David Woodhouse [Sun, 13 May 2012 17:56:22 +0000 (10:56 -0700)]
Remove internal_parse_url() from the library exports.
The only thing that main.c was really doing differently to the public
openconnect_parse_url() function was allowing 'urlpath' to be superseded
by the --usergroup command line argument. Which we can handle simply
by storing that in a separate variable and applying it afterwards.
The other thing it did differently was check that the scheme is https.
But openconnect_parse_url() arguably should have been doing that anyway.
Fix potential memory leak of old strings in openconnect_parse_url()
while we're at it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 17:31:33 +0000 (10:31 -0700)]
Refuse to redirect to a non-https URL
Not good:
$ ./openconnect www.cam.ac.uk
Attempting to connect to 131.111.8.46:443
SSL negotiation with www.cam.ac.uk
Connected to HTTPS on www.cam.ac.uk
GET https://www.cam.ac.uk/
Got HTTP response: HTTP/1.1 301 Moved Permanently
GET https://www.cam.ac.uk/http://www.cam.ac.uk:80/
Got HTTP response: HTTP/1.1 301 Moved Permanently
GET https://www.cam.ac.uk/http://www.cam.ac.uk:80/http://www.cam.ac.uk:80/
Got HTTP response: HTTP/1.1 301 Moved Permanently
GET https://www.cam.ac.uk/http://www.cam.ac.uk:80/http://www.cam.ac.uk:80/http://www.cam.ac.uk:80/
OK, I asked it to do a stupid thing, but a polite refusal is much better.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 17:24:36 +0000 (10:24 -0700)]
Add OPENCONNECT_CHECK_VER() macro for compatibility testing
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 17:12:56 +0000 (10:12 -0700)]
Fix up the historical version tags in libopenconnect.map
It's entirely irrelevant since nothing was using them back then, but it
doesn't hurt to have them correct.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 17:09:59 +0000 (10:09 -0700)]
Make compat symbols @@OPENCONNECT_PRIVATE
Would be even nicer if I could find a way to let *only* openconnect itself
use them, and not have them visible to general users of the library.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 16:54:11 +0000 (09:54 -0700)]
Remove duplicate library API version number from Makefile.am
Pick it up from openconnect.h automatically. This means that the
configure script will run, and the makefiles will be regenerated,
whenever openconnect.h changes — but openconnect.h shouldn't be changing
in non-cosmetic ways without the version being bumped anyway, and if the
version is bumped then the makefile needs to be rebuilt too.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 16:28:53 +0000 (09:28 -0700)]
Add library.c and compat.c to POTFILES.in for translation
There are no translatable strings in them yet, but I'm never going to
remember to add them if they ever *do* grow strings. So add them now
while I think of it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 07:59:09 +0000 (00:59 -0700)]
Define _WITH_GETLINE for BSD systems
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 07:13:01 +0000 (00:13 -0700)]
Make symbol versioning work on Solaris too
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 04:34:17 +0000 (21:34 -0700)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 04:27:59 +0000 (21:27 -0700)]
Update copyright years
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 03:49:39 +0000 (20:49 -0700)]
Fix corruption of input string to openconnect_parse_url()
Well, kind of. This is the approach which was partially implemented in
commit
382d05dd1929788be151e96d80e7b8289b8f7c08 but missed restoring the
colon before the port number. It's still fairly dodgy that we're scribbling
on the input string at all, even if we do put it back again afterwards.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 03:30:27 +0000 (20:30 -0700)]
Remove inappropriate exit() from library code
It makes the auth-dialog very unhappy, if openconnect_obtain_cookie() calls
exit() from its thread when it gets cancelled. Distinctly suboptimal.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 13 May 2012 01:52:51 +0000 (18:52 -0700)]
Add symbol versioning to libopenconnect shared library
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 23:42:40 +0000 (16:42 -0700)]
Export openconnect_version as a pointer rather than an array
Otherwise, the binary seems to *know* the length of the string that it
expected to be in the library, and when bitching of a mismatch it still
truncates the library version to the length that it *expected* the library
version string to be.
