aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* linked-list: Don't require an argument for the item when enumeratingTobias Brunner2013-07-172-1/+21
|
* linked-list: Remove unused clone_function() methodTobias Brunner2013-07-173-53/+7
|
* linked-list: Remove barely used find_last() methodTobias Brunner2013-07-173-67/+0
|
* linked-list: Remove unused replace() methodTobias Brunner2013-07-173-65/+51
| | | | | | Its functionality can be replicated by calling insert_before() followed by remove_at(). Not the other way around, though, because remove_at() changes the enumerator position.
* auth-cfg: use array instead of linked listMartin Willi2013-07-171-35/+26
| | | | Saves another 4 linked lists (1KB) per IKE_SA
* unit-tests: implement tests for array collectionMartin Willi2013-07-174-1/+363
|
* array: introduce an array collection storing elements very efficientlyMartin Willi2013-07-174-2/+613
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently we use the very versatile linked-list collection to store elements with variable count. This is fine, but very inefficient: Due to the many methods in the linked list, on 64-bit platforms an empty list alone is more than 200 bytes. As we currently have about 50 lists per IKE_SA/CHILD_SA pair, this takes up to 10KB just for managing the empty lists. This is about the half of memory used by an IKE_SA/CHILD_SA pair, and obviously way too much. The new array type is not an object, but a collection of functions on an abstract type. The following lists are per IKE_SA and should be considered for a replacement with more efficient arrays (this uses load-testers on-demand created dynamic configurations, other scenarios have different lists): 14 -> ike_sa_create() @ src/libcharon/sa/ike_sa.c:2198 10 -> auth_cfg_create() @ src/libstrongswan/credentials/auth_cfg.c:1088 6 -> task_manager_v2_create() @ src/libcharon/sa/ikev2/task_manager_v2.c:1505 6 -> proposal_create() @ src/libcharon/config/proposal.c:592 5 -> peer_cfg_create() @ src/libcharon/config/peer_cfg.c:657 4 -> child_sa_create() @ src/libcharon/sa/child_sa.c:1090 2 -> child_cfg_create() @ src/libcharon/config/child_cfg.c:536 1 -> ike_cfg_create() @ src/libcharon/config/ike_cfg.c:330 1 -> put_connected_peers() @ src/libcharon/sa/ike_sa_manager.c:854
* pkcs12: Add plugin dependencies with soft dependencies on the most common ↵Tobias Brunner2013-07-151-0/+6
| | | | algorithms
* leak-detective: remove hdr entry when reallocating zero bytesMartin Willi2013-07-121-0/+6
|
* leak-detective: print total of allocated/leaked bytes in usage/reportMartin Willi2013-07-121-5/+13
|
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-123-1/+8
|
* leak-detective: add a usage threshold option based on the number of allocationsMartin Willi2013-07-101-6/+11
|
* leak-detective: set_state() only affects the calling threadMartin Willi2013-07-102-15/+2
| | | | | The only user (bfd backtraces) is fine with that, and we really should not mess the enable flag while doing allocations with other threads.
* leak-detective: take a copy of backtrace while printing tracesMartin Willi2013-07-101-2/+3
| | | | | As we don't want to hold the lock, we must make sure backtraces keep valid while printing them.
* backtrace: add a clone() methodMartin Willi2013-07-102-7/+44
|
* leak-detective: remove hdr from the allocation list during realloc()Martin Willi2013-07-101-39/+60
| | | | | | | If realloc moves an allocation, the original allocation gets freed. We therefore must remove the hdr from the list, as it is invalid. We can add it afterwards once it has been updated, allowing us to unlock the list during reallocation.
* Use strpfx() helper where appropriateTobias Brunner2013-07-084-4/+4
|
* utils: Add helper function to check a string for a given prefixTobias Brunner2013-07-081-0/+8
|
* utils: Convert string helper macros to static inline functionsTobias Brunner2013-07-081-6/+15
|
* openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strongMartin Willi2013-07-041-9/+6
| | | | For our purposes with RNG_WEAK this is fine, so accept a zero return value.
