aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
* host: Properly initialize struct sockaddr_in[6] when parsing stringsTobias Brunner2013-07-311-0/+2
| | | | | Otherwise struct members like sin6_flowinfo or sin6_scope_id might be set to bogus values.
* asn1: Fix handling of invalid ASN.1 length in is_asn1()Tobias Brunner2013-07-311-0/+5
| | | | Fixes CVE-2013-5018.
* keychain: be less verbose when loading certificatesMartin Willi2013-07-311-2/+5
|
* utils: add round_up/down() helper functionsMartin Willi2013-07-292-0/+49
|
* watcher: Made notify array initialization compatible with older GCC versionsTobias Brunner2013-07-251-2/+1
|
* unit-tests: Add additional tests for host_tTobias Brunner2013-07-251-3/+551
|
* array: Number of items in get_size() is unsignedTobias Brunner2013-07-251-1/+1
| | | | | | Otherwise, array->esize is promoted to int and if array->esize * num results in a value > 0x7fffffff the return value would be incorrect due the implicit sign extension when getting cast to size_t.
* stream: Ensure UNIX socket path is null terminatedTobias Brunner2013-07-241-0/+1
|
* pkcs5: Add missing break statements when checking crypto primitivesTobias Brunner2013-07-241-0/+2
|
* unit-tests: Add test for host_create_netmask()Tobias Brunner2013-07-244-1/+100
|
* host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128Tobias Brunner2013-07-241-5/+7
|
* capabilities: Proper error handling when reading groupsTobias Brunner2013-07-241-1/+8
|
* processor: force synchronous execute_job() if set_threads(0) has been calledMartin Willi2013-07-191-1/+1
| | | | | | During daemon shutdown, some idle threads might be lingering around even if set_threads(0) already has been called. To avoid any races, we enforce synchronous execution of the job.
* keychain: Use AM_CPPFLAGS instead of INCLUDESTobias Brunner2013-07-191-1/+1
|
* Fix various API doc issues and typosTobias Brunner2013-07-186-9/+10
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* identification: parse identities having a "@@" prefix as ID_RFC822_ADDRMartin Willi2013-07-181-11/+10
| | | | Original patch by Gerald Richter.
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-181-0/+5
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* processor: remove the now unused get_threads() method againMartin Willi2013-07-182-17/+0
|
* watcher: use processors new execute_job() to notify FDsMartin Willi2013-07-181-9/+1
| | | | | Just queueing is problematic, as all threads might be busy waiting for events that the queued (but never executed) job delivers.
* processor: add an execute_job() method to directly execute an important jobMartin Willi2013-07-182-0/+36
| | | | | | | If all worker threads are busy and waiting for an event, we must ensure that a job delivering that event gets executed. This new method has this property for CRITICAL jobs, using a worker if we have one, but executing the job directly if not.
* watcher: properly support multiple watch callback types for the same FDMartin Willi2013-07-182-36/+45
|
* watcher: read multiple notifications if availableMartin Willi2013-07-181-2/+15
| | | | | Use non-blocking I/O on the read end of the notify pipe. This also makes sure the read does not block should select() signal data while there is none.
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-185-6/+110
|
* stream: allow async read/write callback to destroy the stream explicitlyMartin Willi2013-07-182-10/+15
|
* stream: don't close underlying socket when creating a stream from itMartin Willi2013-07-181-1/+6
|
* watcher: add some debugging statementsMartin Willi2013-07-181-0/+12
|
* watcher: if the processor has no threads, execute the job with watcher threadMartin Willi2013-07-181-11/+19
| | | | | This is important during shutdown, where we might need to signal some FDs while all idle threads are gone already.
* processor: add a getter for the threads passed to set_threads()Martin Willi2013-07-182-1/+17
|
* watcher: unregister a watcher FD if its thread gets cancelledMartin Willi2013-07-181-0/+13
|
* watcher: release threads waiting in remove() when watcher thread gets cancelledMartin Willi2013-07-181-0/+24
| | | | | | | During daemon shutdown, users might call remove() after processor.set_threads(0) has been called. This gets problematic, as a watch event might be unable to signal completion when no threads are available anymore. Work around this issue by cancelling waiters once processor.cancel() has been called.
* stream: support keeping the service alive outside of service callbackMartin Willi2013-07-182-4/+5
|
* stream: add read/write_all() methods to streamMartin Willi2013-07-182-2/+73
|
* stream: support cancellation of stream service callbackMartin Willi2013-07-181-2/+3
|
* stream: use a service constructor to create servicesMartin Willi2013-07-182-77/+8
| | | | | | It does not make much sense to reference running services in the manager, especially as unregistration would need the URI (which a user would have to store instead of the service reference).
* stream: replace print/vprint() convenience functions by a FILE* getterMartin Willi2013-07-182-51/+20
| | | | | While this will complicate the implementation of streams not based on a fd, it allows us to unleash the full power of FILE based convenience functions.
* stream: add a concurrency option to services, limiting parallel callbacksMartin Willi2013-07-184-7/+71
|
* stream: add a job priority option to stream servicesMartin Willi2013-07-184-7/+24
|
* stream: add backlog option to stream services, forward to listen()Martin Willi2013-07-184-11/+15
|
* stream: add support for TCP stream servicesMartin Willi2013-07-183-0/+53
|
* stream: add support for TCP streamsMartin Willi2013-07-183-2/+108
|
* stream: add support for UNIX stream servicesMartin Willi2013-07-183-0/+61
|
* stream: add support for UNIX streamsMartin Willi2013-07-183-0/+77
|
* stream: support async operation using watcherMartin Willi2013-07-182-0/+142
|
* stream: add printf()-style covenience functionsMartin Willi2013-07-182-1/+60
|
* stream: create library instance of stream-managerMartin Willi2013-07-185-5/+13
|
* stream: add a manager to dynamically register streams and servicesMartin Willi2013-07-184-3/+389
|
* stream: add a stream service class abstracting services using BSD socketsMartin Willi2013-07-184-0/+238
|
* stream: add a stream class abstracting BSD socketsMartin Willi2013-07-184-3/+205
| | | | | Currently only synchronous operation is supported, but this will be extended with asynchronous methods using the new watcher.
* watcher: add a centralized an generic facility to monitor file descriptorsMartin Willi2013-07-186-3/+504
|
* capabilities: Add function to check if a capability is held, without keeping itTobias Brunner2013-07-182-45/+75
| | | | | This can be useful if capabilities are not required anymore after dropping privileges.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 16:23:02 +0000