Change the name of it to 'openconnect_version_str' at the same time as we
change the datatype, to avoid crashes when linking against an older/newer
library.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 23:31:33 +0000 (16:31 -0700)]
Add openconnect_set_cancel_fd() to library
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 21:48:20 +0000 (14:48 -0700)]
Use openconnect_SSL_read() for fetching HTTP response
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 21:44:36 +0000 (14:44 -0700)]
Add openconnect_SSL_read() functional which handles cancellation
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 20:18:13 +0000 (13:18 -0700)]
Write initial auth GET request in non-blocking mode
Now we can remain non-blocking all the way to fetching the body.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 20:12:13 +0000 (13:12 -0700)]
Handle cancellation in openconnect_SSL_gets()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 19:34:56 +0000 (12:34 -0700)]
Add cancellable openconnect_SSL_write(), use it from openconnect_SSL_printf()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 19:31:29 +0000 (12:31 -0700)]
Return non-blocking socket from openconnect_open_https()
All the callers just set it to blocking mode again immediately, but we're
working on that...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 18:58:42 +0000 (11:58 -0700)]
Add vpninfo arg to openconnect_SSL_{printf,gets} functions
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 18:46:15 +0000 (11:46 -0700)]
Add cancellation handling to SSL_connect() for https connection
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 18:12:45 +0000 (11:12 -0700)]
Add cancellation handling to proxy I/O functions
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 18:11:39 +0000 (11:11 -0700)]
Fix handling of error from proxy_write() in process_http_proxy()
It returns the error; don't look in errno for it
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 17:58:31 +0000 (10:58 -0700)]
Add vpninfo arg to proxy I/O functions, use proxy_read() from proxy_gets()
This allows us to handle cancellation in proxy_read() and proxy_write().
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 17:41:30 +0000 (10:41 -0700)]
Handling cancellation during initial connect()
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 12 May 2012 17:22:10 +0000 (10:22 -0700)]
Add (unused) cancel_fd to vpninfo struct
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Fabian Jäger [Fri, 11 May 2012 18:19:39 +0000 (11:19 -0700)]
Flush progress output immediately.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 10 May 2012 18:07:26 +0000 (11:07 -0700)]
Expand OpenSSL DTLS compatibility to include Ubuntu 10.04 (Lucid Lynx)
They appear to have backported the Cisco DTLS compatibility, but their
OpenSSL is otherwise so old that our workaround for the absence of
dtls1_stop_timer() doesn't work. The timer handling is entirely different
there. So after an archaeological expedition through OpenSSL CVS history
and RT, cope a little better with such abominations.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 10 May 2012 17:49:39 +0000 (10:49 -0700)]
Fix ENGINE_by_id() and dtls1_stop_timer() checks with non-system OpenSSL
If we use AC_CHECK_LIB(-lssl, ...) then it'll use the system libssl even
when configured with --with-openssl= to use something different. So switch
to using AC_LINK_IFELSE and use $OPENSSL_LIBS (which should be correct)
instead.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 3 May 2012 14:41:49 +0000 (15:41 +0100)]
Add local getline() for Solaris 10 build
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 3 May 2012 13:46:25 +0000 (14:46 +0100)]
Add --config option for reading options from file
Based on a patch by Fabian Jäger.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 3 May 2012 11:19:43 +0000 (12:19 +0100)]
Prepare for config file support; don't use getopt_long() and optarg directly
And also use an accessor macro for when we want to *copy* it, since when
it comes from the config file it'll need to be strdup'd.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 25 Apr 2012 22:48:15 +0000 (23:48 +0100)]
Tag version 3.18
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 25 Apr 2012 22:48:02 +0000 (23:48 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 23 Apr 2012 01:09:33 +0000 (02:09 +0100)]
Fix potential buffer overflow in banner handling
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 23 Apr 2012 01:08:31 +0000 (02:08 +0100)]
Attempt to fix autohate breakage when building without NLS support
configure: error: conditional "AMDEP" was never defined.
