aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* watcher: unregister a watcher FD if its thread gets cancelledMartin Willi2013-07-181-0/+13
|
* watcher: release threads waiting in remove() when watcher thread gets cancelledMartin Willi2013-07-181-0/+24
| | | | | | | During daemon shutdown, users might call remove() after processor.set_threads(0) has been called. This gets problematic, as a watch event might be unable to signal completion when no threads are available anymore. Work around this issue by cancelling waiters once processor.cancel() has been called.
* stream: support keeping the service alive outside of service callbackMartin Willi2013-07-182-4/+5
|
* stream: add read/write_all() methods to streamMartin Willi2013-07-182-2/+73
|
* stream: support cancellation of stream service callbackMartin Willi2013-07-181-2/+3
|
* stream: use a service constructor to create servicesMartin Willi2013-07-182-77/+8
| | | | | | It does not make much sense to reference running services in the manager, especially as unregistration would need the URI (which a user would have to store instead of the service reference).
* stream: replace print/vprint() convenience functions by a FILE* getterMartin Willi2013-07-182-51/+20
| | | | | While this will complicate the implementation of streams not based on a fd, it allows us to unleash the full power of FILE based convenience functions.
* stream: add a concurrency option to services, limiting parallel callbacksMartin Willi2013-07-184-7/+71
|
* stream: add a job priority option to stream servicesMartin Willi2013-07-184-7/+24
|
* stream: add backlog option to stream services, forward to listen()Martin Willi2013-07-184-11/+15
|
* stream: add support for TCP stream servicesMartin Willi2013-07-183-0/+53
|
* stream: add support for TCP streamsMartin Willi2013-07-183-2/+108
|
* stream: add support for UNIX stream servicesMartin Willi2013-07-183-0/+61
|
* stream: add support for UNIX streamsMartin Willi2013-07-183-0/+77
|
* stream: support async operation using watcherMartin Willi2013-07-182-0/+142
|
* stream: add printf()-style covenience functionsMartin Willi2013-07-182-1/+60
|
* stream: create library instance of stream-managerMartin Willi2013-07-185-5/+13
|
* stream: add a manager to dynamically register streams and servicesMartin Willi2013-07-184-3/+389
|
* stream: add a stream service class abstracting services using BSD socketsMartin Willi2013-07-184-0/+238
|
* stream: add a stream class abstracting BSD socketsMartin Willi2013-07-184-3/+205
| | | | | Currently only synchronous operation is supported, but this will be extended with asynchronous methods using the new watcher.
* watcher: add a centralized an generic facility to monitor file descriptorsMartin Willi2013-07-186-3/+504
|
* capabilities: Add function to check if a capability is held, without keeping itTobias Brunner2013-07-182-45/+75
| | | | | This can be useful if capabilities are not required anymore after dropping privileges.
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-1845-147/+194
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* soup: omit deprecated g_type_init() when using >= GLIB 2.36Martin Willi2013-07-181-0/+2
|
* keychain: flush certificate cache after reloading System keychainMartin Willi2013-07-181-0/+2
|
* keychain: monitor changes in the system keychain, reload when necessaryMartin Willi2013-07-181-0/+65
|
* keychain: use SearchCopyNext keychain enumeration for System certs as wellMartin Willi2013-07-181-71/+12
| | | | | | | SecItemCopyMatching seems to be problematic regarding memory management. And as there does not seem to be a good alternative to enumerate the System Roots keychain using the SecItemCopyMatching API, we stick to the deprecated enumeration functions for now.
* keychain: load certificates from System Roots KeychainMartin Willi2013-07-181-0/+65
|
* keychain: load certificates only once during startup, improving performanceMartin Willi2013-07-183-111/+78
|
* keychain: support on-the-fly enumeration of trusted/untrusted certificatesMartin Willi2013-07-182-1/+118
|
* keychain: add a stub for a credential plugin using OS X Keychain ServicesMartin Willi2013-07-186-0/+254
|
* credmgr: stop querying for secrets once we get a perfect matchMartin Willi2013-07-181-0/+4
|
* credmgr: don't use pointers for id_match_t enum valuesMartin Willi2013-07-181-2/+2
|
* openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
* openssl: show which critical X.509 extension is not supportedMartin Willi2013-07-181-1/+6
|
* hashtable: add common hashtable hash/equals functions for pointer/string keysMartin Willi2013-07-182-3/+68
|
* thread: implicitly create thread_t if an external thread calls thread_current()Martin Willi2013-07-181-1/+14
|
* linked-list: Remove barely used has_more() methodTobias Brunner2013-07-173-69/+1
| | | | | | | | This required some refactoring when handling encrypted payloads. Also changed log messages so that "encrypted payload" is logged instead of "encryption payload" (even if we internally still call it that) as that's the name used in RFC 5996.
* linked-list: Don't require an argument for the item when enumeratingTobias Brunner2013-07-172-1/+21
|
* linked-list: Remove unused clone_function() methodTobias Brunner2013-07-173-53/+7
|
* linked-list: Remove barely used find_last() methodTobias Brunner2013-07-173-67/+0
|
* linked-list: Remove unused replace() methodTobias Brunner2013-07-173-65/+51
| | | | | | Its functionality can be replicated by calling insert_before() followed by remove_at(). Not the other way around, though, because remove_at() changes the enumerator position.
* auth-cfg: use array instead of linked listMartin Willi2013-07-171-35/+26
| | | | Saves another 4 linked lists (1KB) per IKE_SA
* unit-tests: implement tests for array collectionMartin Willi2013-07-174-1/+363
|
* array: introduce an array collection storing elements very efficientlyMartin Willi2013-07-174-2/+613
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently we use the very versatile linked-list collection to store elements with variable count. This is fine, but very inefficient: Due to the many methods in the linked list, on 64-bit platforms an empty list alone is more than 200 bytes. As we currently have about 50 lists per IKE_SA/CHILD_SA pair, this takes up to 10KB just for managing the empty lists. This is about the half of memory used by an IKE_SA/CHILD_SA pair, and obviously way too much. The new array type is not an object, but a collection of functions on an abstract type. The following lists are per IKE_SA and should be considered for a replacement with more efficient arrays (this uses load-testers on-demand created dynamic configurations, other scenarios have different lists): 14 -> ike_sa_create() @ src/libcharon/sa/ike_sa.c:2198 10 -> auth_cfg_create() @ src/libstrongswan/credentials/auth_cfg.c:1088 6 -> task_manager_v2_create() @ src/libcharon/sa/ikev2/task_manager_v2.c:1505 6 -> proposal_create() @ src/libcharon/config/proposal.c:592 5 -> peer_cfg_create() @ src/libcharon/config/peer_cfg.c:657 4 -> child_sa_create() @ src/libcharon/sa/child_sa.c:1090 2 -> child_cfg_create() @ src/libcharon/config/child_cfg.c:536 1 -> ike_cfg_create() @ src/libcharon/config/ike_cfg.c:330 1 -> put_connected_peers() @ src/libcharon/sa/ike_sa_manager.c:854
* pkcs12: Add plugin dependencies with soft dependencies on the most common ↵Tobias Brunner2013-07-151-0/+6
| | | | algorithms
* leak-detective: remove hdr entry when reallocating zero bytesMartin Willi2013-07-121-0/+6
|
* leak-detective: print total of allocated/leaked bytes in usage/reportMartin Willi2013-07-121-5/+13
|
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-123-1/+8
|
* leak-detective: add a usage threshold option based on the number of allocationsMartin Willi2013-07-101-6/+11
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 07:26:24 +0000