strongswan.git
6 years agomoved tnc_imv plugin to libtnccs thanks to recommendation callback function
Andreas Steffen [Thu, 8 Aug 2013 17:43:43 +0000 (19:43 +0200)]
moved tnc_imv plugin to libtnccs thanks to recommendation callback function

6 years agoDocumented plugin move from libcharon to libtnccs in strongswan.conf
Andreas Steffen [Thu, 8 Aug 2013 09:17:33 +0000 (11:17 +0200)]
Documented plugin move from libcharon to libtnccs in strongswan.conf

6 years agoMoved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins...
Andreas Steffen [Thu, 8 Aug 2013 09:02:17 +0000 (11:02 +0200)]
Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs

6 years agorapid PT-TLS AR/PDP prototype
Andreas Steffen [Wed, 7 Aug 2013 17:41:29 +0000 (19:41 +0200)]
rapid PT-TLS AR/PDP prototype

6 years agoAdd PT-TLS interface to strongSwan PDP
Andreas Steffen [Wed, 31 Jul 2013 20:09:38 +0000 (22:09 +0200)]
Add PT-TLS interface to strongSwan PDP

6 years agoikev1: Fix calculation of the number of fragments
Tobias Brunner [Thu, 15 Aug 2013 13:15:34 +0000 (15:15 +0200)]
ikev1: Fix calculation of the number of fragments

The old code resulted in too few fragments in some cases.

6 years agoikev1: When sending fragments, use ports to decide if a non-ESP marker is added
Tobias Brunner [Thu, 15 Aug 2013 13:12:00 +0000 (15:12 +0200)]
ikev1: When sending fragments, use ports to decide if a non-ESP marker is added

This is same same logic used by sender and might apply in some cases (e.g.
when initiating to port 4500).

6 years agoikev2: Fix segfault when reestablishing CHILD_SAs due to closeaction=restart|hold
Tobias Brunner [Tue, 13 Aug 2013 08:03:54 +0000 (10:03 +0200)]
ikev2: Fix segfault when reestablishing CHILD_SAs due to closeaction=restart|hold

This regression was introduced with c949a4d5.

6 years agolibipsec: Don't limit traditional algorithms to AES and SHA1/2
Tobias Brunner [Mon, 12 Aug 2013 10:20:09 +0000 (12:20 +0200)]
libipsec: Don't limit traditional algorithms to AES and SHA1/2

Closes #377.

6 years agokernel-netlink,pfroute: Properly update address flag within ROAM_DELAY
Tobias Brunner [Mon, 12 Aug 2013 10:06:25 +0000 (12:06 +0200)]
kernel-netlink,pfroute: Properly update address flag within ROAM_DELAY

77d4a02 and 55da01f only updated the address flag when a job was created,
which obviously had the same limitation as the old code.

Fixes #374.

6 years agokernel-pfroute: Implement roam event handling like in the kernel-netlink plugin
Tobias Brunner [Mon, 12 Aug 2013 09:40:22 +0000 (11:40 +0200)]
kernel-pfroute: Implement roam event handling like in the kernel-netlink plugin

There was no proper locking and the issue regarding the address
flag also existed.

6 years agokernel-netlink: Ensure address changes are not missed in roam events
Tobias Brunner [Mon, 12 Aug 2013 09:23:34 +0000 (11:23 +0200)]
kernel-netlink: Ensure address changes are not missed in roam events

If multiple roam events are triggered within ROAM_DELAY, only one job is
created.  The old code set the address flag to the value of the last
triggering call.  So if a route change followed an address change within
ROAM_DELAY the address change was missed by the upper layers, e.g. causing
it not to update the list of addresses via MOBIKE.

The new code now keeps the state of the address flag until the job is
actually executed, which still has some issues.  For instance, if an
address disappears and reappears within ROAM_RELAY, the flag would not
have to be set to TRUE.  So address updates might occasionally get
triggered where none would actually be required.

Fixes #374.

6 years agobacktrace: rename clone() method clashing with system call
Martin Willi [Fri, 9 Aug 2013 07:13:39 +0000 (09:13 +0200)]
backtrace: rename clone() method clashing with system call

Fixes #376.

6 years agoupdown: remove description of unsupported PLUTO_ variables
Martin Willi [Thu, 8 Aug 2013 12:48:32 +0000 (14:48 +0200)]
updown: remove description of unsupported PLUTO_ variables

These have been set by pluto, but are not by charons updown plugin.