Usually this means the macro was only invoked conditionally.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 20 Apr 2012 12:14:01 +0000 (13:14 +0100)]
Tag version 3.17
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 20 Apr 2012 12:07:28 +0000 (13:07 +0100)]
Update building and vpnc-script pages for mandatory vpnc-script
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 20 Apr 2012 11:39:26 +0000 (12:39 +0100)]
Update distro status
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 20 Apr 2012 11:25:12 +0000 (12:25 +0100)]
Update supported platform list
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 20 Apr 2012 11:21:22 +0000 (12:21 +0100)]
Remove unused started.xml page
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 20 Apr 2012 00:00:50 +0000 (01:00 +0100)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 19 Apr 2012 23:59:59 +0000 (00:59 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 19 Apr 2012 22:52:37 +0000 (23:52 +0100)]
Fix version.sh for Solaris 10
./version.sh: !: not found
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 19 Apr 2012 22:49:22 +0000 (23:49 +0100)]
Cast uid_t to (long) to print it, silencing warnings on Solaris
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 19 Apr 2012 22:46:46 +0000 (23:46 +0100)]
Work around warnings caused by Solaris misdefinition of 'struct option'.
Its man page clearly states that the 'name' field in 'struct option' is a
const char *. It lies, and the compiler bitches about normal assignment
of static strings.
https://www.illumos.org/issues/1881
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 19 Apr 2012 22:21:05 +0000 (23:21 +0100)]
Move asprintf() implementation to compat.c
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 19 Apr 2012 22:10:21 +0000 (23:10 +0100)]
Work around time() brokenness on Solaris.
On Solaris and OpenIndiana, time() goes backwards. It and gettimeofday()
occasionally jump back to 1970 and return zero seconds — although the
tv_usec field is still sane, bizarrely.
CR7121035 in Solaris, https://www.illumos.org/issues/1871 in OpenIndiana.
It seems that gethrtime() doesn't suffer the same problem, so let's use
that instead of time() for now.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 19 Apr 2012 19:22:07 +0000 (20:22 +0100)]
Remove gratuitous ARP plumbing which breaks Solaris 10
Suggested by Kazuyoshi Aizawa and tested on S10, S11, oi_151a with both
IPv6 and Legacy IP.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 18 Apr 2012 12:41:28 +0000 (13:41 +0100)]
Remove openconnect.html from EXTRA_DIST
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 18 Apr 2012 12:35:42 +0000 (13:35 +0100)]
Add local implementation of asprintf() for Solaris 10
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Mike Miller [Tue, 17 Apr 2012 21:54:29 +0000 (17:54 -0400)]
Fix shared/static setup to clarify default setting
Change the variables from their defaults only in the --with-openssl
section. This leaves the default conspicuous and makes --help show the
correct default behavior.
Signed-off-by: Mike Miller <mtmiller@ieee.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 16 Apr 2012 15:55:37 +0000 (16:55 +0100)]
Make vpnc-script mandatory.
Things won't work without it, and it will also help to make sure packagers
notice that it's needed.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 16 Apr 2012 14:28:05 +0000 (15:28 +0100)]
Don't attempt to configure Legacy IP address on tun device.
This was only setting the Legacy IP address and not IPv6, and it wasn't
setting up any routes or nameservers. It wasn't even setting a *netmask*,
so wasn't even useful in the simple case of a VPN serving a single network
range. I can't think of a single case in which it was actually useful.