* processor: Simplified the main loopTobias Brunner2013-06-281-109/+127
|
* processor: Don't hold the lock while destroying jobsTobias Brunner2013-06-281-38/+66
| | | | | | If a lock is held when queue_job() is called and the same lock is required during the destruction of a job, holding the internal lock in the processor while calling destroy() could result in a deadlock.
* integrity-checker: Use chunk_hash_static() to calculate checksumsTobias Brunner2013-06-281-7/+2
|
* chunk: Add predictable hash functionTobias Brunner2013-06-283-2/+86
| | | | | Since chunk_hash() is randomized its output is not predictable, that is, it is only within the same process.
* plugin-loader: Removed unused path argument of load() methodTobias Brunner2013-06-283-13/+9
| | | | | Multiple additional search paths can be added with the add_path() method.
* integrity-checker: Fix checksum calculation after randomizing chunk_hash()Tobias Brunner2013-06-271-2/+7
|
* unit-tests: Print loaded pluginsTobias Brunner2013-06-271-0/+1
|
* unit-tests: RSA key generation might take longer than 4 secondsTobias Brunner2013-06-271-0/+1
| | | | | Check uses a default timeout of 4 seconds for each test case, generating keys of 6 different key sizes might take longer than that.
* tests: Properly load plugins from build directoryTobias Brunner2013-06-271-7/+2
| | | | | | Calling load() incrementally does not really work as dependencies wouldn't be resolved properly if a required feature was to be provided by a plugin that is loaded later with a separate call to load().
* plugin-loader: Method added to provide additional search paths for pluginsTobias Brunner2013-06-272-10/+66
|
* capabilities: Return effective UID/GID if user did not configure anythingTobias Brunner2013-06-251-2/+2
|
* capabilities: Report effective UID/GID after dropping capabilitiesTobias Brunner2013-06-251-1/+1
|
* capabilities: Handle CAP_CHOWN specially as it might not be requiredTobias Brunner2013-06-252-2/+63
|
* capabilities: Check effective UID as fallback if capabilities are not supportedTobias Brunner2013-06-251-1/+1
|
* dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind socketsTobias Brunner2013-06-251-0/+3
|
* socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-251-1/+4
| | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
* capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-251-0/+4
| | | | The daemon as such does not require this capability.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-253-2/+10
|
* capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-252-4/+58
|
* tun-device: Packets sent over utun devices on Mac OS X have the protocol ↵Tobias Brunner2013-06-211-0/+11
| | | | family prepended
* tun-device: Avoid opening /dev/tunX multiple times (e.g. on FreeBSD)Tobias Brunner2013-06-211-2/+6
|
* printf-hook: Avoid double-free when freeing Vstr configTobias Brunner2013-06-211-1/+0
| | | | | | | Thread-specific objects get freed when the thread value object is destroyed (wasn't the case earlier, i.e. before 2b19dd35), which may cause the second call to vstr_free_conf() to fail in an assert in Vstr (depending on how it was built).
* plugin-loader: Move logging of failed features to status()Tobias Brunner2013-06-211-7/+11
| | | | | | | | | Still log an error message if critical features fail, as loaded plugins/features are not logged in that case. This way loaded plugins are printed before failed features and the relation is easier to make for users. It also allows programs to log this message on a different level.
* plugin-loader: Add method to print loaded plugins on a given log levelTobias Brunner2013-06-212-0/+18
|
* plugin-loader: Collect statistics while loading features, print them in case ↵Tobias Brunner2013-06-211-69/+40
| | | | | | | features failed to load There is no need to explicitly search for failed features in critical plugins as this is now detected while loading the features.
* plugin-loader: Use different log level if failed feature is in critical pluginTobias Brunner2013-06-211-2/+16
|
* plugin-loader: Log message when failing to load pluginTobias Brunner2013-06-211-0/+8
|
* plugin-loader: Reduce verbosity while loading pluginsTobias Brunner2013-06-211-4/+4
|
* leak-detective: (re-)whitelist some OpenSSL functionsMartin Willi2013-06-211-0/+5
| | | | | | | Some static allocations in plugins won't get freed, because in the test case process the plugins are not destroyed. If a plugin would clean up allocations done while just using the plugin, these show up as leak in the child process, letting tests fail.
* unit-tests: load plugins in test-runner from build directoryMartin Willi2013-06-212-1/+30
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 12:10:48 +0000