6 years agoscripts: link against librt only if required
Martin Willi [Thu, 8 Aug 2013 07:12:52 +0000 (09:12 +0200)]
scripts: link against librt only if required

With glibc, this seems to be the case for 2.17 and older versions only.

6 years agoscripts: link malloc_speed against librt
Martin Willi [Thu, 8 Aug 2013 07:09:00 +0000 (09:09 +0200)]
scripts: link malloc_speed against librt

6 years agostrongswan.conf: Add note about reserved threads
Tobias Brunner [Wed, 7 Aug 2013 07:06:01 +0000 (09:06 +0200)]
strongswan.conf: Add note about reserved threads

6 years agotnc-pdp: Initialize struct msghdr properly when reading RADIUS messages 5.1.0
Tobias Brunner [Wed, 31 Jul 2013 14:24:32 +0000 (16:24 +0200)]
tnc-pdp: Initialize struct msghdr properly when reading RADIUS messages

Before this e.g. msg_controllen was not initialized properly which could
cause invalid reads.

6 years agoNEWS: Add info about CVE-2013-5018
Tobias Brunner [Wed, 31 Jul 2013 13:28:15 +0000 (15:28 +0200)]
NEWS: Add info about CVE-2013-5018

6 years agowhitelist: Fix compilation on FreeBSD
Tobias Brunner [Wed, 31 Jul 2013 07:03:48 +0000 (09:03 +0200)]
whitelist: Fix compilation on FreeBSD

6 years agohost: Properly initialize struct sockaddr_in[6] when parsing strings
Tobias Brunner [Tue, 30 Jul 2013 16:44:50 +0000 (18:44 +0200)]
host: Properly initialize struct sockaddr_in[6] when parsing strings

Otherwise struct members like sin6_flowinfo or sin6_scope_id might be
set to bogus values.

6 years agoasn1: Fix handling of invalid ASN.1 length in is_asn1()
Tobias Brunner [Mon, 29 Jul 2013 21:45:38 +0000 (23:45 +0200)]
asn1: Fix handling of invalid ASN.1 length in is_asn1()

Fixes CVE-2013-5018.

6 years agoCallback job is not needed any more
Andreas Steffen [Wed, 31 Jul 2013 20:13:41 +0000 (22:13 +0200)]
Callback job is not needed any more

6 years agocharon-xpc: load missing ctr/ccm/gcm plugins
Martin Willi [Wed, 31 Jul 2013 14:27:28 +0000 (16:27 +0200)]
charon-xpc: load missing ctr/ccm/gcm plugins

6 years agocharon-xpc: use kernel-libipsec instead of kernel-pfkey
Martin Willi [Wed, 31 Jul 2013 09:38:18 +0000 (11:38 +0200)]
charon-xpc: use kernel-libipsec instead of kernel-pfkey

6 years agocharon-xpc: fix TS getting after changing CHILD_SA API
Martin Willi [Wed, 31 Jul 2013 09:37:39 +0000 (11:37 +0200)]
charon-xpc: fix TS getting after changing CHILD_SA API

6 years agokeychain: be less verbose when loading certificates
Martin Willi [Wed, 31 Jul 2013 09:36:55 +0000 (11:36 +0200)]
keychain: be less verbose when loading certificates

6 years agoreceiver: Avoid cloning packet data when verifying COOKIE payloads
Tobias Brunner [Mon, 29 Jul 2013 19:59:40 +0000 (21:59 +0200)]
receiver: Avoid cloning packet data when verifying COOKIE payloads

Besides being more efficient this removes a memory leak that occurred
when a COOKIE payload was successfully verified.

Fixes #369.

6 years agounity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributes
Tobias Brunner [Fri, 26 Jul 2013 07:36:54 +0000 (09:36 +0200)]
unity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributes

Cisco devices seem to add 6 bytes of padding between each address/mask
pair.

Fixes #366.

6 years agoversion bump to 5.0.1
Andreas Steffen [Mon, 29 Jul 2013 15:16:41 +0000 (17:16 +0200)]
version bump to 5.0.1

6 years agotnc-pdp now uses watcher_t
Andreas Steffen [Mon, 29 Jul 2013 15:16:21 +0000 (17:16 +0200)]
tnc-pdp now uses watcher_t

6 years agoUpdated PTS database scheme to new workitems model
Andreas Steffen [Mon, 29 Jul 2013 09:41:33 +0000 (11:41 +0200)]
Updated PTS database scheme to new workitems model

6 years agoikev2: Only schedule half-open-timeout delete job after successfully handling IKE_SA_INIT
Tobias Brunner [Thu, 25 Jul 2013 11:38:35 +0000 (13:38 +0200)]
ikev2: Only schedule half-open-timeout delete job after successfully handling IKE_SA_INIT

We want to avoid this allocation if the initial message is invalid (e.g.
if the message ID is != 0).

