aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * database: Add support for serializable transactionsTobias Brunner2013-10-114-9/+27
| |
| * sql: Don't use MyISAM engine and set collation/charset for all tablesTobias Brunner2013-10-111-26/+25
| | | | | | | | The MyISAM engine doesn't support transactions.
| * pool: Change transaction handlingTobias Brunner2013-10-111-46/+8
| |
| * pool: Move the pool utility to its own directory in srcTobias Brunner2013-10-1110-21/+28
| |
| * attr-sql: Handle concurrent insertion of identitiesTobias Brunner2013-10-111-2/+12
| | | | | | | | | | | | | | | | | | If the same identity is added concurrently by two threads (or by the pool utility) INSERT might fail even though the SELECT was unsuccessful before. We are currently not able to lock the identities table in a portable way (something like SELECT ... FOR UPDATE on MySQL).
| * attr-sql: Don't use database transactions in create_attribute_enumeratorTobias Brunner2013-10-111-5/+0
| | | | | | | | | | | | | | | | | | There could, of course, be race conditions when enumerating the attributes, but those probably don't matter (e.g. missing an attribute that was concurrently added). Transactions are more intended to revert multiple changes if anything fails in the process.
| * sqlite: Implement transaction handlingTobias Brunner2013-10-111-6/+83
| |
| * mysql: Implement transaction handlingTobias Brunner2013-10-111-7/+119
| |
| * database: Add interface to handle transactionsTobias Brunner2013-10-113-1/+76
| |
| * mysql: Ensure connections are properly released in multi-threaded environmentsTobias Brunner2013-10-111-14/+23
|/
* crypto-factory: Try next available RNG implementation if constructor failsTobias Brunner2013-10-111-13/+6
|
* crypto-factory: Order entries by algorithm identifier and (optionally) speedTobias Brunner2013-10-111-22/+18
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-119-26/+18
| | | | for IKEv2 anyway
* vstr: Forward actual field widthTobias Brunner2013-10-111-1/+1
| | | | | fmt_field_width is a flag that indicates if a field width is defined in obj_field_width.
* unit-tests: support testing when leak-detective has not been enabledMartin Willi2013-10-111-5/+14
|
* NEWS: Updates for the ah, libipsec-usestats and printf-hook mergesMartin Willi2013-10-111-0/+13
|
* Merge branch 'printf-hook'Martin Willi2013-10-1116-385/+2039
|\ | | | | | | | | | | Adds a custom printf hook implementation as a fallback if neither the glibc style hooks nor vstr is available. This can avoid the Vstr dependency on some systems at the cost of slower and less complete printf functions.
| * printf-hook-builtin: Print NaN/Infinity floating point values as suchMartin Willi2013-10-112-2/+36
| |
| * printf-hook-builtin: Correctly round up floating point valuesMartin Willi2013-10-112-9/+43
| |
| * printf-hook-builtin: Add some preliminary floating point supportMartin Willi2013-10-112-2/+223
| | | | | | | | | | This minimalistic implementation has no aspiration for completeness or accuracy, and just provides what we need.
| * printf-hook-builtin: Support GNU %m specifierMartin Willi2013-10-112-0/+21
| |
| * printf-hook-builtin: Add a new "builtin" backend using its own printf() routinesMartin Willi2013-10-115-2/+1032
| | | | | | | | | | | | Overloads printf C library functions by a self-contained implementation, based on klibc. Does not yet feature all the required default formatters, including those for floating point values.
| * printf-hook: Add some basic printf() string/integer test functionsMartin Willi2013-10-114-1/+112
| |
| * printf-hook: Move glibc/vstr printf hook backends to separate filesMartin Willi2013-10-119-383/+586
|/
* Merge branch 'libipsec-usestats'Martin Willi2013-10-1117-41/+216
|\ | | | | | | | | | | Brings SA usage statistics and volume based expiration to libipsec and the associated kernel-libipsec plugin. Additionally removes any ESPv3 style TFC padding found in incoming packets.
| * libipsec: Enforce byte/packet lifetimes on SAsMartin Willi2013-10-113-7/+77
| |
| * kernel-libipsec: Support ESPv3 TFC paddingMartin Willi2013-10-111-1/+1
| |
| * libipsec: remove extra RFC4303 TFC padding appended to inner payloadMartin Willi2013-10-111-0/+6
| |
| * kernel-libipsec: Support query_sa() to report usage statisticsMartin Willi2013-10-111-1/+2
| |
| * libipsec: Support usage statistics and query_sa() on IPsec SAsMartin Willi2013-10-115-4/+102
| |
| * kernel: Use a time_t to report use time in query_policy()Martin Willi2013-10-1111-13/+13
| |
| * kernel: Use a time_t to report use time in query_sa()Martin Willi2013-10-1111-15/+15
|/
* Merge branch 'ah'Martin Willi2013-10-1161-137/+691
|\ | | | | | | | | | | Brings support for Security Associations integrity protected by the Authentication Header protocol, both to IKEv1 and IKEv2. Currently only plain AH is supported, but no (now deprecated) RFC2401 style AH+ESP bundles.
| * ipsec.conf: Add a description for the new 'ah' keyword.Martin Willi2013-10-111-0/+41
| |
| * testing: Add an IKEv1 host2host AH transport mode test caseMartin Willi2013-10-119-0/+89
| |
| * testing: Add an IKEv1 net2net AH test caseMartin Willi2013-10-119-0/+102
| |
| * testing: Add an IKEv2 host2host AH transport mode test caseMartin Willi2013-10-119-0/+89
| |
| * testing: Add an IKEv2 net2net AH test caseMartin Willi2013-10-119-0/+101
| |
| * testing: Allow AH packets in default INPUT/OUTPUT chainsMartin Willi2013-10-111-0/+4
| |
| * updown: Install forwarding rules with the actually used protocolMartin Willi2013-10-111-1/+1
| |
| * updown: Add a PLUTO_PROTO variable set to 'ah' or 'esp'Martin Willi2013-10-112-1/+6
| |
| * starter: Reject connections having both 'ah' and 'esp' keywords setMartin Willi2013-10-111-0/+9
| | | | | | | | | | We currently don't support mixed proposals or bundles, so don't create the illusion we would.
| * ike: Define keylength for aescmac algorithmMartin Willi2013-10-111-0/+1
| |
| * ikev1: Support parsing of AH+IPComp proposalsMartin Willi2013-10-111-9/+11
| |
| * starter: Remove obsolete 'auth' optionMartin Willi2013-10-115-7/+0
| |
| * ikev1: Accept more than two certificate payloadsMartin Willi2013-10-111-2/+2
| |
| * ikev1: Support en-/decoding of SA payloads with AH algorithmsMartin Willi2013-10-111-31/+99
| |
| * kernel-handler: Whitespace cleanupsMartin Willi2013-10-111-42/+38
| |
| * stroke: List proposals in statusall without leading '/' in AH SAsMartin Willi2013-10-111-1/+7
| |
| * ikev1: Delete quick modes with the negotiated SA protocolMartin Willi2013-10-111-1/+1
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 22:40:32 +0000