aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-pfkey: Remove latest IPsec SA mapping when deleting a policyTobias Brunner2013-07-171-5/+12
| | | | | | | | | | | If IPsec SAs are rekeyed due to an address change (e.g. because update_sa is not supported) the exact same policy with the same reqid will be installed, but with different addresses. After the rekeying the old SA and its policies are removed, using the first matching mapping breaks the mapping between the policies and the new SA (at least on FreeBSD, the Linux kernel might only use the reqid for this). Using the oldest matching SA is still an approximation but it solves the above issue.
* kernel-pfkey: Correctly handle IPSEC_PROTO_ANY in an acquireTobias Brunner2013-07-171-2/+5
|
* linked-list: Remove barely used has_more() methodTobias Brunner2013-07-174-152/+106
| | | | | | | | This required some refactoring when handling encrypted payloads. Also changed log messages so that "encrypted payload" is logged instead of "encryption payload" (even if we internally still call it that) as that's the name used in RFC 5996.
* linked-list: Don't require an argument for the item when enumeratingTobias Brunner2013-07-172-1/+21
|
* linked-list: Remove unused clone_function() methodTobias Brunner2013-07-173-53/+7
|
* linked-list: Remove barely used find_last() methodTobias Brunner2013-07-175-72/+6
|
* linked-list: Remove unused replace() methodTobias Brunner2013-07-173-65/+51
| | | | | | Its functionality can be replicated by calling insert_before() followed by remove_at(). Not the other way around, though, because remove_at() changes the enumerator position.
* child-sa: refactor proxy transport mode address lookupMartin Willi2013-07-171-56/+42
|
* child-sa: replace traffic selector lists by arraysMartin Willi2013-07-171-18/+19
| | | | Saves up to another 0.5KB of memory per CHILD_SA.
* child-sa: replace get_traffic_selectors() with create_ts_enumerator()Martin Willi2013-07-1712-78/+124
| | | | | Not directly returning a linked list allows us to change the internals of the CHILD_SA transparently.
* ikev2: replace linked lists by arrays in task managerMartin Willi2013-07-171-70/+76
| | | | Eliminates another three lists, 0.5KB per IKE_SA.
* auth-cfg: use array instead of linked listMartin Willi2013-07-171-35/+26
| | | | Saves another 4 linked lists (1KB) per IKE_SA
* proposal: use array to store proposal listMartin Willi2013-07-171-25/+18
| | | | Removes another two linked lists (0.5KB) of memory per IKE/CHILD_SA pair.
* proposal: use a single list to store all transformsMartin Willi2013-07-171-308/+174
| | | | | Beside that it makes the code actually simpler, it reduces the number of lists stored by each IKE_SA and each CHILD_SA by 4, which can be up to 1KB per SA.
* ike-sa: use arrays instead of linked lists in long lived collectionsMartin Willi2013-07-171-116/+98
| | | | This saves about 1.5KB of memory per IKE_SA.
* unit-tests: implement tests for array collectionMartin Willi2013-07-174-1/+363
|
* array: introduce an array collection storing elements very efficientlyMartin Willi2013-07-174-2/+613
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently we use the very versatile linked-list collection to store elements with variable count. This is fine, but very inefficient: Due to the many methods in the linked list, on 64-bit platforms an empty list alone is more than 200 bytes. As we currently have about 50 lists per IKE_SA/CHILD_SA pair, this takes up to 10KB just for managing the empty lists. This is about the half of memory used by an IKE_SA/CHILD_SA pair, and obviously way too much. The new array type is not an object, but a collection of functions on an abstract type. The following lists are per IKE_SA and should be considered for a replacement with more efficient arrays (this uses load-testers on-demand created dynamic configurations, other scenarios have different lists): 14 -> ike_sa_create() @ src/libcharon/sa/ike_sa.c:2198 10 -> auth_cfg_create() @ src/libstrongswan/credentials/auth_cfg.c:1088 6 -> task_manager_v2_create() @ src/libcharon/sa/ikev2/task_manager_v2.c:1505 6 -> proposal_create() @ src/libcharon/config/proposal.c:592 5 -> peer_cfg_create() @ src/libcharon/config/peer_cfg.c:657 4 -> child_sa_create() @ src/libcharon/sa/child_sa.c:1090 2 -> child_cfg_create() @ src/libcharon/config/child_cfg.c:536 1 -> ike_cfg_create() @ src/libcharon/config/ike_cfg.c:330 1 -> put_connected_peers() @ src/libcharon/sa/ike_sa_manager.c:854
* kernel-libipsec: Log error if no local address is found when installing routesTobias Brunner2013-07-151-0/+5
|
* dumm: Sort templates by nameTobias Brunner2013-07-152-1/+3
|
* stroke: Add certificates extracted from PKCS#12 files to correct credential setTobias Brunner2013-07-151-4/+4
| | | | | Only keys and shared secrets are moved from the temporary credential set after loading all secrets.