6 years agoNEWS: mention xauth-radius backend in eap-radius plugin
Martin Willi [Mon, 29 Jul 2013 09:08:54 +0000 (11:08 +0200)]
NEWS: mention xauth-radius backend in eap-radius plugin

6 years agotesting: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
Martin Willi [Mon, 29 Jul 2013 07:36:28 +0000 (09:36 +0200)]
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius

As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.

6 years agoMerge branch 'xauth-radius'
Martin Willi [Mon, 29 Jul 2013 07:00:56 +0000 (09:00 +0200)]
Merge branch 'xauth-radius'

Implements verification of XAuth credentials using simple RADIUS User-Name and
(encrypted) User-Password attributes. The XAuth backend is implemented in the
eap-radius plugin, reusing all existing infrastructure and features found in
that plugin, including RADIUS accounting.

6 years agotesting: add a testcase for plain XAuth RADIUS authentication
Martin Willi [Fri, 26 Jul 2013 11:06:17 +0000 (13:06 +0200)]
testing: add a testcase for plain XAuth RADIUS authentication

6 years agocharon-cmd: add --eap-identity and --xauth-username options
Martin Willi [Wed, 24 Jul 2013 11:35:46 +0000 (13:35 +0200)]
charon-cmd: add --eap-identity and --xauth-username options

6 years agoeap-radius: do RADIUS/IKE attribute forwarding in XAuth backend
Martin Willi [Mon, 22 Jul 2013 13:59:49 +0000 (15:59 +0200)]
eap-radius: do RADIUS/IKE attribute forwarding in XAuth backend

6 years agoeap-radius: support plain XAuth RADIUS authentication using User-Password
Martin Willi [Mon, 22 Jul 2013 12:28:12 +0000 (14:28 +0200)]
eap-radius: support plain XAuth RADIUS authentication using User-Password

6 years agolibradius: support encryption of User-Password attributes
Martin Willi [Mon, 22 Jul 2013 12:23:01 +0000 (14:23 +0200)]
libradius: support encryption of User-Password attributes

6 years agoutils: add round_up/down() helper functions
Martin Willi [Mon, 22 Jul 2013 12:16:38 +0000 (14:16 +0200)]
utils: add round_up/down() helper functions

6 years agolibradius: refactor generic RADIUS en-/decryption function to a message method
Martin Willi [Mon, 22 Jul 2013 11:45:31 +0000 (13:45 +0200)]
libradius: refactor generic RADIUS en-/decryption function to a message method

6 years agoeap-radius: export function to build common attributes of Access-Request
Martin Willi [Mon, 22 Jul 2013 08:17:38 +0000 (10:17 +0200)]
eap-radius: export function to build common attributes of Access-Request

6 years agoeap-radius: export function to process common attributes of Access-Accept
Martin Willi [Mon, 22 Jul 2013 07:55:00 +0000 (09:55 +0200)]
eap-radius: export function to process common attributes of Access-Accept

6 years agomem-pool: add option for reusing online leases, and disable it by default
Martin Willi [Wed, 24 Jul 2013 14:20:46 +0000 (16:20 +0200)]
mem-pool: add option for reusing online leases, and disable it by default

Mainly for reauthentication with third party implementations, we allowed to
reuse an online lease, but only for the same peer identity and when it
explicitly requested the same address.

This has always been problematic, because it changes the reqid of the CHILD_SA
with the same traffic selectors, breaking the old tunnel. As we now reject
such policy overwrites, this usually lets the installation of the new policies
fail. We therefore disable reassignment of online leases by default.

6 years agomem-pool: replace per-identity online/offline lists by more efficient arrays
Martin Willi [Wed, 24 Jul 2013 14:13:07 +0000 (16:13 +0200)]
mem-pool: replace per-identity online/offline lists by more efficient arrays

This saves two lists per connected peer identity, up to 0.4KB.

