| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Fixes: 59db98fb941c ("stream: Add basic stream service for systemd sockets")
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows systemd socket activation by passing URIs such as systemd://foo
to plugins such as VICI.
For example setting charon.plugins.vici.socket = systemd://vici, a
systemd socket file descriptor with the name "vici" will be picked up.
So these would be the corresponding unit options:
[Socket]
FileDescriptorName=vici
Service=strongswan.service
ListenStream=/run/charon.vici
The implementation currently is very basic and right now only the first
file descriptor for a particular identifier is picked up if there are
multiple socket units with the same FileDescriptorName.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Closes strongswan/strongswan#79.
|
| |
|
|
|
|
|
|
|
|
|
| |
While this API is documented as legacy (and there is a sysctl option to
disable it) the documentation also mentions that it will probably stay
enabled by default due to compatibility issues with existing applications.
With the previous approach only 255 devices could be opened then the
daemon had to be restarted.
Fixes #2313.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While it is currently unclear why it happens, canceling threads waiting in the
new_query condvar does not work as expected. The behavior is not fully
reproducible: Either cancel(), join() or destroying the condvar hangs.
The issue has been seen in the http-fetcher unit tests, where the stream service
triggers the use of the resolver for "localhost" hosts. It is reproducible with
any cleanup following a host_create_from_dns() use on a Ubuntu 14.04 x64 system.
Further, the issue is related to the use of libunwind, as only builds with
--enable-unwind-backtraces are affected.
As we broadcast() the new_query condvar before destruction, a hard cancel() of
these threads is actually not required. Instead we let these threads clean up
themselves after receiving the condvar signal.
|
| |
|
|
|
| |
The default of new threads is cancellable, but the host-resolver thread code
clearly expects the opposite.
|
| |
|
|
|
|
| |
While they usually are not included in a normal strongSwan build, the XPC
header indirectly defines these Mach types. To build charon-xpc, which uses
both XPC and strongSwan includes, we have to redefine these types.
|
| |
|
|
|
|
|
| |
Instead of allocating MTU-sized buffers for each packet, read to a stack buffer
and copy to an allocation of the actual packet size. While it requires an
additional copy on non-Apple platforms, this should make allocation more
efficient for small packets.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
In the previous implementation queued jobs could prevent a service from
getting destroyed. This could have lead to a deadlock when the
processor is cancelled. Now destroy() still blocks, but waits only for
actually running tasks. The service instance is reference counted so that
queued jobs can safely be destroyed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Calling on_accept() sometimes lead to deadlocks when service->destroy()
was called concurrently. That is, two threads waiting in on_accept() but
the last worker would only wake one due to the call to signal(). Calling
broadcast() wouldn't help either as that could lead to crashes if the thread
that called destroy() is woken first.
This is also more efficient as a constant pool of concurrent workers can
be maintained, otherwise peaks at the limit were followed by only a single
worker being active.
|
| |
|
|
|
|
| |
This allows us to disable Unix sockets cleanly on Windows. Replaces some
read/write calls with recv/send counterparts, as Winsock does not like
read/writes.
|
| | |
|
| |
|
|
|
| |
Include some more basic system headers in utils.h, so we can use that common
header on the different platforms.
|
| |
|
|
|
|
|
|
| |
FreeBSD 10 deprecated the SIOCSIFADDR etc. commands, so we use this
newer command to set the address and netmask. A destination address
is now also required.
Fixes #566.
|
| |
|
|
|
|
|
|
|
| |
While it really would be desirable to allow stream destruction during on_read()
callbacks, this does not work anymore since e49b2998. Until we have a proper
solution for this issue, use asynchronous disconnects for the only user doing
so.
Fixes #518.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
When changing async callbacks on streams, we have to make sure the watcher
callback is not currently active and has temporarily disabled callbacks. This
could have been the case, as we didn't explicitly removed any pending
watcher registration if both callbacks are NULL.
By enforcing the watcher unregistration, we are sure the watcher callback is
not active and currently is not mangling the callback hooks. This should make
sure we avoid any races for the callback variables.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On CentOS 6.5 the sys/capability.h header file defines _LINUX_TYPES_H
without actually including that header, preventing its later inclusion
here.
As library.h (via which the capabilities headers are included) is not
actually required in tun_device.[ch], moving the inclusion of tun_device.h
would not strictly be necessary. But it's probably a good idea to
include our own headers after system headers anyway, for if one of the
recursively included files at a later point includes library.h we'd have
the same problem again.
|
| |
|
|
| |
Fixes a build error on CentOS 6.4.
|
| |
|
|
|
|
| |
Due to the previous negation the high bits of the mask were set, which
at least some versions of the Android build system prevent with a compile-time
check.
|
| | |
|
| |
|
|
|
| |
Otherwise struct members like sin6_flowinfo or sin6_scope_id might be
set to bogus values.
|
| | |
|
| | |
|
| |
|
|
| |
Partially based on an old patch by Adrian-Ken Rueegsegger.
|
| |
|
|
|
| |
A plugin service can be a TCP socket now, so it does not make much sense
to strictly check for CAP_CHOWN.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
It does not make much sense to reference running services in the manager,
especially as unregistration would need the URI (which a user would have to
store instead of the service reference).
|
| |
|
|
|
| |
While this will complicate the implementation of streams not based on a fd,
it allows us to unleash the full power of FILE based convenience functions.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