* pkcs12: Add plugin dependencies with soft dependencies on the most common ↵Tobias Brunner2013-07-151-0/+6
| | | | algorithms
* leak-detective: remove hdr entry when reallocating zero bytesMartin Willi2013-07-121-0/+6
|
* leak-detective: print total of allocated/leaked bytes in usage/reportMartin Willi2013-07-121-5/+13
|
* dumm: add include for in.h, if_bridge.h now uses struct in6_addrMartin Willi2013-07-121-1/+1
|
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-123-1/+8
|
* leak-detective: add a usage threshold option based on the number of allocationsMartin Willi2013-07-101-6/+11
|
* leak-detective: set_state() only affects the calling threadMartin Willi2013-07-102-15/+2
| | | | | The only user (bfd backtraces) is fine with that, and we really should not mess the enable flag while doing allocations with other threads.
* leak-detective: take a copy of backtrace while printing tracesMartin Willi2013-07-101-2/+3
| | | | | As we don't want to hold the lock, we must make sure backtraces keep valid while printing them.
* backtrace: add a clone() methodMartin Willi2013-07-102-7/+44
|
* leak-detective: remove hdr from the allocation list during realloc()Martin Willi2013-07-101-39/+60
| | | | | | | If realloc moves an allocation, the original allocation gets freed. We therefore must remove the hdr from the list, as it is invalid. We can add it afterwards once it has been updated, allowing us to unlock the list during reallocation.
* Fixed alignment of device ID column5.1.0dr2Andreas Steffen2013-07-101-2/+2
|
* android: New release after adding support for EAP-TNCTobias Brunner2013-07-081-2/+2
| | | | | Also disabled listening on IPv6 because the Linux kernel currently does not support UDP encapsulation for IPv6.
* android: Properly handle dotted-quad notation of IPv6 addressesTobias Brunner2013-07-081-1/+1
| | | | | For nestat output like ::ffff:127.0.0.1:9876 we shall not treat 127 as port but 9876 instead.
* android: Allow IMC state to be dismissed with a swipe gestureTobias Brunner2013-07-081-0/+30
|
* android: Use explicit locale when converting settings namesTobias Brunner2013-07-081-2/+4
| | | | | | Apparently, these functions use the user's default locale which might not yield the expected result (e.g. lowercase I is not i in the Turkish locale but ı instead).
* android: Add information about transmitted data if EAP-TNC is selectedTobias Brunner2013-07-087-0/+57
|
* android: Reuse certificate selector as generic two line buttonTobias Brunner2013-07-082-2/+2
|
* android: Add device ID in BeginHandshakeTobias Brunner2013-07-081-0/+2
|
* android: Add new VpnType to enable BYOD featuresTobias Brunner2013-07-088-5/+42
|
* Use strpfx() helper where appropriateTobias Brunner2013-07-0811-29/+28
|
* utils: Add helper function to check a string for a given prefixTobias Brunner2013-07-081-0/+8
|
* utils: Convert string helper macros to static inline functionsTobias Brunner2013-07-081-6/+15
|
* android: Use a different set of plugins if BYOD features are enabledTobias Brunner2013-07-084-11/+28
|
* android: IMC state fragment is a button that shows remediation instructions ↵Tobias Brunner2013-07-082-16/+66
| | | | or log
* android: Show remediation instructions instead of log on failureTobias Brunner2013-07-086-3/+26
|
* android: Properly hide the IMC state fragment initiallyTobias Brunner2013-07-081-1/+4
|
* android: Add activity that displays a list of remediation instructionsTobias Brunner2013-07-0811-1/+212
| | | | | On large displays a two-pane layout is used that displays the list next to the actual instructions.
* android: Add fragment for a list of remediation instructionsTobias Brunner2013-07-081-0/+121
| | | | This fragment can later be used in one- or two-pane layouts.
* android: Add adapter for remediation instructionsTobias Brunner2013-07-082-0/+118
|
* android: Add fragment that displays a single remediation instructionTobias Brunner2013-07-082-0/+164
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 02:41:40 +0000