6 years agomem-pool: refcount online lease when reassigning it to another tunnel
Martin Willi [Wed, 24 Jul 2013 13:45:39 +0000 (15:45 +0200)]
mem-pool: refcount online lease when reassigning it to another tunnel

When we reassign an online lease for the same peer, we have to refcount it.
Otherwise we would set it offline if one of the tunnels goes down, but it is
actually still in use by a the second tunnel. This can finally lead in
assigning the same virtual IP to different peers.

6 years agoikev1: Always send ID payloads (traffic selectors) during Quick Mode
Tobias Brunner [Thu, 25 Jul 2013 15:08:17 +0000 (17:08 +0200)]
ikev1: Always send ID payloads (traffic selectors) during Quick Mode

Especially Windows 7 has problems if the peer does not send ID payloads
for host-to-host connections (tunnel and transport mode).

Fixes #319.

6 years agowatcher: Made notify array initialization compatible with older GCC versions
Tobias Brunner [Thu, 25 Jul 2013 14:57:42 +0000 (16:57 +0200)]
watcher: Made notify array initialization compatible with older GCC versions

6 years agounit-tests: Add additional tests for host_t
Tobias Brunner [Wed, 24 Jul 2013 10:16:52 +0000 (12:16 +0200)]
unit-tests: Add additional tests for host_t

6 years agoimv-attestation: Properly measure complete directories
Tobias Brunner [Wed, 24 Jul 2013 14:23:14 +0000 (16:23 +0200)]
imv-attestation: Properly measure complete directories

6 years agoarray: Number of items in get_size() is unsigned
Tobias Brunner [Wed, 24 Jul 2013 14:03:38 +0000 (16:03 +0200)]
array: Number of items in get_size() is unsigned

Otherwise, array->esize is promoted to int and if array->esize * num
results in a value > 0x7fffffff the return value would be incorrect due
the implicit sign extension when getting cast to size_t.

6 years agostream: Ensure UNIX socket path is null terminated
Tobias Brunner [Wed, 24 Jul 2013 09:18:31 +0000 (11:18 +0200)]
stream: Ensure UNIX socket path is null terminated

6 years agokernel-pfkey: Add sanity check when deleting policies
Tobias Brunner [Wed, 24 Jul 2013 09:11:25 +0000 (11:11 +0200)]
kernel-pfkey: Add sanity check when deleting policies

6 years agoimv-os: check_packages() fails if product query fails
Tobias Brunner [Wed, 24 Jul 2013 09:04:34 +0000 (11:04 +0200)]
imv-os: check_packages() fails if product query fails

6 years agopkcs5: Add missing break statements when checking crypto primitives
Tobias Brunner [Wed, 24 Jul 2013 08:58:34 +0000 (10:58 +0200)]
pkcs5: Add missing break statements when checking crypto primitives

6 years agoimv-scanner: Properly check snprintf() return value
Tobias Brunner [Wed, 24 Jul 2013 08:45:32 +0000 (10:45 +0200)]
imv-scanner: Properly check snprintf() return value

6 years agosocket-dynamic: Properly initialize IPv6 address
Tobias Brunner [Wed, 24 Jul 2013 08:36:49 +0000 (10:36 +0200)]
socket-dynamic: Properly initialize IPv6 address

6 years agounit-tests: Add test for host_create_netmask()
Tobias Brunner [Wed, 24 Jul 2013 08:33:06 +0000 (10:33 +0200)]
unit-tests: Add test for host_create_netmask()

6 years agohost: Prevent overflow in host_create_netmask() if mask is 0 or 32/128
Tobias Brunner [Wed, 24 Jul 2013 08:31:52 +0000 (10:31 +0200)]
host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128

6 years agoimv-attestation: Use proper cast for length when using %.*s
Tobias Brunner [Wed, 24 Jul 2013 07:04:09 +0000 (09:04 +0200)]
imv-attestation: Use proper cast for length when using %.*s

6 years agotnc-ifmap: Use proper cast for length when using %.*s
Tobias Brunner [Wed, 24 Jul 2013 07:00:35 +0000 (09:00 +0200)]
tnc-ifmap: Use proper cast for length when using %.*s

6 years agocapabilities: Proper error handling when reading groups
Tobias Brunner [Wed, 24 Jul 2013 06:43:10 +0000 (08:43 +0200)]
capabilities: Proper error handling when reading groups

6 years agostrongswan.conf: Moved some stuff around
Tobias Brunner [Tue, 23 Jul 2013 10:23:05 +0000 (12:23 +0200)]
strongswan.conf: Moved some stuff around