This is my response to the patch from Stanislav Sedov which makes the IP
configuration code work on FreeBSD 10. The tun code is a big enough mess
of OS-specific ifdefs already; I don't want it getting even worse, so let's
just rip this bit out.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 15 Apr 2012 23:07:22 +0000 (00:07 +0100)]
Don't leave stray zlib in $LIBS
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 15 Apr 2012 21:37:57 +0000 (22:37 +0100)]
Attempt to build against OpenSSL without pkg-config
If we insist on using --with-openssl to do that, it looks for (and
builds) a static library. That's intended for use with a locally-built
OpenSSL source tree. For systems like FreeBSD which lack pkg-config for
an otherwise normally-installed dynamic OpenSSL library, we need to cope
the same way as we do with pkg-config-less zlib.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 15 Apr 2012 20:43:14 +0000 (21:43 +0100)]
Remove out of date openconnect.html
Somewhat overdue...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 12 Apr 2012 09:58:52 +0000 (10:58 +0100)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 Apr 2012 18:05:51 +0000 (19:05 +0100)]
Cope with ancient autoconf by defining $(htmldir) and $(localedir) manually
Otherwise you can't build from git on RHEL5, which has autoconf 2.59
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 Apr 2012 16:50:25 +0000 (17:50 +0100)]
Include <string.h> in library.c
Don't know how this escaped giving us a warning before...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 Apr 2012 15:45:46 +0000 (16:45 +0100)]
Really disable static library when appropriate
We need the AC_PROG_LIBTOOL to occur *after* AC_DISABLE_STATIC, or it
doesn't work. And the old comment about having to be before the
conditional NLS bits was probably (hopefully) obsoleted by commit
b976ecb0 which rewrote all that.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 Apr 2012 10:09:25 +0000 (11:09 +0100)]
Use autoconf's standard $(htmldir) and make everything relative to it
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Mike Miller [Wed, 11 Apr 2012 00:14:56 +0000 (20:14 -0400)]
Install HTML docs under $(docdir)/html
Signed-off-by: Mike Miller <mtmiller@ieee.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 10 Apr 2012 15:33:00 +0000 (16:33 +0100)]
Invoke vpnc-script with "pre-init" to load tun module if necessary
Shift the os-specific tun setup out into a separate function, just because
it declares local variables and the pre-init script call is now happening
before that in the code block.
Clean up script invocation a little too, and fix the fact that we'd run the
script with "reconnect" reason even if there wasn't a script at all.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 8 Apr 2012 20:23:07 +0000 (21:23 +0100)]
Tag version 3.16
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Mike Miller [Sat, 7 Apr 2012 19:26:55 +0000 (15:26 -0400)]
Fix system detection for GNU/kFreeBSD and GNU/Hurd
Define the same library features for all GNU/* environments. Also use
$host_os for system tests.
Signed-off-by: Mike Miller <mtmiller@ieee.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sun, 8 Apr 2012 13:06:10 +0000 (15:06 +0200)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 Jan 2012 20:28:21 +0000 (20:28 +0000)]
Fix up the library documentation in openconnect.h a little.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 11 Jan 2012 01:22:45 +0000 (01:22 +0000)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 14 Dec 2011 15:41:35 +0000 (15:41 +0000)]
Fix memcpy-less DTLS RX so it really doesn't use memcpy().
It was receiving into a preallocated packet... then using queue_new_packet()
on that buffer which would allocate and copy to a *new* packet. Doh!
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Tue, 13 Dec 2011 23:30:38 +0000 (23:30 +0000)]
Remove getmsg() on Solaris and use read() like everyone else.
As long as we put the file descriptor into "message-discard" mode with
the I_SRDOPT ioctl, it'll behave like every other OS and only return
one packet at a time even if more would fit in the buffer.
The MOREDATA flag doesn't mean what we thought it did, so getmsg() has no
efficiency advantages, and we're better off keeping it simple.
Also fix a bug introduced for script_tun mode by commit
337cf1a7.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 12 Dec 2011 22:34:26 +0000 (22:34 +0000)]
Fix compiler warning about char signedness in buffer pointer
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 12 Dec 2011 18:22:23 +0000 (18:22 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Kazuyoshi Aizawa [Mon, 12 Dec 2011 18:10:20 +0000 (18:10 +0000)]
Plumb interface for IPv6 with I_LINK ioctl we do for Legacy IP
This fixes the inconsistency noted in commit
5f873b34 — that we plumb the
interface from openconnect itself for Legacy IP, but use 'ifconfig' in the
vpnc-script to set it up for IPv6. Which has the potential to leave a stale
interface lying around if openconnect exits uncleanly.
