Tobias Brunner [Mon, 25 Nov 2013 17:20:13 +0000 (18:20 +0100)]
configure: Add -Wno-format-security to default CFLAGS
Either due to a change in Ubuntu 13.10 or GCC 4.8 -Wno-format has no
effect if -Wformat-security is enabled (which it is on Ubuntu) so we
also disable the latter by default.
Martin Willi [Tue, 21 Jan 2014 16:36:38 +0000 (17:36 +0100)]
stream: Make sure no watcher callback is active while changing stream callbacks
When changing async callbacks on streams, we have to make sure the watcher
callback is not currently active and has temporarily disabled callbacks. This
could have been the case, as we didn't explicitly removed any pending
watcher registration if both callbacks are NULL.
By enforcing the watcher unregistration, we are sure the watcher callback is
not active and currently is not mangling the callback hooks. This should make
sure we avoid any races for the callback variables.
Thomas Egerer [Mon, 18 Nov 2013 12:15:02 +0000 (13:15 +0100)]
dhcp: Allow binding of socket to particular interface
In certain situations it is desirable to bind the send/receive sockets
for the DHCP address allocation to a particular interface. With this
patch the strongswan.conf option charon.plugins.dhcp.interface can be
used to restrict the DHCP communication to a configurable interface.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Thomas Egerer [Fri, 29 Nov 2013 12:17:30 +0000 (13:17 +0100)]
proposal: Add possibility to register custom proposal keyword parser
If a proposal string cannot be matched to a token using strcmp (e.g. if
you want to register a whole class of algorithms containing their ID,
like my_alg_2342), you can use the provided function to register a
parser that transforms the given string into a proposal token.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Thomas Egerer [Thu, 16 Jan 2014 12:24:08 +0000 (13:24 +0100)]
ike_sa: Defer task manager destruction after child destruction
This patch exports the task manager's flush to allow flushing of all
queues with one function call from ike_sa->destroy. It allows the
access of intact children during task destructoin (see git-commit e44ebdcf) and allows the access of the task manager in
child_state_change hook.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Martin Willi [Wed, 15 Jan 2014 17:18:24 +0000 (18:18 +0100)]
printf-hook-builtin: Correctly calculate written bytes in print_in_hook()
The hook data counts remaining buffer bytes, not used ones. Counting them
correctly fixes a crash for long hexdumps.
Further, print_in_hook() must return the number of bytes that would have been
written, not the actually written bytes. This is important, as we allocate a
dynamic buffer in bus that relies on the exact byte count. Fixes long hexdumps
that got truncated.
Tobias Brunner [Mon, 6 Jan 2014 17:01:06 +0000 (18:01 +0100)]
test-asn1: Fix skipping of >2038 tests on i386
The two constants overflow time_t on i386 (they also produced a compiler
warning without type suffix) so the comparison with TIME_32_BIT_SIGNED_MAX
did not work as intended.
Tobias Brunner [Mon, 6 Jan 2014 16:31:07 +0000 (17:31 +0100)]
chunk: Fix chunk_mac/hash tests on big-endian systems
Our SipHash-2-4 implementation returns the result in host order, while
the test vectors are little-endian. Use a custom comparison function to
account for this.
Tobias Brunner [Mon, 6 Jan 2014 14:30:02 +0000 (15:30 +0100)]
utils: Fix %T printf hook on big-endian systems
The cast to a bool* cut of the actual value on big-endian systems
if bool was shorter than int because the bool argument to printf gets
promoted to an int.
Tobias Brunner [Fri, 20 Dec 2013 10:24:02 +0000 (11:24 +0100)]
tun-device: Include system headers before our own
On CentOS 6.5 the sys/capability.h header file defines _LINUX_TYPES_H
without actually including that header, preventing its later inclusion
here.
As library.h (via which the capabilities headers are included) is not
actually required in tun_device.[ch], moving the inclusion of tun_device.h
would not strictly be necessary. But it's probably a good idea to
include our own headers after system headers anyway, for if one of the
recursively included files at a later point includes library.h we'd have
the same problem again.
Tobias Brunner [Mon, 2 Dec 2013 10:16:04 +0000 (11:16 +0100)]
unit-tests: Don't use priority for destructor that unregisters testable functions
This fixes coverage reports, at least if leak detective is disabled.
If it is enabled the plugins are not unloaded so the destructor is not
executed until the process is destroyed, which seems not to be covered
by gcov.
Tobias Brunner [Thu, 28 Nov 2013 17:06:09 +0000 (18:06 +0100)]
unit-tests: Export ntru_drbg_create as testable function so no linking is required
This way the plugin does not have to be linked explicitly to the test
runner, which otherwise would require that the plugin is either always
enabled to build the tests or that ifdefs are added to the Makefile.
charon-tkm: Implement IANA DH Id to TKM Id mapping
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:
Tobias Brunner [Tue, 5 Nov 2013 17:29:40 +0000 (18:29 +0100)]
charon-tkm: Migrate tests to our own test runner
Due to problems with the external libraries tkm_init/deinit can't be
called for each test case. Because of this leak detective has to be
disabled for these tests.
Tobias Brunner [Wed, 27 Nov 2013 16:52:10 +0000 (17:52 +0100)]
chunk: Fix signedness warnings caused by chunk_from_* macros
There are countless other such warnings because e.g. chunk_create() is called
with char*, but at least we prevent users from causing such warnings
inadvertently when using these macros.
Tobias Brunner [Thu, 7 Nov 2013 08:50:12 +0000 (09:50 +0100)]
trap-manager: Prevent deadlock when installing trap policies
Because the write lock was held while calling add_policies() on
child_sa_t, which finishes with a call to child_state_change() on bus_t,
a deadlock would ensue if CHILD_SAs are concurrently being established,
which also causes a call to child_state_change() that will require
the read lock in trap_manager_t.
No locks are now being held while creating the CHILD_SA and installing the
trap policies.