6 years agoipsec: Add --piddir to retrieve the PID/socket directory
Tobias Brunner [Mon, 22 Jul 2013 16:12:04 +0000 (18:12 +0200)]
ipsec: Add --piddir to retrieve the PID/socket directory

6 years agostarter: Properly refer to the ipsec script if it was renamed
Tobias Brunner [Mon, 22 Jul 2013 15:59:49 +0000 (17:59 +0200)]
starter: Properly refer to the ipsec script if it was renamed

6 years agocoupling: Fix call to call_hook()
Tobias Brunner [Mon, 22 Jul 2013 15:53:56 +0000 (17:53 +0200)]
coupling: Fix call to call_hook()

6 years agostrongswan.conf: Add missing options
Tobias Brunner [Mon, 22 Jul 2013 15:45:43 +0000 (17:45 +0200)]
strongswan.conf: Add missing options

6 years agocharon-xpc: Use correct namespace when setting default settings
Tobias Brunner [Mon, 22 Jul 2013 15:44:37 +0000 (17:44 +0200)]
charon-xpc: Use correct namespace when setting default settings

6 years agotnc-pdp: Fix reading port setting from strongswan.conf
Tobias Brunner [Mon, 22 Jul 2013 15:43:54 +0000 (17:43 +0200)]
tnc-pdp: Fix reading port setting from strongswan.conf

6 years agofixed typo 5.1.0rc1
Andreas Steffen [Fri, 19 Jul 2013 18:07:32 +0000 (20:07 +0200)]
fixed typo

6 years agoupdated some TNC scenarios
Andreas Steffen [Fri, 19 Jul 2013 17:36:07 +0000 (19:36 +0200)]
updated some TNC scenarios

6 years agoprocessor: force synchronous execute_job() if set_threads(0) has been called
Martin Willi [Fri, 19 Jul 2013 13:27:07 +0000 (15:27 +0200)]
processor: force synchronous execute_job() if set_threads(0) has been called

During daemon shutdown, some idle threads might be lingering around even if
set_threads(0) already has been called. To avoid any races, we enforce
synchronous execution of the job.

6 years agoproposal: correctly enumerate registered AEADs to build default IKE proposal
Martin Willi [Fri, 19 Jul 2013 13:01:53 +0000 (15:01 +0200)]
proposal: correctly enumerate registered AEADs to build default IKE proposal

AEADs are not returned (anymore) with the encryption enumerator.

6 years agoVersion bump to 5.1.0rc1
Andreas Steffen [Fri, 19 Jul 2013 08:40:49 +0000 (10:40 +0200)]
Version bump to 5.1.0rc1

6 years agotkm: Properly refer to includes now that AM_CPPFLAGS is used
Tobias Brunner [Fri, 19 Jul 2013 07:02:04 +0000 (09:02 +0200)]
tkm: Properly refer to includes now that AM_CPPFLAGS is used

6 years agokeychain: Use AM_CPPFLAGS instead of INCLUDES
Tobias Brunner [Fri, 19 Jul 2013 07:01:39 +0000 (09:01 +0200)]
keychain: Use AM_CPPFLAGS instead of INCLUDES

6 years agoFix various API doc issues and typos
Tobias Brunner [Thu, 18 Jul 2013 15:27:11 +0000 (17:27 +0200)]
Fix various API doc issues and typos

Partially based on an old patch by Adrian-Ken Rueegsegger.

6 years agoidentification: parse identities having a "@@" prefix as ID_RFC822_ADDR
Martin Willi [Thu, 18 Jul 2013 14:45:10 +0000 (16:45 +0200)]
identification: parse identities having a "@@" prefix as ID_RFC822_ADDR

Original patch by Gerald Richter.

6 years agoNEWS: mention watcher and stream services
Martin Willi [Thu, 18 Jul 2013 14:10:48 +0000 (16:10 +0200)]
NEWS: mention watcher and stream services

6 years agoMerge branch 'ipc-service'
Martin Willi [Thu, 18 Jul 2013 14:03:14 +0000 (16:03 +0200)]
Merge branch 'ipc-service'

Adds network transparency and TCP support to the IPC interfaces of different
plugins using the new stream and stream service classes. A central watcher
thread can watch multiple file descriptors to handle connection requests
for these and other services using only a single thread.