Signed-off-by: Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 12 Dec 2011 15:44:03 +0000 (15:44 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 12 Dec 2011 15:24:29 +0000 (15:24 +0000)]
Fix memory leak of zlib streams on CSTP reconnect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 12 Dec 2011 15:06:17 +0000 (15:06 +0000)]
Fix memory leak of CSTP deflated packets, and resend current pkt on reconnect
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 12 Dec 2011 14:08:48 +0000 (14:08 +0000)]
Eliminate memcpy() for incoming packets from DTLS
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Mon, 12 Dec 2011 14:01:17 +0000 (14:01 +0000)]
Eliminate memcpy() for outgoing packets from tun device
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 9 Dec 2011 13:05:33 +0000 (13:05 +0000)]
Use I_LINK instead of I_PLINK on Solaris
This should avoid leaving stale tunnel devices around, because they'll
automatically go away when the fd gets closed.
This is only for Legacy IP though; We are still plumbing for IPv6 in the
vpnc-script, which is weird and inconsistent. If only I could work out
how to do it in tun.c like we do for IPv4...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 8 Dec 2011 12:14:28 +0000 (12:14 +0000)]
Clean up man page a little
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 8 Dec 2011 11:34:27 +0000 (11:34 +0000)]
IPv6 testing coverage now complete; OSX works too
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 8 Dec 2011 02:20:49 +0000 (02:20 +0000)]
Update IPv6 testing status. {Open,Net,Dragonfly}BSD are now known to work.
As well as Linux, FreeBSD and Solaris/OpenIndiana which were already tested.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Stuart Henderson [Wed, 7 Dec 2011 22:09:29 +0000 (22:09 +0000)]
Fix GNUism in www/Makefile.am
Signed-off-by: Stuart Henderson <stu@openbsd.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 7 Dec 2011 22:01:26 +0000 (22:01 +0000)]
Fix typo
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Wed, 7 Dec 2011 21:59:23 +0000 (21:59 +0000)]
Print error when write() to tun device fails.
This happens on OpenBSD when writing IPv6 packets, for some reason.
Silent failure is not recommended; much better to bitch about it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Dec 2011 14:58:33 +0000 (14:58 +0000)]
Before using libproxy without pkg-config, check it actually builds.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Sat, 3 Dec 2011 14:51:32 +0000 (14:51 +0000)]
Fix potential crash in processing libproxy results.
Oops. Helps if we start reading the array at element zero.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 1 Dec 2011 12:47:13 +0000 (12:47 +0000)]
Refer to mail.html in usage() output
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 1 Dec 2011 12:40:48 +0000 (12:40 +0000)]
Refer to vpnc-script.html when invoked with no --script argument
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 1 Dec 2011 12:38:38 +0000 (12:38 +0000)]
Clean up vpnc-script web page to make it clearer
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 25 Nov 2011 16:41:19 +0000 (16:41 +0000)]
Tag version 3.15
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 25 Nov 2011 16:31:50 +0000 (16:31 +0000)]
Update translations from Transifex
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Fri, 25 Nov 2011 16:26:16 +0000 (16:26 +0000)]
Update changelog
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 24 Nov 2011 20:31:13 +0000 (20:31 +0000)]
Add uninstall rules for translations
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 24 Nov 2011 18:14:30 +0000 (18:14 +0000)]
Call bindtextdomain() to ensure that translations are found in $(prefix)
We may be installing to a location that libintl doesn't search by default.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse [Thu, 24 Nov 2011 17:39:20 +0000 (17:39 +0000)]
Use $(localedir) for installing translations
The $(localedir) variable is provided for us by autoconf; no need to make
it up for ourselves.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>