | | | | | | | | Just queueing is problematic, as all threads might be busy waiting for events that the queued (but never executed) job delivers.
| * processor: add an execute_job() method to directly execute an important jobMartin Willi2013-07-182-0/+36
| | | | | | | | | | | | | | If all worker threads are busy and waiting for an event, we must ensure that a job delivering that event gets executed. This new method has this property for CRITICAL jobs, using a worker if we have one, but executing the job directly if not.
| * watcher: properly support multiple watch callback types for the same FDMartin Willi2013-07-182-36/+45
| |
| * watcher: read multiple notifications if availableMartin Willi2013-07-181-2/+15
| | | | | | | | | | Use non-blocking I/O on the read end of the notify pipe. This also makes sure the read does not block should select() signal data while there is none.
| * certexpire: add an option to enforce exporting trustchains having a private keyMartin Willi2013-07-181-15/+83
| |
| * error-notify: catch and forward some alerts related to certificate validationMartin Willi2013-07-182-0/+25
| |
| * bus: raise certificate validation alerts using credential manager hookMartin Willi2013-07-182-0/+43
| |
| * credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-187-7/+120
| |
| * lookip: double size of id field in messageMartin Willi2013-07-181-1/+1
| |
| * error-notify: increase size of string/identity fields in messagesMartin Willi2013-07-181-2/+2
| |
| * whitelist: use a read-copy when listing entriesMartin Willi2013-07-181-19/+44
| | | | | | | | | | While this requires a little more overhead, we can free the lock should the stream block, allowing other threads to add/remove entries.
| * whitelist: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
| |
| * lookip: fix error handling when creating the socket failsMartin Willi2013-07-181-1/+7
| |
| * error-notify: fix error handling when creating the socket failsMartin Willi2013-07-181-0/+6
| |
| * kernel-pfroute: use watcher to receive kernel eventsMartin Willi2013-07-181-17/+13
| |
| * kernel-pfkey: use watcher to receive networking eventsMartin Willi2013-07-181-19/+13
| |
| * kernel-netlink: use watcher to receive kernel events for net/ipsecMartin Willi2013-07-182-35/+24
| |
| * eap-radius: use watcher instead of receiver thread on DAE socketMartin Willi2013-07-181-11/+7
| |
| * dhcp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-10/+8
| |
| * farp: use watcher instead of dedicated receiver threadMartin Willi2013-07-181-11/+6
| |
| * load-tester: use a stream service to dispatch control connectionsMartin Willi2013-07-182-93/+27
| |
| * whitelist: use a stream service to accept client connectionsMartin Willi2013-07-183-121/+106
| | | | | | | | | | Use SOCK_STREAM, as we don't have SOCK_SEQPACKET on TCP. To have network transparency, the message now uses network byte order.
| * lookip: use stream service with async I/O dispatchingMartin Willi2013-07-185-256/+294
| | | | | | | | | | Now uses SOCK_STREAM, as SOCK_SEQPACKET is not available over TCP. To have network transparency, the message now uses network byte order.
| * error-notify: use a stream service to accept client connectionsMartin Willi2013-07-184-122/+103
| | | | | | | | | | As TCP does not have SOCK_SEQPACKET, we now use SOCK_STREAM for the error-notify socket. To have network transparency, the message now uses network byte order.
| * duplicheck: use a stream service to accept client connectionsMartin Willi2013-07-184-105/+146
| | | | | | | | | | | | As we can't use SOCK_SEQPACKET over TCP, we now have to provide message boundaries ourselves. We do this by appending a 16-bit length header to each sent duplicate identity.
| * stroke: use a stream service to handle stroke requestsMartin Willi2013-07-181-227/+48
| |
| * stream: allow async read/write callback to destroy the stream explicitlyMartin Willi2013-07-182-10/+15
| |
| * stream: don't close underlying socket when creating a stream from itMartin Willi2013-07-181-1/+6
| |
| * watcher: add some debugging statementsMartin Willi2013-07-181-0/+12
| |
| * watcher: if the processor has no threads, execute the job with watcher threadMartin Willi2013-07-181-11/+19
| | | | | | | | | | This is important during shutdown, where we might need to signal some FDs while all idle threads are gone already.
| * processor: add a getter for the threads passed to set_threads()Martin Willi2013-07-182-1/+17
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-26 22:39:26 +0000