6 years agostream-service: move CAP_CHOWN check from plugins to service constructor
Martin Willi [Thu, 18 Jul 2013 13:46:17 +0000 (15:46 +0200)]
stream-service: move CAP_CHOWN check from plugins to service constructor

A plugin service can be a TCP socket now, so it does not make much sense
to strictly check for CAP_CHOWN.

6 years agoprocessor: remove the now unused get_threads() method again
Martin Willi [Thu, 18 Jul 2013 09:42:59 +0000 (11:42 +0200)]
processor: remove the now unused get_threads() method again

6 years agowatcher: use processors new execute_job() to notify FDs
Martin Willi [Thu, 18 Jul 2013 09:40:40 +0000 (11:40 +0200)]
watcher: use processors new execute_job() to notify FDs

Just queueing is problematic, as all threads might be busy waiting for events
that the queued (but never executed) job delivers.

6 years agoprocessor: add an execute_job() method to directly execute an important job
Martin Willi [Thu, 18 Jul 2013 09:37:42 +0000 (11:37 +0200)]
processor: add an execute_job() method to directly execute an important job

If all worker threads are busy and waiting for an event, we must ensure that
a job delivering that event gets executed. This new method has this property
for CRITICAL jobs, using a worker if we have one, but executing the job directly
if not.

6 years agowatcher: properly support multiple watch callback types for the same FD
Martin Willi [Wed, 17 Jul 2013 14:07:47 +0000 (16:07 +0200)]
watcher: properly support multiple watch callback types for the same FD

6 years agowatcher: read multiple notifications if available
Martin Willi [Wed, 17 Jul 2013 14:03:23 +0000 (16:03 +0200)]
watcher: read multiple notifications if available

Use non-blocking I/O on the read end of the notify pipe. This also makes sure
the read does not block should select() signal data while there is none.

6 years agocertexpire: add an option to enforce exporting trustchains having a private key
Martin Willi [Tue, 15 Nov 2011 17:13:53 +0000 (17:13 +0000)]
certexpire: add an option to enforce exporting trustchains having a private key

6 years agoerror-notify: catch and forward some alerts related to certificate validation
Martin Willi [Tue, 9 Jul 2013 12:28:10 +0000 (14:28 +0200)]
error-notify: catch and forward some alerts related to certificate validation

6 years agobus: raise certificate validation alerts using credential manager hook
Martin Willi [Tue, 9 Jul 2013 12:21:40 +0000 (14:21 +0200)]
bus: raise certificate validation alerts using credential manager hook

6 years agocredmgr: introduce a hook function to catch trust chain validation errors
Martin Willi [Tue, 9 Jul 2013 09:55:32 +0000 (11:55 +0200)]
credmgr: introduce a hook function to catch trust chain validation errors

6 years agolookip: double size of id field in message
Martin Willi [Mon, 4 Feb 2013 09:02:14 +0000 (10:02 +0100)]
lookip: double size of id field in message

6 years agoerror-notify: increase size of string/identity fields in messages
Martin Willi [Mon, 4 Feb 2013 08:59:54 +0000 (09:59 +0100)]
error-notify: increase size of string/identity fields in messages

6 years agowhitelist: use a read-copy when listing entries
Martin Willi [Mon, 8 Jul 2013 09:44:52 +0000 (11:44 +0200)]
whitelist: use a read-copy when listing entries

While this requires a little more overhead, we can free the lock should the
stream block, allowing other threads to add/remove entries.

6 years agowhitelist: fix error handling when creating the socket fails
Martin Willi [Mon, 8 Jul 2013 08:52:49 +0000 (10:52 +0200)]
whitelist: fix error handling when creating the socket fails

6 years agolookip: fix error handling when creating the socket fails
Martin Willi [Mon, 8 Jul 2013 08:40:25 +0000 (10:40 +0200)]
lookip: fix error handling when creating the socket fails

6 years agoerror-notify: fix error handling when creating the socket fails
Martin Willi [Mon, 8 Jul 2013 08:39:23 +0000 (10:39 +0200)]
error-notify: fix error handling when creating the socket fails

6 years agokernel-pfroute: use watcher to receive kernel events
Martin Willi [Mon, 1 Jul 2013 13:48:22 +0000 (15:48 +0200)]
kernel-pfroute: use watcher to receive kernel events

6 years agokernel-pfkey: use watcher to receive networking events
Martin Willi [Mon, 1 Jul 2013 13:45:01 +0000 (15:45 +0200)]
kernel-pfkey: use watcher to receive networking events